fix(task): preserve explicit todo permissions for subagents

[Haohao-end]

Issue for this PR

Closes #19101

Type of change

• Bug fix
• New feature
• Refactor / code improvement
• Documentation

What does this PR do?

This fixes a bug where subagents could not use todowrite / todoread even when those permissions were explicitly allowed.

The problem happened in two places in packages/opencode/src/tool/task.ts:

1. child sessions were created with unconditional deny rules for todowrite and todoread
2. SessionPrompt.prompt(...) was also called with todowrite: false and todoread: false

Because later permission writes win, explicit subagent todo allows were getting overridden.

This change keeps the default behavior safe, but stops forcing todo denies when the subagent has an explicit allow for that permission:

• if todowrite is explicitly allowed, it is no longer denied in the child session or re-disabled in SessionPrompt.prompt
• if todoread is explicitly allowed, it is handled the same way
• if a todo permission is not explicitly allowed, it still stays denied by default
• existing task permission behavior is left unchanged

I also added regression tests covering:

• default deny with no explicit todo allow
• explicit todowrite allow only
• explicit todowrite + todoread allow

How did you verify your code works?

I verified the fix by tracing the permission flow through both layers involved in this bug:

• child session creation in task.ts
• prompt-time permission rewriting through SessionPrompt.prompt(...)

I also added regression tests for the affected permission combinations.

I was not able to fully run the targeted tests in my current local environment because some repo dependencies/tools were missing (zod, drizzle-orm / bun sqlite migrator, and tsgo for typecheck), so I am not claiming a fully green local test run.

Screenshots / recordings

Not a UI change.

Checklist

• I have tested my changes locally
• I have not included unrelated changes in this PR

[github-actions]

This PR doesn't fully meet our contributing guidelines and PR template.

What needs to be fixed:

• Not all checklist items are checked. Please confirm you have tested locally and have not included unrelated changes.

Please edit this PR description to address the above within 2 hours, or it will be automatically closed.

If you believe this was flagged incorrectly, please let a maintainer know.

[github-actions]

The following comment was made by an LLM, it may be inaccurate:

Based on the search results, I found a related PR that might be addressing a similar issue:

Potential Related PR:

• fix(task): respect agent permission config for todowrite tool #19125 - fix(task): respect agent permission config for todowrite tool

  • This appears to be closely related to PR fix(task): preserve explicit todo permissions for subagents #19142, as it also deals with task permissions and todowrite in the context of agent/subagent configurations. Both PRs are addressing permission-related issues with todo tools.

• fix: only require TodoWrite when it is actually available #19057 - fix: only require TodoWrite when it is actually available

  • This may also be related, as it deals with TodoWrite availability/permissions.

These PRs might be addressing related aspects of the same permission system issue. You may want to review #19125 in particular to ensure there's no overlap in the fixes.

[Haohao-end]

Closing this since #19125 appears to cover the same issue and has active review already. I don’t want to duplicate work.