Denied bare gh should route to coily ops gh in the recovery message #5

New issue

Open

opened 2026-05-23 20:53:17 +00:00 by coilysiren · 0 comments

coilysiren commented

2026-05-23 20:53:17 +00:00

Owner

Originally filed by @coilysiren on 2026-05-21T13:23:35Z - https://github.com/coilysiren/agent-guard/issues/27

Problem - gh issue create (and likely other gh write subcommands) gets denied by the lockdown with the generic harness message "Permission to use Bash with command X has been denied." The denial does not name the coily ops gh wrapper that is the correct route. An agent hitting this dead-ends: it retries variations, hands the command back to Kai, or gives up. In this session it took five denials and a hint from Kai before the agent found coily ops gh.

Expected - When the lockdown denies a gh invocation, the recovery message should name the wrapper, the same way other coily-routed denials do. Something like: "gh is denied bare. Run coily ops gh <args> instead."

Why this matters - AGENTS.md "Mobile-First Dev and Ops": opaque errors are design smells, recovery messages should name the command to dictate next. A denial that does not route is the worst case - the agent cannot self-correct and Kai has to intervene.

Where to look - coilysiren/agent-guard, the coilyRoutes table in cmd/agent-guard/hook.go. Either gh is missing a route entry, or the route exists but its recovery hint is not surfacing through to the harness denial message. Confirm which, then fix so every denied gh form emits the coily ops gh hint.

Origin: surfaced filing GitHub issues during a design session - gh issue create denied repeatedly with no routing hint.

_Originally filed by @coilysiren on 2026-05-21T13:23:35Z - [https://github.com/coilysiren/agent-guard/issues/27](https://github.com/coilysiren/agent-guard/issues/27)_ **Problem** - `gh issue create` (and likely other `gh` write subcommands) gets denied by the lockdown with the generic harness message "Permission to use Bash with command X has been denied." The denial does not name the `coily ops gh` wrapper that is the correct route. An agent hitting this dead-ends: it retries variations, hands the command back to Kai, or gives up. In this session it took five denials and a hint from Kai before the agent found `coily ops gh`. **Expected** - When the lockdown denies a `gh` invocation, the recovery message should name the wrapper, the same way other coily-routed denials do. Something like: "`gh` is denied bare. Run `coily ops gh <args>` instead." **Why this matters** - AGENTS.md "Mobile-First Dev and Ops": opaque errors are design smells, recovery messages should name the command to dictate next. A denial that does not route is the worst case - the agent cannot self-correct and Kai has to intervene. **Where to look** - `coilysiren/agent-guard`, the `coilyRoutes` table in `cmd/agent-guard/hook.go`. Either `gh` is missing a route entry, or the route exists but its recovery hint is not surfacing through to the harness denial message. Confirm which, then fix so every denied `gh` form emits the `coily ops gh` hint. Origin: surfaced filing GitHub issues during a design session - `gh issue create` denied repeatedly with no routing hint.

coilysiren added the

label

2026-05-31 01:54:04 +00:00

coilysiren added

and removed

labels

2026-05-31 07:01:27 +00:00

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

coilyco-flight-deck/ward#5

No description provided.

Rows
Columns