Problem
Tool calls currently know their name and arguments, but policy layers need richer context: session id, channel, actor, source, agent id, visible-tool scope, and whether the call came from a user chat, webhook, cron job, or channel. Without structured context, policies fall back to brittle log parsing or name-based inference.
Generic use case
Profiles, enterprise policies, channel permissions, audit systems, and generated tool routers can make decisions based on who asked, where the request came from, and which agent/session is acting.
Managed-runtime use case
A compiled runtime contract can enforce role-based access, channel allowlists, destination allowlists, and per-session idempotency using explicit ToolCallContext fields instead of guessing from message text.
Proposed shape
- Add
ToolCallContext with stable fields for session, channel/source, agent id, user/actor hints, and correlation id.
- Pass context into tool-policy middleware and optionally
ToolCallOptions.
- Preserve backwards compatibility for tools that ignore the context.
- Include context in audit/policy events with redaction.
Acceptance criteria
- Existing tools compile without changes.
- Tests cover context population for chat/session path and bus/channel path where available.
- Context is passed to policy before tool execution.
- Sensitive fields are redacted from logs by default.
Alignment
This is generic OpenHuman runtime plumbing. It helps Composio, MCP, built-in tools, and future contract-driven runtime layers equally.
Problem
Tool calls currently know their name and arguments, but policy layers need richer context: session id, channel, actor, source, agent id, visible-tool scope, and whether the call came from a user chat, webhook, cron job, or channel. Without structured context, policies fall back to brittle log parsing or name-based inference.
Generic use case
Profiles, enterprise policies, channel permissions, audit systems, and generated tool routers can make decisions based on who asked, where the request came from, and which agent/session is acting.
Managed-runtime use case
A compiled runtime contract can enforce role-based access, channel allowlists, destination allowlists, and per-session idempotency using explicit
ToolCallContextfields instead of guessing from message text.Proposed shape
ToolCallContextwith stable fields for session, channel/source, agent id, user/actor hints, and correlation id.ToolCallOptions.Acceptance criteria
Alignment
This is generic OpenHuman runtime plumbing. It helps Composio, MCP, built-in tools, and future contract-driven runtime layers equally.