Allow restricting pages for the automatic context too

Author: justyns

docs/Agents.md

@@ -249,7 +249,10 @@ ai.agents.journal = {
 ```
 
 **How it works:**
-- If `allowedReadPaths` is set, tools with `readPathParam` can only read pages starting with those prefixes
+- If `allowedReadPaths` is set:
+  - Tools with `readPathParam` can only read pages starting with those prefixes
+  - Wiki-links in the agent's page body are filtered (only allowed pages included as context)
+  - Current page content/selection only shown if the page is within allowed paths
 - If `allowedWritePaths` is set, tools with `writePathParam` can only write to pages starting with those prefixes
 - If not set, no path restrictions apply
 

docs/Changelog.md

@@ -7,7 +7,7 @@ This page is a brief overview of each version.
 - Embeddings now include page title and section headers
 - Benchmark command now shows progress
 - Reuse SB's theming where possible so that the UI is more consistent
-- Add path-based permissions for agents (`allowedReadPaths`, `allowedWritePaths`) to restrict tool access to specific folders
+- Add path-based permissions for agents (`allowedReadPaths`, `allowedWritePaths`) to restrict tool access, wiki-link context, and current page context to specific folders
 
 ## 0.6.2 (2025-01-05)
 

src/agents.ts

@@ -1,6 +1,6 @@
 import { editor, index, lua, space } from "@silverbulletmd/silverbullet/syscalls";
 import type { AIAgentTemplate, Attachment, LuaToolDefinition } from "./types.ts";
-import { luaLongString } from "./utils.ts";
+import { isPathAllowed, luaLongString } from "./utils.ts";
 import { chatSystemPrompt } from "./init.ts";
 
 /**
@@ -180,6 +180,12 @@ export async function buildAgentSystemPrompt(
     console.error("Failed to read agent page:", error);
   }
 
+  // Filter attachments based on allowedReadPaths
+  const allowedReadPaths = agent.aiagent.allowedReadPaths;
+  if (allowedReadPaths?.length) {
+    attachments = attachments.filter((a) => a.type !== "note" || isPathAllowed(a.name, allowedReadPaths));
+  }
+
   return { systemPrompt: fullPrompt, attachments };
 }
 

src/chat-panel.ts

@@ -9,7 +9,7 @@ import type {
   Usage,
 } from "./types.ts";
 import { aiSettings, chatSystemPrompt, currentAIProvider, getSelectedTextModel, initIfNeeded } from "./init.ts";
-import { assembleMessagesWithAttachments, cleanMessagesForApi, enrichChatMessages } from "./utils.ts";
+import { assembleMessagesWithAttachments, cleanMessagesForApi, enrichChatMessages, isPathAllowed } from "./utils.ts";
 import { convertToOpenAITools, discoverTools, runAgenticChat } from "./tools.ts";
 import { buildAgentSystemPrompt, discoverAgents, filterToolsForAgent } from "./agents.ts";
 import { getModelContextLimit as lookupModelContextLimit } from "./model-metadata.ts";
@@ -170,22 +170,28 @@ export async function startPanelChat(
     let contextBlock = "";
     try {
       const currentPage = await editor.getCurrentPage();
-      const pageContent = await editor.getText();
-      const selection = await editor.getSelection();
+      const allowedReadPaths = currentChatAgent?.aiagent?.allowedReadPaths;
+      const pageAllowed = isPathAllowed(currentPage, allowedReadPaths);
 
       contextBlock = `Current page: ${currentPage}`;
       contextBlock += `\nCurrent date and time: ${new Date().toISOString()}`;
       if (currentChatAgent) {
         const agentName = currentChatAgent.aiagent.name || currentChatAgent.ref;
         contextBlock += `\nActive agent: ${agentName}`;
       }
-      if (selection && selection.text) {
-        contextBlock += `\nSelected text: "${selection.text}"`;
+
+      // Only include selection and content if page is within allowed paths
+      if (pageAllowed) {
+        const pageContent = await editor.getText();
+        const selection = await editor.getSelection();
+        if (selection && selection.text) {
+          contextBlock += `\nSelected text: "${selection.text}"`;
+        }
+        const truncatedContent = pageContent.length > 4000
+          ? pageContent.substring(0, 4000) + "\n...(truncated)"
+          : pageContent;
+        contextBlock += `\n\nPage content:\n${truncatedContent}`;
       }
-      const truncatedContent = pageContent.length > 4000
-        ? pageContent.substring(0, 4000) + "\n...(truncated)"
-        : pageContent;
-      contextBlock += `\n\nPage content:\n${truncatedContent}`;
     } catch (e) {
       console.log("Could not get page context:", e);
     }

src/tools.ts

@@ -1,5 +1,5 @@
 import { asset, clientStore, editor, lua, space } from "@silverbulletmd/silverbullet/syscalls";
-import { computeSimpleDiff, type DiffLine } from "./utils.ts";
+import { computeSimpleDiff, type DiffLine, isPathAllowed } from "./utils.ts";
 import type {
   ChatMessage,
   ChatResponse,
@@ -11,11 +11,6 @@ import type {
 } from "./types.ts";
 import { aiSettings } from "./init.ts";
 
-function isPathAllowed(page: string, allowedPaths: string[] | undefined): boolean {
-  if (!allowedPaths || allowedPaths.length === 0) return true;
-  return allowedPaths.some((prefix) => page === prefix || page.startsWith(prefix));
-}
-
 function validatePathPermission(
   tool: LuaToolDefinition,
   args: Record<string, unknown>,

src/utils.ts

@@ -14,6 +14,11 @@ export function log(...args: any[]) {
   console.log(...args);
 }
 
+export function isPathAllowed(page: string, allowedPaths: string[] | undefined): boolean {
+  if (!allowedPaths || allowedPaths.length === 0) return true;
+  return allowedPaths.some((prefix) => page === prefix || page.startsWith(prefix));
+}
+
 // Pattern to match ```toolcall\n{json}\n``` fenced code blocks
 const TOOL_CALL_WIDGET_PATTERN = /```toolcall\n([\s\S]*?)\n```/g;