Vadim Larin in #general: "found a bypass for Tool Result Policy = Blocked" | Archestra Community

#general

Apr 29April 30, 2026

Today

Mark10:16 AMOpen in Slack

Hi, archestra team! Wanted to ask if anyone could assign this issue to me please for my SE interview? Thank you!

🙏1

4 replies

Justin Green11:55 AMOpen in Slack

Hi,

How does one go about securing contract work, or bounties .

I noticed bounties often have multiple interested parties, so I assume it's first come first serve , or does speed of completion matter

1 reply

Vadim Larin3:33 PMOpen in Slack

found a bypass for Tool Result Policy = Blocked

4 replies

Archestra App6:12 PMOpen in Slack

New release! 🚀🚀🚀

1.2.29 (2026-04-30)

Bug Fixes

*chat:* pad bedrock messages to satisfy Converse content rules (#4220) (4149422)
fix gemini schema (#4230) (ec693fb)
hide queryknowledgesources from list_agents when agent has no KB assigned (#4231) (ce6f504)

Miscellaneous Chores

add codex connection instructions (#4211) (65e2774)
fix ci (#4232) (aa94506)
knowledge connection page polish (#4222) (6a6b250)
n8n instructions (#4215) (a773486)

André Ahlert6:54 PMOpen in Slack

hey everyone! Andre from brazil moving to usa, product eng, mostly contribute upstream to apache/airflow, burr, flyte been building MCP/agent infra on the side and some hard work on developing a new programming language called Kilnx.

1 reply

Read-only live mirror of Archestra.AI Slack

👋Join the discussion withAI enthusiasts!

Thread

Vadim Larin3:33 PMOpen in Slack

found a bypass for Tool Result Policy = Blocked

4 replies

Vadim Larin3:33 PMOpen in Slack

Repro - tool read_issue, Result Policy - Blocked, if in agent settings set Treat context as sensitive from the start of chat to true , raw tool call result gets into the model-facing LLM request, even though Result Policy = Blocked.

In code, in guardrails/trusted-data.ts line 68, this method returns early by this flag and skips real Tool Result Policies evaluation -

// If agent configured to consider context untrusted from the beginning,

// mark context as untrusted immediately and skip evaluation

if (considerContextUntrusted) {

logger.debug(

{ agentId },

"[trustedData] evaluateIfContextIsTrusted: context marked untrusted by agent config",

);

return {

toolResultUpdates: {},

contextIsTrusted: false,

usedDualLlm: false,

dualLlmAnalyses: [],

unsafeContextBoundary: {

kind: "preexisting_untrusted",

reason:

initialUntrustedReason ??

UNSAFE_CONTEXT_BOUNDARY_REASON.agentConfiguredUntrusted,

},

};

}

Without this flag, Result Policy reaches line 185 where result is replaced -

if (isBlocked) {

// Tool result is blocked - replace with blocked message

toolResultUpdates[toolCallId] =

`[Content blocked by policy${reason ? : ${reason} : ""}];`

toolResultIsTrusted = false;

Vadim Larin3:34 PMOpen in Slack

Join Slack to see the image

joey (archestra team)4:29 PMOpen in Slack

I saw that you opened a PR, will take a look tomorrow 🙏

👍1

Ildar Iskhakov (archestra team)5:26 PMOpen in Slack

thank you Vadim!

❤️1