Read-only lockdown: remove write tools, update Nemo system prompt #20
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Type
Feature
Lineage
Standalone — safety scoping for V1 launch.
Repo
forgejo_admin/westside-ai-assistantUser Story
As Marcus (admin)
I want Nemo to only be able to look up information, not modify anything
So that I can trust the bot in the GroupMe group without worrying about accidental data changes
Context
V1 is read-only. All 7 write tools (update_player, assign_player_to_team, remove_player_from_team, toggle_player_visibility, create_team, checkin_player, bulk_assign_tryout_numbers) must be removed from the active tool set. The confirmation.py module stays in the codebase (dormant) for future write support. The system prompt must explicitly state Nemo is read-only and what it CAN do when Marcus asks "what can you do?"
File Targets
Files the agent should modify:
app/ai.py(orapp/tool_registry.pyif #18 merges first) — remove all write tool definitions from the active set. Keep handler code in repo for future use.prompts/system.md(or inline SYSTEM_PROMPT if #18 hasn't merged) — update to: "You are Nemo, the Westside basketball program assistant. You help Marcus look up program information — player details, team rosters, payment status, and program stats. You CANNOT make changes to any data. If Marcus asks you to update, create, or delete anything, explain that you're read-only and suggest he use the web app at westsidekingsandqueens.tail5b443a.ts.net. When asked 'what can you do?', list your exact capabilities."Files the agent should NOT touch:
app/confirmation.py— keep dormant, don't deleteapp/basketball.py— keep all functions (reads AND writes), only the tool exposure changesAcceptance Criteria
Test Expectations
pytest tests/ -vConstraints
Checklist
Related
project-westside-ai-assistant— parent projectstory-westside-ai-assistant-read-ops— this IS the V1 storystory-westside-ai-assistant-safety— read-only is the safety modelScope Review: READY
Review note:
review-685-2026-03-28Scope is solid. All file targets verified against the live codebase. Template is complete (11/11 sections). 7 write tool names in the issue match the 7 write tools in
app/ai.pyexactly. Conditional logic for #18 dependency is correct (#18 is still open, so theai.pyinline path applies).One pre-existing
[SCOPE]item carried forward from prior reviews: