D
Dezifi.ai
How-to

Tools

A Tool is a connected integration — Slack, Salesforce, Postgres, Jira, GitHub. Each Tool exposes typed actions the Agent can invoke at runtime. You decide which Tools each Agent can see and what it is allowed to do with them.

What you'll learn
  • How to attach Tools during the Agent builder
  • How scoped credentials keep Tools safe across Agents
  • How Policies enforce allow/deny on Tool actions
  • How to add a custom Tool via MCP, REST or SQL

How Tools are wired

Connect an integration once in the Integrations cluster. After that, any Agent can attach it in step 3 of the builder. The Agent never sees raw credentials — it sees typed actions that the integration adapter mediates.

Attach Tools to an Agent

  1. 1

    Open step 3 of the builder

    The Tool Selection step lists every integration enabled in your Workspace.
  2. 2

    Tick the Tools you need

    Keep the belt focused — typically 3 to 8 Tools per Agent. Larger Tool belts make model decisions slower and noisier.
  3. 3

    Pick credentials per Tool

    If an integration supports multiple connected accounts, choose which one this Agent uses. Different Agents can use different scopes of the same integration.
  4. 4

    Attach a Policy (optional)

    Policies set allow/deny on specific Tool actions, plus rate and cost ceilings. Without a Policy, the Agent can call any action exposed by the Tool.

Custom Tools

When no built-in Tool fits, add your own. Dezifi supports three custom Tool surfaces: MCP (any MCP-compliant server), REST (point at an OpenAPI spec) and SQL (read or write against a registered database). Custom Tools attach to Agents the same way built-ins do.

Frequently asked questions

Can one Tool be used by many Agents?
Yes. A Tool is configured once and any Agent can attach it. Credentials and Policies are per-Agent so usage stays segmented.
What stops an Agent from calling a destructive action?
A Policy with an explicit deny rule, or a Guardrail that flags risky calls. Combine the two for defense in depth — Policy denies most cases, Guardrail catches edge cases at runtime.
How do I expose an internal API as a Tool?
Add a custom REST Tool, point it at your OpenAPI spec, attach credentials, and it becomes a first-class Tool with typed actions.
Are Tool calls traced?
Yes. Every Tool invocation appears in the Run Trace with arguments, response, latency and cost. The same Trace is searchable in Monitor.

Related

Integrations overview
Read more
Policies overview
Read more
Guardrails overview
Read more
Create an Agent
Read more