uses. This creates a least-privilege model for AI steps.
Scoped capabilities
An agent does not need access to every tool just because the workflow knows those tools exist. A classification agent may only need the user request and lightweight metadata. A research agent may need a read-only fetch tool. A creation agent may need a write tool, but only after earlier steps have produced validated inputs.Model-owned tool use
When a tool appears in an agent’suses list, the model can decide whether and how to call it during that agent step. This is useful when the model needs judgment. For example, the model may inspect a set of search results and decide which records need more detail, or it may call a retrieval tool only when the prompt requires evidence.
Model-owned tool use is powerful, but it should be scoped narrowly. The agent should only receive tools that are appropriate for its stage. The prompt should describe the purpose of the step, and the output schema should force the result into a shape the workflow can use later.
Workflow-owned tool calls
Some tool calls should not be left to model discretion. If the workflow always needs to fetch a task by ID, create a project before creating child tasks, or load a known resource before an agent runs, the workflow can call the tool directly.Staged capability unlocking
Many backend operations have a natural order. A project must exist before tasks can be attached to it. A task group must exist before questions can be assigned to the group. A selected answer list should exist before transcript details are loaded. A reviewer step should run before a write tool receives the final payload. Superwire lets the workflow author express that order directly. Earlier steps produce IDs or structured decisions. Later steps can reference those values and receive additional capabilities only when they are relevant. This staged model avoids giving the model too much power too early. It also mirrors how backend domains usually work. Capabilities are unlocked by earlier results, not exposed all at once.What this gives reviewers
Controlled tool access makes the workflow auditable. A reviewer can open the.wire file and answer practical questions: which model step can read user data, which step can create records, which tool calls are deterministic, and which tool calls are left to model judgment.
That does not replace application-level authorization, rate limits, transactions, or human review where needed. It does make the AI orchestration layer much easier to inspect.