Validate tool names returned by model against allowed tools#34
Merged
jph00 merged 2 commits intoAnswerDotAI:mainfrom Dec 19, 2025
Merged
Validate tool names returned by model against allowed tools#34jph00 merged 2 commits intoAnswerDotAI:mainfrom
jph00 merged 2 commits intoAnswerDotAI:mainfrom
Conversation
Adds safety mechanism to ensure only explicitly allowed tools can be executed. When a model attempts to call a tool not in the allowed set (via `tools` parameter or `tool_choice`), the call fails with an error message rather than executing arbitrary code. - Implements `allowed_tools()` to extract valid tool names from specs - Updates `mk_toolres()` to accept `limit_to` parameter for filtering - Modifies `Chat.__call__()` to validate tool calls automatically
|
Found 1 changed notebook. Review the changes at https://app.gitnotebooks.com/AnswerDotAI/cosette/pull/34 |
This was referenced Dec 17, 2025
- We use the same approach as claudette that uses limit_ns and relies on toolslm.func_call to throw KeyError - Improved mk_tool_choice let user select "none", and if None is provided returns NOT_GIVEN istead of None. This fixes with openrouter that gives 400 when tool_choice is null. - Test were failing as we use `models[1]` to get the model name, which become `gpt-5.2-pro`.
Contributor
|
Super! |
Contributor
|
BTW @PiotrCzapla add |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds safety mechanism to ensure only explicitly allowed tools can be executed. When a model attempts to call a tool not in the allowed set (via
toolsparameter ortool_choice), the call fails with an error message rather than executing arbitrary code.allowed_tools()to extract valid tool names from specsmk_toolres()to acceptlimit_toparameter for filteringChat.__call__()to validate tool calls automatically