fix(tools): honor agent tool denylist without sandbox

2026-01-04 23:59:45 +01:00
parent d9a9f6db7d
commit 4dd515b65f
4 changed files with 27 additions and 2 deletions
--- a/src/agents/pi-tools.test.ts
+++ b/src/agents/pi-tools.test.ts
@@ -195,4 +195,12 @@ describe("createClawdbotCodingTools", () => {
    expect(tools.some((tool) => tool.name === "read")).toBe(false);
    expect(tools.some((tool) => tool.name === "browser")).toBe(false);
  });
+
+  it("filters tools by agent tool policy even without sandbox", () => {
+    const tools = createClawdbotCodingTools({
+      config: { agent: { tools: { deny: ["browser"] } } },
+    });
+    expect(tools.some((tool) => tool.name === "bash")).toBe(true);
+    expect(tools.some((tool) => tool.name === "browser")).toBe(false);
+  });
 });
--- a/src/agents/pi-tools.ts
+++ b/src/agents/pi-tools.ts
@@ -509,8 +509,14 @@ export function createClawdbotCodingTools(options?: {
    if (tool.name === "slack") return allowSlack;
    return true;
  });
+  const globallyFiltered =
+    options?.config?.agent?.tools &&
+    (options.config.agent.tools.allow?.length ||
+      options.config.agent.tools.deny?.length)
+      ? filterToolsByPolicy(filtered, options.config.agent.tools)
+      : filtered;
  const sandboxed = sandbox
-    ? filterToolsByPolicy(filtered, sandbox.tools)
-    : filtered;
+    ? filterToolsByPolicy(globallyFiltered, sandbox.tools)
+    : globallyFiltered;
  return sandboxed.map(normalizeToolParameters);
 }
--- a/src/config/types.ts
+++ b/src/config/types.ts
@@ -816,6 +816,11 @@ export type ClawdbotConfig = {
        maxAgeDays?: number;
      };
    };
+    /** Global tool allow/deny policy for all providers (deny wins). */
+    tools?: {
+      allow?: string[];
+      deny?: string[];
+    };
  };
  routing?: RoutingConfig;
  messages?: MessagesConfig;
--- a/src/config/zod-schema.ts
+++ b/src/config/zod-schema.ts
@@ -370,6 +370,12 @@ export const ClawdbotSchema = z.object({
      modelFallbacks: z.array(z.string()).optional(),
      imageModelFallbacks: z.array(z.string()).optional(),
      contextTokens: z.number().int().positive().optional(),
+      tools: z
+        .object({
+          allow: z.array(z.string()).optional(),
+          deny: z.array(z.string()).optional(),
+        })
+        .optional(),
      thinkingDefault: z
        .union([
          z.literal("off"),