Thanks to visit codestin.com
Credit goes to github.com

Skip to content

feat: Per-group tool policies #1546

New issue
New issue
Closed
#1557
Closed
feat: Per-group tool policies#1546
#1557
Labels
enhancementNew feature or request
@adam91holt

Description

@adam91holt
adam91holt
opened on Jan 23, 2026

Summary

Add the ability to configure tool allow/deny policies at the group level, not just the agent level.

Current Behavior

Tool restrictions are configured per-agent:

{
  agents: {
    list: [{
      id: "my-bot",
      tools: {
        allow: ["read", "message"],
        deny: ["exec", "write", "browser"]
      }
    }]
  }
}

To have different tool access for different groups, you must:

  1. Create multiple agents with different tool profiles
  2. Use bindings to route each group to the appropriate agent

Proposed Behavior

Allow tool policies to be specified per-group within channels.*.groups:

{
  channels: {
    whatsapp: {
      groups: {
        "[email protected]": {
          requireMention: true,
          tools: {
            allow: ["read", "write", "exec", "browser"],
            deny: []
          }
        },
        "[email protected]": {
          requireMention: true,
          tools: {
            allow: ["read", "message"],
            deny: ["exec", "write", "browser", "gateway"]
          }
        },
        "*": {
          requireMention: true,
          tools: {
            allow: ["read"],
            deny: ["exec", "write", "browser", "gateway", "nodes"]
          }
        }
      }
    }
  }
}

Use Cases

  1. Trusted internal group — Full tool access for a team workspace
  2. Semi-trusted partner group — Read + messaging tools only
  3. Public/open groups — Minimal tools, no filesystem/shell access
  4. Default fallback — Restrictive baseline for any unlisted group

Why This Matters

The current workaround (multiple agents + bindings) works but adds complexity:

  • Each agent needs its own config, workspace, potentially auth
  • Bindings scale poorly with many groups
  • Mental overhead of mapping "which agent handles which group"

Per-group tool policies would keep a single agent while varying permissions by context — closer to how admins think about access control.

Alternatives Considered

  1. Multi-agent bindings — Works today, but complex
  2. Sandbox tool policies for non-main — Gives one "restricted" tier, but no granularity between groups
  3. groupAllowFrom — Controls who triggers, not what tools they can use

Additional Context

This would complement existing group config options (requireMention, groupAllowFrom) and fit naturally in the channels.*.groups.* schema.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions