Interface IToolMetadata
Provides standardized metadata about a tool's risk profile and operational characteristics.
public interface IToolMetadataExamples
Example: Implementing IToolMetadata on a custom tool
public class MyDangerousTool : ITool, IToolMetadata
{
public string Name => "my_dangerous_tool";
public string Description => "Does something risky";
public string InputSchema => "{ \"type\": \"object\" }";
// IToolMetadata
public string Category => "custom";
public ToolSideEffect SideEffect => ToolSideEffect.Irreversible;
public ToolRiskLevel RiskLevel => ToolRiskLevel.Critical;
public ToolApprovalMode DefaultApproval => ToolApprovalMode.Always;
public bool IsIdempotent => false;
public bool IsReadOnly => false;
public Task<string> InvokeAsync(string arguments, CancellationToken ct) => ...;
}Remarks
Tools that implement this interface declare their security-relevant properties, enabling the ToolPermissionPolicy to enforce allow/deny rules, approval workflows, and risk-based filtering without inspecting tool arguments at runtime.
All built-in tools implement this interface. Custom ITool implementations may optionally implement it to benefit from policy-based governance.
Design Rationale
Attaching metadata directly to the tool (rather than relying on external registries)
makes policies portable: a skill that uses web.fetch and fs.read can be
governed consistently regardless of the host application.
Properties
- Category
Gets the category this tool belongs to.
- DefaultApproval
Gets the default approval mode for this tool.
- IsIdempotent
Gets whether the tool is idempotent (safe to retry without changing outcome).
- IsReadOnly
Gets whether the tool performs only read operations with no state mutation.
- RiskLevel
Gets the inherent risk level of this tool.
- SideEffect
Gets the type of side effect this tool may produce.