From f2a0dc410768e3ff5126b7180055243578491632 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sat, 16 May 2026 19:47:55 +0200 Subject: [PATCH] re-apply TodoWrite removal + deny list (lost in subsequent merge) --- hive-ag3nt/prompts/claude-settings.json | 5 ++++- hive-ag3nt/src/mcp.rs | 9 ++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/hive-ag3nt/prompts/claude-settings.json b/hive-ag3nt/prompts/claude-settings.json index 612237d..7fdf437 100644 --- a/hive-ag3nt/prompts/claude-settings.json +++ b/hive-ag3nt/prompts/claude-settings.json @@ -1,5 +1,8 @@ { "autoCompactEnabled": false, "autoMemoryEnabled": false, - "effortLevel": "medium" + "effortLevel": "medium", + "permissions": { + "deny": ["WebFetch", "WebSearch", "Task", "TodoWrite"] + } } diff --git a/hive-ag3nt/src/mcp.rs b/hive-ag3nt/src/mcp.rs index 26a5962..e252d10 100644 --- a/hive-ag3nt/src/mcp.rs +++ b/hive-ag3nt/src/mcp.rs @@ -601,10 +601,13 @@ pub const SERVER_NAME: &str = "hyperhive"; /// in this list literally doesn't exist in the session (claude won't even /// try to call it). Web egress (`WebFetch`/`WebSearch`) and nested agents /// (`Task`) are intentionally omitted for now; `Bash` is allowed pending a -/// finer-grained allow-list system for shell command patterns. Edit later -/// as our trust model evolves. +/// finer-grained allow-list system for shell command patterns. `TodoWrite` +/// is omitted because the todo list lives in claude's in-process session +/// state and silently evaporates on /compact or session reset — agents +/// should plan in /state notes instead. Edit later as our trust model +/// evolves. pub const ALLOWED_BUILTIN_TOOLS: &[&str] = - &["Bash", "Edit", "Glob", "Grep", "Read", "TodoWrite", "Write"]; + &["Bash", "Edit", "Glob", "Grep", "Read", "Write"]; /// Which MCP tool surface to advertise via `--allowedTools`. The agent /// list is the strict subset of the manager list, so we just thread the