>>> [!note] Migrated issue <!-- Drupal.org comment --> <!-- Migrated from issue #3548323. --> Reported by: [michaellander](https://www.drupal.org/user/636494) >>> <h3 id="summary-problem-motivation">Problem/Motivation</h3> <p>Right now, the property restrictions let you select between 'Allow all', 'Only allow certain values' and 'Force value'. This is pretty problematic from a security perspective as many tools will be entity type/bundle agnostic, but the agents associated with them may be much more focused. We don't want an agent that is specific to content entity changes to be able to modify users, groups, etc.</p> <h3 id="summary-proposed-resolution">Proposed resolution</h3> <p>Expand the restrictions for data of type <code>entity</code> so that the tool(and subsequent agent) can be constrained to specific entity types and bundles. Tools that are already constrained by an entity type should allow further constraining of bundle. Consider making this the default restriction for entity data so that users must explicitly allow entity types/bundles instead of defaulting to allow all.</p> <p>We should confirm these constraints are being communicated back to the tool input description for the LLM to understand.</p> <h3 id="summary-ui-changes">User interface changes</h3> <p>Add a 'Specify allowed entity types and bundles' option in the select list for properties of type <code>entity</code>. If the data type is already constrained by entity type, then make the select option 'Specify allowed bundles'.</p> <p>After option is selected, display a required form with checkboxes for each entity type. When an entity type is selected, if it allows multiple bundles, show checkboxes for the bundles within the entity type. User should be required to select at least 1 entity type, and if an entity type with bundles is selected, they should be required to select at least 1 bundle.</p>