Enforce mode blocks denied tool calls.

Enforce mode turns runtime policy into a control point. If an agent attempts an action such as delete_repo and a deny rule matches, the request is rejected before any connector token is minted or upstream API call is made.

1. Agent attempts delete_repo on acme/app
2. z-gateway authenticates the agent and workspace
3. Policy engine matches deny delete_repo
4. Action is denied before GitHub execution
5. Runtime event is logged with the policy reason

The control is applied to the actual tool call, not just to model instructions. That means z-gateway can enforce allow and deny decisions even when an agent proposes or attempts an unsafe action.

Enforce calls may be limited by plan. The dashboard mode switcher shows daily and monthly enforce usage, reset timing, and plan availability before you enable enforce mode. If an enforce quota is exhausted while the workspace remains configured for enforce mode, z-gateway does not silently change the saved mode; the dashboard shows Enforce Paused and runtime calls are logged with quota reason codes.