refactor(tools): remove tool profile layer from policy system

Simplify 4-layer policy to 3-layer: - Layer 1: Global allow/deny (user config) - Layer 2: Provider-specific rules - Layer 3: Subagent restrictions Removed: - ToolProfileId type (minimal/coding/web/full) - TOOL_PROFILES constant - getProfilePolicy function - profile field from ToolsConfig Users can achieve the same effect using allow/deny with group:* syntax. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 02:58:15 +08:00 · 2026-02-05 02:58:15 +08:00 · 087d1a8653
commit 087d1a8653
parent 9b16001e0e
6 changed files with 128 additions and 361 deletions
--- a/src/agent/tools/groups.ts
+++ b/src/agent/tools/groups.ts
@ -1,12 +1,10 @@
 /**
- * Tool groups and profiles for policy-based filtering.
+ * Tool groups for policy-based filtering.
 *
 * Groups provide shortcuts for allowing/denying multiple tools at once.
- * Profiles are predefined tool sets for common use cases.
+ * Use "group:name" in allow/deny lists.
 */

-export type ToolProfileId = "minimal" | "coding" | "web" | "full";
-
 /**
 * Tool name aliases for compatibility.
 * Maps alternative names to canonical tool names.
@ -51,29 +49,6 @@ export const TOOL_GROUPS: Record<string, string[]> = {
  ],
 };

-/**
- * Tool profiles - predefined tool sets.
- */
-export const TOOL_PROFILES: Record<ToolProfileId, { allow?: string[]; deny?: string[] }> = {
-  // Minimal: no tools (useful for chat-only agents)
-  minimal: {
-    allow: [],
-  },
-
-  // Coding: file system + execution (default for coding tasks)
-  coding: {
-    allow: ["group:fs", "group:runtime"],
-  },
-
-  // Web: coding + web access
-  web: {
-    allow: ["group:fs", "group:runtime", "group:web"],
-  },
-
-  // Full: no restrictions
-  full: {},
-};
-
 /**
 * Default tools denied for subagents.
 * Subagents should not have access to session management or system tools.
@ -118,23 +93,3 @@ export function expandToolGroups(list?: string[]): string[] {

  return Array.from(new Set(expanded));
 }
-
-/**
- * Get the policy for a profile.
- */
-export function getProfilePolicy(
-  profile?: ToolProfileId,
-): { allow?: string[]; deny?: string[] } | undefined {
-  if (!profile) return undefined;
-  const resolved = TOOL_PROFILES[profile];
-  if (!resolved) return undefined;
-  if (!resolved.allow && !resolved.deny) return undefined;
-  const result: { allow?: string[]; deny?: string[] } = {};
-  if (resolved.allow) {
-    result.allow = [...resolved.allow];
-  }
-  if (resolved.deny) {
-    result.deny = [...resolved.deny];
-  }
-  return result;
-}