From 969206c687ee6e71c27c6745cb4b1fc62cc33494 Mon Sep 17 00:00:00 2001
From: Kit Langton <kit.langton@gmail.com>
Date: Fri, 5 Jun 2026 19:29:51 -0400
Subject: [PATCH 1/2] test(core): cover managed output read permissions

---
 packages/core/test/permission.test.ts | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/packages/core/test/permission.test.ts b/packages/core/test/permission.test.ts
index 6e91da1af620..347fcd9b8017 100644
--- a/packages/core/test/permission.test.ts
+++ b/packages/core/test/permission.test.ts
@@ -161,6 +161,23 @@ describe("PermissionV2", () => {
     }),
   )
 
+  it.effect("allows managed output reads without granting external directory access", () =>
+    Effect.gen(function* () {
+      yield* setup([
+        { action: "*", resource: "*", effect: "deny" },
+        { action: "read", resource: "*", effect: "allow" },
+      ])
+      const service = yield* PermissionV2.Service
+
+      expect(yield* service.ask(assertion({ resources: ["tool_123"] }))).toMatchObject({ effect: "allow" })
+      expect(
+        yield* service.ask(
+          assertion({ action: "external_directory", resources: ["/tmp/tool-output/*"] }),
+        ),
+      ).toMatchObject({ effect: "deny" })
+    }),
+  )
+
   it.effect("uses build permissions when the Session agent is omitted", () =>
     Effect.gen(function* () {
       yield* setup()

From 9dc302f3f90152ca436847fc09eccc6d060078f0 Mon Sep 17 00:00:00 2001
From: Kit Langton <kit.langton@gmail.com>
Date: Sat, 6 Jun 2026 20:07:23 -0400
Subject: [PATCH 2/2] test(core): format managed output permission test

---
 packages/core/test/permission.test.ts | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/packages/core/test/permission.test.ts b/packages/core/test/permission.test.ts
index 347fcd9b8017..ebe06400e984 100644
--- a/packages/core/test/permission.test.ts
+++ b/packages/core/test/permission.test.ts
@@ -171,9 +171,7 @@ describe("PermissionV2", () => {
 
       expect(yield* service.ask(assertion({ resources: ["tool_123"] }))).toMatchObject({ effect: "allow" })
       expect(
-        yield* service.ask(
-          assertion({ action: "external_directory", resources: ["/tmp/tool-output/*"] }),
-        ),
+        yield* service.ask(assertion({ action: "external_directory", resources: ["/tmp/tool-output/*"] })),
       ).toMatchObject({ effect: "deny" })
     }),
   )