Skip to content

Graphorin API reference v0.7.0


Graphorin API reference / @graphorin/security / / ToolCallFacts

Interface: ToolCallFacts

Defined in: packages/security/src/policy/tool-argument-policy.ts:33

Facts about a tool call the policy engine decides over.

Properties

PropertyModifierTypeDescriptionDefined in
args?readonlyunknownThe validated arguments (post-schema, post-repair).packages/security/src/policy/tool-argument-policy.ts:48
sensitive?readonlybooleantrue when the tool reads/handles sensitive data (e.g. sensitivity: 'secret').packages/security/src/policy/tool-argument-policy.ts:37
sideEffectClassreadonlyPolicySideEffectClass-packages/security/src/policy/tool-argument-policy.ts:35
toolNamereadonlystring-packages/security/src/policy/tool-argument-policy.ts:34
untrustedSource?readonlybooleantrue when the tool is an untrusted-content SOURCE (W-101) - its trust class is one the taint engine treats as injection-bearing (mcp-derived / web-search / skill-untrusted; see isUntrustedTrustClass in @graphorin/security/dataflow). Powers the Rule-of-Two untrustedInput leg. The engine stays pure: the caller derives this from the tool's metadata.packages/security/src/policy/tool-argument-policy.ts:46