feat: add regex-based tool_name/tool_type matching for tool-permission

[uc4w6c]

Title

feat: add regex-based tool_name/tool_type matching for tool-permission

Relevant issues

#N/A

Pre-Submission checklist

Please complete all items before asking a LiteLLM maintainer to review your PR

• I have Added testing in the tests/litellm/ directory, Adding at least 1 test is a hard requirement - see details
• I have added a screenshot of my new test passing locally
• My PR passes all unit tests on make test-unit
• My PR's scope is as isolated as possible, it only solves 1 specific problem

Type

🆕 New Feature
📖 Documentation
✅ Test

Changes

Add regex + tool-type support to tool permission guardrail

Example configuration:

  - guardrail_name: "tool-permission-guardrail"
    litellm_params:
      guardrail: tool_permission
      mode: ["pre_call"]
      default_on: true
      rules:
        - id: "allow_send_mail"
          tool_name: "^send_.*_email$"
          decision: "allow"
      default_action: "deny"  # deny by default if no rule matches
      on_disallowed_action: "block"  # block by default if no rule matches

Example curl test:

curl http://localhost:4000/chat/completions \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer sk-1234" \
    -d '{
      "model": "gpt-5-mini",
      "messages": [
        {"role": "user","content": "call send_test_email tool"}
      ],
      "tools": [
        {
          "type": "function",
          "function": {
            "name": "send_email",
            "description": "Send email via mail MCP"
          }
        }
      ],
      "tool_choice": "auto"
    }'
{"error":{"message":"{'error': 'Violated guardrail policy', 'detection_message': \"Tool 'send_email' denied by default action\"}","type":"None","param":"None","code":"400"}}

[vercel]

@uc4w6c is attempting to deploy a commit to the CLERKIEAI Team on Vercel.

A member of the Team first needs to authorize it.