refactor: migrate Tool Permissions from Settings to /settings/tools

- Remove Tool Permissions form from settings.html; replace with a "Tool Settings →" link that redirects to /settings/tools - Add Confirmation Gate section to tools_settings.html (allow/deny textareas) inside the same form as risk policy — one save covers all - tools_settings.py save handler now writes allow/deny alongside max_risk/whitelist/blacklist into tool_policy.json - Remove /settings/tool-policy POST route from settings.py (no longer needed) - Remove get_tool_policy, save_tool_policy, CONFIRM_REQUIRED imports from settings.py (now owned by tools_settings.py) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-11 22:50:48 -04:00
parent 69ec2f667d
commit 8ab1942514
4 changed files with 56 additions and 60 deletions
--- a/cortex/static/settings.html
+++ b/cortex/static/settings.html
@@ -379,33 +379,18 @@
      </a>
    </div>

-    <!-- Tool Permissions -->
+    <!-- Tool Permissions → moved to /settings/tools -->
    <div class="section">
      <h2>Tool Permissions</h2>
-      <p style="font-size:0.8rem; color:var(--pg-muted); margin-bottom:0.5rem; line-height:1.55;">
-        Override the default confirmation gate for orchestrator tools.
-        <strong>Allow list</strong> — tools that run without asking for confirmation.
-        <strong>Deny list</strong> — tools that are always blocked for your account.
-        One tool name per line.
+      <p style="font-size:0.85rem; color:var(--pg-muted); margin-bottom:1rem; line-height:1.55;">
+        Configure tool access, risk policy, and confirmation gate overrides on the Tools page.
      </p>
-      <p style="font-size:0.78rem; color:var(--pg-muted); margin-bottom:0.85rem;">
-        Tools requiring confirmation by default: <code>{{ confirm_required_tools }}</code>
-      </p>
-      <form method="POST" action="/settings/tool-policy">
-        <div class="form-group">
-          <label for="allow_list">Allow list (bypass confirmation)</label>
-          <textarea id="allow_list" name="allow_list" rows="3"
-                    placeholder="reminders_clear&#10;cron_remove"
-                    autocomplete="off" spellcheck="false">{{ tool_allow }}</textarea>
-        </div>
-        <div class="form-group">
-          <label for="deny_list">Deny list (always block)</label>
-          <textarea id="deny_list" name="deny_list" rows="3"
-                    placeholder="shell_exec&#10;file_write"
-                    autocomplete="off" spellcheck="false">{{ tool_deny }}</textarea>
-        </div>
-        <button type="submit">Save tool permissions</button>
-      </form>
+      <a href="/settings/tools"
+         style="display:inline-block; padding:0.45rem 1.1rem; background:var(--pg-accent,#7c3aed);
+                color:#fff; border-radius:0.5rem; font-size:0.875rem; font-weight:600;
+                text-decoration:none;">
+        Tool Settings →
+      </a>
    </div>

    <!-- Browser cache -->