fix(lr-4c90): enforce agent tool restrictions in sdk-bridge#149
Merged
Conversation
…k-bridge The SDK's `agent` option only applies tool restrictions when the agent file uses JSON array syntax for the tools field. Add belt-and-suspenders enforcement: read the tools list directly from the agent's on-disk frontmatter and set claudeOpts.tools explicitly in sdk-bridge.js. Changes: - lib/agents.js: add readAgentToolsFromFile(agentName) — reads the agent definition file from AGENTS_SOURCE_DIR, parses frontmatter, and returns string[] if the tools field is a valid JSON array (null otherwise). Comma-string format silently returns null, ensuring the old broken format cannot cause unintended restrictions. - lib/sdk-bridge.js: require readAgentToolsFromFile from agents.js; after setting claudeOpts.agent, call the helper and set claudeOpts.tools when a tools array is found. Logs the enforced tool set at info level. - test/agents.test.js: regression tests for readAgentToolsFromFile covering null guards, valid JSON array, comma-string rejection, missing tools field, malformed JSON, empty array, and slugification. Part 1 (agent file format) completed by lr-5254 — all canonical source files already use JSON array syntax.
|
This issue has been resolved in version 1.2.0-beta.2 (beta). To update, run: |
|
This issue has been resolved in version 1.2.0 (stable). To update, run: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
lr-4c90: Belt-and-suspenders tool enforcement for UI-path agent sessions. Adds readAgentToolsFromFile() to agents.js and sets claudeOpts.tools in sdk-bridge.js after claudeOpts.agent. Regression tests in test/agents.test.js. Part 1 (lr-5254 agent file format) already merged.