fix(toolbox-core): Add strict flag support to sync client (#230)

anubhav756 · web-flow · commit 4e19a3cea7a1 · 2025-05-16T22:23:24.000+05:30
* chore: Add unit test cases

* chore: Delint

* feat: Warn on insecure tool invocation with authentication

This change introduces a warning that is displayed immediately before a tool invocation if:
1. The invocation includes an authentication header.
2. The connection is being made over non-secure HTTP.

&gt; [!IMPORTANT]
The purpose of this warning is to alert the user to the security risk of sending credentials over an unencrypted channel and to encourage the use of HTTPS.

* fix!: Warn about https only during tool initialization

* fix(toolbox-core): Add strict flag validation to sync client.

* chore: delint
diff --git a/packages/toolbox-core/src/toolbox_core/sync_client.py b/packages/toolbox-core/src/toolbox_core/sync_client.py
@@ -113,6 +113,7 @@ def load_toolset(
         name: str,
         auth_token_getters: dict[str, Callable[[], str]] = {},
         bound_params: Mapping[str, Union[Callable[[], Any], Any]] = {},
+        strict: bool = False,
     ) -> list[ToolboxSyncTool]:
         """
         Synchronously fetches a toolset and loads all tools defined within it.
@@ -123,12 +124,22 @@ def load_toolset(
                 callables that return the corresponding authentication token.
             bound_params: A mapping of parameter names to bind to specific values or
                 callables that are called to produce values as needed.
+            strict: If True, raises an error if *any* loaded tool instance fails
+                to utilize at least one provided parameter or auth token (if any
+                provided). If False (default), raises an error only if a
+                user-provided parameter or auth token cannot be applied to *any*
+                loaded tool across the set.
 
         Returns:
             list[ToolboxSyncTool]: A list of callables, one for each tool defined
             in the toolset.
+
+        Raises:
+            ValueError: If validation fails based on the `strict` flag.
         """
-        coro = self.__async_client.load_toolset(name, auth_token_getters, bound_params)
+        coro = self.__async_client.load_toolset(
+            name, auth_token_getters, bound_params, strict
+        )
 
         if not self.__loop or not self.__thread:
             raise ValueError("Background loop or thread cannot be None.")
