From 6b72c3b71e13126e8e7d4d8fb1ea06547ad94720 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 1 Nov 2025 17:13:17 +0000 Subject: [PATCH 1/4] Initial plan From 0f84f5e5143ecedf75c73e4063bd52cf16baa05b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 1 Nov 2025 17:24:27 +0000 Subject: [PATCH 2/4] Document why --allowed-tools is preferred over --tools flag Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- pkg/workflow/claude_engine.go | 6 ++++++ pkg/workflow/claude_tools.go | 10 +++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/pkg/workflow/claude_engine.go b/pkg/workflow/claude_engine.go index 4fe0310cc97..c300eb6eb9f 100644 --- a/pkg/workflow/claude_engine.go +++ b/pkg/workflow/claude_engine.go @@ -108,6 +108,12 @@ func (e *ClaudeEngine) GetExecutionSteps(workflowData *WorkflowData, logFile str } // Add allowed tools configuration + // Note: Claude Code CLI v2.0.31 introduced a simpler --tools flag, but we continue to use + // --allowed-tools because it provides fine-grained control needed by gh-aw: + // - Specific bash commands: Bash(git:*), Bash(ls) + // - MCP tool prefixes: mcp__github__get_issue + // - Path-specific tools: Read(/tmp/gh-aw/cache-memory/*) + // The --tools flag only supports basic tool names (e.g., "Bash,Edit,Read") without patterns. allowedTools := e.computeAllowedClaudeToolsString(workflowData.Tools, workflowData.SafeOutputs, workflowData.CacheMemoryConfig) if allowedTools != "" { claudeArgs = append(claudeArgs, "--allowed-tools", allowedTools) diff --git a/pkg/workflow/claude_tools.go b/pkg/workflow/claude_tools.go index f39e52e3e21..3f4810b4f09 100644 --- a/pkg/workflow/claude_tools.go +++ b/pkg/workflow/claude_tools.go @@ -97,7 +97,15 @@ func (e *ClaudeEngine) expandNeutralToolsToClaudeTools(tools map[string]any) map return result } -// computeAllowedClaudeToolsString +// computeAllowedClaudeToolsString generates the tool specification string for Claude's --allowed-tools flag. +// +// Why --allowed-tools instead of --tools (introduced in v2.0.31)? +// While --tools is simpler (e.g., "Bash,Edit,Read"), it lacks the fine-grained control gh-aw requires: +// - Specific bash commands: Bash(git:*), Bash(ls) +// - MCP tool prefixes: mcp__github__get_issue, mcp__github__* +// - Path-specific access: Read(/tmp/gh-aw/cache-memory/*) +// +// This function: // 1. validates that only neutral tools are provided (no claude section) // 2. converts neutral tools to Claude-specific tools format // 3. adds default Claude tools and git commands based on safe outputs configuration From 116e71cf9c1133d4a9e7ab7b23a25f5416428b2f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 1 Nov 2025 17:26:49 +0000 Subject: [PATCH 3/4] Add documentation explaining --tools vs --allowed-tools decision Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- docs/src/content/docs/reference/engines.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/src/content/docs/reference/engines.md b/docs/src/content/docs/reference/engines.md index 93dfbb3a2b1..55eeb0cefb3 100644 --- a/docs/src/content/docs/reference/engines.md +++ b/docs/src/content/docs/reference/engines.md @@ -168,6 +168,16 @@ gh secret set ANTHROPIC_API_KEY -a actions --body "" gh secret set GH_AW_GITHUB_TOKEN -a actions --body "" ``` +:::note[Tool Specification: `--allowed-tools` vs `--tools`] +Claude Code CLI v2.0.31 introduced a simpler `--tools` flag for basic tool specification (e.g., `--tools "Bash,Edit,Read"`). However, gh-aw uses the more powerful `--allowed-tools` flag which supports: + +- **Specific bash commands**: `Bash(git:*)`, `Bash(ls)` +- **MCP tool prefixes**: `mcp__github__get_issue`, `mcp__github__*` +- **Path-specific access**: `Read(/tmp/gh-aw/cache-memory/*)` + +The `--tools` flag is too simplistic for gh-aw's fine-grained security and flexibility requirements. Tool permissions are automatically configured based on your workflow's `tools:` section. +::: + ### OpenAI Codex OpenAI Codex CLI with MCP server support. Designed for code-focused tasks. From 0c5a2d93fa4cad4c53c529857904ee6f9dc432bf Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 1 Nov 2025 17:29:04 +0000 Subject: [PATCH 4/4] Investigation complete: --tools flag analysis documented Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- pkg/workflow/js/check_workflow_timestamp.cjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/workflow/js/check_workflow_timestamp.cjs b/pkg/workflow/js/check_workflow_timestamp.cjs index bb8fe998c01..07a77f37979 100644 --- a/pkg/workflow/js/check_workflow_timestamp.cjs +++ b/pkg/workflow/js/check_workflow_timestamp.cjs @@ -69,7 +69,7 @@ async function main() { // Check if workflow file is newer than lock file if (workflowMtime > lockMtime) { const warningMessage = `🔴🔴🔴 WARNING: Lock file '${lockFile}' is outdated! The workflow file '${workflowFile}' has been modified more recently. Run 'gh aw compile' to regenerate the lock file.`; - + core.error(warningMessage); // Add summary to GitHub Step Summary