Permissions & Security

Name: r3fresh
Rating: 5 (1 reviews)

Policy Enforcement

Enforce tool usage policies with whitelist/blacklist, budget limits, and default allow/deny behavior:

alm = ALM(
    agent_id="controlled-agent",
    allowed_tools={"safe_tool", "read_tool"},  # Whitelist
    denied_tools={"delete_tool"},              # Blacklist
    default_allow=True,                        # Allow by default
    max_tool_calls_per_run=50,                 # Budget limit
)

Tool Instrumentation

Tools are automatically instrumented with:

Policy enforcement (allow/deny)
Latency tracking (policy_latency_ms, tool_latency_ms, total_latency_ms)
Structured errors on failure or deny

Example: Blocked Tool

When a tool is denied, the SDK raises PermissionError:

alm = ALM(
    agent_id="controlled-agent",
    denied_tools={"delete"},
)

@alm.tool("delete")
def delete_item(item_id: str):
    """This will be denied."""
    pass

with alm.run():
    try:
        delete_item("123")  # Raises PermissionError
    except PermissionError as e:
        print(f"Blocked: {e}")