feat(plan): allow skills to be enabled in plan mode (#18817)

Co-authored-by: Jerop Kipruto <jerop@google.com>
2026-04-18 01:00:39 -07:00 · 2026-02-11 12:59:03 -05:00
parent b19b026f30
commit 84ce53aafa
4 changed files with 67 additions and 2 deletions
--- a/packages/core/src/policy/policies/plan.toml
+++ b/packages/core/src/policy/policies/plan.toml
@@ -31,12 +31,12 @@
 decision = "deny"
 priority = 60
 modes = ["plan"]
-deny_message = "You are in Plan Mode - adjust your prompt to only use read and search tools."
+deny_message = "You are in Plan Mode with access to read-only tools. Execution of scripts (including those from skills) is blocked."

 # Explicitly Allow Read-Only Tools in Plan mode.

 [[rule]]
-toolName = ["glob", "grep_search", "list_directory", "read_file", "google_web_search"]
+toolName = ["glob", "grep_search", "list_directory", "read_file", "google_web_search", "activate_skill"]
 decision = "allow"
 priority = 70
 modes = ["plan"]
--- a/packages/core/src/policy/policy-engine.test.ts
+++ b/packages/core/src/policy/policy-engine.test.ts
@@ -2086,4 +2086,44 @@ describe('PolicyEngine', () => {
      expect(result.decision).toBe(PolicyDecision.ALLOW);
    });
  });
+
+  describe('Plan Mode', () => {
+    it('should allow activate_skill but deny shell commands in Plan Mode', async () => {
+      const rules: PolicyRule[] = [
+        {
+          decision: PolicyDecision.DENY,
+          priority: 60,
+          modes: [ApprovalMode.PLAN],
+          denyMessage:
+            'You are in Plan Mode with access to read-only tools. Execution of scripts (including those from skills) is blocked.',
+        },
+        {
+          toolName: 'activate_skill',
+          decision: PolicyDecision.ALLOW,
+          priority: 70,
+          modes: [ApprovalMode.PLAN],
+        },
+      ];
+
+      engine = new PolicyEngine({
+        rules,
+        approvalMode: ApprovalMode.PLAN,
+      });
+
+      const skillResult = await engine.check(
+        { name: 'activate_skill', args: { name: 'test' } },
+        undefined,
+      );
+      expect(skillResult.decision).toBe(PolicyDecision.ALLOW);
+
+      const shellResult = await engine.check(
+        { name: 'run_shell_command', args: { command: 'ls' } },
+        undefined,
+      );
+      expect(shellResult.decision).toBe(PolicyDecision.DENY);
+      expect(shellResult.rule?.denyMessage).toContain(
+        'Execution of scripts (including those from skills) is blocked',
+      );
+    });
+  });
 });
--- a/packages/core/src/tools/tool-names.ts
+++ b/packages/core/src/tools/tool-names.ts
@@ -108,6 +108,7 @@ export const PLAN_MODE_TOOLS = [
  LS_TOOL_NAME,
  WEB_SEARCH_TOOL_NAME,
  ASK_USER_TOOL_NAME,
+  ACTIVATE_SKILL_TOOL_NAME,
  EXIT_PLAN_MODE_TOOL_NAME,
 ] as const;