agent-orchestrator/backend/internal/adapters/agent/claudecode
neversettle 8241868398
feat(review): enforce reviewer read-only via tool allowlist (#2194)
The reviewer's read-only guarantee was enforced only by the prompt. Add
AllowedTools/DisallowedTools to ports.LaunchConfig and plumb them through
the claude-code agent adapter to --allowedTools/--disallowedTools (each list
comma-joined into one value so a rule containing spaces like "Bash(git
diff:*)" is not split into separate tool names). Empty lists emit nothing, so
worker sessions are unaffected.

Launch the reviewer off bypassPermissions (which skips the permission system
and ignores allow/deny rules) in the default auto mode, with an allowlist
scoped to Read/Grep/Glob and the few Bash commands a reviewer needs (gh, git
diff/log/show/status, ao review submit) and an explicit deny list for
Edit/Write/NotebookEdit/git push/git commit as defense in depth.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 20:27:19 +05:30
..
activity.go feat(agents): agent platform — registry, activity hooks, harness allowlist (#119) 2026-06-07 00:52:40 +05:30
activity_test.go feat(agents): agent platform — registry, activity hooks, harness allowlist (#119) 2026-06-07 00:52:40 +05:30
claudecode.go feat(review): enforce reviewer read-only via tool allowlist (#2194) 2026-06-29 20:27:19 +05:30
claudecode_test.go feat(review): enforce reviewer read-only via tool allowlist (#2194) 2026-06-29 20:27:19 +05:30
hooks.go fix(sessions): stop AO hook files from making every worktree permanently dirty (#169) 2026-06-11 11:06:45 +05:30