axio-tui-guards 0.1.0__tar.gz

axio_tui_guards-0.1.0/.github/workflows/publish.yml

@@ -0,0 +1,40 @@
+name: Publish to PyPI
+
+on:
+  release:
+    types: [published]
+
+env:
+  FORCE_COLOR: 1
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v6
+
+      - name: Set version from release tag
+        run: uv version "${GITHUB_REF_NAME#v}"
+
+      - name: Build package
+        run: uv build
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+  publish:
+    runs-on: ubuntu-latest
+    needs: build
+    environment: pypi
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+      - uses: pypa/gh-action-pypi-publish@release/v1

axio_tui_guards-0.1.0/.github/workflows/tests.yml

@@ -0,0 +1,44 @@
+name: tests
+
+on:
+  push:
+    branches: [ master, main ]
+  pull_request:
+    branches: [ master, main ]
+
+env:
+  FORCE_COLOR: 1
+
+jobs:
+  ruff:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v6
+      - run: uv sync --frozen
+      - run: uv run ruff check
+      - run: uv run ruff format --check
+
+  mypy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v6
+      - run: uv sync --frozen
+      - run: uv run mypy .
+
+  tests:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python:
+          - "3.12"
+          - "3.13"
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v6
+        with:
+          python-version: ${{ matrix.python }}
+      - run: uv sync --frozen
+      - run: uv run pytest -vv --cov=axio_tui_guards --cov-report=term-missing

axio_tui_guards-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Axio contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

axio_tui_guards-0.1.0/Makefile

@@ -0,0 +1,16 @@
+.PHONY: fmt lint typecheck test all
+
+fmt:
+	uv run ruff format src/ tests/
+	uv run ruff check --fix src/ tests/
+
+lint:
+	uv run ruff check src/ tests/
+
+typecheck:
+	uv run mypy src/
+
+test:
+	uv run pytest tests/ -v
+
+all: fmt lint typecheck test

axio_tui_guards-0.1.0/PKG-INFO

@@ -0,0 +1,9 @@
+Metadata-Version: 2.4
+Name: axio-tui-guards
+Version: 0.1.0
+Summary: Guards plugin for Axio TUI
+License: MIT
+License-File: LICENSE
+Requires-Python: >=3.12
+Requires-Dist: axio
+Requires-Dist: axio-tui

axio_tui_guards-0.1.0/README.md

@@ -0,0 +1,15 @@
+# axio-tui-guards
+
+Guards plugin for Axio TUI.
+
+Part of the [axio-agent](https://github.com/axio-agent) ecosystem.
+
+## Installation
+
+```bash
+pip install axio-tui-guards
+```
+
+## License
+
+MIT

axio_tui_guards-0.1.0/pyproject.toml

@@ -0,0 +1,35 @@
+[project]
+name = "axio-tui-guards"
+version = "0.1.0"
+description = "Guards plugin for Axio TUI"
+requires-python = ">=3.12"
+license = {text = "MIT"}
+dependencies = ["axio", "axio-tui"]
+
+[project.entry-points."axio.guards"]
+path = "axio_tui_guards.guards:PathGuard"
+llm = "axio_tui_guards.guards:LLMGuard"
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/axio_tui_guards"]
+
+[tool.pytest.ini_options]
+asyncio_mode = "auto"
+
+[tool.ruff]
+line-length = 119
+target-version = "py312"
+
+[tool.ruff.lint]
+select = ["E", "F", "I", "UP"]
+
+[tool.mypy]
+strict = true
+python_version = "3.12"
+
+[dependency-groups]
+dev = ["pytest>=8", "pytest-asyncio>=0.24", "mypy>=1.14", "ruff>=0.9"]

axio_tui_guards-0.1.0/src/axio_tui_guards/__init__.py

@@ -0,0 +1,5 @@
+"""Guards for Axio TUI."""
+
+from .guards import LLMGuard, PathGuard
+
+__all__ = ["LLMGuard", "PathGuard"]

axio_tui_guards-0.1.0/src/axio_tui_guards/dialogs.py

@@ -0,0 +1,160 @@
+"""Guard dialog screens for the TUI."""
+
+from __future__ import annotations
+
+from textual.app import ComposeResult
+from textual.binding import Binding
+from textual.containers import Container, Horizontal
+from textual.screen import ModalScreen
+from textual.widgets import Button, Input, Static
+
+
+class PathGuardDialog(ModalScreen[str]):
+    """Modal dialog for path access permission — buttons only."""
+
+    BINDINGS = [
+        Binding("a", "allow", "Allow", show=False),
+        Binding("d", "deny", "Deny", show=False),
+        Binding("escape", "deny", "Deny", show=False),
+        Binding("left", "focus_prev_button", show=False),
+        Binding("right", "focus_next_button", show=False),
+    ]
+    CSS = """
+    PathGuardDialog { align: center middle; }
+    #path-guard-dialog {
+        width: 80;
+        height: auto;
+        max-height: 80%;
+        border: heavy $warning;
+        background: $panel;
+        padding: 1 2;
+    }
+    .guard-buttons { height: auto; margin-top: 1; }
+    .guard-buttons Button { margin: 0 1; }
+    .guard-prompt { color: $warning; }
+    """
+
+    def __init__(self, prompt_text: str) -> None:
+        super().__init__()
+        self._prompt_text = prompt_text
+
+    def compose(self) -> ComposeResult:
+        prompt = self._prompt_text[:5000] + "..." if len(self._prompt_text) > 5000 else self._prompt_text
+        with Container(id="path-guard-dialog"):
+            yield Static("[bold]Path Access Request[/]")
+            yield Static(prompt, markup=False, classes="guard-prompt")
+            with Horizontal(classes="guard-buttons"):
+                yield Button("Allow", id="btn-allow", variant="success")
+                yield Button("Deny", id="btn-deny", variant="error")
+                yield Button("Always Deny", id="btn-always-deny", variant="warning")
+
+    def on_mount(self) -> None:
+        self.query_one("#btn-allow", Button).focus()
+
+    def _cycle_buttons(self, direction: int) -> None:
+        buttons = list(self.query(Button))
+        if not buttons:
+            return
+        try:
+            idx = buttons.index(self.focused)  # type: ignore[arg-type]
+        except ValueError:
+            buttons[0].focus()
+            return
+        buttons[(idx + direction) % len(buttons)].focus()
+
+    def action_focus_next_button(self) -> None:
+        self._cycle_buttons(1)
+
+    def action_focus_prev_button(self) -> None:
+        self._cycle_buttons(-1)
+
+    def on_button_pressed(self, event: Button.Pressed) -> None:
+        match event.button.id:
+            case "btn-allow":
+                self.dismiss("y")
+            case "btn-deny":
+                self.dismiss("n")
+            case "btn-always-deny":
+                self.dismiss("deny")
+
+    def action_allow(self) -> None:
+        self.dismiss("y")
+
+    def action_deny(self) -> None:
+        self.dismiss("n")
+
+
+class LLMGuardDialog(ModalScreen[str]):
+    """Modal dialog for LLM safety review — buttons + text input."""
+
+    BINDINGS = [
+        Binding("escape", "deny", "Deny", show=False),
+        Binding("left", "focus_prev_button", show=False),
+        Binding("right", "focus_next_button", show=False),
+    ]
+    CSS = """
+    LLMGuardDialog { align: center middle; }
+    #llm-guard-dialog {
+        width: 80;
+        height: auto;
+        max-height: 80%;
+        border: heavy $warning;
+        background: $panel;
+        padding: 1 2;
+    }
+    .guard-buttons { height: auto; margin-top: 1; }
+    .guard-buttons Button { margin: 0 1; }
+    #guard-reason { margin-top: 1; }
+    .guard-prompt { color: $warning; }
+    """
+
+    def __init__(self, prompt_text: str) -> None:
+        super().__init__()
+        self._prompt_text = prompt_text
+
+    def compose(self) -> ComposeResult:
+        prompt = self._prompt_text[:5000] + "..." if len(self._prompt_text) > 5000 else self._prompt_text
+        with Container(id="llm-guard-dialog"):
+            yield Static("[bold]Safety Review[/]")
+            yield Static(prompt, markup=False, classes="guard-prompt")
+            with Horizontal(classes="guard-buttons"):
+                yield Button("Allow", id="btn-allow", variant="success")
+                yield Button("Always Allow", id="btn-always", variant="primary")
+                yield Button("Deny", id="btn-deny", variant="error")
+            yield Input(placeholder="Custom reason...", id="guard-reason")
+
+    def on_mount(self) -> None:
+        self.query_one("#btn-allow", Button).focus()
+
+    def _cycle_buttons(self, direction: int) -> None:
+        buttons = list(self.query(Button))
+        if not buttons:
+            return
+        try:
+            idx = buttons.index(self.focused)  # type: ignore[arg-type]
+        except ValueError:
+            buttons[0].focus()
+            return
+        buttons[(idx + direction) % len(buttons)].focus()
+
+    def action_focus_next_button(self) -> None:
+        self._cycle_buttons(1)
+
+    def action_focus_prev_button(self) -> None:
+        self._cycle_buttons(-1)
+
+    def on_button_pressed(self, event: Button.Pressed) -> None:
+        match event.button.id:
+            case "btn-allow":
+                self.dismiss("y")
+            case "btn-always":
+                self.dismiss("always")
+            case "btn-deny":
+                self.dismiss("n")
+
+    def on_input_submitted(self, message: Input.Submitted) -> None:
+        if message.value.strip():
+            self.dismiss(message.value.strip())
+
+    def action_deny(self) -> None:
+        self.dismiss("n")

axio_tui_guards-0.1.0/src/axio_tui_guards/guards.py

@@ -0,0 +1,147 @@
+"""Permission guards for the Axio TUI."""
+
+import asyncio
+import json
+import threading
+from collections.abc import Awaitable, Callable
+from pathlib import Path
+from typing import Any
+
+from axio.agent import Agent
+from axio.blocks import TextBlock, ToolUseBlock
+from axio.context import ContextStore
+from axio.exceptions import GuardError
+from axio.messages import Message
+from axio.permission import PermissionGuard
+from axio_tui.tools import Confirm
+
+type PromptFn = Callable[[str], Awaitable[str]]
+
+
+class PathGuard(PermissionGuard):
+    """Ask user about path access; allow grants access to the parent directory."""
+
+    PATH_FIELDS = ("file_path", "filename", "directory", "path", "cwd")
+
+    def __init__(self, prompt_fn: PromptFn | None = None) -> None:
+        self.allowed: set[str] = set()
+        self.denied: set[str] = set()
+        self._prompt = prompt_fn or ask_user
+
+    def _extract_path(self, handler: Any) -> tuple[str | None, str | None]:
+        data = handler.model_dump()
+        for name in self.PATH_FIELDS:
+            if name in data:
+                return str(data[name]), name
+        return None, None
+
+    @staticmethod
+    def _parent_dir(path: str) -> str:
+        p = Path(path)
+        return str(p if p.suffix == "" else p.parent)
+
+    def _is_allowed(self, path: str) -> bool:
+        d = Path(self._parent_dir(path))
+        return any(d == Path(a) or Path(a) in d.parents for a in self.allowed)
+
+    def _is_denied(self, path: str) -> bool:
+        return path in self.denied
+
+    async def check(self, handler: Any) -> Any:
+        path, field = self._extract_path(handler)
+        if path is None or self._is_allowed(path):
+            return handler
+        if self._is_denied(path):
+            raise GuardError(f"Path denied: {field}={path!r}")
+
+        directory = self._parent_dir(path)
+        msg = f"{field}={path!r} (directory: {directory})"
+        answer = (await self._prompt(msg)).strip()
+        if answer.lower() == "deny":
+            self.denied.add(path)
+            raise GuardError(f"Path denied: {field}={path!r}")
+        if not answer or answer.lower() == "n":
+            raise GuardError(f"Path access denied: {field}={path!r}")
+        # "y" or anything else — allow this directory for future calls
+        self.allowed.add(directory)
+        return handler
+
+
+class LLMGuard(PermissionGuard):
+    """Agent-based guard. User overrides feed back into the context for learning."""
+
+    def __init__(self, agent: Agent, context: ContextStore, prompt_fn: PromptFn | None = None) -> None:
+        self.agent = agent
+        self.context = context
+        self.allowed: set[str] = set()
+        self._prompt = prompt_fn or ask_user
+
+    async def extract_confirm(self, context: ContextStore) -> Confirm:
+        """Find last confirm tool call from forked context."""
+        history = await context.get_history()
+        for msg in reversed(history):
+            if msg.role == "assistant":
+                for block in msg.content:
+                    if isinstance(block, ToolUseBlock) and block.name == "confirm":
+                        try:
+                            return Confirm.model_validate(block.input)
+                        except Exception:
+                            return Confirm(verdict="RISKY", reason="Unparseable", category="unknown")
+        return Confirm(verdict="SAFE", reason="No verdict provided", category="unknown")
+
+    async def check(self, handler: Any) -> Any:
+        args_str = json.dumps(handler.model_dump(), default=str)
+        if len(args_str) > 2000:
+            args_str = args_str[:2000] + "..."
+
+        description = f"Tool: {type(handler).__name__}\nArguments: {args_str}"
+        if self.allowed:
+            description += "\n\nAuto-approved categories (classify as SAFE): " + ", ".join(sorted(self.allowed))
+
+        # Fork so tool-call noise is discarded; user answers persist in the original
+        forked = await self.context.fork()
+        async for _ in self.agent.run_stream(description, forked):
+            pass
+
+        confirm = await self.extract_confirm(forked)
+
+        if confirm.verdict == "SAFE":
+            return handler
+        if confirm.verdict == "DENY":
+            raise GuardError(f"DENIED: {confirm.reason}")
+
+        # RISKY — ask user
+        if confirm.category in self.allowed:
+            return handler
+
+        handler_repr = repr(handler)
+        if len(handler_repr) > 2000:
+            handler_repr = handler_repr[:2000] + "..."
+        msg = f"{handler_repr}\n\n{confirm.reason}"
+        answer = (await self._prompt(msg)).strip()
+
+        if not answer or answer.lower() == "n":
+            raise GuardError(f"User denied: {confirm.reason}")
+
+        if answer.lower() == "always":
+            self.allowed.add(confirm.category)
+        elif answer.lower() != "y":
+            # Feed user answer back and let it run more turns
+            async for _ in self.agent.run_stream(answer, forked):
+                pass
+            # Persist the user note in original context for future checks
+            await self.context.append(Message(role="user", content=[TextBlock(text=answer)]))
+
+        return handler
+
+
+# Helper function for user input
+ASK_LOCK = threading.Lock()
+
+
+async def ask_user(message: str) -> str:
+    def _blocking() -> str:
+        with ASK_LOCK:
+            return input(message)
+
+    return await asyncio.to_thread(_blocking)

axio_tui_guards-0.1.0/tests/conftest.py

@@ -0,0 +1 @@
+"""Shared test fixtures for axio-tui-guards."""

axio_tui_guards-0.1.0/tests/test_tui_guards.py

@@ -0,0 +1,210 @@
+"""Tests for axio_tui_guards — PathGuard and LLMGuard."""
+
+from __future__ import annotations
+
+from typing import Any
+
+import pytest
+from axio.blocks import TextBlock, ToolUseBlock
+from axio.context import MemoryContextStore
+from axio.exceptions import GuardError
+from axio.messages import Message
+from axio.testing import StubTransport, make_text_response, make_tool_use_response
+from axio_tools_local.read_file import ReadFile
+from axio_tools_local.shell import Shell
+from axio_tools_local.write_file import WriteFile
+from axio_tui.tools import Confirm
+from axio_tui_guards.guards import LLMGuard, PathGuard
+
+
+class TestPathGuard:
+    @staticmethod
+    async def _allow(_msg: str) -> str:
+        return "y"
+
+    @staticmethod
+    async def _deny(_msg: str) -> str:
+        return "n"
+
+    @staticmethod
+    async def _always_deny(_msg: str) -> str:
+        return "deny"
+
+    async def test_allow_grants_directory(self) -> None:
+        guard = PathGuard(prompt_fn=self._allow)
+        handler = ReadFile(filename="/tmp/test/file.txt")
+        result = await guard.check(handler)
+        assert result is handler
+        # Same directory should be auto-allowed now
+        handler2 = ReadFile(filename="/tmp/test/other.txt")
+        result2 = await guard.check(handler2)
+        assert result2 is handler2
+
+    async def test_deny_raises_guard_error(self) -> None:
+        guard = PathGuard(prompt_fn=self._deny)
+        handler = ReadFile(filename="/secret/file.txt")
+        with pytest.raises(GuardError, match="denied"):
+            await guard.check(handler)
+
+    async def test_always_deny_persists(self) -> None:
+        guard = PathGuard(prompt_fn=self._always_deny)
+        handler = ReadFile(filename="/deny/file.txt")
+        with pytest.raises(GuardError):
+            await guard.check(handler)
+        # Second call should also be denied without prompting
+        with pytest.raises(GuardError, match="denied"):
+            await guard.check(handler)
+
+    async def test_no_path_field_passes_through(self) -> None:
+        guard = PathGuard(prompt_fn=self._deny)
+        handler = Confirm(verdict="SAFE", reason="ok", category="test")
+        result = await guard.check(handler)
+        assert result is handler
+
+    async def test_shell_extracts_cwd(self) -> None:
+        guard = PathGuard(prompt_fn=self._allow)
+        handler = Shell(command="ls", cwd="/tmp/project")
+        result = await guard.check(handler)
+        assert result is handler
+        assert "/tmp/project" in guard.allowed
+
+    async def test_subdirectory_auto_allowed(self) -> None:
+        guard = PathGuard(prompt_fn=self._allow)
+        handler = WriteFile(file_path="/home/user/project/src/main.py", content="x")
+        await guard.check(handler)
+        # Child path in same tree should be auto-allowed
+        handler2 = WriteFile(file_path="/home/user/project/src/lib/util.py", content="y")
+        result = await guard.check(handler2)
+        assert result is handler2
+
+
+class TestLLMGuard:
+    async def test_safe_verdict_passes(self) -> None:
+        confirm_input = {"verdict": "SAFE", "reason": "harmless", "category": "read"}
+        transport = StubTransport(
+            [
+                make_tool_use_response("confirm", "call_1", confirm_input),
+                make_text_response("ok"),
+            ]
+        )
+        agent_from_transport = _make_guard_agent(transport)
+        guard = LLMGuard(agent_from_transport, MemoryContextStore())
+        handler = ReadFile(filename="test.txt")
+        result = await guard.check(handler)
+        assert result is handler
+
+    async def test_deny_verdict_raises(self) -> None:
+        confirm_input = {"verdict": "DENY", "reason": "malicious", "category": "exec"}
+        transport = StubTransport(
+            [
+                make_tool_use_response("confirm", "call_1", confirm_input),
+                make_text_response("blocked"),
+            ]
+        )
+        agent = _make_guard_agent(transport)
+        guard = LLMGuard(agent, MemoryContextStore())
+        handler = Shell(command="rm -rf /")
+        with pytest.raises(GuardError, match="DENIED"):
+            await guard.check(handler)
+
+    async def test_risky_verdict_user_allows(self) -> None:
+        confirm_input = {"verdict": "RISKY", "reason": "writes file", "category": "write"}
+        transport = StubTransport(
+            [
+                make_tool_use_response("confirm", "call_1", confirm_input),
+                make_text_response("review needed"),
+            ]
+        )
+        agent = _make_guard_agent(transport)
+
+        async def allow(_msg: str) -> str:
+            return "y"
+
+        guard = LLMGuard(agent, MemoryContextStore(), prompt_fn=allow)
+        handler = WriteFile(file_path="out.txt", content="data")
+        result = await guard.check(handler)
+        assert result is handler
+
+    async def test_risky_verdict_user_denies(self) -> None:
+        confirm_input = {"verdict": "RISKY", "reason": "dangerous", "category": "exec"}
+        transport = StubTransport(
+            [
+                make_tool_use_response("confirm", "call_1", confirm_input),
+                make_text_response("needs review"),
+            ]
+        )
+        agent = _make_guard_agent(transport)
+
+        async def deny(_msg: str) -> str:
+            return "n"
+
+        guard = LLMGuard(agent, MemoryContextStore(), prompt_fn=deny)
+        handler = Shell(command="sudo reboot")
+        with pytest.raises(GuardError, match="denied"):
+            await guard.check(handler)
+
+    async def test_always_allows_category(self) -> None:
+        confirm_input = {"verdict": "RISKY", "reason": "writes", "category": "write_file"}
+        transport = StubTransport(
+            [
+                make_tool_use_response("confirm", "call_1", confirm_input),
+                make_text_response("ok"),
+                # Second call — should not reach transport since category is pre-approved
+            ]
+        )
+        agent = _make_guard_agent(transport)
+
+        async def always(_msg: str) -> str:
+            return "always"
+
+        guard = LLMGuard(agent, MemoryContextStore(), prompt_fn=always)
+        handler = WriteFile(file_path="a.txt", content="data")
+        await guard.check(handler)
+        assert "write_file" in guard.allowed
+
+    async def test_extract_confirm_from_context(self) -> None:
+        guard = LLMGuard.__new__(LLMGuard)
+        ctx = MemoryContextStore()
+        await ctx.append(Message(role="user", content=[TextBlock(text="check this")]))
+        await ctx.append(
+            Message(
+                role="assistant",
+                content=[
+                    ToolUseBlock(
+                        id="c1", name="confirm", input={"verdict": "SAFE", "reason": "ok", "category": "read"}
+                    ),
+                ],
+            )
+        )
+        confirm = await guard.extract_confirm(ctx)
+        assert confirm.verdict == "SAFE"
+        assert confirm.category == "read"
+
+    async def test_extract_confirm_no_verdict(self) -> None:
+        guard = LLMGuard.__new__(LLMGuard)
+        ctx = MemoryContextStore()
+        await ctx.append(Message(role="user", content=[TextBlock(text="check")]))
+        await ctx.append(Message(role="assistant", content=[TextBlock(text="no tool call")]))
+        confirm = await guard.extract_confirm(ctx)
+        assert confirm.verdict == "SAFE"
+        assert confirm.reason == "No verdict provided"
+
+
+def _make_guard_agent(transport: Any) -> Any:
+    from axio.agent import Agent
+    from axio.tool import Tool
+    from axio_tools_local.list_files import ListFiles
+    from axio_tools_local.read_file import ReadFile
+    from axio_tui.tools import Confirm, StatusLine
+
+    return Agent(
+        system="You are a safety classifier.",
+        tools=[
+            Tool(name="status_line", description="Set status", handler=StatusLine),
+            Tool(name="read_file", description="Read file", handler=ReadFile),
+            Tool(name="list", description="List files", handler=ListFiles),
+            Tool(name="confirm", description="Submit verdict", handler=Confirm),
+        ],
+        transport=transport,
+        max_iterations=5,
+    )