Skip to main content

Build-Time Flow

Build-time review helps teams understand agent and tool risk before runtime deployment.

The goal is to answer a practical question before an agent is widely used:

What can this agent reach, and what controls should exist before it acts through tools?

What Build-Time Review Looks At

InputWhy it matters
Tool and MCP inventoryShows which tools the agent can call and what each tool can access or change.
Tool capability labelsIdentifies capabilities such as access to private data, untrusted-content ingestion, external communication, or state-changing actions such as creating, updating, or deleting resources.
Observed trajectoriesShows which tools the agent actually used in real or representative sessions.
Use-case contextHelps reviewers decide which capabilities are expected, risky, or unnecessary for that agent.

Risk Evidence

Build-time review looks for risky capability combinations: what an agent can read, what it can receive from untrusted sources, where it can communicate, and what state it can change.

It also separates possible exposure from observed exposure. Tool inventory shows what could happen. Trajectories show what appeared in actual or representative runs.

For the risk model, evaluation inputs, outputs, and reports, see Static Evaluation.

From Evaluation to Runtime Policy

Build-time review connects into the policy workflow:

Evaluate tools and trajectories -> review policy draft -> compile policy -> deploy policy -> enforce at runtime

At a high level:

StepMeaning
EvaluateAnalyze tool inventory, capabilities, and trajectories for risk.
DraftCreate a candidate policy draft for human review.
CompileConvert reviewed policy into the target runtime format.
DeployActivate the approved policy for runtime enforcement.

The reviewed policy becomes the source of runtime decisions. Runtime evidence can then feed future review, so teams can refine policy as agent behavior changes.

For more detail on draft, compile, and deploy, see Policy Workflow.

Why Trajectories Matter

Tool inventory shows what is available. Trajectories show what the agent actually did.

That distinction matters:

Without trajectories, teams may treat every possible risk as equally urgent, leave unused high-risk tools enabled, or write broader policy because they lack evidence.

With trajectories, teams can see which risks already appear in real behavior, identify unused high-risk tools, and refine policy with observed behavior and review context.

Build-time review does not replace runtime enforcement. It prepares the reviewed controls that runtime enforcement applies.