Skip to content

fix(task): preserve subagent self permissions#27201

Merged
kitlangton merged 1 commit into
anomalyco:devfrom
kitlangton:opencode/subagent-permission-hotfix
May 13, 2026
Merged

fix(task): preserve subagent self permissions#27201
kitlangton merged 1 commit into
anomalyco:devfrom
kitlangton:opencode/subagent-permission-hotfix

Conversation

@kitlangton
Copy link
Copy Markdown
Contributor

@kitlangton kitlangton commented May 13, 2026

Summary

  • Preserve Plan Mode's inherited edit restriction for subagents.
  • Stop inheriting unrelated parent-agent self-denies like read, bash, and task into delegated subagents.
  • Add regression coverage for controller/executor deny-by-default delegation and parent session deny ceilings.

Test

  • bun run test test/permission-task.test.ts test/agent/plan-mode-subagent-bypass.test.ts
  • bun typecheck
  • push hook: bun turbo typecheck

Fixes #26700
Fixes #26747
Fixes #26758
Fixes #27123

@kitlangton kitlangton enabled auto-merge (squash) May 13, 2026 01:29
@kitlangton kitlangton merged commit c4e676b into anomalyco:dev May 13, 2026
10 checks passed
@github-actions github-actions Bot mentioned this pull request May 13, 2026
Open
This was referenced May 13, 2026
Closed
Closed
Closed
Closed
@OrShmuel22 OrShmuel22 mentioned this pull request May 15, 2026
Open
3 tasks
@Sewer56
Copy link
Copy Markdown
Contributor

Sewer56 commented May 17, 2026

@kitlangton This PR introduces a regression.

Parent agents with scoped edit permissions like:

edit:
  "*": deny
  "specific-pattern": allow

now break subagents that have their own scoped edit allows:

edit:
  "other-pattern": allow

other-pattern can no longer be accessed.

Merging of permissions puts parent's "*": deny last, overwriting any allow rules by child.

@public-static-void public-static-void mentioned this pull request May 25, 2026
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment