[capability]
name = "tools::cargo-only-bash"
category = "tools"
version = "1.0"
description = "Restrict Bash to cargo and a handful of safe read/navigate/cleanup helpers."
rationale = "Bash is the highest-blast-radius tool. A narrow allowlist keeps agents on the cargo + inspect loop and prevents accidental `curl | sh`, `npm install`, or `sudo` escalation."

[restricts]
tool-patterns = [
  '^cargo( |$)',
  '^mkdir( |$)',
  '^ls( |$)',
  '^cat( |$)',
  '^grep( |$)',
  '^find( |$)',
  '^rm -rf /tmp/',
]
tools-denied = []

[parameterized]
accepts = []

[text]
path = "text.md"

[gate]
rust-module = "gates::tools_cargo_only_bash"
event = "PreToolUse:Bash"
severity = "block"