@skj1724/oh-my-opencode 4.0.2 → 4.0.4

package/dist/cli/index.js

@@ -6165,10 +6165,121 @@ var init_session_cursor = __esm(() => {
 // src/shared/system-directive.ts
 var init_system_directive = () => {};
 
+// src/shared/agent-permissions.ts
+var DEFAULT_AGENT_PERMISSIONS, ALL_DEFINED_AGENTS, toolRestrictionsCache, sdkPermissionCache;
+var init_agent_permissions = __esm(() => {
+  DEFAULT_AGENT_PERMISSIONS = {
+    "\u6218\u7565\u53C2\u8C0B": {
+      canReadFiles: true,
+      canWriteFiles: false,
+      canExecuteCommands: true,
+      canDelegateTasks: true,
+      allowedCategories: ["quick"],
+      sdkPermissionOverrides: { call_omo_agent: "deny", question: "allow" }
+    },
+    "\u6DF1\u5EA6\u63A2\u7D22": {
+      canReadFiles: true,
+      canWriteFiles: false,
+      canExecuteCommands: false,
+      canDelegateTasks: false,
+      allowedCategories: []
+    },
+    "\u77E5\u8BC6\u5178\u85CF": {
+      canReadFiles: true,
+      canWriteFiles: false,
+      canExecuteCommands: false,
+      canDelegateTasks: false,
+      allowedCategories: [],
+      sdkPermissionOverrides: { "grep_app_*": "allow" }
+    },
+    "\u6280\u672F\u53C2\u8C0B": {
+      canReadFiles: true,
+      canWriteFiles: false,
+      canExecuteCommands: false,
+      canDelegateTasks: false,
+      allowedCategories: []
+    },
+    "\u9884\u5BA1\u987E\u95EE": {
+      canReadFiles: true,
+      canWriteFiles: false,
+      canExecuteCommands: false,
+      canDelegateTasks: false,
+      allowedCategories: []
+    },
+    "\u8BA1\u5212\u5BA1\u67E5": {
+      canReadFiles: true,
+      canWriteFiles: false,
+      canExecuteCommands: false,
+      canDelegateTasks: false,
+      allowedCategories: []
+    },
+    "\u5A92\u4F53\u89E3\u6790": {
+      canReadFiles: true,
+      canWriteFiles: false,
+      canExecuteCommands: false,
+      canDelegateTasks: false,
+      allowedCategories: [],
+      toolMode: "whitelist",
+      toolOverrides: { read: true },
+      sdkPermissionOverrides: { task: "deny", look_at: "deny" }
+    },
+    "BTW \u987E\u95EE": {
+      canReadFiles: true,
+      canWriteFiles: false,
+      canExecuteCommands: false,
+      canDelegateTasks: false,
+      allowedCategories: [],
+      toolOverrides: { slashcommand: false }
+    },
+    "\u4E3B\u6267\u884C\u5B98": {
+      canReadFiles: true,
+      canWriteFiles: true,
+      canExecuteCommands: true,
+      canDelegateTasks: true,
+      allowedCategories: [
+        "visual-engineering",
+        "ultrabrain",
+        "artistry",
+        "quick",
+        "unspecified-low",
+        "unspecified-high",
+        "writing"
+      ],
+      sdkPermissionOverrides: { call_omo_agent: "deny", question: "allow" }
+    },
+    "\u4EFB\u52A1\u7F16\u6392": {
+      canReadFiles: true,
+      canWriteFiles: true,
+      canExecuteCommands: true,
+      canDelegateTasks: true,
+      allowedCategories: [
+        "visual-engineering",
+        "ultrabrain",
+        "artistry",
+        "quick",
+        "unspecified-low",
+        "unspecified-high",
+        "writing"
+      ],
+      sdkPermissionOverrides: { task: "deny", call_omo_agent: "deny" }
+    },
+    "\u6267\u884C\u52A9\u7406": {
+      canReadFiles: true,
+      canWriteFiles: true,
+      canExecuteCommands: true,
+      canDelegateTasks: false,
+      allowedCategories: [],
+      sdkPermissionOverrides: { delegate_task: "allow" }
+    }
+  };
+  ALL_DEFINED_AGENTS = Object.freeze(Object.keys(DEFAULT_AGENT_PERMISSIONS));
+  toolRestrictionsCache = new Map;
+  sdkPermissionCache = new Map;
+});
+
 // src/shared/agent-tool-restrictions.ts
 var init_agent_tool_restrictions = __esm(() => {
-  init_case_insensitive();
-  init_agent_display_names();
+  init_agent_permissions();
 });
 
 // src/shared/model-requirements.ts
@@ -6494,6 +6605,7 @@ var init_shared = __esm(() => {
   init_agent_variant();
   init_session_cursor();
   init_system_directive();
+  init_agent_permissions();
   init_agent_tool_restrictions();
   init_model_requirements();
   init_model_resolver();
@@ -8737,7 +8849,7 @@ var import_picocolors2 = __toESM(require_picocolors(), 1);
 // package.json
 var package_default = {
   name: "@skj1724/oh-my-opencode",
-  version: "4.0.02",
+  version: "4.0.04",
   description: "The Best AI Agent Harness - Batteries-Included OpenCode Plugin with Multi-Model Orchestration, Parallel Background Agents, and Crafted LSP/AST Tools",
   main: "dist/index.js",
   types: "dist/index.d.ts",

package/dist/hooks/prometheus-md-only/constants.d.ts

@@ -1,11 +1,11 @@
 export declare const HOOK_NAME = "prometheus-md-only";
 export declare const PROMETHEUS_AGENTS: string[];
 /**
- * 战略参谋允许调用的 delegate_task category 白名单。
- * 仅允许 "quick" category（用于轻量研究），防止战略参谋
- * 绕过只读约束通过委派任务执行修改操作。
+ * 获取指定 agent 允许的 delegate_task category 白名单。
+ * 从 agent-permissions.ts 统一读取，确保与权限定义一致。
+ * 自定义 agent 默认返回空数组（default-deny）。
  */
-export declare const AGENT_CATEGORY_WHITELIST: Record<string, string[]>;
+export declare function getAllowedCategoriesForAgent(agentName: string): string[];
 export declare const ALLOWED_EXTENSIONS: string[];
 export declare const ALLOWED_PATH_PREFIX = ".sisyphus";
 export declare const BLOCKED_TOOLS: string[];

package/dist/index.js

@@ -5075,47 +5075,215 @@ var sessionCursors;
 var init_session_cursor = __esm(() => {
   sessionCursors = new Map;
 });
-// src/shared/agent-tool-restrictions.ts
-function getAgentToolRestrictions(agentName) {
-  return findCaseInsensitive(AGENT_RESTRICTIONS, resolveAgentName(agentName)) ?? {};
+// src/shared/agent-permissions.ts
+function getAgentPermission(agentName) {
+  const exact = DEFAULT_AGENT_PERMISSIONS[agentName];
+  if (exact !== undefined)
+    return { ...exact };
+  const lower = agentName.toLowerCase();
+  for (const [key, perm] of Object.entries(DEFAULT_AGENT_PERMISSIONS)) {
+    if (key.toLowerCase() === lower)
+      return { ...perm };
+  }
+  return { ...NEW_AGENT_DEFAULT };
 }
-var EXPLORATION_AGENT_DENYLIST, AGENT_RESTRICTIONS;
-var init_agent_tool_restrictions = __esm(() => {
-  init_case_insensitive();
-  init_agent_display_names();
-  EXPLORATION_AGENT_DENYLIST = {
-    write: false,
-    edit: false,
-    task: false,
-    delegate_task: false,
-    call_omo_agent: false
-  };
-  AGENT_RESTRICTIONS = {
-    "\u6DF1\u5EA6\u63A2\u7D22": EXPLORATION_AGENT_DENYLIST,
-    "\u77E5\u8BC6\u5178\u85CF": EXPLORATION_AGENT_DENYLIST,
+function deriveToolRestrictions(agentName) {
+  const cached = toolRestrictionsCache.get(agentName);
+  if (cached !== undefined)
+    return cached;
+  const perm = getAgentPermission(agentName);
+  let restrictions;
+  if (perm.toolMode === "whitelist") {
+    restrictions = { ...perm.toolOverrides };
+  } else {
+    restrictions = {};
+    if (!perm.canWriteFiles) {
+      restrictions.write = false;
+      restrictions.edit = false;
+      restrictions.ast_grep_replace = false;
+      restrictions.lsp_rename = false;
+    }
+    if (!perm.canExecuteCommands) {
+      restrictions.bash = false;
+    }
+    if (!perm.canDelegateTasks) {
+      restrictions.delegate_task = false;
+      restrictions.task = false;
+      restrictions.call_omo_agent = false;
+    }
+    if (perm.toolOverrides) {
+      for (const [key, value] of Object.entries(perm.toolOverrides)) {
+        restrictions[key] = value;
+      }
+    }
+  }
+  toolRestrictionsCache.set(agentName, restrictions);
+  return restrictions;
+}
+function canDelegateTo(parentAgent, targetAgent, category) {
+  const parent = getAgentPermission(parentAgent);
+  const target = getAgentPermission(targetAgent);
+  if (!parent.canDelegateTasks)
+    return false;
+  if (!parent.canWriteFiles) {
+    if (category !== undefined) {
+      const allowed = parent.allowedCategories.map((c) => c.toLowerCase());
+      if (!allowed.includes(category.toLowerCase()))
+        return false;
+    }
+    if (target.canWriteFiles)
+      return false;
+  }
+  return true;
+}
+function deriveSdkPermission(agentName) {
+  const cached = sdkPermissionCache.get(agentName);
+  if (cached !== undefined)
+    return cached;
+  const perm = getAgentPermission(agentName);
+  const permission = {};
+  if (!perm.canWriteFiles) {
+    permission.write = "deny";
+    permission.edit = "deny";
+  }
+  if (!perm.canExecuteCommands) {
+    permission.bash = "deny";
+  }
+  if (perm.canDelegateTasks) {
+    permission.delegate_task = "allow";
+  }
+  if (perm.sdkPermissionOverrides) {
+    for (const [key, value] of Object.entries(perm.sdkPermissionOverrides)) {
+      permission[key] = value;
+    }
+  }
+  sdkPermissionCache.set(agentName, permission);
+  return permission;
+}
+var DEFAULT_AGENT_PERMISSIONS, ALL_DEFINED_AGENTS, NEW_AGENT_DEFAULT, toolRestrictionsCache, sdkPermissionCache;
+var init_agent_permissions = __esm(() => {
+  DEFAULT_AGENT_PERMISSIONS = {
+    "\u6218\u7565\u53C2\u8C0B": {
+      canReadFiles: true,
+      canWriteFiles: false,
+      canExecuteCommands: true,
+      canDelegateTasks: true,
+      allowedCategories: ["quick"],
+      sdkPermissionOverrides: { call_omo_agent: "deny", question: "allow" }
+    },
+    "\u6DF1\u5EA6\u63A2\u7D22": {
+      canReadFiles: true,
+      canWriteFiles: false,
+      canExecuteCommands: false,
+      canDelegateTasks: false,
+      allowedCategories: []
+    },
+    "\u77E5\u8BC6\u5178\u85CF": {
+      canReadFiles: true,
+      canWriteFiles: false,
+      canExecuteCommands: false,
+      canDelegateTasks: false,
+      allowedCategories: [],
+      sdkPermissionOverrides: { "grep_app_*": "allow" }
+    },
     "\u6280\u672F\u53C2\u8C0B": {
-      write: false,
-      edit: false,
-      task: false,
-      delegate_task: false
+      canReadFiles: true,
+      canWriteFiles: false,
+      canExecuteCommands: false,
+      canDelegateTasks: false,
+      allowedCategories: []
     },
-    "\u5A92\u4F53\u89E3\u6790": {
-      read: true
+    "\u9884\u5BA1\u987E\u95EE": {
+      canReadFiles: true,
+      canWriteFiles: false,
+      canExecuteCommands: false,
+      canDelegateTasks: false,
+      allowedCategories: []
     },
-    "\u6267\u884C\u52A9\u7406": {
-      task: false,
-      delegate_task: false
+    "\u8BA1\u5212\u5BA1\u67E5": {
+      canReadFiles: true,
+      canWriteFiles: false,
+      canExecuteCommands: false,
+      canDelegateTasks: false,
+      allowedCategories: []
+    },
+    "\u5A92\u4F53\u89E3\u6790": {
+      canReadFiles: true,
+      canWriteFiles: false,
+      canExecuteCommands: false,
+      canDelegateTasks: false,
+      allowedCategories: [],
+      toolMode: "whitelist",
+      toolOverrides: { read: true },
+      sdkPermissionOverrides: { task: "deny", look_at: "deny" }
     },
     "BTW \u987E\u95EE": {
-      write: false,
-      edit: false,
-      bash: false,
-      task: false,
-      delegate_task: false,
-      call_omo_agent: false,
-      slashcommand: false
+      canReadFiles: true,
+      canWriteFiles: false,
+      canExecuteCommands: false,
+      canDelegateTasks: false,
+      allowedCategories: [],
+      toolOverrides: { slashcommand: false }
+    },
+    "\u4E3B\u6267\u884C\u5B98": {
+      canReadFiles: true,
+      canWriteFiles: true,
+      canExecuteCommands: true,
+      canDelegateTasks: true,
+      allowedCategories: [
+        "visual-engineering",
+        "ultrabrain",
+        "artistry",
+        "quick",
+        "unspecified-low",
+        "unspecified-high",
+        "writing"
+      ],
+      sdkPermissionOverrides: { call_omo_agent: "deny", question: "allow" }
+    },
+    "\u4EFB\u52A1\u7F16\u6392": {
+      canReadFiles: true,
+      canWriteFiles: true,
+      canExecuteCommands: true,
+      canDelegateTasks: true,
+      allowedCategories: [
+        "visual-engineering",
+        "ultrabrain",
+        "artistry",
+        "quick",
+        "unspecified-low",
+        "unspecified-high",
+        "writing"
+      ],
+      sdkPermissionOverrides: { task: "deny", call_omo_agent: "deny" }
+    },
+    "\u6267\u884C\u52A9\u7406": {
+      canReadFiles: true,
+      canWriteFiles: true,
+      canExecuteCommands: true,
+      canDelegateTasks: false,
+      allowedCategories: [],
+      sdkPermissionOverrides: { delegate_task: "allow" }
     }
   };
+  ALL_DEFINED_AGENTS = Object.freeze(Object.keys(DEFAULT_AGENT_PERMISSIONS));
+  NEW_AGENT_DEFAULT = {
+    canReadFiles: true,
+    canWriteFiles: false,
+    canExecuteCommands: false,
+    canDelegateTasks: false,
+    allowedCategories: []
+  };
+  toolRestrictionsCache = new Map;
+  sdkPermissionCache = new Map;
+});
+
+// src/shared/agent-tool-restrictions.ts
+function getAgentToolRestrictions(agentName) {
+  return deriveToolRestrictions(agentName);
+}
+var init_agent_tool_restrictions = __esm(() => {
+  init_agent_permissions();
 });
 
 // src/shared/model-requirements.ts
@@ -6292,6 +6460,7 @@ var init_shared = __esm(() => {
   init_agent_variant();
   init_session_cursor();
   init_system_directive();
+  init_agent_permissions();
   init_agent_tool_restrictions();
   init_model_requirements();
   init_model_resolver();
@@ -27218,11 +27387,12 @@ import { resolve as resolve7, relative as relative5, isAbsolute as isAbsolute3 }
 // src/hooks/prometheus-md-only/constants.ts
 init_system_directive();
 init_agent_display_names();
+init_agent_permissions();
 var HOOK_NAME4 = "prometheus-md-only";
 var PROMETHEUS_AGENTS = ["\u6218\u7565\u53C2\u8C0B"];
-var AGENT_CATEGORY_WHITELIST = {
-  "\u6218\u7565\u53C2\u8C0B": ["quick"]
-};
+function getAllowedCategoriesForAgent(agentName) {
+  return getAgentPermission(agentName).allowedCategories;
+}
 var ALLOWED_EXTENSIONS = [".md"];
 var BLOCKED_TOOLS = ["Write", "Edit", "write", "edit", "ast_grep_replace", "lsp_rename"];
 var BASH_WRITE_COMMANDS = [
@@ -27419,7 +27589,7 @@ function createPrometheusMdOnlyHook(ctx) {
           const category = output.args.category;
           const subagent_type = output.args.subagent_type;
           const matchedAgent = PROMETHEUS_AGENTS.find((a) => agentNameMatches(agentName, a));
-          const whitelist = matchedAgent ? AGENT_CATEGORY_WHITELIST[matchedAgent] ?? [] : [];
+          const whitelist = matchedAgent ? getAllowedCategoriesForAgent(matchedAgent) : [];
           if (!subagent_type && (!category || !whitelist.includes(category))) {
             log(`[${HOOK_NAME4}] Blocked: Prometheus attempted delegate_task with non-allowed category`, {
               sessionID: input.sessionID,
@@ -28718,6 +28888,7 @@ function isActiveContinuationTrigger(sessionID, directory) {
   return false;
 }
 var CONTINUATION_COOLDOWN_MS = 5000;
+var CONTINUATION_CYCLE_THRESHOLD = 5;
 function isAbortError(error) {
   if (!error)
     return false;
@@ -28908,6 +29079,28 @@ function createAtlasHook(ctx, options) {
           log(`[${HOOK_NAME6}] Skipped: continuation cooldown active`, { sessionID, cooldownRemaining: CONTINUATION_COOLDOWN_MS - (now - state2.lastContinuationInjectedAt) });
           return;
         }
+        const progressKey = `${progress.completed}/${progress.total}`;
+        if (state2.lastContinuationProgress === progressKey) {
+          state2.continuationCycleCount = (state2.continuationCycleCount ?? 0) + 1;
+        } else {
+          state2.continuationCycleCount = 0;
+        }
+        state2.lastContinuationProgress = progressKey;
+        if ((state2.continuationCycleCount ?? 0) >= CONTINUATION_CYCLE_THRESHOLD) {
+          if (!state2.isBlocked) {
+            state2.isBlocked = true;
+            await ctx.client.tui.showToast({
+              body: {
+                title: "\u26A0\uFE0F \u5DE5\u4F5C\u53EF\u80FD\u88AB\u963B\u585E",
+                message: `\u8BA1\u5212 "${boulderState.plan_name}" \u5728 ${progressKey} \u5904\u8FDE\u7EED ${state2.continuationCycleCount} \u6B21\u65E0\u8FDB\u5C55\u3002\u8BF7\u68C0\u67E5\u662F\u5426\u9700\u8981\u4F60\u7684\u8F93\u5165\u3002`,
+                variant: "warning",
+                duration: 5000
+              }
+            }).catch(() => {});
+          }
+          log(`[${HOOK_NAME6}] Skipped: blocked detection`, { sessionID, count: state2.continuationCycleCount, progress: progressKey });
+          return;
+        }
         state2.lastContinuationInjectedAt = now;
         const remaining = progress.total - progress.completed;
         injectContinuation(sessionID, boulderState.plan_name, remaining, progress.total);
@@ -28922,6 +29115,15 @@ function createAtlasHook(ctx, options) {
         if (state2) {
           state2.lastEventWasAbortError = false;
         }
+        if (info?.role === "user" && state2) {
+          state2.lastEventWasAbortError = false;
+          if (state2.isBlocked) {
+            state2.isBlocked = false;
+            state2.continuationCycleCount = 0;
+            state2.lastContinuationProgress = undefined;
+            log(`[${HOOK_NAME6}] Blocked state reset by user message`, { sessionID });
+          }
+        }
         return;
       }
       if (event.type === "message.part.updated") {
@@ -29043,6 +29245,15 @@ function createAtlasHook(ctx, options) {
       if (isBackgroundLaunch) {
         return;
       }
+      if (input.sessionID) {
+        const toolState = sessions.get(input.sessionID);
+        if (toolState?.isBlocked) {
+          toolState.isBlocked = false;
+          toolState.continuationCycleCount = 0;
+          toolState.lastContinuationProgress = undefined;
+          log(`[${HOOK_NAME6}] Blocked state reset by delegate_task completion`, { sessionID: input.sessionID });
+        }
+      }
       if (output.output && typeof output.output === "string") {
         const gitStats = getGitDiffStats(ctx.directory);
         const fileChanges = formatFileChanges(gitStats);
@@ -30562,138 +30773,8 @@ function createToolDefinitionOptimizerHook(_ctx) {
     }
   };
 }
-// src/shared/agent-permissions.ts
-var DEFAULT_AGENT_PERMISSIONS = {
-  "\u6218\u7565\u53C2\u8C0B": {
-    canReadFiles: true,
-    canWriteFiles: false,
-    canExecuteCommands: true,
-    canDelegateTasks: true,
-    allowedCategories: ["quick"]
-  },
-  "\u6DF1\u5EA6\u63A2\u7D22": {
-    canReadFiles: true,
-    canWriteFiles: false,
-    canExecuteCommands: false,
-    canDelegateTasks: false,
-    allowedCategories: []
-  },
-  "\u77E5\u8BC6\u5178\u85CF": {
-    canReadFiles: true,
-    canWriteFiles: false,
-    canExecuteCommands: false,
-    canDelegateTasks: false,
-    allowedCategories: []
-  },
-  "\u6280\u672F\u53C2\u8C0B": {
-    canReadFiles: true,
-    canWriteFiles: false,
-    canExecuteCommands: false,
-    canDelegateTasks: false,
-    allowedCategories: []
-  },
-  "\u9884\u5BA1\u987E\u95EE": {
-    canReadFiles: true,
-    canWriteFiles: false,
-    canExecuteCommands: false,
-    canDelegateTasks: false,
-    allowedCategories: []
-  },
-  "\u8BA1\u5212\u5BA1\u67E5": {
-    canReadFiles: true,
-    canWriteFiles: false,
-    canExecuteCommands: false,
-    canDelegateTasks: false,
-    allowedCategories: []
-  },
-  "\u5A92\u4F53\u89E3\u6790": {
-    canReadFiles: true,
-    canWriteFiles: false,
-    canExecuteCommands: false,
-    canDelegateTasks: false,
-    allowedCategories: []
-  },
-  "BTW \u987E\u95EE": {
-    canReadFiles: true,
-    canWriteFiles: false,
-    canExecuteCommands: false,
-    canDelegateTasks: false,
-    allowedCategories: []
-  },
-  "\u4E3B\u6267\u884C\u5B98": {
-    canReadFiles: true,
-    canWriteFiles: true,
-    canExecuteCommands: true,
-    canDelegateTasks: true,
-    allowedCategories: [
-      "visual-engineering",
-      "ultrabrain",
-      "artistry",
-      "quick",
-      "unspecified-low",
-      "unspecified-high",
-      "writing"
-    ]
-  },
-  "\u4EFB\u52A1\u7F16\u6392": {
-    canReadFiles: true,
-    canWriteFiles: true,
-    canExecuteCommands: true,
-    canDelegateTasks: true,
-    allowedCategories: [
-      "visual-engineering",
-      "ultrabrain",
-      "artistry",
-      "quick",
-      "unspecified-low",
-      "unspecified-high",
-      "writing"
-    ]
-  },
-  "\u6267\u884C\u52A9\u7406": {
-    canReadFiles: true,
-    canWriteFiles: true,
-    canExecuteCommands: true,
-    canDelegateTasks: false,
-    allowedCategories: []
-  }
-};
-var NEW_AGENT_DEFAULT = {
-  canReadFiles: true,
-  canWriteFiles: false,
-  canExecuteCommands: false,
-  canDelegateTasks: false,
-  allowedCategories: []
-};
-function getAgentPermission(agentName) {
-  const exact = DEFAULT_AGENT_PERMISSIONS[agentName];
-  if (exact !== undefined)
-    return { ...exact };
-  const lower = agentName.toLowerCase();
-  for (const [key, perm] of Object.entries(DEFAULT_AGENT_PERMISSIONS)) {
-    if (key.toLowerCase() === lower)
-      return { ...perm };
-  }
-  return { ...NEW_AGENT_DEFAULT };
-}
-function canDelegateTo(parentAgent, targetAgent, category) {
-  const parent = getAgentPermission(parentAgent);
-  const target = getAgentPermission(targetAgent);
-  if (!parent.canDelegateTasks)
-    return false;
-  if (!parent.canWriteFiles) {
-    if (category !== undefined) {
-      const allowed = parent.allowedCategories.map((c) => c.toLowerCase());
-      if (!allowed.includes(category.toLowerCase()))
-        return false;
-    }
-    if (target.canWriteFiles)
-      return false;
-  }
-  return true;
-}
-
 // src/shared/permission-bridge.ts
+init_agent_permissions();
 var SISYPHUS_PATTERN = /\.sisyphus[/\\]/i;
 var MD_EXTENSION = /\.md$/i;
 function isPrometheusAllowedPath(filePath) {
@@ -30722,6 +30803,11 @@ function evaluatePermission(input, agentName) {
       }
       return { status: "allow", reason: `${agentName} \u6709\u547D\u4EE4\u6267\u884C\u6743\u9650` };
     }
+    case "read":
+      if (!perm.canReadFiles) {
+        return { status: "ask", reason: `${agentName} \u65E0\u6587\u4EF6\u8BFB\u53D6\u6743\u9650` };
+      }
+      return { status: "allow", reason: `${agentName} \u6709\u6587\u4EF6\u8BFB\u53D6\u6743\u9650` };
     case "webfetch":
     case "doom_loop":
     case "external_directory":
@@ -31041,6 +31127,7 @@ var MAX_TITLE_LENGTH = 30;
 var namingInProgress = new Map;
 var lastNamedTime = new Map;
 var activeSubSessions = new Map;
+var sessionMessageCache = new Map;
 function extractTextFromResponse(response) {
   try {
     const data = response?.data;
@@ -31054,7 +31141,7 @@ function extractTextFromResponse(response) {
   }
 }
 function extractConversationText(messages) {
-  const recent = messages.slice(-4);
+  const recent = messages.slice(-2);
   return recent.map((m) => {
     const role = m?.info ? m.info?.role : m?.role;
     const parts = m?.parts ?? [];
@@ -31111,7 +31198,12 @@ function createSessionNamingHook(_ctx) {
       const sessionData = sessionInfo.data;
       const currentModel = sessionData.model;
       const currentAgent = sessionData.agent;
-      const messagesResp = await ctx.client.session.messages({ path: { id: sessionID }, query: { limit: 4 } }).catch(() => null);
+      const existingTitle = sessionData.title;
+      if (existingTitle && !/^\u3010[^\u3011]+\u3011/.test(existingTitle)) {
+        log("[session-naming] Manual title detected, skipping idle update", { sessionID, existingTitle });
+        return;
+      }
+      const messagesResp = await ctx.client.session.messages({ path: { id: sessionID }, query: { limit: 2 } }).catch(() => null);
       if (!messagesResp) {
         log("[session-naming] Failed to get messages", { sessionID });
         return;
@@ -31121,6 +31213,9 @@ function createSessionNamingHook(_ctx) {
         log("[session-naming] No messages to name from", { sessionID });
         return;
       }
+      const existingCache = sessionMessageCache.get(sessionID) ?? [];
+      const merged = [...existingCache, ...messages];
+      sessionMessageCache.set(sessionID, merged.slice(-20));
       const conversationText = extractConversationText(messages);
       if (!conversationText) {
         log("[session-naming] Empty conversation text", { sessionID });
@@ -31135,20 +31230,25 @@ function createSessionNamingHook(_ctx) {
       activeSubSessions.set(sessionID, subSessionID);
       subagentSessions.add(subSessionID);
       const resolvedAgent = currentAgent ? resolveAgentName(currentAgent) : undefined;
+      const existingTitleLine = existingTitle ? `
+- \u73B0\u6709\u6807\u9898\uFF1A${existingTitle}` : "";
       const promptResult = await withTimeout3(ctx.client.session.prompt({
         path: { id: subSessionID },
         body: {
           parts: [
             {
               type: "text",
-              text: `\u6839\u636E\u4EE5\u4E0B\u5BF9\u8BDD\u5185\u5BB9\u751F\u6210\u4E00\u4E2A\u4E2D\u6587\u4F1A\u8BDD\u6807\u9898\uFF08\u4E0D\u8D85\u8FC7 30 \u5B57\uFF09\u3002
+              text: `\u4F60\u6B63\u5728\u4E3A\u4E00\u4E2A AI \u7F16\u7A0B\u4F1A\u8BDD\u66F4\u65B0\u6807\u9898\u3002${existingTitleLine}
+
+- \u6700\u65B0\u5BF9\u8BDD\uFF1A${conversationText}
+
+\u8BF7\u5224\u65AD\uFF1A
+1. \u5982\u679C\u6700\u65B0\u5BF9\u8BDD\u4E0E\u539F\u6807\u9898\u63CF\u8FF0\u7684\u4E3B\u9898\u4E00\u81F4 \u2192 \u56DE\u590D\u300C\u65E0\u9700\u66F4\u65B0\u300D
+2. \u5982\u679C\u6700\u65B0\u5BF9\u8BDD\u8F6C\u5411\u4E86\u65B0\u4E3B\u9898\u6216\u539F\u6807\u9898\u4E0D\u591F\u51C6\u786E \u2192 \u751F\u6210\u66F4\u51C6\u786E\u7684\u6807\u9898
+
 \u6807\u9898\u683C\u5F0F\u4E3A\uFF1A\u3010\u7C7B\u578B\u524D\u7F00\u3011\u7B80\u77ED\u63CF\u8FF0
 \u4F8B\u5982\uFF1A\u3010\u529F\u80FD\u3011\u6DFB\u52A0\u767B\u5F55\u9875\u9762 \u6216 \u3010\u4FEE\u590D\u3011\u4FEE\u590D\u7A7A\u6307\u9488\u5F02\u5E38
-\u3010\u3011\u5185\u8BF7\u7528 2 \u4E2A\u4E2D\u6587\u5B57\u6982\u62EC\u7C7B\u578B\u3002
-\u53EA\u8F93\u51FA\u6807\u9898\u672C\u8EAB\uFF0C\u4E0D\u8981\u989D\u5916\u8BF4\u660E\u3002
-
-\u5BF9\u8BDD\uFF1A
-${conversationText}`
+\u53EA\u8F93\u51FA\u6807\u9898\u6216\u300C\u65E0\u9700\u66F4\u65B0\u300D\uFF0C\u4E0D\u8981\u989D\u5916\u8BF4\u660E\u3002`
             }
           ],
           ...currentModel ? { model: { providerID: currentModel.providerID, modelID: currentModel.modelID } } : {},
@@ -31162,6 +31262,10 @@ ${conversationText}`
       }
       await ctx.client.session.abort({ path: { id: subSessionID } }).catch(() => {});
       activeSubSessions.delete(sessionID);
+      if (title && (title.includes("\u65E0\u9700\u66F4\u65B0") || title.includes("\u4E0D\u9700\u8981\u66F4\u65B0"))) {
+        log("[session-naming] AI judged no update needed", { sessionID, existingTitle });
+        return;
+      }
       if (!title) {
         log("[session-naming] No title from AI, falling back to first message", { sessionID });
         const firstMsg = messages[0];
@@ -31180,6 +31284,10 @@ ${conversationText}`
         }
       }
       title = normalizeTitle(title);
+      if (existingTitle && title === existingTitle) {
+        log("[session-naming] Title unchanged, skipping update", { sessionID, title });
+        return;
+      }
       await ctx.client.session.update({ path: { id: sessionID }, body: { title } }).catch(() => {
         log("[session-naming] Failed to update session title", { sessionID, title });
       });
@@ -31191,16 +31299,66 @@ ${conversationText}`
       namingInProgress.delete(sessionID);
     }
   }
-  function handleSessionDeleted(props) {
+  async function handleSessionDeleted(props) {
     const sessionInfo = props?.info;
     if (!sessionInfo?.id)
       return;
-    namingInProgress.delete(sessionInfo.id);
-    lastNamedTime.delete(sessionInfo.id);
-    const subSessionID = activeSubSessions.get(sessionInfo.id);
+    const sessionID = sessionInfo.id;
+    const existingTitle = sessionInfo.title ?? "";
+    try {
+      const cachedMessages = sessionMessageCache.get(sessionID) ?? [];
+      if (cachedMessages.length > 0) {
+        const conversationText = extractConversationText(cachedMessages);
+        if (conversationText) {
+          const subSession = await ctx.client.session.create({ body: { parentID: sessionID } }).catch(() => null);
+          if (subSession?.data?.id) {
+            const subSessionID2 = subSession.data.id;
+            subagentSessions.add(subSessionID2);
+            const fallbackModel = { providerID: "anthropic", modelID: "claude-haiku-4-5" };
+            const titleLine = existingTitle ? `
+\u539F\u6807\u9898\uFF1A${existingTitle}` : "";
+            const promptResult = await withTimeout3(ctx.client.session.prompt({
+              path: { id: subSessionID2 },
+              body: {
+                parts: [
+                  {
+                    type: "text",
+                    text: `\u8BF7\u4E3A\u4EE5\u4E0B AI \u7F16\u7A0B\u4F1A\u8BDD\u751F\u6210\u4E00\u4E2A\u6982\u62EC\u6027\u7684\u4E2D\u6587\u6807\u9898\uFF08\u4E0D\u8D85\u8FC7 30 \u5B57\uFF09\u3002
+\u6807\u9898\u5E94\u8986\u76D6\u6574\u4E2A\u4F1A\u8BDD\u7684\u6838\u5FC3\u4E3B\u65E8\uFF0C\u800C\u4E0D\u4EC5\u4EC5\u662F\u6700\u8FD1\u7684\u5185\u5BB9\u3002${titleLine}
+
+\u4F1A\u8BDD\u5185\u5BB9\uFF1A
+${conversationText}
+
+\u6807\u9898\u683C\u5F0F\u4E3A\uFF1A\u3010\u7C7B\u578B\u524D\u7F00\u3011\u7B80\u77ED\u63CF\u8FF0
+\u4F8B\u5982\uFF1A\u3010\u529F\u80FD\u3011\u6DFB\u52A0\u767B\u5F55\u9875\u9762 \u6216 \u3010\u91CD\u6784\u3011\u91CD\u6784\u8BA4\u8BC1\u6A21\u5757
+\u53EA\u8F93\u51FA\u6807\u9898\u672C\u8EAB\uFF0C\u4E0D\u8981\u989D\u5916\u8BF4\u660E\u3002`
+                  }
+                ],
+                model: fallbackModel,
+                tools: { bash: false, task: false, delegate_task: false, question: false }
+              }
+            }), TIMEOUT_MS).catch(() => null);
+            const title = promptResult ? extractTextFromResponse(promptResult) : null;
+            if (title) {
+              const finalTitle = normalizeTitle(title);
+              await ctx.client.session.update({ path: { id: sessionID }, body: { title: finalTitle } }).catch(() => {
+                log("[session-naming] Failed to update session title on delete", { sessionID, title: finalTitle });
+              });
+              log("[session-naming] Final naming on delete", { sessionID, title: finalTitle });
+            }
+          }
+        }
+      }
+    } catch (err) {
+      log("[session-naming] Error in final naming on delete", { sessionID, error: String(err) });
+    }
+    namingInProgress.delete(sessionID);
+    lastNamedTime.delete(sessionID);
+    sessionMessageCache.delete(sessionID);
+    const subSessionID = activeSubSessions.get(sessionID);
     if (subSessionID) {
       ctx.client.session.abort({ path: { id: subSessionID } }).catch(() => {});
-      activeSubSessions.delete(sessionInfo.id);
+      activeSubSessions.delete(sessionID);
     }
   }
   const eventHandler = async ({ event }) => {
@@ -31212,7 +31370,7 @@ ${conversationText}`
         await handleSessionIdle(props);
         break;
       case "session.deleted":
-        handleSessionDeleted(props);
+        await handleSessionDeleted(props);
         break;
     }
   };
@@ -31227,6 +31385,7 @@ ${conversationText}`
       activeSubSessions.clear();
       namingInProgress.clear();
       lastNamedTime.clear();
+      sessionMessageCache.clear();
     }
   };
 }
@@ -49585,6 +49744,7 @@ var CALL_OMO_AGENT_DESCRIPTION = `\u542F\u52A8\u6DF1\u5EA6\u63A2\u7D22/\u77E5\u8
 import { existsSync as existsSync50, readdirSync as readdirSync17 } from "fs";
 import { join as join60 } from "path";
 init_shared();
+init_agent_permissions();
 init_agent_display_names();
 init_session_cursor();
 init_claude_code_session_state();
@@ -50204,6 +50364,7 @@ init_shared();
 init_agent_display_names();
 init_runtime_fallback();
 init_model_health_registry();
+init_agent_permissions();
 init_agent_identity_resolver();
 var SISYPHUS_JUNIOR_AGENT = "\u6267\u884C\u52A9\u7406";
 var MAX_LOOP_ATTEMPTS = 10;
@@ -50785,6 +50946,7 @@ ${supervisedResult}`;
         const sessionID = createResult.data.id;
         syncSessionID = sessionID;
         subagentSessions.add(sessionID);
+        updateSessionAgent(sessionID, agentToUse, "delegate-task");
         taskId = `sync_${sessionID.slice(0, 8)}`;
         const startTime = new Date;
         if (toastManager) {
@@ -51501,6 +51663,7 @@ class BackgroundManager {
     }
     const sessionID = createResult.data.id;
     subagentSessions.add(sessionID);
+    updateSessionAgent(sessionID, input.agent, "background-agent");
     task.status = "running";
     task.startedAt = new Date;
     task.sessionID = sessionID;
@@ -73740,29 +73903,14 @@ function createConfigHandler(deps) {
       LspCodeActions: false,
       LspCodeActionResolve: false
     };
-    if (agentResult["\u77E5\u8BC6\u5178\u85CF"]) {
-      const agent = agentResult["\u77E5\u8BC6\u5178\u85CF"];
-      agent.permission = { ...agent.permission, "grep_app_*": "allow" };
-    }
-    if (agentResult["\u5A92\u4F53\u89E3\u6790"]) {
-      const agent = agentResult["\u5A92\u4F53\u89E3\u6790"];
-      agent.permission = { ...agent.permission, task: "deny", look_at: "deny" };
-    }
-    if (agentResult["\u4EFB\u52A1\u7F16\u6392"]) {
-      const agent = agentResult["\u4EFB\u52A1\u7F16\u6392"];
-      agent.permission = { ...agent.permission, task: "deny", call_omo_agent: "deny", delegate_task: "allow" };
-    }
-    if (agentResult["\u4E3B\u6267\u884C\u5B98"]) {
-      const agent = agentResult["\u4E3B\u6267\u884C\u5B98"];
-      agent.permission = { ...agent.permission, call_omo_agent: "deny", delegate_task: "allow", question: "allow" };
-    }
-    if (agentResult["\u6218\u7565\u53C2\u8C0B"]) {
-      const agent = agentResult["\u6218\u7565\u53C2\u8C0B"];
-      agent.permission = { ...agent.permission, call_omo_agent: "deny", delegate_task: "allow", question: "allow" };
-    }
-    if (agentResult["\u6267\u884C\u52A9\u7406"]) {
-      const agent = agentResult["\u6267\u884C\u52A9\u7406"];
-      agent.permission = { ...agent.permission, delegate_task: "allow" };
+    for (const [agentName, agent] of Object.entries(agentResult)) {
+      if (!agent)
+        continue;
+      const typedAgent = agent;
+      const sdkPermission = deriveSdkPermission(agentName);
+      if (Object.keys(sdkPermission).length > 0) {
+        typedAgent.permission = { ...typedAgent.permission, ...sdkPermission };
+      }
     }
     config4.permission = {
       ...config4.permission,

package/dist/shared/agent-permissions.d.ts

@@ -8,14 +8,22 @@
  * - canDelegateTasks: 是否可以委派任务
  * - allowedCategories: 允许委派的分类列表
  */
+export type ToolMode = "blacklist" | "whitelist";
 export interface AgentPermission {
     canReadFiles: boolean;
     canWriteFiles: boolean;
     canExecuteCommands: boolean;
     canDelegateTasks: boolean;
     allowedCategories: string[];
+    /** 工具限制模式：blacklist（从 5 维推导黑名单，其余默认允许）或 whitelist（全禁，只开放列出的工具） */
+    toolMode?: ToolMode;
+    /** 工具级覆盖，不受 5 维推导影响。在 blacklist 模式下追加到黑名单，在 whitelist 模式下追加到白名单 */
+    toolOverrides?: Record<string, boolean>;
+    /** SDK permission 覆盖，值格式为 "allow" | "deny" */
+    sdkPermissionOverrides?: Record<string, "allow" | "deny">;
 }
 export declare const DEFAULT_AGENT_PERMISSIONS: Record<string, AgentPermission>;
+export declare const ALL_DEFINED_AGENTS: readonly string[];
 /**
  * 获取指定 agent 的权限配置。
  * 优先级：用户覆盖 > 默认配置 > 新 agent 默认值。
@@ -26,6 +34,11 @@ export declare function canWriteFiles(agentName: string): boolean;
 export declare function canExecuteCommands(agentName: string): boolean;
 export declare function canDelegateTasks(agentName: string): boolean;
 export declare function getAllowedCategories(agentName: string): string[];
+/**
+ * 根据 agent 的 5 维权限推导工具限制。
+ * 结果会被 memoize 以避免重复计算。
+ */
+export declare function deriveToolRestrictions(agentName: string): Record<string, boolean>;
 /**
  * 检查父 agent 是否可以委派给目标 agent。
  *
@@ -35,3 +48,8 @@ export declare function getAllowedCategories(agentName: string): string[];
  * 3. 如果父 agent 是只读（canWriteFiles: false），目标 agent 也必须是只读（canWriteFiles: false）
  */
 export declare function canDelegateTo(parentAgent: string, targetAgent: string, category?: string): boolean;
+/**
+ * 根据 agent 的 5 维权限推导 SDK permission 配置。
+ * 结果会被 memoize 以避免重复计算。
+ */
+export declare function deriveSdkPermission(agentName: string): Record<string, "allow" | "deny">;

package/dist/shared/agent-tool-restrictions.d.ts

@@ -1,7 +1,5 @@
 /**
  * Agent tool restrictions for session.prompt calls.
- * OpenCode SDK's session.prompt `tools` parameter expects boolean values.
- * true = tool allowed, false = tool denied.
+ * Delegates to deriveToolRestrictions() from the unified permissions system.
  */
 export declare function getAgentToolRestrictions(agentName: string): Record<string, boolean>;
-export declare function hasAgentToolRestrictions(agentName: string): boolean;

package/dist/shared/index.d.ts

@@ -24,6 +24,7 @@ export * from "./agent-variant";
 export * from "./session-cursor";
 export * from "./shell-env";
 export * from "./system-directive";
+export * from "./agent-permissions";
 export * from "./agent-tool-restrictions";
 export * from "./model-requirements";
 export * from "./model-resolver";

package/dist/shared/migration.d.ts

@@ -1,4 +1,13 @@
 export declare const AGENT_NAME_MAP: Record<string, string>;
+/**
+ * 内置 agent 名称集合（用于配置迁移判定）。
+ * 与 ALL_DEFINED_AGENTS（src/shared/agent-permissions.ts）的关系：
+ * - 重叠：主执行官、技术参谋、知识典藏、深度探索、媒体解析、预审顾问、计划审查、战略参谋、任务编排
+ * - ALL_DEFINED_AGENTS 多出："BTW 顾问"、"执行助理"（不在 BUILTIN_AGENT_NAMES 中）
+ * - BUILTIN_AGENT_NAMES 多出："build"（不是 agent，是 OpenCode-Builder 的配置键）
+ *
+ * 添加新 agent 时，需要同时更新 DEFAULT_AGENT_PERMISSIONS 和此集合。
+ */
 export declare const BUILTIN_AGENT_NAMES: Set<string>;
 export declare const HOOK_NAME_MAP: Record<string, string | null>;
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@skj1724/oh-my-opencode",
-  "version": "4.0.02",
+  "version": "4.0.04",
   "description": "The Best AI Agent Harness - Batteries-Included OpenCode Plugin with Multi-Model Orchestration, Parallel Background Agents, and Crafted LSP/AST Tools",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",