Tool access control #360
Description
Many times a tool invoked by chain performs an action that can be performed by the user manually too. This type of actions usually have some access control that may depend on the given parameters: f.e. in Symfony http context by defining #[IsGranted('post:delete', 'post')] on the controller.
Do you think it would make sense to have something similar here too, or it's outside of the scope here? I was thinking one possible solution could be to allow exposing controllers as tools. Of course you can already add #[AsTool] to an existing controller, but since the tool call does not go through Symfony HttpKernel, f.e. the IsGranted attribute is never checked. It'd be awesome if a single IsGranted attribute could cover both, the HTTP endpoint and also LLM Chain tool call.
If you think this is outside the scope, then it'd be nice to dispatch some ToolCallArgumentsEvent (analogous to ControllerArgumentsEvent) just before making the actual tool call. This way it's easy to hook into the event in user land, check the attributes and throw some AccessDeniedException.
Of course it's always possible to just call $this->security->isGranted(...) inside the tool, but I find declarative access control rules nicer.