claude_swarm 0.1.6 → 0.1.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 32206b2e4ec4228e8d9c2450447f0508a2c58378d37c80ce24d327a54653ee05
-  data.tar.gz: c11bf2d8042b73de10ee2f40c01e977d8bae0a8bd74e23b74fc29216735396c3
+  metadata.gz: 4694bdf654adfb2784e4156d504ace610c9b48bd7aedafb4d5571ee0483325e6
+  data.tar.gz: 9f26361aac4c2815b11f95ab28a67fbb684377d691b7ee5a1b99c89a1a4fa3c1
 SHA512:
-  metadata.gz: 5e639606be661128f4c23411f6e9c4164cf9b212ce37e6f99178ba33e4d67a5eb0995b25c1dbe885fff0c20230ea12e347c7b04c7b3bef8b4313353bce6cb948
-  data.tar.gz: 8d51962bb83f7268510b44a1aff1b13c5f5260c008b8bb26b41d971d0fbdd816c76a9221c275c028851c7ccc825c2aeee7b0d7d0e311f50485119693b3b5791a
+  metadata.gz: 8c5d95adfea48bb560e8ed04d1149284fa199e72a9051e85f7e3e23222a1c117c96b6eb977a418bc573d41a6e6c846d7071dd552121d3810a33b0937ac3228c4
+  data.tar.gz: aaf42838c5caf597bde330171ebd0aca702089731794f2c45df395b177fe6871c96f27f5838da587a9454de7cc397ca8fae7f910c6f61b1f775f6c2911444823

data/CHANGELOG.md

@@ -1,3 +1,34 @@
+## [0.1.8]
+
+### Added
+- **Disallowed tools support**: New `disallowed_tools` YAML key for explicitly denying specific tools (takes precedence over allowed tools)
+
+### Changed
+- **Renamed YAML key**: `tools` renamed to `allowed_tools` while maintaining backward compatibility
+- Tool permissions now support both allow and deny patterns, with deny taking precedence
+- Both `--allowedTools` and `--disallowedTools` are passed as comma-separated lists to Claude
+- New CLI option `--stream-logs` - can only be used with `-p`
+
+## [0.1.7]
+
+### Added
+- **Vibe mode support**: Per-instance `vibe: true` configuration to skip all permission checks for specific instances
+- **Automatic permission management**: Built-in permission MCP server that handles tool authorization without manual approval
+- **Permission logging**: All permission checks are logged to `.claude-swarm/sessions/{timestamp}/permissions.log`
+- **Mixed permission modes**: Support for running some instances with full permissions while others remain restricted
+- **New CLI command**: `claude-swarm tools-mcp` for starting a standalone permission management MCP server
+- **Permission tool patterns**: Support for wildcard patterns in tool permissions (e.g., `mcp__frontend__*`)
+
+### Changed
+- Fixed `--system-prompt` to use `--append-system-prompt` for proper Claude Code integration
+- Added `--permission-prompt-tool` flag pointing to `mcp__permissions__check_permission` when not in vibe mode
+- Enhanced MCP generation to include a permission server for each instance (unless in vibe mode)
+
+### Technical Details
+- Permission checks use Fast MCP server with pattern matching for tool names
+- Each instance can have its own permission configuration independent of global settings
+- Permission decisions are made based on configured tool patterns with wildcard support
+
 ## [0.1.6]
 - Refactor: move tools out of the ClaudeMcpServer class
 - Move logging into code executor and save instance interaction streams to session.log

data/README.md

@@ -1,5 +1,8 @@
 # Claude Swarm
 
+[![Gem Version](https://badge.fury.io/rb/claude_swarm.svg)](https://badge.fury.io/rb/claude_swarm)
+[![CI](https://github.com/parruda/claude-swarm/actions/workflows/ci.yml/badge.svg)](https://github.com/parruda/claude-swarm/actions/workflows/ci.yml)
+
 Claude Swarm orchestrates multiple Claude Code instances as a collaborative AI development team. It enables running AI agents with specialized roles, tools, and directory contexts, communicating via MCP (Model Context Protocol) in a tree-like hierarchy. Define your swarm topology in simple YAML and let Claude instances delegate tasks through connected instances. Perfect for complex projects requiring specialized AI agents for frontend, backend, testing, DevOps, or research tasks.
 
 ## Installation
@@ -24,7 +27,7 @@ bundle install
 
 ## Prerequisites
 
-- Ruby 3.1.0 or higher
+- Ruby 3.2.0 or higher
 - Claude CLI installed and configured
 - Any MCP servers you plan to use (optional)
 
@@ -45,7 +48,7 @@ swarm:
       directory: .
       model: opus
       connections: [frontend, backend]
-      tools: # Tools aren't required if you run it with `--vibe`
+      allowed_tools: # Tools aren't required if you run it with `--vibe`
         - Read
         - Edit
         - Bash
@@ -53,7 +56,7 @@ swarm:
       description: "Frontend specialist handling UI and user experience"
       directory: ./frontend
       model: opus
-      tools:
+      allowed_tools:
         - Edit
         - Write
         - Bash
@@ -61,7 +64,7 @@ swarm:
       description: "Backend developer managing APIs and data layer"
       directory: ./backend  
       model: opus
-      tools:
+      allowed_tools:
         - Edit
         - Write
         - Bash
@@ -98,7 +101,7 @@ swarm:
       model: opus
       connections: [frontend_lead, backend_lead, mobile_lead, devops]
       prompt: "You are the system architect coordinating between different service teams"
-      tools: [Read, Edit, WebSearch]
+      allowed_tools: [Read, Edit, WebSearch]
     
     frontend_lead:
       description: "Frontend team lead overseeing React development"
@@ -106,21 +109,21 @@ swarm:
       model: opus
       connections: [react_dev, css_expert]
       prompt: "You lead the web frontend team working with React"
-      tools: [Read, Edit, Bash]
+      allowed_tools: [Read, Edit, Bash]
     
     react_dev:
       description: "React developer specializing in components and state management"
       directory: ./web-frontend/src
       model: opus
       prompt: "You specialize in React components and state management"
-      tools: [Edit, Write, "Bash(npm:*)"]
+      allowed_tools: [Edit, Write, "Bash(npm:*)"]
     
     css_expert:
       description: "CSS specialist handling styling and responsive design"
       directory: ./web-frontend/styles
       model: opus
       prompt: "You handle all CSS and styling concerns"
-      tools: [Edit, Write, Read]
+      allowed_tools: [Edit, Write, Read]
     
     backend_lead:
       description: "Backend team lead managing API development"
@@ -128,21 +131,21 @@ swarm:
       model: opus
       connections: [api_dev, database_expert]
       prompt: "You lead the API backend team"
-      tools: [Read, Edit, Bash]
+      allowed_tools: [Read, Edit, Bash]
     
     api_dev:
       description: "API developer building REST endpoints"
       directory: ./api-server/src
       model: opus
       prompt: "You develop REST API endpoints"
-      tools: [Edit, Write, Bash]
+      allowed_tools: [Edit, Write, Bash]
     
     database_expert:
       description: "Database specialist managing schemas and migrations"
       directory: ./api-server/db
       model: opus
       prompt: "You handle database schema and migrations"
-      tools: [Edit, Write, "Bash(psql:*, migrate:*)"]
+      allowed_tools: [Edit, Write, "Bash(psql:*, migrate:*)"]
     
     mobile_lead:
       description: "Mobile team lead coordinating cross-platform development"
@@ -150,28 +153,28 @@ swarm:
       model: opus
       connections: [ios_dev, android_dev]
       prompt: "You coordinate mobile development across platforms"
-      tools: [Read, Edit]
+      allowed_tools: [Read, Edit]
     
     ios_dev:
       description: "iOS developer building native Apple applications"
       directory: ./mobile-app/ios
       model: opus
       prompt: "You develop the iOS application"
-      tools: [Edit, Write, "Bash(xcodebuild:*, pod:*)"]
+      allowed_tools: [Edit, Write, "Bash(xcodebuild:*, pod:*)"]
     
     android_dev:
       description: "Android developer creating native Android apps"
       directory: ./mobile-app/android
       model: opus
       prompt: "You develop the Android application"
-      tools: [Edit, Write, "Bash(gradle:*, adb:*)"]
+      allowed_tools: [Edit, Write, "Bash(gradle:*, adb:*)"]
     
     devops:
       description: "DevOps engineer managing CI/CD and infrastructure"
       directory: ./infrastructure
       model: opus
       prompt: "You handle CI/CD and infrastructure"
-      tools: [Read, Edit, "Bash(docker:*, kubectl:*)"]
+      allowed_tools: [Read, Edit, "Bash(docker:*, kubectl:*)"]
 ```
 
 In this setup:
@@ -205,9 +208,11 @@ Each instance can have:
 - **directory**: Working directory for this instance (can use ~ for home)
 - **model**: Claude model to use (opus, sonnet, haiku)
 - **connections**: Array of other instances this one can communicate with
-- **tools**: Array of tools this instance can use
+- **allowed_tools**: Array of tools this instance can use (backward compatible with `tools`)
+- **disallowed_tools**: Array of tools to explicitly deny (takes precedence over allowed_tools)
 - **mcps**: Array of additional MCP servers to connect
 - **prompt**: Custom system prompt to append to the instance
+- **vibe**: Enable vibe mode (--dangerously-skip-permissions) for this instance (default: false)
 
 ```yaml
 instance_name:
@@ -216,13 +221,17 @@ instance_name:
   model: opus
   connections: [other_instance1, other_instance2]
   prompt: "You are a specialized agent focused on..."
-  tools:
+  vibe: false  # Set to true to skip all permission checks for this instance
+  allowed_tools:
     - Read
     - Edit
     - Write
     - Bash
     - WebFetch
     - WebSearch
+  disallowed_tools:  # Optional: explicitly deny specific tools
+    - "Write(*.log)"
+    - "Bash(rm:*)"
   mcps:
     - name: server_name
       type: stdio
@@ -258,23 +267,27 @@ mcps:
 Specify which tools each instance can use:
 
 ```yaml
-tools:
+allowed_tools:
   - Bash           # Command execution
   - Edit           # File editing
   - Write          # File creation
   - Read           # File reading
   - WebFetch       # Fetch web content
   - WebSearch      # Search the web
+
+disallowed_tools:  # Optional: explicitly deny specific tools
+  - "Write(*.md)"  # Don't allow writing markdown files
+  - "Bash(rm:*)"   # Don't allow rm commands
 ```
 
-Tools are passed to Claude using the `--allowedTools` flag with comma-separated values.
+Tools are passed to Claude using the `--allowedTools` and `--disallowedTools` flags with comma-separated values. Disallowed tools take precedence over allowed tools.
 
 #### Tool Restrictions
 
 You can restrict tools with pattern-based filters:
 
 ```yaml
-tools:
+allowed_tools:
   - Read                    # Unrestricted read access
   - Edit                    # Unrestricted edit access
   - "Bash(npm:*)"          # Only allow npm commands
@@ -297,7 +310,7 @@ swarm:
       model: opus
       connections: [frontend, backend, devops]
       prompt: "You are the lead architect responsible for system design and code quality"
-      tools:
+      allowed_tools:
         - Read
         - Edit
         - WebSearch
@@ -308,7 +321,7 @@ swarm:
       model: opus
       connections: [architect]
       prompt: "You specialize in React, TypeScript, and modern frontend development"
-      tools:
+      allowed_tools:
         - Edit
         - Write
         - Bash
@@ -318,7 +331,7 @@ swarm:
       directory: ./backend
       model: opus
       connections: [architect, database]
-      tools:
+      allowed_tools:
         - Edit
         - Write
         - Bash
@@ -327,7 +340,7 @@ swarm:
       description: "Database administrator managing data persistence"
       directory: ./db
       model: haiku
-      tools:
+      allowed_tools:
         - Read
         - Bash
         
@@ -336,7 +349,7 @@ swarm:
       directory: .
       model: opus
       connections: [architect]
-      tools:
+      allowed_tools:
         - Read
         - Edit
         - Bash
@@ -355,7 +368,7 @@ swarm:
       directory: ~/research
       model: opus
       connections: [data_analyst, writer]
-      tools:
+      allowed_tools:
         - Read
         - WebSearch
         - WebFetch
@@ -368,7 +381,7 @@ swarm:
       description: "Data analyst processing research data and statistics"
       directory: ~/research/data
       model: opus
-      tools:
+      allowed_tools:
         - Read
         - Write
         - Bash
@@ -382,12 +395,43 @@ swarm:
       description: "Technical writer preparing research documentation"
       directory: ~/research/papers
       model: opus
-      tools:
+      allowed_tools:
         - Edit
         - Write
         - Read
 ```
 
+#### Mixed Permission Modes
+
+You can have different permission modes for different instances:
+
+```yaml
+version: 1
+swarm:
+  name: "Mixed Mode Team"
+  main: lead
+  instances:
+    lead:
+      description: "Lead with full permissions"
+      directory: .
+      model: opus
+      vibe: true  # This instance runs with --dangerously-skip-permissions
+      connections: [restricted_worker, trusted_worker]
+      
+    restricted_worker:
+      description: "Worker with restricted permissions"
+      directory: ./sensitive
+      model: sonnet
+      allowed_tools: [Read, "Bash(ls:*)"]  # Only allow read and ls commands
+      
+    trusted_worker:
+      description: "Trusted worker with more permissions"
+      directory: ./workspace
+      model: sonnet
+      vibe: true  # This instance also skips permissions
+      allowed_tools: []  # Tools list ignored when vibe: true
+```
+
 ### Command Line Options
 
 ```bash
@@ -408,6 +452,10 @@ claude-swarm --prompt "Fix the bug in the payment module"
 # Show version
 claude-swarm version
 
+# Start permission MCP server (for testing/debugging)
+claude-swarm tools-mcp --allowed-tools 'mcp__frontend__*,mcp__backend__*'
+claude-swarm tools-mcp --allowed-tools 'Read,Edit' --disallowed-tools 'Edit(*.log)'
+
 # Internal command for MCP server (used by connected instances)
 claude-swarm mcp-serve INSTANCE_NAME --config CONFIG_FILE --session-timestamp TIMESTAMP
 ```
@@ -418,18 +466,28 @@ claude-swarm mcp-serve INSTANCE_NAME --config CONFIG_FILE --session-timestamp TI
 2. **MCP Generation**: For each instance, it generates an MCP configuration file that includes:
    - Any explicitly defined MCP servers
    - MCP servers for each connected instance (using `claude-swarm mcp-serve`)
-3. **Session Management**: Claude Swarm maintains session continuity:
+   - A permission MCP server (unless using `--vibe` mode)
+3. **Tool Permissions**: Claude Swarm automatically manages tool permissions:
+   - Each instance's configured tools are allowed via the permission MCP
+   - Supports wildcard patterns (e.g., `mcp__frontend__*` allows all frontend MCP tools)
+   - Disallowed tools take precedence over allowed tools for fine-grained control
+   - Eliminates the need to manually accept each tool or use global `--vibe` mode
+   - Per-instance `vibe: true` skips all permission checks for that specific instance
+   - The permission MCP uses `--permission-prompt-tool` to check tool access
+   - Permission decisions are logged to `.claude-swarm/sessions/{timestamp}/permissions.log`
+4. **Session Management**: Claude Swarm maintains session continuity:
    - Generates a shared session timestamp for all instances
    - Each instance can maintain its own Claude session ID
    - Sessions can be reset via the MCP server interface
-4. **Main Instance Launch**: The main instance is launched with its MCP configuration, giving it access to all connected instances
-5. **Inter-Instance Communication**: Connected instances expose themselves as MCP servers with these tools:
+5. **Main Instance Launch**: The main instance is launched with its MCP configuration, giving it access to all connected instances
+6. **Inter-Instance Communication**: Connected instances expose themselves as MCP servers with these tools:
    - **task**: Execute tasks using Claude Code with configurable tools and return results. The tool description includes the instance name and description (e.g., "Execute a task using Agent frontend_dev. Frontend developer specializing in React and TypeScript")
    - **session_info**: Get current Claude session information including ID and working directory
    - **reset_session**: Reset the Claude session for a fresh start
-6. **Session Management**: All session files are organized in `.claude-swarm/sessions/{timestamp}/`:
+7. **Session Management**: All session files are organized in `.claude-swarm/sessions/{timestamp}/`:
    - MCP configuration files: `{instance_name}.mcp.json`
    - Session log: `session.log` with detailed request/response tracking
+   - Permission log: `permissions.log` with all permission checks and decisions
 
 ## Troubleshooting
 
@@ -492,6 +550,20 @@ bundle exec rake release    # Release gem to RubyGems.org
 rake                  # Default: runs both tests and RuboCop
 ```
 
+### Release Process
+
+The gem is automatically published to RubyGems when a new release is created on GitHub:
+
+1. Update the version number in `lib/claude_swarm/version.rb`
+2. Update `CHANGELOG.md` with the new version's changes
+3. Commit the changes: `git commit -am "Bump version to x.y.z"`
+4. Create a version tag: `git tag -a vx.y.z -m "Release version x.y.z"`
+5. Push the changes and tag: `git push && git push --tags`
+6. The GitHub workflow will create a draft release - review and publish it
+7. Once published, the gem will be automatically built and pushed to RubyGems
+
+**Note**: You need to set up the `RUBYGEMS_AUTH_TOKEN` secret in your GitHub repository settings with your RubyGems API key.
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/parruda/claude-swarm.

data/RELEASING.md

@@ -0,0 +1,110 @@
+# Releasing Claude Swarm
+
+This guide walks through the process of releasing a new version of Claude Swarm.
+
+## Prerequisites
+
+- Ensure you have push access to the repository
+- Ensure the `RUBYGEMS_AUTH_TOKEN` secret is configured in GitHub repository settings
+- Ensure all tests are passing on the main branch
+
+## Release Steps
+
+### 1. Update Version
+
+Edit `lib/claude_swarm/version.rb` and update the version number:
+
+```ruby
+module ClaudeSwarm
+  VERSION = "0.1.8"  # Update this
+end
+```
+
+### 2. Update Changelog
+
+Move items from the `[Unreleased]` section to a new version section in `CHANGELOG.md`:
+
+```markdown
+## [Unreleased]
+
+## [0.1.8] - 2025-06-02
+
+### Added
+- Feature X
+
+### Changed
+- Enhancement Y
+
+### Fixed
+- Bug Z
+```
+
+### 3. Commit Changes
+
+```bash
+git add lib/claude_swarm/version.rb CHANGELOG.md
+git commit -m "Bump version to 0.1.8"
+```
+
+### 4. Create and Push Tag
+
+```bash
+git tag -a v0.1.8 -m "Release version 0.1.8"
+git push origin main
+git push origin v0.1.8
+```
+
+### 5. Review Draft Release
+
+The GitHub workflow will automatically create a draft release. Review it at:
+https://github.com/parruda/claude-swarm/releases
+
+### 6. Publish Release
+
+Once you're satisfied with the release notes, click "Publish release". This will trigger the workflow to:
+- Run tests
+- Build the gem
+- Publish to RubyGems.org
+- Publish to GitHub Packages
+
+### 7. Verify Publication
+
+Check that the gem was published successfully:
+- RubyGems: https://rubygems.org/gems/claude_swarm
+- GitHub Packages: https://github.com/parruda/claude-swarm/packages
+
+## Troubleshooting
+
+### Failed Publication
+
+If the release workflow fails:
+
+1. Check the workflow logs at: https://github.com/parruda/claude-swarm/actions
+2. Common issues:
+   - Invalid `RUBYGEMS_AUTH_TOKEN` secret
+   - Test failures
+   - RuboCop violations
+   - Network issues
+
+### Manual Release
+
+If you need to release manually:
+
+```bash
+# Ensure you're on the correct tag
+git checkout v0.1.8
+
+# Build the gem
+gem build claude_swarm.gemspec
+
+# Push to RubyGems (requires credentials)
+gem push claude_swarm-0.1.8.gem
+```
+
+## Post-Release
+
+After a successful release:
+
+1. Create a new `[Unreleased]` section in `CHANGELOG.md`
+2. Announce the release (optional)
+3. Update any dependent projects

data/lib/claude_swarm/claude_code_executor.rb

@@ -191,14 +191,26 @@ module ClaudeSwarm
       cmd_array += ["--print", "-p", prompt]
 
       # Add any custom system prompt
-      cmd_array += ["--system-prompt", options[:system_prompt]] if options[:system_prompt]
+      cmd_array += ["--append-system-prompt", options[:system_prompt]] if options[:system_prompt]
 
       # Add any allowed tools or vibe flag
       if @vibe
         cmd_array << "--dangerously-skip-permissions"
-      elsif options[:allowed_tools]
-        tools = Array(options[:allowed_tools]).join(",")
-        cmd_array += ["--allowedTools", tools]
+      else
+        # Add allowed tools if any
+        if options[:allowed_tools]
+          tools = Array(options[:allowed_tools]).join(",")
+          cmd_array += ["--allowedTools", tools]
+        end
+
+        # Add disallowed tools if any
+        if options[:disallowed_tools]
+          disallowed_tools = Array(options[:disallowed_tools]).join(",")
+          cmd_array += ["--disallowedTools", disallowed_tools]
+        end
+
+        # Add permission prompt tool if not in vibe mode
+        cmd_array += ["--permission-prompt-tool", "mcp__permissions__check_permission"]
       end
 
       cmd_array

data/lib/claude_swarm/cli.rb

@@ -5,6 +5,7 @@ require_relative "configuration"
 require_relative "mcp_generator"
 require_relative "orchestrator"
 require_relative "claude_mcp_server"
+require_relative "permission_mcp_server"
 
 module ClaudeSwarm
   class CLI < Thor
@@ -19,6 +20,8 @@ module ClaudeSwarm
                          desc: "Run with --dangerously-skip-permissions for all instances"
     method_option :prompt, aliases: "-p", type: :string,
                            desc: "Prompt to pass to the main Claude instance (non-interactive mode)"
+    method_option :stream_logs, type: :boolean, default: false,
+                                desc: "Stream session logs to stdout (only works with -p)"
     def start(config_file = nil)
       config_path = config_file || options[:config]
       unless File.exist?(config_path)
@@ -27,6 +30,13 @@ module ClaudeSwarm
       end
 
       say "Starting Claude Swarm from #{config_path}..." unless options[:prompt]
+
+      # Validate stream_logs option
+      if options[:stream_logs] && !options[:prompt]
+        error "--stream-logs can only be used with -p/--prompt"
+        exit 1
+      end
+
       begin
         config = Configuration.new(config_path)
         session_timestamp = Time.now.strftime("%Y%m%d_%H%M%S")
@@ -34,7 +44,8 @@ module ClaudeSwarm
         orchestrator = Orchestrator.new(config, generator,
                                         vibe: options[:vibe],
                                         prompt: options[:prompt],
-                                        session_timestamp: session_timestamp)
+                                        session_timestamp: session_timestamp,
+                                        stream_logs: options[:stream_logs])
         orchestrator.start
       rescue Error => e
         error e.message
@@ -59,6 +70,8 @@ module ClaudeSwarm
                                 desc: "Description of the instance's role"
     method_option :tools, aliases: "-t", type: :array,
                           desc: "Allowed tools for the instance"
+    method_option :disallowed_tools, type: :array,
+                                     desc: "Disallowed tools for the instance"
     method_option :mcp_config_path, type: :string,
                                     desc: "Path to MCP configuration file"
     method_option :debug, type: :boolean, default: false,
@@ -75,6 +88,7 @@ module ClaudeSwarm
         prompt: options[:prompt],
         description: options[:description],
         tools: options[:tools] || [],
+        disallowed_tools: options[:disallowed_tools] || [],
         mcp_config_path: options[:mcp_config_path],
         vibe: options[:vibe]
       }
@@ -112,7 +126,7 @@ module ClaudeSwarm
               directory: .
               model: sonnet
               prompt: "You are the lead developer coordinating the team"
-              tools: [Read, Edit, Bash, Write]
+              allowed_tools: [Read, Edit, Bash, Write]
               # connections: [frontend_dev, backend_dev]
 
             # Example instances (uncomment and modify as needed):
@@ -122,28 +136,28 @@ module ClaudeSwarm
             #   directory: ./frontend
             #   model: sonnet
             #   prompt: "You specialize in frontend development with React, TypeScript, and modern web technologies"
-            #   tools: [Read, Edit, Write, "Bash(npm:*)", "Bash(yarn:*)", "Bash(pnpm:*)"]
+            #   allowed_tools: [Read, Edit, Write, "Bash(npm:*)", "Bash(yarn:*)", "Bash(pnpm:*)"]
 
             # backend_dev:
             #   description: "Backend developer focusing on APIs, databases, and server architecture"
             #   directory: ../other-app/backend
             #   model: sonnet
             #   prompt: "You specialize in backend development, APIs, databases, and server architecture"
-            #   tools: [Read, Edit, Write, Bash]
+            #   allowed_tools: [Read, Edit, Write, Bash]
 
             # devops_engineer:
             #   description: "DevOps engineer managing infrastructure, CI/CD, and deployments"
             #   directory: .
             #   model: sonnet
             #   prompt: "You specialize in infrastructure, CI/CD, containerization, and deployment"
-            #   tools: [Read, Edit, Write, "Bash(docker:*)", "Bash(kubectl:*)", "Bash(terraform:*)"]
+            #   allowed_tools: [Read, Edit, Write, "Bash(docker:*)", "Bash(kubectl:*)", "Bash(terraform:*)"]
 
             # qa_engineer:
             #   description: "QA engineer ensuring quality through comprehensive testing"
             #   directory: ./tests
             #   model: sonnet
             #   prompt: "You specialize in testing, quality assurance, and test automation"
-            #   tools: [Read, Edit, Write, Bash]
+            #   allowed_tools: [Read, Edit, Write, Bash]
       YAML
 
       File.write(config_path, template)
@@ -156,6 +170,22 @@ module ClaudeSwarm
       say "Claude Swarm #{VERSION}"
     end
 
+    desc "tools-mcp", "Start a permission management MCP server for tool access control"
+    method_option :allowed_tools, aliases: "-t", type: :array,
+                                  desc: "Comma-separated list of allowed tool patterns (supports wildcards)"
+    method_option :disallowed_tools, type: :array,
+                                     desc: "Comma-separated list of disallowed tool patterns (supports wildcards)"
+    method_option :debug, type: :boolean, default: false,
+                          desc: "Enable debug output"
+    def tools_mcp
+      server = PermissionMcpServer.new(allowed_tools: options[:allowed_tools], disallowed_tools: options[:disallowed_tools])
+      server.start
+    rescue StandardError => e
+      error "Error starting permission MCP server: #{e.message}"
+      error e.backtrace.join("\n") if options[:debug]
+      exit 1
+    end
+
     default_task :start
 
     private

data/lib/claude_swarm/configuration.rb

@@ -76,15 +76,21 @@ module ClaudeSwarm
       # Validate required fields
       raise Error, "Instance '#{name}' missing required 'description' field" unless config["description"]
 
+      # Support both 'tools' (deprecated) and 'allowed_tools' for backward compatibility
+      allowed_tools = config["allowed_tools"] || config["tools"] || []
+
       {
         name: name,
         directory: expand_path(config["directory"] || "."),
         model: config["model"] || "sonnet",
         connections: Array(config["connections"]),
-        tools: Array(config["tools"]),
+        tools: Array(allowed_tools), # Keep as 'tools' internally for compatibility
+        allowed_tools: Array(allowed_tools),
+        disallowed_tools: Array(config["disallowed_tools"]),
         mcps: parse_mcps(config["mcps"] || []),
         prompt: config["prompt"],
-        description: config["description"]
+        description: config["description"],
+        vibe: config["vibe"] || false
       }
     end
 

data/lib/claude_swarm/mcp_generator.rb

@@ -58,6 +58,9 @@ module ClaudeSwarm
         mcp_servers[connection_name] = build_instance_mcp_config(connection_name, connected_instance, calling_instance: name)
       end
 
+      # Add permission MCP server if not in vibe mode (global or instance-specific)
+      mcp_servers["permissions"] = build_permission_mcp_config(instance[:tools], instance[:disallowed_tools]) unless @vibe || instance[:vibe]
+
       config = {
         "mcpServers" => mcp_servers
       }
@@ -102,11 +105,13 @@ module ClaudeSwarm
 
       args.push("--tools", instance[:tools].join(",")) if instance[:tools] && !instance[:tools].empty?
 
+      args.push("--disallowed-tools", instance[:disallowed_tools].join(",")) if instance[:disallowed_tools] && !instance[:disallowed_tools].empty?
+
       args.push("--mcp-config-path", mcp_config_path(name))
 
       args.push("--calling-instance", calling_instance) if calling_instance
 
-      args.push("--vibe") if @vibe
+      args.push("--vibe") if @vibe || instance[:vibe]
 
       {
         "type" => "stdio",
@@ -114,5 +119,26 @@ module ClaudeSwarm
         "args" => args
       }
     end
+
+    def build_permission_mcp_config(allowed_tools, disallowed_tools)
+      exe_path = "claude-swarm"
+
+      args = ["tools-mcp"]
+
+      # Add allowed tools if specified
+      args.push("--allowed-tools", allowed_tools.join(",")) if allowed_tools && !allowed_tools.empty?
+
+      # Add disallowed tools if specified
+      args.push("--disallowed-tools", disallowed_tools.join(",")) if disallowed_tools && !disallowed_tools.empty?
+
+      {
+        "type" => "stdio",
+        "command" => exe_path,
+        "args" => args,
+        "env" => {
+          "CLAUDE_SWARM_SESSION_TIMESTAMP" => @timestamp
+        }
+      }
+    end
   end
 end

data/lib/claude_swarm/orchestrator.rb

@@ -4,12 +4,13 @@ require "shellwords"
 
 module ClaudeSwarm
   class Orchestrator
-    def initialize(configuration, mcp_generator, vibe: false, prompt: nil, session_timestamp: nil)
+    def initialize(configuration, mcp_generator, vibe: false, prompt: nil, session_timestamp: nil, stream_logs: false)
       @config = configuration
       @generator = mcp_generator
       @vibe = vibe
       @prompt = prompt
       @session_timestamp = session_timestamp || Time.now.strftime("%Y%m%d_%H%M%S")
+      @stream_logs = stream_logs
     end
 
     def start
@@ -39,8 +40,10 @@ module ClaudeSwarm
         puts "🚀 Launching main instance: #{@config.main_instance}"
         puts "   Model: #{main_instance[:model]}"
         puts "   Directory: #{main_instance[:directory]}"
-        puts "   Tools: #{main_instance[:tools].join(", ")}" if main_instance[:tools].any?
+        puts "   Allowed tools: #{main_instance[:tools].join(", ")}" if main_instance[:tools].any?
+        puts "   Disallowed tools: #{main_instance[:disallowed_tools].join(", ")}" if main_instance[:disallowed_tools]&.any?
         puts "   Connections: #{main_instance[:connections].join(", ")}" if main_instance[:connections].any?
+        puts "   😎 Vibe mode ON for this instance" if main_instance[:vibe]
         puts
       end
 
@@ -50,14 +53,52 @@ module ClaudeSwarm
         puts
       end
 
+      # Start log streaming thread if in non-interactive mode with --stream-logs
+      log_thread = nil
+      log_thread = start_log_streaming if @prompt && @stream_logs
+
       # Execute the main instance - this will cascade to other instances via MCP
       Dir.chdir(main_instance[:directory]) do
         system(*command)
       end
+
+      # Clean up log streaming thread
+      return unless log_thread
+
+      log_thread.terminate
+      log_thread.join
     end
 
     private
 
+    def start_log_streaming
+      Thread.new do
+        session_log_path = File.join(Dir.pwd, ClaudeSwarm::ClaudeCodeExecutor::SWARM_DIR,
+                                     ClaudeSwarm::ClaudeCodeExecutor::SESSIONS_DIR,
+                                     @session_timestamp, "session.log")
+
+        # Wait for log file to be created
+        sleep 0.1 until File.exist?(session_log_path)
+
+        # Open file and seek to end
+        File.open(session_log_path, "r") do |file|
+          file.seek(0, IO::SEEK_END)
+
+          loop do
+            changes = file.read
+            if changes
+              print changes
+              $stdout.flush
+            else
+              sleep 0.1
+            end
+          end
+        end
+      rescue StandardError
+        # Silently handle errors (file might be deleted, process might end, etc.)
+      end
+    end
+
     def build_main_command(instance)
       parts = [
         "claude",
@@ -65,12 +106,26 @@ module ClaudeSwarm
         instance[:model]
       ]
 
-      if @vibe
+      if @vibe || instance[:vibe]
         parts << "--dangerously-skip-permissions"
-      elsif instance[:tools].any?
-        tools_str = instance[:tools].join(",")
-        parts << "--allowedTools"
-        parts << tools_str
+      else
+        # Add allowed tools if any
+        if instance[:tools].any?
+          tools_str = instance[:tools].join(",")
+          parts << "--allowedTools"
+          parts << tools_str
+        end
+
+        # Add disallowed tools if any
+        if instance[:disallowed_tools]&.any?
+          disallowed_tools_str = instance[:disallowed_tools].join(",")
+          parts << "--disallowedTools"
+          parts << disallowed_tools_str
+        end
+
+        # Add permission prompt tool unless in vibe mode
+        parts << "--permission-prompt-tool"
+        parts << "mcp__permissions__check_permission"
       end
 
       if instance[:prompt]

data/lib/claude_swarm/permission_mcp_server.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+require "json"
+require "fast_mcp"
+require "logger"
+require "fileutils"
+require_relative "permission_tool"
+
+module ClaudeSwarm
+  class PermissionMcpServer
+    SWARM_DIR = ".claude-swarm"
+    SESSIONS_DIR = "sessions"
+
+    def initialize(allowed_tools: nil, disallowed_tools: nil)
+      @allowed_tools = allowed_tools
+      @disallowed_tools = disallowed_tools
+      setup_logging
+    end
+
+    def start
+      # Parse allowed and disallowed tools
+      allowed_patterns = parse_tool_patterns(@allowed_tools)
+      disallowed_patterns = parse_tool_patterns(@disallowed_tools)
+
+      @logger.info("Starting permission MCP server with allowed patterns: #{allowed_patterns.inspect}, " \
+                   "disallowed patterns: #{disallowed_patterns.inspect}")
+
+      # Set the patterns on the tool class
+      PermissionTool.allowed_patterns = allowed_patterns
+      PermissionTool.disallowed_patterns = disallowed_patterns
+      PermissionTool.logger = @logger
+
+      server = FastMcp::Server.new(
+        name: "claude-swarm-permissions",
+        version: "1.0.0"
+      )
+
+      # Register the tool class
+      server.register_tool(PermissionTool)
+
+      @logger.info("Permission MCP server started successfully")
+
+      # Start the stdio server
+      server.start
+    end
+
+    private
+
+    def setup_logging
+      # Use environment variable for session timestamp if available
+      # Otherwise create a new timestamp
+      session_timestamp = ENV["CLAUDE_SWARM_SESSION_TIMESTAMP"] || Time.now.strftime("%Y%m%d_%H%M%S")
+
+      # Ensure the session directory exists
+      session_dir = File.join(Dir.pwd, SWARM_DIR, SESSIONS_DIR, session_timestamp)
+      FileUtils.mkdir_p(session_dir)
+
+      # Create logger with permissions.log filename
+      log_path = File.join(session_dir, "permissions.log")
+      @logger = Logger.new(log_path)
+      @logger.level = Logger::DEBUG
+
+      # Custom formatter for better readability
+      @logger.formatter = proc do |severity, datetime, _progname, msg|
+        "[#{datetime.strftime("%Y-%m-%d %H:%M:%S.%L")}] [#{severity}] #{msg}\n"
+      end
+
+      @logger.info("Permission MCP server logging initialized")
+    end
+
+    def parse_tool_patterns(tools)
+      return [] if tools.nil? || tools.empty?
+
+      # Handle both string and array inputs
+      tool_list = tools.is_a?(Array) ? tools : tools.split(/[,\s]+/)
+
+      # Clean up and return
+      tool_list.map(&:strip).reject(&:empty?)
+    end
+  end
+end

data/lib/claude_swarm/permission_tool.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+require "json"
+require "fast_mcp"
+
+module ClaudeSwarm
+  class PermissionTool < FastMcp::Tool
+    # Class variables to store allowed/disallowed patterns and logger
+    class << self
+      attr_accessor :allowed_patterns, :disallowed_patterns, :logger
+    end
+
+    tool_name "check_permission"
+    description "Check if a tool is allowed to be used based on configured patterns"
+
+    arguments do
+      required(:tool_name).filled(:string).description("The tool requesting permission")
+      required(:input).value(:hash).description("The input for the tool")
+    end
+
+    def call(tool_name:, input:)
+      logger = self.class.logger
+      logger.info("Permission check requested for tool: #{tool_name}")
+      logger.info("Tool input: #{input.inspect}")
+
+      allowed_patterns = self.class.allowed_patterns || []
+      disallowed_patterns = self.class.disallowed_patterns || []
+
+      logger.info("Checking against allowed patterns: #{allowed_patterns.inspect}")
+      logger.info("Checking against disallowed patterns: #{disallowed_patterns.inspect}")
+
+      # Check if tool matches any disallowed pattern first (takes precedence)
+      disallowed = disallowed_patterns.any? do |pattern|
+        match = matches_pattern?(tool_name, pattern)
+        logger.info("Disallowed pattern '#{pattern}' vs '#{tool_name}': #{match}")
+        match
+      end
+
+      if disallowed
+        logger.info("DENIED: Tool '#{tool_name}' matches disallowed pattern")
+        result = {
+          "behavior" => "deny",
+          "message" => "Tool '#{tool_name}' is explicitly disallowed"
+        }
+      else
+        # Check if the tool matches any allowed pattern
+        allowed = allowed_patterns.empty? || allowed_patterns.any? do |pattern|
+          match = matches_pattern?(tool_name, pattern)
+          logger.info("Allowed pattern '#{pattern}' vs '#{tool_name}': #{match}")
+          match
+        end
+
+        result = if allowed
+                   logger.info("ALLOWED: Tool '#{tool_name}' matches configured patterns")
+                   {
+                     "behavior" => "allow",
+                     "updatedInput" => input
+                   }
+                 else
+                   logger.info("DENIED: Tool '#{tool_name}' does not match any allowed patterns")
+                   {
+                     "behavior" => "deny",
+                     "message" => "Tool '#{tool_name}' is not allowed by configured patterns"
+                   }
+                 end
+      end
+
+      # Return JSON-stringified result as per SDK docs
+      response = JSON.generate(result)
+      logger.info("Returning response: #{response}")
+      response
+    end
+
+    private
+
+    def matches_pattern?(tool_name, pattern)
+      if pattern.include?("*")
+        # Convert wildcard pattern to regex
+        regex_pattern = pattern.gsub("*", ".*")
+        tool_name.match?(/^#{regex_pattern}$/)
+      else
+        # Exact match
+        tool_name == pattern
+      end
+    end
+  end
+end

data/lib/claude_swarm/task_tool.rb

@@ -23,6 +23,9 @@ module ClaudeSwarm
       # Add allowed tools from instance config
       options[:allowed_tools] = instance_config[:tools] if instance_config[:tools]&.any?
 
+      # Add disallowed tools from instance config
+      options[:disallowed_tools] = instance_config[:disallowed_tools] if instance_config[:disallowed_tools]&.any?
+
       response = executor.execute(prompt, options)
 
       # Return just the result text as expected by MCP

data/lib/claude_swarm/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ClaudeSwarm
-  VERSION = "0.1.6"
+  VERSION = "0.1.8"
 end

data/lib/claude_swarm.rb

@@ -4,6 +4,8 @@ require_relative "claude_swarm/version"
 require_relative "claude_swarm/cli"
 require_relative "claude_swarm/claude_code_executor"
 require_relative "claude_swarm/claude_mcp_server"
+require_relative "claude_swarm/permission_tool"
+require_relative "claude_swarm/permission_mcp_server"
 
 module ClaudeSwarm
   class Error < StandardError; end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: claude_swarm
 version: !ruby/object:Gem::Version
-  version: 0.1.6
+  version: 0.1.8
 platform: ruby
 authors:
 - Paulo Arruda
 bindir: exe
 cert_chain: []
-date: 2025-06-02 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -56,8 +56,8 @@ files:
 - CLAUDE.md
 - LICENSE
 - README.md
+- RELEASING.md
 - Rakefile
-- claude-swarm.yml
 - example/claude-swarm.yml
 - exe/claude-swarm
 - lib/claude_swarm.rb
@@ -67,6 +67,8 @@ files:
 - lib/claude_swarm/configuration.rb
 - lib/claude_swarm/mcp_generator.rb
 - lib/claude_swarm/orchestrator.rb
+- lib/claude_swarm/permission_mcp_server.rb
+- lib/claude_swarm/permission_tool.rb
 - lib/claude_swarm/reset_session_tool.rb
 - lib/claude_swarm/session_info_tool.rb
 - lib/claude_swarm/task_tool.rb
@@ -85,14 +87,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.1.0
+      version: 3.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.6.7
 specification_version: 4
 summary: Orchestrate multiple Claude Code instances as a collaborative AI development
   team

data/claude-swarm.yml

@@ -1,21 +0,0 @@
-version: 1
-swarm:
-  name: "Swarm Name"
-  main: lead_developer
-  instances:
-    lead_developer:
-      description: "Lead developer coordinating the team and making architectural decisions"
-      directory: .
-      model: opus
-      prompt: "You are the lead developer coordinating the team"
-      tools: [Read, Edit, Bash, Write]
-      connections: [frontend_dev]
-
-    # Example instances (uncomment and modify as needed):
-
-    frontend_dev:
-      description: "Frontend developer specializing in React and modern web technologies"
-      directory: .
-      model: opus
-      prompt: "You specialize in frontend development with React, TypeScript, and modern web technologies"
-      tools: [Read, Edit, Write, "Bash(npm:*)", "Bash(yarn:*)", "Bash(pnpm:*)"]