Module 2 — Tool Design & the Tool Contract

Tool Design & the Tool Contract

The harness's primary interface to the world. Where most security vulnerabilities live.

90
minutes
8
artifacts
Every tool is a way for the agent to affect the world — and a way for the world to affect the agent. The tool surface is bidirectionally an attack surface. This module gives you the contract that makes tools reliable, the dispatch that makes them safe, and the defenses Module 11 harvests.
Key Claims
Load-Bearing Claims

Descriptions are prompts — the model reads them to decide when/how to call.

Three injection vectors — output (most common), definition (MCP), dispatch — each with a specific defense.

Capability enforcement at the dispatch boundary — Module 0.2's governance principle, at the tool layer.

After This Module
01
Design a production-grade tool with the five-part contract (name, description, schema, implementation, error return) and defend each choice.
02
Choose among static, dynamic, and MCP tool registration based on the capability/auditability tradeoff — and state why tool count is the most consequential design decision.
03
Implement tool dispatch (model output → schema validation → execution → result) with correct failure handling for parse errors.
04
State the tool surface as an attack surface, identify the three injection vectors (output, schema, dispatch), and apply the trust-boundary defenses that Module 11 harvests.
05
Write tool descriptions as prompts — because the model reads them to decide when to call.
Artifacts