# Example 2 of Dynamic Agent: Different Tool Access for Different User Roles

## Goal
* Give internal employees access to a database, but only give external users access to web search.

## How to get the database we will use in this exercise

We have included the database in the repository, so you do not need to download it separately. It is already in the root directory.

For your information, the Chinook database is a sample database commonly used for demonstrations and it is publicly available [here](https://github.com/lerocha/chinook-database). We are using specifically the Chinook_Sqlite.sqlite database and have renamed it to `Chinook.db`.

## The Code

In [1]:
from dotenv import load_dotenv

load_dotenv()

True

In [11]:
from langchain.tools import tool
from typing import Dict, Any
from tavily import TavilyClient
from langchain_community.utilities import SQLDatabase

# Fix: Specify the tables with correct capitalization to avoid error
db = SQLDatabase.from_uri(
    "sqlite:///Chinook.db",
    include_tables=['Artist', 'Album', 'Track', 'Customer', 'Invoice']  # Use exact names!
)

tavily_client = TavilyClient()

@tool
def web_search(query: str) -> Dict[str, Any]:

    """Search the web for information"""

    return tavily_client.search(query)

@tool
def sql_query(query: str) -> str:

    """Obtain information from the database using SQL queries"""

    try:
        return db.run(query)
    except Exception as e:
        return f"Error: {e}"

from dataclasses import dataclass

@dataclass
class UserRole:
    user_role: str = "external"

from langchain.agents.middleware import wrap_model_call, ModelRequest, ModelResponse
from typing import Callable

@wrap_model_call
def dynamic_tool_call(request: ModelRequest, 
handler: Callable[[ModelRequest], ModelResponse]) -> ModelResponse:

    """Dynamically call tools based on the runtime context"""

    user_role = request.runtime.context.user_role
    
    if user_role == "internal":
        pass # internal users get access to all tools
    else:
        tools = [web_search] # external users only get access to web search
        request = request.override(tools=tools) 

    return handler(request)

from langchain.agents import create_agent

agent = create_agent(
    model="gpt-4o-mini",
    tools=[web_search, sql_query],
    middleware=[dynamic_tool_call],
    context_schema=UserRole
)

from langchain.messages import HumanMessage

response = agent.invoke(
    {"messages": [HumanMessage(content="How many artists are in the database?")]},
    context={"user_role": "external"}
)

print(response["messages"][-1].content)

There are over 1.4 million musical artists present in the MusicBrainz database. Additionally, another source mentions a specific database of 16,000 artists that were used to train an AI model like Midjourney. If you're looking for a particular database or context, feel free to specify!


## Why are we getting this output?
Let me explain **exactly** what's happening here and **why the app is NOT reading the database**.

#### **Step-by-Step Breakdown**

1. **We set the user role to "external"**:
   ```python
   context={"user_role": "external"}
   ```

2. **The middleware intercepts the request**:
   - It checks: `user_role = request.runtime.context.user_role`
   - Since `user_role == "external"` (not "internal"), it enters the `else` block

3. **The middleware BLOCKS database access**:
   ```python
   else:
       tools = [web_search]  # Only web search allowed!
       request = request.override(tools=tools)  # Removes sql_query tool
   ```

4. **The agent can ONLY use web search**:
   - Even though we created the agent with both `[web_search, sql_query]` tools
   - The middleware **removes** the `sql_query` tool at runtime for external users
   - The agent has no choice but to use `web_search`

5. **The agent searches the web**:
   - Our question: "How many artists are in the database?"
   - The agent calls the Tavily web search API
   - Gets results about various public databases (Midjourney, MusicBrainz, etc.)
   - Returns that information to us

---

#### **Proof: The Agent is Using Web Search, Not Your Database**

The response mentions:
- **Midjourney AI Database**: 16,000 artists
- **MusicBrainz Database**: 1.4 million artists
- **A music library**: 1,312 artists

These are **external web results**, not from your local Chinook.db file! Your Chinook database actually has **275 artists** (if you downloaded the standard version).

## How can we make the app read the Database?

If we change the user role to `"internal"`:

```python
response = agent.invoke(
    {"messages": [HumanMessage(content="How many artists are in the database?")]},
    context={"user_role": "internal"}  # Changed from "external" to "internal"
)
print(response["messages"][-1].content)
```

**Now the output should be something like:**

```
There are 275 artists in the database.
```

In [12]:
response_internal = agent.invoke(
    {"messages": [HumanMessage(content="How many artists are in the database?")]},
    context={"user_role": "internal"}
)
print(response_internal["messages"][-1].content)

There are 275 artists in the database.


## Let's explain the previous code in simple terms
Below is a beginner-friendly, **line-by-line** explanation of the original code (the first version, with the external user).

#### 1) Imports + setup objects

```python
from langchain.tools import tool
```

* Imports the `tool` decorator.
* You use `@tool` to tell LangChain: “This function is a tool the agent is allowed to call.”

```python
from typing import Dict, Any
```

* Imports type hints.
* `Dict[str, Any]` means: “a dictionary with string keys and values of any type.”

```python
from tavily import TavilyClient
```

* Imports Tavily’s web search client (a helper to search the web).

```python
from langchain_community.utilities import SQLDatabase
```

* Imports LangChain’s helper class for connecting to SQL databases.

```python
tavily_client = TavilyClient()
```

* Creates a Tavily client object.
* You’ll use it later to run `tavily_client.search(...)`.

```python
db = SQLDatabase.from_uri("sqlite:///Chinook.db")
```

* Connects to a SQLite database file named `Chinook.db`.
* `sqlite:///...` is a database connection string (URI).

---

#### 2) Tool #1: web search

```python
@tool
def web_search(query: str) -> Dict[str, Any]:
```

* Defines a function named `web_search`.
* `@tool` registers it as a callable tool for the agent.
* It takes a `query` string and returns a dictionary.

```python
    """Search the web for information"""
```

* This docstring describes the tool.
* Many agent systems use docstrings to decide when a tool is useful.

```python
    return tavily_client.search(query)
```

* Runs a web search using Tavily and returns the results.

---

#### 3) Tool #2: SQL query

```python
@tool
def sql_query(query: str) -> str:
```

* Another tool, named `sql_query`.
* Takes a SQL query string and returns a string.

```python
    """Obtain information from the database using SQL queries"""
```

* Describes what this tool does.

```python
    try:
        return db.run(query)
```

* `db.run(query)` executes the SQL against the connected database.
* If it works, return the database output.

```python
    except Exception as e:
        return f"Error: {e}"
```

* If something goes wrong (bad SQL, missing table, etc.), return a readable error string instead of crashing.

---

#### 4) Defining “context” (user role)

```python
from dataclasses import dataclass
```

* Imports `@dataclass`, a shortcut for making simple classes.

```python
@dataclass
class UserRole:
    user_role: str = "external"
```

* Defines a context schema with one field: `user_role`.
* Default is `"external"` (the “safer” role).
* This schema is later used by the agent runtime so middleware can read `request.runtime.context.user_role`.

---

#### 5) Middleware: filter tools at runtime

```python
from langchain.agents.middleware import wrap_model_call, ModelRequest, ModelResponse
from typing import Callable
```

* Imports types and a decorator for “middleware around model calls.”
* `ModelRequest` is what the agent is about to send to the model (includes tools, messages, context, etc.).
* `ModelResponse` is what comes back.
* `Callable[[ModelRequest], ModelResponse]` describes a function that takes a request and returns a response (the handler).

```python
@wrap_model_call
def dynamic_tool_call(request: ModelRequest, 
handler: Callable[[ModelRequest], ModelResponse]) -> ModelResponse:
```

* This creates a middleware function.
* `@wrap_model_call` means: “run this function every time the agent is about to call the model.”
* It receives:

  * `request`: the current model request
  * `handler`: the “next step” function that actually performs the model call

```python
    """Dynamically call tools based on the runtime context"""
```

* Docstring explaining the purpose.

```python
    user_role = request.runtime.context.user_role
```

* Pulls the role (“internal” or “external”) from the runtime context.

```python
    if user_role == "internal":
        pass # internal users get access to all tools
```

* If internal, do nothing.
* That means the request keeps whatever tools it already had (both tools).

```python
    else:
        tools = [web_search] # external users only get access to web search
        request = request.override(tools=tools) 
```

* If external:

  * Restrict tools to ONLY `[web_search]`.
  * `request.override(tools=tools)` makes a modified copy of the request where the tool list is replaced.

```python
    return handler(request)
```

* Very important: middleware must call `handler(request)` to continue the pipeline.
* This returns the model’s final response (after applying your tool restrictions).

---

#### 6) Create the agent

```python
from langchain.agents import create_agent
```

* Imports the helper that builds an agent configured with model/tools/middleware.

```python
agent = create_agent(
    model="gpt-4o-mini",
    tools=[web_search, sql_query],
    middleware=[dynamic_tool_call],
    context_schema=UserRole
)
```

* Creates an agent:

  * `model="gpt-4o-mini"`: which model to use
  * `tools=[web_search, sql_query]`: the full set of possible tools
  * `middleware=[dynamic_tool_call]`: your runtime filter
  * `context_schema=UserRole`: tells LangChain what context fields exist (so `request.runtime.context.user_role` works)

---

#### 7) Invoke the agent with an “external” user

```python
from langchain.messages import HumanMessage
```

* Imports the message type used for user messages.

```python
response = agent.invoke(
    {"messages": [HumanMessage(content="How many artists are in the database?")]},
    context={"user_role": "external"}
)
```

* Calls the agent with:

  * A message asking: “How many artists are in the database?”
  * A context dictionary: user_role is `"external"`

**Key idea:** Because user is external, middleware removes `sql_query`. So the agent cannot query the database.

```python
print(response["messages"][-1].content)
```

* Prints the final assistant message text (the last message in the conversation list).


#### A very simple summary for beginners

* We created **two tools**: one searches the web, one queries a database.
* We created a **user role** (`internal` vs `external`).
* Middleware runs **before every model call** and **removes the database tool** for external users.
* So external users can’t access the DB, even though the agent “knows” the tool exists.

## How to run this code from Visual Studio Code
* Open Terminal.
* Make sure you are in the project folder.
* Make sure you have the poetry env activated.
* Enter and run the following command:
    * `python 016-dyn-agent-custom-tool-access.py`