Description
Bug Report: Plan Mode Permission Bypass via Subagents
Description
In Plan Mode (READ-ONLY phase), the main agent's file editing permissions are correctly restricted, but subagents retain full file modification capabilities, creating a security bypass.
Steps to Reproduce
- Enable Plan Mode in opencode
- As the main agent, attempt to use
edit or write tool → Blocked by rules
- Use the
task tool to spawn a subagent (type: general)
- Instruct the subagent to use
edit or write tool → Succeeds
Expected Behavior
Subagents should inherit the same READ-ONLY restrictions as the main agent when Plan Mode is active.
Actual Behavior
- Main agent:
edit/write blocked with error: "The user has specified a rule which prevents you from using this specific tool call"
- Subagent:
edit/write execute successfully, bypassing Plan Mode restrictions
Impact
This is a permission bypass vulnerability. Users enable Plan Mode to prevent unintended modifications during planning/review phase. The subagent loophole allows circumventing this safety mechanism.
Tools Affected
edit (file editing)write (file creation)- Likely affects other modification tools as well
Environment
- OS: Windows (win32)
- Shell: PowerShell 7+
Plugins
No response
OpenCode version
No response
Steps to reproduce
No response
Screenshot and/or share link
No response
Operating System
No response
Terminal
No response
Description
Bug Report: Plan Mode Permission Bypass via Subagents
Description
In Plan Mode (READ-ONLY phase), the main agent's file editing permissions are correctly restricted, but subagents retain full file modification capabilities, creating a security bypass.
Steps to Reproduce
editorwritetool → Blocked by rulestasktool to spawn a subagent (type: general)editorwritetool → SucceedsExpected Behavior
Subagents should inherit the same READ-ONLY restrictions as the main agent when Plan Mode is active.
Actual Behavior
edit/writeblocked with error: "The user has specified a rule which prevents you from using this specific tool call"edit/writeexecute successfully, bypassing Plan Mode restrictionsImpact
This is a permission bypass vulnerability. Users enable Plan Mode to prevent unintended modifications during planning/review phase. The subagent loophole allows circumventing this safety mechanism.
Tools Affected
edit(file editing)write(file creation)Environment
Plugins
No response
OpenCode version
No response
Steps to reproduce
No response
Screenshot and/or share link
No response
Operating System
No response
Terminal
No response