feat: add --readonly flag for worker sandboxes (gt-ymo)

Add a --readonly flag that blocks all write operations, allowing workers to read beads state without modifying it. Workers can use: - bd show, bd list, bd ready (read operations) Workers cannot use: - bd create, bd update, bd close, bd sync, etc. (write operations) The flag can be set via: - --readonly flag on command line - BD_READONLY=true environment variable - readonly: true in config file This enables swarm workers to see their assigned work from a static snapshot of the beads database without accidentally modifying it. Commands protected by readonly mode: - create, update, close, delete, edit - sync, import, reopen - comment add, dep add/remove, label add/remove - repair-deps, compact, migrate, migrate-hash-ids, migrate-issues - rename-prefix, validate --fix-all, duplicates --auto-merge - epic close-eligible, jira sync 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 23:43:59 -08:00
parent cead713b9f
commit 28a661a320
23 changed files with 364 additions and 122 deletions
--- a/cmd/bd/jira.go
+++ b/cmd/bd/jira.go
@@ -90,6 +90,11 @@ Examples:
 		updateRefs, _ := cmd.Flags().GetBool("update-refs")
 		state, _ := cmd.Flags().GetString("state")

+		// Block writes in readonly mode (sync modifies data)
+		if !dryRun {
+			CheckReadonly("jira sync")
+		}
+
 		// Validate conflicting flags
 		if preferLocal && preferJira {
 			fmt.Fprintf(os.Stderr, "Error: cannot use both --prefer-local and --prefer-jira\n")