csh
/
playbook
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
playbook/outfitter-agents/plugins/outfitter/skills/claude-agents/references/tools.md

131 lines
2.7 KiB
Markdown
Raw Blame History

# Tool Configuration
How to configure tool access for agents.
## Philosophy
**Don't over-restrict.** Agents work best with appropriate access. Only restrict when there's a specific safety reason.
## Default: Inherit
Most agents should NOT specify `tools`. They inherit full access from parent.
```markdown
---
name: code-reviewer
description: ...
model: inherit
---
# No tools field — inherits full access
```
## When to Restrict
Only restrict when:
- Agent's purpose is explicitly read-only
- Specific safety concern exists
- Want to prevent accidental modifications
**Don't restrict when:**
- Agent needs flexibility to complete task
- Being "cautious" without specific reason
## Baseline Tools
When restricting, always include these:
```yaml
tools: Glob, Grep, Read, Skill, Task, TaskCreate, TaskUpdate, TaskList, TaskGet
```
These enable: file discovery, searching, reading, skill loading, sub-agent delegation, task tracking.
## Common Patterns
**Read-only analysis:**
```yaml
tools: Glob, Grep, Read, Skill, Task, TaskCreate, TaskUpdate, TaskList, TaskGet
```
**Read-only with git history:**
```yaml
tools: Glob, Grep, Read, Skill, Task, TaskCreate, TaskUpdate, TaskList, TaskGet, Bash(git show:*), Bash(git diff:*)
```
**Research agent:**
```yaml
tools: Glob, Grep, Read, Skill, Task, TaskCreate, TaskUpdate, TaskList, TaskGet, WebSearch, WebFetch
```
**Implementation agent:**
```yaml
tools: Glob, Grep, Read, Write, Edit, Bash, Skill, Task, TaskCreate, TaskUpdate, TaskList, TaskGet
```
## Pattern Matching Syntax
```yaml
# Full tool access
Bash
# Restrict to command family
Bash(git *)
# Restrict to specific subcommand
Bash(git status:*)
# File path patterns
Write(tests/**/*.ts)
Write(__tests__/**/*)
# MCP tools
mcp__server__tool
mcp__server__*
```
## Examples
### Security Auditor (read-only)
```markdown
---
name: security-auditor
description: Read-only security analysis.
tools: Glob, Grep, Read, Skill, Task, TaskCreate, TaskUpdate, TaskList, TaskGet, Bash(git diff:*), Bash(git log:*)
model: inherit
---
```
### Deployment Agent (specific commands)
```markdown
---
name: k8s-deployer
description: Kubernetes deployment tasks.
tools: Glob, Grep, Read, Skill, Task, TaskCreate, TaskUpdate, TaskList, TaskGet, Bash(kubectl *), Bash(docker *)
model: inherit
---
```
### Test Writer (file restrictions)
```markdown
---
name: test-writer
description: Writes tests only in test directories.
tools: Glob, Grep, Read, Skill, Task, TaskCreate, TaskUpdate, TaskList, TaskGet, Write(tests/**), Write(__tests__/**)
model: inherit
---
```
## Testing Tool Restrictions
1. Create agent with `tools` field
2. Ask Claude to use the agent
3. Verify agent has access to specified tools
4. Verify restricted tools require permission or fail
Reference in New Issue View Git Blame Copy Permalink