Skip to content

feat: add public access level for anonymous-safe chat tools#974

Merged
chubes4 merged 3 commits intomainfrom
feat/public-tool-access-level
Mar 25, 2026
Merged

feat: add public access level for anonymous-safe chat tools#974
chubes4 merged 3 commits intomainfrom
feat/public-tool-access-level

Conversation

@chubes4
Copy link
Member

@chubes4 chubes4 commented Mar 25, 2026

Summary

Adds a first-class public access level to Data Machine's tool policy resolver.

This is the generic primitive needed for public-facing assistant experiences where anonymous users can access a small set of explicitly safe read-only tools.

What changed

  • Added public to ToolPolicyResolver::ACCESS_LEVELS
  • checkAccessLevel( 'public' ) now always returns true
  • Updated BaseTool docs to include public
  • Added tests proving:
    • anonymous users can receive tools explicitly marked access_level => 'public'
    • untagged tools remain admin-only for anonymous users

Important constraints

  • No existing tool is made public in this PR
  • Ability-linked tools still defer to their permission callbacks
  • Untagged tools still default to admin (safe fallback)
  • This adds the primitive, not the product rollout

Why this matters

Roadie and future Data Machine consumers need a clean distinction between:

  • public — anonymous-safe tools
  • authenticated — logged-in user tools
  • author / editor / admin — increasingly privileged tools

This keeps Data Machine generic while enabling products like Roadie to expose safe public capabilities intentionally.

Validation

  • modified files pass PHP syntax checks
  • homeboy test data-machine still shows broad pre-existing repo failures unrelated to this change

chubes4 added 3 commits March 25, 2026 17:29
@chubes4
feat: add public access level for anonymous-safe chat tools
75ea6f3 
Introduce a first-class public access_level in ToolPolicyResolver so
chat tools can be explicitly marked safe for anonymous users. This is
the generic primitive needed for public-facing assistant experiences.

Untagged tools still default to admin-only, and ability-linked tools
still defer to their permission callbacks. No existing tool is made
public in this change — this only adds the access tier and tests.
@chubes4
Merge main into feat/public-tool-access-level
e7f9fde
@chubes4
fix: resolve test merge conflict for public access level
95695a0
@chubes4 chubes4 merged commit f47d540 into main Mar 25, 2026
@chubes4 chubes4 deleted the feat/public-tool-access-level branch March 25, 2026 17:32
@chubes4 chubes4 mentioned this pull request Mar 25, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chubes4