Skip to content

feat: add tool-scoping for fork-mode skills#3260

Merged
dgageot merged 2 commits into
docker:mainfrom
dgageot:worktree-board-dd136e5fee448d91
Jun 26, 2026
Merged

feat: add tool-scoping for fork-mode skills#3260
dgageot merged 2 commits into
docker:mainfrom
dgageot:worktree-board-dd136e5fee448d91

Conversation

@dgageot

@dgageot dgageot commented Jun 26, 2026

Copy link
Copy Markdown
Member

Fork-mode skills run in an isolated sub-session, but until now they inherited every tool available to the parent agent with no way to restrict or augment that set. This made it impossible to write a skill that only needs a small, safe subset of tools, or one that requires a dedicated toolset not part of the main agent's config.

Two new fields address this. allowed_tools (frontmatter key allowed-tools in SKILL.md files) is an allow-list of glob or exact patterns applied to the parent agent's inherited tools — the Claude Code-compatible field was previously parsed but never enforced; it is now enforced in the fork sub-session. toolsets is a list of top-level toolsets names that are injected into the sub-session in addition to the filtered inherited tools, bypassing the allow-list. Both fields are validated at load time: toolset references must exist in the top-level config, and both fields are rejected on non-fork skills. The agent-level readonly flag is honored for assistive toolsets, and assistive toolsets are wrapped with lazy single-flight start semantics via NewStartable.

Both fields work for inline skills defined in YAML and for file-based skills loaded from SKILL.md frontmatter. An example demonstrating the feature is in examples/skills_fork_toolsets.yaml, and the skills documentation in docs/features/skills/index.md has been updated accordingly.

dgageot added 2 commits June 26, 2026 12:03
@dgageot
feat: add tool-scoping for fork-mode skills (allowed_tools + toolsets)
509aad1
@dgageot
fix: honor agent readonly flag and wrap fork-skill toolsets in NewSta…
bf10a0c 
…rtable

A readonly agent could previously gain mutating tools via a fork skill's
assistive toolset; forkSkillToolSets now applies toolset.ReadOnly || a.ReadOnly.
Each toolset is also wrapped in tools.NewStartable for lazy single-flight start
semantics, since skillSubSessionTools calls Start() on every run-loop iteration.

Assisted-By: Claude
@dgageot dgageot requested a review from a team as a code owner June 26, 2026 10:21
@aheritier aheritier added area/config For configuration parsing, YAML, environment variables area/runtime Runtime engine, agent loop execution, tool dispatch, loop detection area/skills Skills system and custom slash commands kind/feat PR adds a new feature (maps to feat:). Use on PRs only. labels Jun 26, 2026
@dgageot dgageot merged commit 59dd63b into docker:main Jun 26, 2026
8 checks passed
@BrewTestBot BrewTestBot mentioned this pull request Jun 29, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aheritier aheritier aheritier approved these changes

Assignees

No one assigned

Labels

area/config For configuration parsing, YAML, environment variables area/runtime Runtime engine, agent loop execution, tool dispatch, loop detection area/skills Skills system and custom slash commands kind/feat PR adds a new feature (maps to feat:). Use on PRs only.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dgageot @aheritier