Skip to content

Graphorin API reference v0.9.0


Graphorin API reference / @graphorin/security / / evaluatePermissionDecision

Function: evaluatePermissionDecision()

ts
function evaluatePermissionDecision(policy, facts): PermissionDecision;

Defined in: packages/security/src/policy/tool-argument-policy.ts:150

Evaluate a policy against one tool call under the four-value vocabulary (E1). Every matching rule contributes its (normalised) effect; the strongest wins with priority deny > defer > ask > allow, so a broad late allow can never re-open a denied call and an ask/defer narrows an allow but yields to a deny. When no rule matches, defaultDenySensitive denies sensitive tools; anything else is allowed. Pure + deterministic.

Parameters

ParameterType
policyToolArgumentPolicy
factsToolCallFacts

Returns

PermissionDecision

Stable