Skip to content

agentix.guards.trust

trust

Recipient-trust guard.

Defends against "send data to an endpoint that came from untrusted content": if a tool call carries a recipient/endpoint argument, the call is denied unless an injected predicate confirms the recipient was genuinely user-supplied.

Fail-closed by default. With no predicate, nothing is a trusted recipient — this matches the documented intent of the reference (whose default mistakenly trusted everything). Supply is_trusted to whitelist legitimate destinations.