oris-runtime 0.15.0

An agentic workflow runtime and programmable AI execution system in Rust: stateful graphs, agents, tools, and multi-step execution.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167

use std::sync::Arc;

use async_trait::async_trait;

use crate::{
    agent::{
        context_engineering::ModelRequest,
        middleware::{Middleware, MiddlewareContext, MiddlewareError},
        AgentState,
    },
    tools::{Tool, ToolContext},
};

/// Middleware that dynamically filters and selects tools based on context.
///
/// This allows you to control which tools are available to the model
/// based on State, Store, or Runtime Context (e.g., permissions, feature flags).
pub struct DynamicToolsMiddleware {
    /// Function that filters tools based on ModelRequest
    tool_filter: Arc<dyn Fn(&ModelRequest) -> Vec<Arc<dyn Tool>> + Send + Sync>,
}

impl DynamicToolsMiddleware {
    /// Create a new DynamicToolsMiddleware with a tool filter function
    pub fn new<F>(filter: F) -> Self
    where
        F: Fn(&ModelRequest) -> Vec<Arc<dyn Tool>> + Send + Sync + 'static,
    {
        Self {
            tool_filter: Arc::new(filter),
        }
    }

    /// Create a tool filter based on State
    ///
    /// The filter function receives the AgentState and returns a list of tool names to include.
    pub fn from_state<F>(filter: F) -> Self
    where
        F: Fn(&AgentState) -> Vec<String> + Send + Sync + 'static,
    {
        Self::new(move |request: &ModelRequest| {
            if let Ok(handle) = tokio::runtime::Handle::try_current() {
                let state = handle.block_on(request.state());
                let allowed_tool_names = filter(&state);

                // Filter tools by name
                request
                    .tools
                    .iter()
                    .filter(|tool| allowed_tool_names.contains(&tool.name()))
                    .cloned()
                    .collect()
            } else {
                // Fallback: return all tools
                request.tools.clone()
            }
        })
    }

    /// Create a tool filter based on permissions from Runtime Context
    pub fn from_permissions<F>(filter: F) -> Self
    where
        F: Fn(&dyn ToolContext) -> Vec<String> + Send + Sync + 'static,
    {
        Self::new(move |request: &ModelRequest| {
            if let Some(runtime) = request.runtime() {
                let allowed_tool_names = filter(runtime.context());

                // Filter tools by name
                request
                    .tools
                    .iter()
                    .filter(|tool| allowed_tool_names.contains(&tool.name()))
                    .cloned()
                    .collect()
            } else {
                // Fallback: return all tools
                request.tools.clone()
            }
        })
    }

    /// Create a simple filter that only allows tools with specific prefixes
    pub fn allow_prefixes(prefixes: Vec<String>) -> Self {
        Self::new(move |request: &ModelRequest| {
            request
                .tools
                .iter()
                .filter(|tool| {
                    prefixes
                        .iter()
                        .any(|prefix| tool.name().starts_with(prefix))
                })
                .cloned()
                .collect()
        })
    }

    /// Create a filter that excludes tools with specific names
    pub fn exclude_tools(excluded: Vec<String>) -> Self {
        Self::new(move |request: &ModelRequest| {
            request
                .tools
                .iter()
                .filter(|tool| !excluded.contains(&tool.name()))
                .cloned()
                .collect()
        })
    }
}

#[async_trait]
impl Middleware for DynamicToolsMiddleware {
    async fn before_model_call(
        &self,
        request: &ModelRequest,
        _context: &mut MiddlewareContext,
    ) -> Result<Option<ModelRequest>, MiddlewareError> {
        // Filter tools
        let filtered_tools = (self.tool_filter)(request);

        // Only modify if tools were actually filtered
        if filtered_tools.len() != request.tools.len() {
            Ok(Some(request.with_messages_and_tools(
                request.messages.clone(),
                filtered_tools,
            )))
        } else {
            Ok(None)
        }
    }
}

impl Clone for DynamicToolsMiddleware {
    fn clone(&self) -> Self {
        Self {
            tool_filter: Arc::clone(&self.tool_filter),
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::schemas::Message;

    #[tokio::test]
    async fn test_dynamic_tools_exclude() {
        // This test would require actual tool instances
        // For now, we'll just test the structure
        let middleware = DynamicToolsMiddleware::exclude_tools(vec![
            "delete_tool".to_string(),
            "admin_tool".to_string(),
        ]);

        let state = Arc::new(tokio::sync::Mutex::new(AgentState::new()));
        let messages = vec![Message::new_human_message("Hello")];
        let request = ModelRequest::new(messages, vec![], state);

        let mut middleware_context = MiddlewareContext::new();
        let result = middleware
            .before_model_call(&request, &mut middleware_context)
            .await;

        assert!(result.is_ok());
    }
}