Circuit breaker permission denial loop: ALLOWED_TOOLS validation too strict

[LarsCowe]

Problem

When Ralph's Claude Code driver passes ALLOWED_TOOLS via --allowedTools to the CLI, certain valid tool names are denied by Claude Code, triggering the circuit breaker after 2 consecutive loops (CB_PERMISSION_DENIAL_THRESHOLD=2). Once open, the circuit breaker blocks all further execution with no easy recovery path from the monitor UI.

Root cause

The VALID_TOOL_PATTERNS whitelist in drivers/claude-code.sh only includes a narrow set of tools:

Write, Read, Edit, MultiEdit, Glob, Grep, Task, TodoWrite,
WebFetch, WebSearch, Bash, Bash(...), NotebookEdit

Important tools like Agent, Skill, LSP, AskUserQuestion, and all MCP tools (mcp__*) are missing from validation. While validation only runs for CLI flag usage (not .ralphrc), the Claude Code CLI itself may still deny tools that aren't properly formatted or recognized.

Observed behavior

1. Ralph starts loop, Claude requests Bash and AskUserQuestion tools
2. Both denied (permission denied)
3. After 2 loops, circuit breaker opens
4. --reset-circuit CLI flag resets state but monitor still shows OPEN (state file not properly synced)
5. User is stuck - has to manually edit .circuit_breaker_state

Logs

[WARN] Permission denied for 2 command(s): Bash(node --version ...), AskUserQuestion
[WARN] Update ALLOWED_TOOLS in .ralphrc to include the required tools

Deeper issue: AskUserQuestion is fundamentally incompatible with Ralph

Beyond the validation whitelist problem, AskUserQuestion cannot work in Ralph's execution mode. Ralph runs Claude Code with -p (print/non-interactive mode) — there is no user session to receive or respond to questions. When Claude tries to use AskUserQuestion:

1. The tool is denied because there's no interactive terminal
2. The response analyzer detects the denial and halts the loop
3. On retry, Claude asks the same questions again → same denial → circuit breaker opens

In testing, this caused 3 consecutive loops of $3+ each ($9 total) with zero files created and zero progress. Claude kept asking the same 2-3 setup questions (DB provider, Next.js version, Node version) every loop.

The generated PROMPT.md template should explicitly instruct Claude to never use AskUserQuestion and make autonomous decisions instead. When truly blocked, Claude should set STATUS: BLOCKED in the Ralph status report rather than attempting interactive questions.

Suggested improvements

1. Expand VALID_TOOL_PATTERNS to include Agent, Skill, LSP, AskUserQuestion, and MCP wildcard patterns (mcp__*)
2. Default ALLOWED_TOOLS should be more permissive - the generated .ralphrc defaults are too narrow for real-world usage. Consider including all core Claude Code tools by default
3. Support MCP wildcards in defaults - mcp__github__*, mcp__context7__*, mcp__playwright__* are common and should be documented/suggested
4. Circuit breaker reset reliability - --reset-circuit should guarantee the state file is updated and the monitor reflects it
5. Better error message - when permission denied, log which specific tool was denied and suggest the exact ALLOWED_TOOLS entry needed
6. Generated PROMPT.md should ban AskUserQuestion - add an "Autonomous Mode" section telling Claude it runs non-interactively and must never attempt interactive tools. Use STATUS: BLOCKED for genuine blockers instead.

Environment

• Platform: Windows 11 (bash via Git Bash)
• Claude Code CLI
• Ralph via bmalph integration