From 4ca9bd0dd45dea9c00561bfb6ca2002cf65433a2 Mon Sep 17 00:00:00 2001 From: Chris La Date: Fri, 20 Mar 2026 18:51:09 -0700 Subject: [PATCH] Add --disallowedTools to block Claude Code scheduling tools Prevent agents from using Claude Code's native CronCreate, CronDelete, and CronList tools. StrawPot manages scheduling through its own orchestrator (denden), so these tools create invisible "ghost schedules" that bypass orchestrator control. Fixes #22 Co-Authored-By: Claude Opus 4.6 (1M context) --- claude_code/wrapper/main.go | 4 ++++ claude_code/wrapper/main_test.go | 19 +++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/claude_code/wrapper/main.go b/claude_code/wrapper/main.go index 8f52b4f..9bcb4f8 100644 --- a/claude_code/wrapper/main.go +++ b/claude_code/wrapper/main.go @@ -249,6 +249,10 @@ func cmdBuild(args []string) { cmd = append(cmd, "--dangerously-skip-permissions") } + // Disallow Claude Code's native scheduling tools — StrawPot manages + // scheduling through its own orchestrator (denden). + cmd = append(cmd, "--disallowedTools", "CronCreate,CronDelete,CronList") + // Single --add-dir pointing to the agent workspace. // Claude Code discovers .claude/skills/ within it natively. cmd = append(cmd, "--add-dir", ba.AgentWorkspaceDir) diff --git a/claude_code/wrapper/main_test.go b/claude_code/wrapper/main_test.go index 2db67b9..e5e4593 100644 --- a/claude_code/wrapper/main_test.go +++ b/claude_code/wrapper/main_test.go @@ -364,6 +364,25 @@ func TestCmdBuild_DangerouslySkipPermissions_Disabled(t *testing.T) { } } +func TestCmdBuild_DisallowedSchedulingTools(t *testing.T) { + tmpDir := t.TempDir() + wsDir := filepath.Join(tmpDir, "workspace") + + args := []string{ + "--agent-workspace-dir", wsDir, + } + + output := captureBuildOutput(t, args) + + var result map[string]interface{} + if err := json.Unmarshal(output, &result); err != nil { + t.Fatalf("Failed to parse JSON output: %v", err) + } + + cmd := result["cmd"].([]interface{}) + assertSequence(t, cmd, "--disallowedTools", "CronCreate,CronDelete,CronList") +} + // --- helpers --- // captureBuildOutput runs cmdBuild and captures its stdout JSON output.