feat: support custom agents and Gemini/Cursor backends

[yashturkar]

Summary

• Add pluggable execution backends (Codex, Gemini, Cursor) so tower start / tower-run delegate can execute through any supported AI runtime
• Support creating custom agents via tower init (custom mode) or direct config editing, with per-agent backend, model, sandbox, and prompt file settings
• Remove hardcoded agent choices from CLI parsers — any registered agent can now be targeted by tower-run create-packet and tower-run delegate

Changes

• backends.py (new): Dispatch layer for codex, gemini, and cursor headless execution with run_interactive() and run_exec()
• agents.py: Added backend field to agent definitions, make_custom_agent_entry() helper, list_registered_agents() / list_enabled_agents() utilities
• config_ui.py: Custom agent creation flow in tower init --custom — prompts for name, role, description, backend, model, sandbox, and prompt file
• cli.py: --backend flag on tower start / tower resume, backend shown in tower status
• runtime_cli.py: Dynamic agent names (no hardcoded choices), backend dispatch in cmd_delegate
• prompts.py: Custom agent prompt/policy loading with graceful fallbacks for agents without template files
• bootstrap.py: Auto-scaffold custom agent directories and prompt files on tower init

Test plan

• All 54 existing tests pass (no regressions)
• 20 new tests covering:
  • Custom agent entry creation and validation
  • Custom agent persistence in registry
  • Custom agent inclusion in Tower prompt
  • Subagent prompt generation with fallbacks
  • Custom agent prompt file loading
  • Bootstrap scaffolding of custom agent dirs
  • Backend argument construction (codex, gemini, cursor)
  • Backend rejection for invalid values
  • Delegate routing through agent-configured backend
  • CLI option resolution with backend
  • Status display of custom agents and backends

Closes #16

🤖 Generated with Claude Code

[Copilot]

Pull request overview

Adds a pluggable execution layer so Tower can delegate/run agents via multiple AI runtimes (Codex/Gemini/Cursor) and expands the agent registry/init flow to support project-defined custom agents.

Changes:

• Introduces control_tower/backends.py dispatching run_interactive() / run_exec() across codex, gemini, and cursor.
• Extends agent registry to support per-agent backend plus custom agent entries, and updates CLI flows to accept dynamic agent names.
• Updates prompt generation and bootstrap/init to support custom agent prompt loading and scaffolding; adds tests covering these behaviors.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
src/control_tower/backends.py	New backend dispatch + argument construction for codex/gemini/cursor.
src/control_tower/agents.py	Adds backend defaults, custom agent entry helper, and agent listing utilities.
src/control_tower/config_ui.py	Custom init flow now supports creating/configuring custom agents + backend selection.
src/control_tower/cli.py	Adds --backend option to tower start/resume, and surfaces backend in status.
src/control_tower/runtime_cli.py	Removes hardcoded agent choices and routes delegation through backend dispatch.
src/control_tower/prompts.py	Loads custom agent prompts/policies with fallbacks and annotates tower prompt with backend/custom.
src/control_tower/bootstrap.py	Scaffolds custom agent directories/prompt files during init.
tests/test_bootstrap.py	Adds/updates tests for custom agents, backend dispatch, delegation routing, and CLI option resolution.

Comments suppressed due to low confidence (2)

src/control_tower/runtime_cli.py:136

• The delegate subcommand is no longer Codex-specific, but the --model / --sandbox help strings still say “Codex”. Please update these help messages to be backend-neutral (or describe backend-specific behavior if needed).

    delegate_parser = subparsers.add_parser("delegate", help="Run a subagent through a headless backend")
    delegate_parser.add_argument("agent")
    delegate_parser.add_argument("--packet", required=True, help="Path to a TaskPacket JSON file")
    delegate_parser.add_argument("--output", help="Path for the ResultPacket JSON output")
    delegate_parser.add_argument("--model", help="Optional Codex model override")
    delegate_parser.add_argument("--sandbox", help="Codex sandbox mode for the subagent")

src/control_tower/runtime_cli.py:499

• After adding per-agent backend dispatch, the error message on invalid/missing ResultPacket still says “codex exec …”. This will be misleading for Gemini/Cursor runs; please make the message backend-agnostic or interpolate the selected backend (e.g., from effective_backend).

    effective_backend = str(agent_config.get("backend", "codex"))
    exit_code = run_exec(
        project_root,
        prompt,
        output_schema=schema_path,
        output_path=output_path,
        backend=effective_backend,
        model=effective_model,
        sandbox=effective_sandbox,
        dangerous=effective_dangerous,
    )

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

_agent_prompt_path() always emits a default .control-tower/agents/<agent>/prompt.md path even when a custom agent has no prompt file and no such file exists (since scaffolding only happens when prompt_file is set). This causes the Tower bootstrap prompt to reference non-existent “agent contracts”. Consider omitting missing files from agent_files, auto-scaffolding a default prompt.md for enabled custom agents, or explicitly indicating a generated fallback prompt is used.

[Copilot]

_scaffold_custom_agent_dirs() writes prompt_file paths from the registry using project_root / prompt_file without any path containment check. If the registry is edited (or comes from an untrusted repo), prompt_file could escape the repo (e.g., ../../...) and cause writes outside project_root during init_project(). Please resolve and validate the target path is within project_root (and ideally within .control-tower/) before creating directories/writing files.

[Copilot]

list_registered_agents is imported but never used in this module. Please remove the unused import to avoid confusion and keep the import list accurate.

Suggested change

from .agents import list_registered_agents

[Copilot]

start/resume are now able to run through non-Codex backends (via --backend), but the CLI subcommand descriptions still say “Tower Codex session”. Please update the start/resume help text to avoid implying Codex-only behavior.

[Copilot]

_load_agent_prompt() reads prompt_file from the registry using project_root / prompt_file without constraining it to the repo directory. A malicious/accidental prompt_file like ../../.ssh/id_rsa could be read and embedded into the subagent prompt. Please validate that the resolved path stays within project_root (or within .control-tower/) before reading, and fail closed with a clear error if it does not.

Suggested change

	if agent_config.get("prompt_file"):
	prompt_path = project_root / str(agent_config["prompt_file"])
	"""
	Load the prompt for a given agent, ensuring any configured prompt_file
	resides within the project root or the .control-tower directory.
	"""
	if agent_config.get("prompt_file"):
	# Resolve the candidate prompt path and ensure it stays within an allowed root.
	raw_prompt_file = str(agent_config["prompt_file"])
	prompt_path = (project_root / raw_prompt_file).resolve()
	project_root_resolved = project_root.resolve()
	base = tower_dir(project_root).resolve()
	def _is_within_directory(path: Path, root: Path) -> bool:
	"""
	Return True if `path` is the same as or is contained within `root`.
	"""
	try:
	path.relative_to(root)
	return True
	except ValueError:
	return False
	if not (_is_within_directory(prompt_path, project_root_resolved) or _is_within_directory(prompt_path, base)):
	raise ValueError(
	f"Invalid prompt_file path for agent '{agent}': {raw_prompt_file!r}. "
	"The prompt_file must be located within the project root or the .control-tower directory."
	)

[Copilot]

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 6 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

_prompt_text(..., default="", allow_blank=False) loops forever if the user hits Enter, and _prompt_text will never return an empty string here. As a result, the subsequent if not name: return None is unreachable. Consider either (a) allowing blank input to cancel (allow_blank=True) and handling it, or (b) providing a non-empty default / an explicit error message when blank input is rejected.

[Copilot]

Same issue as the name prompt: Description uses _prompt_text with default="" and allow_blank=False, which will spin until non-empty input but gives no feedback, and the later if not description check is unreachable. Either allow a blank-to-cancel path or emit a clear validation message when rejecting blanks.

[Copilot]

backend = str(current.get('backend', ...)) can produce a default like 'None' if the registry contains backend: null. _prompt_choice returns the default unchanged when the user presses Enter, even if it isn't in the allowed options, so this can persist an invalid backend into the saved config. Consider normalizing/validating the default before prompting (e.g., fall back to 'codex' when the current value isn't in VALID_BACKENDS).

[Copilot]

Same backend-default issue for existing custom agents: str(config.get('backend', 'codex')) can yield 'None' (or any invalid value) and _prompt_choice will accept it if the user presses Enter. It would be safer to coerce invalid/unknown defaults back to 'codex' (or re-prompt) before calling _prompt_choice.

Suggested change

	enabled = _prompt_yes_no("Keep this agent enabled", bool(config.get("enabled", True)))
	if enabled:
	backend = _prompt_choice("Backend", list(VALID_BACKENDS), str(config.get("backend", "codex")))
	model = _prompt_text("Model override", str(config.get("model") or ""), allow_blank=True)
	dangerously_bypass = _prompt_yes_no("Use dangerous bypass", bool(config.get("dangerously_bypass", False)))
	sandbox = config.get("sandbox", "workspace-write")
	if not dangerously_bypass:
	sandbox = _prompt_choice("Sandbox", SANDBOX_OPTIONS, str(sandbox))
	else:
	backend = str(config.get("backend", "codex"))
	# Determine a safe default backend for this custom agent
	backend_default = str(config.get("backend", "codex"))
	if backend_default not in VALID_BACKENDS:
	backend_default = "codex" if "codex" in VALID_BACKENDS else next(iter(VALID_BACKENDS))
	enabled = _prompt_yes_no("Keep this agent enabled", bool(config.get("enabled", True)))
	if enabled:
	backend = _prompt_choice("Backend", list(VALID_BACKENDS), backend_default)
	model = _prompt_text("Model override", str(config.get("model") or ""), allow_blank=True)
	dangerously_bypass = _prompt_yes_no("Use dangerous bypass", bool(config.get("dangerously_bypass", False)))
	sandbox = config.get("sandbox", "workspace-write")
	if not dangerously_bypass:
	sandbox = _prompt_choice("Sandbox", SANDBOX_OPTIONS, str(sandbox))
	else:
	backend = backend_default

[Copilot]

task_type fallback can become None if a custom agent has role: null (or an empty value) in the registry, because dict.get('role', 'custom') returns the stored None. This would emit TaskPackets with a non-string task_type. Prefer an explicit fallback like (agent_config.get('role') or 'custom') (and similarly guard other optional string fields).

[Copilot]

Casting the backend to str means an explicitly-null/None backend in the registry becomes the literal string 'None', which then fails dispatch with a confusing "Unknown backend" error. Treat missing/falsey backend values as the default (e.g., agent_config.get('backend') or 'codex') and optionally validate earlier for a clearer error.

Suggested change

	effective_backend = str(agent_config.get("backend", "codex"))
	effective_backend = agent_config.get("backend") or "codex"