Parent: #126
Problem
Toolset scoping is hardcoded in buildClaudeCommand per-phase. ProviderPhaseHints type has allowedTools and disallowedTools fields defined but they're dead — never read at runtime. Adding a new phase or changing tool access requires editing CLI provider internals.
Solution
- Define per-phase tool policies in a declarative config (map of phase → allowed/disallowed tools)
- Wire
phaseHints.allowedTools / phaseHints.disallowedTools into buildClaudeCommand and buildCodexCommand
- Remove hardcoded tool lists from CLI provider
- Phase tool policies become data, not code
Files
packages/agents/src/providers/cli-provider.ts — buildClaudeCommand, buildCodexCommandpackages/agents/src/providers/types.ts — ProviderPhaseHintspackages/pipeline/src/pipeline/runtime.ts — pass hints from config
Parent: #126
Problem
Toolset scoping is hardcoded in
buildClaudeCommandper-phase.ProviderPhaseHintstype hasallowedToolsanddisallowedToolsfields defined but they're dead — never read at runtime. Adding a new phase or changing tool access requires editing CLI provider internals.Solution
phaseHints.allowedTools/phaseHints.disallowedToolsintobuildClaudeCommandandbuildCodexCommandFiles
packages/agents/src/providers/cli-provider.ts—buildClaudeCommand,buildCodexCommandpackages/agents/src/providers/types.ts—ProviderPhaseHintspackages/pipeline/src/pipeline/runtime.ts— pass hints from config