agentix.guards.permissions¶
permissions ¶
Dynamic permission guards.
CallbackGuard is agentix's can_use_tool: a per-call callback that decides
allow / deny / ask based on whatever you like — the tool, its args, the user's
role, external state, a rate limiter. ToolAllowlistGuard is the declarative
"this agent may only use these tools" case.
Both are ordinary guards, so they compose with the rest of the pipeline (tiers, PII, injection). The pipeline is AND-ed: the most restrictive guard wins (first deny stops; any confirm asks).
CallbackGuard ¶
Bases: Guard
Decide each tool call with a user-supplied callback (can_use_tool).
The callback receives the :class:ToolCall and :class:GuardContext and
returns a :class:Decision (Decision.allow() / .deny(reason) /
.confirm(reason)) or a plain bool. Sync or async::
async def can_use(call, ctx):
if call.name == "refund" and call.args["amount"] > 1000:
return Decision.deny("refunds over $1000 need a manager")
return Decision.allow()
Agent(..., guards=[CallbackGuard(can_use)], confirm_fn=...)