tools_repo := ["add_issue_comment", "add_pull_request_review_comment", "create_branch", "create_issue", "create_or_update_file", "create_pull_request", "create_pull_request_review", "delete_file", "fork_repository", "get_code_scanning_alert", "get_commit", "get_file_contents", "get_issue", "get_issue_comments", "get_pull_request", "get_pull_request_comments", "get_pull_request_files", "get_pull_request_reviews", "get_pull_request_status", "get_secret_scanning_alert", "get_tag", "list_branches", "list_code_scanning_alerts", "list_commits", "list_issues", "list_pull_requests", "list_secret_scanning_alerts", "list_tags", "merge_pull_request", "push_files", "request_copilot_review", "update_issue", "update_pull_request", "update_pull_request_branch"]
tools_search := ["search_code"]
locked_tools := ["create_repository", "search_repositories", "search_issues"]

raise Violation("You can access only one repo per session. You already accessed", call_before.function.arguments["owner"], "/",call_before.function.arguments["repo"], ", and now you are trying to access ", call_after.function.arguments["owner"], "/",call_after.function.arguments["repo"], ".") if:
  (call_before: ToolCall) -> (call_after: ToolCall)
  call_before.function.name in tools_repo
  call_after.function.name in tools_repo
  call_before.function.arguments["repo"] != call_after.function.arguments["repo"] or
  call_before.function.arguments["owner"] != call_after.function.arguments["owner"]

raise Violation("You can access only one repo per session. You already accessed", owner1, "/", repo1, ", and now you are trying to access ", owner2, "/",repo2, ".")  if:
  (call1: ToolCall)
  (call2: ToolCall)
  call1.function.name in tools_repo
  call2.function.name in tools_search
  repo1 := call1.function.arguments["repo"]
  repo2 := find("(?<=repo:)[^/]+/[a-zA-Z0-9._-]+", call2.function.arguments["q"])[0].split("/")[1]
  owner1 := call1.function.arguments["owner"]
  owner2 := find("(?<=repo:)[^/]+/[a-zA-Z0-9._-]+", call2.function.arguments["q"])[0].split("/")[0]

raise Violation("You can access only one repo per session. You already accessed", owner1, "/", repo1, ", and now you are trying to access ", owner2, "/",repo2, ".") if:
  (call1: ToolCall) -> (call2: ToolCall)
  call1.function.name in tools_search
  call2.function.name in tools_search
  print("q {}".format(call1.function.arguments["q"]))
  repo1 := find("(?<=repo:)[^/]+/[a-zA-Z0-9._-]+", call1.function.arguments["q"])[0].split("/")[1]
  owner1 := find("(?<=repo:)[^/]+/[a-zA-Z0-9._-]+", call1.function.arguments["q"])[0].split("/")[0]
  repo2 := find("(?<=repo:)[^/]+/[a-zA-Z0-9._-]+", call2.function.arguments["q"])[0].split("/")[1]
  owner2 := find("(?<=repo:)[^/]+/[a-zA-Z0-9._-]+", call2.function.arguments["q"])[0].split("/")[0]
  print("repo 1 {}".format(repo1))
  print("owner 1 {}".format(owner1))
  repo1 != repo2 or owner1 != owner2

raise Violation("Tool", call.function.name,"has been locked for safety reason. The output is untrusted.") if:
  (call: ToolCall)
  call.function.name in locked_tools