e4b64418fc
Pre-unlock wave U2. Task 3 from CONVERGENCE-PLAN — rename misleading
capability names, keep old names as deprecated aliases.
Renames:
- tools::read-only → tools::deny-tools (mechanism is tool-name denial,
not "read-only" metaphor)
- tools::cargo-only-bash → tools::bash-allowlist (mechanism is Bash
pattern allow-list; cargo-only is one config value)
Back-compat via registry.resolve_alias():
- Old dir _capabilities/tools/{read-only,cargo-only-bash}/ retained with
capability.toml-only stub: `alias = "<new-name>"` + `deprecated` field
- registry.rs loads alias stubs, redirects lookup before dispatch
- warn_deprecated_once() emits single-shot stderr per alias per process
via OnceLock<Mutex<HashSet>>
- Zero breaking change to existing manifests / task.toml referencing
old names
Rust impl files renamed in place:
- gates/tools_read_only.rs → gates/tools_deny_tools.rs (struct
DenyTools)
- gates/tools_cargo_only_bash.rs → gates/tools_bash_allowlist.rs
(struct BashAllowlist)
- gates/mod.rs + registry.rs + gate_smoke.rs updated
Roles updated (3): read-only.toml, explorer.toml, edit-local.toml —
reference new names directly.
Tests: kei-agent-runtime 41/41 (was 40, +1 deprecated_aliases_resolve
_to_new_names), _assembler 40/40 unchanged (substrate role expansion
follows new paths).
Docs updated: AGENT-ROLES.md, AGENT-SUBSTRATE-SCHEMA.md, 4 _manifests
referencing the old names (comment-only annotations).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
24 lines
1.1 KiB
Markdown
24 lines
1.1 KiB
Markdown
## Read-only agent (deny-tools capability)
|
|
|
|
You MUST NOT use the `Edit` or `Write` tools. Any attempt to call
|
|
them is blocked at the gate.
|
|
|
|
You are a read-only role. Your job is to inspect, explain, analyse,
|
|
or review — never to mutate the filesystem. Use `Read`, `Glob`,
|
|
`Grep`, and (where permitted) `Bash` for read-only commands and
|
|
`WebFetch` to work through what is already on disk and on the web.
|
|
|
|
If your task appears to require an edit, STOP. Do not try to work
|
|
around the tool denial (e.g. by shelling out `sed`/`awk` through
|
|
`Bash`, by creating a file via `cat > file <<EOF`, or by piping a
|
|
heredoc into `tee`). The orchestrator considers such attempts a
|
|
policy violation and will reject your return.
|
|
|
|
Return your findings as a structured report (see the
|
|
`output::report-format` and, if applicable, `output::severity-grade`
|
|
capabilities that accompany this role). Include every file path
|
|
and line number you think the follow-up editor should touch — the
|
|
orchestrator will route the actual edits to an `edit-local` or
|
|
`edit-shared` agent.
|
|
|
|
Reading any file in the repository is permitted and encouraged.
|