>>> [!note] Migrated issue <!-- Drupal.org comment --> <!-- Migrated from issue #3528974. --> Reported by: [marcus_johansson](https://www.drupal.org/user/385947) >>> <p>--- AI TRACKER METADATA ---<br> <strong>Update Summary: </strong>Create Base Tools. Michael Lander is working on it, Alpha out. We need to discuss which tools.<br> <strong>Check-in Date: </strong>MM/DD/YYYY (US format) [When we should see progress/get an update]<br> <strong>Due Date:</strong> MM/DD/YYYY (US format) [When the issue should be fully completed]<br> <strong>Blocked by:</strong> [#XXXXXX] (New issues on new lines)<br> <strong>Additional Collaborators:</strong> @username1, @username2<br> AI Tracker found here: <a href="https://www.drupalstarforge.ai/" title="AI Tracker">https://www.drupalstarforge.ai/</a><br> --- END METADATA ---</p> <h3 id="summary-problem-motivation">Problem/Motivation</h3> <p>Right now its very hard to make a generic tool that isn't a big security risk, when used wrong, which will be prone to happening. That's why we put some of the current tools in an experimental module.</p> <p>ECA will be used and a very powerful way of creating extremely busines specific tools, but there are also tools where we know what it should be, but it needs an configuration.</p> <p>Think of the following tool - the content entity seeder. Its a tool that can be used to create or edit any content entity. This is fine if you use the features to lock it down via forced parameters, however there will be someone who sets it up without it. They might prompt that it should be used to be able to save comments via the chatbot. However via simple prompt injection you would then be able to create a user with administration rights. In this case the entity type (and bundle) should be required to fill in.</p> <p>The second problem is that we might want to make generic versions of some functionality that is for instance missing a clear permission system. Say that we want a plugin manager definition listing tool - to load the definitions, you usually don't need an permissions - its the code using it that should set that. But with an agent you might want to for instance have an agent that can show field types on a websites when you have specific roles, but otherwise not. The permissions should in that case be required that you lock in to a permission.</p> <p>So what we need is a system where you can create deriatives from a base tool and the tool creator can pick what are parameters the AI can answer and what are parameters that are configured.</p> <h3 id="summary-proposed-resolution">Proposed resolution</h3> <ul> <li>Create an extension of ExecutableFunctionCallInterface that is called BaseFunctionCallInterface, that extends PluginFormInterface and ConfigurableInterface.</li> <li>By default, any parameter that the FunctionCallInterface sets as context values, can be configured for a deriative.</li> <li>Add a method called disallowedParameters that return an array of Context keys. Anything set there should not be able to be configured.</li> <li>All the inherited configuration methods should be used to set up any required settings - in the case of the Content Entity Seeder, that would be at least the entity. With the Plugin Manager Definition Tool that would be the permissions (at least).</li> <li>For the buildConfigurationForm and submitConfigurationForm they should build and save the form for the Context parameters so its there by default and also can be inherited via parent.</li> <li>Create a PluginDeriative that makes these available and make the configuration available when you run the execute function.</li> <li>Create a configuration entity that stores the different configurations.</li> <li>Make a listings page for deriative tools from base tools.</li> <li>Make a form where you can setup the tools based on a base tool - this could just be a list of base tools and then have ajax load the buildConfigurationForm.</li> <li>Make it possible to delete deriative tools.</li> </ul> <h3 id="summary-remaining-tasks">Remaining tasks</h3> <p>After this is done, we need to look into the UI/UX, so its easy to create this tools.</p> <h3 id="summary-ui-changes">User interface changes</h3> <h3 id="summary-api-changes">API changes</h3> <h3 id="summary-data-model-changes">Data model changes</h3>