Skip to content

M28-C: Tool and skill filtering for sub-agents #712

New issue
New issue
Closed
#735
Closed
M28-C: Tool and skill filtering for sub-agents#712
#735
Labels
enhancementNew feature or requestskillsSKILL.md systemsub-agentsSub-agent orchestrationtoolsTool execution and MCP integration
@bug-ops

Description

@bug-ops
bug-ops
opened on Feb 21, 2026

Parent: #709

Summary

Implement tool access control and skill filtering for sub-agents based on their definition's ToolPolicy and SkillFilter.

Scope

  • FilteredToolExecutor: wraps ErasedToolExecutor, enforces AllowList/DenyList
  • SkillFilter application: glob matching on skill names for include/exclude
  • Filtered skills injected into sub-agent system prompt at spawn time
  • ToolPolicy enforcement at executor level (not prompt level)

Acceptance Criteria

  • AllowList: sub-agent can only call listed tools
  • DenyList: sub-agent can call all tools except listed
  • InheritAll: sub-agent inherits parent tool access
  • Denied tool call returns clear error message to sub-agent LLM
  • SkillFilter with glob patterns (e.g., "rust-*") filters correctly
  • Empty include list = all skills allowed
  • Unit tests for FilteredToolExecutor and SkillFilter

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestskillsSKILL.md systemsub-agentsSub-agent orchestrationtoolsTool execution and MCP integration

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions