Tool_Call_Firewall_Engine

Runtime boundary guard that inspects proposed tool invocations for prompt injection, data exfiltration, and anomalous recursion, using contextual provenance and zero-trust rules to return a Go/No-Go decision and log security-relevant events.