claude_swarm 0.1.6 → 0.1.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 32206b2e4ec4228e8d9c2450447f0508a2c58378d37c80ce24d327a54653ee05
-  data.tar.gz: c11bf2d8042b73de10ee2f40c01e977d8bae0a8bd74e23b74fc29216735396c3
+  metadata.gz: 0b5aa9e698fe0c055fc16aa5263df48a2c6e473179d5472e06f83c8845a3447c
+  data.tar.gz: ce36d61d30177b38e2f9dbb6f9b00fc1222f0d5ee4cb4539e75f912ad9777904
 SHA512:
-  metadata.gz: 5e639606be661128f4c23411f6e9c4164cf9b212ce37e6f99178ba33e4d67a5eb0995b25c1dbe885fff0c20230ea12e347c7b04c7b3bef8b4313353bce6cb948
-  data.tar.gz: 8d51962bb83f7268510b44a1aff1b13c5f5260c008b8bb26b41d971d0fbdd816c76a9221c275c028851c7ccc825c2aeee7b0d7d0e311f50485119693b3b5791a
+  metadata.gz: ffbac2fb59e4f76ab39efe172a89d1a11b0893efd763770ba3f4c6e52785df44d19cc0db9a8dd87e2df52c05c7d8cceadc47deb2a8304e34ccb2c921b781842c
+  data.tar.gz: dd4eeb38f8d56c3cd41570fe0be0ccda029240893780d95c82c134ad02d91c840ba8fd3fb344dc205c7a3345e37fbce33b8f633abd076390783b31babaf6014d

data/CHANGELOG.md

@@ -1,3 +1,23 @@
+## [0.1.7]
+
+### Added
+- **Vibe mode support**: Per-instance `vibe: true` configuration to skip all permission checks for specific instances
+- **Automatic permission management**: Built-in permission MCP server that handles tool authorization without manual approval
+- **Permission logging**: All permission checks are logged to `.claude-swarm/sessions/{timestamp}/permissions.log`
+- **Mixed permission modes**: Support for running some instances with full permissions while others remain restricted
+- **New CLI command**: `claude-swarm tools-mcp` for starting a standalone permission management MCP server
+- **Permission tool patterns**: Support for wildcard patterns in tool permissions (e.g., `mcp__frontend__*`)
+
+### Changed
+- Fixed `--system-prompt` to use `--append-system-prompt` for proper Claude Code integration
+- Added `--permission-prompt-tool` flag pointing to `mcp__permissions__check_permission` when not in vibe mode
+- Enhanced MCP generation to include a permission server for each instance (unless in vibe mode)
+
+### Technical Details
+- Permission checks use Fast MCP server with pattern matching for tool names
+- Each instance can have its own permission configuration independent of global settings
+- Permission decisions are made based on configured tool patterns with wildcard support
+
 ## [0.1.6]
 - Refactor: move tools out of the ClaudeMcpServer class
 - Move logging into code executor and save instance interaction streams to session.log

data/README.md

@@ -208,6 +208,7 @@ Each instance can have:
 - **tools**: Array of tools this instance can use
 - **mcps**: Array of additional MCP servers to connect
 - **prompt**: Custom system prompt to append to the instance
+- **vibe**: Enable vibe mode (--dangerously-skip-permissions) for this instance (default: false)
 
 ```yaml
 instance_name:
@@ -216,6 +217,7 @@ instance_name:
   model: opus
   connections: [other_instance1, other_instance2]
   prompt: "You are a specialized agent focused on..."
+  vibe: false  # Set to true to skip all permission checks for this instance
   tools:
     - Read
     - Edit
@@ -388,6 +390,37 @@ swarm:
         - Read
 ```
 
+#### Mixed Permission Modes
+
+You can have different permission modes for different instances:
+
+```yaml
+version: 1
+swarm:
+  name: "Mixed Mode Team"
+  main: lead
+  instances:
+    lead:
+      description: "Lead with full permissions"
+      directory: .
+      model: opus
+      vibe: true  # This instance runs with --dangerously-skip-permissions
+      connections: [restricted_worker, trusted_worker]
+      
+    restricted_worker:
+      description: "Worker with restricted permissions"
+      directory: ./sensitive
+      model: sonnet
+      tools: [Read, "Bash(ls:*)"]  # Only allow read and ls commands
+      
+    trusted_worker:
+      description: "Trusted worker with more permissions"
+      directory: ./workspace
+      model: sonnet
+      vibe: true  # This instance also skips permissions
+      tools: []  # Tools list ignored when vibe: true
+```
+
 ### Command Line Options
 
 ```bash
@@ -408,6 +441,9 @@ claude-swarm --prompt "Fix the bug in the payment module"
 # Show version
 claude-swarm version
 
+# Start permission MCP server (for testing/debugging)
+claude-swarm tools-mcp --allowed-tools 'mcp__frontend__*,mcp__backend__*'
+
 # Internal command for MCP server (used by connected instances)
 claude-swarm mcp-serve INSTANCE_NAME --config CONFIG_FILE --session-timestamp TIMESTAMP
 ```
@@ -418,18 +454,27 @@ claude-swarm mcp-serve INSTANCE_NAME --config CONFIG_FILE --session-timestamp TI
 2. **MCP Generation**: For each instance, it generates an MCP configuration file that includes:
    - Any explicitly defined MCP servers
    - MCP servers for each connected instance (using `claude-swarm mcp-serve`)
-3. **Session Management**: Claude Swarm maintains session continuity:
+   - A permission MCP server (unless using `--vibe` mode)
+3. **Tool Permissions**: Claude Swarm automatically manages tool permissions:
+   - Each instance's configured tools are allowed via the permission MCP
+   - Supports wildcard patterns (e.g., `mcp__frontend__*` allows all frontend MCP tools)
+   - Eliminates the need to manually accept each tool or use global `--vibe` mode
+   - Per-instance `vibe: true` skips all permission checks for that specific instance
+   - The permission MCP uses `--permission-prompt-tool` to check tool access
+   - Permission decisions are logged to `.claude-swarm/sessions/{timestamp}/permissions.log`
+4. **Session Management**: Claude Swarm maintains session continuity:
    - Generates a shared session timestamp for all instances
    - Each instance can maintain its own Claude session ID
    - Sessions can be reset via the MCP server interface
-4. **Main Instance Launch**: The main instance is launched with its MCP configuration, giving it access to all connected instances
-5. **Inter-Instance Communication**: Connected instances expose themselves as MCP servers with these tools:
+5. **Main Instance Launch**: The main instance is launched with its MCP configuration, giving it access to all connected instances
+6. **Inter-Instance Communication**: Connected instances expose themselves as MCP servers with these tools:
    - **task**: Execute tasks using Claude Code with configurable tools and return results. The tool description includes the instance name and description (e.g., "Execute a task using Agent frontend_dev. Frontend developer specializing in React and TypeScript")
    - **session_info**: Get current Claude session information including ID and working directory
    - **reset_session**: Reset the Claude session for a fresh start
-6. **Session Management**: All session files are organized in `.claude-swarm/sessions/{timestamp}/`:
+7. **Session Management**: All session files are organized in `.claude-swarm/sessions/{timestamp}/`:
    - MCP configuration files: `{instance_name}.mcp.json`
    - Session log: `session.log` with detailed request/response tracking
+   - Permission log: `permissions.log` with all permission checks and decisions
 
 ## Troubleshooting
 

data/claude-swarm.yml

@@ -8,7 +8,7 @@ swarm:
       directory: .
       model: opus
       prompt: "You are the lead developer coordinating the team"
-      tools: [Read, Edit, Bash, Write]
+      vibe: true
       connections: [frontend_dev]
 
     # Example instances (uncomment and modify as needed):
@@ -18,4 +18,9 @@ swarm:
       directory: .
       model: opus
       prompt: "You specialize in frontend development with React, TypeScript, and modern web technologies"
-      tools: [Read, Edit, Write, "Bash(npm:*)", "Bash(yarn:*)", "Bash(pnpm:*)"]
+      tools: [mcp__headless_browser__*]
+      mcps:
+        - name: headless_browser
+          type: stdio
+          command: bundle
+          args: ["exec", "hbt", "stdio"]

data/lib/claude_swarm/claude_code_executor.rb

@@ -191,7 +191,7 @@ module ClaudeSwarm
       cmd_array += ["--print", "-p", prompt]
 
       # Add any custom system prompt
-      cmd_array += ["--system-prompt", options[:system_prompt]] if options[:system_prompt]
+      cmd_array += ["--append-system-prompt", options[:system_prompt]] if options[:system_prompt]
 
       # Add any allowed tools or vibe flag
       if @vibe
@@ -201,6 +201,9 @@ module ClaudeSwarm
         cmd_array += ["--allowedTools", tools]
       end
 
+      # Add permission prompt tool if not in vibe mode
+      cmd_array += ["--permission-prompt-tool", "mcp__permissions__check_permission"] unless @vibe
+
       cmd_array
     end
 

data/lib/claude_swarm/cli.rb

@@ -5,6 +5,7 @@ require_relative "configuration"
 require_relative "mcp_generator"
 require_relative "orchestrator"
 require_relative "claude_mcp_server"
+require_relative "permission_mcp_server"
 
 module ClaudeSwarm
   class CLI < Thor
@@ -156,6 +157,20 @@ module ClaudeSwarm
       say "Claude Swarm #{VERSION}"
     end
 
+    desc "tools-mcp", "Start a permission management MCP server for tool access control"
+    method_option :allowed_tools, aliases: "-t", type: :array,
+                                  desc: "Comma-separated list of allowed tool patterns (supports wildcards)"
+    method_option :debug, type: :boolean, default: false,
+                          desc: "Enable debug output"
+    def tools_mcp
+      server = PermissionMcpServer.new(allowed_tools: options[:allowed_tools])
+      server.start
+    rescue StandardError => e
+      error "Error starting permission MCP server: #{e.message}"
+      error e.backtrace.join("\n") if options[:debug]
+      exit 1
+    end
+
     default_task :start
 
     private

data/lib/claude_swarm/configuration.rb

@@ -84,7 +84,8 @@ module ClaudeSwarm
         tools: Array(config["tools"]),
         mcps: parse_mcps(config["mcps"] || []),
         prompt: config["prompt"],
-        description: config["description"]
+        description: config["description"],
+        vibe: config["vibe"] || false
       }
     end
 

data/lib/claude_swarm/mcp_generator.rb

@@ -58,6 +58,9 @@ module ClaudeSwarm
         mcp_servers[connection_name] = build_instance_mcp_config(connection_name, connected_instance, calling_instance: name)
       end
 
+      # Add permission MCP server if not in vibe mode (global or instance-specific)
+      mcp_servers["permissions"] = build_permission_mcp_config(instance[:tools]) unless @vibe || instance[:vibe]
+
       config = {
         "mcpServers" => mcp_servers
       }
@@ -106,7 +109,7 @@ module ClaudeSwarm
 
       args.push("--calling-instance", calling_instance) if calling_instance
 
-      args.push("--vibe") if @vibe
+      args.push("--vibe") if @vibe || instance[:vibe]
 
       {
         "type" => "stdio",
@@ -114,5 +117,23 @@ module ClaudeSwarm
         "args" => args
       }
     end
+
+    def build_permission_mcp_config(allowed_tools)
+      exe_path = "claude-swarm"
+
+      args = ["tools-mcp"]
+
+      # Add allowed tools if specified
+      args.push("--allowed-tools", allowed_tools.join(",")) if allowed_tools && !allowed_tools.empty?
+
+      {
+        "type" => "stdio",
+        "command" => exe_path,
+        "args" => args,
+        "env" => {
+          "CLAUDE_SWARM_SESSION_TIMESTAMP" => @timestamp
+        }
+      }
+    end
   end
 end

data/lib/claude_swarm/orchestrator.rb

@@ -41,6 +41,7 @@ module ClaudeSwarm
         puts "   Directory: #{main_instance[:directory]}"
         puts "   Tools: #{main_instance[:tools].join(", ")}" if main_instance[:tools].any?
         puts "   Connections: #{main_instance[:connections].join(", ")}" if main_instance[:connections].any?
+        puts "   😎 Vibe mode ON for this instance" if main_instance[:vibe]
         puts
       end
 
@@ -65,12 +66,15 @@ module ClaudeSwarm
         instance[:model]
       ]
 
-      if @vibe
+      if @vibe || instance[:vibe]
         parts << "--dangerously-skip-permissions"
       elsif instance[:tools].any?
         tools_str = instance[:tools].join(",")
         parts << "--allowedTools"
         parts << tools_str
+        # Add permission prompt tool
+        parts << "--permission-prompt-tool"
+        parts << "mcp__permissions__check_permission"
       end
 
       if instance[:prompt]

data/lib/claude_swarm/permission_mcp_server.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+require "json"
+require "fast_mcp"
+require "logger"
+require "fileutils"
+require_relative "permission_tool"
+
+module ClaudeSwarm
+  class PermissionMcpServer
+    SWARM_DIR = ".claude-swarm"
+    SESSIONS_DIR = "sessions"
+
+    def initialize(allowed_tools: nil)
+      @allowed_tools = allowed_tools
+      setup_logging
+    end
+
+    def start
+      # Parse allowed tools
+      allowed_patterns = parse_allowed_tools(@allowed_tools)
+
+      @logger.info("Starting permission MCP server with allowed patterns: #{allowed_patterns.inspect}")
+
+      # Set the patterns on the tool class
+      PermissionTool.allowed_patterns = allowed_patterns
+      PermissionTool.logger = @logger
+
+      server = FastMcp::Server.new(
+        name: "claude-swarm-permissions",
+        version: "1.0.0"
+      )
+
+      # Register the tool class
+      server.register_tool(PermissionTool)
+
+      @logger.info("Permission MCP server started successfully")
+
+      # Start the stdio server
+      server.start
+    end
+
+    private
+
+    def setup_logging
+      # Use environment variable for session timestamp if available
+      # Otherwise create a new timestamp
+      session_timestamp = ENV["CLAUDE_SWARM_SESSION_TIMESTAMP"] || Time.now.strftime("%Y%m%d_%H%M%S")
+
+      # Ensure the session directory exists
+      session_dir = File.join(Dir.pwd, SWARM_DIR, SESSIONS_DIR, session_timestamp)
+      FileUtils.mkdir_p(session_dir)
+
+      # Create logger with permissions.log filename
+      log_path = File.join(session_dir, "permissions.log")
+      @logger = Logger.new(log_path)
+      @logger.level = Logger::DEBUG
+
+      # Custom formatter for better readability
+      @logger.formatter = proc do |severity, datetime, _progname, msg|
+        "[#{datetime.strftime("%Y-%m-%d %H:%M:%S.%L")}] [#{severity}] #{msg}\n"
+      end
+
+      @logger.info("Permission MCP server logging initialized")
+    end
+
+    def parse_allowed_tools(tools)
+      return [] if tools.nil? || tools.empty?
+
+      # Handle both string and array inputs
+      tool_list = tools.is_a?(Array) ? tools : tools.split(/[,\s]+/)
+
+      # Clean up and return
+      tool_list.map(&:strip).reject(&:empty?)
+    end
+  end
+end

data/lib/claude_swarm/permission_tool.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require "json"
+require "fast_mcp"
+
+module ClaudeSwarm
+  class PermissionTool < FastMcp::Tool
+    # Class variables to store allowed patterns and logger
+    class << self
+      attr_accessor :allowed_patterns, :logger
+    end
+
+    tool_name "check_permission"
+    description "Check if a tool is allowed to be used based on configured patterns"
+
+    arguments do
+      required(:tool_name).filled(:string).description("The tool requesting permission")
+      required(:input).value(:hash).description("The input for the tool")
+    end
+
+    def call(tool_name:, input:)
+      logger = self.class.logger
+      logger.info("Permission check requested for tool: #{tool_name}")
+      logger.info("Tool input: #{input.inspect}")
+
+      # Check if the tool matches any allowed pattern
+      patterns = self.class.allowed_patterns || []
+      logger.info("Checking against patterns: #{patterns.inspect}")
+
+      allowed = patterns.any? do |pattern|
+        match = if pattern.include?("*")
+                  # Convert wildcard pattern to regex
+                  regex_pattern = pattern.gsub("*", ".*")
+                  tool_name.match?(/^#{regex_pattern}$/)
+                else
+                  # Exact match
+                  tool_name == pattern
+                end
+        logger.info("Pattern '#{pattern}' vs '#{tool_name}': #{match}")
+        match
+      end
+
+      result = if allowed
+                 logger.info("ALLOWED: Tool '#{tool_name}' matches configured patterns")
+                 {
+                   "behavior" => "allow",
+                   "updatedInput" => input
+                 }
+               else
+                 logger.info("DENIED: Tool '#{tool_name}' does not match any configured patterns")
+                 {
+                   "behavior" => "deny",
+                   "message" => "Tool '#{tool_name}' is not allowed by configured patterns"
+                 }
+               end
+
+      # Return JSON-stringified result as per SDK docs
+      response = JSON.generate(result)
+      logger.info("Returning response: #{response}")
+      response
+    end
+  end
+end

data/lib/claude_swarm/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ClaudeSwarm
-  VERSION = "0.1.6"
+  VERSION = "0.1.7"
 end

data/lib/claude_swarm.rb

@@ -4,6 +4,8 @@ require_relative "claude_swarm/version"
 require_relative "claude_swarm/cli"
 require_relative "claude_swarm/claude_code_executor"
 require_relative "claude_swarm/claude_mcp_server"
+require_relative "claude_swarm/permission_tool"
+require_relative "claude_swarm/permission_mcp_server"
 
 module ClaudeSwarm
   class Error < StandardError; end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: claude_swarm
 version: !ruby/object:Gem::Version
-  version: 0.1.6
+  version: 0.1.7
 platform: ruby
 authors:
 - Paulo Arruda
 bindir: exe
 cert_chain: []
-date: 2025-06-02 00:00:00.000000000 Z
+date: 2025-06-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -67,6 +67,8 @@ files:
 - lib/claude_swarm/configuration.rb
 - lib/claude_swarm/mcp_generator.rb
 - lib/claude_swarm/orchestrator.rb
+- lib/claude_swarm/permission_mcp_server.rb
+- lib/claude_swarm/permission_tool.rb
 - lib/claude_swarm/reset_session_tool.rb
 - lib/claude_swarm/session_info_tool.rb
 - lib/claude_swarm/task_tool.rb