Agent Tool Inventory / Tool BOM

# Agent Tool Inventory / Tool BOM

Sample Deliverable

Executive Summary

This Tool BOM catalogs the tools an AI agent can reach, what actions each tool supports, which credentials are used, what data is touched, which approvals are required, and what must be logged.

The inventory is the predecessor to the permission matrix. You cannot decide what the agent should be allowed to do until you know every tool, action class, execution path, owner, credential, and blast radius.

Heads up

Public sample notice

This is a shortened, synthetic excerpt prepared as a public sample. A client version would include system-specific evidence, implementation references, architecture screenshots, control test results, owner sign-offs, and full supporting documentation. This sample uses Northstar Support Cloud / Customer Support Copilot as the synthetic reference system. This sample is not legal advice, not a compliance certification, not an audit opinion, not a warranty, and not proof that any unreviewed system is secure.

Decision · blocked

Tool inventory decision

Do not expand agent authority until every production tool has complete action-class, credential, approval, logging, and rollback metadata.

Metrics

Tool Inventory Snapshot

Tools inventoried

Critical-risk tools

Blocked execution paths

Action classes

Execution paths reviewed

Note

Tools are where AI turns into authority

The risk is not that an agent writes text. The risk is that the text becomes a case update, customer message, CRM write, billing action, webhook, or workflow execution.

Tool BOM

Agent permission matrix

Agent Tool Inventory

The tool inventory catalogs each tool, credential type, action class, data touched, approval requirement, logging requirement, owner, risk, and status.

Synthetic public-safe inventory of agent tools, action classes, credentials, execution paths, data touched, approval requirements, owners, logging, and risk.

ReadSuggestDraftQueueApproveExecute

Data unavailable

content/deliverables/data/agent-tool-inventory.json

No rows array found.

Action classes

Action class model

Action class	Description	Default approval	Risk
Read	retrieve approved context without changing state	not required	medium
Suggest	recommend a next action without executable payload	not required	medium
Draft	prepare content for review	required before send	high
Queue	create pending action object	required before execute	high
Approve	authorize action	human-only	critical
Execute	perform state-changing action	restricted	critical

Tool inventory summary

Tool	Owner	Actions	Risk	Status
Case Management API	Support Platform	read, queue	High	Conditional
Customer Messaging	Product Operations	draft, queue, execute	Critical	Blocked for execute
CRM	Revenue Operations	read	High	Read-only
Billing System	Finance Systems	read	Critical	Read-only restricted
Notification Service	Product Operations	queue, execute	Medium	Approved with template limit
External Webhook	Integration Platform	execute	Critical	Blocked

Findings

Tool Inventory Findings

Finding · critical

Tool BOM is incomplete for production agent authority

Evidence: agent-tool-inventory

Tools are known, but not every tool has complete credential, action-class, approval, logging, and rollback metadata.

Heads up

Impact

An incomplete Tool BOM means agent authority can expand through undocumented integration details.

Finding · critical

Customer message execution should remain blocked

Evidence: approval-context-bundle

Customer-visible send actions should remain blocked until approval context bundles and trace evidence are validated.

Finding · critical

External webhook execution should remain blocked

Evidence: external-webhook-risk-review

External webhooks create broad blast radius and should remain blocked until allowlists, schemas, approvals, and traces exist.

Finding · high

Credential scope review needs evidence

Evidence: credential-scope-review

Each tool credential should be mapped to minimum required actions, data touched, environment, rotation, owner, and audit evidence.

Execution paths

Execution paths reviewed

Execution path	Risk	Required controls
Draft customer response	High	retrieval authorization, draft labeling, human approval, message trace
Queue case metadata update	High	action-class enforcement, diff evidence, approval bundle, tool-call trace
Blocked external webhook execution	Critical	deny policy, allowlist, payload schema, human approval, execution trace

Required tool metadata

Checklist

Required metadata for every agent tool

✓Tool owner.

✓Credential type and scope.

✓Environment.

✓Data touched.

✓Supported action classes.

✓Allowed actions.

✓Blocked actions.

✓Approval requirement.

✓Logging requirement.

✓Rollback path.

✓Evidence reference.

Decision · planned

Permission matrix decision

After the Tool BOM is complete, convert each tool/action pair into the Agent Tool Permission Matrix and enforce action classes in the AI gateway.

Related artifacts

Artifact

Related artifact: Agent Tool Permission Matrix

The permission matrix turns this inventory into an enforceable allow, conditional, block, or deny model.

/deliverables/agent-tool-permission-matrix

Artifact

Related artifact: AI Release Gate Checklist

The release gate ensures tool-policy changes cannot ship without updated tool inventory and permission evidence.

/deliverables/ai-release-gate-checklist

Artifact

Related artifact: AI Red-Team Scope Document

The red-team scope uses the Tool BOM to define allowed testing boundaries and safety constraints.

/deliverables/ai-red-team-scope-document