Skip to content

Feature Request: Add action_guard Parameter for centralized validation of agent tool calls #2168

New issue
New issue
Open
Open
Feature Request: Add action_guard Parameter for centralized validation of agent tool calls#2168
Labels
priority: p3Desirable enhancement or fix. May not be included in next release.type: feature request‘Nice-to-have’ improvement, new feature or different behavior or design.
@prane-eth

Description

@prane-eth
prane-eth
opened on Mar 14, 2026

Background

AI agents have a growing adoption across the industry, including critical applications. AI agents that have access to tools (including MCP servers) can currently call tools directly with no centralized validation layer that inspects these calls before execution, allowing harmful or disallowed tool calls to be executed without oversight. In this package, Action Guard feature automates the validation, making the workflow secure.

The Agent-Action-Guard experiments proved GPT-5.3 has a safety score of 17.33%, which shows a very high vulnerability, proving the requirement for the Action Guard.

Proposed Change

Introduce an action_guard parameter in the Python client that allows developers to define a centralized validation function for agent actions.

This guard would be invoked whenever the agent attempts a tool call (including MCP actions). The guard function can decide whether to allow or block the action.

Example:

def my_guard_function(action: ToolCall) -> GuardDecision:
    # This can use code-based validation or a classifier model
    ...

# GuardDecision options:
# - ALLOW
# - BLOCK

import os
from google import genai

client = genai.Client(api_key='GEMINI_API_KEY')
response = client.models.generate_content(
    model='gemini-2.5-flash',
    contents='What is the weather like in Boston?',
    config=types.GenerateContentConfig(
        tools=[get_current_weather],
        action_guard=my_guard_function,  # New parameter for centralized action validation
    ),
)
interaction = client.interactions.create(
    model='gemini-2.5-flash',
    input='What is the weather in Mountain View, CA?',
    tools=[weather_tool],
    action_guard=my_guard_function,  # New parameter for centralized action validation
)

Behavior

The guard function receives a ToolCall object representing the pending action.

Possible outcomes:

  • ALLOW – Execute the action normally.
  • BLOCK – Prevent execution and return an error to the agent.

Benefits

  • Centralized enforcement of action policies
  • Reduced boilerplate in tool implementations
  • Improved safety for agentic systems
  • Seamless integration with existing tool and MCP ecosystems

Related Work

If user approval is made mandatory for each action, the workflow becomes slow and inefficient.

This change is within the Python SDK and independent of the API.

The updated code is available at https://github.com/prane-eth/python-genai-action-guard/tree/feature/agent-tool-call-action-guard, and will be ready for a pull request.

I will work faster based on your opinion and feedback.

Metadata

Metadata

Assignees

No one assigned

    Labels

    priority: p3Desirable enhancement or fix. May not be included in next release.type: feature request‘Nice-to-have’ improvement, new feature or different behavior or design.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions