Create a Claude Agent SDK client with multi-layered security. Args: project_dir: Directory for the project model: Claude model to use yolo_mode: If True, skip Playwright MCP server for rapid prototyping agent_id: Optional unique identifier for browser isolat
(
project_dir: Path,
model: str,
yolo_mode: bool = False,
agent_id: str | None = None,
agent_type: str = "coding",
)
| 279 | |
| 280 | |
| 281 | def create_client( |
| 282 | project_dir: Path, |
| 283 | model: str, |
| 284 | yolo_mode: bool = False, |
| 285 | agent_id: str | None = None, |
| 286 | agent_type: str = "coding", |
| 287 | ): |
| 288 | """ |
| 289 | Create a Claude Agent SDK client with multi-layered security. |
| 290 | |
| 291 | Args: |
| 292 | project_dir: Directory for the project |
| 293 | model: Claude model to use |
| 294 | yolo_mode: If True, skip Playwright MCP server for rapid prototyping |
| 295 | agent_id: Optional unique identifier for browser isolation in parallel mode. |
| 296 | When provided, each agent gets its own browser profile. |
| 297 | agent_type: One of "coding", "testing", or "initializer". Controls which |
| 298 | MCP tools are exposed and the max_turns limit. |
| 299 | |
| 300 | Returns: |
| 301 | Configured ClaudeSDKClient (from claude_agent_sdk) |
| 302 | |
| 303 | Security layers (defense in depth): |
| 304 | 1. Sandbox - OS-level bash command isolation prevents filesystem escape |
| 305 | 2. Permissions - File operations restricted to project_dir only |
| 306 | 3. Security hooks - Bash commands validated against an allowlist |
| 307 | (see security.py for ALLOWED_COMMANDS) |
| 308 | |
| 309 | Note: Authentication is handled by start.bat/start.sh before this runs. |
| 310 | The Claude SDK auto-detects credentials from the Claude CLI configuration |
| 311 | """ |
| 312 | # Select the feature MCP tools appropriate for this agent type |
| 313 | feature_tools_map = { |
| 314 | "coding": CODING_AGENT_TOOLS, |
| 315 | "testing": TESTING_AGENT_TOOLS, |
| 316 | "initializer": INITIALIZER_AGENT_TOOLS, |
| 317 | } |
| 318 | feature_tools = feature_tools_map.get(agent_type, CODING_AGENT_TOOLS) |
| 319 | |
| 320 | # Select max_turns based on agent type: |
| 321 | # - coding/initializer: 300 turns (complex multi-step implementation) |
| 322 | # - testing: 100 turns (focused verification of a single feature) |
| 323 | max_turns_map = { |
| 324 | "coding": 300, |
| 325 | "testing": 100, |
| 326 | "initializer": 300, |
| 327 | } |
| 328 | max_turns = max_turns_map.get(agent_type, 300) |
| 329 | |
| 330 | # Build allowed tools list based on mode and agent type. |
| 331 | # In YOLO mode, exclude Playwright tools for faster prototyping. |
| 332 | allowed_tools = [*BUILTIN_TOOLS, *feature_tools] |
| 333 | if not yolo_mode: |
| 334 | allowed_tools.extend(PLAYWRIGHT_TOOLS) |
| 335 | |
| 336 | # Build permissions list. |
| 337 | # We permit ALL feature MCP tools at the security layer (so the MCP server |
| 338 | # can respond if called), but the LLM only *sees* the agent-type-specific |
no test coverage detected