Skip to main content

aivcs_core/sandbox/
request.rs

1//! Tool request and policy verdict types.
2
3use serde::{Deserialize, Serialize};
4
5use crate::role_orchestration::roles::AgentRole;
6
7use super::capability::ToolCapability;
8
9/// A request to invoke a tool, submitted by a role.
10#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
11pub struct ToolRequest {
12    /// Human-readable tool name (e.g. "bash", "git_commit").
13    pub tool_name: String,
14    /// The capability this tool exercises.
15    pub capability: ToolCapability,
16    /// Opaque parameters forwarded to the tool executor.
17    pub params: serde_json::Value,
18    /// The role that is requesting the tool invocation.
19    pub requesting_role: AgentRole,
20}
21
22/// Outcome of evaluating a tool request against a policy set.
23#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
24#[serde(rename_all = "snake_case")]
25pub enum PolicyVerdict {
26    /// The request is allowed.
27    Allowed,
28    /// The request is denied with a reason.
29    Denied { reason: String },
30    /// The request requires explicit human approval before proceeding.
31    RequiresApproval { reason: String },
32}
33
34impl PolicyVerdict {
35    /// Returns `true` when the verdict is `Allowed`.
36    pub fn is_allowed(&self) -> bool {
37        matches!(self, PolicyVerdict::Allowed)
38    }
39}
40
41#[cfg(test)]
42mod tests {
43    use super::*;
44
45    #[test]
46    fn test_policy_verdict_is_allowed() {
47        assert!(PolicyVerdict::Allowed.is_allowed());
48        assert!(!PolicyVerdict::Denied {
49            reason: "nope".into()
50        }
51        .is_allowed());
52        assert!(!PolicyVerdict::RequiresApproval {
53            reason: "ask".into()
54        }
55        .is_allowed());
56    }
57
58    #[test]
59    fn test_tool_request_serde_roundtrip() {
60        let req = ToolRequest {
61            tool_name: "bash".into(),
62            capability: ToolCapability::ShellExec,
63            params: serde_json::json!({"cmd": "ls"}),
64            requesting_role: AgentRole::Coder,
65        };
66        let json = serde_json::to_string(&req).unwrap();
67        let back: ToolRequest = serde_json::from_str(&json).unwrap();
68        assert_eq!(req, back);
69    }
70}