feat: task_list priority filter, session delete confirm, spawn_agent tool restrictions

- task_list: add priority param ('low'/'normal'/'high') alongside existing status filter - Session delete: inline confirm row (Delete / Cancel) instead of immediate delete - spawn_agent: allow_tools and deny_tools per-call params; role config remains ceiling; deny_tools falls back to confirm_deny gate when no explicit tool_list is set Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-12 21:09:50 -04:00
parent 76fef827c5
commit f336ae9687
4 changed files with 118 additions and 16 deletions
--- a/cortex/tools/agents.py
+++ b/cortex/tools/agents.py
@@ -35,6 +35,8 @@ async def spawn_agent(
    tier: int = 1,
    timeout: int = 120,
    max_rounds: int | None = None,
+    allow_tools: list[str] | None = None,
+    deny_tools: list[str] | None = None,
 ) -> str:
    """
    Spawn a sub-agent to complete a task synchronously.
@@ -91,6 +93,21 @@ async def spawn_agent(
    confirm_allow = set(policy.get("allow", []))
    confirm_deny = set(policy.get("deny", []))

+    # Per-call tool restrictions — role config remains the authoritative ceiling
+    if allow_tools is not None:
+        if tool_list is not None:
+            tool_list = [t for t in tool_list if t in allow_tools]
+        else:
+            tool_list = list(allow_tools)
+
+    if deny_tools is not None:
+        deny_set = set(deny_tools)
+        if tool_list is not None:
+            tool_list = [t for t in tool_list if t not in deny_set]
+        else:
+            # tool_list is unrestricted — block via confirm_deny so the gate fires
+            confirm_deny = confirm_deny | deny_set
+
    if max_rounds is not None:
        model_cfg = dict(model_cfg)
        model_cfg["max_rounds"] = max_rounds
@@ -198,6 +215,25 @@ DECLARATIONS = [
                    type=types.Type.INTEGER,
                    description="Override max tool-loop iterations for this call.",
                ),
+                "allow_tools": types.Schema(
+                    type=types.Type.ARRAY,
+                    items=types.Schema(type=types.Type.STRING),
+                    description=(
+                        "Restrict the sub-agent to only these tools. "
+                        "Intersected with the role's tool set — cannot grant more than the role allows. "
+                        "Omit to give the sub-agent the role's full tool set. "
+                        "Example: ['web_search', 'web_read'] for a pure research agent."
+                    ),
+                ),
+                "deny_tools": types.Schema(
+                    type=types.Type.ARRAY,
+                    items=types.Schema(type=types.Type.STRING),
+                    description=(
+                        "Block these tools from the sub-agent regardless of role config. "
+                        "Use to prevent destructive operations in sensitive sub-tasks. "
+                        "Example: ['shell_exec', 'file_write', 'cortex_restart']."
+                    ),
+                ),
            },
            required=["task"],
        ),
--- a/cortex/tools/tasks.py
+++ b/cortex/tools/tasks.py
@@ -60,13 +60,15 @@ def _format_task(t: dict) -> str:
 # Sync implementations — called via asyncio.to_thread
 # ---------------------------------------------------------------------------

-def _task_list(status: str | None) -> str:
+def _task_list(status: str | None, priority: str | None) -> str:
    tasks = _load()
    if status:
        tasks = [t for t in tasks if t["status"] == status]
+    if priority:
+        tasks = [t for t in tasks if t.get("priority") == priority]
    if not tasks:
-        label = f"No {status} tasks." if status else "No tasks yet."
-        return label
+        filters = " ".join(f for f in [status, priority] if f)
+        return f"No {filters} tasks." if filters else "No tasks yet."
    lines = [f"Tasks ({len(tasks)}):\n"]
    for t in tasks:
        lines.append(_format_task(t))
@@ -118,8 +120,8 @@ def _task_complete(task_id: str) -> str:
 # Async wrappers
 # ---------------------------------------------------------------------------

-async def task_list(status: str | None = None) -> str:
-    return await asyncio.to_thread(_task_list, status)
+async def task_list(status: str | None = None, priority: str | None = None) -> str:
+    return await asyncio.to_thread(_task_list, status, priority)


 async def task_create(title: str, description: str | None = None,
@@ -148,6 +150,7 @@ DECLARATIONS = [
            type=types.Type.OBJECT,
            properties={
                "status": types.Schema(type=types.Type.STRING, description="Filter by status: 'todo', 'in_progress', or 'done'. Omit to list all."),
+                "priority": types.Schema(type=types.Type.STRING, description="Filter by priority: 'low', 'normal', or 'high'. Omit to list all priorities."),
            },
        ),
    ),