fix(task): propagate parent session permissions to sub-agents

[herjarsa]

Issue for this PR

Closes #6527

Type of change

• Bug fix
• New feature
• Refactor / code improvement
• Documentation

What does this PR do?

When spawning a sub-agent via the task tool, the child session was created with a blank permission array, losing any Plan mode restrictions (e.g. edit: deny) set on the parent. This allowed sub-agents to bypass the parent's read-only guardrails.

The child session now inherits the parent session's permission ruleset via Permission.merge() before applying its own sub-agent defaults. This ensures that restrictions like Plan mode (edit: deny) are preserved and cannot be bypassed by delegating to a sub-agent.

How did you verify your code works?

• Ran bun typecheck in packages/opencode — no type errors in modified files
• Added regression test in test/tool/task.test.ts that:
  1. Sets parent session to edit: deny
  2. Spawns a sub-agent via TaskTool
  3. Asserts the child session inherits edit: deny
  4. Asserts child still gets sub-agent defaults (todowrite: deny, task: deny)

Screenshots / recordings

N/A — not a UI change

Checklist

• I have tested my changes locally
• I have not included unrelated changes in this PR

[github-actions]

The following comment was made by an LLM, it may be inaccurate:

Based on my search, here are potential related PRs:

Highly Related:

• fix(opencode): preserve external_dir and deny parent permissions in task child sessions #23290 - fix(opencode): preserve 'external_dir' and 'deny' parent permissions in task child sessions

  • Directly addresses the same issue of preserving parent permissions in task child sessions

• fix: subagent permissions bypass and Lost restrictions after compaction #21661 - fix: subagent permissions bypass and Lost restrictions after compaction

  • Addresses subagent permissions bypass issues

Related Context:

• fix(opencode): enforce read-only bash permissions in plan mode #24110 - fix(opencode): enforce read-only bash permissions in plan mode

  • Related to Plan mode permission enforcement

• fix(opencode): preserve readonly subagent restrictions across compaction #18764 - fix(opencode): preserve readonly subagent restrictions across compaction

  • Previous fix for similar permission preservation issues

• fix(task): preserve subagent todo permissions #18202 - fix(task): preserve subagent todo permissions

  • Related to preserving specific permissions in subagents

PR #23290 in particular seems very similar to the current PR #24293, both addressing preservation of parent permissions in task child sessions. You may want to verify if this is a duplicate or if they address different aspects of the same issue.

[github-actions]

Thanks for updating your PR! It now meets our contributing guidelines. 👍