fix(pipelines): add preflight tool validation and TodoWrite avoidance#202
Merged
nextlevelshit merged 11 commits intomainfrom Mar 1, 2026
Merged
fix(pipelines): add preflight tool validation and TodoWrite avoidance#202nextlevelshit merged 11 commits intomainfrom
nextlevelshit merged 11 commits intomainfrom
Conversation
…lidation Preflight now checks that gh is on PATH before running GitHub pipelines, preventing personas from wasting tool calls searching for the binary.
…lidation Preflight now checks that glab is on PATH before running GitLab pipelines.
…lidation Preflight now checks that tea is on PATH before running Gitea pipelines.
…lidation Preflight now checks that bb is on PATH before running Bitbucket pipelines.
Soft instruction to avoid TodoWrite for internal progress tracking, which wastes ~500 tokens per step with no benefit to pipeline output. Hard denial via settings.json is not possible while using --dangerously-skip-permissions.
Replace all Bash(bb ...) tool permissions with Bash(curl ...) and Bash(jq *) for Bitbucket Cloud REST API access. Analyst is read-only (only curl -s* allowed), enhancer can PUT, scoper can POST+PUT, commenter has full curl access for comments and PR creation.
Replace all bb CLI command examples with curl+jq calls against the Bitbucket Cloud REST API v2.0. Document $BB_TOKEN requirement, correct field mappings (content.raw not body, kind not labels), and temp file pattern for JSON payloads.
Replace all bb CLI calls in inline pipeline prompts with curl+jq against Bitbucket Cloud REST API v2.0. Update requires.tools from bb to curl+jq. Fix bb-scope verify-report step to respect bitbucket-analyst read-only permissions.
Replace bb issue view with curl GET + jq in fetch-assess.md. Replace bb pr create/edit with curl POST/PUT in create-pr.md. Add $BB_TOKEN auth header and temp file payload pattern.
The bb CLI no longer exists — Bitbucket personas now use curl+jq. Remove the dead Bash(bb *) deny entries from all GitHub, GitLab, and Gitea persona configs.
Document that perl -pi -e 'next if /pattern/' does NOT delete lines (next skips but -p still prints). Use perl -ni -e 'print unless /pattern/' to actually remove lines.
nextlevelshit
added a commit
that referenced
this pull request
Mar 2, 2026
…e JSON validation Fixes three systematic issues observed in headless Claude Code runs: 1. Write/Edit tools don't exist in headless Claude Code CLI (-p mode). Personas tried Write, got rejected, wasted a turn falling back to Bash. Now normalizeAllowedTools strips Write/Edit entries entirely from both --allowedTools args and settings.json. 2. validateAndCorrectOutput ran on the persona's text response (markdown) instead of the actual JSON artifact file, producing false "[DEBUG] Output validation/correction failed" warnings every step. Removed — the contract validator already validates the artifact file on disk. 3. TodoWrite wasted turns despite base protocol saying "Do not use TodoWrite". Now passed via --disallowedTools to block it at CLI level. Continuation of fix/preflight-and-todowrite (PR #202) which addressed the preflight side of these issues.
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
requires.toolsto all 22 platform pipelines so preflight catches missing CLIs (gh,glab,tea,bb) before execution starts — prevents personas from wasting tool calls searching for binariesbase-protocol.mdto avoid TodoWrite for progress tracking (hard denial via settings.json is ineffective under--dangerously-skip-permissions)Follows up on PR #200 which only included the wave-land branch workflow fix.
Test plan
go test -race ./...passeswave run gh-implementwithoutghon PATH fails with clear error and recovery instructions