Skip to main content

Capabilities

bamboo_subagent::provision

Struct Capabilities 

Source 
pub struct Capabilities {
    pub mcp: Option<Value>,
    pub skills_dir: Option<String>,
    pub mcp_proxy: Option<McpProxyConfig>,
    pub enforce_permissions: bool,
    pub nested_spawn: bool,
    pub max_spawn_depth: Option<u32>,
    pub bypass: bool,
    pub no_human_approver: bool,
    pub guardian_read_only: bool,
}
Expand description

Orchestrator-synced extras for a worker. Forward-compatible (all optional); an older spec without these leaves the worker on builtin tools + isolated skills exactly as before.

Fields§

§mcp: Option<Value>

Serialized MCP config — opaque to this leaf crate; the worker deserializes it into the domain McpConfig. Typically the portable (SSE / streamable-http) subset; host-bound stdio servers are excluded.

§skills_dir: Option<String>

Directory of user/project skills the worker should load, instead of an empty isolated dir.

§mcp_proxy: Option<McpProxyConfig>

When set, the worker proxies its MCP tool calls to the orchestrator over the broker (host-bound servers like nova run only there). Mutually exclusive with mcp direct-sync — proxy covers all MCP.

§enforce_permissions: bool

When true, the worker builds its tool executor WITH a permission checker, so gated tools hit ConfirmationRequired and delegate the decision to the host via the per-run ApprovalProxy (Phase 2: child → parent approval). Default false preserves the legacy behavior (the worker runs all tools unchecked). Only meaningful when the run has a host bridge to proxy to — real actor runs always do.

§nested_spawn: bool

When true, the worker builds its OWN external-child runner + scheduler

  • adapter and runs the REAL SubAgent tool directly, so a nested worker can spawn grandchildren in-process (Phase 6: direct nested execution). Default false — the worker has no SubAgent tool (a leaf sub-agent).
§max_spawn_depth: Option<u32>

Max nesting depth a self-orchestrating worker may spawn to (Phase 6: direct nested execution). A worker (or the root) refuses to spawn a child when its own spawn_depth >= max_spawn_depth. None ⇒ the default cap (4) applies. Carried down so every level enforces the same bound.

§bypass: bool

Whether this actor runs in “bypass permissions” mode (propagated from the parent at spawn). Phase 6: when true, a self-orchestrating worker installs an OFF-LOOP model-reviewer so its CHILDREN’s forced-ask (dangerous) gated actions — which still fire ConfirmationRequired even under bypass — get an LLM reasonableness check instead of a blind pass.

§no_human_approver: bool

Whether this run has NO interactive human approver (headless -p, scheduled jobs, deployed broker-agents — propagated from the unattended root). #73: when true, the worker’s per-run ApprovalProxy decides a gated action with the OFF-LOOP model-reviewer LOCALLY instead of escalating to a human who will never answer (which would 300s-deny). When false (an interactive session) the approval escalates to the human as usual. Independent of bypass (an interactive bypass run still has a human; a headless default-mode run does not).

§guardian_read_only: bool

Whether this worker is a READ-ONLY Guardian reviewer. #71: a guardian reviewer keeps Bash (its mutating tools are stripped by guardian_read_only_disabled_tools) so it can fetch the diff and run tests — but an unrestricted Bash would let it rm -rf, git push, or curl | sh, making the read-only guarantee nominal. When true, the worker installs a GuardianReadOnlyChecker that DENIES any Bash/ execute_command whose command is not on the read-only allowlist (is_read_only_command) and runs read-only commands without gating. Default false preserves the unrestricted-Bash behavior for ordinary sub-agents. Set by the host’s build_spec from the reviewer’s session marker. Mirrors no_human_approver above.

Trait Implementations§

Source§

impl Clone for Capabilities

Source§

fn clone(&self) -> Capabilities

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Capabilities

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for Capabilities

Source§

fn default() -> Capabilities

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for Capabilities

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl PartialEq for Capabilities

Source§

fn eq(&self, other: &Capabilities) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for Capabilities

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl StructuralPartialEq for Capabilities

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V