Skip to main content
Version: Next

Reference copy. Generated from AGENT_CONFIG.md at the repository root. Edit the source file, not this copy.

AGENT_CONFIG — Runtime config reading protocol

This file documents config checks that agents perform at runtime — behavioural guards that cannot be baked in at prompt-load time.

Agent extensions (agents.extend) are applied at insight-flow init / prompt-build time and are already present in your loaded prompt; you do not need to read the config for them. See CLAUDE.md for examples.


GIT PERMISSIONS (agents.git.permissions)

Applies to: task-git only.

At the start of every task-git run:

  1. Extract permissions from config:
    cat taskflow.config.json | node -e "
    const c = JSON.parse(require('fs').readFileSync('/dev/stdin','utf-8'));
    console.log(JSON.stringify(c?.agents?.git?.permissions ?? {}));
    "
  2. If the extracted permissions contain remoteOps: "deny", treat push, forcePush, deleteBranchRemote, and createPR as false — unless that flag is explicitly set to true in the same permissions object. Example: { "remoteOps": "deny", "push": true }push is allowed; forcePush, deleteBranchRemote, createPR are blocked.
  3. Before each operation, check the corresponding flag. If the flag is explicitly false (or resolved to false via remoteOps in step 2), skip the operation and print:
    ⛔ Blocked by config: agents.git.permissions.<key> = false
    To unblock: set "<key>": true in taskflow.config.json → agents.git.permissions.
  4. If agents.git.permissions is absent, treat all flags as true.
OperationConfig key
remoteOps shorthandremoteOps
git checkout -b createBranch
git checkout checkout
git commitcommit
git push / git push -upush
git push --forceforcePush
git mergemerge
git branch -ddeleteBranchLocal
git push origin --deletedeleteBranchRemote
gh/glab pr/mr createcreatePR