MCPcopy
hub / github.com/opensquilla/opensquilla / apply_tool_policy

Function apply_tool_policy

src/opensquilla/tools/policy_helpers.py:23–101  ·  view source on GitHub ↗

Return a ``ToolContext`` with resolved allow/deny sets. Global and agent policy establish the base allowlist and hard denies. Agent profile overrides global profile. Channel/default/sender layers can further restrict or add tools, but global/agent denies still win.

(
    ctx: ToolContext,
    *,
    available_tools: list[str],
    global_policy: ToolPolicy | None = None,
    agent_policy: ToolPolicy | None = None,
    default_channel_policy: ToolPolicy | None = None,
    channel_policy: ToolPolicy | None = None,
)

Source from the content-addressed store, hash-verified

21
22
23def apply_tool_policy(
24 ctx: ToolContext,
25 *,
26 available_tools: list[str],
27 global_policy: ToolPolicy | None = None,
28 agent_policy: ToolPolicy | None = None,
29 default_channel_policy: ToolPolicy | None = None,
30 channel_policy: ToolPolicy | None = None,
31) -> ToolContext:
32 """Return a ``ToolContext`` with resolved allow/deny sets.
33
34 Global and agent policy establish the base allowlist and hard denies.
35 Agent profile overrides global profile. Channel/default/sender layers can
36 further restrict or add tools, but global/agent denies still win.
37 """
38
39 available = frozenset(available_tools)
40 allowed_tools = set(ctx.allowed_tools) if ctx.allowed_tools is not None else None
41 denied_tools = set(ctx.denied_tools)
42
43 allowed_tools, denied_tools = policy_config.apply_base_policy(
44 allowed_tools,
45 denied_tools,
46 global_policy,
47 available,
48 )
49 allowed_tools, denied_tools = policy_config.apply_base_policy(
50 allowed_tools,
51 denied_tools,
52 agent_policy,
53 available,
54 profile_overrides=True,
55 )
56 hard_denied = set(denied_tools)
57
58 channel_denied: set[str] = set()
59 allowed_tools, channel_denied = policy_config.apply_channel_layer(
60 allowed_tools,
61 channel_denied,
62 default_channel_policy,
63 available,
64 )
65 allowed_tools, channel_denied = policy_config.apply_sender_layer(
66 allowed_tools,
67 channel_denied,
68 policy_config.sender_policy(default_channel_policy, ctx.sender_id),
69 available,
70 )
71 allowed_tools, channel_denied = policy_config.apply_channel_layer(
72 allowed_tools,
73 channel_denied,
74 channel_policy,
75 available,
76 )
77 allowed_tools, channel_denied = policy_config.apply_sender_layer(
78 allowed_tools,
79 channel_denied,
80 policy_config.sender_policy(channel_policy, ctx.sender_id),

Callers 1

Calls 2

setFunction · 0.50

Tested by

no test coverage detected