The reviewer's read-only guarantee was enforced only by the prompt. Add AllowedTools/DisallowedTools to ports.LaunchConfig and plumb them through the claude-code agent adapter to --allowedTools/--disallowedTools (each list comma-joined into one value so a rule containing spaces like "Bash(git diff:*)" is not split into separate tool names). Empty lists emit nothing, so worker sessions are unaffected. Launch the reviewer off bypassPermissions (which skips the permission system and ignores allow/deny rules) in the default auto mode, with an allowlist scoped to Read/Grep/Glob and the few Bash commands a reviewer needs (gh, git diff/log/show/status, ao review submit) and an explicit deny list for Edit/Write/NotebookEdit/git push/git commit as defense in depth. Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| agent | ||
| reviewer | ||
| runtime | ||
| scm/github | ||
| telemetry | ||
| tracker/github | ||
| workspace/gitworktree | ||
| registry.go | ||