- Remove Tool Permissions form from settings.html; replace with a
"Tool Settings →" link that redirects to /settings/tools
- Add Confirmation Gate section to tools_settings.html (allow/deny
textareas) inside the same form as risk policy — one save covers all
- tools_settings.py save handler now writes allow/deny alongside
max_risk/whitelist/blacklist into tool_policy.json
- Remove /settings/tool-policy POST route from settings.py (no longer needed)
- Remove get_tool_policy, save_tool_policy, CONFIRM_REQUIRED imports
from settings.py (now owned by tools_settings.py)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
8ab1942514