[FEATURE]: Granular Agent-to-Agent Visibility Control

[macastro9714]

Feature hasn't been suggested before.

• I have verified this feature I'm about to request hasn't been suggested before.

Describe the enhancement you want to request

Add permission.agent to control which agents appear in an agent's inventory. Currently, permission supports bash, skill, edit, etc., but not agent.

OpenCode uses mode to control agent visibility:

• subagent = hidden from inventory (can't be called)
• primary = visible, directly invocable by user
• all = visible, can call other agents

Problem: When you set mode: "all" to enable agent-to-agent calls, the agent sees the entire agent inventory. There's no way to restrict visibility to specific agents.

Why This Matters

Context bloat: An agent that only needs 2 subagents sees all 20+ agents in the system, wasting tokens and potentially causing confusion.

Security/correctness: A build agent shouldn't even know that deploy-production exists, preventing accidental or mistaken calls.

Example

deploy (orchestrator)
├── build
├── verify
├── release
└── promote

With mode: "all", the build agent sees ALL agents including deploy-staging, deploy-production, etc. It should only see its 2 relevant subagents.

Proposed Solution

Add permission.agent following the same pattern as permission.skill:

Current (for skills - already works):

{
  "permission": {
    "skill": {
      "git-*": "allow",
      "experimental-*": "deny"
    }
  }
}

Proposed (for agents):

{
  "agent": {
    "build": {
      "mode": "all",
      "permission": {
        "agent": {
          "compile": "allow",
          "test-unit": "allow"
        }
      }
    }
  }
}

Result: When build runs, its <available_agents> section only includes agents it's allowed to call.

Implementation

1. Schema: Add agent?: PermissionRuleConfig to the permission object
2. Inventory filtering: Filter agent inventory by both mode AND permission.agent
3. Runtime enforcement: Reject calls to agents not in the allowlist

[github-actions]

This issue might be related to existing discussions about agent visibility and permissions. Please check:

• Reduce token overhead: Task tool injects all subagent descriptions into system prompt #7269: Reduce token overhead - discusses limiting which subagents appear in agent inventory to reduce token consumption and improve focus
• [FEATURE]: Allow configurable subagent-to-subagent task delegation with call limits #7296: Allow configurable subagent-to-subagent task delegation - proposes granular control over which agents can call which other agents
• [Security Issue/Bug] Plan mode restrictions bypassed when spawning sub-agents #6527: Plan mode restrictions bypassed when spawning sub-agents - security issue where subagents inherit full permissions regardless of parent restrictions

Your proposal for permission.agent appears to be the architectural solution these issues need. The related issues highlight the problem from different angles:

• Reduce token overhead: Task tool injects all subagent descriptions into system prompt #7269: Token bloat from seeing all agents
• [FEATURE]: Allow configurable subagent-to-subagent task delegation with call limits #7296: Inability to restrict which agents a subagent can call
• [Security Issue/Bug] Plan mode restrictions bypassed when spawning sub-agents #6527: Missing permission inheritance

Feel free to ignore if these don't align with your specific use case.

[justfortheloveof]

I believe what you are requesting here has already been implemeted in #4773

[rekram1-node]

You can do this actually, using task tool permissions, example:

"agent": {
"build": {"permission": {"task": {"*": "deny", "explore": "allow"}}}
}

[macastro9714]

Ah I see, yes that works. Thank you. @rekram1-node do you think it will work for subagents too eventually if we allow subagents to instantiate other subagents?

In any case, since this is supported already, I'll close the issue thanks guys!