a2acalling 0.6.51 → 0.6.53

package/src/lib/conversation-driver.js

@@ -128,6 +128,12 @@ class ConversationDriver {
     this.maxTurns = options.maxTurns || 30;
     this.onTurn = options.onTurn || null;
     this.tier = options.tier || 'public';
+    // Optional permission envelope for runtimes (primarily Claude mode).
+    // If provided by caller, this keeps tool allowlists variable per token/profile.
+    this.capabilities = Array.isArray(options.capabilities) ? options.capabilities : [];
+    this.allowedTopics = Array.isArray(options.allowedTopics) ? options.allowedTopics : [];
+    this.allowedGoals = Array.isArray(options.allowedGoals) ? options.allowedGoals : [];
+    this.allowedTools = Array.isArray(options.allowedTools) ? options.allowedTools : [];
     this.summarizer = options.summarizer || null;
     this.ownerContext = options.ownerContext || {};
     this.claudeMode = options.runtime?.mode === 'claude';
@@ -225,8 +231,11 @@ class ConversationDriver {
       // Try runtime.summarize if available (OpenClaw path)
       if (typeof runtime.summarize === 'function') {
         try {
+          const summarySessionId = this.lastConversationId
+            ? `a2a-${this.lastConversationId}`
+            : `summary-${Date.now()}`;
           return await runtime.summarize({
-            sessionId: `summary-${Date.now()}`,
+            sessionId: summarySessionId,
             prompt,
             messages,
             callerInfo: { name: agentContext.name, owner: agentContext.owner },
@@ -407,7 +416,14 @@ class ConversationDriver {
         tier: this.tier,
         ownerName: this.agentContext.owner,
         agentName: this.agentContext.name,
-        roleContext: 'You initiated this call.'
+        roleContext: 'You initiated this call.',
+        capabilities: this.capabilities,
+        allowedTopics: this.allowedTopics,
+        allowed_topics: this.allowedTopics,
+        allowedGoals: this.allowedGoals,
+        allowed_goals: this.allowedGoals,
+        allowedTools: this.allowedTools,
+        allowed_tools: this.allowedTools
       };
       if (this.claudeMode) {
         contextPayload.turnCount = turn + 1;

package/src/lib/disclosure.js

@@ -18,6 +18,17 @@ const MANIFEST_FILE = path.join(CONFIG_DIR, 'a2a-disclosure.json');
 const TIER_HIERARCHY = ['public', 'friends', 'family'];
 const logger = createLogger({ component: 'a2a.disclosure' });
 const SKIP_FILES = new Set(['heartbeat', 'skill', 'claude']);
+const CANONICAL_TOOL_NAMES = ['Bash', 'Bash(readonly)', 'Read', 'Grep', 'Glob', 'WebSearch', 'WebFetch'];
+const TOOL_NAME_MAP = {
+  bash: 'Bash',
+  'bash(readonly)': 'Bash(readonly)',
+  'bash-readonly': 'Bash(readonly)',
+  read: 'Read',
+  grep: 'Grep',
+  glob: 'Glob',
+  websearch: 'WebSearch',
+  webfetch: 'WebFetch'
+};
 
 function normalizeTopic(raw) {
   return String(raw || '').trim();
@@ -68,6 +79,26 @@ function dedupeDoNotDiscuss(items) {
   return out;
 }
 
+function dedupeStringList(items, maxLength = 80) {
+  if (!Array.isArray(items)) return [];
+  const seen = new Set();
+  const out = [];
+  for (const item of items) {
+    const normalized = normalizeTopic(item).slice(0, maxLength);
+    if (!normalized) continue;
+    const key = normalized.toLowerCase();
+    if (seen.has(key)) continue;
+    seen.add(key);
+    out.push(normalized);
+  }
+  return out;
+}
+
+function normalizeToolName(value) {
+  const key = normalizeTopic(value).toLowerCase();
+  return TOOL_NAME_MAP[key] || null;
+}
+
 function parseTopicLine(rawLine) {
   const line = normalizeTopic(rawLine);
   if (!line) return null;
@@ -148,7 +179,7 @@ function saveManifest(manifest) {
  * Get topics for a given tier, merged down the hierarchy.
  * family gets everything, friends gets friends+public, public gets public only.
  *
- * Returns { topics, objectives, do_not_discuss, never_disclose }
+ * Returns { topics, objectives, do_not_discuss, never_disclose, allowed_tools }
  */
 function getTopicsForTier(tier) {
   const manifest = loadManifest();
@@ -167,7 +198,8 @@ function getTopicsForTier(tier) {
     topics: [],
     objectives: [],
     do_not_discuss: [],
-    never_disclose: manifest.never_disclose || []
+    never_disclose: manifest.never_disclose || [],
+    allowed_tools: []
   };
 
   for (const t of tiersToMerge) {
@@ -175,6 +207,7 @@ function getTopicsForTier(tier) {
     if (tierData.topics) merged.topics.push(...tierData.topics);
     if (tierData.objectives) merged.objectives.push(...tierData.objectives);
     if (tierData.do_not_discuss) merged.do_not_discuss.push(...tierData.do_not_discuss);
+    if (tierData.allowed_tools) merged.allowed_tools.push(...tierData.allowed_tools);
   }
 
   // Remove do_not_discuss items that appear in topics (higher tiers promote them)
@@ -185,6 +218,7 @@ function getTopicsForTier(tier) {
   merged.topics = dedupeByTopic(merged.topics);
   merged.objectives = dedupeByObjective(merged.objectives);
   merged.do_not_discuss = dedupeDoNotDiscuss(merged.do_not_discuss);
+  merged.allowed_tools = dedupeStringList(merged.allowed_tools, 80);
 
   return merged;
 }
@@ -212,6 +246,9 @@ function formatTopicsForPrompt(tierTopics) {
     topics: formatTopicList(tierTopics.topics),
     objectives: formatObjectiveList(tierTopics.objectives),
     doNotDiscuss: formatDoNotDiscuss(tierTopics.do_not_discuss),
+    allowedTools: tierTopics.allowed_tools?.length
+      ? tierTopics.allowed_tools.map(item => `  - ${item}`).join('\n')
+      : '  (none specified)',
     neverDisclose: tierTopics.never_disclose?.length
       ? tierTopics.never_disclose.map(item => `  - ${item}`).join('\n')
       : '  (none specified)'
@@ -274,10 +311,11 @@ function generateDefaultManifest(contextFiles = {}) {
         public: {
           topics: [{ topic: 'What I do', description: 'Brief professional description' }],
           objectives: [{ objective: 'Networking', description: 'Connect with others in the field' }],
-          do_not_discuss: [{ topic: 'Personal details', reason: 'Redirect to direct owner contact' }]
+          do_not_discuss: [{ topic: 'Personal details', reason: 'Redirect to direct owner contact' }],
+          allowed_tools: ['Read', 'Grep', 'Glob']
         },
-        friends: { topics: [], objectives: [], do_not_discuss: [] },
-        family: { topics: [], objectives: [], do_not_discuss: [] }
+        friends: { topics: [], objectives: [], do_not_discuss: [], allowed_tools: ['Bash(readonly)', 'Read', 'Grep', 'Glob', 'WebSearch', 'WebFetch'] },
+        family: { topics: [], objectives: [], do_not_discuss: [], allowed_tools: ['Bash', 'Read', 'Grep', 'Glob', 'WebSearch', 'WebFetch'] }
       },
       never_disclose: ['API keys', 'Other users\' data', 'Financial figures'],
       personality_notes: 'Direct and technical. Prefers depth over breadth.'
@@ -321,17 +359,20 @@ function generateDefaultManifest(contextFiles = {}) {
         objectives: publicObjectives.length > 0 ? publicObjectives : [
           { objective: 'Grow network', description: 'Connect with others working on similar problems' }
         ],
-        do_not_discuss: [{ topic: 'Personal details', reason: 'Redirect to direct owner contact' }]
+        do_not_discuss: [{ topic: 'Personal details', reason: 'Redirect to direct owner contact' }],
+        allowed_tools: ['Read', 'Grep', 'Glob']
       },
       friends: {
         topics: friendsTopics,
         objectives: friendsObjectives,
-        do_not_discuss: []
+        do_not_discuss: [],
+        allowed_tools: ['Bash(readonly)', 'Read', 'Grep', 'Glob', 'WebSearch', 'WebFetch']
       },
       family: {
         topics: familyTopics,
         objectives: [],
-        do_not_discuss: []
+        do_not_discuss: [],
+        allowed_tools: ['Bash', 'Read', 'Grep', 'Glob', 'WebSearch', 'WebFetch']
       }
     },
     never_disclose: ['API keys', 'Other users\' data', 'Financial figures'],
@@ -385,7 +426,7 @@ function validateDisclosureSubmission(data) {
     errors.push(`Unknown tiers: ${extraTiers.join(', ')} — only public, friends, family are allowed`);
   }
 
-  const LIST_LIMITS = { topics: 15, objectives: 8, do_not_discuss: 10 };
+  const LIST_LIMITS = { topics: 15, objectives: 8, do_not_discuss: 10, allowed_tools: 12 };
 
   for (const tier of TIER_HIERARCHY) {
     const tierData = tiersData[tier];
@@ -455,6 +496,28 @@ function validateDisclosureSubmission(data) {
         }
       }
     }
+
+    // Validate allowed_tools array
+    if (tierData.allowed_tools !== undefined) {
+      if (!Array.isArray(tierData.allowed_tools)) {
+        errors.push(`tiers.${tier}.allowed_tools must be an array`);
+      } else {
+        if (tierData.allowed_tools.length > LIST_LIMITS.allowed_tools) {
+          errors.push(`tiers.${tier}.allowed_tools has ${tierData.allowed_tools.length} items — max ${LIST_LIMITS.allowed_tools}`);
+        }
+        for (let i = 0; i < tierData.allowed_tools.length; i++) {
+          const raw = tierData.allowed_tools[i];
+          if (typeof raw !== 'string') {
+            errors.push(`tiers.${tier}.allowed_tools[${i}] must be a string`);
+            continue;
+          }
+          const canonical = normalizeToolName(raw);
+          if (!canonical) {
+            errors.push(`tiers.${tier}.allowed_tools[${i}] invalid tool "${raw}" (allowed: ${CANONICAL_TOOL_NAMES.join(', ')})`);
+          }
+        }
+      }
+    }
   }
 
   // Validate never_disclose (optional, defaults to sensible list)
@@ -506,7 +569,11 @@ function validateDisclosureSubmission(data) {
       do_not_discuss: (tiersData[tier].do_not_discuss || []).map(item => ({
         topic: item.topic,
         reason: item.reason || ''
-      }))
+      })),
+      allowed_tools: dedupeStringList(
+        (tiersData[tier].allowed_tools || []).map(tool => normalizeToolName(tool)).filter(Boolean),
+        80
+      )
     };
   }
 
@@ -620,17 +687,20 @@ Use ALL available context to build a reasonable disclosure profile. If truly not
       ],
       "do_not_discuss": [
         { "topic": "Topic to avoid", "reason": "Why this should be redirected" }
-      ]
+      ],
+      "allowed_tools": ["Read", "Grep", "Glob"]
     },
     "friends": {
       "topics": [],
       "objectives": [],
-      "do_not_discuss": []
+      "do_not_discuss": [],
+      "allowed_tools": ["Bash(readonly)", "Read", "Grep", "Glob", "WebSearch", "WebFetch"]
     },
     "family": {
       "topics": [],
       "objectives": [],
-      "do_not_discuss": []
+      "do_not_discuss": [],
+      "allowed_tools": ["Bash", "Read", "Grep", "Glob", "WebSearch", "WebFetch"]
     }
   },
   "never_disclose": ["API keys", "Credentials", "Financial figures"],
@@ -673,6 +743,12 @@ Family callers see everything. Friends see friends + public. Public callers see
 - Sensitive subjects
 - Max 3 per tier
 
+**allowed_tools** — Tools this tier can use during calls:
+- Choose only the minimum tools needed for that tier's topics/objectives
+- Use exact tool names: Bash, Bash(readonly), Read, Grep, Glob, WebSearch, WebFetch
+- Public should usually stay read-only
+- Family can include broader tooling when justified
+
 Also identify:
 - **never_disclose** — information that should NEVER be shared regardless of tier (API keys, credentials, financial data, etc.)
 - **personality_notes** — a 1-2 sentence description of the owner's communication style

package/src/lib/runtime-adapter.js

@@ -12,7 +12,12 @@
 
 const { execSync, spawnSync } = require('child_process');
 const { createLogger } = require('./logger');
-const { runClaudeTurn: invokeClaudeTurn, buildSubagentSystemPrompt, runClaudeSummary } = require('./claude-subagent');
+const {
+  runClaudeTurn: invokeClaudeTurn,
+  buildSubagentSystemPrompt,
+  runClaudeSummary,
+  resolveClaudeAllowedTools
+} = require('./claude-subagent');
 const { getTopicsForTier, formatTopicsForPrompt, loadManifest } = require('./disclosure');
 const { HARD_FALLBACK_TURN_TIMEOUT_MS } = require('./turn-timeout');
 
@@ -149,7 +154,9 @@ function createRuntimeAdapter(options = {}) {
     }
   });
 
-  // Claude subagent session tracking
+  // Claude state tracking.
+  // Design decision (A2A-29): we keep per-conversation state for prompt/metadata
+  // continuity, but Claude execution itself is stateless (no `--resume`).
   const claudeSessions = new Map();
 
   async function runClaudeTurnAdapter({ sessionId, message, caller, context, timeoutMs }) {
@@ -166,7 +173,29 @@ function createRuntimeAdapter(options = {}) {
       const tierTopics = getTopicsForTier(context?.tier || 'public');
       const formatted = formatTopicsForPrompt(tierTopics);
 
-      const systemPrompt = buildSubagentSystemPrompt({
+      session = {
+        systemPrompt: '',
+        turnCount: 0,
+        lastMeta: null,
+        // Keep a permission snapshot so summary runs with the same policy envelope.
+        permissionSnapshot: {
+          capabilities: Array.isArray(context?.capabilities) ? context.capabilities : [],
+          allowedTopics: Array.isArray(context?.allowedTopics || context?.allowed_topics)
+            ? (context?.allowedTopics || context?.allowed_topics)
+            : [],
+          allowedTools: Array.isArray(context?.allowedTools || context?.allowed_tools)
+            ? (context?.allowedTools || context?.allowed_tools)
+            : []
+        }
+      };
+
+      const sessionAllowedTools = resolveClaudeAllowedTools({
+        capabilities: session.permissionSnapshot.capabilities,
+        allowedTopics: session.permissionSnapshot.allowedTopics,
+        allowedTools: session.permissionSnapshot.allowedTools
+      });
+
+      session.systemPrompt = buildSubagentSystemPrompt({
         agentName: context?.agentName || 'Agent',
         ownerName: context?.ownerName || 'the owner',
         otherAgentName: caller?.name || 'Remote Agent',
@@ -177,10 +206,10 @@ function createRuntimeAdapter(options = {}) {
         doNotDiscuss: formatted.doNotDiscuss,
         neverDisclose: formatted.neverDisclose,
         personalityNotes: manifest.personality_notes || '',
-        roleContext: context?.roleContext || ''
+        roleContext: context?.roleContext || '',
+        allowedTools: sessionAllowedTools
       });
 
-      session = { claudeSessionId: null, systemPrompt, turnCount: 0, lastMeta: null };
       claudeSessions.set(sessionId, session);
     }
 
@@ -199,7 +228,6 @@ function createRuntimeAdapter(options = {}) {
     });
 
     const result = await invokeClaudeTurn({
-      sessionId: session.claudeSessionId,
       systemPrompt: session.systemPrompt,
       turnMessage: message,
       turn: session.turnCount,
@@ -209,12 +237,27 @@ function createRuntimeAdapter(options = {}) {
       activeThreads: context?.activeThreads || [],
       candidateCollaborations: context?.candidateCollaborations || [],
       closeSignal: context?.closeSignal || false,
+      capabilities: Array.isArray(context?.capabilities)
+        ? context.capabilities
+        : (session.permissionSnapshot?.capabilities || []),
+      allowedTopics: Array.isArray(context?.allowedTopics || context?.allowed_topics)
+        ? (context?.allowedTopics || context?.allowed_topics)
+        : (session.permissionSnapshot?.allowedTopics || []),
+      allowedTools: Array.isArray(context?.allowedTools || context?.allowed_tools)
+        ? (context?.allowedTools || context?.allowed_tools)
+        : (session.permissionSnapshot?.allowedTools || []),
       timeoutMs: timeoutMs || HARD_FALLBACK_TURN_TIMEOUT_MS
     });
 
-    // Store session ID from first turn for subsequent --resume
-    if (result.sessionId) {
-      session.claudeSessionId = result.sessionId;
+    // Update permission snapshot if the caller supplied explicit context this turn.
+    if (Array.isArray(context?.capabilities)) {
+      session.permissionSnapshot.capabilities = context.capabilities;
+    }
+    if (Array.isArray(context?.allowedTopics || context?.allowed_topics)) {
+      session.permissionSnapshot.allowedTopics = context?.allowedTopics || context?.allowed_topics;
+    }
+    if (Array.isArray(context?.allowedTools || context?.allowed_tools)) {
+      session.permissionSnapshot.allowedTools = context?.allowedTools || context?.allowed_tools;
     }
 
     // Store flags/state for retrieval via getLastTurnMeta
@@ -385,20 +428,33 @@ function createRuntimeAdapter(options = {}) {
     const requestId = callerInfo?.request_id || callerInfo?.requestId;
     const effectiveConversationId = conversationId || callerInfo?.conversation_id || callerInfo?.conversationId;
 
-    // Claude mode: use the subagent session for summarization
+    // Claude mode: stateless summary invocation (no session restore dependency).
     if (modeInfo.mode === 'claude') {
       const session = claudeSessions.get(sessionId);
-      if (session?.claudeSessionId) {
-        const result = await runClaudeSummary(
-          session.claudeSessionId,
-          'conversation ended',
-          timeoutMs || HARD_FALLBACK_TURN_TIMEOUT_MS
-        );
-        if (result && result.summary) {
-          return result;
-        }
+      const capabilities = session?.permissionSnapshot?.capabilities
+        || callerInfo?.capabilities
+        || [];
+      const allowedTopics = session?.permissionSnapshot?.allowedTopics
+        || callerInfo?.allowedTopics
+        || callerInfo?.allowed_topics
+        || [];
+      const allowedTools = session?.permissionSnapshot?.allowedTools
+        || callerInfo?.allowedTools
+        || callerInfo?.allowed_tools
+        || [];
+
+      const result = await runClaudeSummary({
+        prompt,
+        reason: 'conversation ended',
+        capabilities,
+        allowedTopics,
+        allowedTools,
+        timeoutMs: timeoutMs || HARD_FALLBACK_TURN_TIMEOUT_MS
+      });
+      if (result && result.summary) {
+        return result;
       }
-      throw new Error('Claude summary session not available or returned empty result');
+      throw new Error('Claude summary returned empty result');
     }
 
     if (modeInfo.mode !== 'openclaw') {

package/src/lib/tokens.js

@@ -201,6 +201,7 @@ class TokenStore {
       // Snapshot of actual capabilities at creation time
       allowedTopics = null,  // Array of topic strings, e.g. ['chat', 'calendar.read']
       allowedGoals = null,   // Array of goal strings, e.g. ['grow-network', 'find-collaborators']
+      allowedTools = null,   // Array of tool names, e.g. ['Read', 'Grep', 'Glob']
       tierSettings = null,   // Object with tier-specific settings
       timeoutMs = null
     } = options;
@@ -246,6 +247,14 @@ class TokenStore {
       'custom': configTiers.custom?.goals || []
     };
 
+    // Default tool allowlist based on tier label (snapshot at creation).
+    const defaultTools = {
+      'public': configTiers.public?.allowed_tools || TokenStore.DEFAULT_ALLOWED_TOOLS.public,
+      'friends': configTiers.friends?.allowed_tools || TokenStore.DEFAULT_ALLOWED_TOOLS.friends,
+      'family': configTiers.family?.allowed_tools || TokenStore.DEFAULT_ALLOWED_TOOLS.family,
+      'custom': configTiers.custom?.allowed_tools || TokenStore.DEFAULT_ALLOWED_TOOLS.custom
+    };
+
     // Resolve capabilities: explicit > config > defaults
     const defaultCapabilities = (configTiers[tier]?.capabilities?.length)
       ? configTiers[tier].capabilities
@@ -261,6 +270,7 @@ class TokenStore {
       capabilities: capabilities || defaultCapabilities,
       allowed_topics: allowedTopics || defaultTopics[tier] || ['chat'],
       allowed_goals: allowedGoals || defaultGoals[tier] || [],
+      allowed_tools: allowedTools || defaultTools[tier] || TokenStore.DEFAULT_ALLOWED_TOOLS.public,
       timeout_ms: parsePositiveTimeoutMs(timeoutMs),
       tier_settings: tierSettings || {},  // Snapshot of settings at creation
       disclosure,
@@ -346,6 +356,7 @@ class TokenStore {
       capabilities,
       allowed_topics: record.allowed_topics || ['chat'],
       allowed_goals: record.allowed_goals || [],
+      allowed_tools: record.allowed_tools || TokenStore.DEFAULT_ALLOWED_TOOLS[tier] || TokenStore.DEFAULT_ALLOWED_TOOLS.public,
       timeout_ms: timeoutMs,
       tier_settings: record.tier_settings || {},
       disclosure: record.disclosure,
@@ -777,4 +788,11 @@ TokenStore.DEFAULT_CAPABILITIES = {
   'custom': ['context-read']
 };
 
+TokenStore.DEFAULT_ALLOWED_TOOLS = {
+  'public': ['Read', 'Grep', 'Glob'],
+  'friends': ['Bash(readonly)', 'Read', 'Grep', 'Glob', 'WebSearch', 'WebFetch'],
+  'family': ['Bash', 'Read', 'Grep', 'Glob', 'WebSearch', 'WebFetch'],
+  'custom': ['Read', 'Grep', 'Glob']
+};
+
 module.exports = { TokenStore };

package/src/routes/a2a.js

@@ -347,6 +347,8 @@ function createRoutes(options = {}) {
       tier: validation.tier,
       capabilities: validation.capabilities,
       allowed_topics: validation.allowed_topics,
+      allowed_goals: validation.allowed_goals,
+      allowed_tools: validation.allowed_tools,
       timeout_ms: validation.timeout_ms,
       disclosure: validation.disclosure,
       caller: sanitizedCaller,
@@ -390,6 +392,11 @@ function createRoutes(options = {}) {
         if (monitor) {
           monitor.trackActivity(a2aContext.conversation_id, {
             ...sanitizedCaller,
+            tier: validation.tier,
+            capabilities: validation.capabilities,
+            allowed_topics: validation.allowed_topics,
+            allowed_goals: validation.allowed_goals,
+            allowed_tools: validation.allowed_tools,
             trace_id: traceId,
             request_id: requestId
           });

package/src/routes/dashboard.js

@@ -170,16 +170,18 @@ function parseTopicObjects(values) {
   return cleaned;
 }
 
-function formatInviteMessage({ owner, agentName, inviteUrl, topics, goals, expiresText }) {
+function formatInviteMessage({ owner, agentName, inviteUrl, topics, goals, tools, expiresText }) {
   const ownerText = owner || 'Someone';
   const topicsList = topics.length > 0 ? topics.join(' · ') : 'chat';
   const goalsList = (goals || []).join(' · ');
+  const toolsList = (tools || []).join(' · ');
   const expirationLine = expiresText === 'never' ? '' : `\n⏰ ${expiresText}`;
   return `📞🗣️ **Agent-to-Agent Call Invite**
 
 👤 **${ownerText}** would like your agent to call **${agentName}** and explore where our owners might collaborate.
 
 💬 ${topicsList}${goalsList ? `\n🎯 ${goalsList}` : ''}
+${toolsList ? `\n🧰 ${toolsList}` : ''}
 
 ${inviteUrl}${expirationLine}
 
@@ -1271,6 +1273,7 @@ function createDashboardApiRouter(options = {}) {
         name: configTier.name || tierId,
         description: configTier.description || '',
         capabilities: configTier.capabilities || [],
+        allowed_tools: sanitizeStringArray(configTier.allowed_tools || [], 30, 80),
         topics: sanitizeStringArray(configTier.topics || []),
         goals: sanitizeStringArray(configTier.goals || []),
         disclosure: configTier.disclosure || 'minimal',
@@ -1309,6 +1312,7 @@ function createDashboardApiRouter(options = {}) {
     if (body.description !== undefined) update.description = sanitizeString(body.description, 300);
     if (body.disclosure !== undefined) update.disclosure = sanitizeString(body.disclosure, 40) || 'minimal';
     if (body.capabilities !== undefined) update.capabilities = sanitizeStringArray(body.capabilities, 100, 120);
+    if (body.allowed_tools !== undefined) update.allowed_tools = sanitizeStringArray(body.allowed_tools, 30, 80);
     if (body.examples !== undefined) update.examples = sanitizeStringArray(body.examples, 20, 120);
     if (body.topics !== undefined) update.topics = sanitizeStringArray(body.topics, 200, 160);
     if (body.goals !== undefined) update.goals = sanitizeStringArray(body.goals, 200, 160);
@@ -1368,6 +1372,7 @@ function createDashboardApiRouter(options = {}) {
           name: sanitizeString(body.name || tierId, 120),
           description: sanitizeString(body.description || 'Custom tier', 300),
           capabilities: sanitizeStringArray(body.capabilities || []),
+          allowed_tools: sanitizeStringArray(body.allowed_tools || [], 30, 80),
           topics: sanitizeStringArray(body.topics || []),
           goals: sanitizeStringArray(body.goals || []),
           disclosure: sanitizeString(body.disclosure || 'minimal', 40),
@@ -1464,6 +1469,7 @@ function createDashboardApiRouter(options = {}) {
 
     const allowedTopics = sanitizeStringArray(body.topics || tier.topics || []);
     const allowedGoals = sanitizeStringArray(body.goals || tier.goals || []);
+    const allowedTools = sanitizeStringArray(body.tools || body.allowed_tools || tier.allowed_tools || [], 30, 80);
     const { token, record } = context.tokenStore.create({
       name,
       owner,
@@ -1474,6 +1480,7 @@ function createDashboardApiRouter(options = {}) {
       maxCalls,
       allowedTopics: allowedTopics.length ? allowedTopics : null,
       allowedGoals: allowedGoals.length ? allowedGoals : null,
+      allowedTools: allowedTools.length ? allowedTools : null,
       tierSettings: {
         tierId,
         ...tier
@@ -1495,6 +1502,7 @@ function createDashboardApiRouter(options = {}) {
       inviteUrl,
       topics: record.allowed_topics || [],
       goals: record.allowed_goals || [],
+      tools: record.allowed_tools || [],
       expiresText
     });
 

package/src/server.js

@@ -621,13 +621,44 @@ async function callAgent(message, a2aContext) {
           conversationId,
           tier: tierInfo,
           ownerName: agentContext.owner,
+          capabilities: Array.isArray(a2aContext.capabilities) ? a2aContext.capabilities : [],
           allowedTopics: a2aContext.allowed_topics || [],
+          allowed_topics: a2aContext.allowed_topics || [],
+          allowedGoals: a2aContext.allowed_goals || [],
+          allowed_goals: a2aContext.allowed_goals || [],
+          allowedTools: a2aContext.allowed_tools || [],
+          allowed_tools: a2aContext.allowed_tools || [],
           timeoutMs: runtime.mode === 'claude' ? claudeTurnTimeoutMs : 65000,
           traceId,
           requestId
         }
       });
 
+    // Claude mode returns structured metadata (statePatch + flags) via side channel.
+    // We persist owner-facing flags so permission questions (e.g. blocked tool requests)
+    // are visible in call history even though the remote only sees conversational text.
+    const turnMeta = runtime.mode === 'claude' && typeof runtime.getLastTurnMeta === 'function'
+      ? runtime.getLastTurnMeta(sessionId)
+      : null;
+    if (turnMeta?.flags?.length > 0) {
+      const convStoreForFlags = getServerConvStore();
+      if (convStoreForFlags) {
+        try {
+          convStoreForFlags.addMessage(conversationId, {
+            direction: 'outbound',
+            role: 'system',
+            content: `[flags] ${turnMeta.flags.map(f => f.content || f.type).join('; ')}`,
+            metadata: JSON.stringify({ flags: turnMeta.flags, phase: collabState.phase })
+          });
+        } catch (err) {
+          callLogger.warn('Failed to persist owner flags for turn', {
+            event: 'call_turn_flags_persist_failed',
+            error: err
+          });
+        }
+      }
+    }
+
     if (collabMode !== 'adaptive') {
       return rawResponse;
     }
@@ -637,7 +668,17 @@ async function callAgent(message, a2aContext) {
     const beforeTurn = collabState.turnCount;
     let usedMetadata = false;
 
-    if (parsed.hasState && parsed.statePatch) {
+    // Prefer explicit Claude metadata side channel in claude mode.
+    if (turnMeta?.statePatch) {
+      usedMetadata = applyCollaborationPatch(collabState, turnMeta.statePatch);
+      if (!usedMetadata) {
+        callLogger.warn('Invalid collaboration patch; applying fallback heuristics', {
+          event: 'collaboration_patch_invalid',
+          error_code: 'COLLABORATION_PATCH_INVALID',
+          hint: 'Ensure assistant emits valid collaboration metadata JSON block.'
+        });
+      }
+    } else if (parsed.hasState && parsed.statePatch) {
       usedMetadata = applyCollaborationPatch(collabState, parsed.statePatch);
       if (!usedMetadata) {
         callLogger.warn('Invalid collaboration patch; applying fallback heuristics', {
@@ -770,8 +811,9 @@ async function generateSummary(messages, callerInfo) {
   });
 
   try {
+    const summarySessionId = conversationId ? `a2a-${conversationId}` : `summary-${Date.now()}`;
     return await runtime.summarize({
-      sessionId: `summary-${Date.now()}`,
+      sessionId: summarySessionId,
       prompt,
       messages,
       callerInfo,