feat(agent): enforce tool policy (allowlist + tags), prune dead surface#15
Open
joy-void-joy wants to merge 14 commits into
Open
feat(agent): enforce tool policy (allowlist + tags), prune dead surface#15joy-void-joy wants to merge 14 commits into
joy-void-joy wants to merge 14 commits into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Resolves the dead/aspirational surface per the reviewed wire-keep-delete table. Stacked on #14. Net −14 lines while adding three real capabilities.
Wired (consumer existed or was one step away)
AGENT_MAX_TURNS/AGENT_MAX_BUDGET_USDpass through to the SDK natively (both are realClaudeAgentOptionsfields; defaults stayNone= unlimited)allowed_tools=was ignored underbypassPermissions— replaced withcreate_tool_allowlist_hook(the lib utility built for exactly this), fed byToolPolicy.get_allowed_tools(servers)which introspects registered SDK servers.BUILTIN_TOOLScorrected (dropped nonexistentTodoRead, addedEdit/NotebookEdit), andStructuredOutputis allowlisted as a framework tool so the reflection-gated final output can't be bricked. Denials list what is available.lup_tool(tags=...)'s documented promise: tools self-declare requirements (tags=["requires:example-api"]),ToolPolicy.filter_tools()drops them when the key is missing — replacing name-list bookkeeping as the primary mechanism (name sets still work).search_exampledemonstrates;fetch_examplestays untagged as the counter-example.get_latest_session_json,list_all_session_ids,lup.client.TokenUsage,lup.metricstypes) — the drifted local copies, including two deadtotal_cost_usdfields, are gone.version bumpuseslup.history.parse_semver.Kept with weight (per review discussion):
with_retry,tracked,create_nudge_hook,create_capture_hookget full what/when/why docstrings;trackedis repositioned (tools are tracked automatically insidelup_tool; the decorator is for non-tool functions) and core.py's stale claim fixed. Behavior tests already existed and stay green.Deleted:
charts.py+ theplotextdependency (superseded by usage.py's built-in renderers),http_timeout_seconds+max_concurrent_requestssettings (no consumers), thelist_all_sessionsalias, setup.py's duplicate subprocess clipboard (shared sh-based helper in utils now), the dead zoneinfo catch,iguana_necktie, and all three# type: ignores (replaced with real types).Structure: dev/feedback/trace typer apps moved out of
__init__.pyintoapp.pymodules (git mv, history preserved) —__init__.pyfiles are docstring-only per the repo convention; old-style typer options converted to Annotated;ProjectEntry/ParsedBranchTypedDicts replace stringly dicts.Sandbox is optional:
AGENT_SANDBOX_ENABLED=falseruns the agent without code-execution tools (ExitStack-managed) — Docker is now genuinely an optional dependency, as the README claims.Test plan