Thread tool call context through policy

[vaddisrinivas]

Refs #2132

Summary

• Adds structured ToolCallContext to tool policy requests.
• Threads session tool call metadata into policy checks before execution.
• Extends focused policy/session coverage for the context fields.

Codex PR Checklist

• Issue URL: Thread structured tool-call context through policy and execution #2132
• Branch: codex/oh-2132-tool-call-context
• Commit SHA: 2c87a4f7bdb975f6f9e3bce7bbaf4567b18b52df
• Files changed summary: src/openhuman/agent/tool_policy.rs adds the context shape; src/openhuman/agent/harness/session/turn.rs populates it for session tool calls; src/openhuman/agent/harness/session/turn_tests.rs asserts policy receives it.
• Validation commands run: cargo fmt --manifest-path Cargo.toml --all --check; cargo test --manifest-path Cargo.toml tool_policy; node scripts/check-pr-checklist.mjs /tmp/pr-body-2132.md.
• Validation commands blocked: pnpm pr:checklist /tmp/pr-body-2132.md blocked with zsh:1: command not found: pnpm; used the same checklist checker via node scripts/check-pr-checklist.mjs /tmp/pr-body-2132.md.
• Behavior change: Tool policies can now inspect structured tool call context before execution. No intended behavior change for tools or policies that ignore the new field.
• Duplicate/stale PR note: No existing PR found for vaddisrinivas:codex/oh-2132-tool-call-context or issue 2132 before opening this draft PR.

Summary by CodeRabbit

• Refactor

  • Improved tool-invocation context tracking to include structured session, channel, agent, call and iteration metadata while keeping backward-compatible request fields.
  • Policy requests now carry richer provenance and mirror legacy identifiers for compatibility.

• Tests

  • Tightened tests to assert full context population and to verify debug output redacts sensitive tool arguments and context fields.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 44a986a4-bd52-493e-820f-bbf932e09e9a

📥 Commits

Reviewing files that changed from the base of the PR and between 9200fd2 and 4bd36a3.

📒 Files selected for processing (2)

• src/openhuman/agent/harness/session/turn.rs
• src/openhuman/agent/harness/session/turn_tests.rs

---

📝 Walkthrough

Walkthrough

A new ToolCallContext struct and ToolCallSource enum are introduced; ToolPolicyRequest gains a context: ToolCallContext and a new(...) constructor that mirrors key fields. Agent::execute_tool_call now builds ToolCallContext::session(...) and calls ToolPolicyRequest::new(...). Tests are updated to assert the populated request.context fields.

Changes

Tool call context refactoring

Layer / File(s)	Summary
Context types and ToolPolicyRequest contract src/openhuman/agent/tool_policy.rs	Adds ToolCallContext with session(...), ToolCallSource enum, extends ToolPolicyRequest to include context and provides ToolPolicyRequest::new(...); tests updated to construct requests with the new context and assert mirror fields and context.call_id/context.source.
Tool execution context integration and validation src/openhuman/agent/harness/session/turn.rs, src/openhuman/agent/harness/session/turn_tests.rs	execute_tool_call imports ToolCallContext and constructs ToolCallContext::session(...), using ToolPolicyRequest::new(...) for policy checks. DenyCountingPolicy test assertions expanded to validate request.context fields (session_id, channel, agent_definition_id, call_id, iteration).

Sequence Diagram(s)

sequenceDiagram
  participant Agent as Agent::execute_tool_call
  participant Policy as ToolPolicy
  participant Executor as ToolExecutor
  Agent->>Policy: ToolPolicyRequest::new(tool_name, args, ToolCallContext::session(...))
  Policy->>Agent: allow / deny
  Agent->>Executor: execute tool call (if allowed)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• Thread structured tool-call context through policy and execution #2132: Proposes adding and threading ToolCallContext and ToolPolicyRequest::new into policy/execution, matching this PR's changes.

Possibly related PRs

• tinyhumansai/openhuman#2137: Both PRs modify the tool-policy pre-execution path and introduce/consume structured ToolCallContext.

Suggested labels

working

🐰 I hop through code with a tidy knack,
Context in paw, I stitch the track,
Calls now carry their session song,
Policies read it clear and strong,
Debug hides secrets all day long 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Thread tool call context through policy' accurately summarizes the main change: adding and threading ToolCallContext through tool policy requests across multiple files.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

src/openhuman/agent/tool_policy.rs (1)

53-63: ⚡ Quick win

Make ToolPolicyRequest derive its mirror fields from context.

These fields are documented as mirrors, but direct struct literals can still let them drift from context, which means policy results can differ based on which copy gets read. A small constructor keeps that invariant in one place for production code and tests.

♻️ Suggested shape

 pub struct ToolPolicyRequest {
     pub tool_name: String,
     pub arguments: serde_json::Value,
     pub context: ToolCallContext,
     /// Backward-compatible mirror of `context.session_id`.
     pub session_id: String,
     /// Backward-compatible mirror of `context.channel`.
     pub channel: String,
     /// Backward-compatible mirror of `context.agent_definition_id`.
     pub agent_definition_id: String,
 }
+
+impl ToolPolicyRequest {
+    pub fn new(
+        tool_name: impl Into<String>,
+        arguments: serde_json::Value,
+        context: ToolCallContext,
+    ) -> Self {
+        Self {
+            tool_name: tool_name.into(),
+            arguments,
+            session_id: context.session_id.clone(),
+            channel: context.channel.clone(),
+            agent_definition_id: context.agent_definition_id.clone(),
+            context,
+        }
+    }
+}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/openhuman/agent/tool_policy.rs` around lines 53 - 63, ToolPolicyRequest
currently exposes mirror fields (session_id, channel, agent_definition_id) that
can drift from context; add a single constructor (e.g., impl ToolPolicyRequest {
pub fn new(tool_name: String, arguments: serde_json::Value, context:
ToolCallContext) -> Self }) that builds the struct and sets session_id =
context.session_id.clone(), channel = context.channel.clone(), and
agent_definition_id = context.agent_definition_id.clone(); switch existing call
sites to use this constructor and consider making the mirror fields non-pub (or
documenting they must be created via new) so the invariant is enforced in one
place (refer to ToolPolicyRequest, context, session_id, channel,
agent_definition_id).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/openhuman/agent/tool_policy.rs`:
- Around line 53-63: ToolPolicyRequest currently exposes mirror fields
(session_id, channel, agent_definition_id) that can drift from context; add a
single constructor (e.g., impl ToolPolicyRequest { pub fn new(tool_name: String,
arguments: serde_json::Value, context: ToolCallContext) -> Self }) that builds
the struct and sets session_id = context.session_id.clone(), channel =
context.channel.clone(), and agent_definition_id =
context.agent_definition_id.clone(); switch existing call sites to use this
constructor and consider making the mirror fields non-pub (or documenting they
must be created via new) so the invariant is enforced in one place (refer to
ToolPolicyRequest, context, session_id, channel, agent_definition_id).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b17eb976-0799-43f9-90b6-c3137adcaef1

📥 Commits

Reviewing files that changed from the base of the PR and between ebd6457 and 2c87a4f.

📒 Files selected for processing (3)

• src/openhuman/agent/harness/session/turn.rs
• src/openhuman/agent/harness/session/turn_tests.rs
• src/openhuman/agent/tool_policy.rs

[graycyrus]

Review — Thread tool call context through policy

Clean, well-structured PR that introduces ToolCallContext and threads it through the session→policy path. The backward-compat approach (mirror fields + ::new() constructor) is solid. CI is all green and the existing test coverage was updated properly.

Area	Files	Verdict
Rust core (tool policy)	tool_policy.rs	1 major, 2 minor
Rust core (session turn)	turn.rs	Clean
Tests	turn_tests.rs	Clean

Nice work on keeping the change surface small and backward-compatible. The major item below is about acceptance criteria alignment — the rest is polish.

[M3gA-Mind]

@vaddisrinivas unresolved review feedback from graycyrus — please address before we review.

[vaddisrinivas]

Thanks for the nudge. I addressed the graycyrus review threads inline in 9200fd2 and marked the fixed conversations resolved. Re-review welcome.

[graycyrus]

Continuation review — all prior findings addressed.

The three items from the previous review are resolved:

Finding	Status
[major] Debug leaks session_id/channel verbatim	Fixed — custom Debug impls with redact_for_debug(), verified by new debug_redacts_sensitive_context_fields test
[minor] Unused ToolCallSource variants trigger dead_code	Fixed — #[allow(dead_code)] with doc comment noting follow-up ingress paths
[minor] Backward-compat fields lack #[deprecated]	Fixed — #[deprecated(note = "use context.*")] on all three mirror fields

Issue #2132 acceptance criteria look fully covered now: backward compat preserved, session path tested with context assertions, policy receives context before execution, sensitive fields redacted from debug output.

Clean from my side — no new findings.

[graycyrus]

Looks good, nice work!