Summary
Support an immutable operator defaults/policy file (for example SYSTEM_TOOLS.md semantics) that agents cannot edit at runtime.
Why
Some enterprise deployments need a non-editable baseline for tool policy and system constraints. The current setup relies on editable config and prompt files, which is hard to lock down as a policy primitive.
Requested behavior
- Define a non-editable defaults/policy source loaded on startup.
- Merge policy in a deterministic precedence order (policy > user overrides where applicable).
- Expose read-only visibility of effective policy in status/doctor output.
- Prevent agent/runtime writes that would weaken locked policy.
Related
- Potentially adjacent to filesystem and tool policy controls, but this asks for an explicit immutable policy layer.
Summary
Support an immutable operator defaults/policy file (for example
SYSTEM_TOOLS.mdsemantics) that agents cannot edit at runtime.Why
Some enterprise deployments need a non-editable baseline for tool policy and system constraints. The current setup relies on editable config and prompt files, which is hard to lock down as a policy primitive.
Requested behavior
Related