May 24, 2026

Tool Spec Alignment, Policy Cleanup & chmod

Developed and hardened the search_files cross-platform glob and grep tool to match its spec

Developed and hardened the search_files cross-platform glob and grep tool to match its spec. Stripped unnecessary caps and timeout flags, aligned defaults, and enforced strict output formatting. Parameter parsing was made robust against invalid types, overlapping grep context windows were merged, and tests were rewritten from plumbing mocks to eight zero-mock feature tests running on a real filesystem.

Simplified file_write by removing the tmp/system action split, unifying it under a single absolute-path contract with an auto-mkdir parent handler and a read-guard scoped only to existing files. Aligned web_download with its spec by adding a user-facing timeout, preserving original filenames in UUID subdirectories, and establishing a flat allow/deny policy that restricts file:// and data: schemes while auto-allowing /tmp paths.

Recovered the missing SEARCH_TOOLTIP index in find_tools by shifting schema enrichment logic into a new Ability.get_input_schema() base method, ensuring each ability owns its discoverability payload. The local abilities SQLite database was rebuilt to reflect these updates and incorporate the newly added chmod capability.

Introduced a safe file_permissions chmod ability that tracks permissions_before/after for auditability without relying on raw shell commands. Simultaneously trimmed test_act_loop_stop.py from 257 to 98 lines by collapsing iteration loops, removing verbose assertions, and dropping essay-length docstrings while preserving all original logic.

  • search_files glob and grep actions now output newline-separated paths and structured context snippets without exceeding spec limits.

  • file_write unified under a single absolute-path contract with an auto-mkdir parent handler and read-guard scoped to existing files only.

  • web_download policy restricted to chat and subagent ask contexts, with OS-aware temporary storage preserving original filenames.

  • find_tools discoverability index injection moved into Ability.get_input_schema() to fix FTS5 corruption and restore tool tooltips.

  • New file_permissions chmod ability added with before/after audit logs and strict deny policies for external and subconscious contexts.

  • test_act_loop_stop.py reduced from 257 to 98 lines by collapsing loops, removing assertion comments, and stripping docstrings.