From dc4041c050f48fa6c7ec5fd91daed38e1af3f065 Mon Sep 17 00:00:00 2001
From: ismeth <ufukaltinok@gmail.com>
Date: Fri, 13 Feb 2026 18:26:38 +0100
Subject: [PATCH] fix(athena): deny athena_council tool for council members as
 defense-in-depth

Already denied via agent-tool-restrictions.ts for all athena sessions,
but now also explicitly denied in the per-launch permission to make
the anti-recursion intent clear at the launch site.
---
 src/agents/athena/council-orchestrator.test.ts | 2 +-
 src/agents/athena/council-orchestrator.ts      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/agents/athena/council-orchestrator.test.ts b/src/agents/athena/council-orchestrator.test.ts
index 4e32ce18..428aefda 100644
--- a/src/agents/athena/council-orchestrator.test.ts
+++ b/src/agents/athena/council-orchestrator.test.ts
@@ -68,7 +68,7 @@ describe("executeCouncil", () => {
     for (const launch of launches) {
       expect(launch.prompt).toBe(expectedPrompt)
       expect(launch.agent).toBe("athena")
-      expect(launch.permission).toEqual({ write: "deny", edit: "deny", task: "deny" })
+      expect(launch.permission).toEqual({ write: "deny", edit: "deny", task: "deny", athena_council: "deny" })
     }
 
     expect(launches[0]?.model).toEqual({ providerID: "openai", modelID: "gpt-5.3-codex" })
diff --git a/src/agents/athena/council-orchestrator.ts b/src/agents/athena/council-orchestrator.ts
index 31f81fa0..915dd10f 100644
--- a/src/agents/athena/council-orchestrator.ts
+++ b/src/agents/athena/council-orchestrator.ts
@@ -72,7 +72,7 @@ async function launchMember(
     throw new Error(`Invalid model string: "${member.model}"`)
   }
 
-  const restrictions = createAgentToolRestrictions(["write", "edit", "task"])
+  const restrictions = createAgentToolRestrictions(["write", "edit", "task", "athena_council"])
   const memberName = member.name ?? member.model
   return launcher.launch({
     description: `Council member: ${memberName}`,