fix(plan): deny plan_exit and plan_enter in subagent sessions

BYK · BYK · commit aca39a65b52f · 2026-04-10T11:28:04.000Z
diff --git a/packages/opencode/src/tool/task.ts b/packages/opencode/src/tool/task.ts
@@ -55,6 +55,8 @@ export const TaskTool = Tool.defineEffect(
 
       const canTask = next.permission.some((rule) => rule.permission === id)
       const canTodo = next.permission.some((rule) => rule.permission === "todowrite")
+      const canPlanExit = next.permission.some((rule) => rule.permission === "plan_exit")
+      const canPlanEnter = next.permission.some((rule) => rule.permission === "plan_enter")
 
       const taskID = params.task_id
       const session = taskID
@@ -79,6 +81,24 @@ export const TaskTool = Tool.defineEffect(
                       action: "deny" as const,
                     },
                   ]),
+              ...(canPlanExit
+                ? []
+                : [
+                    {
+                      permission: "plan_exit" as const,
+                      pattern: "*" as const,
+                      action: "deny" as const,
+                    },
+                  ]),
+              ...(canPlanEnter
+                ? []
+                : [
+                    {
+                      permission: "plan_enter" as const,
+                      pattern: "*" as const,
+                      action: "deny" as const,
+                    },
+                  ]),
               ...(canTask
                 ? []
                 : [
@@ -137,6 +157,8 @@ export const TaskTool = Tool.defineEffect(
                 agent: next.name,
                 tools: {
                   ...(canTodo ? {} : { todowrite: false }),
+                  plan_exit: false,
+                  plan_enter: false,
                   ...(canTask ? {} : { task: false }),
                   ...Object.fromEntries((cfg.experimental?.primary_tools ?? []).map((item) => [item, false])),
                 },
