Tool-level Access Control (P0-117)
Pass an explicit tools list to casino_create_agent for per-tool access control, which overrides category-level capabilities grants.
In addition to capabilities (category grants), you can pass an explicit tools list to casino_create_agent for per-tool access control:
- capabilities — category granularity; all tools in that group (e.g. ["data_access"] → all 14 data tools).
- tools — individual tool names (e.g. ["query_mongodb", "count_documents"] → only those 2).
Priority: tools (specific) overrides capabilities (category). If only capabilities is set, P0-116 behavior is unchanged.
Use casino_list_tools() first to see all valid tool names and categories, then pass exact names.
Examples
// Step 1 — discover available tool names:
casino_list_tools()
// → returns { "data": ["query_mongodb", "insert_documents", ...], "capabilities": [...], ... }
// Step 2 — create a read-only support bot (no write access):
casino_create_agent(
site_id="<your_site_id>",
name="support_bot",
system_prompt="You are a helpful support assistant...",
tools=["query_mongodb", "count_documents", "describe_collection"]
)
// → capabilities auto-derived as ["data_access"], tools enforced at runtimeweb_search (basic), create_diagram, list_sites, get_site_files, and the category meta-tools are never filtered — only category-loaded tools are subject to the allowlist. (The gated, heavier counterpart is web_search_deep, which requires external_integration.)See also
tool-categories · targeting-custom-agents · agent-catalog
Source: README.md#tool-level-access-control-p0-117 · Also available in llms-full.txt and registry.json.