HTTP/2 200 date: Fri, 10 Oct 2025 16:03:07 GMT content-type: text/plain; charset=utf-8 access-control-allow-origin: * cache-control: public, max-age=0, must-revalidate nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff vary: accept-encoding report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=s%2BEBGJ3uJZX8glXqMgmdqrPGBlTWJtIC4UWpazR7Q8PFWLOC2WulYpO23%2F0QpukCHm9Baz4Qrvji%2B2r%2FXY8Uclxp6XfKB%2FtG3l4mgvGxN1k%3D"}]} etag: W/"12ac25288c9958f3f35ea35d8ea8108c" content-encoding: gzip server: cloudflare cf-cache-status: DYNAMIC cf-ray: 98c7588f98363a26-BOM alt-svc: h3=":443"; ma=86400 tools_repo := ["add_issue_comment", "add_pull_request_review_comment", "create_branch", "create_issue", "create_or_update_file", "create_pull_request", "create_pull_request_review", "delete_file", "fork_repository", "get_code_scanning_alert", "get_commit", "get_file_contents", "get_issue", "get_issue_comments", "get_pull_request", "get_pull_request_comments", "get_pull_request_files", "get_pull_request_reviews", "get_pull_request_status", "get_secret_scanning_alert", "get_tag", "list_branches", "list_code_scanning_alerts", "list_commits", "list_issues", "list_pull_requests", "list_secret_scanning_alerts", "list_tags", "merge_pull_request", "push_files", "request_copilot_review", "update_issue", "update_pull_request", "update_pull_request_branch"] tools_search := ["search_code"] locked_tools := ["create_repository", "search_repositories", "search_issues"] raise Violation("You can access only one repo per session. You already accessed", call_before.function.arguments["owner"], "/",call_before.function.arguments["repo"], ", and now you are trying to access ", call_after.function.arguments["owner"], "/",call_after.function.arguments["repo"], ".") if: (call_before: ToolCall) -> (call_after: ToolCall) call_before.function.name in tools_repo call_after.function.name in tools_repo call_before.function.arguments["repo"] != call_after.function.arguments["repo"] or call_before.function.arguments["owner"] != call_after.function.arguments["owner"] raise Violation("You can access only one repo per session. You already accessed", owner1, "/", repo1, ", and now you are trying to access ", owner2, "/",repo2, ".") if: (call1: ToolCall) (call2: ToolCall) call1.function.name in tools_repo call2.function.name in tools_search repo1 := call1.function.arguments["repo"] repo2 := find("(?<=repo:)[^/]+/[a-zA-Z0-9._-]+", call2.function.arguments["q"])[0].split("/")[1] owner1 := call1.function.arguments["owner"] owner2 := find("(?<=repo:)[^/]+/[a-zA-Z0-9._-]+", call2.function.arguments["q"])[0].split("/")[0] raise Violation("You can access only one repo per session. You already accessed", owner1, "/", repo1, ", and now you are trying to access ", owner2, "/",repo2, ".") if: (call1: ToolCall) -> (call2: ToolCall) call1.function.name in tools_search call2.function.name in tools_search print("q {}".format(call1.function.arguments["q"])) repo1 := find("(?<=repo:)[^/]+/[a-zA-Z0-9._-]+", call1.function.arguments["q"])[0].split("/")[1] owner1 := find("(?<=repo:)[^/]+/[a-zA-Z0-9._-]+", call1.function.arguments["q"])[0].split("/")[0] repo2 := find("(?<=repo:)[^/]+/[a-zA-Z0-9._-]+", call2.function.arguments["q"])[0].split("/")[1] owner2 := find("(?<=repo:)[^/]+/[a-zA-Z0-9._-]+", call2.function.arguments["q"])[0].split("/")[0] print("repo 1 {}".format(repo1)) print("owner 1 {}".format(owner1)) repo1 != repo2 or owner1 != owner2 raise Violation("Tool", call.function.name,"has been locked for safety reason. The output is untrusted.") if: (call: ToolCall) call.function.name in locked_tools