backlog(B-0728): destructive-tool authoring contract (rails + permission-grants-invocation + runtime-acceptance gate)#4975
Merged
AceHack merged 1 commit intoMay 25, 2026
Conversation
…ion-grants-invocation + runtime-acceptance gate) Aaron 2026-05-25: > "this is a good flow now that addison and max are on the project > i dont mind thinking about safety more" > "sure sounds good" Codifies the pattern landed in PR #4974 (flash-usb.ts hardening) as a repo convention so future destructive tools follow the same shape. Three-part contract: 1. Hard safety rails — refuse known bad inputs early with class exit codes (2=safety, 1=user-abort, 0=success) 2. .claude/settings.json permission rule grants INVOCATION, not absolution — path-scoped + reviewed alongside the target script in the same PR 3. Runtime acceptance gate with per-run nonce — runner types 'accept-<verb> <target> <nonce>' to sign acceptance of responsibility; nonce makes pre-baked agent input infeasible Includes: - TypeScript template for future destructive-tool authors - Liability framing language for header / README / PR body - Composition with framework's autonomy-first-class + NCI - List of future destructive-tool candidates this would govern (wipe-cluster, restore-from-backup, rotate-master-keys, delete-pvc, drop-database, force-merge) Acceptance: pattern doc + cross-links + optional .claude/rules/ file for agent-side cold-boot discipline. P2 because cheap-to-codify now + every destructive tool added after this benefits; becomes P1 if a destructive tool gets authored without following the contract. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
AceHack
deleted the
backlog/b0728-destructive-tool-authoring-contract-2026-05-25-c2
branch
There was a problem hiding this comment.
Pull request overview
Codifies a repository convention for authoring destructive CLI tools by documenting a three-part “destructive-tool authoring contract” (safety rails, path-scoped agent invocation permission, and a runtime acceptance gate with a per-run nonce) using flash-usb.ts as the canonical reference.
Changes:
- Adds a new P2 backlog row (B-0728) documenting the destructive-tool contract, including a TypeScript skeleton/template.
- Regenerates
docs/BACKLOG.mdto include the new backlog entry.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| docs/backlog/P2/B-0728-destructive-tool-authoring-contract-rails-plus-permission-grants-invocation-plus-runtime-acceptance-gate-2026-05-25.md | New backlog row that defines the destructive-tool authoring contract and provides a template. |
| docs/BACKLOG.md | Index update to include B-0728 under P2. |
Comment on lines
+49
to
+52
| The tool refuses known bad inputs BEFORE any destructive action. Each refusal exits with a clear class: | ||
|
|
||
| - exit 2 = safety check failed (bad input, wrong device class, ambiguous target) | ||
| - exit 1 = user aborted (acceptance gate mismatch, interrupted) |
| // | ||
| // [Tool description, exit codes, usage, authorization rule, liability framing] | ||
|
|
||
| import { execFileSync, spawn } from "node:child_process"; |
This was referenced May 25, 2026
Merged
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Codifies the pattern landed in PR #4974 (flash-usb.ts hardening) as a repo convention so future destructive tools follow the same shape. Three-part contract:
.claude/settings.jsonpermission rule grants INVOCATION, not absolution — path-scoped + reviewed alongside the target script in the same PRaccept-<verb> <target> <nonce>to sign acceptance of responsibility; nonce makes pre-baked agent input infeasibleWhy now
Aaron 2026-05-25:
Solo-maintainer + single-trusted-agent: ceremony costs more than it pays back. Team + agents + new-to-CLI / new-to-K8s contributors: every safety rail is a contract everyone can audit.
What's in the row
P2 because
Cheap to codify NOW; every destructive tool added after benefits. Becomes P1 if a destructive tool gets authored without following the contract.
Single file (+ index regen) — docs only; no code in this PR.
🤖 Generated with Claude Code