Summary
Expose workspace cloning as an optional chat tool for agent onboarding workflows, with strict policy controls.
Why
workspace-clone already exists in CLI and is useful, but occasionally we want agent-assisted repo onboarding from chat/system contexts.
This should be treated differently from normal read/write/publish operations because clone is higher risk and less frequent.
Proposed behavior
- Add chat tool:
workspace_clone
- Keep default disabled behind a setting/feature flag
- Tool inputs:
repo_url (or owner/repo shorthand)- optional
name
- Use existing workspace clone ability under the hood
Security requirements
- Host/org allowlist (e.g.
github.com/Extra-Chill/*)
- Deny arbitrary protocols and non-allowlisted hosts
- Rate limit clone actions
- Log actor + repo URL + resulting workspace path
- Keep out of global pipeline toolset by default (chat/system only)
Acceptance criteria
Summary
Expose workspace cloning as an optional chat tool for agent onboarding workflows, with strict policy controls.
Why
workspace-clonealready exists in CLI and is useful, but occasionally we want agent-assisted repo onboarding from chat/system contexts.This should be treated differently from normal read/write/publish operations because clone is higher risk and less frequent.
Proposed behavior
workspace_clonerepo_url(orowner/reposhorthand)nameSecurity requirements
github.com/Extra-Chill/*)Acceptance criteria