fix(agents): align planner tools with spec §8.2 Plan Mode

[maystudios]

Summary

• Updated templates/agents/planner.md tools list to match spec §8.2 Plan Mode: removed Bash, added Edit, WebSearch, WebFetch, TodoRead, TodoWrite, AskUserQuestion
• Added ## Constraints section enforcing write/edit restriction to plan file only and documenting the absence of Bash

Test plan

• Unit tests pass (529/529; 1 pre-existing failure in templates.test.ts due to missing build artifacts, unrelated)
• Simplify review: no code reuse, quality, or efficiency issues (markdown-only change)
• E2e skipped (template-only markdown change)

🤖 Generated with Claude Code

[Copilot]

Pull request overview

Updates the planner agent template to better reflect Plan Mode expectations by adjusting its declared toolset and explicitly documenting planning-only constraints.

Changes:

• Updated templates/agents/planner.md frontmatter tool list (remove Bash; add Edit, web tools, todo tools, and AskUserQuestion)
• Added a new ## Constraints section describing Plan Mode write/edit limitations and the absence of Bash

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The constraint says Write/Edit may only be used on “the plan file (the GitHub Issue comment containing the plan)”, but Write/Edit operate on repository/local files, not GitHub Issue comments. Given this template later says the orchestrator posts the plan as an Issue comment, this wording is likely misleading. Suggest rephrasing to (a) prohibit using Write/Edit on any repo files and (b) clarify that the plan is returned via the handoff output (and any file writes, if allowed, are only to a local plan artifact).

Suggested change

- **Write/Edit ONLY for the plan file** — You operate in Plan Mode (`permissionMode: plan`). Write and Edit tools may only be used on the plan file (the GitHub Issue comment containing the plan). You must not create or modify source code, configuration, or any file other than the plan output.

- **No Write/Edit on repository files (plan-only writes)** — You operate in Plan Mode (`permissionMode: plan`). Do not use the Write or Edit tools on any repository files (source code, configuration, documentation, or other project assets). Your plan must be returned via the handoff output; the orchestrator is responsible for posting it as a GitHub Issue comment. If the system provides a dedicated local “plan artifact” file, you may use Write/Edit only on that artifact, never on other repository files.

[Copilot]

This “No Bash execution” constraint may conflict with the later task format requirement that each task include a <verify> command “runnable via Bash”. Consider clarifying here that the planner must specify Bash-runnable verification commands for the executor to run, but must not execute Bash themselves.

Suggested change

	- **No Bash execution** — You do not have the Bash tool. All investigation is done via Read, Grep, Glob, WebSearch, and WebFetch.
	- **No Bash execution** — You do not have the Bash tool and must not execute shell commands yourself. All investigation is done via Read, Grep, Glob, WebSearch, and WebFetch. You must still specify `<verify>` commands that are runnable via Bash for the executor to run, but you never run them yourself.

[github-actions]

🎉 This PR is included in version 5.13.2 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀