[BUG] Need better way to restrict subagent tool use

[ukarlsson]

Environment

• Platform (select one):
  • Anthropic API
  • AWS Bedrock
  • Google Vertex AI
  • Other:
• Claude CLI version: 1.0.63 (Claude Code)
• Operating System: Mac OS
• Terminal: iterm2

Bug Description

Trying to use subagents as verification engineers that run tests, or just a compile+analyze issue subagent that should run compiler and then read the file to understand the issue.

The subagent needs to run the compiler, but it seems totally impossible to stop it from using other tools. When it does not have write, it will try to use sed/cat to fix compile issues itself.

Steps to Reproduce

1. Run subagent to compile with gradle with CLEAR instructions to not run any other commands
2. It will start trying to fix the compile issue itself

Expected Behavior

I need to be able to RESTRICT the tool use to say Bash(gradlew:*) to only run gradle commands. The current way of giving unrestricted access to Bash for running the compiler does not work since it go on and do its own things totally ignoring instructions. We need hard limits by tool permissions.

Actual Behavior

It runs whatever commands it wants.

Additional Context

[Ramblurr]

This is killer! My tests produce lots of output that pollutes the context. I want to use a subagent to do the test running and report back. But that requires giving Bash tool access to run the test harness, and the agent cannot help itself from trying to do more than it should and next though you know it has cat and sed its way on a rampage through my codebase.

[github-actions]

This issue has been inactive for 30 days. If the issue is still occurring, please comment to let us know. Otherwise, this issue will be automatically closed in 30 days for housekeeping purposes.

[github-actions]

This issue has been automatically closed due to 60 days of inactivity. If you're still experiencing this issue, please open a new issue with updated information.

[github-actions]

This issue has been automatically locked since it was closed and has not had any activity for 7 days. If you're experiencing a similar issue, please file a new issue and reference this one if it's relevant.