coilyco-flight-deck/ward
1
0
Fork 0
Code Issues 16 Pull requests Projects Releases Packages Wiki Activity Actions 2

Sweep coilyRoutes: every bare-command deny should inject a routing hint #23

New issue
Open
opened 2026-05-27 22:17:18 +00:00 by coilysiren · 0 comments
coilysiren commented 2026-05-27 22:17:18 +00:00
Owner
Copy link

Problem

coilyRoutes in cmd/agent-guard/hook.go enumerates a fixed set of bare commands (aws, gh, kubectl, docker, tailscale, ssh, scp) that get a routing hint when an agent tries them. Every other bare invocation that has a coily wrapper falls through to a vanilla harness deny with no recovery text. Net effect: the agent sees Permission to use Bash with command X has been denied, no mention of coily ops X or coily exec X, no recovery path. Sister issue: coilysiren/agent-guard#22 (mcporter case).

Ask

Sweep coily's full verb surface and make sure every bare command that has a coily wrapper has a coilyRoutes entry with at least a one-sentence "use coily <verb> instead" hint. Source of truth is coily --tree and coily ops <subcommand>. Examples likely missing today (non-exhaustive, agent should walk the tree):

  • mcporter (filed: #22)
  • forgejo
  • lunchmoney
  • discord
  • openhue
  • chromecast (cast)
  • sonos
  • elevenlabs
  • obsidian
  • gws
  • trello
  • amplitude
  • terraform / tofu (if wrapper exists)
  • helm
  • npm / npx / uv / cargo / dotnet (these are denied by repo lockdown - the hint should point at the repo's .coily/coily.yaml instead of a global wrapper)

Implementation sketch

Two-tier hint:

  1. Known wrapper: explicit entry in coilyRoutes naming coily ops <verb> and the wrapper's argv shape.
  2. No wrapper but lockdown-denied (npm/uv/cargo/dotnet/etc.): generic hint pointing at the per-repo .coily/coily.yaml and the "Add new verbs to that file before invoking them" rule from agentic-os-kai/AGENTS.md.

Why now

System-improvement bias: "opaque errors are design smells - recovery messages should name the command Kai can dictate next" (agentic-os-kai AGENTS.md). Every uncovered deny is one of those opaque errors. The hook fires anyway, so adding routing text is near-zero cost per entry and saves an agent round-trip per miss.

Out of scope

The harness-level allowlist (settings.json). This is purely about agent-guard's PreToolUse routing-hint coverage.

**Problem** `coilyRoutes` in `cmd/agent-guard/hook.go` enumerates a fixed set of bare commands (aws, gh, kubectl, docker, tailscale, ssh, scp) that get a routing hint when an agent tries them. Every other bare invocation that has a coily wrapper falls through to a vanilla harness deny with no recovery text. Net effect: the agent sees `Permission to use Bash with command X has been denied`, no mention of `coily ops X` or `coily exec X`, no recovery path. Sister issue: coilysiren/agent-guard#22 (mcporter case). **Ask** Sweep coily's full verb surface and make sure every bare command that has a coily wrapper has a `coilyRoutes` entry with at least a one-sentence "use `coily <verb>` instead" hint. Source of truth is `coily --tree` and `coily ops <subcommand>`. Examples likely missing today (non-exhaustive, agent should walk the tree): - mcporter (filed: #22) - forgejo - lunchmoney - discord - openhue - chromecast (cast) - sonos - elevenlabs - obsidian - gws - trello - amplitude - terraform / tofu (if wrapper exists) - helm - npm / npx / uv / cargo / dotnet (these are denied by repo lockdown - the hint should point at the repo's `.coily/coily.yaml` instead of a global wrapper) **Implementation sketch** Two-tier hint: 1. Known wrapper: explicit entry in `coilyRoutes` naming `coily ops <verb>` and the wrapper's argv shape. 2. No wrapper but lockdown-denied (npm/uv/cargo/dotnet/etc.): generic hint pointing at the per-repo `.coily/coily.yaml` and the "Add new verbs to that file before invoking them" rule from `agentic-os-kai/AGENTS.md`. **Why now** System-improvement bias: "opaque errors are design smells - recovery messages should name the command Kai can dictate next" (agentic-os-kai AGENTS.md). Every uncovered deny is one of those opaque errors. The hook fires anyway, so adding routing text is near-zero cost per entry and saves an agent round-trip per miss. **Out of scope** The harness-level allowlist (settings.json). This is purely about agent-guard's PreToolUse routing-hint coverage.
coilysiren added
P2
 and removed
P1
 labels 2026-05-31 07:01:25 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.2
v0.2.1
v0.2.0
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.18
v0.0.17
v0.0.16
v0.0.15
v0.0.14
v0.0.13
v0.0.12
v0.0.11
v0.0.10
v0.0.9
v0.0.8
v0.0.7
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Labels
Clear labels
  
P0
now / blocking / urgent

  
P1
next / important

  
P2
backlog / will do

  
P3
someday / low

  
P4
icebox / frozen / reopen if it becomes real

No labels
P0
P1
P2
P3
P4
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
coilyco-flight-deck/ward#23
No description provided.