spec(runner): add Tool Permission Model for ExitPlanMode HITL#1586
Draft
quay-devel wants to merge 5 commits into
Draft
spec(runner): add Tool Permission Model for ExitPlanMode HITL#1586quay-devel wants to merge 5 commits into
quay-devel wants to merge 5 commits into
Conversation
…e#1583 Documents the runner's pre-approval security model and introduces a two-tier tool classification: Tier 1 (allowlist-only) for autonomous tools, Tier 2 (HITL halt) for tools requiring user interaction (AskUserQuestion, ExitPlanMode). Includes formal requirements with scenarios for allowlist completeness, plan approval halt, and no-hang guarantee. Closes ambient-code#1583 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
✅ Deploy Preview for cheerful-kitten-f556a0 canceled.
|
The spec defines desired state — no need to apologize for it. Removed the blockquote callout and simplified the status header. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Issue reference lives in the PR and commit message, not the spec body. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Drop formal requirements/scenarios, compress tool table to inline list. Section is now ~30 lines, proportionate with other sections. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This was referenced May 14, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
specs/agents/runner.spec.mddocumenting the runner's pre-approval security modelExitPlanModeSHALL halt the event stream and wait for user approval — same mechanism asAskUserQuestion— rather than auto-approvingcan_use_tool,PermissionRequesthooks) as implementation pathsAddresses #1583 — this is the spec side. Implementation PR to follow.
Test plan
AskUserQuestionbehavior inBUILTIN_FRONTEND_TOOLS🤖 Generated with Claude Code