Skip to content

Fix /review permission prompt spam from sub-agent tool calls#1

Open
artekr wants to merge 1 commit intoLangerrr:mainfrom
artekr:fix/review-permission-prompts
Open

Fix /review permission prompt spam from sub-agent tool calls#1
artekr wants to merge 1 commit intoLangerrr:mainfrom
artekr:fix/review-permission-prompts

Conversation

@artekr
Copy link

@artekr artekr commented Feb 28, 2026

Summary

  • Problem: /review command constantly asks permission for every Grep, Read, and Bash call because allowed-tools only auto-approves tools for the orchestrator, not for sub-agents spawned via Task. There's no "yes for session" option, so users must approve each call individually.
  • Fix: Restructured to a "pre-fetch" pattern — the orchestrator (which has allowed-tools) gathers all data upfront (file contents, diffs, CLAUDE.md, git blame/log) and embeds it inline in each sub-agent's Task prompt. Sub-agents become pure text analyzers with zero tool calls.
  • Removed Bash from code-reviewer agent tools since git data is now provided inline by the orchestrator.

Test plan

  • Run /review --staged on a repo with staged changes — verify no permission prompts from sub-agents
  • Run /review <file> on a specific file — verify reviewers analyze without tool calls
  • Run /review --feature <name> — verify git blame/log data is embedded correctly
  • Verify review output quality is unchanged (confidence scoring, filtering still works)

🤖 Generated with Claude Code

@artekr @claude
Fix /review command spamming permission prompts for sub-agent tool calls
f81a2b0 
The allowed-tools on the review command only auto-approves tools for the
orchestrator, not for sub-agents spawned via Task. This caused every Grep,
Read, and Bash call from each reviewer agent to trigger individual permission
prompts with no "yes for session" option.

Restructured to a pre-fetch pattern: the orchestrator gathers all data
(file contents, diffs, CLAUDE.md, git blame/log) upfront and embeds it
inline in each sub-agent's Task prompt. Sub-agents become pure text
analyzers with zero tool calls and zero permission prompts.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Langerrr
Copy link
Owner

Langerrr commented Feb 28, 2026

Code review

Nice fix — the pre-fetch pattern is the right call for avoiding permission prompt spam. Two things I want to clarify:

  1. Agent type switch: The command now uses feature-dev:code-reviewer instead of zforge:code-reviewer, which means our agent definition (agents/code-reviewer.md) with the confidence scoring and output format won't be picked up automatically. Was this intentional? If so we'd be duplicating those instructions inline and they'll drift over time. Let's chat about whether we can keep using zforge:code-reviewer with just the tools stripped.

zforge/commands/review.md

Lines 30 to 31 in f81a2b0

Store all of the above as text — you will embed it directly into each reviewer's Task prompt.

  1. Agent definition now assumes inline data: The History & Context section was updated to say "Analyze the provided git blame/log output" and "do not run git commands yourself" — but the agent still has Glob, Grep, Read as tools and could be spawned standalone outside of /review. In that case nobody would be providing inline data. Might be worth keeping the original wording or adding a conditional ("If data is provided inline, use that; otherwise run the commands yourself").

zforge/agents/code-reviewer.md

Lines 49 to 56 in f81a2b0

### Focus: History & Context
- Analyze the provided `git blame` output to understand prior intent
- Analyze the provided `git log` output to see recent change patterns
- Check if changes contradict the original author's design intent
- Identify regressions — changes that undo or break previous intentional fixes
- Look for patterns in previous changes that suggest constraints the current PR may violate
- Note if the same code area has been repeatedly modified (churn indicates fragility)

🤖 Generated with Claude Code

- If this code review was useful, please react with 👍. Otherwise, react with 👎.

@Langerrr
Copy link
Owner

Langerrr commented Feb 28, 2026

Hey! Great catch on the permission prompt spam — this was a real usability pain point.

We went with a different approach on main (ea782ca) that builds on the same insight but takes it further: instead of making reviewers pure text analyzers, we rewrote /review to use the spawn/monitor pattern (same one that powers /feature-orchestrate).

What changed

Each reviewer now runs as an independent claude -p process with its own --allowedTools, so they can freely use Read, Glob, Grep, and Bash without any permission prompts. This matters because zforge reviews often cover large multi-phase features where inline pre-fetching would blow up the orchestrator's context window.

We also added:

  • --only flag for selective reviewer execution (e.g. --only simplicity,bugs) — useful when you just need a quick focused review instead of the full 4-reviewer suite
  • Sentinel files + orphan detection so the monitor can track reviewers even if they die before writing output
  • spawn-codex.sh as a separate spawner for Codex CLI agents (different flags/format than claude)
  • Fixed spawn-agent.sh to unset CLAUDECODE so nested spawning works

Why not the pure text analyzer approach?

It works well for small diffs, but zforge's primary use case is reviewing entire feature implementations (5-15+ files). Pre-fetching all that content into the orchestrator and passing it inline would consume too much context. Letting reviewers use their own tools keeps the orchestrator lightweight and lets each reviewer explore the codebase independently.

The agent definition (code-reviewer.md) stays unchanged with its tools — this way it remains usable standalone if needed, and the command references it as the single source of truth for focus areas and scoring rubrics.

Thanks for surfacing this issue — it pushed us to a much better architecture!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@artekr @Langerrr