← 2.1.0 Test tested · runtime-test

Task(AgentName) disable — runtime test

Hands-on runtime battle-test of Task(AgentName) disable. Result: PASS.

Task(AgentName) Disable

Disabling specific agents through Task(AgentName) syntax blocks selected subagent types at availability time, filtering them from Claude's agent option set without throwing errors.

How it works

The --disallowedTools CLI flag and settings.json permissions support both broad and granular blocking:

  • Task alone blocks all subagents entirely.
  • Task(Explore) blocks only Explore-type agents; the Task tool remains available and other agent types (Plan, Bash, general-purpose) continue available.

Disabling works at the availability level: blocked agents do not appear in the set of agent types Claude can select from, so they never become invocation candidates.

What the test found

Three scenarios were verified on 2026-01-07:

  1. Blocking all subagents (Task) removed the tool entirely. Pass.
  2. Blocking a single agent type (Task(Explore)) filtered only that agent, leaving Task and other types functional. Pass.
  3. When requesting a disabled agent, Claude did not error. Instead it worked around the constraint by selecting alternative agents or direct tools, demonstrating graceful degradation.

The syntax scales: Task(Plan) would block Plan agents without affecting others, though Plan was not explicitly tested.

Why it matters

This gives three concrete capabilities:

  • Cost control: Disable expensive agents (Opus-based types) to constrain spending.
  • Security: Prevent specific agent capabilities where policy forbids them.
  • Testing: Isolate agent behaviors by removing interference from other types.

The graceful fallback means requests never fail catastrophically; Claude adapts rather than stopping.

Mechanics

The availability filter operates before agent selection. Claude's agent-type decision tree sees a reduced set of options based on the disallowedTools configuration. This differs from a hard runtime block and explains why no errors surface.

Primary source
⎘ 2.1.0/tests/10-task-disable/TEST-RESULTS.mdverbatim from the corpus

Test Results: Task(AgentName) Disable Syntax

Feature: Added support for disabling specific agents using Task(AgentName) syntax in settings.json permissions or the --disallowedTools CLI flag

Tested: 2026-01-07

Test Results

Test 1: Disable Task entirely

--disallowedTools "Task"

Result: PASS - Task tool completely removed from available tools

Test 2: Disable specific agent type

--disallowedTools "Task(Explore)"

Result: PASS - Explore removed from available subagent types

  • Task tool still available
  • Other agent types (Bash, general-purpose, Plan, etc.) still available
  • Explore specifically filtered out

Test 3: Behavior when requesting disabled agent

Result: Claude uses alternative approaches

  • If Explore is disabled, Claude may use other agents or direct tools
  • No hard error thrown - graceful degradation

Key Findings

  1. Granular control works:

    • Task - blocks all subagents
    • Task(Explore) - blocks only Explore agent
    • Task(Plan) - would block only Plan agent (not tested)

  2. Filtering is at availability level:

    • Disabled agents don't appear in the agent type list
    • Claude sees a reduced set of options

  3. Graceful degradation:

    • Claude works around disabled agents by using alternatives
    • No errors thrown when asking for disabled agent

Use Cases

  • Cost control: Disable expensive agents (Opus-based)
  • Security: Prevent certain agent capabilities
  • Testing: Isolate specific agent behaviors

Status: PASS

Feature works as documented. Granular agent disabling confirmed.

Evidence & receipt
◇ ed25519 receipt
idtest_d2691b6e4bc5a298d4452009
alged25519
pubkey9b87705613b1e2fd064d57fa75a6b679d2856ceafad6b1daa8f982493871b6dd
sigfd25b051307c2cb283061912dc64ce8651c0d857060b9d65cc3948983f0a4ce1446563cc294110f4c5c9cde04503cd938378fa144779cdf099158c53a13b9107

Signed with an ed25519 key held off the repo. Anyone can verify against the published public key; nobody without the secret key can forge it. Click verify: it recomputes the signature in your browser. The signature proves integrity and authorship of this exact content — not a third-party timestamp or that the underlying claim is objectively true. signedAt is when the @f3/attest pipeline ran, not when the work happened; the evidence refs carry the source dates.

Connected
← Browse 2.1.0 Night Zero Work with me