Home/
Part XV — Troubleshooting, Checklists, and Reference/46. Vibe Coding Checklists/46.3 Tool checklist (permissions, budgets, timeouts)
46.3 Tool checklist (permissions, budgets, timeouts)
Overview and links for this section of the guide.
On this page
Tool Checklist
## Tool/Function Calling Checklist
### Permissions
- [ ] What can each tool access?
- [ ] Are dangerous operations gated?
- [ ] Is there a denylist for risky patterns?
- [ ] Can tools be misused for data exfiltration?
### Budgets
- [ ] Max number of tool calls per request?
- [ ] Max cost per tool invocation?
- [ ] Per-tool call limits (e.g., max 5 file writes)?
- [ ] Total token budget for tool results?
### Timeouts
- [ ] Timeout per tool call?
- [ ] Timeout for entire agent session?
- [ ] What happens on timeout? (Cancel gracefully)
### Input Validation
- [ ] Tool parameters validated before execution?
- [ ] Path traversal prevented for file tools?
- [ ] SQL injection prevented for database tools?
- [ ] Command injection prevented for shell tools?
### Output Handling
- [ ] Tool output size limited?
- [ ] Sensitive data redacted from output?
- [ ] Errors returned as structured objects?
- [ ] Success/failure clearly indicated?