feat: add --readonly flag for worker sandboxes (gt-ymo)

Add a --readonly flag that blocks all write operations, allowing workers to read beads state without modifying it. Workers can use: - bd show, bd list, bd ready (read operations) Workers cannot use: - bd create, bd update, bd close, bd sync, etc. (write operations) The flag can be set via: - --readonly flag on command line - BD_READONLY=true environment variable - readonly: true in config file This enables swarm workers to see their assigned work from a static snapshot of the beads database without accidentally modifying it. Commands protected by readonly mode: - create, update, close, delete, edit - sync, import, reopen - comment add, dep add/remove, label add/remove - repair-deps, compact, migrate, migrate-hash-ids, migrate-issues - rename-prefix, validate --fix-all, duplicates --auto-merge - epic close-eligible, jira sync 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 23:43:59 -08:00
parent cead713b9f
commit 28a661a320
23 changed files with 364 additions and 122 deletions
--- a/cmd/bd/compact.go
+++ b/cmd/bd/compact.go
@@ -74,6 +74,10 @@ Examples:
  bd compact --auto --all --retention=14   # Keep 14 days of deletions
 `,
 	Run: func(_ *cobra.Command, _ []string) {
+		// Compact modifies data unless --stats or --analyze or --dry-run
+		if !compactStats && !compactAnalyze && !compactDryRun {
+			CheckReadonly("compact")
+		}
 		ctx := rootCtx

 		// Handle compact stats first