@gethmy/agent 1.15.0 → 1.16.0

package/dist/cli.js

@@ -1666,6 +1666,9 @@ function getStageLoop(stage) {
 function isConvergeLoop(loop) {
   return loop !== null && loop.mode === "converge";
 }
+function resolveLoopExitGate(stage, loop) {
+  return loop.exit_gate ?? stage.gate ?? null;
+}
 function decideLoopContinuation(args) {
   const { loop, gatePassed, hasExitGate, completedIterations } = args;
   const max = Math.max(1, Math.floor(loop.max_iterations) || 1);
@@ -1714,7 +1717,10 @@ function entryActionAllowlist(entryAction) {
     return `mcp__${entryAction}`;
   return null;
 }
-var DEFAULT_LOOP_MAX_ITERATIONS = 5, SKILL_TOOL_ALLOWLIST, HARMONY_TOOL_RE;
+function stageDisallowedTools() {
+  return STAGE_DAEMON_OWNED_TOOLS.length > 0 ? STAGE_DAEMON_OWNED_TOOLS.join(",") : null;
+}
+var DEFAULT_LOOP_MAX_ITERATIONS = 5, SKILL_TOOL_ALLOWLIST, HARMONY_TOOL_RE, STAGE_DAEMON_OWNED_TOOLS;
 var init_playbookStage = __esm(() => {
   SKILL_TOOL_ALLOWLIST = {
     hmy: "Bash,Read,Write,Edit,Glob,Grep,Agent,mcp__harmony__*",
@@ -1725,6 +1731,11 @@ var init_playbookStage = __esm(() => {
     "hmy-standup": "Read,Grep,Glob,mcp__harmony__*"
   };
   HARMONY_TOOL_RE = /^harmony_[a-z_]+$/;
+  STAGE_DAEMON_OWNED_TOOLS = [
+    "mcp__harmony__harmony_end_agent_session",
+    "mcp__harmony__harmony_start_agent_session",
+    "mcp__harmony__harmony_move_card"
+  ];
 });
 
 // ../harmony-shared/dist/projectTemplates.js
@@ -2159,6 +2170,58 @@ function cleanupWorktree(worktreePath, branchName) {
     } catch {}
   }
 }
+function resolveRepoRoot() {
+  return execFileSync3("git", ["rev-parse", "--show-toplevel"], {
+    encoding: "utf-8"
+  }).trim();
+}
+function branchAheadOfItsRemote(branchName, repoRoot = resolveRepoRoot()) {
+  try {
+    const out = execFileSync3("git", ["rev-list", branchName, "--not", "--remotes=origin"], { cwd: repoRoot, encoding: "utf-8" }).trim();
+    return out.length > 0;
+  } catch {
+    return false;
+  }
+}
+async function rescueUnpushedBranch(client, cardId, branchName, repoRoot = resolveRepoRoot()) {
+  const { getBranchWebUrl: getBranchWebUrl2, pushBranch: pushBranch2 } = await Promise.resolve().then(() => (init_git_pr(), exports_git_pr));
+  try {
+    pushBranch2(branchName, repoRoot);
+  } catch (err) {
+    log.error(TAG5, `push-rescue failed for ${branchName} — leaving local branch ref intact (recoverable via git reflog / the local branch): ${err instanceof Error ? err.message : err}`);
+    return false;
+  }
+  log.warn(TAG5, `push-rescued unpushed branch ${branchName} to origin before teardown`);
+  try {
+    const url = getBranchWebUrl2(branchName, repoRoot);
+    const recover = url ? `View it at ${url} or recover locally: \`git fetch && git checkout ${branchName}\`` : `Recover it locally: \`git fetch && git checkout ${branchName}\``;
+    const body = `⚠ Run ended before completion. Committed work was push-rescued to ` + `\`origin/${branchName}\` so it isn't lost. ${recover}`;
+    await client.addComment(cardId, body, { commentType: "message" });
+  } catch (err) {
+    log.warn(TAG5, `push-rescue comment failed for ${branchName} (work is still safe on origin): ${err instanceof Error ? err.message : err}`);
+  }
+  return true;
+}
+async function teardownWorktree(client, cardId, worktreePath, branchName) {
+  let skipBranchDelete = false;
+  if (branchName && cardId) {
+    let repoRoot;
+    try {
+      repoRoot = resolveRepoRoot();
+    } catch {
+      cleanupWorktree(worktreePath, branchName);
+      return;
+    }
+    if (branchAheadOfItsRemote(branchName, repoRoot)) {
+      const ok = await rescueUnpushedBranch(client, cardId, branchName, repoRoot);
+      if (!ok) {
+        skipBranchDelete = true;
+        log.error(TAG5, `Keeping local branch ${branchName} (push-rescue failed) to avoid orphaning its commit`);
+      }
+    }
+  }
+  cleanupWorktree(worktreePath, skipBranchDelete ? undefined : branchName);
+}
 function makeBranchName(shortId, title, prefix = "agent-attempts/") {
   const slug = title.toLowerCase().trim().replace(/[^\w\s-]/g, "").replace(/\s+/g, "-").replace(/-+/g, "-").replace(/^-+|-+$/g, "").slice(0, 40);
   return `${prefix}${shortId}-${slug || "task"}`;
@@ -3509,7 +3572,7 @@ async function runCompletion(client, card, branchName, worktreePath, config, wor
       failureSummary,
       ...buildTokenPayload(sessionStats)
     });
-    cleanupWorktree(worktreePath, branchName);
+    await teardownWorktree(client, card.id, worktreePath, branchName);
     return false;
   }
   log.info(TAG14, `Pushing branch ${branchName} (pre-verify)...`);
@@ -3591,7 +3654,7 @@ async function runCompletion(client, card, branchName, worktreePath, config, wor
         recoveryBranch: branchName,
         ...buildTokenPayload(sessionStats)
       });
-      cleanupWorktree(worktreePath, branchName);
+      await teardownWorktree(client, card.id, worktreePath, branchName);
       return false;
     }
     log.info(TAG14, `Verification passed for #${card.short_id}`);
@@ -3647,7 +3710,7 @@ async function runCompletion(client, card, branchName, worktreePath, config, wor
       log.warn(TAG14, `onBeforeWorktreeCleanup hook failed for #${card.short_id}: ${err instanceof Error ? err.message : err}`);
     }
   }
-  cleanupWorktree(worktreePath, branchName);
+  await teardownWorktree(client, card.id, worktreePath, branchName);
   log.info(TAG14, `Completion done for #${card.short_id}${prUrl ? ` — PR: ${prUrl}` : ""}`);
   return true;
 }
@@ -3967,6 +4030,7 @@ class SdkAgentRunner {
       cwd: input.cwd,
       model: input.model ?? this.cfg.model,
       allowedTools: allowed,
+      ...this.cfg.disallowedTools && this.cfg.disallowedTools.length > 0 ? { disallowedTools: this.cfg.disallowedTools } : {},
       tools: builtinTools,
       permissionMode: "dontAsk",
       maxTurns: this.cfg.maxTurns,
@@ -6918,7 +6982,7 @@ async function buildPrompt(enriched, branchName, worktreePath, client, workspace
       variant: "execute",
       customConstraints: `You are working in a git worktree at \`${worktreePath}\` on branch \`${branchName}\`.
 Do NOT push to main. All your work stays on \`${branchName}\`.
-When finished, call harmony_end_agent_session with status="completed".`
+The daemon owns the run lifecycle: once your work is committed it ends the agent session, pushes the branch, and moves the card to Review for you. Do NOT call harmony_end_agent_session, do NOT start a new session, and do NOT move the card or change its column yourself. If the skill driving this work tells you to move the card or end the session as a final step, SKIP it — it is handled for you (those tools are disabled for this run). Finish the implementation, commit, and stop.`
     });
     log.info(TAG27, `Generated prompt for #${card.short_id} — ${result.contextSummary.memoryCount} memories, ${result.tokenEstimate} tokens`);
     return result.prompt + pastEpisodesSection;
@@ -7028,7 +7092,7 @@ ${subtaskStr}
    Include a brief currentTask description.
 3. Implement the changes on branch \`${branchName}\`
 4. Commit your work with clear, descriptive commit messages
-5. When finished, call harmony_end_agent_session with status="completed"
+5. When the work is committed, STOP. The daemon owns the run lifecycle: it ends the agent session, pushes the branch, and moves the card to Review for you. Do NOT call harmony_end_agent_session, do NOT start a new session, and do NOT move the card or change its column yourself — those tools are disabled for this run.
 
 You are working in a git worktree at \`${worktreePath}\` on branch \`${branchName}\`.
 Do NOT push to main. All your work stays on \`${branchName}\`.`;
@@ -7077,7 +7141,7 @@ function firstErrorMessage(evaluation) {
   return e ? e.message : null;
 }
 async function advanceConvergeLoop(card, stage, stageIndex, def, evaluation, loop, deps) {
-  const hasExitGate = loop.exit_gate != null;
+  const hasExitGate = resolveLoopExitGate(stage, loop) != null;
   const gatePassed = hasExitGate ? evaluation?.passed ?? false : false;
   const gateResult = !hasExitGate ? "skipped" : gatePassed ? "passed" : "failed";
   const maxIterations = Math.max(1, Math.floor(loop.max_iterations) || 1);
@@ -7330,7 +7394,7 @@ function buildStagePreamble(stage) {
       lines.push(`Hand off when done: ${summary.trim()}`);
     }
   }
-  lines.push("Do only this stage's work. When the stage's handoff is met, end your session — advancement to the next stage is handled by the board.");
+  lines.push("Do only this stage's work, then stop. The daemon owns the run lifecycle here: it ends the agent session and performs every card move and stage advancement automatically once your stage work is done. Do NOT call `harmony_end_agent_session`, do NOT start a new session, and do NOT move the card or change its column yourself. If the skill driving this stage tells you to move the card (e.g. to Review) or end your session as a final step, SKIP that step — it is handled for you. Those tools are disabled for this run, so attempting them only wastes turns. Finish the stage's work and stop.");
   if (normalizeGateSpec(stage.gate)?.kind === "review_passed") {
     lines.push("", "**This stage's gate is `review_passed` — your deliverable is a review verdict, not a prose handoff.** Do NOT end the session until you have actually reviewed the change and emitted EXACTLY one JSON block as the LAST thing you output (nothing after it):", "```json", REVIEW_VERDICT_SCHEMA, "```", "Decision rules:", REVIEW_DECISION_RULES, "The board reads this verdict to decide advancement: `approved` advances the card, `rejected` sends it back. A missing or unparseable verdict blocks the card. Do NOT modify any code — this is a read-only review.");
   }
@@ -7343,6 +7407,13 @@ function buildSteeringPrompt(messages) {
   return messages.map((m, i) => `${i + 1}. ${m}`).join(`
 `);
 }
+function computeRunSpawnGating(stageAllowedTools) {
+  const denylist = stageDisallowedTools();
+  return {
+    ...stageAllowedTools ? { allowedTools: stageAllowedTools } : {},
+    ...denylist ? { disallowedTools: denylist } : {}
+  };
+}
 
 class Worker {
   config;
@@ -7371,6 +7442,7 @@ class Worker {
   timedOut = false;
   verificationFailed = false;
   held = false;
+  activeRunSpawnOpts = null;
   completionStarted = false;
   sessionId = null;
   runId = null;
@@ -7450,6 +7522,7 @@ class Worker {
     this.lastRunText = "";
     this.cliSessionId = null;
     this.lastDrainedSeq = 0;
+    this.activeRunSpawnOpts = null;
     this.cardId = card.id;
     this.startedAt = Date.now();
     this.runId = newRunId();
@@ -7570,9 +7643,10 @@ class Worker {
         this.timedOut = true;
         this.cancel();
       }, this.config.maxTimeout);
+      this.activeRunSpawnOpts = computeRunSpawnGating(stageCtx.kind === "run" ? stageCtx.allowedTools : null);
       await this.spawnClaude(prompt, card, subtasks, {
         model: this.selectImplementModel(card),
-        ...stageCtx.kind === "run" ? { allowedTools: stageCtx.allowedTools } : {}
+        ...this.activeRunSpawnOpts ?? {}
       });
       if (this.aborted)
         return;
@@ -7647,7 +7721,7 @@ class Worker {
       }
       if (this.worktreePath) {
         try {
-          cleanupWorktree(this.worktreePath, this.branchName ?? undefined);
+          await teardownWorktree(this.client, card.id, this.worktreePath, this.branchName ?? undefined);
         } catch {
           log.warn(this.tag, "Failed to cleanup worktree before requeue");
         }
@@ -7691,7 +7765,7 @@ class Worker {
       } else if (this.runId && this.timedOut) {
         if (this.worktreePath) {
           try {
-            cleanupWorktree(this.worktreePath, this.branchName ?? undefined);
+            await teardownWorktree(this.client, card.id, this.worktreePath, this.branchName ?? undefined);
           } catch {
             log.warn(this.tag, "Failed to cleanup worktree before requeue");
           }
@@ -7781,7 +7855,7 @@ class Worker {
           await this.cliRunner.flushFinal();
         } catch {}
       }
-      this.cleanup();
+      await this.cleanup();
       this.state = "idle";
       this.onDone(this);
     }
@@ -7907,7 +7981,7 @@ class Worker {
   async collectStageGateEvidence(card, stage, worktreePath, subtasks) {
     try {
       const loop = getStageLoop(stage);
-      const gateSource = isConvergeLoop(loop) ? loop?.exit_gate ?? null : stage.gate;
+      const gateSource = isConvergeLoop(loop) && loop ? resolveLoopExitGate(stage, loop) : stage.gate;
       const gate = normalizeGateSpec(gateSource);
       if (!gate) {
         return null;
@@ -8205,7 +8279,8 @@ class Worker {
         await this.spawnClaude(buildSteeringPrompt(messages.map((m) => m.text)), card, subtasks, {
           model: this.selectImplementModel(card),
           maxTurns: STEERING_MAX_TURNS,
-          resumeSessionId: this.cliSessionId
+          resumeSessionId: this.cliSessionId,
+          ...this.activeRunSpawnOpts ?? {}
         });
       } catch (err) {
         log.warn(this.tag, `Steering resume failed (non-fatal): ${err instanceof Error ? err.message : err}`);
@@ -8233,6 +8308,7 @@ class Worker {
         String(maxTurns),
         "--allowedTools",
         allowedTools,
+        ...opts.disallowedTools ? ["--disallowedTools", opts.disallowedTools] : [],
         ...opts.resumeSessionId ? ["--resume", opts.resumeSessionId] : [],
         ...this.config.claude.additionalArgs,
         "--",
@@ -8320,6 +8396,7 @@ class Worker {
     const model = opts.model ?? this.config.claude.model;
     const maxTurns = opts.maxTurns ?? this.config.claude.maxTurns;
     const allowedTools = (opts.allowedTools ?? IMPLEMENT_ALLOWED_TOOLS).split(",").map((t) => t.trim()).filter(Boolean);
+    const disallowedTools = opts.disallowedTools ? opts.disallowedTools.split(",").map((t) => t.trim()).filter(Boolean) : undefined;
     const initialPhase = opts.initialPhase ?? "exploring";
     const sdkCfg = this.config.sdk;
     log.info(this.tag, `Spawning Agent SDK runner (model=${model}, maxTurns=${maxTurns}${opts.resumeSessionId ? ", resume" : ""})`);
@@ -8339,6 +8416,7 @@ class Worker {
       model,
       maxTurns,
       allowedTools,
+      ...disallowedTools ? { disallowedTools } : {},
       maxBudgetUsd: sdkCfg?.maxBudgetUsd,
       settingSources: sdkCfg?.settingSources,
       mcpServers: sdkCfg?.mcpServers,
@@ -8405,7 +8483,7 @@ class Worker {
       throw err;
     }
   }
-  cleanup() {
+  async cleanup() {
     if (this.progressTracker) {
       this.progressTracker.stop();
       this.progressTracker = null;
@@ -8423,7 +8501,7 @@ class Worker {
     }
     if (this.worktreePath && (this.state === "error" || this.timedOut || this.aborted)) {
       try {
-        cleanupWorktree(this.worktreePath, this.branchName ?? undefined);
+        await teardownWorktree(this.client, this.cardId, this.worktreePath, this.branchName ?? undefined);
       } catch {
         log.warn(this.tag, "Failed to cleanup worktree");
       }
@@ -8904,7 +8982,7 @@ async function recoverRun(run, store, client, config, outcome) {
   }
   if (run.worktreePath) {
     try {
-      cleanupWorktree(run.worktreePath, run.branchName ?? undefined);
+      await teardownWorktree(client, run.cardId, run.worktreePath, run.branchName ?? undefined);
       outcome.actions.push("cleaned up worktree");
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err);

package/dist/index.js

@@ -1665,6 +1665,9 @@ function getStageLoop(stage) {
 function isConvergeLoop(loop) {
   return loop !== null && loop.mode === "converge";
 }
+function resolveLoopExitGate(stage, loop) {
+  return loop.exit_gate ?? stage.gate ?? null;
+}
 function decideLoopContinuation(args) {
   const { loop, gatePassed, hasExitGate, completedIterations } = args;
   const max = Math.max(1, Math.floor(loop.max_iterations) || 1);
@@ -1713,7 +1716,10 @@ function entryActionAllowlist(entryAction) {
     return `mcp__${entryAction}`;
   return null;
 }
-var DEFAULT_LOOP_MAX_ITERATIONS = 5, SKILL_TOOL_ALLOWLIST, HARMONY_TOOL_RE;
+function stageDisallowedTools() {
+  return STAGE_DAEMON_OWNED_TOOLS.length > 0 ? STAGE_DAEMON_OWNED_TOOLS.join(",") : null;
+}
+var DEFAULT_LOOP_MAX_ITERATIONS = 5, SKILL_TOOL_ALLOWLIST, HARMONY_TOOL_RE, STAGE_DAEMON_OWNED_TOOLS;
 var init_playbookStage = __esm(() => {
   SKILL_TOOL_ALLOWLIST = {
     hmy: "Bash,Read,Write,Edit,Glob,Grep,Agent,mcp__harmony__*",
@@ -1724,6 +1730,11 @@ var init_playbookStage = __esm(() => {
     "hmy-standup": "Read,Grep,Glob,mcp__harmony__*"
   };
   HARMONY_TOOL_RE = /^harmony_[a-z_]+$/;
+  STAGE_DAEMON_OWNED_TOOLS = [
+    "mcp__harmony__harmony_end_agent_session",
+    "mcp__harmony__harmony_start_agent_session",
+    "mcp__harmony__harmony_move_card"
+  ];
 });
 
 // ../harmony-shared/dist/projectTemplates.js
@@ -2158,6 +2169,58 @@ function cleanupWorktree(worktreePath, branchName) {
     } catch {}
   }
 }
+function resolveRepoRoot() {
+  return execFileSync3("git", ["rev-parse", "--show-toplevel"], {
+    encoding: "utf-8"
+  }).trim();
+}
+function branchAheadOfItsRemote(branchName, repoRoot = resolveRepoRoot()) {
+  try {
+    const out = execFileSync3("git", ["rev-list", branchName, "--not", "--remotes=origin"], { cwd: repoRoot, encoding: "utf-8" }).trim();
+    return out.length > 0;
+  } catch {
+    return false;
+  }
+}
+async function rescueUnpushedBranch(client, cardId, branchName, repoRoot = resolveRepoRoot()) {
+  const { getBranchWebUrl: getBranchWebUrl2, pushBranch: pushBranch2 } = await Promise.resolve().then(() => (init_git_pr(), exports_git_pr));
+  try {
+    pushBranch2(branchName, repoRoot);
+  } catch (err) {
+    log.error(TAG5, `push-rescue failed for ${branchName} — leaving local branch ref intact (recoverable via git reflog / the local branch): ${err instanceof Error ? err.message : err}`);
+    return false;
+  }
+  log.warn(TAG5, `push-rescued unpushed branch ${branchName} to origin before teardown`);
+  try {
+    const url = getBranchWebUrl2(branchName, repoRoot);
+    const recover = url ? `View it at ${url} or recover locally: \`git fetch && git checkout ${branchName}\`` : `Recover it locally: \`git fetch && git checkout ${branchName}\``;
+    const body = `⚠ Run ended before completion. Committed work was push-rescued to ` + `\`origin/${branchName}\` so it isn't lost. ${recover}`;
+    await client.addComment(cardId, body, { commentType: "message" });
+  } catch (err) {
+    log.warn(TAG5, `push-rescue comment failed for ${branchName} (work is still safe on origin): ${err instanceof Error ? err.message : err}`);
+  }
+  return true;
+}
+async function teardownWorktree(client, cardId, worktreePath, branchName) {
+  let skipBranchDelete = false;
+  if (branchName && cardId) {
+    let repoRoot;
+    try {
+      repoRoot = resolveRepoRoot();
+    } catch {
+      cleanupWorktree(worktreePath, branchName);
+      return;
+    }
+    if (branchAheadOfItsRemote(branchName, repoRoot)) {
+      const ok = await rescueUnpushedBranch(client, cardId, branchName, repoRoot);
+      if (!ok) {
+        skipBranchDelete = true;
+        log.error(TAG5, `Keeping local branch ${branchName} (push-rescue failed) to avoid orphaning its commit`);
+      }
+    }
+  }
+  cleanupWorktree(worktreePath, skipBranchDelete ? undefined : branchName);
+}
 function makeBranchName(shortId, title, prefix = "agent-attempts/") {
   const slug = title.toLowerCase().trim().replace(/[^\w\s-]/g, "").replace(/\s+/g, "-").replace(/-+/g, "-").replace(/^-+|-+$/g, "").slice(0, 40);
   return `${prefix}${shortId}-${slug || "task"}`;
@@ -3508,7 +3571,7 @@ async function runCompletion(client, card, branchName, worktreePath, config, wor
       failureSummary,
       ...buildTokenPayload(sessionStats)
     });
-    cleanupWorktree(worktreePath, branchName);
+    await teardownWorktree(client, card.id, worktreePath, branchName);
     return false;
   }
   log.info(TAG14, `Pushing branch ${branchName} (pre-verify)...`);
@@ -3590,7 +3653,7 @@ async function runCompletion(client, card, branchName, worktreePath, config, wor
         recoveryBranch: branchName,
         ...buildTokenPayload(sessionStats)
       });
-      cleanupWorktree(worktreePath, branchName);
+      await teardownWorktree(client, card.id, worktreePath, branchName);
       return false;
     }
     log.info(TAG14, `Verification passed for #${card.short_id}`);
@@ -3646,7 +3709,7 @@ async function runCompletion(client, card, branchName, worktreePath, config, wor
       log.warn(TAG14, `onBeforeWorktreeCleanup hook failed for #${card.short_id}: ${err instanceof Error ? err.message : err}`);
     }
   }
-  cleanupWorktree(worktreePath, branchName);
+  await teardownWorktree(client, card.id, worktreePath, branchName);
   log.info(TAG14, `Completion done for #${card.short_id}${prUrl ? ` — PR: ${prUrl}` : ""}`);
   return true;
 }
@@ -3966,6 +4029,7 @@ class SdkAgentRunner {
       cwd: input.cwd,
       model: input.model ?? this.cfg.model,
       allowedTools: allowed,
+      ...this.cfg.disallowedTools && this.cfg.disallowedTools.length > 0 ? { disallowedTools: this.cfg.disallowedTools } : {},
       tools: builtinTools,
       permissionMode: "dontAsk",
       maxTurns: this.cfg.maxTurns,
@@ -6917,7 +6981,7 @@ async function buildPrompt(enriched, branchName, worktreePath, client, workspace
       variant: "execute",
       customConstraints: `You are working in a git worktree at \`${worktreePath}\` on branch \`${branchName}\`.
 Do NOT push to main. All your work stays on \`${branchName}\`.
-When finished, call harmony_end_agent_session with status="completed".`
+The daemon owns the run lifecycle: once your work is committed it ends the agent session, pushes the branch, and moves the card to Review for you. Do NOT call harmony_end_agent_session, do NOT start a new session, and do NOT move the card or change its column yourself. If the skill driving this work tells you to move the card or end the session as a final step, SKIP it — it is handled for you (those tools are disabled for this run). Finish the implementation, commit, and stop.`
     });
     log.info(TAG27, `Generated prompt for #${card.short_id} — ${result.contextSummary.memoryCount} memories, ${result.tokenEstimate} tokens`);
     return result.prompt + pastEpisodesSection;
@@ -7027,7 +7091,7 @@ ${subtaskStr}
    Include a brief currentTask description.
 3. Implement the changes on branch \`${branchName}\`
 4. Commit your work with clear, descriptive commit messages
-5. When finished, call harmony_end_agent_session with status="completed"
+5. When the work is committed, STOP. The daemon owns the run lifecycle: it ends the agent session, pushes the branch, and moves the card to Review for you. Do NOT call harmony_end_agent_session, do NOT start a new session, and do NOT move the card or change its column yourself — those tools are disabled for this run.
 
 You are working in a git worktree at \`${worktreePath}\` on branch \`${branchName}\`.
 Do NOT push to main. All your work stays on \`${branchName}\`.`;
@@ -7076,7 +7140,7 @@ function firstErrorMessage(evaluation) {
   return e ? e.message : null;
 }
 async function advanceConvergeLoop(card, stage, stageIndex, def, evaluation, loop, deps) {
-  const hasExitGate = loop.exit_gate != null;
+  const hasExitGate = resolveLoopExitGate(stage, loop) != null;
   const gatePassed = hasExitGate ? evaluation?.passed ?? false : false;
   const gateResult = !hasExitGate ? "skipped" : gatePassed ? "passed" : "failed";
   const maxIterations = Math.max(1, Math.floor(loop.max_iterations) || 1);
@@ -7329,7 +7393,7 @@ function buildStagePreamble(stage) {
       lines.push(`Hand off when done: ${summary.trim()}`);
     }
   }
-  lines.push("Do only this stage's work. When the stage's handoff is met, end your session — advancement to the next stage is handled by the board.");
+  lines.push("Do only this stage's work, then stop. The daemon owns the run lifecycle here: it ends the agent session and performs every card move and stage advancement automatically once your stage work is done. Do NOT call `harmony_end_agent_session`, do NOT start a new session, and do NOT move the card or change its column yourself. If the skill driving this stage tells you to move the card (e.g. to Review) or end your session as a final step, SKIP that step — it is handled for you. Those tools are disabled for this run, so attempting them only wastes turns. Finish the stage's work and stop.");
   if (normalizeGateSpec(stage.gate)?.kind === "review_passed") {
     lines.push("", "**This stage's gate is `review_passed` — your deliverable is a review verdict, not a prose handoff.** Do NOT end the session until you have actually reviewed the change and emitted EXACTLY one JSON block as the LAST thing you output (nothing after it):", "```json", REVIEW_VERDICT_SCHEMA, "```", "Decision rules:", REVIEW_DECISION_RULES, "The board reads this verdict to decide advancement: `approved` advances the card, `rejected` sends it back. A missing or unparseable verdict blocks the card. Do NOT modify any code — this is a read-only review.");
   }
@@ -7342,6 +7406,13 @@ function buildSteeringPrompt(messages) {
   return messages.map((m, i) => `${i + 1}. ${m}`).join(`
 `);
 }
+function computeRunSpawnGating(stageAllowedTools) {
+  const denylist = stageDisallowedTools();
+  return {
+    ...stageAllowedTools ? { allowedTools: stageAllowedTools } : {},
+    ...denylist ? { disallowedTools: denylist } : {}
+  };
+}
 
 class Worker {
   config;
@@ -7370,6 +7441,7 @@ class Worker {
   timedOut = false;
   verificationFailed = false;
   held = false;
+  activeRunSpawnOpts = null;
   completionStarted = false;
   sessionId = null;
   runId = null;
@@ -7449,6 +7521,7 @@ class Worker {
     this.lastRunText = "";
     this.cliSessionId = null;
     this.lastDrainedSeq = 0;
+    this.activeRunSpawnOpts = null;
     this.cardId = card.id;
     this.startedAt = Date.now();
     this.runId = newRunId();
@@ -7569,9 +7642,10 @@ class Worker {
         this.timedOut = true;
         this.cancel();
       }, this.config.maxTimeout);
+      this.activeRunSpawnOpts = computeRunSpawnGating(stageCtx.kind === "run" ? stageCtx.allowedTools : null);
       await this.spawnClaude(prompt, card, subtasks, {
         model: this.selectImplementModel(card),
-        ...stageCtx.kind === "run" ? { allowedTools: stageCtx.allowedTools } : {}
+        ...this.activeRunSpawnOpts ?? {}
       });
       if (this.aborted)
         return;
@@ -7646,7 +7720,7 @@ class Worker {
       }
       if (this.worktreePath) {
         try {
-          cleanupWorktree(this.worktreePath, this.branchName ?? undefined);
+          await teardownWorktree(this.client, card.id, this.worktreePath, this.branchName ?? undefined);
         } catch {
           log.warn(this.tag, "Failed to cleanup worktree before requeue");
         }
@@ -7690,7 +7764,7 @@ class Worker {
       } else if (this.runId && this.timedOut) {
         if (this.worktreePath) {
           try {
-            cleanupWorktree(this.worktreePath, this.branchName ?? undefined);
+            await teardownWorktree(this.client, card.id, this.worktreePath, this.branchName ?? undefined);
           } catch {
             log.warn(this.tag, "Failed to cleanup worktree before requeue");
           }
@@ -7780,7 +7854,7 @@ class Worker {
           await this.cliRunner.flushFinal();
         } catch {}
       }
-      this.cleanup();
+      await this.cleanup();
       this.state = "idle";
       this.onDone(this);
     }
@@ -7906,7 +7980,7 @@ class Worker {
   async collectStageGateEvidence(card, stage, worktreePath, subtasks) {
     try {
       const loop = getStageLoop(stage);
-      const gateSource = isConvergeLoop(loop) ? loop?.exit_gate ?? null : stage.gate;
+      const gateSource = isConvergeLoop(loop) && loop ? resolveLoopExitGate(stage, loop) : stage.gate;
       const gate = normalizeGateSpec(gateSource);
       if (!gate) {
         return null;
@@ -8204,7 +8278,8 @@ class Worker {
         await this.spawnClaude(buildSteeringPrompt(messages.map((m) => m.text)), card, subtasks, {
           model: this.selectImplementModel(card),
           maxTurns: STEERING_MAX_TURNS,
-          resumeSessionId: this.cliSessionId
+          resumeSessionId: this.cliSessionId,
+          ...this.activeRunSpawnOpts ?? {}
         });
       } catch (err) {
         log.warn(this.tag, `Steering resume failed (non-fatal): ${err instanceof Error ? err.message : err}`);
@@ -8232,6 +8307,7 @@ class Worker {
         String(maxTurns),
         "--allowedTools",
         allowedTools,
+        ...opts.disallowedTools ? ["--disallowedTools", opts.disallowedTools] : [],
         ...opts.resumeSessionId ? ["--resume", opts.resumeSessionId] : [],
         ...this.config.claude.additionalArgs,
         "--",
@@ -8319,6 +8395,7 @@ class Worker {
     const model = opts.model ?? this.config.claude.model;
     const maxTurns = opts.maxTurns ?? this.config.claude.maxTurns;
     const allowedTools = (opts.allowedTools ?? IMPLEMENT_ALLOWED_TOOLS).split(",").map((t) => t.trim()).filter(Boolean);
+    const disallowedTools = opts.disallowedTools ? opts.disallowedTools.split(",").map((t) => t.trim()).filter(Boolean) : undefined;
     const initialPhase = opts.initialPhase ?? "exploring";
     const sdkCfg = this.config.sdk;
     log.info(this.tag, `Spawning Agent SDK runner (model=${model}, maxTurns=${maxTurns}${opts.resumeSessionId ? ", resume" : ""})`);
@@ -8338,6 +8415,7 @@ class Worker {
       model,
       maxTurns,
       allowedTools,
+      ...disallowedTools ? { disallowedTools } : {},
       maxBudgetUsd: sdkCfg?.maxBudgetUsd,
       settingSources: sdkCfg?.settingSources,
       mcpServers: sdkCfg?.mcpServers,
@@ -8404,7 +8482,7 @@ class Worker {
       throw err;
     }
   }
-  cleanup() {
+  async cleanup() {
     if (this.progressTracker) {
       this.progressTracker.stop();
       this.progressTracker = null;
@@ -8422,7 +8500,7 @@ class Worker {
     }
     if (this.worktreePath && (this.state === "error" || this.timedOut || this.aborted)) {
       try {
-        cleanupWorktree(this.worktreePath, this.branchName ?? undefined);
+        await teardownWorktree(this.client, this.cardId, this.worktreePath, this.branchName ?? undefined);
       } catch {
         log.warn(this.tag, "Failed to cleanup worktree");
       }
@@ -8903,7 +8981,7 @@ async function recoverRun(run, store, client, config, outcome) {
   }
   if (run.worktreePath) {
     try {
-      cleanupWorktree(run.worktreePath, run.branchName ?? undefined);
+      await teardownWorktree(client, run.cardId, run.worktreePath, run.branchName ?? undefined);
       outcome.actions.push("cleaned up worktree");
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gethmy/agent",
-  "version": "1.15.0",
+  "version": "1.16.0",
   "description": "Push-based agent daemon for Harmony — watches board assignments and spawns Claude CLI workers",
   "type": "module",
   "main": "dist/index.js",