opencode icon indicating copy to clipboard operation
opencode copied to clipboard
Published 11 hours ago verified publisher icon anomalyco

fix: prevent subagent permission bypass via tools field inheritance

Open randomm opened this issue 5 days ago • 1 comments

Summary Fixes a security vulnerability where subagents bypassed permission restrictions due to direct tools array inheritance from parent agents. Problem Agents with restricted tool access could access parent agent tools they shouldn't have permission to use. The tools field was being spread directly from agent config, bypassing permission evaluation. Solution

  • Exclude tools field from agent config spread to prevent inheritance
  • Filter tools by agent-specific permission rules in ToolRegistry
  • Apply permission filtering in session initialization and prompt construction

Fixes: #7474 Related: #5894, #3808, #7296, #6527

Test Coverage 4 test files with comprehensive coverage validating agents cannot access tools outside their permission scope.

Verified manually to finally fix this issue. I had been stuck on 1.0.200 for few days due to this and having a rather complex multi-sub-agent configuration that relies on permissions guard rails working correctly.

randomm avatar Jan 09 '26 12:01 randomm