fix(task): respect subagent explicit edit:allow over inherited parent edit:deny

[public-static-void]

Issue for this PR

Closes #26514
Closes #26700

Type of change

• Bug fix

What does this PR do?

Fixes the interaction between #26514 (Plan Mode bypass) and #26700 (parent denies over-constrain subagents).
Subagents with an explicit write: allow (or edit: allow) configuration can now actually use edit-class tools, even when their parent agent has edit: deny (Plan Mode). Generic subagents without an explicit edit-class allow still inherit the parent's denies. Plan Mode security is preserved.
Three changes:

1. fromConfig() aliases write/apply_patch to the edit permission key (packages/opencode/src/permission/index.ts). The runtime already treats write, apply_patch, and edit as the same tool class via EDIT_TOOLS, but the config layer stored write: allow as permission: "write" which is invisible to the "edit" lookup. Aliasing makes config consistent with runtime.
2. deriveSubagentSessionPermission() skips parent edit: deny when the subagent has explicit edit: allow (packages/opencode/src/agent/subagent-permissions.ts). PR fix(task): subagent inherits parent agent's deny rules (Plan Mode security bypass) #26597 forwarded all parent edit denies to subagents. PR fix(task): preserve subagent self permissions #27201 narrowed it to only edit denies. This extends the same principle: if the subagent explicitly allows edit tools, the inherited deny is suppressed. Generic subagents without explicit edit rules still inherit the parent deny so Plan Mode stays secure.
3. prompt() merges tool-level denies instead of overwriting session permission (packages/opencode/src/session/prompt.ts). The task tool calls ops.prompt() with tool-level denies for todowrite/task/primary_tools. prompt() was overwriting session.permission, destroying inherited rules including the Plan Mode edit: deny that deriveSubagentSessionPermission() just set up. This fix uses [...session.permission, ...permissions] instead of session.permission = permissions.

This is more complete than the similar PR #27654 which only covers fix 2.
The fromConfig() aliasing and prompt.ts merge are needed too.

This fix is also complementary to the approach in #24293 which propagated parent session permissions to subagents (enabling inheritance), while this PR adds the explicit allow check on top of that (allowing overrides when the subagent opts in).

How did you verify your code works?

All upstream test scenarios pass:

• Plan Mode + generic subagent: edit: deny inherited, tools blocked
• Plan Mode + subagent with write: allow: edit: allow overrides, tools available
• Deny-by-default parent + capable subagent: subagent explicit allows work
• Controller/executor delegation (PR fix(task): preserve subagent self permissions #27201 test): passes

Screenshots / recordings

N/A, no UI changes.

Checklist

• I have tested my changes locally
• I have not included unrelated changes in this PR

[ghost]

The following comment was made by an LLM, it may be inaccurate:

Based on my search, I found one related PR that appears to be addressing a very similar issue:

Related PR:

• fix(task): subagent explicit edit:allow overrides parent edit:deny #27654 - fix(task): subagent explicit edit:allow overrides parent edit:deny
  • fix(task): subagent explicit edit:allow overrides parent edit:deny #27654

This PR appears to directly address the same core issue: ensuring that a subagent's explicit edit:allow configuration takes precedence over a parent agent's edit:deny. It's likely either a prior attempt at the same fix, a related issue that was separately worked on, or potentially a duplicate effort.

I also found:

• fix(task): propagate parent session permissions to sub-agents #24293 - fix(task): propagate parent session permissions to sub-agents - related to the broader permission inheritance system mentioned in your PR's context.

The first match (#27654) is the most concerning as a potential duplicate since it has an almost identical title and purpose.

[ghost]

Thanks for updating your PR! It now meets our contributing guidelines. 👍