d-bis/FusionAGI
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
FusionAGI/fusionagi/governance/access_control.py
defiQUG c052b07662
Some checks failed
Tests / test (3.10) (push) Has been cancelled
Details
Tests / test (3.11) (push) Has been cancelled
Details
Tests / test (3.12) (push) Has been cancelled
Details
Tests / lint (push) Has been cancelled
Details
Tests / docker (push) Has been cancelled
Details
Initial commit: add .gitignore and README
2026-02-09 21:51:42 -08:00

31 lines
1.2 KiB
Python
Raw Permalink Blame History

"""Tool access control: central policy for which agent may call which tools.
Optional; not wired to Executor or Orchestrator by default. Wire by passing
an AccessControl instance and checking allowed(agent_id, tool_name, task_id)
before tool invocation.
"""
class AccessControl:
"""Policy: (agent_id, tool_name, task_id) -> allowed."""
def __init__(self) -> None:
self._deny: set[tuple[str, str]] = set()
self._task_tools: dict[str, set[str]] = {}
def deny(self, agent_id: str, tool_name: str) -> None:
"""Deny agent from using tool (global)."""
self._deny.add((agent_id, tool_name))
def allow_tools_for_task(self, task_id: str, tool_names: list[str]) -> None:
"""Set allowed tools for a task (empty = all allowed)."""
self._task_tools[task_id] = set(tool_names)
def allowed(self, agent_id: str, tool_name: str, task_id: str | None = None) -> bool:
"""Return True if agent may call tool (optionally for this task)."""
if (agent_id, tool_name) in self._deny:
return False
if task_id and task_id in self._task_tools:
return tool_name in self._task_tools[task_id]
return True
Reference in New Issue View Git Blame Copy Permalink