Expand description
ScopedToolExecutor: config-driven capability scoping wrapper.
Wraps any ToolExecutor and filters both tool_definitions() (LLM tool list) and
execute_tool_call() (dispatch path) to an operator-configured allow-list of
fully-qualified tool ids.
§Wiring order
ScopedToolExecutor ← outermost (this crate)
→ PolicyGateExecutor
→ TrustGateExecutor
→ CompositeExecutor
→ ToolFilter, AuditedExecutor, ...ScopedToolExecutor is placed outside PolicyGateExecutor so an out-of-scope call
short-circuits before policy evaluation.
§Tool-id namespacing
All tool ids MUST carry a namespace prefix before scope resolution:
| Source | Prefix |
|---|---|
| Built-in executors | builtin: |
| Skill-defined tools | skill:<name>/ |
| MCP tools | mcp:<server_id>/ |
| ACP / A2A proxied tools | acp:<peer>/ / a2a:<peer>/ |
An un-namespaced tool id returned by an executor at registration is a
ScopeError::UnqualifiedId.
§Pattern strictness
builtin:/skill:globs: strict — zero-match isScopeError::DeadPattern.mcp:/acp:/a2a:globs: provisional — zero-match isScopeWarning::ProvisionalDeadPattern(re-resolved on dynamic registration).- A glob matching the entire registry without an explicit
generalopt-in isScopeError::AccidentallyFull.
Structs§
- Scope
Warning - Non-fatal warning emitted for provisional-namespace zero-match patterns.
- Scoped
Tool Executor - Wraps any
ToolExecutorand enforces a capability scope on both tool listing and dispatch. - Tool
Scope - Materialised tool scope: a pre-compiled allow-list of fully-qualified tool ids.
Enums§
- Scope
Error - Fatal startup error emitted when a scope configuration is invalid.
Functions§
- build_
scoped_ executor - Build a
ScopedToolExecutorfrom aCapabilityScopesConfigand a registered tool set.