Skip to content

feat(skills): auto-approve the openspec CLI in generated skills and commands#1300

Open
clay-good wants to merge 2 commits into
Fission-AI:mainfrom
clay-good:feat/skill-auto-approve-openspec
Open

feat(skills): auto-approve the openspec CLI in generated skills and commands#1300
clay-good wants to merge 2 commits into
Fission-AI:mainfrom
clay-good:feat/skill-auto-approve-openspec

Conversation

@clay-good

@clay-good clay-good commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

What was missing

Every generated OpenSpec skill and /opsx:* slash command drives the openspec CLI (openspec list, status, instructions, …), but nothing pre-approved those calls. Agents that gate Bash on permission therefore prompt the user on every single openspec invocation, stalling the workflow on approvals for a first-party CLI the user already installed.

The Agent Skills standard has the fix — an allowed-tools frontmatter field that pre-approves listed tools while a skill is active (spec, example given is exactly this form). We just weren't emitting it.

This is the narrowly-scoped follow-up to #1284 (closing): it keeps only the "auto-approve OpenSpec commands" piece.

What it does

Two surfaces, one shared constant (src/core/shared/allowed-tools.ts):

  • Skills — every generated SKILL.md (all supported tools' skills directories) carries allowed-tools: Bash(openspec:*), emitted centrally in generateSkillContent, so init, update, and every current and future skill get it uniformly.
  • Claude slash commands — the Claude command adapter emits the same field in .claude/commands/opsx/*.md (commands share the skill frontmatter contract).

Deliberately scoped to the openspec CLI only. allowed-tools pre-approves — it does not restrict — so every other tool a skill uses (Read, Write, arbitrary Bash for builds/tests in apply/onboard) still follows the user's existing permission settings. We are not blanket-approving arbitrary shell. The :* form enforces a word boundary (openspec … matches; openspecfoo doesn't) and compound commands (openspec x && rm y) don't inherit the approval.

Cross-tool compatibility (verified against official docs/source)

Tool Effect of the field
Claude Code Honored — skills and /opsx:* commands stop prompting on openspec calls
Codex CLI Ignored safely — parser reads only name/description/metadata, serde drops unknown keys (verified in codex-rs/core-skills source)
Gemini CLI, opencode, Cursor, Amp Ignored per the standard's lenient-validation norm (opencode documents "unknown frontmatter fields are ignored" explicitly)
GitHub Copilot CLI Parses allowed-tools but uses its own bare tool names (shell); our value is inert there. Emitting shell would pre-approve all shell — over-broad, so intentionally not done

No surveyed tool errors on an unknown frontmatter key — worst case is status quo (prompts), never worse. Other tools' slash-command formats define no per-command pre-approval field (their approvals live in global config, e.g. Codex config.toml), so only the Claude adapter changes.

Proof it works

openspec init --tools claude into a fresh repo emits the field in all 11 skills and all 9 commands (checked exhaustively with grep -L), and the value parses as the YAML string Bash(openspec:*) with a real YAML parser:

---
name: "OPSX: Apply"
description: Implement tasks from an OpenSpec change (Experimental)
allowed-tools: Bash(openspec:*)
category: Workflow
tags: [workflow, artifacts, experimental]
---
  • New registry-iterating test asserts every deployed skill contains the field; adapter test asserts the Claude command format does.
  • Golden content hashes in skill-templates-parity.test.ts regenerated; command-template function hashes untouched (adapter-level change).
  • Full suite green (98 files / 1759 tests); openspec validate add-skill-cli-auto-approval --strict passes.

Notes / nits

  • Spec deltas: cli-init (Skill Generation gains the pre-approval scenario) and command-generation (Claude adapter frontmatter gains the field). The stale "9 skill directories" list in cli-init is intentionally left untouched.
  • allowed-tools is marked Experimental in the standard ("support may vary") — which is exactly the safe posture here: pure upside where honored, no-op where not.

🤖 Generated with Claude Code

Emit `allowed-tools: Bash(openspec:*)` in every generated SKILL.md so
agents that honor the Agent Skills standard run `openspec` commands
without prompting on each call. Scope is limited to the CLI; per the
standard `allowed-tools` pre-approves rather than restricts, so every
other tool a skill uses stays available under the user's normal
permission settings.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@clay-good clay-good requested a review from TabishB as a code owner July 3, 2026 20:11
@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

This PR adds allowed-tools: Bash(openspec:*) to generated skill and Claude command frontmatter, centralizes the value in a shared constant, updates tests and golden hashes, and records the change in the related proposal, specs, tasks, and changeset.

Changes

Skill auto-approval frontmatter

Layer / File(s) Summary
SKILL_ALLOWED_TOOLS constant and frontmatter generation
src/core/shared/allowed-tools.ts, src/core/shared/skill-generation.ts, src/core/command-generation/adapters/claude.ts
Adds a shared Bash(openspec:*) constant and emits allowed-tools in generated skill and Claude command frontmatter.
Parity test updates and coverage assertion
test/core/templates/skill-templates-parity.test.ts, test/core/command-generation/adapters.test.ts
Updates generated skill hashes and asserts deployed skills and Claude adapter output include allowed-tools: Bash(openspec:*).
Change proposal, spec, tasks, and changeset
.changeset/add-skill-cli-auto-approval.md, openspec/changes/add-skill-cli-auto-approval/proposal.md, openspec/changes/add-skill-cli-auto-approval/specs/cli-init/spec.md, openspec/changes/add-skill-cli-auto-approval/specs/command-generation/spec.md, openspec/changes/add-skill-cli-auto-approval/tasks.md
Documents the release note, rationale, updated generation requirements, and implementation checklist.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

  • Fission-AI/OpenSpec#556: Both PRs touch the Claude command generation frontmatter path and the shared skill-generation pipeline.

Suggested reviewers: TabishB

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main change: auto-approving the openspec CLI in generated skills and commands.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Extend the allowed-tools pre-approval to the second surface: Claude Code
/opsx:* slash commands share the skill frontmatter contract, so the
Claude command adapter now emits `allowed-tools: Bash(openspec:*)` too.
The value is single-sourced in `src/core/shared/allowed-tools.ts` (a
leaf module both surfaces import). Other command adapters are unchanged
— no other tool's slash-command format defines a per-command
pre-approval field; on the skills side every tool already gets the
standard field via generateSkillContent and non-implementing tools
ignore the unknown key.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@clay-good clay-good changed the title feat(skills): auto-approve the openspec CLI in generated skills feat(skills): auto-approve the openspec CLI in generated skills and commands Jul 3, 2026
@clay-good clay-good self-assigned this Jul 3, 2026

@alfred-openspec alfred-openspec left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed the permission scope and generated-frontmatter compatibility. This looks appropriately narrow, and the targeted generation tests plus strict change validation pass on my side.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants