Enables policy-enforced access to dangerous tools like file read/write/delete and shell execution, with approval workflows, risk classification, and audit logging.