sapient/oh-my-openagent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(athena): deny athena_council tool for council members as defense-in-depth

Browse Source 
Already denied via agent-tool-restrictions.ts for all athena sessions,
but now also explicitly denied in the per-launch permission to make
the anti-recursion intent clear at the launch site.
This commit is contained in:
ismeth
2026-02-13 18:26:38 +01:00
committed by YeonGyu-Kim
parent 4d675bac89
commit dc4041c050
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/agents/athena/council-orchestrator.test.ts
View File

@@ -68,7 +68,7 @@ describe("executeCouncil", () => {
for (const launch of launches) {
expect(launch.prompt).toBe(expectedPrompt)
expect(launch.agent).toBe("athena")
expect(launch.permission).toEqual({ write: "deny", edit: "deny", task: "deny" })
expect(launch.permission).toEqual({ write: "deny", edit: "deny", task: "deny", athena_council: "deny" })
}
expect(launches[0]?.model).toEqual({ providerID: "openai", modelID: "gpt-5.3-codex" })

2
src/agents/athena/council-orchestrator.ts
View File

@@ -72,7 +72,7 @@ async function launchMember(
throw new Error(`Invalid model string: "${member.model}"`)
}
const restrictions = createAgentToolRestrictions(["write", "edit", "task"])
const restrictions = createAgentToolRestrictions(["write", "edit", "task", "athena_council"])
const memberName = member.name ?? member.model
return launcher.launch({
description: `Council member: ${memberName}`,