AgentsAgentBase

validateToolToken

View as MarkdownOpen in Claude

Validate a per-tool HMAC token attached to an incoming SWAIG function call. Returns false for unknown tools, short-circuits to true for tools registered without secure: true, and otherwise delegates to SessionManager.validateToolToken. Raw-dict descriptors (e.g. DataMap output) are always treated as secure.

Called automatically by the SWAIG dispatch path before a tool handler runs. You rarely need to invoke it directly; it is exposed for custom dispatch logic and test harnesses.

Parameters

functionName
stringRequired

Name of the SWAIG function the token was issued for.

token
stringRequired

HMAC token to validate. Missing tokens on secure tools return false.

callId
stringRequired

Call ID the token is bound to. Empty strings are forwarded unchanged and rejected by the underlying validator.

Returns

booleantrue when the token is valid for the given function and call, or when the tool is registered as non-secure.