Skip to content

[AIBundle] Add #[IsGrantedTool] for tool access control #102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[AIBundle] Add #[IsGrantedTool] for tool access control #102

wants to merge 1 commit into from
+327 −1

Conversation

valtzu
Copy link
Contributor

@valtzu valtzu commented Jul 12, 2025
edited
Loading

Q A
Bug fix? no
New feature? yes
Docs? yes
Issues Fix php-llm/llm-chain#360
License MIT

Add #[IsGrantedTool] attribute for tool access control with similar behavior as #[IsGranted] in symfony/security-http.

Moved from php-llm/llm-chain#382

@valtzu valtzu requested review from chr-hertel and Nyholm as code owners July 12, 2025 11:18
@valtzu valtzu force-pushed the tools-security branch 2 times, most recently from 0fe967a to d1cb720 Compare July 12, 2025 11:29
chr-hertel
chr-hertel requested changes Jul 12, 2025
View reviewed changes
Copy link
Contributor

@chr-hertel chr-hertel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for bringing it to Symfony AI and switching to the bundle - I think it makes more sense 👍

Besides the pipeline, this needs a rebase after #94, and a brief section in the docs of the bundle - it's a powerful new feature users should know about :)

@chr-hertel chr-hertel added AI Bundle Issues & PRs about the AI integration bundle Feature New feature Status: Needs Work labels Jul 12, 2025
@valtzu
Copy link
Contributor Author

valtzu commented Jul 13, 2025

Rebased & added docs.

About PHPStan error, not sure what to do with it, it's about this 3rd parameter: https://github.com/symfony/symfony/blob/7.4/src/Symfony/Component/Security/Core/Authorization/AuthorizationCheckerInterface.php#L27

chr-hertel
chr-hertel reviewed Jul 13, 2025
View reviewed changes
src/ai-bundle/doc/index.rst
return 'ACME Corp.';
}
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe to clarify, we could add:

Suggested change
The attribute ``IsGrantedTool`` can be added on class- or method-level - even multiple
times. If multiple attributes apply to one tool call, a logical AND is used and all access
decisions have to grant access.

or similar - if I even got it right

@chr-hertel
Copy link
Contributor

About PHPStan error, not sure what to do with it, it's about this 3rd parameter

my first thought here would be to ignore the error in the phpstan.dist.neon with some kind of comment that we can drop it one day - when dropping Symfony 7.4 support?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chr-hertel chr-hertel chr-hertel requested changes

@Nyholm Nyholm Awaiting requested review from Nyholm Nyholm is a code owner

Assignees
No one assigned
Labels
AI Bundle Issues & PRs about the AI integration bundle Feature New feature Status: Needs Work
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Tool access control
2 participants
@valtzu @chr-hertel