From 090c8e4d350ebcca3e9a63619a0d1a3545248084 Mon Sep 17 00:00:00 2001
From: Kent Overstreet <kent.overstreet@linux.dev>
Date: Sun, 12 Apr 2026 01:21:01 -0400
Subject: [PATCH] Agent::new: stop unconditionally adding all MCP tools
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Each agent is passed its own tool list — that's the list it should
advertise. The line that appended all_mcp_tool_definitions() was
causing unconscious agents to see bash/read_file/etc in their prompt
even though they couldn't execute them.

Co-Authored-By: Proof of Concept <poc@bcachefs.org>
---
 src/agent/mod.rs | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/agent/mod.rs b/src/agent/mod.rs
index 349fe91..d10683b 100644
--- a/src/agent/mod.rs
+++ b/src/agent/mod.rs
@@ -198,8 +198,7 @@ impl Agent {
         context.conversation_log = conversation_log;
         context.push_no_log(Section::System, AstNode::system_msg(&system_prompt));
 
-        let mut tool_defs: Vec<String> = agent_tools.iter().map(|t| t.to_json()).collect();
-        tool_defs.extend(tools::all_mcp_tool_definitions().await);
+        let tool_defs: Vec<String> = agent_tools.iter().map(|t| t.to_json()).collect();
 
         if !tool_defs.is_empty() {
             let tools_text = format!(