Tinker
Resources
Agent logs
Agent memories
Agent sessions
Agent terminal logs
Agents
Comments
Epics
Projects
Proposals
Tickets
Avo user
Resources
Agent logs
Agent memories
Agent sessions
Agent terminal logs
Agents
Comments
Epics
Projects
Proposals
Tickets
Avo user
Home
Epics
Make planner a first-class agent member (not wildcard)
Edit
Make planner a first-class agent member (not wildcard)
Cancel
Save
Title
*
Project
*
Choose an option
alpha
tinker
Create new project
Description
## Context Currently the planner agent uses `allow_wildcard: true` in the MCP permissions configuration, which was incorrectly placed when the human role entry was removed. The planner should be a proper first-class member with specific scoped permissions like worker, reviewer, and researcher agents. Wildcard access is only appropriate for human users. ## What You're Building Make the planner agent a proper first-class member with scoped permissions: 1. **Restore the human role** - Human agents should have `allow_wildcard: true` since they are trusted users who need full access 2. **Give planner specific permissions** - The planner needs tools for: - **Ticket operations for planning**: create_ticket, get_ticket, list_tickets - **Communication**: add_comment, list_comments - **Knowledge access**: search_memory, store_memory, list_memories - **Project awareness**: get_status, list_members 3. **Block state management tools** - Planner should NOT be able to: - update_ticket, transition_ticket (implementation changes) - mark_busy/mark_idle (availability state changes) 4. **Include planner in default agent set** - When a project is created, it should automatically spawn a planner agent alongside worker, reviewer, orchestrator, and researcher ## Acceptance Criteria - [ ] Human role exists with `allow_wildcard: true` - [ ] Planner has specific allowed/blocked tools (no wildcard) - [ ] Planner agents are created by default when initializing a project - [ ] Planner can create tickets and read memory but cannot update tickets or change agent state - [ ] Tests pass for MCP access control with new permissions ## Technical Notes - Other agents (worker, reviewer, researcher) all have scoped permissions using YAML anchors for shared permission groups - The `create_default_set` class method on Agent handles default agent creation - MCP access control is enforced via `Tinker::McpAccessControl.allowed?(agent_role:, tool_name:)`
Avo
· © 2026 AvoHQ ·
v3.27.0
Close modal
Are you sure?
Yes, I'm sure
No, cancel
