How it works
1. Tool call
→
2. ag-intent classify (gRPC)
→
3. Risk score + matched rules
→
4. ag-policy evaluate (gRPC)
→
5. Allow / Deny
Steps 1-4 use real gRPC calls to ag-intent (classification) and ag-policy (scope enforcement via OPA Rego). All results are live.