What is a Forbidden Argument?
A policy rule that blocks tool calls containing a specific argument or argument value. Forbidden argument constraints prevent agents from using dangerous parameters — for example, forbidding force: true on destructive operations or blocking admin-level privilege escalation flags.
WHY IT MATTERS
Some tool arguments are inherently dangerous. A force: true flag bypasses safety checks. A --no-verify option skips validation. A recursive: true parameter on a delete operation turns a single-file removal into a directory wipe. Forbidden argument constraints let policies block these specific danger signals.
This is more nuanced than simply blocking the entire tool. The tool itself might be perfectly safe — it is a specific argument or argument value that creates risk. By forbidding the dangerous parameter rather than the entire tool, policies maintain agent productivity while eliminating the most hazardous usage patterns.
Forbidden argument constraints are particularly valuable for tools with broad capabilities. A shell execution tool, a database query tool, or a cloud infrastructure tool might accept hundreds of valid parameter combinations. Rather than trying to enumerate every safe combination, operators forbid the known-dangerous ones — a much more maintainable approach.
HOW POLICYLAYER USES THIS
Intercept supports forbidden argument rules in YAML policies. The forbidden: true flag blocks calls containing the specified argument entirely. For value-specific blocking, forbidden_values denies calls where the argument matches any value in the list — e.g. blocking force: true while allowing force: false. Violations are logged to the audit trail with the specific forbidden argument that triggered the denial.