Skip to content

fix(config): enforce allow_edit_existing_files restriction in tool selection#389

Merged
RyderFreeman4Logos merged 1 commit intomainfrom
fix/enforce-edit-restrictions
Mar 10, 2026
Merged

fix(config): enforce allow_edit_existing_files restriction in tool selection#389
RyderFreeman4Logos merged 1 commit intomainfrom
fix/enforce-edit-restrictions

Conversation

@RyderFreeman4Logos
Copy link
Owner

@RyderFreeman4Logos RyderFreeman4Logos commented Mar 10, 2026

Summary

  • Wire up the existing infer_task_edit_requirement() to the tool selection pipeline
  • Tools with allow_edit_existing_files = false are now filtered out when the prompt indicates editing intent
  • Both round-robin (resolve_tier_tool_rotated) and fallback (resolve_tier_tool_filtered) paths enforce restrictions

Root Cause

needs_edit was hardcoded to false in resolve_tool_and_model() line 87, so resolve_tier_tool_rotated() never filtered restricted tools. Additionally, the non-rotating fallback resolve_tier_tool() had no restriction check at all.

Changes

File Change
run_helpers.rs Add needs_edit param to resolve_tool_and_model(), forward to rotation
run_cmd_execute.rs Call infer_task_edit_requirement() and pass result to strategy resolver
run_cmd_tool_selection.rs Thread needs_edit through all strategy arms
config.rs New resolve_tier_tool_filtered(), resolve_tier_tool delegates to it
rotation.rs Tests for restriction filtering in round-robin
config_tests_tier.rs Tests for resolve_tier_tool_filtered

Test plan

  • 2453 unit tests pass (nextest)
  • 16 E2E tests pass
  • New tests verify restriction filtering in both tier and rotation paths
  • CSA review passed (no P0/P1 issues)

Closes #388

🤖 Generated with Claude Code

@RyderFreeman4Logos @claude
fix(config): enforce allow_edit_existing_files restriction in tool se…
a6ea5e2 
…lection (#388)

Wire up the existing but unused `infer_task_edit_requirement()` heuristic
to the tool selection pipeline. When a prompt indicates editing intent
(fix, implement, refactor, etc.), tools with `allow_edit_existing_files =
false` are now filtered out during tier-based selection.

Three changes:
- `resolve_tool_and_model()` accepts `needs_edit` and forwards it to
  `resolve_tier_tool_rotated()` (was hardcoded `false`)
- New `resolve_tier_tool_filtered()` replaces the unfiltered fallback,
  `resolve_tier_tool()` now delegates to it with `needs_edit=false`
- `run_cmd_execute` calls `infer_task_edit_requirement()` and passes
  the result through the strategy resolution chain

Closes #388

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@chatgpt-codex-connector
Copy link

chatgpt-codex-connector bot commented Mar 10, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@RyderFreeman4Logos RyderFreeman4Logos merged commit 7c92ba8 into main Mar 10, 2026
4 of 6 checks passed
@RyderFreeman4Logos RyderFreeman4Logos deleted the fix/enforce-edit-restrictions branch March 10, 2026 04:04
@RyderFreeman4Logos RyderFreeman4Logos mentioned this pull request Mar 10, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug: gemini-cli restrictions.allow_edit_existing_files=false not enforced

1 participant

@RyderFreeman4Logos