mirror of
https://github.com/qwibitai/nanoclaw.git
synced 2026-07-12 19:00:58 +08:00
c0a4dcb673
Code: - applyGroupSettings never throws: a non-SyntaxError I/O failure on settings.json (EISDIR/EACCES — the dir is mounted rw into the container) used to escape initGroupFilesystem and wedge the group in a wakeContainer retry-fail loop; pre-capability code swallowed all errors on this path. Warn-and-spawn restored, regression test added. - setup/register.ts now runs the container-config backfill right after migrations, matching the host boot order — otherwise its ensureContainerConfig could claim a legacy group's row with lean defaults before the backfill could grandfather it. - scripts/seed-discord.ts provisions the config row at creation so the later backfill can't mis-grandfather a genuinely new group. - The PreToolUse deny now puts the redirect in `reason` / permissionDecisionReason — the fields the CLI feeds back to the model (stopReason only surfaces with continue:false, which ends the turn). - New tests: ClaudeProvider builds its blocklist from constructor capabilities (guards the query-site seam), and a structural guard that spawnContainer threads harnessCapabilities into group init. Docs (measured-behavior honesty): - disallowedTools schema-stripping is best-effort on the pinned CLI (wire-measured per-query nondeterminism for flag-gated tools); the PreToolUse hook is the deterministic block. Enforcement-strength section, agent-runner-details inventory, and CHANGELOG updated. - agent-teams=off bypass via workspace project/local settings persists across respawns (reconciler manages only the user-scope file) — said so, with the RO-mount/settingSources follow-up noted. - ReportFindings added to the fixed-off inventory; in-container rejection claim scoped to cli_scope=group; verify-after-upgrade bullet now quotes the real config-get output; hand-edited settings.json takeover documented with the supported re-apply path. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>