claude-code - 💡(How to fix) Fix Dynamic workflows ignore the subagent tools: allowlist (always grant Write/Edit)

Request

Let me set the tool allowlist for subagents spawned inside a dynamic workflow. Today agent({ agentType }) ignores the agent definition's tools: and grants Write + Edit (plus acceptEdits + the session allowlist) regardless of what the agent declares. Please either (a) honor the agentType's tools: / disallowedTools, and/or (b) add tools / disallowedTools to the workflow agent() API so the orchestrating script can set least-privilege per agent. The Agent/Task tool already enforces tools:; workflows should match it.

Environment

Claude Code dynamic workflows (research preview, v2.1.x), macOS, 2026-05-29.

Current behavior — reproduced, disk-verified

• Agent defined tools: Read, Glob, Grep → in a workflow it ran with Read, Write, Edit, Glob, Grep and wrote a file to an arbitrary path.
• Agent defined tools: Read, Bash, Glob, Grep → ran with Read, Write, Edit, Bash and did the same.
• Pattern: declared tools ∪ {Write, Edit}. Confirmed by checking the written files on disk, not agent self-reports.

Expected

The allowlist set on the agent (or passed to agent()) is enforced — read-only stays read-only inside a workflow.

Why it matters

Least-privilege. Agents intentionally restricted (reviewers, prompt-injection blast-radius limits, data-integrity guardrails) silently gain write access, and there is currently no way to scope a workflow subagent's tools from either the definition or the script.

For triage

PreToolUse hooks DO still fire for workflow subagents (verified — a deny-hook blocked a workflow agent's command pre-execution), so a global data-side hook is a coarse stopgap; per-agent allowlist control is the missing piece. Also confirmed not-a-bug: memory: project hydrates correctly in workflows.

Related

Sibling request for the model axis of the same gap: #63693 (expose model config for workflow subagents). This issue is the tools axis. Older, closed, Task-tool-path precedents: #14714, #7027.