From 0fffde00a8cb497e2dae9b2903e0f0c5d75f6a15 Mon Sep 17 00:00:00 2001
From: sheeek <gitlab@ott.team>
Date: Wed, 7 Jan 2026 11:58:19 +0100
Subject: [PATCH] feat(tools): add agent-specific tool filtering
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add tool filtering layer for per-agent restrictions:
- Extract agentId from sessionKey
- Load routing.agents[agentId].tools via resolveAgentConfig()
- Apply agent-specific allow/deny before sandbox filtering

Filtering order:
1. Global (agent.tools)
2. Agent-specific (routing.agents[id].tools) ← NEW
3. Sandbox (agent.sandbox.tools)
4. Subagent policy

This enables different tool permissions per agent
(e.g., main: all tools, family: read only).
---
 src/agents/pi-tools.ts | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/agents/pi-tools.ts b/src/agents/pi-tools.ts
index baaadd0b8..7687e788d 100644
--- a/src/agents/pi-tools.ts
+++ b/src/agents/pi-tools.ts
@@ -11,6 +11,10 @@ import type { ClawdbotConfig } from "../config/config.js";
 import { detectMime } from "../media/mime.js";
 import { isSubagentSessionKey } from "../routing/session-key.js";
 import { startWebLoginWithQr, waitForWebLogin } from "../web/login-qr.js";
+import {
+  resolveAgentConfig,
+  resolveAgentIdFromSessionKey,
+} from "./agent-scope.js";
 import {
   type BashToolDefaults,
   createBashTool,
@@ -592,9 +596,20 @@ export function createClawdbotCodingTools(options?: {
       options.config.agent.tools.deny?.length)
       ? filterToolsByPolicy(filtered, options.config.agent.tools)
       : filtered;
+  
+  // Agent-specific tool policy
+  let agentFiltered = globallyFiltered;
+  if (options?.sessionKey && options?.config) {
+    const agentId = resolveAgentIdFromSessionKey(options.sessionKey);
+    const agentConfig = resolveAgentConfig(options.config, agentId);
+    if (agentConfig?.tools) {
+      agentFiltered = filterToolsByPolicy(globallyFiltered, agentConfig.tools);
+    }
+  }
+  
   const sandboxed = sandbox
-    ? filterToolsByPolicy(globallyFiltered, sandbox.tools)
-    : globallyFiltered;
+    ? filterToolsByPolicy(agentFiltered, sandbox.tools)
+    : agentFiltered;
   const subagentFiltered =
     isSubagentSessionKey(options?.sessionKey) && options?.sessionKey
       ? filterToolsByPolicy(