fix: subagent permissions bypass and Lost restrictions after compaction

[nightguarder]

Issue for this PR

Plan mode restrictions bypassed when spawning sub-agents

Fixes #18213: Readonly restrictions lost after compaction

Fixes #6527: Sub-agent permission bypass in Plan mode

Type of change

• Bug fix
• New feature
• Refactor / code improvement
• Documentation

What does this PR do?

Fixes sub-agent permission bypass: when spawning sub-agents from Plan mode, they now inherit the parent session's permissions (including edit: deny). Previously, sub-agents ran with full permissions and could edit files despite Plan mode being active.

task.ts - Gets caller agent permissions, merges with session, adds edit: deny if parent has it, updates persisted session permission (including resumed task_id sessions)
prompt.ts - Merges tool-derived permissions with existing session rules instead of replacing them
bash.ts - Detects output redirection (>, >>) and sed -i and requires edit permission for them

If you paste a large clearly AI generated description here your PR may be IGNORED or CLOSED!

How did you verify your code works?

I ran bun dev and verified the project builds and start

Screenshots / recordings

If this is a UI change, please include a screenshot or recording.

Checklist

• I have tested my changes locally
• I have not included unrelated changes in this PR

If you do not follow this template your PR will be automatically rejected.

[github-actions]

Hey! Your PR title Fix: subagent permissions bypass and Lost restrictions after compaction doesn't follow conventional commit format.

Please update it to start with one of:

• feat: or feat(scope): new feature
• fix: or fix(scope): bug fix
• docs: or docs(scope): documentation changes
• chore: or chore(scope): maintenance tasks
• refactor: or refactor(scope): code refactoring
• test: or test(scope): adding or updating tests

Where scope is the package name (e.g., app, desktop, opencode).

See CONTRIBUTING.md for details.

[github-actions]

The following comment was made by an LLM, it may be inaccurate:

Potential Duplicate Found

PR #18764: fix(opencode): preserve readonly subagent restrictions across compaction

Reason: This PR directly addresses the same issue (#18213) mentioned in the current PR - preserving readonly restrictions after compaction. Both PRs are tackling permission preservation for subagents during compaction operations, which appears to be overlapping scope.

[github-actions]

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

1. Open an issue describing the bug/feature (if one doesn't exist)
2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.