Skip to content

Filter tools for chat slash commands

Problem

We need to add an authorization layer to the '/v1/chat/agent' endpoint to allow filtering of tools on the AI Gateway. Since slash commands are executed directly, we need to ensure that only authorized tools can be accessed through this endpoint. However, this endpoint only accepts plain prompt text, so we need to pass an additional parameter to check the tool name and authorize its usage.

The key points are:

  • The '/v1/chat/agent' endpoint needs an authorization layer to control which tools can be accessed.
  • This endpoint accepts only plain prompt text, so we need to pass an additional parameter to identify the tool being requested.
  • The authorization layer will then check if the requested tool is allowed for the user/context before executing it.
  • This authorization layer is necessary to prevent unauthorized access to potentially sensitive tools through the '/v1/chat/agent' endpoint.

Implementation plan

  1. Implement new endpoints to ensure 1:1 matching with the existing Duo Chat tools - /v1/chat/explain_code, etc.
  2. Ensure the new endpoints have the same input schema as '/v1/chat/agent' to limit the number of changes on the RoR side.
  3. Implement an authorization level for the new endpoints
Edited by Alexander Chueshev