claude_swarm 0.1.15 → 0.1.16

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dc1ac6dbcc7eac54e907f574c827580275e147e42e92122d467809addb614ae9
-  data.tar.gz: d579b2a49bc0323c4704736597c1d3a9bf8e24a29c0bfe63bd21969560b4dbf9
+  metadata.gz: b71b3ce3aebae7de091dd130cda9fc4c474f538f444be15f1ee5b07501210db6
+  data.tar.gz: 846ac3f979b5912ccbc70f1810b760f625e75b1c7e905d5d1199b893d0bc3400
 SHA512:
-  metadata.gz: 20398e7167acc7f88c611da67a0d613fbfba9e225701c5dd1681f2a2ffac12bd81bbf9e4463c45564df0046edd17f3a299edbfedd1c79b0a463127c53853283f
-  data.tar.gz: be84c91452a5cc0e00ec725e9e4f3a75b8e4b94f72438a796a3a6e8f787c4c8a2c46ad857bb661c50971c2fda25ca51fe2e25fc650c3025001292dba054f293b
+  metadata.gz: 9f891010506baba80420357aad85a7fde6704c2ed99155e9cf32fd38cc35efd007ac19fe0e8a1df59b5f1df2d24980f7f0150551629667b42254d02bf77c4ddc
+  data.tar.gz: 29f913521f66298ee24dbdff1b8a043d3a00abe0723080b953cb3dbc127ac6e5ecb35a8b857f61af062db9d570f3c42a90e874dcb114b42f6bee163162f96a0a

data/CHANGELOG.md

@@ -1,3 +1,28 @@
+## [0.1.16]
+
+### Changed
+- **Breaking change**: Removed custom permission MCP server in favor of Claude's native `mcp__MCP_NAME` pattern
+- Connected instances are now automatically added to allowed tools as `mcp__<instance_name>`
+- CLI parameter `--tools` renamed to `--allowed-tools` for consistency with YAML configuration
+- MCP generator no longer creates permission MCP server configurations
+
+### Removed
+- Removed `PermissionMcpServer` and `PermissionTool` classes
+- Removed `tools-mcp` CLI command
+- Removed regex tool pattern syntax - use Claude Code patterns instead
+- Removed `--permission-prompt-tool` flag from orchestrator
+- Removed permission logging to `permissions.log`
+
+### Migration Guide
+- Replace custom tool patterns with Claude Code's native patterns in your YAML files:
+  - `"Bash(npm:*)"` → Use `Bash` and Claude Code's built-in command restrictions
+  - `"Edit(*.js)"` → Use `Edit` and Claude Code's built-in file restrictions
+- For fine-grained tool control, use Claude Code's native patterns:
+  - `mcp__<server_name>__<tool_name>` for specific tools from an MCP server
+  - `mcp__<server_name>` to allow all tools from an MCP server
+- Connected instances are automatically accessible via `mcp__<instance_name>` pattern
+- See Claude Code's documentation for full details on supported tool patterns
+
 ## [0.1.15]
 
 ### Changed

data/CLAUDE.md

@@ -54,7 +54,7 @@ The gem is fully implemented with the following components:
 
 1. **YAML Configuration**: Define swarms with instances, connections, tools, and MCP servers
 2. **Inter-Instance Communication**: Instances connect via MCP using `claude mcp serve` with `-p` flag
-3. **Tool Restrictions**: Support for pattern-based tool restrictions (e.g., `Bash(npm:*)`)
+3. **Tool Restrictions**: Support for tool restrictions using Claude's native pattern (connections are available as `mcp__instance_name`)
 4. **Multiple MCP Types**: Supports both stdio and SSE MCP server types
 5. **Automatic MCP Generation**: Creates `.claude-swarm/` directory with MCP configs
 6. **Custom System Prompts**: Each instance can have a custom prompt via `--append-system-prompt`
@@ -63,9 +63,10 @@ The gem is fully implemented with the following components:
 
 1. User creates a `claude-swarm.yml` file defining the swarm topology
 2. Running `claude-swarm` parses the configuration and validates it
-3. MCP configuration files are generated for each instance in `.claude-swarm/`
+3. MCP configuration files are generated for each instance in a session directory
 4. The main instance is launched with `exec`, replacing the current process
 5. Connected instances are available as MCP servers to the main instance
+6. When an instance has connections, those connections are automatically added to its allowed tools as `mcp__<connection_name>`
 
 ### Configuration Example
 
@@ -85,15 +86,18 @@ swarm:
       directory: ./frontend
       model: sonnet
       prompt: "You specialize in frontend development with React"
-      tools: [Edit, Write, "Bash(npm:*)"]
+      tools: [Edit, Write, Bash]
 ```
 
 ## Testing
 
-The gem includes basic tests for version number and CLI existence. Additional tests should be added for:
+The gem includes comprehensive tests covering:
 - Configuration parsing and validation
-- MCP generation logic
+- MCP generation logic with connections
 - Error handling scenarios
+- CLI command functionality
+- Session restoration
+- Vibe mode behavior
 
 ## Dependencies
 

data/README.md

@@ -1,6 +1,6 @@
 # Claude Swarm
 
-[![Gem Version](https://badge.fury.io/rb/claude_swarm.svg?cache_bust=0.1.14)](https://badge.fury.io/rb/claude_swarm)
+[![Gem Version](https://badge.fury.io/rb/claude_swarm.svg?cache_bust=0.1.15)](https://badge.fury.io/rb/claude_swarm)
 [![CI](https://github.com/parruda/claude-swarm/actions/workflows/ci.yml/badge.svg)](https://github.com/parruda/claude-swarm/actions/workflows/ci.yml)
 
 Claude Swarm orchestrates multiple Claude Code instances as a collaborative AI development team. It enables running AI agents with specialized roles, tools, and directory contexts, communicating via MCP (Model Context Protocol) in a tree-like hierarchy. Define your swarm topology in simple YAML and let Claude instances delegate tasks through connected instances. Perfect for complex projects requiring specialized AI agents for frontend, backend, testing, DevOps, or research tasks.
@@ -113,7 +113,7 @@ swarm:
       directory: ./web-frontend/src
       model: opus
       prompt: "You specialize in React components and state management"
-      allowed_tools: [Edit, Write, "Bash(npm:*)"]
+      allowed_tools: [Edit, Write, Bash]
     
     css_expert:
       description: "CSS specialist handling styling and responsive design"
@@ -142,7 +142,7 @@ swarm:
       directory: ./api-server/db
       model: opus
       prompt: "You handle database schema and migrations"
-      allowed_tools: [Edit, Write, "Bash(psql:*, migrate:*)"]
+      allowed_tools: [Edit, Write, Bash]
     
     mobile_lead:
       description: "Mobile team lead coordinating cross-platform development"
@@ -157,21 +157,21 @@ swarm:
       directory: ./mobile-app/ios
       model: opus
       prompt: "You develop the iOS application"
-      allowed_tools: [Edit, Write, "Bash(xcodebuild:*, pod:*)"]
+      allowed_tools: [Edit, Write, Bash]
     
     android_dev:
       description: "Android developer creating native Android apps"
       directory: ./mobile-app/android
       model: opus
       prompt: "You develop the Android application"
-      allowed_tools: [Edit, Write, "Bash(gradle:*, adb:*)"]
+      allowed_tools: [Edit, Write, Bash]
     
     devops:
       description: "DevOps engineer managing CI/CD and infrastructure"
       directory: ./infrastructure
       model: opus
       prompt: "You handle CI/CD and infrastructure"
-      allowed_tools: [Read, Edit, "Bash(docker:*, kubectl:*)"]
+      allowed_tools: [Read, Edit, Bash]
 ```
 
 In this setup:
@@ -179,6 +179,7 @@ In this setup:
 - Each team lead can work with their specialized developers
 - Each instance is independent - connections create separate MCP server instances
 - Teams work in isolated directories with role-appropriate tools
+- Connected instances are accessible via MCP tools like `mcp__frontend_lead__task`, `mcp__backend_lead__task`, etc.
 
 
 ### Configuration Format
@@ -272,23 +273,22 @@ allowed_tools:
   - WebFetch       # Fetch web content
   - WebSearch      # Search the web
 
-disallowed_tools:  # Optional: explicitly deny specific tools
-  - "Write(*.md)"  # Don't allow writing markdown files
-  - "Bash(rm:*)"   # Don't allow rm commands
+# Note: Pattern-based tool restrictions have been deprecated.
+# Use allowed_tools and disallowed_tools with tool names only.
 ```
 
 Tools are passed to Claude using the `--allowedTools` and `--disallowedTools` flags with comma-separated values. Disallowed tools take precedence over allowed tools.
 
-#### Tool Restrictions
-
-You can restrict tools with pattern-based filters:
+#### Available Tools
 
 ```yaml
 allowed_tools:
-  - Read                    # Unrestricted read access
-  - Edit                    # Unrestricted edit access
-  - "Bash(npm:*)"          # Only allow npm commands
-  - "Bash(git:*, make:*)"  # Only allow git and make commands
+  - Read          # File reading
+  - Edit          # File editing
+  - Write         # File creation
+  - Bash          # Command execution
+  - WebFetch      # Fetch web content
+  - WebSearch     # Search the web
 ```
 
 ### Examples
@@ -419,7 +419,7 @@ swarm:
       description: "Worker with restricted permissions"
       directory: ./sensitive
       model: sonnet
-      allowed_tools: [Read, "Bash(ls:*)"]  # Only allow read and ls commands
+      allowed_tools: [Read, Bash]  # Allow read and bash commands
       
     trusted_worker:
       description: "Trusted worker with more permissions"
@@ -457,9 +457,8 @@ claude-swarm list-sessions --limit 20
 # Show version
 claude-swarm version
 
-# Start permission MCP server (for testing/debugging)
-claude-swarm tools-mcp --allowed-tools 'mcp__frontend__*,mcp__backend__*'
-claude-swarm tools-mcp --allowed-tools 'Read,Edit' --disallowed-tools 'Edit(*.log)'
+# Note: The permission MCP server has been deprecated. 
+# Tool permissions are now handled through allowed_tools and disallowed_tools in your configuration.
 
 # Internal command for MCP server (used by connected instances)
 claude-swarm mcp-serve INSTANCE_NAME --config CONFIG_FILE --session-timestamp TIMESTAMP
@@ -477,7 +476,7 @@ All session files are organized in `~/.claude-swarm/sessions/{project}/{timestam
 - `{instance_name}.mcp.json`: MCP configuration files
 - `session.log`: Human-readable request/response tracking
 - `session.log.json`: All events in JSONL format (one JSON per line)
-- `permissions.log`: Permission checks and decisions
+# Note: permissions.log is no longer generated as the permission MCP server has been deprecated
 
 #### Listing Sessions
 View your previous Claude Swarm sessions:
@@ -535,15 +534,11 @@ This will:
 2. **MCP Generation**: For each instance, it generates an MCP configuration file that includes:
    - Any explicitly defined MCP servers
    - MCP servers for each connected instance (using `claude-swarm mcp-serve`)
-   - A permission MCP server (unless using `--vibe` mode)
-3. **Tool Permissions**: Claude Swarm automatically manages tool permissions:
-   - Each instance's configured tools are allowed via the permission MCP
-   - Supports wildcard patterns (e.g., `mcp__frontend__*` allows all frontend MCP tools)
+3. **Tool Permissions**: Claude Swarm manages tool permissions through configuration:
+   - Each instance's `allowed_tools` specifies which tools it can use
+   - Connected instances are accessible via `mcp__<instance_name>__*` pattern
    - Disallowed tools take precedence over allowed tools for fine-grained control
-   - Eliminates the need to manually accept each tool or use global `--vibe` mode
    - Per-instance `vibe: true` skips all permission checks for that specific instance
-   - The permission MCP uses `--permission-prompt-tool` to check tool access
-   - Permission decisions are logged to `~/.claude-swarm/sessions/{project}/{timestamp}/permissions.log`
 4. **Session Persistence**: Claude Swarm automatically tracks session state:
    - Generates a shared session path for all instances
    - Each instance's Claude session ID is captured and saved

data/claude-swarm.yml

@@ -18,7 +18,7 @@ swarm:
       directory: .
       model: sonnet
       prompt: "You specialize in frontend development with React, TypeScript, and modern web technologies"
-      allowed_tools: [Read, Edit, Write, "Bash(npm:*)", "Bash(yarn:*)", "Bash(pnpm:*)"]
+      allowed_tools: [Read, Edit, Write, Bash]
 
     backend_dev:
       description: "Backend developer focusing on APIs, databases, and server architecture"
@@ -32,7 +32,7 @@ swarm:
     #   directory: .
     #   model: sonnet
     #   prompt: "You specialize in infrastructure, CI/CD, containerization, and deployment"
-    #   allowed_tools: [Read, Edit, Write, "Bash(docker:*)", "Bash(kubectl:*)", "Bash(terraform:*)"]
+    #   allowed_tools: [Read, Edit, Write, Bash]
 
     # qa_engineer:
     #   description: "QA engineer ensuring quality through comprehensive testing"

data/example/microservices-team.yml

@@ -58,7 +58,7 @@ swarm:
       allowed_tools:
         - Edit
         - Write
-        - "Bash(npm:*, yarn:*, jest:*)"
+        - Bash
     
     ui_designer:
       description: "UI/UX specialist creating responsive designs and managing design system"
@@ -91,7 +91,7 @@ swarm:
       allowed_tools:
         - Edit
         - Write
-        - "Bash(go:*, docker:*, make:*)"
+        - Bash
     
     api_gateway_dev:
       description: "API gateway developer managing request routing and rate limiting"
@@ -101,7 +101,7 @@ swarm:
       allowed_tools:
         - Edit
         - Write
-        - "Bash(go:*, docker:*, kong:*)"
+        - Bash
     
     core_service_dev:
       description: "Core business logic service developer"
@@ -111,7 +111,7 @@ swarm:
       allowed_tools:
         - Edit
         - Write
-        - "Bash(python:*, pip:*, pytest:*, docker:*)"
+        - Bash
     
     shared_lib_dev:
       description: "Shared libraries developer maintaining common code across services"
@@ -122,7 +122,7 @@ swarm:
       allowed_tools:
         - Edit
         - Write
-        - "Bash(npm:*, go:*, python:*)"
+        - Bash
     
     # Mobile Team
     mobile_lead:
@@ -143,7 +143,7 @@ swarm:
       allowed_tools:
         - Edit
         - Write
-        - "Bash(swift:*, xcodebuild:*, pod:*, fastlane:*)"
+        - Bash
     
     android_senior:
       description: "Senior Android developer creating Kotlin applications"
@@ -153,7 +153,7 @@ swarm:
       allowed_tools:
         - Edit
         - Write
-        - "Bash(gradle:*, adb:*, fastlane:*)"
+        - Bash
     
     # Data Team
     data_lead:
@@ -175,7 +175,7 @@ swarm:
       allowed_tools:
         - Edit
         - Write
-        - "Bash(python:*, airflow:*, spark:*, dbt:*)"
+        - Bash
     
     ml_engineer:
       description: "ML engineer developing and deploying machine learning models"
@@ -185,7 +185,7 @@ swarm:
       allowed_tools:
         - Edit
         - Write
-        - "Bash(python:*, jupyter:*, mlflow:*, docker:*)"
+        - Bash
     
     analytics_dev:
       description: "Analytics developer creating dashboards and reports"
@@ -195,7 +195,7 @@ swarm:
       allowed_tools:
         - Edit
         - Write
-        - "Bash(python:*, sql:*)"
+        - Bash
     
     # DevOps & Infrastructure
     devops_lead:
@@ -217,7 +217,7 @@ swarm:
       allowed_tools:
         - Edit
         - Write
-        - "Bash(kubectl:*, helm:*, prometheus:*, grafana:*)"
+        - Bash
     
     platform_engineer:
       description: "Platform engineer managing Kubernetes and container infrastructure"
@@ -227,7 +227,7 @@ swarm:
       allowed_tools:
         - Edit
         - Write
-        - "Bash(kubectl:*, helm:*, docker:*, istioctl:*)"
+        - Bash
     
     cloud_architect:
       description: "Cloud architect managing AWS/GCP infrastructure and costs"
@@ -237,7 +237,7 @@ swarm:
       allowed_tools:
         - Edit
         - Write
-        - "Bash(terraform:*, aws:*, gcloud:*)"
+        - Bash
     
     # Quality & Security
     qa_lead:
@@ -259,7 +259,7 @@ swarm:
       allowed_tools:
         - Edit
         - Write
-        - "Bash(npm:*, cypress:*, playwright:*)"
+        - Bash
     
     backend_qa:
       description: "Backend QA engineer creating API tests and integration tests"
@@ -269,7 +269,7 @@ swarm:
       allowed_tools:
         - Edit
         - Write
-        - "Bash(python:*, pytest:*, postman:*, k6:*)"
+        - Bash
     
     mobile_qa:
       description: "Mobile QA engineer testing iOS and Android applications"
@@ -279,7 +279,7 @@ swarm:
       allowed_tools:
         - Edit
         - Write
-        - "Bash(appium:*, xctest:*, espresso:*)"
+        - Bash
     
     security_lead:
       description: "Security lead ensuring application and infrastructure security"
@@ -290,4 +290,4 @@ swarm:
       allowed_tools:
         - Read
         - Edit
-        - "Bash(trivy:*, snyk:*, owasp:*)"
+        - Bash

data/example/test-generation.yml

@@ -70,7 +70,7 @@ swarm:
         - Read
         - Edit
         - Write
-        - "Bash(bundle:*)"
+        - Bash
 
     integration_test_expert:
       description: "Integration test specialist for controllers, API endpoints, and request specs"
@@ -111,7 +111,7 @@ swarm:
         - Read
         - Edit
         - Write
-        - "Bash(bundle:*, rails:*)"
+        - Bash
 
     system_test_expert:
       description: "System test specialist for end-to-end user flows and JavaScript interactions"
@@ -154,7 +154,7 @@ swarm:
         - Read
         - Edit
         - Write
-        - "Bash(bundle:*)"
+        - Bash
 
     factory_specialist:
       description: "Test data specialist managing factories, traits, and test data generation"
@@ -198,7 +198,7 @@ swarm:
         - Read
         - Edit
         - Write
-        - "Bash(bundle:*)"
+        - Bash
 
     test_quality_reviewer:
       description: "Test quality assurance specialist ensuring best practices, coverage, and maintainability"
@@ -243,4 +243,4 @@ swarm:
         Provide actionable feedback to improve test quality and coverage.
       allowed_tools:
         - Read
-        - "Bash(bundle:*, rubocop:*)"
+        - Bash

data/lib/claude_swarm/claude_code_executor.rb

@@ -278,10 +278,18 @@ module ClaudeSwarm
       if @vibe
         cmd_array << "--dangerously-skip-permissions"
       else
+        # Build allowed tools list including MCP connections
+        allowed_tools = options[:allowed_tools] ? Array(options[:allowed_tools]).dup : []
+
+        # Add mcp__instance_name for each connection if we have instance info
+        options[:connections]&.each do |connection_name|
+          allowed_tools << "mcp__#{connection_name}"
+        end
+
         # Add allowed tools if any
-        if options[:allowed_tools]
-          tools = Array(options[:allowed_tools]).join(",")
-          cmd_array += ["--allowedTools", tools]
+        if allowed_tools.any?
+          tools_str = allowed_tools.join(",")
+          cmd_array += ["--allowedTools", tools_str]
         end
 
         # Add disallowed tools if any
@@ -289,9 +297,6 @@ module ClaudeSwarm
           disallowed_tools = Array(options[:disallowed_tools]).join(",")
           cmd_array += ["--disallowedTools", disallowed_tools]
         end
-
-        # Add permission prompt tool if not in vibe mode
-        cmd_array += ["--permission-prompt-tool", "mcp__permissions__check_permission"]
       end
 
       cmd_array

data/lib/claude_swarm/cli.rb

@@ -6,7 +6,6 @@ require_relative "configuration"
 require_relative "mcp_generator"
 require_relative "orchestrator"
 require_relative "claude_mcp_server"
-require_relative "permission_mcp_server"
 
 module ClaudeSwarm
   class CLI < Thor
@@ -78,10 +77,12 @@ module ClaudeSwarm
                            desc: "System prompt for the instance"
     method_option :description, type: :string,
                                 desc: "Description of the instance's role"
-    method_option :tools, aliases: "-t", type: :array,
-                          desc: "Allowed tools for the instance"
+    method_option :allowed_tools, aliases: "-t", type: :array,
+                                  desc: "Allowed tools for the instance"
     method_option :disallowed_tools, type: :array,
                                      desc: "Disallowed tools for the instance"
+    method_option :connections, type: :array,
+                                desc: "Connections to other instances"
     method_option :mcp_config_path, type: :string,
                                     desc: "Path to MCP configuration file"
     method_option :debug, type: :boolean, default: false,
@@ -103,8 +104,9 @@ module ClaudeSwarm
         model: options[:model],
         prompt: options[:prompt],
         description: options[:description],
-        tools: options[:tools] || [],
+        allowed_tools: options[:allowed_tools] || [],
         disallowed_tools: options[:disallowed_tools] || [],
+        connections: options[:connections] || [],
         mcp_config_path: options[:mcp_config_path],
         vibe: options[:vibe],
         instance_id: options[:instance_id],
@@ -265,22 +267,6 @@ module ClaudeSwarm
       say "  claude-swarm --session-id <session-id>", :cyan
     end
 
-    desc "tools-mcp", "Start a permission management MCP server for tool access control"
-    method_option :allowed_tools, aliases: "-t", type: :string,
-                                  desc: "Comma-separated list of allowed tool patterns (supports wildcards)"
-    method_option :disallowed_tools, type: :string,
-                                     desc: "Comma-separated list of disallowed tool patterns (supports wildcards)"
-    method_option :debug, type: :boolean, default: false,
-                          desc: "Enable debug output"
-    def tools_mcp
-      server = PermissionMcpServer.new(allowed_tools: options[:allowed_tools], disallowed_tools: options[:disallowed_tools])
-      server.start
-    rescue StandardError => e
-      error "Error starting permission MCP server: #{e.message}"
-      error e.backtrace.join("\n") if options[:debug]
-      exit 1
-    end
-
     default_task :start
 
     private

data/lib/claude_swarm/mcp_generator.rb

@@ -68,9 +68,6 @@ module ClaudeSwarm
         )
       end
 
-      # Add permission MCP server if not in vibe mode (global or instance-specific)
-      mcp_servers["permissions"] = build_permission_mcp_config(instance[:tools], instance[:disallowed_tools]) unless @vibe || instance[:vibe]
-
       config = {
         "instance_id" => @instance_ids[name],
         "instance_name" => name,
@@ -115,10 +112,12 @@ module ClaudeSwarm
 
       args.push("--description", instance[:description]) if instance[:description]
 
-      args.push("--tools", instance[:tools].join(",")) if instance[:tools] && !instance[:tools].empty?
+      args.push("--allowed-tools", instance[:allowed_tools].join(",")) if instance[:allowed_tools] && !instance[:allowed_tools].empty?
 
       args.push("--disallowed-tools", instance[:disallowed_tools].join(",")) if instance[:disallowed_tools] && !instance[:disallowed_tools].empty?
 
+      args.push("--connections", instance[:connections].join(",")) if instance[:connections] && !instance[:connections].empty?
+
       args.push("--mcp-config-path", mcp_config_path(name))
 
       args.push("--calling-instance", calling_instance) if calling_instance
@@ -162,23 +161,5 @@ module ClaudeSwarm
         # Skip invalid state files
       end
     end
-
-    def build_permission_mcp_config(allowed_tools, disallowed_tools)
-      exe_path = "claude-swarm"
-
-      args = ["tools-mcp"]
-
-      # Add allowed tools if specified
-      args.push("--allowed-tools", allowed_tools.join(",")) if allowed_tools && !allowed_tools.empty?
-
-      # Add disallowed tools if specified
-      args.push("--disallowed-tools", disallowed_tools.join(",")) if disallowed_tools && !disallowed_tools.empty?
-
-      {
-        "type" => "stdio",
-        "command" => exe_path,
-        "args" => args
-      }
-    end
   end
 end

data/lib/claude_swarm/orchestrator.rb

@@ -91,7 +91,7 @@ module ClaudeSwarm
         puts "🚀 Launching main instance: #{@config.main_instance}"
         puts "   Model: #{main_instance[:model]}"
         puts "   Directory: #{main_instance[:directory]}"
-        puts "   Allowed tools: #{main_instance[:tools].join(", ")}" if main_instance[:tools].any?
+        puts "   Allowed tools: #{main_instance[:allowed_tools].join(", ")}" if main_instance[:allowed_tools].any?
         puts "   Disallowed tools: #{main_instance[:disallowed_tools].join(", ")}" if main_instance[:disallowed_tools]&.any?
         puts "   Connections: #{main_instance[:connections].join(", ")}" if main_instance[:connections].any?
         puts "   😎 Vibe mode ON for this instance" if main_instance[:vibe]
@@ -208,9 +208,17 @@ module ClaudeSwarm
       if @vibe || instance[:vibe]
         parts << "--dangerously-skip-permissions"
       else
+        # Build allowed tools list including MCP connections
+        allowed_tools = instance[:allowed_tools].dup
+
+        # Add mcp__instance_name for each connection
+        instance[:connections].each do |connection_name|
+          allowed_tools << "mcp__#{connection_name}"
+        end
+
         # Add allowed tools if any
-        if instance[:tools].any?
-          tools_str = instance[:tools].join(",")
+        if allowed_tools.any?
+          tools_str = allowed_tools.join(",")
           parts << "--allowedTools"
           parts << tools_str
         end
@@ -221,10 +229,6 @@ module ClaudeSwarm
           parts << "--disallowedTools"
           parts << disallowed_tools_str
         end
-
-        # Add permission prompt tool unless in vibe mode
-        parts << "--permission-prompt-tool"
-        parts << "mcp__permissions__check_permission"
       end
 
       if instance[:prompt]

data/lib/claude_swarm/task_tool.rb

@@ -4,7 +4,7 @@ module ClaudeSwarm
   class TaskTool < FastMcp::Tool
     tool_name "task"
     description "Execute a task using Claude Code. There is no description parameter."
-    annotations(readOnlyHint: true, openWorldHint: false, destructiveHint: false)
+    annotations(read_only_hint: true, open_world_hint: false, destructive_hint: false)
 
     arguments do
       required(:prompt).filled(:string).description("The task or question for the agent")
@@ -22,11 +22,14 @@ module ClaudeSwarm
       }
 
       # Add allowed tools from instance config
-      options[:allowed_tools] = instance_config[:tools] if instance_config[:tools]&.any?
+      options[:allowed_tools] = instance_config[:allowed_tools] if instance_config[:allowed_tools]&.any?
 
       # Add disallowed tools from instance config
       options[:disallowed_tools] = instance_config[:disallowed_tools] if instance_config[:disallowed_tools]&.any?
 
+      # Add connections from instance config
+      options[:connections] = instance_config[:connections] if instance_config[:connections]&.any?
+
       response = executor.execute(prompt, options)
 
       # Return just the result text as expected by MCP

data/lib/claude_swarm/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ClaudeSwarm
-  VERSION = "0.1.15"
+  VERSION = "0.1.16"
 end

data/lib/claude_swarm.rb

@@ -7,8 +7,6 @@ require_relative "claude_swarm/mcp_generator"
 require_relative "claude_swarm/orchestrator"
 require_relative "claude_swarm/claude_code_executor"
 require_relative "claude_swarm/claude_mcp_server"
-require_relative "claude_swarm/permission_tool"
-require_relative "claude_swarm/permission_mcp_server"
 require_relative "claude_swarm/session_path"
 require_relative "claude_swarm/session_info_tool"
 require_relative "claude_swarm/reset_session_tool"

data/llms.txt

@@ -225,10 +225,10 @@ cat ~/.claude-swarm/sessions/PROJECT/TIMESTAMP/session.log.json
 - Check `main:` references valid instance key
 **"Circular dependency detected"**
 - Remove circular connections between instances
-**"Permission denied for tool X"**
+**"Tool not allowed"**
 - Check `allowed_tools` includes the tool
 - Check `disallowed_tools` doesn't block it
-- Use `--vibe` to skip permissions (dangerous)
+- Use `vibe: true` to skip all checks (dangerous)
 **"MCP server failed to start"**
 - Check the command/URL is correct
 - Verify MCP server is installed
@@ -362,12 +362,11 @@ bundle exec rake release
 - `CLAUDE_SWARM_HOME`: Override session storage location (default: ~/.claude-swarm)
 - `ANTHROPIC_MODEL`: Default Claude model if not specified
 ## Security Considerations
-- Tool restrictions enforced at permission layer
-- All permissions logged for audit
+- Tool restrictions enforced through configuration
 - Vibe mode bypasses ALL restrictions - use carefully
 - Session files may contain sensitive data
 - Each instance runs with its directory context
-- MCP servers inherit instance permissions
+- MCP servers inherit instance tool configurations
 ## Limitations
 - Tree hierarchy only (no circular dependencies)
 - Session restoration is experimental

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: claude_swarm
 version: !ruby/object:Gem::Version
-  version: 0.1.15
+  version: 0.1.16
 platform: ruby
 authors:
 - Paulo Arruda
@@ -59,6 +59,7 @@ files:
 - README.md
 - RELEASING.md
 - Rakefile
+- claude-sdk-docs.md
 - claude-swarm.yml
 - example/claude-swarm.yml
 - example/microservices-team.yml
@@ -72,8 +73,6 @@ files:
 - lib/claude_swarm/configuration.rb
 - lib/claude_swarm/mcp_generator.rb
 - lib/claude_swarm/orchestrator.rb
-- lib/claude_swarm/permission_mcp_server.rb
-- lib/claude_swarm/permission_tool.rb
 - lib/claude_swarm/process_tracker.rb
 - lib/claude_swarm/reset_session_tool.rb
 - lib/claude_swarm/session_info_tool.rb
@@ -81,7 +80,6 @@ files:
 - lib/claude_swarm/task_tool.rb
 - lib/claude_swarm/version.rb
 - llms.txt
-- sdk-docs.md
 homepage: https://github.com/parruda/claude-swarm
 licenses: []
 metadata:

data/lib/claude_swarm/permission_mcp_server.rb

@@ -1,189 +0,0 @@
-# frozen_string_literal: true
-
-require "json"
-require "fast_mcp_annotations"
-require "logger"
-require "fileutils"
-require_relative "permission_tool"
-require_relative "session_path"
-require_relative "process_tracker"
-
-module ClaudeSwarm
-  class PermissionMcpServer
-    # Server configuration
-    SERVER_NAME = "claude-swarm-permissions"
-    SERVER_VERSION = "1.0.0"
-
-    # Tool categories
-    FILE_TOOLS = %w[Read Write Edit].freeze
-    BASH_TOOL = "Bash"
-
-    # Pattern matching
-    TOOL_PATTERN_REGEX = /^([^()]+)\(([^)]+)\)$/
-    PARAM_PATTERN_REGEX = /^(\w+)\s*:\s*(.+)$/
-
-    def initialize(allowed_tools: nil, disallowed_tools: nil)
-      @allowed_tools = allowed_tools
-      @disallowed_tools = disallowed_tools
-      setup_logging
-    end
-
-    def start
-      configure_permission_tool
-      create_and_start_server
-    end
-
-    private
-
-    def configure_permission_tool
-      allowed_patterns = parse_tool_patterns(@allowed_tools)
-      disallowed_patterns = parse_tool_patterns(@disallowed_tools)
-
-      log_configuration(allowed_patterns, disallowed_patterns)
-
-      PermissionTool.allowed_patterns = allowed_patterns
-      PermissionTool.disallowed_patterns = disallowed_patterns
-      PermissionTool.logger = @logger
-    end
-
-    def create_and_start_server
-      # Track this process
-      session_path = SessionPath.from_env
-      if session_path && File.exist?(session_path)
-        tracker = ProcessTracker.new(session_path)
-        tracker.track_pid(Process.pid, "mcp_permissions")
-      end
-
-      server = FastMcp::Server.new(
-        name: SERVER_NAME,
-        version: SERVER_VERSION
-      )
-
-      server.register_tool(PermissionTool)
-      @logger.info("Permission MCP server started successfully")
-      server.start
-    end
-
-    def setup_logging
-      session_path = SessionPath.from_env
-      SessionPath.ensure_directory(session_path)
-      @logger = create_logger(session_path)
-      @logger.info("Permission MCP server logging initialized")
-    end
-
-    def create_logger(session_path)
-      log_path = File.join(session_path, "permissions.log")
-      logger = Logger.new(log_path)
-      logger.level = Logger::DEBUG
-      logger.formatter = log_formatter
-      logger
-    end
-
-    def log_formatter
-      proc do |severity, datetime, _progname, msg|
-        "[#{datetime.strftime("%Y-%m-%d %H:%M:%S.%L")}] [#{severity}] #{msg}\n"
-      end
-    end
-
-    def log_configuration(allowed_patterns, disallowed_patterns)
-      @logger.info("Starting permission MCP server with allowed patterns: #{allowed_patterns.inspect}, " \
-                   "disallowed patterns: #{disallowed_patterns.inspect}")
-    end
-
-    def parse_tool_patterns(tools)
-      return [] if tools.nil? || tools.empty?
-
-      normalize_tool_list(tools).filter_map do |tool|
-        parse_single_tool_pattern(tool.strip)
-      end
-    end
-
-    def normalize_tool_list(tools)
-      tools.is_a?(Array) ? tools : tools.split(/[,\s]+/)
-    end
-
-    def parse_single_tool_pattern(tool)
-      return nil if tool.empty?
-
-      if (match = tool.match(TOOL_PATTERN_REGEX))
-        parse_tool_with_pattern(match[1], match[2])
-      elsif tool.include?("*")
-        create_wildcard_tool_pattern(tool)
-      else
-        create_exact_tool_pattern(tool)
-      end
-    end
-
-    def parse_tool_with_pattern(tool_name, pattern)
-      case tool_name
-      when *FILE_TOOLS
-        create_file_tool_pattern(tool_name, pattern)
-      when BASH_TOOL
-        create_bash_tool_pattern(tool_name, pattern)
-      else
-        create_custom_tool_pattern(tool_name, pattern)
-      end
-    end
-
-    def create_file_tool_pattern(tool_name, pattern)
-      {
-        tool_name: tool_name,
-        pattern: File.expand_path(pattern),
-        type: :glob
-      }
-    end
-
-    def create_bash_tool_pattern(tool_name, pattern)
-      {
-        tool_name: tool_name,
-        pattern: process_bash_pattern(pattern),
-        type: :regex
-      }
-    end
-
-    def process_bash_pattern(pattern)
-      if pattern.include?(":")
-        # Colon syntax: convert parts and join with spaces
-        pattern.split(":")
-               .map { |part| part.gsub("*", ".*") }
-               .join(" ")
-      else
-        # Literal pattern: escape asterisks
-        pattern.gsub("*", "\\*")
-      end
-    end
-
-    def create_custom_tool_pattern(tool_name, pattern)
-      {
-        tool_name: tool_name,
-        pattern: parse_parameter_patterns(pattern),
-        type: :params
-      }
-    end
-
-    def parse_parameter_patterns(pattern)
-      pattern.split(",").each_with_object({}) do |param_pair, params|
-        param_pair = param_pair.strip
-        if (match = param_pair.match(PARAM_PATTERN_REGEX))
-          params[match[1]] = match[2]
-        end
-      end
-    end
-
-    def create_wildcard_tool_pattern(tool)
-      {
-        tool_name: tool.gsub("*", ".*"),
-        pattern: nil,
-        type: :regex
-      }
-    end
-
-    def create_exact_tool_pattern(tool)
-      {
-        tool_name: tool,
-        pattern: nil,
-        type: :exact
-      }
-    end
-  end
-end

data/lib/claude_swarm/permission_tool.rb

@@ -1,201 +0,0 @@
-# frozen_string_literal: true
-
-require "json"
-require "fast_mcp_annotations"
-
-module ClaudeSwarm
-  class PermissionTool < FastMcp::Tool
-    # Class variables to store allowed/disallowed patterns and logger
-    class << self
-      attr_accessor :allowed_patterns, :disallowed_patterns, :logger
-    end
-
-    # Tool categories
-    FILE_TOOLS = %w[Read Write Edit].freeze
-    BASH_TOOL = "Bash"
-
-    # Response behaviors
-    BEHAVIOR_ALLOW = "allow"
-    BEHAVIOR_DENY = "deny"
-
-    # File matching flags
-    FILE_MATCH_FLAGS = File::FNM_DOTMATCH | File::FNM_PATHNAME | File::FNM_EXTGLOB
-
-    tool_name "check_permission"
-    description "Check if a tool is allowed to be used based on configured patterns"
-
-    arguments do
-      required(:tool_name).filled(:string).description("The tool requesting permission")
-      required(:input).value(:hash).description("The input for the tool")
-    end
-
-    def call(tool_name:, input:)
-      @current_tool_name = tool_name
-      log_request(tool_name, input)
-
-      result = evaluate_permission(tool_name, input)
-      response = JSON.generate(result)
-
-      log_response(response)
-      response
-    end
-
-    private
-
-    def evaluate_permission(tool_name, input)
-      if explicitly_disallowed?(tool_name, input)
-        deny_response(tool_name, "explicitly disallowed")
-      elsif implicitly_allowed?(tool_name, input)
-        allow_response(input)
-      else
-        deny_response(tool_name, "not allowed by configured patterns")
-      end
-    end
-
-    def explicitly_disallowed?(tool_name, input)
-      check_patterns(disallowed_patterns, tool_name, input, "Disallowed")
-    end
-
-    def implicitly_allowed?(tool_name, input)
-      allowed_patterns.empty? || check_patterns(allowed_patterns, tool_name, input, "Allowed")
-    end
-
-    def check_patterns(patterns, tool_name, input, pattern_type)
-      patterns.any? do |pattern_hash|
-        match = matches_pattern?(tool_name, input, pattern_hash)
-        log_pattern_check(pattern_type, pattern_hash, tool_name, input, match)
-        match
-      end
-    end
-
-    def matches_pattern?(tool_name, input, pattern_hash)
-      return false unless tool_name_matches?(tool_name, pattern_hash)
-      return true if pattern_hash[:pattern].nil?
-
-      match_tool_specific_pattern(tool_name, input, pattern_hash)
-    end
-
-    def tool_name_matches?(tool_name, pattern_hash)
-      case pattern_hash[:type]
-      when :regex
-        tool_name.match?(/^#{pattern_hash[:tool_name]}$/)
-      else
-        tool_name == pattern_hash[:tool_name]
-      end
-    end
-
-    def match_tool_specific_pattern(_tool_name, input, pattern_hash)
-      case pattern_hash[:tool_name]
-      when BASH_TOOL
-        match_bash_pattern(input, pattern_hash)
-      when *FILE_TOOLS
-        match_file_pattern(input, pattern_hash[:pattern])
-      else
-        match_custom_tool_pattern(input, pattern_hash)
-      end
-    end
-
-    def match_bash_pattern(input, pattern_hash)
-      command = extract_field_value(input, "command")
-      return false unless command
-
-      if pattern_hash[:type] == :regex
-        command.match?(/^#{pattern_hash[:pattern]}$/)
-      else
-        command == pattern_hash[:pattern]
-      end
-    end
-
-    def match_file_pattern(input, pattern)
-      file_path = extract_field_value(input, "file_path")
-      unless file_path
-        log_missing_field("file_path", input)
-        return false
-      end
-
-      File.fnmatch(pattern, File.expand_path(file_path), FILE_MATCH_FLAGS)
-    end
-
-    def match_custom_tool_pattern(input, pattern_hash)
-      return false unless pattern_hash[:type] == :params && pattern_hash[:pattern].is_a?(Hash)
-      return false if pattern_hash[:pattern].empty?
-
-      match_parameter_patterns(input, pattern_hash[:pattern])
-    end
-
-    def match_parameter_patterns(input, param_patterns)
-      param_patterns.all? do |param_name, param_pattern|
-        value = extract_field_value(input, param_name.to_s)
-        return false unless value
-
-        regex_pattern = glob_to_regex(param_pattern)
-        value.to_s.match?(/^#{regex_pattern}$/)
-      end
-    end
-
-    def extract_field_value(input, field_name)
-      input[field_name] || input[field_name.to_sym]
-    end
-
-    def glob_to_regex(pattern)
-      Regexp.escape(pattern)
-            .gsub('\*', ".*")
-            .gsub('\?', ".")
-    end
-
-    # Response builders
-    def allow_response(input)
-      log_decision("ALLOWED", "matches configured patterns")
-      {
-        "behavior" => BEHAVIOR_ALLOW,
-        "updatedInput" => input
-      }
-    end
-
-    def deny_response(tool_name, reason)
-      log_decision("DENIED", "is #{reason}")
-      {
-        "behavior" => BEHAVIOR_DENY,
-        "message" => "Tool '#{tool_name}' is #{reason}"
-      }
-    end
-
-    # Logging helpers
-    def log_request(tool_name, input)
-      logger&.info("Permission check requested for tool: #{tool_name}")
-      logger&.info("Tool input: #{input.inspect}")
-      logger&.info("Checking against allowed patterns: #{allowed_patterns.inspect}")
-      logger&.info("Checking against disallowed patterns: #{disallowed_patterns.inspect}")
-    end
-
-    def log_response(response)
-      logger&.info("Returning response: #{response}")
-    end
-
-    def log_pattern_check(pattern_type, pattern_hash, tool_name, input, match)
-      logger&.info("#{pattern_type} pattern '#{pattern_hash.inspect}' vs '#{tool_name}' " \
-                   "with input '#{input.inspect}': #{match}")
-    end
-
-    def log_decision(status, reason)
-      logger&.info("#{status}: Tool '#{@current_tool_name}' #{reason}")
-    end
-
-    def log_missing_field(field_name, input)
-      logger&.info("#{field_name} not found in input: #{input.inspect}")
-    end
-
-    # Convenience accessors
-    def logger
-      self.class.logger
-    end
-
-    def allowed_patterns
-      self.class.allowed_patterns || []
-    end
-
-    def disallowed_patterns
-      self.class.disallowed_patterns || []
-    end
-  end
-end