skate/PLAN.md

Implementation Plan

Phase 3: Tool Execution

• Tool trait, ToolRegistry, core tools (read_file, write_file, shell_exec)
• Tool definitions in API requests, parse tool-use responses
• Approval gate: core -> TUI pending event -> user approve/deny -> result back
• Working directory confinement + path validation (no Landlock yet)
• Done when: Claude can read, modify files, and run commands with user approval

Phase 4: Sandboxing

• Landlock: read-only system, read-write project dir, network blocked
• Tools execute through Sandbox, never directly
• :net on/off toggle, state in status bar
• Graceful degradation on older kernels
• Done when: Writes outside project dir fail; network toggle works