fix: Sub-Agents permission override

[nightguarder]

fix: Sub-Agents permissions override

Plan mode restrictions bypassed when spawning sub-agents
Fixes #6527

Flow

1. Parent agent in Plan mode spawns sub-agent

2. Sub-agent can edit files despite parent being in Plan mode

3. Plan mode stores edit: deny on the session level, not the agent. The session has the actual runtime permissions, while the agent has the default config.

Our fix:

In task.ts, we get parent permissions and pass them to child session creation
In prompt.ts we ensure the permissions get merged - not replaced with input.tools flag

Type of change

• Bug fix
• Refactor / code improvement

What does this PR do?

Fixes sub-agent permission bypass: when spawning sub-agents from Plan mode, they now inherit the parent session's permissions (including edit: deny). Previously, sub-agents ran with full permissions and could edit files despite Plan mode being active.

Changes:

1. task.ts: Inherit parent session permissions when creating child session
2. prompt.ts: Merge existing session permissions with tools flags instead of replacing

How did you verify your code works?

• Code compiles and follows existing patterns
• Follows the same permission merge logic used elsewhere in the codebase
• Ran bun dev on the repository to verify the project build

Screenshots / recordings

If this is a UI change, please include a screenshot or recording.

Checklist

• I have tested my changes locally using bun dev
• I have not included unrelated changes in this PR

If you do not follow this template your PR will be automatically rejected.

[github-actions]

Hey! Your PR title add parentpermissions to sub-agent doesn't follow conventional commit format.

Please update it to start with one of:

• feat: or feat(scope): new feature
• fix: or fix(scope): bug fix
• docs: or docs(scope): documentation changes
• chore: or chore(scope): maintenance tasks
• refactor: or refactor(scope): code refactoring
• test: or test(scope): adding or updating tests

Where scope is the package name (e.g., app, desktop, opencode).

See CONTRIBUTING.md for details.

[github-actions]

This PR doesn't fully meet our contributing guidelines and PR template.

What needs to be fixed:

• PR description is missing required template sections. Please use the PR template.

Please edit this PR description to address the above within 2 hours, or it will be automatically closed.

If you believe this was flagged incorrectly, please let a maintainer know.

[github-actions]

The following comment was made by an LLM, it may be inaccurate:

Based on my search results, I found a potentially related PR:

Related PR:

• PR fix: propagate parent agent permissions to subagent child sessions #12584: "fix: propagate parent agent permissions to subagent child sessions"
  fix: propagate parent agent permissions to subagent child sessions #12584

This PR appears to address a very similar issue - propagating parent agent permissions to subagent child sessions. Since your current PR (21533) is also focused on inheriting parent session permissions when creating child sessions in sub-agents, this older PR may already have attempted to solve this problem or provide relevant context.

You may want to review PR #12584 to understand:

• If it was previously merged or closed and why
• Whether it needs to be revisited or if your fix improves upon it
• If there are any conflicts or overlapping changes

[github-actions]

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

1. Open an issue describing the bug/feature (if one doesn't exist)
2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.