fix(session): merge per-call tool rules into session permission#30529
Merged
nexxeln merged 5 commits intoJun 8, 2026
Merged
Conversation
SessionPrompt.prompt was overwriting `session.permission` with the per-call tool rules derived from `input.tools`, which clobbered rules the session already had. For subagent sessions this dropped inherited rules such as `external_directory` allows that the task tool had just written via `deriveSubagentSessionPermission`, forcing the subagent to re-ask for permissions the parent had already granted. Merge the per-call tool rules on top of the existing session permission instead of replacing it. Last-write-wins evaluation still lets the tool denies take effect for the rules they target. Add two unit tests for the merge/preserve contract on `SessionPrompt.prompt` plus an integration test that runs the real task tool path through `prompt.loop` with a `subtask` part and asserts the child session inherits the parent's `external_directory` allow. Fixes anomalyco#30527 Session: ses_17620c6c8ffe1JD8hmnPl15UUd
Contributor
|
The following comment was made by an LLM, it may be inaccurate: Based on my search, I found one related PR that addresses a similar issue: PR #30288: fix(opencode): inherit MCP tool allow permissions in subagent sessions
This appears to be the most relevant match, as both PRs address the broader problem of subagent sessions not properly inheriting parent session permission rules. The difference is scope: your PR provides a general fix to the merge logic in |
Keep only the integration test that exercises the real task tool path via prompt.loop and asserts the child subagent inherits the parent session's external_directory allow. The two unit tests on SessionPrompt.prompt were redundant with this end-to-end coverage. Session: ses_17620c6c8ffe1JD8hmnPl15UUd
Session: ses_17620c6c8ffe1JD8hmnPl15UUd
5e592d0 to
fb02214
Compare
6 tasks
shoootyou
added a commit
to shoootyou/opencode
that referenced
this pull request
Jun 10, 2026
* test(core): cover skill directory output (anomalyco#31263) * fix(opencode): avoid duplicate skill catalog (anomalyco#31269) * chore(opencode): update MCP SDK to 1.29.0 (anomalyco#31268) * chore: generate * chore: update nix node_modules hashes * run: make minimal mode more minimal (anomalyco#31227) * chore: generate * chore: update web and desktop code owners (anomalyco#31289) * fix(desktop): few WSL bugs (anomalyco#31095) * chore: generate * fix(opencode): respect MCP server capabilities (anomalyco#31271) * console: update email * zen: fix * fix(opencode): include acp pending tool input (anomalyco#31321) * fix(lsp): resolve JDTLS root to topmost pom.xml in Java Maven multi-module projects (anomalyco#28761) Co-authored-by: Shoubhit Dash <shoubhit2005@gmail.com> * chore: generate * fix(session): merge per-call tool rules into session permission (anomalyco#30529) Co-authored-by: Simon Klee <hello@simonklee.dk> * docs(go): update MiniMax M3 pricing (anomalyco#31350) * fix: speed up fff file search (anomalyco#31366) * chore: generate * fix(stats): show new for leaderboard deltas * fix: stabilize fff file results (anomalyco#31369) * chore: generate * fix(core): restore npm proxy agent patch (anomalyco#31373) * chore: update nix node_modules hashes * chore: upgrade OpenTUI to v0.3.4 (anomalyco#31326) * chore: update nix node_modules hashes * fix(core): disable fff trace logs (anomalyco#31380) * fix(session): avoid sticky prompt tool overrides (anomalyco#31394) * fix(opencode): await run event loop (anomalyco#31389) * refactor(core): replace legacy logger with Effect logging (anomalyco#31310) * chore: generate * fix(tui): trim select footer action highlight (anomalyco#31411) * fix(opencode): support MiniMax M3 thinking toggle (anomalyco#31426) * fix: adjust item id stripping to happen prior to request signing (anomalyco#31429) * fix(opencode): generate reasoning variants for all OpenRouter models. (anomalyco#30332) Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> Co-authored-by: Aiden Cline <aidenpcline@gmail.com> * feat(app): add draft tab support to tabs store (anomalyco#31343) * chore: generate * fix(opencode): paginate MCP catalogs (anomalyco#31442) * fix(opencode): pass abort signal to MCP tool calls (anomalyco#31455) * feat(app): draft prompt state (anomalyco#31452) * chore: generate * feat(app): tabs help button (anomalyco#31454) * feat: add "reasoning" as interleaved field option for vLLM providers (anomalyco#30477) Co-authored-by: Ben Sandbrook <1126483+delta9000@users.noreply.github.com> Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * fix(app): clip rounded session panels (anomalyco#31462) * core: fix idle CPU use in file logger (anomalyco#31478) * docs: add uninstall troubleshooting steps (anomalyco#31424) Co-authored-by: opencode-agent[bot] <opencode-agent[bot]@users.noreply.github.com> * leave a breadcrumb comment about batchWindow zero (anomalyco#31508) * chore: stats -> data * test(core): avoid Windows worker close race (anomalyco#31532) * refactor(tui): centralize application exit (anomalyco#31524) * chore: generate * feat(opencode): configure Cohere North model (anomalyco#31536) * refactor(core): consolidate references (anomalyco#31539) * feat(tui): show project copy in session list (anomalyco#31421) * chore: generate * fix(stats): use data branding assets * drop citation_options from cohere (anomalyco#31543) * zen: add north mini code model * fix(data): timestamp formatting * fix(opencode): support Claude Fable reasoning (anomalyco#31546) * fix(mcp): log actionable connection statuses (anomalyco#31544) * refactor(core): simplify location filesystem (anomalyco#31545) * chore: generate * chore: update nix node_modules hashes * fix(opencode): restore effect error logging (anomalyco#31551) * chore: generate * feat(opencode): add typed application layer graph (anomalyco#31531) * zen: add claude fable 5 * chore: generate * refactor(mcp): simplify service helpers (anomalyco#31549) * feat: add X-Session-Id header for proxy cache routing affinity (anomalyco#31511) * zen: update email * fix(desktop): update Electron stack and panel layout (anomalyco#31571) * chore: generate * chore: update nix node_modules hashes --------- Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> Co-authored-by: opencode-agent[bot] <opencode-agent[bot]@users.noreply.github.com> Co-authored-by: Simon Klee <hello@simonklee.dk> Co-authored-by: Luke Parker <10430890+Hona@users.noreply.github.com> Co-authored-by: Filip <34747899+neriousy@users.noreply.github.com> Co-authored-by: Frank <frank@anoma.ly> Co-authored-by: Shoubhit Dash <shoubhit2005@gmail.com> Co-authored-by: huangli <areyouok@gmail.com> Co-authored-by: Tommy D. Rossi <beats.by.morse@gmail.com> Co-authored-by: Jack <jack@anoma.ly> Co-authored-by: Adam <2363879+adamdotdevin@users.noreply.github.com> Co-authored-by: Dax <mail@thdxr.com> Co-authored-by: James Long <longster@gmail.com> Co-authored-by: Anthony Lau <anthony.lau2000@live.com> Co-authored-by: Aiden Cline <aidenpcline@gmail.com> Co-authored-by: Brendan Allan <14191578+Brendonovich@users.noreply.github.com> Co-authored-by: Ben Sandbrook <sandbrookvt@gmail.com> Co-authored-by: Ben Sandbrook <1126483+delta9000@users.noreply.github.com> Co-authored-by: opencode-agent[bot] <219766164+opencode-agent[bot]@users.noreply.github.com> Co-authored-by: Sebastian <hasta84@gmail.com> Co-authored-by: Songchao Wang <songchaow@outlook.com> Co-authored-by: yui-soul <yui-soul@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue for this PR
Closes #30527
Type of change
What does this PR do?
When a parent session has an
external_directoryallow rule (or any other session-level rule beyond plain tool denies), dispatching a subtask through the task tool produces a child session whose permission ruleset is missing those inherited rules. The subagent then asks for permission to read a directory the parent had already approved.The child session is in fact created correctly.
deriveSubagentSessionPermissionproduces the right rules andsessions.createpersists them. The damage happens immediately afterwards inSessionPrompt.prompt: it seestools: { task: false, todowrite: false }from the task tool, builds[task deny, todowrite deny], and writes that tosession.permissionviasetPermission.setPermissionreplaces the row, so the inheritedexternal_directoryallow is dropped.Fix is a one-line semantic change: merge the per-call tool rules on top of the existing
session.permissioninstead of replacing it.Permission.evaluateusesfindLast, so the appended tool denies still take effect for their targets, while previously-set rules survive.How did you verify your code works?
SessionPrompt.prompt(with and withouttools) pin the merge/preserve contract.prompt.loopwith asubtaskpart and asserts the child session inherits the parent'sexternal_directoryallow. All three fail ondevwithout the change and pass with it.bun typecheckis clean.Checklist