Skip to content

bug: TaskTool.init() not passing agent info, bypassing granular task permissions #173

New issue
New issue
Closed
#174
Closed
bug: TaskTool.init() not passing agent info, bypassing granular task permissions#173
#174
@randomm

Description

@randomm
randomm
opened on Feb 10, 2026

Summary

Granular task permissions (permission.task with per-agent allow/deny) are never enforced because TaskTool.init() is called without the agent parameter. This is an upstream bug also present in anomalyco/opencode.

Root Cause

File: packages/opencode/src/session/prompt.ts line ~329

const taskTool = await TaskTool.init()  // ← Missing agent parameter

The agent name (task.agent) is available at this call site but is never resolved to an Agent.Info object and passed through.

File: packages/opencode/src/tool/task.ts lines 113-116

const caller = initCtx?.agent       // ← undefined (never passed)
const accessibleAgents = caller
  ? agents.filter((a) =>            // ← never reached
      PermissionNext.evaluate("task", a.name, caller.permission).action !== "deny"
    )
  : agents                          // ← ALL agents shown, no filtering

Impact

  • Config "permission": {"task": {"*": "deny", "adversarial-developer": "allow"}} is parsed correctly but never enforced
  • ALL subagents can spawn ANY other agent via Task tool regardless of permission config
  • The permission system (PermissionNext) works correctly — it's just never called with the right data

Suggested Fix

At prompt.ts line ~329:

// Current (broken):
const taskTool = await TaskTool.init()

// Fixed:
const agentInfo = await Agent.get(task.agent)
const taskTool = await TaskTool.init({ agent: agentInfo })

Verification

After fix, test with config:

{
  "developer": {
    "permission": {
      "task": {
        "*": "deny",
        "adversarial-developer": "allow"
      }
    }
  }
}

Expected: developer can spawn @adversarial-developer but NOT @git-agent or @explore.

Files Involved

  • packages/opencode/src/session/prompt.ts — fix here (pass agent to init)
  • packages/opencode/src/tool/task.ts — permission filtering logic (correct, just never receives data)
  • packages/opencode/src/permission/next.ts — evaluation engine (works correctly)

Notes

  • Bug also exists in upstream anomalyco/opencode
  • Config parsing, schema validation, and permission evaluation all work correctly
  • Only the plumbing between prompt.ts and task.ts is broken

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions