Skip to content

Add runtime tool policy opt-in#257

Merged
chubes4 merged 1 commit into
mainfrom
issue/254-runtime-tool-policy
Jun 2, 2026
Merged

Add runtime tool policy opt-in#257
chubes4 merged 1 commit into
mainfrom
issue/254-runtime-tool-policy

Conversation

@chubes4
Copy link
Copy Markdown
Contributor

@chubes4 chubes4 commented Jun 2, 2026

Summary

  • Adds a generic policy/filter primitive that excludes caller-provided runtime tools by default unless explicitly opted in by name/category, allow-mode policy, allow_only, or mandatory policy.
  • Documents the runtime-tool visibility boundary separately from parameter sourcing so sensitive required parameters remain auditable through explicit client_context_bindings.
  • Expands smoke coverage for allow mode, deny mode, allow_only, explicit deny composition, non-runtime tools, and sensitive ambient context handling.

Verification

  • php tests/tool-policy-contracts-smoke.php
  • php tests/tool-runtime-smoke.php
  • composer test

Closes #254.

AI assistance

  • AI assistance: Yes
  • Tool(s): OpenCode (gpt-5.5)
  • Used for: implementation draft, tests, and verification

@chubes4 chubes4 merged commit e54011b into main Jun 2, 2026
2 checks passed
@chubes4 chubes4 deleted the issue/254-runtime-tool-policy branch June 2, 2026 03:28
This was referenced Jun 2, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Define generic opt-in policy for client runtime tools

1 participant

@chubes4