@gotgenes/pi-subagents 7.8.1 → 9.0.0

package/src/config/custom-agents.ts

@@ -58,8 +58,7 @@ function loadFromDir(dir: string, agents: Map<string, AgentConfig>, source: "pro
       displayName: str(fm.display_name),
       description: str(fm.description) ?? name,
       builtinToolNames: csvList(fm.tools, BUILTIN_TOOL_NAMES),
-      disallowedTools: csvListOptional(fm.disallowed_tools),
-      extensions: inheritField(fm.extensions ?? fm.inherit_extensions),
+      extensions: resolveBoolExtensions(fm.extensions ?? fm.inherit_extensions),
       skills: inheritField(fm.skills ?? fm.inherit_skills),
       model: str(fm.model),
       thinking: str(fm.thinking) as ThinkingLevel | undefined,
@@ -111,11 +110,19 @@ function csvList(val: unknown, defaults: string[]): string[] {
 }
 
 /**
- * Parse an optional comma-separated list field.
- * omitted → undefined; "none"/empty → undefined; csv → listed items.
+ * Resolve the `extensions` field to a boolean.
+ * CSV/array values (legacy allowlist syntax) are coerced to `true` with a warning.
  */
-function csvListOptional(val: unknown): string[] | undefined {
-  return parseCsvField(val);
+function resolveBoolExtensions(val: unknown): boolean {
+  const result = inheritField(val);
+  if (Array.isArray(result)) {
+    console.warn(
+      "[pi-subagents] extensions allowlist syntax is deprecated — treating as \"true\" (inherit all).\n" +
+        "Use \"permission:\" frontmatter in pi-permission-system for per-tool access control.",
+    );
+    return true;
+  }
+  return result;
 }
 
 /**

package/src/lifecycle/agent-runner.ts

@@ -22,7 +22,7 @@ import type { ShellExec, SubagentType, ThinkingLevel } from "#src/types";
 const EXCLUDED_TOOL_NAMES = ["Agent", "get_subagent_result", "steer_subagent"];
 
 /**
- * Filter the session's active tool names according to extension/denylist rules.
+ * Filter the session's active tool names according to extension rules.
  *
  * Run twice - once before `bindExtensions` (filters built-in tools) and once after
  * (filters extension-registered tools, which only join the active set during
@@ -36,20 +36,14 @@ function filterActiveTools(
   activeTools: string[],
   config: ToolFilterConfig,
 ): string[] {
-  const { toolNames, extensions, disallowedSet } = config;
-  if (extensions === false) {
-    // Extensions disabled: only apply the denylist to built-in tools.
-    if (!disallowedSet) return activeTools;
-    return activeTools.filter((t) => !disallowedSet.has(t));
+  const { toolNames, extensions } = config;
+  if (!extensions) {
+    return activeTools;
   }
   const builtinToolNameSet = new Set(toolNames);
   return activeTools.filter((t) => {
     if (EXCLUDED_TOOL_NAMES.includes(t)) return false;
-    if (disallowedSet?.has(t)) return false;
     if (builtinToolNameSet.has(t)) return true;
-    if (Array.isArray(extensions)) {
-      return extensions.some((ext) => t.startsWith(ext) || t.includes(ext));
-    }
     return true;
   });
 }
@@ -302,7 +296,7 @@ export async function runAgent(
 
   const agentDir = io.getAgentDir();
 
-  // Load extensions/skills: true or string[] → load; false → don't.
+  // Load extensions/skills: true → load; false → don't.
   // Suppress AGENTS.md/CLAUDE.md and APPEND_SYSTEM.md - upstream's
   // buildSystemPrompt() re-appends both AFTER systemPromptOverride, which
   // would defeat prompt_mode: replace and isolated: true. Parent context, if
@@ -311,7 +305,7 @@ export async function runAgent(
   const loader = io.createResourceLoader({
     cwd: cfg.effectiveCwd,
     agentDir,
-    noExtensions: cfg.toolFilter.extensions === false,
+    noExtensions: !cfg.toolFilter.extensions,
     noSkills: cfg.noSkills,
     noPromptTemplates: true,
     noThemes: true,
@@ -340,10 +334,9 @@ export async function runAgent(
     thinkingLevel: cfg.thinkingLevel,
   });
 
-  // Filter active tools: remove our own tools to prevent nesting,
-  // apply extension allowlist if specified, and apply disallowedTools denylist.
+  // Filter active tools: remove our own tools to prevent nesting.
   // First pass - over built-in tools, before bindExtensions registers extension tools.
-  if (cfg.toolFilter.extensions !== false || cfg.toolFilter.disallowedSet) {
+  if (cfg.toolFilter.extensions) {
     const filtered = filterActiveTools(session.getActiveToolNames(), cfg.toolFilter);
     session.setActiveToolsByName(filtered);
   }
@@ -366,10 +359,9 @@ export async function runAgent(
   // Patch 2 (RepOne #443): re-filter active tools after bindExtensions.
   // Extension-registered tools (added during bindExtensions) are not in the
   // session's active set when the first filter pass runs above. Without this
-  // re-filter, the `extensions: string[]` allowlist branch never matches any
-  // extension tools and `extensions: true` lets non-allowlisted denylist
-  // entries slip in. Run the same filter against the post-bind active set.
-  if (cfg.toolFilter.extensions !== false || cfg.toolFilter.disallowedSet) {
+  // re-filter, EXCLUDED_TOOL_NAMES would not be applied to extension-registered
+  // tools. Run the same filter against the post-bind active set.
+  if (cfg.toolFilter.extensions) {
     const refiltered = filterActiveTools(session.getActiveToolNames(), cfg.toolFilter);
     session.setActiveToolsByName(refiltered);
   }

package/src/session/session-config.ts

@@ -21,16 +21,14 @@ import type { AgentPromptConfig, SubagentType, ThinkingLevel } from "#src/types"
 /**
  * Tool filtering configuration — consumed by `filterActiveTools` in `agent-runner.ts`.
  *
- * Groups the three fields that travel together through the assembly→runner boundary:
- * the built-in tool allowlist, the optional denylist, and the extensions setting.
+ * Groups the two fields that travel together through the assembly→runner boundary:
+ * the built-in tool allowlist and the extensions setting.
  */
 export interface ToolFilterConfig {
   /** Built-in tool name allowlist for this agent type. */
   toolNames: string[];
-  /** Disallowed tool set from agentConfig. undefined when empty. */
-  disallowedSet: Set<string> | undefined;
-  /** Resolved extensions setting: false | true | string[] allowlist. */
-  extensions: boolean | string[];
+  /** Resolved extensions setting: true = inherit all, false = none. */
+  extensions: boolean;
 }
 
 /**
@@ -210,11 +208,6 @@ export function assembleSessionConfig(
   // tell the resource loader not to load them again.
   const noSkills = skills === false || Array.isArray(skills);
 
-  // Disallowed tools set (for filterActiveTools in runAgent)
-  const disallowedSet = agentConfig.disallowedTools
-    ? new Set(agentConfig.disallowedTools)
-    : undefined;
-
   // Model resolution: explicit option > config model string > parent model
   const model =
     options.model ??
@@ -229,7 +222,7 @@ export function assembleSessionConfig(
   return {
     effectiveCwd,
     systemPrompt,
-    toolFilter: { toolNames, disallowedSet, extensions },
+    toolFilter: { toolNames, extensions },
     model,
     thinkingLevel,
     noSkills,

package/src/types.ts

@@ -42,10 +42,8 @@ export interface AgentPromptConfig {
 /** Unified agent configuration — used for both default and user-defined agents. */
 export interface AgentConfig extends AgentIdentity, AgentPromptConfig {
   builtinToolNames?: string[];
-  /** Tool denylist — these tools are removed even if `builtinToolNames` or extensions include them. */
-  disallowedTools?: string[];
-  /** true = inherit all, string[] = only listed, false = none */
-  extensions: true | string[] | false;
+  /** true = inherit all extensions, false = none */
+  extensions: boolean;
   /** true = inherit all, string[] = only listed, false = none */
   skills: true | string[] | false;
   model?: string;

package/src/ui/agent-config-editor.ts

@@ -47,14 +47,10 @@ export function buildEjectContent(cfg: AgentConfig): string {
   if (cfg.thinking) fmFields.push(`thinking: ${cfg.thinking}`);
   if (cfg.maxTurns) fmFields.push(`max_turns: ${cfg.maxTurns}`);
   fmFields.push(`prompt_mode: ${cfg.promptMode}`);
-  if (cfg.extensions === false) fmFields.push("extensions: false");
-  else if (Array.isArray(cfg.extensions))
-    fmFields.push(`extensions: ${cfg.extensions.join(", ")}`);
+  if (!cfg.extensions) fmFields.push("extensions: false");
   if (cfg.skills === false) fmFields.push("skills: false");
   else if (Array.isArray(cfg.skills))
     fmFields.push(`skills: ${cfg.skills.join(", ")}`);
-  if (cfg.disallowedTools?.length)
-    fmFields.push(`disallowed_tools: ${cfg.disallowedTools.join(", ")}`);
   if (cfg.inheritContext) fmFields.push("inherit_context: true");
   if (cfg.runInBackground) fmFields.push("run_in_background: true");
   if (cfg.isolated) fmFields.push("isolated: true");

package/src/ui/agent-creation-wizard.ts

@@ -104,9 +104,8 @@ model: <optional model as "provider/modelId", e.g. "anthropic/claude-haiku-4-5-2
 thinking: <optional thinking level: off, minimal, low, medium, high, xhigh. Omit to inherit>
 max_turns: <optional max agentic turns. 0 or omit for unlimited (default)>
 prompt_mode: <"replace" (body IS the full system prompt) or "append" (body is appended to default prompt). Default: replace>
-extensions: <true (inherit all MCP/extension tools), false (none), or comma-separated names. Default: true>
+extensions: <true (inherit all MCP/extension tools) or false (none). Default: true>
 skills: <true (inherit all), false (none), or comma-separated skill names to preload into prompt. Default: true>
-disallowed_tools: <comma-separated tool names to block, even if otherwise available. Omit for none>
 inherit_context: <true to fork parent conversation into agent so it sees chat history. Default: false>
 run_in_background: <true to run in background by default. Default: false>
 isolated: <true for no extension/MCP tools, only built-in tools. Default: false>