Files
nanoclaw/docs
Gabi Simons 7ce25de444 fix(agent-runner): reconcile Claude tool allowlist with pinned CLI, add drift guard
TOOL_ALLOWLIST named five tools that don't exist on claude-code 2.1.197
(Task was renamed Agent upstream; TodoWrite, TeamCreate, TeamDelete, and
ToolSearch are gone). Remove the phantoms and correct the comment (and
the stale claim in docs/agent-runner-details.md): allowedTools is a
permission auto-approve list, not an availability filter — paired wire
captures show no allowlist effect on the offered tool surface, and this
runner's bypassPermissions moots its permission role. No wire-visible
change.

Add a wire-captured fixture (sdk-tools-baseline.json, regenerated via
dump-sdk-tools.ts inside the agent image with a zero-API-cost 401-stub
capture) and claude.tools.test.ts, which fails on any future
claude-code CLI or Agent SDK bump until the fixture is regenerated and
the lists re-verified. The SDK dep is pinned exactly (0.3.197, was
caret) so drift can only enter deliberately.

Wire measurement on this pin also shows run-to-run NONDETERMINISM in
the offered surface: conditional tools (Glob/Grep) flicker, and
disallowedTools stripping of flag-gated tools is per-query best-effort.
The fixture pairs captures within one regen run to control for this,
records a disallow probe as a diagnostic, and the dump-script header
documents the variance; the deterministic tool block remains the
runner's PreToolUse hook.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-12 11:38:23 +03:00
..
2026-07-04 23:36:05 +03:00

NanoClaw Documentation

The official documentation is at docs.nanoclaw.dev.

The files in this directory are original design documents and developer references. For the most current and accurate information, use the documentation site.

This directory Documentation site
SECURITY.md Security model
REQUIREMENTS.md Introduction