fix(skills,tools): exempt invoke_skill from policy gates and fix plugin hot-reload#3150
Merged
fix(skills,tools): exempt invoke_skill from policy gates and fix plugin hot-reload#3150
Conversation
5a60094 to
af3cd21
Compare
…in hot-reload #3133: add invoke_skill to AdversarialPolicyConfig::default_exempt_tools(), vigil::default_exempt_tools(), and default_tool_filter_always_on(). Both load_skill and invoke_skill are pure local registry reads with no external side effects; treating them differently caused invoke_skill to be denied by the adversarial policy LLM on every call. #3134: watch the plugins root directory recursively instead of fixed per-plugin dirs captured at startup. Split skill_paths() into skill_paths_for_registry() (per-plugin dirs, feeds registry) and skill_paths_for_watcher() (config + managed + plugins root, feeds SkillWatcher). Add plugin_dirs_supplier closure that re-invokes PluginManager::collect_skill_dirs() on each reload so newly installed plugin skills are picked up without restart. Closes #3133 Closes #3134
af3cd21 to
14d46f1
Compare
bug-ops
added a commit
that referenced
this pull request
Apr 18, 2026
UtilityScoringConfig::default() populated exempt_tools with an empty Vec, so the utility scorer blocked invoke_skill calls even though AdversarialPolicyConfig and vigil already exempted them (#3150). Add invoke_skill and load_skill to the default exempt list and cover the invariant with a regression test. Closes #3163
2 tasks
bug-ops
added a commit
that referenced
this pull request
Apr 18, 2026
UtilityScoringConfig::default() populated exempt_tools with an empty Vec, so the utility scorer blocked invoke_skill calls even though AdversarialPolicyConfig and vigil already exempted them (#3150). Add invoke_skill and load_skill to the default exempt list and cover the invariant with a regression test. Closes #3163
bug-ops
added a commit
that referenced
this pull request
Apr 18, 2026
UtilityScoringConfig::default() populated exempt_tools with an empty Vec, so the utility scorer blocked invoke_skill calls even though AdversarialPolicyConfig and vigil already exempted them (#3150). Add invoke_skill and load_skill to the default exempt list and cover the invariant with a regression test. Closes #3163
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
invoke_skillwas missing from all three policy exempt lists (AdversarialPolicyConfig::default_exempt_tools,vigil::default_exempt_tools,default_tool_filter_always_on), causing it to be denied on every call when adversarial policy was enabled./plugins addwere not hot-reloaded becauseSkillWatcherreceived a fixed list of paths captured at startup. Now watches the plugins root directory recursively; aplugin_dirs_supplierclosure re-invokesPluginManager::collect_skill_dirs()on each reload.Changes
crates/zeph-tools/src/config.rs— addinvoke_skillto adversarial exempt list + testcrates/zeph-config/src/vigil.rs— addinvoke_skillto VIGIL exempt list + testcrates/zeph-config/src/agent.rs— addinvoke_skillto tool-filter always-on listsrc/bootstrap/mod.rs— splitskill_paths()intoskill_paths_for_registry()+skill_paths_for_watcher(); watcher path includes plugins rootcrates/zeph-core/src/agent/builder.rs— addwith_plugin_dirs_supplier()builder methodcrates/zeph-core/src/agent/mod.rs—reload_skills()calls supplier before rebuilding registrycrates/zeph-core/src/agent/state/mod.rs— store supplier inSkillStateBundlesrc/runner.rs,src/daemon.rs,src/acp.rs— updated call sites to useskill_paths_for_registry()Test plan
cargo nextest run --workspace --features full --lib --bins— 8608/8608 passedcargo +nightly fmt --check— cleancargo clippy --workspace --lib --bins -- -D warnings— cleaninvoke_skillno longer blocked/plugins add <path>while agent running: skills available within debounce window without restartCloses #3133
Closes #3134