fix(security): subagent permission inheritance + budget enforcement

[kienbui1995]

Security Hardening

🔴 Fixed: Subagent bypassed permission checks

Before: subagents hardcoded PermissionMode::Allow — could run bash even when parent required --dangerously-allow-bash.

After: subagents inherit parent's permission mode. Default is Auto (read tools auto-allow, dangerous tools denied).

🟠 Fixed: Budget not enforced

Before: budget_usd was validated in config but never checked at runtime.

After: SubagentSpawner tracks spent_usd and rejects new tasks when budget exhausted.

190 tests pass.

Summary by CodeRabbit

• New Features
  • Subagent execution now supports configurable permission modes for enhanced control over task execution.
  • Spending limits can be established for subagent operations with automatic budget tracking throughout execution.
  • Subagent operations are automatically halted when configured spending limits are exhausted, preventing overspending.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 66a3bb4d-0a76-40ad-af8f-7eaf51bdc73d

📥 Commits

Reviewing files that changed from the base of the PR and between 6d8f1e4 and 3843e8e.

📒 Files selected for processing (4)

• mc/crates/mc-cli/src/main.rs
• mc/crates/mc-core/src/runtime.rs
• mc/crates/mc-core/src/subagent.rs
• mc/crates/mc-tools/src/permissions.rs

---

📝 Walkthrough

Walkthrough

The changes add budget and permission mode configuration capabilities for subagent execution. The CLI now initializes the runtime with managed agent permission modes and spend limits, while the core runtime, subagent spawner, and permissions modules add corresponding configuration methods and fields to track and enforce these settings.

Changes

Cohort / File(s)	Summary
Runtime Configuration mc/crates/mc-core/src/runtime.rs	Added two public methods to ConversationRuntime: set_subagent_permission_mode() and set_subagent_budget() that delegate to the internal subagent spawner configuration.
Subagent Spawner mc/crates/mc-core/src/subagent.rs	Added permission_mode, budget_usd, and spent_usd fields to track agent execution policies and budget limits. Implemented pre-flight budget exhaustion check in run_task that returns early if budget is exceeded. Extended run_simple_agent to accept and use configured permission mode instead of hard-coded allow mode.
CLI Integration mc/crates/mc-cli/src/main.rs	Updated run_tui to configure subagent permission mode and budget on the runtime during initialization.
Permissions API mc/crates/mc-tools/src/permissions.rs	Added public mode() getter method on PermissionPolicy to expose the policy's default mode.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• fix: clippy cleanup + wire max_concurrent #35: Adds similar runtime configuration setter patterns for max_concurrent on subagent spawner.
• feat: managed agents — manager-executor pattern #34: Modifies subagent management surface to add budget and execution policy configuration (directly related change set).
• feat: address critical gaps — model routing, CI mode, per-tool permissions #27: Modifies the ConversationRuntime ↔ SubagentSpawner integration with new subagent configuration parameters.

Poem

🐰 Budget bounds and modes so fine,
Subagents now must toe the line,
Permission gates and spending caps,
Keep agents running within their maps! 💰✨

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/hardening

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}