Description

After the permission rework in #6319, agents can no longer enable the task tool via permission frontmatter to allow nested sub-agents.

Steps to Reproduce

1. Create an agent with permission: { task: "allow" } in frontmatter:

---
name: orchestrator
mode: subagent
permission:
  task: allow
---

2. Call this agent via the Task tool from a primary agent
3. The sub-agent cannot spawn other sub-agents despite having task: allow

Expected Behavior

Agents with permission: { task: "allow" } should be able to use the Task tool to spawn nested sub-agents.

Actual Behavior

The task tool is always disabled for sub-agents regardless of agent permissions.

Root Cause

In #6319, the ...agent.tools spread was removed from task.ts that previously allowed agents to override the default task: false restriction:

tools: {
  todowrite: false,
  todoread: false,
  task: false,
  ...Object.fromEntries((config.experimental?.primary_tools ?? []).map((t) => [t, false])),
- ...agent.tools,  // This was removed
},

The old agent schema had a tools: z.record(z.string(), z.boolean()) field that enabled this override. With the new permission system, this capability was lost.

Environment

• opencode version: v1.1.15+
• Affects: Any agent trying to use nested sub-agents