Documentation
¶
Index ¶
- Constants
- Variables
- func ExpandPluginGroups(list []string, groups PluginToolGroups) []string
- func ExpandToolGroups(list []string) []string
- func FilterToolsByPolicy(names []string, policy *ToolPolicy) []string
- func IsOwnerOnlyToolName(name string) bool
- func NormalizeToolList(list []string) []string
- func NormalizeToolName(name string) string
- type EffectiveToolPolicy
- type GlobalToolPolicyConfig
- type PluginToolGroups
- type SubagentToolPolicyConfig
- type ToolPolicy
- func ExpandPolicyWithPluginGroups(policy *ToolPolicy, groups PluginToolGroups) *ToolPolicy
- func MergeAlsoAllow(policy *ToolPolicy, also_allow []string) *ToolPolicy
- func PickToolPolicy(config *ToolPolicyConfig) *ToolPolicy
- func ResolveSubagentToolPolicy(global *GlobalToolPolicyConfig) *ToolPolicy
- func ResolveToolProfilePolicy(profile ToolProfileID) *ToolPolicy
- func StripPluginOnlyAllowlist(policy *ToolPolicy, groups PluginToolGroups, coreTools map[string]struct{}) (bool, []string, *ToolPolicy)
- type ToolPolicyConfig
- type ToolProfileID
Constants ¶
const ( GroupSearch = "group:search" GroupCalc = "group:calc" GroupBuilder = "group:builder" GroupMessaging = "group:messaging" GroupRuntime = "group:runtime" GroupSessions = "group:sessions" GroupMemory = "group:memory" GroupWeb = "group:web" GroupMedia = "group:media" GroupUI = "group:ui" GroupAutomation = "group:automation" GroupNodes = "group:nodes" GroupStatus = "group:status" GroupOpenClaw = "group:openclaw" GroupAgentRemote = "group:agentremote" GroupAIBridge = "group:ai-bridge" GroupFS = "group:fs" )
Tool group constants for policy composition (OpenClaw-style shorthands).
Variables ¶
var ToolGroups = map[string][]string{ GroupSearch: {"web_search"}, GroupCalc: {"calculator"}, GroupBuilder: {"create_agent", "fork_agent", "edit_agent", "delete_agent", "list_agents", "run_internal_command"}, GroupMessaging: {"message"}, GroupSessions: {"sessions_list", "sessions_history", "sessions_send", "sessions_spawn", "session_status"}, GroupMemory: {"memory_search", "memory_get"}, GroupRuntime: {"exec", "process"}, GroupWeb: {"web_search", "web_fetch"}, GroupMedia: {"image", "image_generate", "tts"}, GroupUI: {"browser", "canvas"}, GroupAutomation: {"cron", "gateway"}, GroupNodes: {"nodes"}, GroupStatus: {"session_status"}, GroupOpenClaw: { "browser", "canvas", "nodes", "cron", "message", "gateway", "agents_list", "sessions_list", "sessions_history", "sessions_send", "sessions_spawn", "session_status", "memory_search", "memory_get", "web_search", "web_fetch", "image", }, GroupAgentRemote: agentRemoteExtras, GroupAIBridge: agentRemoteExtras, GroupFS: {"read", "write", "edit", "apply_patch"}, }
ToolGroups maps group names to tool names for policy composition.
var ToolProfiles = map[ToolProfileID]toolProfilePolicy{ ProfileSimple: {Allow: []string{"session_status", "web_search"}}, ProfileCoding: {Allow: []string{GroupFS, GroupRuntime, GroupSessions, GroupMemory, "image"}}, ProfileMessaging: {Allow: []string{GroupMessaging, "sessions_list", "sessions_history", "sessions_send", "session_status"}}, ProfileFull: {}, ProfileBoss: {}, }
ToolProfiles define which tool groups each profile allows.
Functions ¶
func ExpandPluginGroups ¶
func ExpandPluginGroups(list []string, groups PluginToolGroups) []string
ExpandPluginGroups expands plugin group shorthands inside a list.
func ExpandToolGroups ¶
ExpandToolGroups expands group shorthands to tool names.
func FilterToolsByPolicy ¶
func FilterToolsByPolicy(names []string, policy *ToolPolicy) []string
FilterToolsByPolicy filters tools by policy.
func IsOwnerOnlyToolName ¶
IsOwnerOnlyToolName reports whether the tool is restricted to owners.
func NormalizeToolList ¶
NormalizeToolList normalizes each tool name in a list.
func NormalizeToolName ¶
NormalizeToolName converts to lowercase without accepting legacy aliases.
Types ¶
type EffectiveToolPolicy ¶
type EffectiveToolPolicy struct {
GlobalPolicy *ToolPolicy
GlobalProviderPolicy *ToolPolicy
AgentPolicy *ToolPolicy
AgentProviderPolicy *ToolPolicy
Profile ToolProfileID
ProviderProfile ToolProfileID
ProfileAlsoAllow []string
ProviderAlsoAllow []string
}
EffectiveToolPolicy collects all resolved tool policies for evaluation.
func ResolveEffectiveToolPolicy ¶
func ResolveEffectiveToolPolicy(params struct {
Global *GlobalToolPolicyConfig
Agent *ToolPolicyConfig
ModelProvider string
ModelID string
}) EffectiveToolPolicy
ResolveEffectiveToolPolicy resolves global and agent policies plus provider overrides.
type GlobalToolPolicyConfig ¶
type GlobalToolPolicyConfig struct {
ToolPolicyConfig `yaml:",inline"`
Subagents *SubagentToolPolicyConfig `json:"subagents,omitempty" yaml:"subagents"`
}
GlobalToolPolicyConfig extends ToolPolicyConfig with subagent defaults.
type PluginToolGroups ¶
PluginToolGroups tracks plugin tool groupings.
func BuildPluginToolGroups ¶
func BuildPluginToolGroups[T any](tools []T, toolName func(T) string, toolMeta func(T) (string, bool)) PluginToolGroups
BuildPluginToolGroups groups tools by plugin id.
type SubagentToolPolicyConfig ¶
type SubagentToolPolicyConfig struct {
Tools *ToolPolicyConfig `json:"tools,omitempty" yaml:"tools"`
}
SubagentToolPolicyConfig configures subagent tool defaults.
type ToolPolicy ¶
type ToolPolicy struct {
Allow []string `json:"allow,omitempty"`
Deny []string `json:"deny,omitempty"`
}
ToolPolicy is a resolved allow/deny policy.
func ExpandPolicyWithPluginGroups ¶
func ExpandPolicyWithPluginGroups(policy *ToolPolicy, groups PluginToolGroups) *ToolPolicy
ExpandPolicyWithPluginGroups expands plugin group shorthands inside a policy.
func MergeAlsoAllow ¶
func MergeAlsoAllow(policy *ToolPolicy, also_allow []string) *ToolPolicy
MergeAlsoAllow appends also_allow into an allowlist if present.
func PickToolPolicy ¶
func PickToolPolicy(config *ToolPolicyConfig) *ToolPolicy
PickToolPolicy merges allow/also_allow/deny into a resolved policy.
func ResolveSubagentToolPolicy ¶
func ResolveSubagentToolPolicy(global *GlobalToolPolicyConfig) *ToolPolicy
ResolveSubagentToolPolicy returns the default subagent policy (deny wins).
func ResolveToolProfilePolicy ¶
func ResolveToolProfilePolicy(profile ToolProfileID) *ToolPolicy
ResolveToolProfilePolicy returns the allow/deny lists for a profile.
func StripPluginOnlyAllowlist ¶
func StripPluginOnlyAllowlist(policy *ToolPolicy, groups PluginToolGroups, coreTools map[string]struct{}) (bool, []string, *ToolPolicy)
StripPluginOnlyAllowlist removes allowlists that only target plugin tools.
type ToolPolicyConfig ¶
type ToolPolicyConfig struct {
Allow []string `json:"allow,omitempty" yaml:"allow"`
AlsoAllow []string `json:"also_allow,omitempty" yaml:"also_allow"`
Deny []string `json:"deny,omitempty" yaml:"deny"`
Profile ToolProfileID `json:"profile,omitempty" yaml:"profile"`
ByProvider map[string]ToolPolicyConfig `json:"by_provider,omitempty" yaml:"by_provider"`
}
ToolPolicyConfig matches OpenClaw's allow/deny policy (global or per-agent).
func (*ToolPolicyConfig) Clone ¶
func (c *ToolPolicyConfig) Clone() *ToolPolicyConfig
Clone creates a deep copy of ToolPolicyConfig.
type ToolProfileID ¶
type ToolProfileID string
ToolProfileID defines access levels (OpenClaw-style).
const ( ProfileSimple ToolProfileID = "simple" ProfileCoding ToolProfileID = "coding" ProfileMessaging ToolProfileID = "messaging" ProfileFull ToolProfileID = "full" ProfileBoss ToolProfileID = "boss" )
Source Files