Class ToolPermissionPolicy

Namespace: LMKit.Agents.Tools

Assembly: LM-Kit.NET.dll

Defines which tools an agent is permitted to use and under what conditions.

public sealed class ToolPermissionPolicy

Inheritance: object

ToolPermissionPolicy

Inherited Members: object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.ReferenceEquals(object, object)

object.ToString()

Examples

Example: A safe chat profile

var policy = new ToolPermissionPolicy()
    .Allow("calculator", "datetime", "text", "json")
    .AllowCategory("numeric", "text", "utility")
    .DenyCategory("io", "net")
    .SetMaxRiskLevel(ToolRiskLevel.Low);

Example: A developer assistant profile

var policy = new ToolPermissionPolicy()
    .AllowCategory("data", "text", "numeric", "utility", "security")
    .Allow("filesystem", "http", "websearch", "process")
    .Deny("smtp", "ftp")
    .RequireApproval("process", "filesystem")
    .SetMaxRiskLevel(ToolRiskLevel.High);

Remarks

A permission policy controls tool access through three mechanisms:

Allow/Deny lists: Specify which tools (by name or wildcard pattern) are permitted or blocked.
Category rules: Allow or deny entire tool categories (e.g., "io", "net").
Risk-level gates: Set a maximum risk level; tools exceeding it are blocked or require approval.

Evaluation Order: Deny rules are evaluated first and take precedence over allow rules. If no explicit rule matches, the DefaultAction determines the outcome.

Properties

DefaultAction: Gets or sets the default action when no explicit rule matches a tool. Default is Allow.

MaxRiskLevel: Gets or sets the maximum allowed risk level. Tools with a higher ToolRiskLevel are denied unless explicitly allowed. Default is null (no risk-level gate).

Methods

Allow(params string[]): Adds tool names to the allow list.

AllowCategory(params string[]): Allows all tools in the specified categories.

Deny(params string[]): Adds tool names to the deny list. Deny rules take precedence over allow rules.

DenyCategory(params string[]): Denies all tools in the specified categories.

Evaluate(ITool): Evaluates whether the specified tool is permitted by this policy.

RequireApproval(params string[]): Marks specific tools as requiring user approval before execution.

RequireApprovalForCategory(params string[]): Marks all tools in the specified categories as requiring user approval.

SetMaxRiskLevel(ToolRiskLevel): Sets the maximum allowed ToolRiskLevel. Tools exceeding this level are denied unless explicitly allowed by name.

Table of Contents

Class ToolPermissionPolicy

Examples

Remarks

Properties

Methods