agentix.guards.trust¶
trust ¶
Recipient-trust guard.
Defends against "send data to an endpoint that came from untrusted content": if a tool call carries a recipient/endpoint argument, the call is denied unless an injected predicate confirms the recipient was genuinely user-supplied.
Fail-closed by default. With no predicate, nothing is a trusted recipient —
this matches the documented intent of the reference (whose default mistakenly
trusted everything). Supply is_trusted to whitelist legitimate destinations.