Control which tools your AI agents are allowed to call. The new Restrict Tools action in Guardrails → Rules enforces a tool allowlist on your traffic, across OpenAI and Anthropic. Strip disallowed tool definitions from the request so the model never sees them, and/or block or strip disallowed tool calls in the response (HTTP 403 by default). Scope it per agent with labels, and build the allowlist straight from the tool calls Grepture has already logged. See the full write-up on agent tool risks and how to lock them down.