Torbjørn Lindahl
eb8553ce0b
Add defense-in-depth restrictions via agent config and global permissions: - Global permission layer denies bash, edit, webfetch, lsp - Build agent tools restricted to read-only (grep/glob/list/read/todo) - General/explore subagents locked to read-only - Plan agent disabled to prevent mode switching - Custom system prompt for legal research context (temp=0.2)