ENHANCEMENT: Apply tool restrictions via frontmatter (principle of least privilege)

[ali5ter]

Motivation

The coach.md agent currently omits the tools frontmatter field, meaning it inherits all Claude Code tools. The Claude Code subagent best practices recommend restricting tools to only what the agent actually needs.

The coach agent's role is advisory, scaffolding, and code review — not file system management or executing shell commands on behalf of the user. Granting it the full tool set:

• Increases the blast radius of accidental or erroneous actions
• Undermines the framework's goal of the human doing the implementation work
• Contradicts the anti-cruft philosophy of minimal surface area

Proposed Change

Add a tools field to the coach.md frontmatter scoped to read/search operations:

tools: Read, Glob, Grep, Bash

Rationale:

• Read — needed to review user's code (special case: research vs implementation)
• Glob / Grep — needed to explore codebase when advising
• Bash — needed for lightweight research (e.g. checking types, running tests to review output)
• Explicitly omit: Write, Edit, NotebookEdit, Agent (except where warranted)

This should be considered alongside issue #2 (persistent memory) since the memory feature requires the agent to be able to write its memory store.