Skip to content

fix: subagent permissions bypass and Lost restrictions after compaction#21661

Open
nightguarder wants to merge 5 commits intoanomalyco:devfrom
nightguarder:fix/6527-subagent-permissions
Open

fix: subagent permissions bypass and Lost restrictions after compaction#21661
nightguarder wants to merge 5 commits intoanomalyco:devfrom
nightguarder:fix/6527-subagent-permissions

Conversation

@nightguarder
Copy link
Copy Markdown

@nightguarder nightguarder commented Apr 9, 2026
edited
Loading

Issue for this PR

Plan mode restrictions bypassed when spawning sub-agents

Fixes #18213: Readonly restrictions lost after compaction

Fixes #6527: Sub-agent permission bypass in Plan mode

Type of change

  • Bug fix
  • New feature
  • Refactor / code improvement
  • Documentation

What does this PR do?

Fixes sub-agent permission bypass: when spawning sub-agents from Plan mode, they now inherit the parent session's permissions (including edit: deny). Previously, sub-agents ran with full permissions and could edit files despite Plan mode being active.

task.ts - Gets caller agent permissions, merges with session, adds edit: deny if parent has it, updates persisted session permission (including resumed task_id sessions)
prompt.ts - Merges tool-derived permissions with existing session rules instead of replacing them
bash.ts - Detects output redirection (>, >>) and sed -i and requires edit permission for them

If you paste a large clearly AI generated description here your PR may be IGNORED or CLOSED!

How did you verify your code works?

I ran bun dev and verified the project builds and start

Screenshots / recordings

If this is a UI change, please include a screenshot or recording.

Checklist

  • I have tested my changes locally
  • I have not included unrelated changes in this PR

If you do not follow this template your PR will be automatically rejected.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 9, 2026

Hey! Your PR title Fix: subagent permissions bypass and Lost restrictions after compaction doesn't follow conventional commit format.

Please update it to start with one of:

  • feat: or feat(scope): new feature
  • fix: or fix(scope): bug fix
  • docs: or docs(scope): documentation changes
  • chore: or chore(scope): maintenance tasks
  • refactor: or refactor(scope): code refactoring
  • test: or test(scope): adding or updating tests

Where scope is the package name (e.g., app, desktop, opencode).

See CONTRIBUTING.md for details.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 9, 2026

The following comment was made by an LLM, it may be inaccurate:

Potential Duplicate Found

PR #18764: fix(opencode): preserve readonly subagent restrictions across compaction

Reason: This PR directly addresses the same issue (#18213) mentioned in the current PR - preserving readonly restrictions after compaction. Both PRs are tackling permission preservation for subagents during compaction operations, which appears to be overlapping scope.

@nightguarder nightguarder changed the title Fix: subagent permissions bypass and Lost restrictions after compaction fix: subagent permissions bypass and Lost restrictions after compaction Apr 9, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 9, 2026

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

  1. Open an issue describing the bug/feature (if one doesn't exist)
  2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Sub-agent in plan mode bypasses restrictions after compaction [CRITICAL Security Issue/Bug] Plan mode restrictions bypassed when spawning sub-agents

1 participant

@nightguarder