Skip to content

fix: propagate parent agent permissions to subagent child sessions #12584

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
brittlewis12 wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

fix: propagate parent agent permissions to subagent child sessions #12584

brittlewis12 wants to merge 1 commit into from
+184 −0

Conversation

@brittlewis12
Copy link
Contributor

@brittlewis12 brittlewis12 commented Feb 7, 2026

Fixes #12566

What does this PR do?

Subagents don’t respect the parent agent's permission rules, instead using their own restrictive defaults. Any tool call evaluating to 'ask' would block indefinitely, even when explicitly configured to run unattended.

This fix includes the parent agent’s permission rules in the child session, before the hard-coded denies (todowrite, todoread, task) so findLast respects the override order correctly.

How did you verify your code works?

wrote a regression test, saw it fail, and then made it pass.

@brittlewis12
fix: propagate parent agent permissions to subagent child sessions
5108c84 
When a primary agent with permissive rules (e.g. permission: 'allow')
spawns a subagent via TaskTool, the parent agent's permission rules were
not included in the child session's permission field. This caused
subagents to use only their own restrictive defaults, meaning any tool
call evaluating to 'ask' would block indefinitely in unattended mode.

The fix resolves the calling agent and includes its permission rules in
the child session, positioned before the hard-coded denies (todowrite,
todoread, task) so findLast respects the override order correctly.
@github-actions
Copy link
Contributor

github-actions bot commented Feb 7, 2026

The following comment was made by an LLM, it may be inaccurate:

Based on my search, I found several related PRs that address subagent permission issues. Here are the potentially relevant ones (excluding the current PR #12584):

Related PRs:

  1. fix: prevent subagent permission bypass via tools field inheritance #7473 - fix: prevent subagent permission bypass via tools field inheritance

    • Directly related to subagent permission handling and preventing permission bypasses

  2. feat(task): Add subagent-to-subagent delegation with budgets, persistent sessions, and hierarchical session navigation #7756 - feat(task): Add subagent-to-subagent delegation with budgets, persistent sessions, and hierarchical session navigation

    • Addresses subagent-to-subagent delegation and session management, which relates to the permission inheritance chain

  3. fix(acp): handle permission requests from child sessions #12136 - fix(acp): handle permission requests from child sessions

    • Directly handles permissions for child sessions, potentially overlapping with the current fix

  4. fix(questions): fixes #7654 where sub-sub agents can't ask questions #10539 - fix(questions): fixes #7654 where sub-sub agents can't ask questions

    • Addresses permission/capability issues in nested subagent scenarios

Important: Check if #12136 (handle permission requests from child sessions) might be addressing the same underlying issue as #12584, as both deal with child session permissions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

contributor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Subagents don’t respect "*": "allow" agent permissions

1 participant

@brittlewis12