feat(q): add trusted tools to Amazon Q alias mirroring Claude's security model#940
Open
atxtechbro wants to merge 7 commits intomainfrom
Open
feat(q): add trusted tools to Amazon Q alias mirroring Claude's security model#940atxtechbro wants to merge 7 commits intomainfrom
atxtechbro wants to merge 7 commits intomainfrom
Conversation
Principle: systems-stewardship
…Q prompts (@ prefix) as equivalent to Claude Code slash commands. Includes syntax differences, troubleshooting, and provider symmetry examples.\n\nPrinciple: systems-stewardship
Amazon Q CLI: '@close-issue 934' (single quotes required) Claude Code: /close-issue 934 (slash commands, better autocomplete) Both use same MCP servers - just different syntax. Principle: ai-provider-agnosticism
Consolidated into knowledge/procedures/mcp-prompts.md for AI provider agnosticism
Keep PR focused on MCP prompt functionality only
Use commands/templates/close-issue.md directly instead of .claude/command-templates symlink for better reliability
…ity model Replace duck-taped qsafe solution with native --trust-tools approach. Amazon Q now uses same trusted MCP tools as Claude for consistent security posture across AI providers. - Add TRUSTED_TOOLS variable with same tools Claude trusts - Include work-specific tools (atlassian, gitlab) when WORK_MACHINE=true - Use q chat --trust-tools instead of manual permission management Eliminates need for qsafe clipboard-based workaround. Principle: ai-provider-agnosticism
Contributor
|
⏳ I'm reviewing this pull request for security vulnerabilities and code quality issues. I'll provide an update when I'm done |
Contributor
|
✅ I finished the code review, and left comments with the issues I found. I will now generate code fix suggestions. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replace the duck-taped
qsafesolution with Amazon Q CLI's native--trust-toolsapproach, mirroring Claude's security model.Changes
TRUSTED_TOOLSvariable with same MCP tools that Claude trustsqalias to useq chat --trust-tools="$TRUSTED_TOOLS"WORK_MACHINE=trueBenefits
qsafeworkaround.claude/settings.jsonAI Provider Agnosticism
Both
claudeandqaliases now have equivalent security models:.claude/settings.jsontrusted tools--trust-toolswith same tool listThis enables seamless switching between providers during service outages while maintaining identical security boundaries.
Principle: ai-provider-agnosticism