# Sanctioned Tool Registry (Policy-Gated Tool Execution)

## Module
AdvisoryAI

## Status
IMPLEMENTED

## Description
Tool policy system with sanctioned tool registry controlling which AI tools can be invoked, with read-only defaults and confirmation-gated action tools.

## Implementation Details
- **Modules**: `src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Settings/`, `src/AdvisoryAi/StellaOps.AdvisoryAI/Tools/`
- **Key Classes**:
  - `AdvisoryChatToolPolicy` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Settings/AdvisoryChatToolPolicy.cs`) - defines which tools are sanctioned, read-only, or require confirmation
  - `DeterministicToolset` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Tools/DeterministicToolset.cs`) - deterministic tool implementations (version analysis, dependency analysis)
  - `AdvisoryChatSettingsService` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Settings/AdvisoryChatSettingsService.cs`) - manages chat settings including tool policies
  - `AdvisoryChatSettingsStore` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Settings/AdvisoryChatSettingsStore.cs`) - persists chat settings and tool policies
  - `AdvisoryChatSettingsModels` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Settings/AdvisoryChatSettingsModels.cs`) - settings models for tool access levels
  - `DependencyAnalysisResult` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Tools/DependencyAnalysisResult.cs`) - result model for dependency analysis tool
  - `SemanticVersion` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Tools/SemanticVersion.cs`) - semantic version parsing for version analysis tool
  - `SemanticVersionRange` (`src/AdvisoryAi/StellaOps.AdvisoryAI/Tools/SemanticVersionRange.cs`) - version range matching for dependency tools
- **Interfaces**: `IDeterministicToolset`
- **Source**: Feature matrix scan

## E2E Test Plan
- [ ] Configure `AdvisoryChatToolPolicy` with sanctioned tools and verify only those tools can be invoked during chat
- [ ] Attempt to invoke a non-sanctioned tool and verify it is rejected with an access denied response
- [ ] Verify read-only tools execute without confirmation prompts
- [ ] Verify action tools (write operations) require user confirmation before execution
- [ ] Verify `DeterministicToolset` provides consistent results for version analysis and dependency analysis
- [ ] Verify `AdvisoryChatSettingsService` persists tool policy changes via `AdvisoryChatSettingsStore`