elias/oh-my-opencode
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(agents): block apply_patch tool for all read-only agents

Browse Source 
Oracle, Librarian, Explore, Momus, and Metis could modify files via
apply_patch despite being read-only agents. Also fixed duplicate task
entries in Librarian and Explore restriction lists.
This commit is contained in:
YeonGyu-Kim 2026-02-18 15:51:31 +09:00
parent 96ff1e00cc
commit 101dadbce2
6 changed files with 104 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/agents/explore.ts
View File

@ -28,7 +28,7 @@ export function createExploreAgent(model: string): AgentConfig {
const restrictions = createAgentToolRestrictions([
"write",
"edit",
"task",
"apply_patch",
"task",
"call_omo_agent",
])

2
src/agents/librarian.ts
View File

@ -25,7 +25,7 @@ export function createLibrarianAgent(model: string): AgentConfig {
const restrictions = createAgentToolRestrictions([
"write",
"edit",
"task",
"apply_patch",
"task",
"call_omo_agent",
])

1
src/agents/metis.ts
View File

@ -306,6 +306,7 @@ User confirms the button works as expected.
const metisRestrictions = createAgentToolRestrictions([
"write",
"edit",
"apply_patch",
"task",
])

2
src/agents/momus.ts
View File

@ -192,7 +192,7 @@ export function createMomusAgent(model: string): AgentConfig {
const restrictions = createAgentToolRestrictions([
"write",
"edit",
"task",
"apply_patch",
"task",
])

2
src/agents/oracle.ts
View File

@ -146,7 +146,7 @@ export function createOracleAgent(model: string): AgentConfig {
const restrictions = createAgentToolRestrictions([
"write",
"edit",
"task",
"apply_patch",
"task",
])

99
src/agents/tool-restrictions.test.ts Normal file
View File

@ -0,0 +1,99 @@
import { describe, test, expect } from "bun:test"
import { createOracleAgent } from "./oracle"
import { createLibrarianAgent } from "./librarian"
import { createExploreAgent } from "./explore"
import { createMomusAgent } from "./momus"
import { createMetisAgent } from "./metis"
const TEST_MODEL = "anthropic/claude-sonnet-4-5"
describe("read-only agent tool restrictions", () => {
const FILE_WRITE_TOOLS = ["write", "edit", "apply_patch"]
describe("Oracle", () => {
test("denies all file-writing tools", () => {
// given
const agent = createOracleAgent(TEST_MODEL)
// when
const permission = agent.permission as Record<string, string>
// then
for (const tool of FILE_WRITE_TOOLS) {
expect(permission[tool]).toBe("deny")
}
})
test("denies task but allows call_omo_agent for research", () => {
// given
const agent = createOracleAgent(TEST_MODEL)
// when
const permission = agent.permission as Record<string, string>
// then
expect(permission["task"]).toBe("deny")
expect(permission["call_omo_agent"]).toBeUndefined()
})
})
describe("Librarian", () => {
test("denies all file-writing tools", () => {
// given
const agent = createLibrarianAgent(TEST_MODEL)
// when
const permission = agent.permission as Record<string, string>
// then
for (const tool of FILE_WRITE_TOOLS) {
expect(permission[tool]).toBe("deny")
}
})
})
describe("Explore", () => {
test("denies all file-writing tools", () => {
// given
const agent = createExploreAgent(TEST_MODEL)
// when
const permission = agent.permission as Record<string, string>
// then
for (const tool of FILE_WRITE_TOOLS) {
expect(permission[tool]).toBe("deny")
}
})
})
describe("Momus", () => {
test("denies all file-writing tools", () => {
// given
const agent = createMomusAgent(TEST_MODEL)
// when
const permission = agent.permission as Record<string, string>
// then
for (const tool of FILE_WRITE_TOOLS) {
expect(permission[tool]).toBe("deny")
}
})
})
describe("Metis", () => {
test("denies all file-writing tools", () => {
// given
const agent = createMetisAgent(TEST_MODEL)
// when
const permission = agent.permission as Record<string, string>
// then
for (const tool of FILE_WRITE_TOOLS) {
expect(permission[tool]).toBe("deny")
}
})
})
})