If you get desperate, I've given my agent a custom $PATH that replaces the forbidden tools with shims that either call the correct tool, or at least tell it what to do differently.
~/agent-shims/mvn:
#!/bin/bash
echo "Usage of 'mvn' is forbidden. Use build.sh or run-tests.sh"
That way it is prevented from using the wrong tools, and can self-correct when it tries.
If you get desperate, I've given my agent a custom $PATH that replaces the forbidden tools with shims that either call the correct tool, or at least tell it what to do differently.
~/agent-shims/mvn:
That way it is prevented from using the wrong tools, and can self-correct when it tries.Permissions scoping
Then they attempt to download the missing tool or write a substitute from scratch. Am I the only one who runs into this??