From 09e99824d4fd84b53c90dcf2a7cb9b742d42ca39 Mon Sep 17 00:00:00 2001 From: Abhijit Balaji Date: Mon, 9 Mar 2026 09:29:52 -0700 Subject: [PATCH] docs: document tool exclusion from memory via deny policy (#21428) Co-authored-by: Sam Roberts <158088236+g-samroberts@users.noreply.github.com> --- docs/reference/policy-engine.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/reference/policy-engine.md b/docs/reference/policy-engine.md index e8de8c5aff..38a0b4d50c 100644 --- a/docs/reference/policy-engine.md +++ b/docs/reference/policy-engine.md @@ -91,10 +91,17 @@ the arguments don't match the pattern, the rule does not apply. There are three possible decisions a rule can enforce: - `allow`: The tool call is executed automatically without user interaction. -- `deny`: The tool call is blocked and is not executed. +- `deny`: The tool call is blocked and is not executed. For global rules (those + without an `argsPattern`), tools that are denied are **completely excluded + from the model's memory**. This means the model will not even see the tool as + an option, which is more secure and saves context window space. - `ask_user`: The user is prompted to approve or deny the tool call. (In non-interactive mode, this is treated as `deny`.) +> **Note:** The `deny` decision is the recommended way to exclude tools. The +> legacy `tools.exclude` setting in `settings.json` is deprecated in favor of +> policy rules with a `deny` decision. + ### Priority system and tiers The policy engine uses a sophisticated priority system to resolve conflicts when