feat(calendar): add bounded read-only tool#5555
Draft
MADPANDA3D wants to merge 1 commit into
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a bounded native read_calendar facade for agent and voice integrations. It supports only list_calendars and list_events, requires the authenticated owner from tool execution, performs the locked owner-scoped CalDAV pull, and reads only owner-scoped Calendar rows.
The tool cannot create, update, delete, or reschedule user events. It is admin-only because Calendar data is privileged. It is also blocked in plan mode because the CalDAV pull may refresh the local SQLite cache; this write boundary is documented explicitly rather than treating the refresh as side-effect-free.
Event ranges must be explicit, ordered, and no longer than 366 days. Results default to 50 and cap at 100, text fields cap at 500 characters, formatted responses cap at 20,000 characters, and arbitrary argument names are never reflected into errors. Sync failures return cached data with fixed freshness metadata and do not leak provider error details.
Target branch
Linked Issue
Part of #5549. Related to #4118 and discussion #4439.
Type of Change
Checklist
How to Test
Validation passed 87 policy/security/tool tests, 71 Calendar CRUD/parsing/owner/recurrence/reminder/read tests, and a final 19-test focused rerun. Ruff, Python compilation, and diff checks passed. A native-function-to-dispatcher SQLite E2E proved owner isolation, result/field caps, injection-looking text remaining data, and no user Calendar mutation. A final independent local rerun of the read-tool and plan-mode files passed 16 tests.
Visual / UI changes
None. This is a server-side tool/schema/policy addition with documentation and tests.