Skip to content

Task should inherit current agent permissions/tools for MCP #3808

New issue
New issue
Open
Open
Task should inherit current agent permissions/tools for MCP#3808
Assignees
thdxr
Labels
bugSomething isn't workingopentuiThis relates to changes in v1.0, now that opencode uses opentui
@nikaro

Description

@nikaro
nikaro
opened on Nov 3, 2025

Description

I've created an "offline" agent to limit the risk of leaking sensitive data via prompt inject when working on untrusted data.

  "agent": {
    "offline": {
      "permission": {
        "bash": {
          "*": "ask",
        },
        "edit": "ask",
        "webfetch": "deny",
      },
      "tools": {
        "context7_*": false,
        "gh_grep_*": false,
        "kagi_*": false,
        "webfetch": false,
      },
    },
  },

But the agent can easily circumvent the tools limitations by delegating the task to a sub-agent. And it does not even ask for permission to run the tool. This can be solved by disabling the task tool. But it would be better if by default tasks were using the same agent with the same permissions/tools.

PS: it seems to work fine for native tools like webfetch (not sure about this, sometimes it hangs sometimes it rightfully fails).

OpenCode version

1.0.15

Steps to reproduce

  1. Create an agent "offline" with webfetch and mcp with online access disabled (ex: kagi)
  2. Using the "offline" ask it to search online for whatever information
  3. It will delegate a task and use mcp tool like kagi

Screenshot and/or share link

No response

Operating System

macOS 26.0.1

Terminal

Ghostty

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingopentuiThis relates to changes in v1.0, now that opencode uses opentui

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions