Skip to content

fix(opencode): preserve external_dir and deny parent permissions in task child sessions#23290

Merged
rekram1-node merged 6 commits intoanomalyco:devfrom
remorses:fix-subagent-session-permissions
Apr 30, 2026
Merged

fix(opencode): preserve external_dir and deny parent permissions in task child sessions#23290
rekram1-node merged 6 commits intoanomalyco:devfrom
remorses:fix-subagent-session-permissions

Conversation

@remorses
Copy link
Copy Markdown
Contributor

@remorses remorses commented Apr 18, 2026
edited
Loading

Issue for this PR

Closes #20549
Closes #6527

Type of change

  • Bug fix
  • New feature
  • Refactor / code improvement
  • Documentation

What does this PR do?

When task creates a child session, it now carries over only the parent session's external_directory rules and deny rules.

That fixes repeated prompts for trusted external paths while avoiding broad allow-rule inheritance that could make restrictive subagents like explore writable.

How did you verify your code works?

  • bunx prettier --write packages/opencode/src/tool/task.ts packages/opencode/test/tool/task.test.ts
  • bun test --timeout 30000 test/tool/task.test.ts
  • bun typecheck

Screenshots / recordings

Not applicable.

Checklist

  • I have tested my changes locally
  • I have not included unrelated changes in this PR

@remorses
fix(opencode): preserve safe parent permissions in task child sessions
8eaba3e 
Carry forward only transitive-safe session rules when `task` creates a child session.
This keeps parent `external_directory` approvals and deny rules so subagents stop re-prompting for trusted paths, while avoiding broad allow-rule inheritance that could accidentally grant write access to restrictive agents like `explore`.

Verification:
- bunx prettier --write packages/opencode/src/tool/task.ts packages/opencode/test/tool/task.test.ts
- bun test --timeout 30000 test/tool/task.test.ts
- bun typecheck

Session: ses_25fac94daffeLwJ8p3cQRCI5pF
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 18, 2026

The following comment was made by an LLM, it may be inaccurate:

Based on my search results, I found related PRs that address similar permission and restriction preservation issues in task child sessions:

Related PRs:

  1. fix(task): preserve subagent todo permissions #18202 - fix(task): preserve subagent todo permissions

    • Directly related to preserving permissions when creating subagent sessions

  2. fix(opencode): preserve readonly subagent restrictions across compaction #18764 - fix(opencode): preserve readonly subagent restrictions across compaction

    • Addresses preserving restrictions across session operations, similar concern to this PR

  3. fix: subagent permissions bypass and Lost restrictions after compaction #21661 - fix: subagent permissions bypass and Lost restrictions after compaction

    • Handles permission and restriction preservation issues

  4. fix: avoid external_directory prompt for global AGENTS.md #18721 - fix: avoid external_directory prompt for global AGENTS.md

    • Related to the external_directory prompts that this PR aims to reduce

  5. feat: Use proper globbing for "edit", "read" and "external_directory" permi… #22676 - feat: Use proper globbing for "edit", "read" and "external_directory" permissions

    • Recent work on external_directory permission handling

These PRs are related to the same codebase area (task tool, permissions, subagent sessions) but don't appear to be direct duplicates of PR #23290. Your PR is specifically addressing the narrow issue of preserving only safe parent permissions (external_directory and deny rules) when task creates child sessions.

@remorses remorses mentioned this pull request Apr 18, 2026
Open
remorses added 4 commits April 20, 2026 11:09
@remorses
Merge branch 'dev' into fix-subagent-session-permissions
f2a227b
@remorses
chore(opencode): drop task permission regression test from PR
ba81be9 
Remove the extra task tool regression test to keep this PR narrowly focused on the runtime permission fix.
The task tool change remains covered by local validation, but the branch diff is now smaller and easier to review.

Verification:
- bun test --timeout 30000 test/tool/task.test.ts
- bun typecheck

Session: ses_25fac94daffeLwJ8p3cQRCI5pF
@remorses
Merge remote-tracking branch 'origin/fix-subagent-session-permissions…
2d14d6e 
…' into fix-subagent-session-permissions
@remorses
chore(opencode): remove stray blank line from task test
b687437 
Drop the extra trailing blank line in `packages/opencode/test/tool/task.test.ts` so the file stays clean after the earlier PR diff simplification.

Session: ses_25fac94daffeLwJ8p3cQRCI5pF
EOF && git push && gh pr checks 23290 -R anomalyco/opencode --watch --fail-fast
@remorses remorses changed the title fix(opencode): preserve safe parent permissions in task child sessions fix(opencode): preserve external_dir and deny parent permissions in task child sessions Apr 20, 2026
@rekram1-node
Copy link
Copy Markdown
Collaborator

rekram1-node commented Apr 21, 2026

/review

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 21, 2026

lgtm

@github-actions github-actions Bot mentioned this pull request Apr 25, 2026
Open
6 tasks
@rekram1-node rekram1-node merged commit d7701db into anomalyco:dev Apr 30, 2026
10 checks passed
@oleksii-honchar oleksii-honchar mentioned this pull request Apr 30, 2026
Merged
@Astro-Han Astro-Han mentioned this pull request May 6, 2026
Open
66 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

contributor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Improve transitive permissions for agents subagents and tasks [CRITICAL Security Issue/Bug] Plan mode restrictions bypassed when spawning sub-agents

2 participants

@remorses @rekram1-node