Writing rules: when should the agent use a tool?

Connected tools are inert until you write rules for when the agent
should use them. The rule is what turns a generic API into "the agent
fetches Meta Ads ROAS the moment a customer asks about ad performance".

The "when to use" rule

This is the most important field. Plain English, specific, with concrete
trigger phrases. The agent reads this every turn and decides whether the
situation matches.

Strong rules describe the signal in the conversation, not the
action of the tool:

When the contact asks about ad performance, ROAS, CPM, CTR, spend, or
conversion numbers for the last 7/30 days.

Weak rules are too vague:

Use this for ad data.

Common patterns that work well:

• "When the contact mentions [specific words / topics]"
• "When the contact asks for [specific output]"
• "Only when the contact provides a [specific identifier — order ID,
• "Never call this unless the contact has explicitly [confirmed /

Required keywords (optional gate)

Comma-separated list. If set, the tool is completely hidden from the
agent unless at least one keyword appears in the inbound message
(case-insensitive). This is a hard gate — useful for tools you only ever
want fired in specific contexts.

ads, campaign, roas, spend, cpm, conversion

When to use the gate:

• The tool is destructive or expensive ("pause campaign" — only fire
• The tool would cause confusion if it ever ran by mistake
• The agent has been over-eagerly calling the tool in unrelated contexts

When not to use the gate:

• Most read-only tools — the "when to use" rule is enough
• Anything where natural language varies a lot ("look up my account"

Require human approval

Toggle this on for tools where you want a human to confirm before the
agent fires. When set:

• The agent is told in its system prompt: "Before calling this tool,
• The agent's reply will end with "Let me check with the team" rather

This is currently a soft constraint — enforcement is via the prompt
to the model, not via execution interception. We're tracking a stricter
hard-stop variant for high-risk tools as a follow-up.

A worked example

Connecting Meta Ads with three tools:

| Tool | When to use | Keywords | Approval? |
|------|-------------|----------|-----------|
| get_campaign_performance | Contact asks for ROAS, CTR, CPM, spend, or conversion numbers for any time window. | ads, campaign, roas, spend | No |
| pause_campaign | Contact reports their ads are spending too fast OR explicitly asks to pause a named campaign. | pause, stop, halt | Yes |
| suggest_optimizations | Performance is below the contact's stated target and the contact asks what to change. | improve, optimize, fix, why | No |

Result: the agent reads conversation, fetches numbers freely when asked,
suggests changes when prompted, and never pauses anything without a
human in the loop.

Iterating on rules

Use Replay & Fork to test rule changes against
real past conversations before pushing live. Append a candidate rule in
the Replay editor's "additional instructions" field and see what the
agent would have said.