feat: task_list priority filter, session delete confirm, spawn_agent tool restrictions

- task_list: add priority param ('low'/'normal'/'high') alongside existing status filter
- Session delete: inline confirm row (Delete / Cancel) instead of immediate delete
- spawn_agent: allow_tools and deny_tools per-call params; role config remains ceiling;
  deny_tools falls back to confirm_deny gate when no explicit tool_list is set

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

cortex/tools/agents.py

@@ -35,6 +35,8 @@ async def spawn_agent(
     tier: int = 1,
     timeout: int = 120,
     max_rounds: int | None = None,
+    allow_tools: list[str] | None = None,
+    deny_tools: list[str] | None = None,
 ) -> str:
     """
     Spawn a sub-agent to complete a task synchronously.
@@ -91,6 +93,21 @@ async def spawn_agent(
     confirm_allow = set(policy.get("allow", []))
     confirm_deny = set(policy.get("deny", []))
 
+    # Per-call tool restrictions — role config remains the authoritative ceiling
+    if allow_tools is not None:
+        if tool_list is not None:
+            tool_list = [t for t in tool_list if t in allow_tools]
+        else:
+            tool_list = list(allow_tools)
+
+    if deny_tools is not None:
+        deny_set = set(deny_tools)
+        if tool_list is not None:
+            tool_list = [t for t in tool_list if t not in deny_set]
+        else:
+            # tool_list is unrestricted — block via confirm_deny so the gate fires
+            confirm_deny = confirm_deny | deny_set
+
     if max_rounds is not None:
         model_cfg = dict(model_cfg)
         model_cfg["max_rounds"] = max_rounds
@@ -198,6 +215,25 @@ DECLARATIONS = [
                     type=types.Type.INTEGER,
                     description="Override max tool-loop iterations for this call.",
                 ),
+                "allow_tools": types.Schema(
+                    type=types.Type.ARRAY,
+                    items=types.Schema(type=types.Type.STRING),
+                    description=(
+                        "Restrict the sub-agent to only these tools. "
+                        "Intersected with the role's tool set — cannot grant more than the role allows. "
+                        "Omit to give the sub-agent the role's full tool set. "
+                        "Example: ['web_search', 'web_read'] for a pure research agent."
+                    ),
+                ),
+                "deny_tools": types.Schema(
+                    type=types.Type.ARRAY,
+                    items=types.Schema(type=types.Type.STRING),
+                    description=(
+                        "Block these tools from the sub-agent regardless of role config. "
+                        "Use to prevent destructive operations in sensitive sub-tasks. "
+                        "Example: ['shell_exec', 'file_write', 'cortex_restart']."
+                    ),
+                ),
             },
             required=["task"],
         ),