0be354a920
Single-commit clean baseline after security scrub of niche-tells, project codenames, internal jargon, and contributor-email leaks. Contents: - 100 Rust crates (_primitives/_rust/) - 37 agent manifests (_manifests/) + generated specs (_generated/) - 67 user-invocable skills (skills/) - 33 hooks (hooks/) - Composition blocks (_blocks/) - Documentation (docs/, README.md) - TS adapter packages (_ts_packages/) - Assembler (_assembler/) - Roles (_roles/) - Templates (_templates/) - Forgejo CI (.forgejo/) Author: Denis Parfionovich <info@greendragon.info> License: see LICENSE.
34 lines
1 KiB
TOML
34 lines
1 KiB
TOML
[capability]
|
|
name = "tools::deny-tools"
|
|
category = "tools"
|
|
version = "1.0"
|
|
description = "Add a list of tools (Edit, Write, MultiEdit, NotebookEdit) to the PreToolUse deny-list — agent may read but not mutate the filesystem."
|
|
rationale = "Read-only agents (research, critic, explorer) must never alter source. A denial at the tool level is simpler and more robust than per-path scope checks. Renamed from `tools::read-only` (v0.17) — 'deny-tools' explicitly names the mechanism (add tools to deny-list) rather than using the metaphorical 'read-only' label."
|
|
|
|
[restricts]
|
|
tool-patterns = []
|
|
tools-denied = ["Edit", "Write", "MultiEdit", "NotebookEdit"]
|
|
|
|
[parameterized]
|
|
accepts = []
|
|
|
|
[text]
|
|
path = "text.md"
|
|
|
|
[gate]
|
|
rust-module = "gates::tools_deny_tools"
|
|
event = "PreToolUse:Edit|Write"
|
|
severity = "block"
|
|
|
|
[taxonomy]
|
|
kingdom = "capability"
|
|
mechanism = "gate"
|
|
domain = "tools"
|
|
layer = "agent-substrate"
|
|
stage = "runtime"
|
|
stability = "stable"
|
|
language = "rust"
|
|
|
|
[lineage]
|
|
creator = "ag-orchestrator-human"
|
|
created = "2026-04-23"
|