Skip to content

Add permission mode and tool restriction fields to AgentConfig #116

Open
Open
Add permission mode and tool restriction fields to AgentConfig#116
Labels
enhancementNew feature or requestneeds decision
Milestone
v1.0.0 - Production Readiness
@geoffjay

Description

@geoffjay
geoffjay
opened on Mar 4, 2026

Context

Child of #78. Adds the data model fields needed for sandbox and permission mode configuration.

Changes

Add the following fields to AgentConfig, CreateAgentRequest, and AgentTemplate:

  • permission_mode: Option<PermissionMode> — maps to --permission-mode CLI flag (values: default, plan, acceptEdits, dontAsk, bypassPermissions)
  • allowed_tools: Vec<String> — maps to --allowed-tools flag (e.g., ["Bash(git:*)", "Read", "Grep"])
  • disallowed_tools: Vec<String> — maps to --disallowed-tools flag
  • tools: Vec<String> — maps to --tools flag (restricts available tool set entirely)
  • skip_permissions: bool — maps to --dangerously-skip-permissions (for sandboxed environments)
  • require_sandbox: bool — when true, refuse to launch if Claude Code sandbox not configured

Add a PermissionMode enum with serde serialization.

All fields default to empty/false so existing configs remain compatible.

Files

  • crates/orchestrator/src/types.rsAgentConfig, CreateAgentRequest, PermissionMode enum
  • crates/cli/src/commands/apply.rsAgentTemplate

Acceptance Criteria

  • New fields added with appropriate serde defaults
  • PermissionMode enum with rename_all = "camelCase" serialization
  • Existing YAML templates and API requests still parse without changes
  • cargo build --workspace passes

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestneeds decision

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions