Claude Architect Lab

Tool Distribution & Least Privilege

Core

Distribute tools appropriately across agents and configure tool choice · Difficulty 3/5

0%
tool-distributionleast-privilegemulti-agenttool-choice
Prerequisites
Tool Definitions & Descriptions

In multi-agent systems, each agent should have access to only the tools it needs for its specific role (principle of least privilege).

Problem: Over-Permissioned Agents

Giving an agent too many tools (e.g., 18 instead of 4-5) degrades selection reliability by increasing decision complexity. A document analysis agent with a general-purpose fetch_url tool might:

  • Conduct ad-hoc web searches (the web search agent's job)
  • Access unauthorized resources
  • Produce inconsistent results by mixing roles

    • Solution: Scoped Tools

    Replace general tools with purpose-specific ones:

  • fetch_url -> load_document (validates URL points to document format)
  • analyze_content -> extract_web_results (clearly web-specific)

    • Tool Scoping Strategies

  • Rename to clarify purpose: Eliminate semantic overlap in names/descriptions
  • Validate inputs: Constrain what the tool accepts
  • Scope by capability: Give each agent only its domain's tools
  • Scoped cross-role tools: Give synthesis agents a verify_fact tool for simple lookups while complex queries go through the coordinator

    • tool_choice Configuration

    SettingBehaviorUse Case

    |---------|----------|----------|

    `"auto"` (default)Claude decides whether and which tool to callMost situations
    "any"Claude must call a tool (any tool)Guarantee tool usage, no conversational text
    {"type": "tool", "name": "..."}Force a specific toolEnsure a prerequisite step runs first

    Forced selection is useful for multi-step pipelines: force extract_metadata on the first turn, then let Claude choose tools freely on subsequent turns.

    Key Takeaways

    • Each agent should have only the tools needed for its specific role (4-5 tools, not 18)
    • Replace general-purpose tools with purpose-specific constrained tools
    • Use tool_choice forced selection to guarantee prerequisite tools run first
    • tool_choice 'any' guarantees a tool call; 'auto' lets Claude decide

    Glossary Terms

    tool_choice

    API parameter controlling how Claude selects tools. 'auto' (default): Claude decides whether to use tools. 'any': Claude must use at least one tool. 'none': Claude cannot use tools. '{type: tool, name: X}': Claude must use the specific named tool. Used to force structured output via a schema tool.

    Related Concepts

    Tool Selection Reliability & Debugging

    Diagnose tool selection issues: descriptions first, then system prompt, then examples

    Structured Error Response Design

    Use the MCP isError flag to distinguish tool failures from successful empty results

    Test Yourself1 of 2

    Production logs reveal that your document analysis agent sometimes conducts ad-hoc web searches using its general-purpose fetch_url tool, duplicating the web search agent's work and producing inconsistent results. What's the most effective architectural fix?