re-apply TodoWrite removal + deny list (lost in subsequent merge)

2026-05-16 19:47:55 +02:00 · 2026-05-16 19:47:55 +02:00 · f2a0dc4107
commit f2a0dc4107
parent 313121a6e9
2 changed files with 10 additions and 4 deletions
--- a/hive-ag3nt/prompts/claude-settings.json
+++ b/hive-ag3nt/prompts/claude-settings.json
@ -1,5 +1,8 @@
 {
  "autoCompactEnabled": false,
  "autoMemoryEnabled": false,
-  "effortLevel": "medium"
+  "effortLevel": "medium",
+  "permissions": {
+    "deny": ["WebFetch", "WebSearch", "Task", "TodoWrite"]
+  }
 }
--- a/hive-ag3nt/src/mcp.rs
+++ b/hive-ag3nt/src/mcp.rs
@ -601,10 +601,13 @@ pub const SERVER_NAME: &str = "hyperhive";
 /// in this list literally doesn't exist in the session (claude won't even
 /// try to call it). Web egress (`WebFetch`/`WebSearch`) and nested agents
 /// (`Task`) are intentionally omitted for now; `Bash` is allowed pending a
-/// finer-grained allow-list system for shell command patterns. Edit later
-/// as our trust model evolves.
+/// finer-grained allow-list system for shell command patterns. `TodoWrite`
+/// is omitted because the todo list lives in claude's in-process session
+/// state and silently evaporates on /compact or session reset — agents
+/// should plan in /state notes instead. Edit later as our trust model
+/// evolves.
 pub const ALLOWED_BUILTIN_TOOLS: &[&str] =
-    &["Bash", "Edit", "Glob", "Grep", "Read", "TodoWrite", "Write"];
+    &["Bash", "Edit", "Glob", "Grep", "Read", "Write"];

 /// Which MCP tool surface to advertise via `--allowedTools`. The agent
 /// list is the strict subset of the manager list, so we just thread the