fix: Sub-Agent permissions override

[nightguarder]

fix: Sub-Agents permissions override

Plan mode restrictions bypassed when spawning sub-agents

Fixes #6527

Closes #6527

Type of change

• Bug fix

What does this PR do?

Fixes sub-agent permission bypass: when spawning sub-agents from Plan mode, they now inherit the parent session's permissions (including edit: deny). Previously, sub-agents ran with full permissions and could edit files despite Plan mode being active.

Changes:

1. task.ts: Inherit parent session permissions when creating child session
2. In task.ts, we get parent permissions and pass them to child session creation
3. prompt.ts: Merge existing session permissions with tools flags instead of replacing
4. In prompt.ts we ensure the permissions get merged - not replaced with input.tools flag

How did you verify your code works?

• Code compiles and follows existing patterns
• Follows the same permission merge logic used elsewhere in the codebase

[github-actions]

This PR doesn't fully meet our contributing guidelines and PR template.

What needs to be fixed:

• PR description is missing required template sections. Please use the PR template.

Please edit this PR description to address the above within 2 hours, or it will be automatically closed.

If you believe this was flagged incorrectly, please let a maintainer know.

[github-actions]

The following comment was made by an LLM, it may be inaccurate:

Based on my search, I found one highly related PR that addresses the same issue:

Potential Duplicate:

• PR fix: propagate parent agent permissions to subagent child sessions #12584: fix: propagate parent agent permissions to subagent child sessions
  • This appears to be directly related as it addresses propagating parent agent permissions to child sessions, which is the core issue being fixed in PR fix: Sub-Agent permissions override #21540.

Related PRs (not duplicates, but similar scope):

• PR refactor(agent): set Explore subagent bash permissions to read-only #6073: refactor(agent): set Explore subagent bash permissions to read-only - Deals with subagent permission restrictions
• PR fix: render permission and question prompts from nested subagent session #13719: fix: render permission and question prompts from nested subagent session - Related to subagent permission handling

Recommend checking PR #12584 to ensure this PR isn't addressing the same fix that was already attempted.

[github-actions]

This pull request has been automatically closed because it was not updated to meet our contributing guidelines within the 2-hour window.

Feel free to open a new pull request that follows our guidelines.