claude_swarm 0.1.8 → 0.1.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4694bdf654adfb2784e4156d504ace610c9b48bd7aedafb4d5571ee0483325e6
-  data.tar.gz: 9f26361aac4c2815b11f95ab28a67fbb684377d691b7ee5a1b99c89a1a4fa3c1
+  metadata.gz: 5d324ca820897ad2929051a87d06f152df536434522f42cba507a9c6984b019f
+  data.tar.gz: bd2f9659c374ee277e3f20e4fd339b542887c394730acf5682a90d9c06cfcfb1
 SHA512:
-  metadata.gz: 8c5d95adfea48bb560e8ed04d1149284fa199e72a9051e85f7e3e23222a1c117c96b6eb977a418bc573d41a6e6c846d7071dd552121d3810a33b0937ac3228c4
-  data.tar.gz: aaf42838c5caf597bde330171ebd0aca702089731794f2c45df395b177fe6871c96f27f5838da587a9454de7cc397ca8fae7f910c6f61b1f775f6c2911444823
+  metadata.gz: 4ec9b2c70924671846cbfbaf98ddd93869b2e84162c199559b7551ae833bb73ac62950f4bee9dc19f59a138997c4873f6fb8746fa56f5cf1769855e01cdd74e3
+  data.tar.gz: 64cc15a5ee7844f900eda0097e539046d730e4eb07b1323217a55dee9b965db506b1c3838d15e311291edc133296191a80a92769727cce84361cba6b5a2c7f0a

data/.rubocop.yml

@@ -62,4 +62,7 @@ Minitest/MultipleAssertions:
   Enabled: false
 
 Metrics/ParameterLists:
+  Enabled: false
+
+Style/PerlBackrefs:
   Enabled: false

data/CHANGELOG.md

@@ -1,3 +1,37 @@
+## [0.1.10]
+
+### Added
+- **YAML validation for tool fields**: Added strict validation to ensure `tools:`, `allowed_tools:`, and `disallowed_tools:` fields must be arrays in the configuration
+- Clear error messages when tool fields are not arrays (e.g., "Instance 'lead' field 'tools' must be an array, got String")
+- Comprehensive test coverage for the new validation rules
+
+### Fixed
+- Prevents silent conversion of non-array tool values that could lead to unexpected behavior
+- Configuration now fails fast with helpful error messages instead of accepting invalid formats
+
+## [0.1.9]
+
+### Added
+- **Parameter-based tool patterns**: Custom tools now support explicit parameter patterns (e.g., `WebFetch(url:https://example.com/*)`)
+- **Enhanced pattern matching**: File tools support brace expansion and complex glob patterns (e.g., `Read(~/docs/**/*.{txt,md})`)
+- **Comprehensive test coverage**: Added extensive unit and integration tests for permission system
+
+### Changed
+- **Breaking change**: Custom tools with patterns now require explicit parameter syntax - `Tool(param:pattern)` instead of `Tool(pattern)`
+- **Improved pattern parsing**: Tool patterns are now parsed into structured hashes with `tool_name`, `pattern`, and `type` fields
+- **Better pattern enforcement**: Custom tool patterns are now strictly enforced - requests with non-matching parameters are denied
+- Tools without patterns (e.g., `WebFetch`) continue to accept any input parameters
+
+### Fixed
+- Fixed brace expansion in file glob patterns by adding `File::FNM_EXTGLOB` flag
+- Improved parameter pattern parsing to avoid conflicts with URL patterns containing colons
+
+### Internal
+- Major refactoring of `PermissionMcpServer` and `PermissionTool` for better maintainability and readability
+- Extracted pattern matching logic into focused, single-purpose methods
+- Added constants for tool categories and pattern types
+- Improved logging with structured helper methods
+
 ## [0.1.8]
 
 ### Added

data/README.md

@@ -1,6 +1,6 @@
 # Claude Swarm
 
-[![Gem Version](https://badge.fury.io/rb/claude_swarm.svg)](https://badge.fury.io/rb/claude_swarm)
+[![Gem Version](https://badge.fury.io/rb/claude_swarm.svg?cache_bust=1)](https://badge.fury.io/rb/claude_swarm)
 [![CI](https://github.com/parruda/claude-swarm/actions/workflows/ci.yml/badge.svg)](https://github.com/parruda/claude-swarm/actions/workflows/ci.yml)
 
 Claude Swarm orchestrates multiple Claude Code instances as a collaborative AI development team. It enables running AI agents with specialized roles, tools, and directory contexts, communicating via MCP (Model Context Protocol) in a tree-like hierarchy. Define your swarm topology in simple YAML and let Claude instances delegate tasks through connected instances. Perfect for complex projects requiring specialized AI agents for frontend, backend, testing, DevOps, or research tasks.
@@ -570,4 +570,4 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/parrud
 
 ## License
 
-The gem is available as open source under the terms of the [MIT License](LICENSE).
+The gem is available as open source under the terms of the [MIT License](LICENSE).

data/example/microservices-team.yml

@@ -0,0 +1,293 @@
+version: 1
+swarm:
+  name: "Multi-Codebase Product Development Team"
+  main: cto
+  instances:
+    # Leadership & Coordination
+    cto:
+      description: "CTO overseeing all technical teams and architectural decisions"
+      directory: ~/projects
+      model: opus
+      connections: [architect, product_manager, qa_lead, security_lead]
+      prompt: "You are the CTO coordinating multiple development teams across different codebases. Focus on high-level architecture, team coordination, and technical strategy."
+      allowed_tools:
+        - Read
+        - WebSearch
+        - Edit
+    
+    architect:
+      description: "Principal architect designing system-wide solutions and ensuring consistency"
+      directory: ~/projects
+      model: opus
+      connections: [frontend_lead, backend_lead, mobile_lead, devops_lead, data_lead]
+      prompt: "You design cross-cutting solutions and ensure architectural consistency across all services."
+      allowed_tools:
+        - Read
+        - Edit
+        - WebSearch
+    
+    product_manager:
+      description: "Product manager translating business requirements into technical specifications"
+      directory: ~/projects/docs/requirements
+      model: opus
+      connections: [cto, frontend_lead, backend_lead, mobile_lead]
+      prompt: "You translate business requirements into technical specifications and user stories."
+      allowed_tools:
+        - Read
+        - Edit
+        - Write
+    
+    # Frontend Team
+    frontend_lead:
+      description: "Frontend team lead managing React web application development"
+      directory: ~/projects/web-frontend
+      model: opus
+      connections: [react_senior, ui_designer, frontend_qa]
+      prompt: "You lead the web frontend team, ensuring React best practices and coordinating with other teams."
+      allowed_tools:
+        - Read
+        - Edit
+        - Bash
+    
+    react_senior:
+      description: "Senior React developer building complex UI components and state management"
+      directory: ~/projects/web-frontend/src
+      model: opus
+      connections: [frontend_lead]
+      prompt: "You build React components, manage Redux state, and handle complex frontend logic."
+      allowed_tools:
+        - Edit
+        - Write
+        - "Bash(npm:*, yarn:*, jest:*)"
+    
+    ui_designer:
+      description: "UI/UX specialist creating responsive designs and managing design system"
+      directory: ~/projects/design-system
+      model: sonnet
+      connections: [frontend_lead, mobile_lead]
+      prompt: "You maintain the design system and ensure consistent UI/UX across platforms."
+      allowed_tools:
+        - Edit
+        - Write
+        - Read
+    
+    # Backend Services Team
+    backend_lead:
+      description: "Backend team lead coordinating microservices development"
+      directory: ~/projects/backend
+      model: opus
+      connections: [auth_dev, api_gateway_dev, core_service_dev, shared_lib_dev]
+      prompt: "You coordinate backend microservices development and ensure API consistency."
+      allowed_tools:
+        - Read
+        - Edit
+        - Bash
+    
+    auth_dev:
+      description: "Authentication service developer managing user auth and OAuth"
+      directory: ~/projects/backend/auth-service
+      model: opus
+      prompt: "You develop and maintain the authentication service with OAuth2, JWT, and user management."
+      allowed_tools:
+        - Edit
+        - Write
+        - "Bash(go:*, docker:*, make:*)"
+    
+    api_gateway_dev:
+      description: "API gateway developer managing request routing and rate limiting"
+      directory: ~/projects/backend/api-gateway
+      model: opus
+      prompt: "You maintain the API gateway handling routing, rate limiting, and request transformation."
+      allowed_tools:
+        - Edit
+        - Write
+        - "Bash(go:*, docker:*, kong:*)"
+    
+    core_service_dev:
+      description: "Core business logic service developer"
+      directory: ~/projects/backend/core-service
+      model: opus
+      prompt: "You develop the core business logic service handling main application features."
+      allowed_tools:
+        - Edit
+        - Write
+        - "Bash(python:*, pip:*, pytest:*, docker:*)"
+    
+    shared_lib_dev:
+      description: "Shared libraries developer maintaining common code across services"
+      directory: ~/projects/shared-libs
+      model: sonnet
+      connections: [backend_lead]
+      prompt: "You maintain shared libraries used across all backend services."
+      allowed_tools:
+        - Edit
+        - Write
+        - "Bash(npm:*, go:*, python:*)"
+    
+    # Mobile Team
+    mobile_lead:
+      description: "Mobile team lead coordinating iOS and Android development"
+      directory: ~/projects/mobile
+      model: opus
+      connections: [ios_senior, android_senior, mobile_qa]
+      prompt: "You coordinate mobile development ensuring feature parity between platforms."
+      allowed_tools:
+        - Read
+        - Edit
+    
+    ios_senior:
+      description: "Senior iOS developer building native Swift applications"
+      directory: ~/projects/mobile/ios-app
+      model: opus
+      prompt: "You develop the iOS app using Swift, SwiftUI, and native iOS frameworks."
+      allowed_tools:
+        - Edit
+        - Write
+        - "Bash(swift:*, xcodebuild:*, pod:*, fastlane:*)"
+    
+    android_senior:
+      description: "Senior Android developer creating Kotlin applications"
+      directory: ~/projects/mobile/android-app
+      model: opus
+      prompt: "You develop the Android app using Kotlin, Jetpack Compose, and Android SDK."
+      allowed_tools:
+        - Edit
+        - Write
+        - "Bash(gradle:*, adb:*, fastlane:*)"
+    
+    # Data Team
+    data_lead:
+      description: "Data team lead managing analytics, ML models, and data pipelines"
+      directory: ~/projects/data-platform
+      model: opus
+      connections: [data_engineer, ml_engineer, analytics_dev]
+      prompt: "You lead the data team handling analytics, ML, and data infrastructure."
+      allowed_tools:
+        - Read
+        - Edit
+        - Bash
+    
+    data_engineer:
+      description: "Data engineer building ETL pipelines and data warehouse"
+      directory: ~/projects/data-platform/pipelines
+      model: opus
+      prompt: "You build and maintain ETL pipelines, data warehouse, and streaming infrastructure."
+      allowed_tools:
+        - Edit
+        - Write
+        - "Bash(python:*, airflow:*, spark:*, dbt:*)"
+    
+    ml_engineer:
+      description: "ML engineer developing and deploying machine learning models"
+      directory: ~/projects/data-platform/ml-models
+      model: opus
+      prompt: "You develop, train, and deploy ML models for recommendation and prediction features."
+      allowed_tools:
+        - Edit
+        - Write
+        - "Bash(python:*, jupyter:*, mlflow:*, docker:*)"
+    
+    analytics_dev:
+      description: "Analytics developer creating dashboards and reports"
+      directory: ~/projects/data-platform/analytics
+      model: sonnet
+      prompt: "You build analytics dashboards and create business intelligence reports."
+      allowed_tools:
+        - Edit
+        - Write
+        - "Bash(python:*, sql:*)"
+    
+    # DevOps & Infrastructure
+    devops_lead:
+      description: "DevOps lead managing CI/CD, infrastructure, and platform reliability"
+      directory: ~/projects/infrastructure
+      model: opus
+      connections: [sre_engineer, platform_engineer, cloud_architect]
+      prompt: "You lead DevOps ensuring reliable deployments and infrastructure."
+      allowed_tools:
+        - Read
+        - Edit
+        - Bash
+    
+    sre_engineer:
+      description: "SRE engineer ensuring system reliability and incident response"
+      directory: ~/projects/infrastructure/monitoring
+      model: opus
+      prompt: "You ensure system reliability, manage monitoring, and handle incident response."
+      allowed_tools:
+        - Edit
+        - Write
+        - "Bash(kubectl:*, helm:*, prometheus:*, grafana:*)"
+    
+    platform_engineer:
+      description: "Platform engineer managing Kubernetes and container infrastructure"
+      directory: ~/projects/infrastructure/k8s
+      model: opus
+      prompt: "You manage Kubernetes clusters, service mesh, and container orchestration."
+      allowed_tools:
+        - Edit
+        - Write
+        - "Bash(kubectl:*, helm:*, docker:*, istioctl:*)"
+    
+    cloud_architect:
+      description: "Cloud architect managing AWS/GCP infrastructure and costs"
+      directory: ~/projects/infrastructure/terraform
+      model: opus
+      prompt: "You design and manage cloud infrastructure, optimize costs, and ensure security."
+      allowed_tools:
+        - Edit
+        - Write
+        - "Bash(terraform:*, aws:*, gcloud:*)"
+    
+    # Quality & Security
+    qa_lead:
+      description: "QA lead coordinating testing strategy across all platforms"
+      directory: ~/projects/qa
+      model: opus
+      connections: [frontend_qa, backend_qa, mobile_qa]
+      prompt: "You coordinate QA efforts ensuring comprehensive test coverage across all platforms."
+      allowed_tools:
+        - Read
+        - Edit
+        - Bash
+    
+    frontend_qa:
+      description: "Frontend QA engineer writing E2E tests and visual regression tests"
+      directory: ~/projects/qa/frontend-tests
+      model: sonnet
+      prompt: "You write and maintain E2E tests for the web frontend using Cypress and Playwright."
+      allowed_tools:
+        - Edit
+        - Write
+        - "Bash(npm:*, cypress:*, playwright:*)"
+    
+    backend_qa:
+      description: "Backend QA engineer creating API tests and integration tests"
+      directory: ~/projects/qa/backend-tests
+      model: sonnet
+      prompt: "You create comprehensive API tests and integration tests for all backend services."
+      allowed_tools:
+        - Edit
+        - Write
+        - "Bash(python:*, pytest:*, postman:*, k6:*)"
+    
+    mobile_qa:
+      description: "Mobile QA engineer testing iOS and Android applications"
+      directory: ~/projects/qa/mobile-tests
+      model: sonnet
+      prompt: "You test mobile applications using automated and manual testing approaches."
+      allowed_tools:
+        - Edit
+        - Write
+        - "Bash(appium:*, xctest:*, espresso:*)"
+    
+    security_lead:
+      description: "Security lead ensuring application and infrastructure security"
+      directory: ~/projects/security
+      model: opus
+      connections: [cto]
+      prompt: "You ensure security best practices, conduct audits, and manage security incidents."
+      allowed_tools:
+        - Read
+        - Edit
+        - "Bash(trivy:*, snyk:*, owasp:*)"

data/example/test-generation.yml

@@ -0,0 +1,249 @@
+version: 1
+swarm:
+  name: "Rails Test Generation Expert Team"
+  main: test_architect
+  instances:
+    test_architect:
+      description: "Test architect coordinating comprehensive test coverage following SOLID principles and Rails best practices"
+      directory: .
+      model: opus
+      connections: [unit_test_expert, integration_test_expert, system_test_expert, test_quality_reviewer, factory_specialist]
+      prompt: |
+        You are a senior Rails test architect responsible for ensuring comprehensive test coverage across the entire application. Your core responsibilities:
+        
+        - Analyze the codebase to identify what needs testing
+        - Delegate appropriate test creation to specialized team members
+        - Ensure all tests follow SOLID principles, particularly:
+          * Single Responsibility: Each test should verify one behavior
+          * Open/Closed: Tests should be extensible without modification
+          * Dependency Inversion: Tests should depend on abstractions, not concretions
+        - Coordinate test coverage across models, controllers, services, jobs, and system tests
+        - Ensure tests follow Rails testing best practices and conventions
+        - Maintain a balance between test coverage and test maintainability
+        
+        When delegating tasks:
+        - Provide clear context about what needs testing
+        - Specify the type of test needed (unit, integration, system)
+        - Share relevant code snippets or file paths
+        - Request tests that are DRY, readable, and maintainable
+      allowed_tools:
+        - Read
+        - Edit
+        - WebSearch
+        - Bash
+
+    unit_test_expert:
+      description: "Unit test specialist focusing on models, services, and isolated business logic with Minitest"
+      directory: ./spec
+      model: opus
+      connections: [test_architect, factory_specialist]
+      prompt: |
+        You are a Rails unit testing expert specializing in Minitest. Your focus areas:
+        
+        MODEL TESTS:
+        - Test validations, associations, scopes, and instance methods
+        - Use shoulda-matchers for clean validation and association tests
+        - Test edge cases and boundary conditions
+        - Ensure database-independent tests where possible
+        
+        SERVICE OBJECT TESTS:
+        - Test each public method in isolation
+        - Mock external dependencies
+        - Verify return values and side effects
+        - Test error handling and edge cases
+        
+        SOLID PRINCIPLES IN TESTS:
+        - Single Responsibility: One assertion per test when possible
+        - Interface Segregation: Test public interfaces, not implementation
+        - Dependency Inversion: Use doubles/mocks for external dependencies
+        
+        BEST PRACTICES:
+        - Use `let` and `let!` appropriately
+        - Prefer `describe` and `context` for clear test organization
+        - Write descriptive test names that document behavior
+        - Keep tests fast by avoiding unnecessary database hits
+        - Use factories instead of fixtures
+        - Follow the Arrange-Act-Assert pattern
+        
+        Always write tests that serve as living documentation of the code's behavior.
+      allowed_tools:
+        - Read
+        - Edit
+        - Write
+        - "Bash(bundle:*)"
+
+    integration_test_expert:
+      description: "Integration test specialist for controllers, API endpoints, and request specs"
+      directory: ./spec
+      model: opus
+      connections: [test_architect, factory_specialist]
+      prompt: |
+        You are a Rails integration testing expert focusing on request specs and controller tests. Your expertise:
+        
+        REQUEST SPECS:
+        - Test complete request/response cycles
+        - Verify HTTP status codes, response bodies, and headers
+        - Test authentication and authorization
+        - Ensure proper parameter handling and validation
+        - Test API versioning if applicable
+        
+        CONTROLLER INTEGRATION:
+        - Test the integration between controllers and models
+        - Verify proper use of strong parameters
+        - Test before_action callbacks and filters
+        - Ensure proper error handling and response formats
+        
+        SOLID PRINCIPLES:
+        - Open/Closed: Write tests that don't break when implementation changes
+        - Liskov Substitution: Test behavior, not specific implementations
+        
+        BEST PRACTICES:
+        - Use request specs over controller specs (Rails 5+ recommendation)
+        - Test happy paths and error scenarios
+        - Include tests for different user roles and permissions
+        - Test pagination, filtering, and sorting where applicable
+        - Use shared examples for common behaviors
+        - Test both JSON and HTML responses as needed
+        - Verify side effects (emails sent, jobs enqueued, etc.)
+        
+        Focus on testing the contract between the client and server, not implementation details.
+      allowed_tools:
+        - Read
+        - Edit
+        - Write
+        - "Bash(bundle:*, rails:*)"
+
+    system_test_expert:
+      description: "System test specialist for end-to-end user flows and JavaScript interactions"
+      directory: ./spec/system
+      model: opus
+      connections: [test_architect]
+      prompt: |
+        You are a Rails system testing expert using Capybara and Selenium. Your specialization:
+        
+        SYSTEM TESTS:
+        - Test complete user workflows from start to finish
+        - Verify JavaScript interactions and dynamic content
+        - Test real browser behavior and compatibility
+        - Ensure accessibility compliance in tests
+        
+        CAPYBARA BEST PRACTICES:
+        - Use semantic selectors (data-testid, aria-labels) over CSS
+        - Implement proper wait strategies for async operations
+        - Use Page Object Pattern for maintainable tests
+        - Test both happy paths and error scenarios
+        
+        TEST SCENARIOS:
+        - User authentication flows (sign up, login, logout)
+        - Form submissions with client-side validations
+        - AJAX interactions and real-time updates
+        - File uploads and downloads
+        - Multi-step workflows and wizards
+        
+        PERFORMANCE & RELIABILITY:
+        - Keep tests deterministic and flake-free
+        - Use headless browsers for CI environments
+        - Implement proper database cleaning strategies
+        - Take screenshots on failures for debugging
+        
+        SOLID PRINCIPLES:
+        - Single Responsibility: Each test verifies one user flow
+        - DRY: Extract common interactions into helper methods
+        
+        Write tests that ensure the application works correctly from the user's perspective.
+      allowed_tools:
+        - Read
+        - Edit
+        - Write
+        - "Bash(bundle:*)"
+
+    factory_specialist:
+      description: "Test data specialist managing factories, traits, and test data generation"
+      directory: ./spec/factories
+      model: opus
+      connections: [test_architect, unit_test_expert, integration_test_expert]
+      prompt: |
+        You are a Rails test data expert specializing in FactoryBot. Your responsibilities:
+        
+        FACTORY DESIGN:
+        - Create minimal, valid factories by default
+        - Use traits for different object states and variations
+        - Implement intelligent sequences for unique attributes
+        - Handle complex associations properly
+        - Avoid creating unnecessary associated objects
+        
+        BEST PRACTICES:
+        - Follow Single Responsibility: One factory per model
+        - Use inheritance for STI models
+        - Implement transient attributes for flexible factories
+        - Create aliases for better readability
+        - Use callbacks sparingly and only when necessary
+        
+        PERFORMANCE:
+        - Prefer build/build_stubbed over create when possible
+        - Use create_list efficiently
+        - Implement lazy evaluation for expensive attributes
+        - Avoid N+1 queries in factory definitions
+        
+        DATA INTEGRITY:
+        - Ensure factories always create valid objects
+        - Test factories themselves in a separate spec
+        - Use Faker for realistic test data
+        - Handle edge cases (empty strings, nil values, etc.)
+        
+        SOLID PRINCIPLES:
+        - Interface Segregation: Factories should be easy to use
+        - Dependency Inversion: Factories shouldn't depend on application state
+        
+        Your factories should make tests readable, fast, and maintainable.
+      allowed_tools:
+        - Read
+        - Edit
+        - Write
+        - "Bash(bundle:*)"
+
+    test_quality_reviewer:
+      description: "Test quality assurance specialist ensuring best practices, coverage, and maintainability"
+      directory: .
+      model: opus
+      connections: [test_architect]
+      prompt: |
+        You are a Rails test quality reviewer ensuring all tests meet the highest standards. Your review criteria:
+        
+        CODE QUALITY:
+        - Tests follow AAA pattern (Arrange, Act, Assert)
+        - No test interdependencies
+        - Proper use of Minitest's DSL
+        - Clear, descriptive test names
+        - Appropriate use of shared examples and contexts
+        
+        COVERAGE ANALYSIS:
+        - Identify missing test scenarios
+        - Ensure edge cases are covered
+        - Verify error handling is tested
+        - Check for untested code paths
+        - Recommend additional test cases
+        
+        PERFORMANCE:
+        - Tests run quickly (prefer unit over integration when possible)
+        - Minimal database interactions
+        - Proper use of test doubles and stubs
+        - No unnecessary setup or teardown
+        
+        MAINTAINABILITY:
+        - Tests are DRY without sacrificing clarity
+        - Proper extraction of test helpers
+        - Good balance between shared examples and explicit tests
+        - Tests serve as documentation
+        
+        SOLID COMPLIANCE:
+        - Single Responsibility: Each test has one clear purpose
+        - Open/Closed: Tests don't break with refactoring
+        - Liskov Substitution: Tests work with subclasses
+        - Interface Segregation: Tests focus on public APIs
+        - Dependency Inversion: Tests use abstractions
+        
+        Provide actionable feedback to improve test quality and coverage.
+      allowed_tools:
+        - Read
+        - "Bash(bundle:*, rubocop:*)"

data/lib/claude_swarm/cli.rb

@@ -171,9 +171,9 @@ module ClaudeSwarm
     end
 
     desc "tools-mcp", "Start a permission management MCP server for tool access control"
-    method_option :allowed_tools, aliases: "-t", type: :array,
+    method_option :allowed_tools, aliases: "-t", type: :string,
                                   desc: "Comma-separated list of allowed tool patterns (supports wildcards)"
-    method_option :disallowed_tools, type: :array,
+    method_option :disallowed_tools, type: :string,
                                      desc: "Comma-separated list of disallowed tool patterns (supports wildcards)"
     method_option :debug, type: :boolean, default: false,
                           desc: "Enable debug output"

data/lib/claude_swarm/configuration.rb

@@ -76,6 +76,11 @@ module ClaudeSwarm
       # Validate required fields
       raise Error, "Instance '#{name}' missing required 'description' field" unless config["description"]
 
+      # Validate tool fields are arrays if present
+      validate_tool_field(name, config, "tools")
+      validate_tool_field(name, config, "allowed_tools")
+      validate_tool_field(name, config, "disallowed_tools")
+
       # Support both 'tools' (deprecated) and 'allowed_tools' for backward compatibility
       allowed_tools = config["allowed_tools"] || config["tools"] || []
 
@@ -129,6 +134,13 @@ module ClaudeSwarm
       end
     end
 
+    def validate_tool_field(instance_name, config, field_name)
+      return unless config.key?(field_name)
+
+      field_value = config[field_name]
+      raise Error, "Instance '#{instance_name}' field '#{field_name}' must be an array, got #{field_value.class.name}" unless field_value.is_a?(Array)
+    end
+
     def expand_path(path)
       Pathname.new(path).expand_path(@config_dir).to_s
     end

data/lib/claude_swarm/permission_mcp_server.rb

@@ -8,9 +8,22 @@ require_relative "permission_tool"
 
 module ClaudeSwarm
   class PermissionMcpServer
+    # Directory constants
     SWARM_DIR = ".claude-swarm"
     SESSIONS_DIR = "sessions"
 
+    # Server configuration
+    SERVER_NAME = "claude-swarm-permissions"
+    SERVER_VERSION = "1.0.0"
+
+    # Tool categories
+    FILE_TOOLS = %w[Read Write Edit].freeze
+    BASH_TOOL = "Bash"
+
+    # Pattern matching
+    TOOL_PATTERN_REGEX = /^([^()]+)\(([^)]+)\)$/
+    PARAM_PATTERN_REGEX = /^(\w+)\s*:\s*(.+)$/
+
     def initialize(allowed_tools: nil, disallowed_tools: nil)
       @allowed_tools = allowed_tools
       @disallowed_tools = disallowed_tools
@@ -18,64 +31,160 @@ module ClaudeSwarm
     end
 
     def start
-      # Parse allowed and disallowed tools
+      configure_permission_tool
+      create_and_start_server
+    end
+
+    private
+
+    def configure_permission_tool
       allowed_patterns = parse_tool_patterns(@allowed_tools)
       disallowed_patterns = parse_tool_patterns(@disallowed_tools)
 
-      @logger.info("Starting permission MCP server with allowed patterns: #{allowed_patterns.inspect}, " \
-                   "disallowed patterns: #{disallowed_patterns.inspect}")
+      log_configuration(allowed_patterns, disallowed_patterns)
 
-      # Set the patterns on the tool class
       PermissionTool.allowed_patterns = allowed_patterns
       PermissionTool.disallowed_patterns = disallowed_patterns
       PermissionTool.logger = @logger
+    end
 
+    def create_and_start_server
       server = FastMcp::Server.new(
-        name: "claude-swarm-permissions",
-        version: "1.0.0"
+        name: SERVER_NAME,
+        version: SERVER_VERSION
       )
 
-      # Register the tool class
       server.register_tool(PermissionTool)
-
       @logger.info("Permission MCP server started successfully")
-
-      # Start the stdio server
       server.start
     end
 
-    private
-
     def setup_logging
-      # Use environment variable for session timestamp if available
-      # Otherwise create a new timestamp
-      session_timestamp = ENV["CLAUDE_SWARM_SESSION_TIMESTAMP"] || Time.now.strftime("%Y%m%d_%H%M%S")
+      session_dir = create_session_directory
+      @logger = create_logger(session_dir)
+      @logger.info("Permission MCP server logging initialized")
+    end
 
-      # Ensure the session directory exists
+    def create_session_directory
+      session_timestamp = ENV["CLAUDE_SWARM_SESSION_TIMESTAMP"] || Time.now.strftime("%Y%m%d_%H%M%S")
       session_dir = File.join(Dir.pwd, SWARM_DIR, SESSIONS_DIR, session_timestamp)
       FileUtils.mkdir_p(session_dir)
+      session_dir
+    end
 
-      # Create logger with permissions.log filename
+    def create_logger(session_dir)
       log_path = File.join(session_dir, "permissions.log")
-      @logger = Logger.new(log_path)
-      @logger.level = Logger::DEBUG
+      logger = Logger.new(log_path)
+      logger.level = Logger::DEBUG
+      logger.formatter = log_formatter
+      logger
+    end
 
-      # Custom formatter for better readability
-      @logger.formatter = proc do |severity, datetime, _progname, msg|
+    def log_formatter
+      proc do |severity, datetime, _progname, msg|
         "[#{datetime.strftime("%Y-%m-%d %H:%M:%S.%L")}] [#{severity}] #{msg}\n"
       end
+    end
 
-      @logger.info("Permission MCP server logging initialized")
+    def log_configuration(allowed_patterns, disallowed_patterns)
+      @logger.info("Starting permission MCP server with allowed patterns: #{allowed_patterns.inspect}, " \
+                   "disallowed patterns: #{disallowed_patterns.inspect}")
     end
 
     def parse_tool_patterns(tools)
       return [] if tools.nil? || tools.empty?
 
-      # Handle both string and array inputs
-      tool_list = tools.is_a?(Array) ? tools : tools.split(/[,\s]+/)
+      normalize_tool_list(tools).filter_map do |tool|
+        parse_single_tool_pattern(tool.strip)
+      end
+    end
+
+    def normalize_tool_list(tools)
+      tools.is_a?(Array) ? tools : tools.split(/[,\s]+/)
+    end
+
+    def parse_single_tool_pattern(tool)
+      return nil if tool.empty?
+
+      if (match = tool.match(TOOL_PATTERN_REGEX))
+        parse_tool_with_pattern(match[1], match[2])
+      elsif tool.include?("*")
+        create_wildcard_tool_pattern(tool)
+      else
+        create_exact_tool_pattern(tool)
+      end
+    end
+
+    def parse_tool_with_pattern(tool_name, pattern)
+      case tool_name
+      when *FILE_TOOLS
+        create_file_tool_pattern(tool_name, pattern)
+      when BASH_TOOL
+        create_bash_tool_pattern(tool_name, pattern)
+      else
+        create_custom_tool_pattern(tool_name, pattern)
+      end
+    end
+
+    def create_file_tool_pattern(tool_name, pattern)
+      {
+        tool_name: tool_name,
+        pattern: File.expand_path(pattern),
+        type: :glob
+      }
+    end
+
+    def create_bash_tool_pattern(tool_name, pattern)
+      {
+        tool_name: tool_name,
+        pattern: process_bash_pattern(pattern),
+        type: :regex
+      }
+    end
+
+    def process_bash_pattern(pattern)
+      if pattern.include?(":")
+        # Colon syntax: convert parts and join with spaces
+        pattern.split(":")
+               .map { |part| part.gsub("*", ".*") }
+               .join(" ")
+      else
+        # Literal pattern: escape asterisks
+        pattern.gsub("*", "\\*")
+      end
+    end
+
+    def create_custom_tool_pattern(tool_name, pattern)
+      {
+        tool_name: tool_name,
+        pattern: parse_parameter_patterns(pattern),
+        type: :params
+      }
+    end
+
+    def parse_parameter_patterns(pattern)
+      pattern.split(",").each_with_object({}) do |param_pair, params|
+        param_pair = param_pair.strip
+        if (match = param_pair.match(PARAM_PATTERN_REGEX))
+          params[match[1]] = match[2]
+        end
+      end
+    end
+
+    def create_wildcard_tool_pattern(tool)
+      {
+        tool_name: tool.gsub("*", ".*"),
+        pattern: nil,
+        type: :regex
+      }
+    end
 
-      # Clean up and return
-      tool_list.map(&:strip).reject(&:empty?)
+    def create_exact_tool_pattern(tool)
+      {
+        tool_name: tool,
+        pattern: nil,
+        type: :exact
+      }
     end
   end
 end

data/lib/claude_swarm/permission_tool.rb

@@ -10,6 +10,17 @@ module ClaudeSwarm
       attr_accessor :allowed_patterns, :disallowed_patterns, :logger
     end
 
+    # Tool categories
+    FILE_TOOLS = %w[Read Write Edit].freeze
+    BASH_TOOL = "Bash"
+
+    # Response behaviors
+    BEHAVIOR_ALLOW = "allow"
+    BEHAVIOR_DENY = "deny"
+
+    # File matching flags
+    FILE_MATCH_FLAGS = File::FNM_DOTMATCH | File::FNM_PATHNAME | File::FNM_EXTGLOB
+
     tool_name "check_permission"
     description "Check if a tool is allowed to be used based on configured patterns"
 
@@ -19,69 +30,172 @@ module ClaudeSwarm
     end
 
     def call(tool_name:, input:)
-      logger = self.class.logger
-      logger.info("Permission check requested for tool: #{tool_name}")
-      logger.info("Tool input: #{input.inspect}")
+      @current_tool_name = tool_name
+      log_request(tool_name, input)
+
+      result = evaluate_permission(tool_name, input)
+      response = JSON.generate(result)
+
+      log_response(response)
+      response
+    end
 
-      allowed_patterns = self.class.allowed_patterns || []
-      disallowed_patterns = self.class.disallowed_patterns || []
+    private
+
+    def evaluate_permission(tool_name, input)
+      if explicitly_disallowed?(tool_name, input)
+        deny_response(tool_name, "explicitly disallowed")
+      elsif implicitly_allowed?(tool_name, input)
+        allow_response(input)
+      else
+        deny_response(tool_name, "not allowed by configured patterns")
+      end
+    end
+
+    def explicitly_disallowed?(tool_name, input)
+      check_patterns(disallowed_patterns, tool_name, input, "Disallowed")
+    end
 
-      logger.info("Checking against allowed patterns: #{allowed_patterns.inspect}")
-      logger.info("Checking against disallowed patterns: #{disallowed_patterns.inspect}")
+    def implicitly_allowed?(tool_name, input)
+      allowed_patterns.empty? || check_patterns(allowed_patterns, tool_name, input, "Allowed")
+    end
 
-      # Check if tool matches any disallowed pattern first (takes precedence)
-      disallowed = disallowed_patterns.any? do |pattern|
-        match = matches_pattern?(tool_name, pattern)
-        logger.info("Disallowed pattern '#{pattern}' vs '#{tool_name}': #{match}")
+    def check_patterns(patterns, tool_name, input, pattern_type)
+      patterns.any? do |pattern_hash|
+        match = matches_pattern?(tool_name, input, pattern_hash)
+        log_pattern_check(pattern_type, pattern_hash, tool_name, input, match)
         match
       end
+    end
+
+    def matches_pattern?(tool_name, input, pattern_hash)
+      return false unless tool_name_matches?(tool_name, pattern_hash)
+      return true if pattern_hash[:pattern].nil?
+
+      match_tool_specific_pattern(tool_name, input, pattern_hash)
+    end
 
-      if disallowed
-        logger.info("DENIED: Tool '#{tool_name}' matches disallowed pattern")
-        result = {
-          "behavior" => "deny",
-          "message" => "Tool '#{tool_name}' is explicitly disallowed"
-        }
+    def tool_name_matches?(tool_name, pattern_hash)
+      case pattern_hash[:type]
+      when :regex
+        tool_name.match?(/^#{pattern_hash[:tool_name]}$/)
       else
-        # Check if the tool matches any allowed pattern
-        allowed = allowed_patterns.empty? || allowed_patterns.any? do |pattern|
-          match = matches_pattern?(tool_name, pattern)
-          logger.info("Allowed pattern '#{pattern}' vs '#{tool_name}': #{match}")
-          match
-        end
-
-        result = if allowed
-                   logger.info("ALLOWED: Tool '#{tool_name}' matches configured patterns")
-                   {
-                     "behavior" => "allow",
-                     "updatedInput" => input
-                   }
-                 else
-                   logger.info("DENIED: Tool '#{tool_name}' does not match any allowed patterns")
-                   {
-                     "behavior" => "deny",
-                     "message" => "Tool '#{tool_name}' is not allowed by configured patterns"
-                   }
-                 end
+        tool_name == pattern_hash[:tool_name]
       end
+    end
 
-      # Return JSON-stringified result as per SDK docs
-      response = JSON.generate(result)
-      logger.info("Returning response: #{response}")
-      response
+    def match_tool_specific_pattern(_tool_name, input, pattern_hash)
+      case pattern_hash[:tool_name]
+      when BASH_TOOL
+        match_bash_pattern(input, pattern_hash)
+      when *FILE_TOOLS
+        match_file_pattern(input, pattern_hash[:pattern])
+      else
+        match_custom_tool_pattern(input, pattern_hash)
+      end
     end
 
-    private
+    def match_bash_pattern(input, pattern_hash)
+      command = extract_field_value(input, "command")
+      return false unless command
 
-    def matches_pattern?(tool_name, pattern)
-      if pattern.include?("*")
-        # Convert wildcard pattern to regex
-        regex_pattern = pattern.gsub("*", ".*")
-        tool_name.match?(/^#{regex_pattern}$/)
+      if pattern_hash[:type] == :regex
+        command.match?(/^#{pattern_hash[:pattern]}$/)
       else
-        # Exact match
-        tool_name == pattern
+        command == pattern_hash[:pattern]
       end
     end
+
+    def match_file_pattern(input, pattern)
+      file_path = extract_field_value(input, "file_path")
+      unless file_path
+        log_missing_field("file_path", input)
+        return false
+      end
+
+      File.fnmatch(pattern, File.expand_path(file_path), FILE_MATCH_FLAGS)
+    end
+
+    def match_custom_tool_pattern(input, pattern_hash)
+      return false unless pattern_hash[:type] == :params && pattern_hash[:pattern].is_a?(Hash)
+      return false if pattern_hash[:pattern].empty?
+
+      match_parameter_patterns(input, pattern_hash[:pattern])
+    end
+
+    def match_parameter_patterns(input, param_patterns)
+      param_patterns.all? do |param_name, param_pattern|
+        value = extract_field_value(input, param_name.to_s)
+        return false unless value
+
+        regex_pattern = glob_to_regex(param_pattern)
+        value.to_s.match?(/^#{regex_pattern}$/)
+      end
+    end
+
+    def extract_field_value(input, field_name)
+      input[field_name] || input[field_name.to_sym]
+    end
+
+    def glob_to_regex(pattern)
+      Regexp.escape(pattern)
+            .gsub('\*', ".*")
+            .gsub('\?', ".")
+    end
+
+    # Response builders
+    def allow_response(input)
+      log_decision("ALLOWED", "matches configured patterns")
+      {
+        "behavior" => BEHAVIOR_ALLOW,
+        "updatedInput" => input
+      }
+    end
+
+    def deny_response(tool_name, reason)
+      log_decision("DENIED", "is #{reason}")
+      {
+        "behavior" => BEHAVIOR_DENY,
+        "message" => "Tool '#{tool_name}' is #{reason}"
+      }
+    end
+
+    # Logging helpers
+    def log_request(tool_name, input)
+      logger&.info("Permission check requested for tool: #{tool_name}")
+      logger&.info("Tool input: #{input.inspect}")
+      logger&.info("Checking against allowed patterns: #{allowed_patterns.inspect}")
+      logger&.info("Checking against disallowed patterns: #{disallowed_patterns.inspect}")
+    end
+
+    def log_response(response)
+      logger&.info("Returning response: #{response}")
+    end
+
+    def log_pattern_check(pattern_type, pattern_hash, tool_name, input, match)
+      logger&.info("#{pattern_type} pattern '#{pattern_hash.inspect}' vs '#{tool_name}' " \
+                   "with input '#{input.inspect}': #{match}")
+    end
+
+    def log_decision(status, reason)
+      logger&.info("#{status}: Tool '#{@current_tool_name}' #{reason}")
+    end
+
+    def log_missing_field(field_name, input)
+      logger&.info("#{field_name} not found in input: #{input.inspect}")
+    end
+
+    # Convenience accessors
+    def logger
+      self.class.logger
+    end
+
+    def allowed_patterns
+      self.class.allowed_patterns || []
+    end
+
+    def disallowed_patterns
+      self.class.disallowed_patterns || []
+    end
   end
 end

data/lib/claude_swarm/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ClaudeSwarm
-  VERSION = "0.1.8"
+  VERSION = "0.1.10"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: claude_swarm
 version: !ruby/object:Gem::Version
-  version: 0.1.8
+  version: 0.1.10
 platform: ruby
 authors:
 - Paulo Arruda
@@ -59,6 +59,8 @@ files:
 - RELEASING.md
 - Rakefile
 - example/claude-swarm.yml
+- example/microservices-team.yml
+- example/test-generation.yml
 - exe/claude-swarm
 - lib/claude_swarm.rb
 - lib/claude_swarm/claude_code_executor.rb