claude_swarm 0.1.7 → 0.1.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0b5aa9e698fe0c055fc16aa5263df48a2c6e473179d5472e06f83c8845a3447c
-  data.tar.gz: ce36d61d30177b38e2f9dbb6f9b00fc1222f0d5ee4cb4539e75f912ad9777904
+  metadata.gz: 4694bdf654adfb2784e4156d504ace610c9b48bd7aedafb4d5571ee0483325e6
+  data.tar.gz: 9f26361aac4c2815b11f95ab28a67fbb684377d691b7ee5a1b99c89a1a4fa3c1
 SHA512:
-  metadata.gz: ffbac2fb59e4f76ab39efe172a89d1a11b0893efd763770ba3f4c6e52785df44d19cc0db9a8dd87e2df52c05c7d8cceadc47deb2a8304e34ccb2c921b781842c
-  data.tar.gz: dd4eeb38f8d56c3cd41570fe0be0ccda029240893780d95c82c134ad02d91c840ba8fd3fb344dc205c7a3345e37fbce33b8f633abd076390783b31babaf6014d
+  metadata.gz: 8c5d95adfea48bb560e8ed04d1149284fa199e72a9051e85f7e3e23222a1c117c96b6eb977a418bc573d41a6e6c846d7071dd552121d3810a33b0937ac3228c4
+  data.tar.gz: aaf42838c5caf597bde330171ebd0aca702089731794f2c45df395b177fe6871c96f27f5838da587a9454de7cc397ca8fae7f910c6f61b1f775f6c2911444823

data/CHANGELOG.md

@@ -1,3 +1,14 @@
+## [0.1.8]
+
+### Added
+- **Disallowed tools support**: New `disallowed_tools` YAML key for explicitly denying specific tools (takes precedence over allowed tools)
+
+### Changed
+- **Renamed YAML key**: `tools` renamed to `allowed_tools` while maintaining backward compatibility
+- Tool permissions now support both allow and deny patterns, with deny taking precedence
+- Both `--allowedTools` and `--disallowedTools` are passed as comma-separated lists to Claude
+- New CLI option `--stream-logs` - can only be used with `-p`
+
 ## [0.1.7]
 
 ### Added

data/README.md

@@ -1,5 +1,8 @@
 # Claude Swarm
 
+[![Gem Version](https://badge.fury.io/rb/claude_swarm.svg)](https://badge.fury.io/rb/claude_swarm)
+[![CI](https://github.com/parruda/claude-swarm/actions/workflows/ci.yml/badge.svg)](https://github.com/parruda/claude-swarm/actions/workflows/ci.yml)
+
 Claude Swarm orchestrates multiple Claude Code instances as a collaborative AI development team. It enables running AI agents with specialized roles, tools, and directory contexts, communicating via MCP (Model Context Protocol) in a tree-like hierarchy. Define your swarm topology in simple YAML and let Claude instances delegate tasks through connected instances. Perfect for complex projects requiring specialized AI agents for frontend, backend, testing, DevOps, or research tasks.
 
 ## Installation
@@ -24,7 +27,7 @@ bundle install
 
 ## Prerequisites
 
-- Ruby 3.1.0 or higher
+- Ruby 3.2.0 or higher
 - Claude CLI installed and configured
 - Any MCP servers you plan to use (optional)
 
@@ -45,7 +48,7 @@ swarm:
       directory: .
       model: opus
       connections: [frontend, backend]
-      tools: # Tools aren't required if you run it with `--vibe`
+      allowed_tools: # Tools aren't required if you run it with `--vibe`
         - Read
         - Edit
         - Bash
@@ -53,7 +56,7 @@ swarm:
       description: "Frontend specialist handling UI and user experience"
       directory: ./frontend
       model: opus
-      tools:
+      allowed_tools:
         - Edit
         - Write
         - Bash
@@ -61,7 +64,7 @@ swarm:
       description: "Backend developer managing APIs and data layer"
       directory: ./backend  
       model: opus
-      tools:
+      allowed_tools:
         - Edit
         - Write
         - Bash
@@ -98,7 +101,7 @@ swarm:
       model: opus
       connections: [frontend_lead, backend_lead, mobile_lead, devops]
       prompt: "You are the system architect coordinating between different service teams"
-      tools: [Read, Edit, WebSearch]
+      allowed_tools: [Read, Edit, WebSearch]
     
     frontend_lead:
       description: "Frontend team lead overseeing React development"
@@ -106,21 +109,21 @@ swarm:
       model: opus
       connections: [react_dev, css_expert]
       prompt: "You lead the web frontend team working with React"
-      tools: [Read, Edit, Bash]
+      allowed_tools: [Read, Edit, Bash]
     
     react_dev:
       description: "React developer specializing in components and state management"
       directory: ./web-frontend/src
       model: opus
       prompt: "You specialize in React components and state management"
-      tools: [Edit, Write, "Bash(npm:*)"]
+      allowed_tools: [Edit, Write, "Bash(npm:*)"]
     
     css_expert:
       description: "CSS specialist handling styling and responsive design"
       directory: ./web-frontend/styles
       model: opus
       prompt: "You handle all CSS and styling concerns"
-      tools: [Edit, Write, Read]
+      allowed_tools: [Edit, Write, Read]
     
     backend_lead:
       description: "Backend team lead managing API development"
@@ -128,21 +131,21 @@ swarm:
       model: opus
       connections: [api_dev, database_expert]
       prompt: "You lead the API backend team"
-      tools: [Read, Edit, Bash]
+      allowed_tools: [Read, Edit, Bash]
     
     api_dev:
       description: "API developer building REST endpoints"
       directory: ./api-server/src
       model: opus
       prompt: "You develop REST API endpoints"
-      tools: [Edit, Write, Bash]
+      allowed_tools: [Edit, Write, Bash]
     
     database_expert:
       description: "Database specialist managing schemas and migrations"
       directory: ./api-server/db
       model: opus
       prompt: "You handle database schema and migrations"
-      tools: [Edit, Write, "Bash(psql:*, migrate:*)"]
+      allowed_tools: [Edit, Write, "Bash(psql:*, migrate:*)"]
     
     mobile_lead:
       description: "Mobile team lead coordinating cross-platform development"
@@ -150,28 +153,28 @@ swarm:
       model: opus
       connections: [ios_dev, android_dev]
       prompt: "You coordinate mobile development across platforms"
-      tools: [Read, Edit]
+      allowed_tools: [Read, Edit]
     
     ios_dev:
       description: "iOS developer building native Apple applications"
       directory: ./mobile-app/ios
       model: opus
       prompt: "You develop the iOS application"
-      tools: [Edit, Write, "Bash(xcodebuild:*, pod:*)"]
+      allowed_tools: [Edit, Write, "Bash(xcodebuild:*, pod:*)"]
     
     android_dev:
       description: "Android developer creating native Android apps"
       directory: ./mobile-app/android
       model: opus
       prompt: "You develop the Android application"
-      tools: [Edit, Write, "Bash(gradle:*, adb:*)"]
+      allowed_tools: [Edit, Write, "Bash(gradle:*, adb:*)"]
     
     devops:
       description: "DevOps engineer managing CI/CD and infrastructure"
       directory: ./infrastructure
       model: opus
       prompt: "You handle CI/CD and infrastructure"
-      tools: [Read, Edit, "Bash(docker:*, kubectl:*)"]
+      allowed_tools: [Read, Edit, "Bash(docker:*, kubectl:*)"]
 ```
 
 In this setup:
@@ -205,7 +208,8 @@ Each instance can have:
 - **directory**: Working directory for this instance (can use ~ for home)
 - **model**: Claude model to use (opus, sonnet, haiku)
 - **connections**: Array of other instances this one can communicate with
-- **tools**: Array of tools this instance can use
+- **allowed_tools**: Array of tools this instance can use (backward compatible with `tools`)
+- **disallowed_tools**: Array of tools to explicitly deny (takes precedence over allowed_tools)
 - **mcps**: Array of additional MCP servers to connect
 - **prompt**: Custom system prompt to append to the instance
 - **vibe**: Enable vibe mode (--dangerously-skip-permissions) for this instance (default: false)
@@ -218,13 +222,16 @@ instance_name:
   connections: [other_instance1, other_instance2]
   prompt: "You are a specialized agent focused on..."
   vibe: false  # Set to true to skip all permission checks for this instance
-  tools:
+  allowed_tools:
     - Read
     - Edit
     - Write
     - Bash
     - WebFetch
     - WebSearch
+  disallowed_tools:  # Optional: explicitly deny specific tools
+    - "Write(*.log)"
+    - "Bash(rm:*)"
   mcps:
     - name: server_name
       type: stdio
@@ -260,23 +267,27 @@ mcps:
 Specify which tools each instance can use:
 
 ```yaml
-tools:
+allowed_tools:
   - Bash           # Command execution
   - Edit           # File editing
   - Write          # File creation
   - Read           # File reading
   - WebFetch       # Fetch web content
   - WebSearch      # Search the web
+
+disallowed_tools:  # Optional: explicitly deny specific tools
+  - "Write(*.md)"  # Don't allow writing markdown files
+  - "Bash(rm:*)"   # Don't allow rm commands
 ```
 
-Tools are passed to Claude using the `--allowedTools` flag with comma-separated values.
+Tools are passed to Claude using the `--allowedTools` and `--disallowedTools` flags with comma-separated values. Disallowed tools take precedence over allowed tools.
 
 #### Tool Restrictions
 
 You can restrict tools with pattern-based filters:
 
 ```yaml
-tools:
+allowed_tools:
   - Read                    # Unrestricted read access
   - Edit                    # Unrestricted edit access
   - "Bash(npm:*)"          # Only allow npm commands
@@ -299,7 +310,7 @@ swarm:
       model: opus
       connections: [frontend, backend, devops]
       prompt: "You are the lead architect responsible for system design and code quality"
-      tools:
+      allowed_tools:
         - Read
         - Edit
         - WebSearch
@@ -310,7 +321,7 @@ swarm:
       model: opus
       connections: [architect]
       prompt: "You specialize in React, TypeScript, and modern frontend development"
-      tools:
+      allowed_tools:
         - Edit
         - Write
         - Bash
@@ -320,7 +331,7 @@ swarm:
       directory: ./backend
       model: opus
       connections: [architect, database]
-      tools:
+      allowed_tools:
         - Edit
         - Write
         - Bash
@@ -329,7 +340,7 @@ swarm:
       description: "Database administrator managing data persistence"
       directory: ./db
       model: haiku
-      tools:
+      allowed_tools:
         - Read
         - Bash
         
@@ -338,7 +349,7 @@ swarm:
       directory: .
       model: opus
       connections: [architect]
-      tools:
+      allowed_tools:
         - Read
         - Edit
         - Bash
@@ -357,7 +368,7 @@ swarm:
       directory: ~/research
       model: opus
       connections: [data_analyst, writer]
-      tools:
+      allowed_tools:
         - Read
         - WebSearch
         - WebFetch
@@ -370,7 +381,7 @@ swarm:
       description: "Data analyst processing research data and statistics"
       directory: ~/research/data
       model: opus
-      tools:
+      allowed_tools:
         - Read
         - Write
         - Bash
@@ -384,7 +395,7 @@ swarm:
       description: "Technical writer preparing research documentation"
       directory: ~/research/papers
       model: opus
-      tools:
+      allowed_tools:
         - Edit
         - Write
         - Read
@@ -411,14 +422,14 @@ swarm:
       description: "Worker with restricted permissions"
       directory: ./sensitive
       model: sonnet
-      tools: [Read, "Bash(ls:*)"]  # Only allow read and ls commands
+      allowed_tools: [Read, "Bash(ls:*)"]  # Only allow read and ls commands
       
     trusted_worker:
       description: "Trusted worker with more permissions"
       directory: ./workspace
       model: sonnet
       vibe: true  # This instance also skips permissions
-      tools: []  # Tools list ignored when vibe: true
+      allowed_tools: []  # Tools list ignored when vibe: true
 ```
 
 ### Command Line Options
@@ -443,6 +454,7 @@ claude-swarm version
 
 # Start permission MCP server (for testing/debugging)
 claude-swarm tools-mcp --allowed-tools 'mcp__frontend__*,mcp__backend__*'
+claude-swarm tools-mcp --allowed-tools 'Read,Edit' --disallowed-tools 'Edit(*.log)'
 
 # Internal command for MCP server (used by connected instances)
 claude-swarm mcp-serve INSTANCE_NAME --config CONFIG_FILE --session-timestamp TIMESTAMP
@@ -458,6 +470,7 @@ claude-swarm mcp-serve INSTANCE_NAME --config CONFIG_FILE --session-timestamp TI
 3. **Tool Permissions**: Claude Swarm automatically manages tool permissions:
    - Each instance's configured tools are allowed via the permission MCP
    - Supports wildcard patterns (e.g., `mcp__frontend__*` allows all frontend MCP tools)
+   - Disallowed tools take precedence over allowed tools for fine-grained control
    - Eliminates the need to manually accept each tool or use global `--vibe` mode
    - Per-instance `vibe: true` skips all permission checks for that specific instance
    - The permission MCP uses `--permission-prompt-tool` to check tool access
@@ -537,6 +550,20 @@ bundle exec rake release    # Release gem to RubyGems.org
 rake                  # Default: runs both tests and RuboCop
 ```
 
+### Release Process
+
+The gem is automatically published to RubyGems when a new release is created on GitHub:
+
+1. Update the version number in `lib/claude_swarm/version.rb`
+2. Update `CHANGELOG.md` with the new version's changes
+3. Commit the changes: `git commit -am "Bump version to x.y.z"`
+4. Create a version tag: `git tag -a vx.y.z -m "Release version x.y.z"`
+5. Push the changes and tag: `git push && git push --tags`
+6. The GitHub workflow will create a draft release - review and publish it
+7. Once published, the gem will be automatically built and pushed to RubyGems
+
+**Note**: You need to set up the `RUBYGEMS_AUTH_TOKEN` secret in your GitHub repository settings with your RubyGems API key.
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/parruda/claude-swarm.

data/RELEASING.md

@@ -0,0 +1,110 @@
+# Releasing Claude Swarm
+
+This guide walks through the process of releasing a new version of Claude Swarm.
+
+## Prerequisites
+
+- Ensure you have push access to the repository
+- Ensure the `RUBYGEMS_AUTH_TOKEN` secret is configured in GitHub repository settings
+- Ensure all tests are passing on the main branch
+
+## Release Steps
+
+### 1. Update Version
+
+Edit `lib/claude_swarm/version.rb` and update the version number:
+
+```ruby
+module ClaudeSwarm
+  VERSION = "0.1.8"  # Update this
+end
+```
+
+### 2. Update Changelog
+
+Move items from the `[Unreleased]` section to a new version section in `CHANGELOG.md`:
+
+```markdown
+## [Unreleased]
+
+## [0.1.8] - 2025-06-02
+
+### Added
+- Feature X
+
+### Changed
+- Enhancement Y
+
+### Fixed
+- Bug Z
+```
+
+### 3. Commit Changes
+
+```bash
+git add lib/claude_swarm/version.rb CHANGELOG.md
+git commit -m "Bump version to 0.1.8"
+```
+
+### 4. Create and Push Tag
+
+```bash
+git tag -a v0.1.8 -m "Release version 0.1.8"
+git push origin main
+git push origin v0.1.8
+```
+
+### 5. Review Draft Release
+
+The GitHub workflow will automatically create a draft release. Review it at:
+https://github.com/parruda/claude-swarm/releases
+
+### 6. Publish Release
+
+Once you're satisfied with the release notes, click "Publish release". This will trigger the workflow to:
+- Run tests
+- Build the gem
+- Publish to RubyGems.org
+- Publish to GitHub Packages
+
+### 7. Verify Publication
+
+Check that the gem was published successfully:
+- RubyGems: https://rubygems.org/gems/claude_swarm
+- GitHub Packages: https://github.com/parruda/claude-swarm/packages
+
+## Troubleshooting
+
+### Failed Publication
+
+If the release workflow fails:
+
+1. Check the workflow logs at: https://github.com/parruda/claude-swarm/actions
+2. Common issues:
+   - Invalid `RUBYGEMS_AUTH_TOKEN` secret
+   - Test failures
+   - RuboCop violations
+   - Network issues
+
+### Manual Release
+
+If you need to release manually:
+
+```bash
+# Ensure you're on the correct tag
+git checkout v0.1.8
+
+# Build the gem
+gem build claude_swarm.gemspec
+
+# Push to RubyGems (requires credentials)
+gem push claude_swarm-0.1.8.gem
+```
+
+## Post-Release
+
+After a successful release:
+
+1. Create a new `[Unreleased]` section in `CHANGELOG.md`
+2. Announce the release (optional)
+3. Update any dependent projects

data/lib/claude_swarm/claude_code_executor.rb

@@ -196,13 +196,22 @@ module ClaudeSwarm
       # Add any allowed tools or vibe flag
       if @vibe
         cmd_array << "--dangerously-skip-permissions"
-      elsif options[:allowed_tools]
-        tools = Array(options[:allowed_tools]).join(",")
-        cmd_array += ["--allowedTools", tools]
-      end
+      else
+        # Add allowed tools if any
+        if options[:allowed_tools]
+          tools = Array(options[:allowed_tools]).join(",")
+          cmd_array += ["--allowedTools", tools]
+        end
 
-      # Add permission prompt tool if not in vibe mode
-      cmd_array += ["--permission-prompt-tool", "mcp__permissions__check_permission"] unless @vibe
+        # Add disallowed tools if any
+        if options[:disallowed_tools]
+          disallowed_tools = Array(options[:disallowed_tools]).join(",")
+          cmd_array += ["--disallowedTools", disallowed_tools]
+        end
+
+        # Add permission prompt tool if not in vibe mode
+        cmd_array += ["--permission-prompt-tool", "mcp__permissions__check_permission"]
+      end
 
       cmd_array
     end

data/lib/claude_swarm/cli.rb

@@ -20,6 +20,8 @@ module ClaudeSwarm
                          desc: "Run with --dangerously-skip-permissions for all instances"
     method_option :prompt, aliases: "-p", type: :string,
                            desc: "Prompt to pass to the main Claude instance (non-interactive mode)"
+    method_option :stream_logs, type: :boolean, default: false,
+                                desc: "Stream session logs to stdout (only works with -p)"
     def start(config_file = nil)
       config_path = config_file || options[:config]
       unless File.exist?(config_path)
@@ -28,6 +30,13 @@ module ClaudeSwarm
       end
 
       say "Starting Claude Swarm from #{config_path}..." unless options[:prompt]
+
+      # Validate stream_logs option
+      if options[:stream_logs] && !options[:prompt]
+        error "--stream-logs can only be used with -p/--prompt"
+        exit 1
+      end
+
       begin
         config = Configuration.new(config_path)
         session_timestamp = Time.now.strftime("%Y%m%d_%H%M%S")
@@ -35,7 +44,8 @@ module ClaudeSwarm
         orchestrator = Orchestrator.new(config, generator,
                                         vibe: options[:vibe],
                                         prompt: options[:prompt],
-                                        session_timestamp: session_timestamp)
+                                        session_timestamp: session_timestamp,
+                                        stream_logs: options[:stream_logs])
         orchestrator.start
       rescue Error => e
         error e.message
@@ -60,6 +70,8 @@ module ClaudeSwarm
                                 desc: "Description of the instance's role"
     method_option :tools, aliases: "-t", type: :array,
                           desc: "Allowed tools for the instance"
+    method_option :disallowed_tools, type: :array,
+                                     desc: "Disallowed tools for the instance"
     method_option :mcp_config_path, type: :string,
                                     desc: "Path to MCP configuration file"
     method_option :debug, type: :boolean, default: false,
@@ -76,6 +88,7 @@ module ClaudeSwarm
         prompt: options[:prompt],
         description: options[:description],
         tools: options[:tools] || [],
+        disallowed_tools: options[:disallowed_tools] || [],
         mcp_config_path: options[:mcp_config_path],
         vibe: options[:vibe]
       }
@@ -113,7 +126,7 @@ module ClaudeSwarm
               directory: .
               model: sonnet
               prompt: "You are the lead developer coordinating the team"
-              tools: [Read, Edit, Bash, Write]
+              allowed_tools: [Read, Edit, Bash, Write]
               # connections: [frontend_dev, backend_dev]
 
             # Example instances (uncomment and modify as needed):
@@ -123,28 +136,28 @@ module ClaudeSwarm
             #   directory: ./frontend
             #   model: sonnet
             #   prompt: "You specialize in frontend development with React, TypeScript, and modern web technologies"
-            #   tools: [Read, Edit, Write, "Bash(npm:*)", "Bash(yarn:*)", "Bash(pnpm:*)"]
+            #   allowed_tools: [Read, Edit, Write, "Bash(npm:*)", "Bash(yarn:*)", "Bash(pnpm:*)"]
 
             # backend_dev:
             #   description: "Backend developer focusing on APIs, databases, and server architecture"
             #   directory: ../other-app/backend
             #   model: sonnet
             #   prompt: "You specialize in backend development, APIs, databases, and server architecture"
-            #   tools: [Read, Edit, Write, Bash]
+            #   allowed_tools: [Read, Edit, Write, Bash]
 
             # devops_engineer:
             #   description: "DevOps engineer managing infrastructure, CI/CD, and deployments"
             #   directory: .
             #   model: sonnet
             #   prompt: "You specialize in infrastructure, CI/CD, containerization, and deployment"
-            #   tools: [Read, Edit, Write, "Bash(docker:*)", "Bash(kubectl:*)", "Bash(terraform:*)"]
+            #   allowed_tools: [Read, Edit, Write, "Bash(docker:*)", "Bash(kubectl:*)", "Bash(terraform:*)"]
 
             # qa_engineer:
             #   description: "QA engineer ensuring quality through comprehensive testing"
             #   directory: ./tests
             #   model: sonnet
             #   prompt: "You specialize in testing, quality assurance, and test automation"
-            #   tools: [Read, Edit, Write, Bash]
+            #   allowed_tools: [Read, Edit, Write, Bash]
       YAML
 
       File.write(config_path, template)
@@ -160,10 +173,12 @@ module ClaudeSwarm
     desc "tools-mcp", "Start a permission management MCP server for tool access control"
     method_option :allowed_tools, aliases: "-t", type: :array,
                                   desc: "Comma-separated list of allowed tool patterns (supports wildcards)"
+    method_option :disallowed_tools, type: :array,
+                                     desc: "Comma-separated list of disallowed tool patterns (supports wildcards)"
     method_option :debug, type: :boolean, default: false,
                           desc: "Enable debug output"
     def tools_mcp
-      server = PermissionMcpServer.new(allowed_tools: options[:allowed_tools])
+      server = PermissionMcpServer.new(allowed_tools: options[:allowed_tools], disallowed_tools: options[:disallowed_tools])
       server.start
     rescue StandardError => e
       error "Error starting permission MCP server: #{e.message}"

data/lib/claude_swarm/configuration.rb

@@ -76,12 +76,17 @@ module ClaudeSwarm
       # Validate required fields
       raise Error, "Instance '#{name}' missing required 'description' field" unless config["description"]
 
+      # Support both 'tools' (deprecated) and 'allowed_tools' for backward compatibility
+      allowed_tools = config["allowed_tools"] || config["tools"] || []
+
       {
         name: name,
         directory: expand_path(config["directory"] || "."),
         model: config["model"] || "sonnet",
         connections: Array(config["connections"]),
-        tools: Array(config["tools"]),
+        tools: Array(allowed_tools), # Keep as 'tools' internally for compatibility
+        allowed_tools: Array(allowed_tools),
+        disallowed_tools: Array(config["disallowed_tools"]),
         mcps: parse_mcps(config["mcps"] || []),
         prompt: config["prompt"],
         description: config["description"],

data/lib/claude_swarm/mcp_generator.rb

@@ -59,7 +59,7 @@ module ClaudeSwarm
       end
 
       # Add permission MCP server if not in vibe mode (global or instance-specific)
-      mcp_servers["permissions"] = build_permission_mcp_config(instance[:tools]) unless @vibe || instance[:vibe]
+      mcp_servers["permissions"] = build_permission_mcp_config(instance[:tools], instance[:disallowed_tools]) unless @vibe || instance[:vibe]
 
       config = {
         "mcpServers" => mcp_servers
@@ -105,6 +105,8 @@ module ClaudeSwarm
 
       args.push("--tools", instance[:tools].join(",")) if instance[:tools] && !instance[:tools].empty?
 
+      args.push("--disallowed-tools", instance[:disallowed_tools].join(",")) if instance[:disallowed_tools] && !instance[:disallowed_tools].empty?
+
       args.push("--mcp-config-path", mcp_config_path(name))
 
       args.push("--calling-instance", calling_instance) if calling_instance
@@ -118,7 +120,7 @@ module ClaudeSwarm
       }
     end
 
-    def build_permission_mcp_config(allowed_tools)
+    def build_permission_mcp_config(allowed_tools, disallowed_tools)
       exe_path = "claude-swarm"
 
       args = ["tools-mcp"]
@@ -126,6 +128,9 @@ module ClaudeSwarm
       # Add allowed tools if specified
       args.push("--allowed-tools", allowed_tools.join(",")) if allowed_tools && !allowed_tools.empty?
 
+      # Add disallowed tools if specified
+      args.push("--disallowed-tools", disallowed_tools.join(",")) if disallowed_tools && !disallowed_tools.empty?
+
       {
         "type" => "stdio",
         "command" => exe_path,

data/lib/claude_swarm/orchestrator.rb

@@ -4,12 +4,13 @@ require "shellwords"
 
 module ClaudeSwarm
   class Orchestrator
-    def initialize(configuration, mcp_generator, vibe: false, prompt: nil, session_timestamp: nil)
+    def initialize(configuration, mcp_generator, vibe: false, prompt: nil, session_timestamp: nil, stream_logs: false)
       @config = configuration
       @generator = mcp_generator
       @vibe = vibe
       @prompt = prompt
       @session_timestamp = session_timestamp || Time.now.strftime("%Y%m%d_%H%M%S")
+      @stream_logs = stream_logs
     end
 
     def start
@@ -39,7 +40,8 @@ module ClaudeSwarm
         puts "🚀 Launching main instance: #{@config.main_instance}"
         puts "   Model: #{main_instance[:model]}"
         puts "   Directory: #{main_instance[:directory]}"
-        puts "   Tools: #{main_instance[:tools].join(", ")}" if main_instance[:tools].any?
+        puts "   Allowed tools: #{main_instance[:tools].join(", ")}" if main_instance[:tools].any?
+        puts "   Disallowed tools: #{main_instance[:disallowed_tools].join(", ")}" if main_instance[:disallowed_tools]&.any?
         puts "   Connections: #{main_instance[:connections].join(", ")}" if main_instance[:connections].any?
         puts "   😎 Vibe mode ON for this instance" if main_instance[:vibe]
         puts
@@ -51,14 +53,52 @@ module ClaudeSwarm
         puts
       end
 
+      # Start log streaming thread if in non-interactive mode with --stream-logs
+      log_thread = nil
+      log_thread = start_log_streaming if @prompt && @stream_logs
+
       # Execute the main instance - this will cascade to other instances via MCP
       Dir.chdir(main_instance[:directory]) do
         system(*command)
       end
+
+      # Clean up log streaming thread
+      return unless log_thread
+
+      log_thread.terminate
+      log_thread.join
     end
 
     private
 
+    def start_log_streaming
+      Thread.new do
+        session_log_path = File.join(Dir.pwd, ClaudeSwarm::ClaudeCodeExecutor::SWARM_DIR,
+                                     ClaudeSwarm::ClaudeCodeExecutor::SESSIONS_DIR,
+                                     @session_timestamp, "session.log")
+
+        # Wait for log file to be created
+        sleep 0.1 until File.exist?(session_log_path)
+
+        # Open file and seek to end
+        File.open(session_log_path, "r") do |file|
+          file.seek(0, IO::SEEK_END)
+
+          loop do
+            changes = file.read
+            if changes
+              print changes
+              $stdout.flush
+            else
+              sleep 0.1
+            end
+          end
+        end
+      rescue StandardError
+        # Silently handle errors (file might be deleted, process might end, etc.)
+      end
+    end
+
     def build_main_command(instance)
       parts = [
         "claude",
@@ -68,11 +108,22 @@ module ClaudeSwarm
 
       if @vibe || instance[:vibe]
         parts << "--dangerously-skip-permissions"
-      elsif instance[:tools].any?
-        tools_str = instance[:tools].join(",")
-        parts << "--allowedTools"
-        parts << tools_str
-        # Add permission prompt tool
+      else
+        # Add allowed tools if any
+        if instance[:tools].any?
+          tools_str = instance[:tools].join(",")
+          parts << "--allowedTools"
+          parts << tools_str
+        end
+
+        # Add disallowed tools if any
+        if instance[:disallowed_tools]&.any?
+          disallowed_tools_str = instance[:disallowed_tools].join(",")
+          parts << "--disallowedTools"
+          parts << disallowed_tools_str
+        end
+
+        # Add permission prompt tool unless in vibe mode
         parts << "--permission-prompt-tool"
         parts << "mcp__permissions__check_permission"
       end

data/lib/claude_swarm/permission_mcp_server.rb

@@ -11,19 +11,23 @@ module ClaudeSwarm
     SWARM_DIR = ".claude-swarm"
     SESSIONS_DIR = "sessions"
 
-    def initialize(allowed_tools: nil)
+    def initialize(allowed_tools: nil, disallowed_tools: nil)
       @allowed_tools = allowed_tools
+      @disallowed_tools = disallowed_tools
       setup_logging
     end
 
     def start
-      # Parse allowed tools
-      allowed_patterns = parse_allowed_tools(@allowed_tools)
+      # Parse allowed and disallowed tools
+      allowed_patterns = parse_tool_patterns(@allowed_tools)
+      disallowed_patterns = parse_tool_patterns(@disallowed_tools)
 
-      @logger.info("Starting permission MCP server with allowed patterns: #{allowed_patterns.inspect}")
+      @logger.info("Starting permission MCP server with allowed patterns: #{allowed_patterns.inspect}, " \
+                   "disallowed patterns: #{disallowed_patterns.inspect}")
 
       # Set the patterns on the tool class
       PermissionTool.allowed_patterns = allowed_patterns
+      PermissionTool.disallowed_patterns = disallowed_patterns
       PermissionTool.logger = @logger
 
       server = FastMcp::Server.new(
@@ -64,7 +68,7 @@ module ClaudeSwarm
       @logger.info("Permission MCP server logging initialized")
     end
 
-    def parse_allowed_tools(tools)
+    def parse_tool_patterns(tools)
       return [] if tools.nil? || tools.empty?
 
       # Handle both string and array inputs

data/lib/claude_swarm/permission_tool.rb

@@ -5,9 +5,9 @@ require "fast_mcp"
 
 module ClaudeSwarm
   class PermissionTool < FastMcp::Tool
-    # Class variables to store allowed patterns and logger
+    # Class variables to store allowed/disallowed patterns and logger
     class << self
-      attr_accessor :allowed_patterns, :logger
+      attr_accessor :allowed_patterns, :disallowed_patterns, :logger
     end
 
     tool_name "check_permission"
@@ -23,41 +23,65 @@ module ClaudeSwarm
       logger.info("Permission check requested for tool: #{tool_name}")
       logger.info("Tool input: #{input.inspect}")
 
-      # Check if the tool matches any allowed pattern
-      patterns = self.class.allowed_patterns || []
-      logger.info("Checking against patterns: #{patterns.inspect}")
-
-      allowed = patterns.any? do |pattern|
-        match = if pattern.include?("*")
-                  # Convert wildcard pattern to regex
-                  regex_pattern = pattern.gsub("*", ".*")
-                  tool_name.match?(/^#{regex_pattern}$/)
-                else
-                  # Exact match
-                  tool_name == pattern
-                end
-        logger.info("Pattern '#{pattern}' vs '#{tool_name}': #{match}")
+      allowed_patterns = self.class.allowed_patterns || []
+      disallowed_patterns = self.class.disallowed_patterns || []
+
+      logger.info("Checking against allowed patterns: #{allowed_patterns.inspect}")
+      logger.info("Checking against disallowed patterns: #{disallowed_patterns.inspect}")
+
+      # Check if tool matches any disallowed pattern first (takes precedence)
+      disallowed = disallowed_patterns.any? do |pattern|
+        match = matches_pattern?(tool_name, pattern)
+        logger.info("Disallowed pattern '#{pattern}' vs '#{tool_name}': #{match}")
         match
       end
 
-      result = if allowed
-                 logger.info("ALLOWED: Tool '#{tool_name}' matches configured patterns")
-                 {
-                   "behavior" => "allow",
-                   "updatedInput" => input
-                 }
-               else
-                 logger.info("DENIED: Tool '#{tool_name}' does not match any configured patterns")
-                 {
-                   "behavior" => "deny",
-                   "message" => "Tool '#{tool_name}' is not allowed by configured patterns"
-                 }
-               end
+      if disallowed
+        logger.info("DENIED: Tool '#{tool_name}' matches disallowed pattern")
+        result = {
+          "behavior" => "deny",
+          "message" => "Tool '#{tool_name}' is explicitly disallowed"
+        }
+      else
+        # Check if the tool matches any allowed pattern
+        allowed = allowed_patterns.empty? || allowed_patterns.any? do |pattern|
+          match = matches_pattern?(tool_name, pattern)
+          logger.info("Allowed pattern '#{pattern}' vs '#{tool_name}': #{match}")
+          match
+        end
+
+        result = if allowed
+                   logger.info("ALLOWED: Tool '#{tool_name}' matches configured patterns")
+                   {
+                     "behavior" => "allow",
+                     "updatedInput" => input
+                   }
+                 else
+                   logger.info("DENIED: Tool '#{tool_name}' does not match any allowed patterns")
+                   {
+                     "behavior" => "deny",
+                     "message" => "Tool '#{tool_name}' is not allowed by configured patterns"
+                   }
+                 end
+      end
 
       # Return JSON-stringified result as per SDK docs
       response = JSON.generate(result)
       logger.info("Returning response: #{response}")
       response
     end
+
+    private
+
+    def matches_pattern?(tool_name, pattern)
+      if pattern.include?("*")
+        # Convert wildcard pattern to regex
+        regex_pattern = pattern.gsub("*", ".*")
+        tool_name.match?(/^#{regex_pattern}$/)
+      else
+        # Exact match
+        tool_name == pattern
+      end
+    end
   end
 end

data/lib/claude_swarm/task_tool.rb

@@ -23,6 +23,9 @@ module ClaudeSwarm
       # Add allowed tools from instance config
       options[:allowed_tools] = instance_config[:tools] if instance_config[:tools]&.any?
 
+      # Add disallowed tools from instance config
+      options[:disallowed_tools] = instance_config[:disallowed_tools] if instance_config[:disallowed_tools]&.any?
+
       response = executor.execute(prompt, options)
 
       # Return just the result text as expected by MCP

data/lib/claude_swarm/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ClaudeSwarm
-  VERSION = "0.1.7"
+  VERSION = "0.1.8"
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: claude_swarm
 version: !ruby/object:Gem::Version
-  version: 0.1.7
+  version: 0.1.8
 platform: ruby
 authors:
 - Paulo Arruda
 bindir: exe
 cert_chain: []
-date: 2025-06-03 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -56,8 +56,8 @@ files:
 - CLAUDE.md
 - LICENSE
 - README.md
+- RELEASING.md
 - Rakefile
-- claude-swarm.yml
 - example/claude-swarm.yml
 - exe/claude-swarm
 - lib/claude_swarm.rb
@@ -87,14 +87,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.1.0
+      version: 3.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.6.7
 specification_version: 4
 summary: Orchestrate multiple Claude Code instances as a collaborative AI development
   team

data/claude-swarm.yml

@@ -1,26 +0,0 @@
-version: 1
-swarm:
-  name: "Swarm Name"
-  main: lead_developer
-  instances:
-    lead_developer:
-      description: "Lead developer coordinating the team and making architectural decisions"
-      directory: .
-      model: opus
-      prompt: "You are the lead developer coordinating the team"
-      vibe: true
-      connections: [frontend_dev]
-
-    # Example instances (uncomment and modify as needed):
-
-    frontend_dev:
-      description: "Frontend developer specializing in React and modern web technologies"
-      directory: .
-      model: opus
-      prompt: "You specialize in frontend development with React, TypeScript, and modern web technologies"
-      tools: [mcp__headless_browser__*]
-      mcps:
-        - name: headless_browser
-          type: stdio
-          command: bundle
-          args: ["exec", "hbt", "stdio"]