fix(task): propagate parent session permissions to sub-agents

[herjarsa]

Issue for this PR

Closes #6527

Type of change

• Bug fix
• New feature
• Refactor / code improvement
• Documentation

What does this PR do?

When spawning a sub-agent via the task tool, the child session was created with a blank permission array, losing any Plan mode restrictions (e.g. edit: deny) set on the parent. This allowed sub-agents to bypass the parent's read-only guardrails.

The child session now inherits the parent session's permission ruleset via Permission.merge() before applying its own sub-agent defaults. This ensures that restrictions like Plan mode (edit: deny) are preserved and cannot be bypassed by delegating to a sub-agent.

How did you verify your code works?

• Ran bun typecheck in packages/opencode — no type errors in modified files
• Added regression test in test/tool/task.test.ts that:
  1. Sets parent session to edit: deny
  2. Spawns a sub-agent via TaskTool
  3. Asserts the child session inherits edit: deny
  4. Asserts child still gets sub-agent defaults (todowrite: deny, task: deny)

Screenshots / recordings

N/A — not a UI change

Checklist

• I have tested my changes locally
• I have not included unrelated changes in this PR

[github-actions]

The following comment was made by an LLM, it may be inaccurate:

Based on my search, here are potential related PRs:

Highly Related:

• fix(opencode): preserve external_dir and deny parent permissions in task child sessions #23290 - fix(opencode): preserve 'external_dir' and 'deny' parent permissions in task child sessions

  • Directly addresses the same issue of preserving parent permissions in task child sessions

• fix: subagent permissions bypass and Lost restrictions after compaction #21661 - fix: subagent permissions bypass and Lost restrictions after compaction

  • Addresses subagent permissions bypass issues

Related Context:

• fix(opencode): enforce read-only bash permissions in plan mode #24110 - fix(opencode): enforce read-only bash permissions in plan mode

  • Related to Plan mode permission enforcement

• fix(opencode): preserve readonly subagent restrictions across compaction #18764 - fix(opencode): preserve readonly subagent restrictions across compaction

  • Previous fix for similar permission preservation issues

• fix(task): preserve subagent todo permissions #18202 - fix(task): preserve subagent todo permissions

  • Related to preserving specific permissions in subagents

PR #23290 in particular seems very similar to the current PR #24293, both addressing preservation of parent permissions in task child sessions. You may want to verify if this is a duplicate or if they address different aspects of the same issue.

[github-actions]

Thanks for updating your PR! It now meets our contributing guidelines. 👍

[Plastdroid]

Hit this exact bug while in plan mode today. Subagent wrote files to disk with no restriction, child session had blank permissions, parent's "edit: deny" was lost. #23290 doesn't cover this (it's about external_directory). Fixes #6527.

[github-actions]

Automated PR Cleanup

Thank you for contributing to opencode.

Due to the high volume of PRs from users and AI agents, we periodically close older PRs using automated criteria so maintainers can focus review time on the most active and community-supported contributions.

This PR was closed because it matched the following cleanup criteria:

• The PR was created more than 1 month ago
• The PR had fewer than 2 positive reactions
• Positive reactions are counted as thumbs-up, heart, celebration, or rocket reactions on the PR

PRs created within the last month are not affected by this cleanup.

If you believe this PR was closed incorrectly, or if you are still actively working on it, please leave a comment explaining why it should be reopened. A maintainer can review and reopen it if appropriate.

Thanks again for taking the time to contribute.