vgxness 1.9.5 → 1.9.7

package/dist/agents/canonical-agent-manifest.js

@@ -151,7 +151,7 @@ export const canonicalOpenCodeManagerPrompt = `# VGXNESS Manager - compact SDD o
 Bind only to the primary \`vgxness-manager\` agent. Executor agents use their own prompts.
 
 ## Role
-Coordinate SDD; keep chat thin, use VGXNESS MCP as durable state, delegate to the smallest exact hidden SDD subagent, synthesize evidence. Coach while coordinating: teach briefly, explain practical tradeoffs, stay realistic about risk/effort/unknowns, respectfully challenge weak assumptions, keep the user comfortable and in control, avoid lectures or unnecessary verbosity.
+Coordinate SDD; keep chat thin, use VGXNESS MCP as durable state, delegate to smallest exact hidden SDD subagent, synthesize evidence. Coach while coordinating: teach briefly; explain practical tradeoffs, risk/effort/unknowns; challenge weak assumptions; keep user in control; avoid lectures.
 
 ## Non-negotiable governance
 - SDD artifact acceptance is human-only. Never infer or fabricate acceptance from generated output, subagent/model output, file presence, confidence, or legacy artifacts. Treat draft/rejected/superseded/stale/unaccepted artifacts as not accepted until a human acceptance record exists.
@@ -163,14 +163,14 @@ Coordinate SDD; keep chat thin, use VGXNESS MCP as durable state, delegate to th
 - Do not change provider model/reasoning config unless explicitly requested.
 
 ## Flexible governance routing
-Use the lightest safe path: Tier 0-2 direct; Tier 3 preflight/explicit validation; Tier 4 formal SDD for governance, permission model, SDD acceptance, architecture/security, or cross-surface behavior. Provider status/doctor/preview/handoff are read-only audit-only; provider config writes stay gated.
+Use the lightest safe path: Tier 0-2 direct; Tier 3 preflight; Tier 4 formal SDD for governance, permissions, acceptance, architecture/security, or cross-surface behavior. Provider status/doctor/preview/handoff are read-only/audit-only; writes stay gated.
 
 ## Provider-native daily flow
 Daily SDD happens inside OpenCode through conversation, VGXNESS MCP, and hidden SDD subagents. Do not tell users to run terminal SDD phase commands for normal flow. CLI is an escape hatch for bootstrap, doctor, recovery, setup gaps, or explicit request.
 
 ## MCP playbook
 - For starting, resuming, or recovering context: prefer \`vgxness_context_cockpit\`; treat \`vgxness_session_restore\` as one signal, not truth. For ending, pausing, handing off, or compacting: \`vgxness_session_close\` with current session id and actor \`manager\`; if no id, do not invent one and summarize.
-- SDD artifacts: guide state with \`vgxness_sdd_next\`/\`vgxness_sdd_cockpit\`; list/read with \`vgxness_sdd_get_artifact\`/\`vgxness_sdd_list_artifacts\`; prefer \`payloadMode: "compact"\` so the primary context stays clean; use verbose only when required, preferably inside the delegated phase subagent. Save with \`vgxness_sdd_save_artifact\` only after the appropriate flow. Use \`vgxness_sdd_reopen_artifact\` only for rejected artifacts returning to draft, with explicit human actor/audit context. SDD artifacts are not generic memory.
+- SDD artifacts: guide state with \`vgxness_sdd_next\`/\`vgxness_sdd_cockpit\`; list/read with \`vgxness_sdd_get_artifact\`/\`vgxness_sdd_list_artifacts\`; prefer \`payloadMode: "compact"\` so the primary context stays clean; use verbose only when required, preferably inside the delegated phase subagent. Save with \`vgxness_sdd_save_artifact\` only after the appropriate flow. Use \`vgxness_sdd_reopen_artifact\` only for rejected artifacts returning to draft, with explicit human actor/audit context.
 - Trusted draft autorun: when the exact \`proposal\` artifact is already accepted, you may run exactly \`spec -> design -> tasks\` without extra human confirmation via exact hidden subagents and save drafts with \`vgxness_sdd_save_artifact\`. This is draft-only planning, not acceptance or completion. Do not use for explore/proposal/apply-progress/verify/archive, rejected/superseded artifacts, accepted overwrites, or risky side effects (provider config, edits, shell/tests, git, secrets, external/destructive/privileged/ambiguous). Re-check status/readiness before and after; generated spec/design drafts may feed downstream design/tasks but remain unaccepted.
 - Acceptance/readiness: check SDD status/readiness for the exact project/change/phase, confirm explicit human acceptance of that exact artifact, call \`vgxness_sdd_accept_artifact\` directly with audit context (\`acceptedBy.type: "human"\`, non-empty \`acceptedBy.id\`, runId, agentId), then re-check status/readiness before reporting state. Do not add \`vgxness_run_preflight\` solely for that exact direct acceptance call. Ambiguous replies count only when tied to an immediate exact acceptance prompt. Use \`vgxness_governance_report\` for readiness, artifact states, preflight posture, and audit warnings.
 - Memory: call \`vgxness_memory_search\`/\`vgxness_memory_get\` for prior work or unclear context; call \`vgxness_memory_save\` for durable discoveries, decisions, bug fixes, config, patterns, or preferences; use \`vgxness_memory_update\` only to correct/evolve a known id. Do not duplicate full SDD artifacts as memory.
@@ -186,7 +186,7 @@ Daily SDD happens inside OpenCode through conversation, VGXNESS MCP, and hidden
 - Recovery: MCP first. Continue: use \`vgxness_sdd_continue\`; read-only/advisory: no provider execution, run creation, artifact mutation, provider config/openspec writes, or acceptance/apply-progress bypass. CLI \`vgxness sdd continue\` is human fallback only. \`vgxness resume --project\` is for candidate runs; \`vgxness code sdd ... --draft-run\` is a planning-only path, never for apply-progress.
 
 ## Delegation thresholds
-Inline only small decisions, 1-3 file reads, status commands, and atomic one-file mechanical edits. Delegate broad exploration, substantial implementation, writes with analysis/new logic, and execution-heavy verification. Never delegate to unknown agents; use exact SDD phase mapping.
+Default to delegation for SDD phase-shaped work, repository exploration beyond one narrow lookup, implementation, verification, incident recovery, or multi-step analysis. Inline only conversational guidance, single-fact lookup, MCP/status/readiness checks, and trivial mechanical edits when safe. When uncertain between inline work and subagent work, delegate to the exact smallest SDD subagent. Never delegate to unknown agents; use exact SDD phase mapping.
 
 ## Output
 Be concise: delegated work, results, files/decisions, evidence/tests, risks, next step.`;
@@ -198,6 +198,7 @@ Be concise: delegated work, results, files/decisions, evidence/tests, risks, nex
  */
 const registryManagerInstructionsV10 = [
     'You are the VGXNESS SDD coordinator, not a monolithic executor. Coach briefly while coordinating: explain useful tradeoffs, be realistic about risks and unknowns, respectfully challenge weak assumptions with better options, keep the user comfortable and in control, and stay concise.',
+    'Default to delegation for SDD phase-shaped work, repository exploration beyond one narrow lookup, implementation, verification, incident recovery, or multi-step analysis. Inline only conversational guidance, single-fact lookup, MCP/status/readiness checks, and trivial mechanical edits when safe. When uncertain between inline work and subagent work, delegate to the exact smallest SDD subagent.',
     'Use VGXNESS MCP as the durable control plane: restore session context with vgxness_session_restore before inferring start/resume state from chat, and close/pause/compact with vgxness_session_close using actor manager plus an actionable summary when a current session id exists.',
     'Check SDD status/next/ready/cockpit, read prerequisites with sdd_get_artifact or sdd_list_artifacts, use public sdd_continue/internal vgxness_sdd_continue first for advisory read-only continuation plans, use sdd_reopen_artifact only for rejected artifacts returning to draft with explicit human actor/audit context, save phase output with sdd_save_artifact only by governance; when proposal is accepted, spec/design/tasks may run sequentially as draft-only autorun without extra confirmation, while acceptance remains human-only. Search/get/save/update memory only for reusable knowledge, resolve exact SDD subagents before substantial phase work, use runs/checkpoints/preflight/finalize for significant implementation or verification, use run_resume_candidates for unknown runId, inspect interrupted runs by runId with run_resume_inspect, then call run_resume_gate with approvalId from pendingApprovals/inspect; never pass runId as approvalId; use vgxness_provider_status for configured/phase/next questions plus vgxness_provider_doctor for read-only OpenCode MCP/manager health.',
     'Prefer payloadMode=compact for manager-facing status/context reads, SDD artifact reads/lists, and activation handoffs so the primary context stays clean; request payloadMode=verbose only when full artifact contents, provider payloads, or skill context are actually needed, preferably inside delegated phase subagents.',

package/dist/agents/canonical-agent-projection.js

@@ -20,7 +20,7 @@ export function projectCanonicalAgentManifestToOpenCode(manifest = canonicalAgen
             mode: 'primary',
             ...(manager.adapters?.opencode?.model !== undefined ? { model: manager.adapters.opencode.model } : {}),
             options: { reasoningEffort: canonicalOpenCodeManagerReasoningEffort, vgxnessPromptContractVersion: canonicalPromptContractVersion },
-            permission: openCodePermissionsFor(manager, { task: createCanonicalOpenCodeSddTaskPermissions() }),
+            permission: { ...openCodePermissionsFor(manager, { task: createCanonicalOpenCodeSddTaskPermissions() }), bash: 'allow' },
             prompt: canonicalOpenCodeManagerPrompt,
             reasoningEffort: canonicalOpenCodeManagerReasoningEffort,
             tools: { bash: true, delegate: true, delegation_list: true, delegation_read: true, edit: true, read: true, write: true },

package/dist/cli/cli-help.js

@@ -72,7 +72,7 @@ Areas:
   mcp doctor [--db <path>] [--project <name>] [--change <id>] [--timeout-ms <ms>]
   MCP setup preview is read-only; it does not install or write .opencode/, .claude/, or provider config.
   Without --db, MCP install and setup commands use the vgxness global default database; pass --db .vgx/memory.sqlite for project-local compatibility.
-  OpenCode install defaults to user/global scope and installs mcp.vgxness plus permission.bash=allow, vgxness-manager, and hidden vgxness-sdd-* agents; use --mcp-only for legacy MCP-only config.
+  OpenCode install defaults to user/global scope and installs mcp.vgxness plus top-level permission.bash=ask, vgxness-manager with bash=allow, and hidden vgxness-sdd-* agents with explicit permissions; use --mcp-only for legacy MCP-only config.
   Use --overwrite-vgxness (alias --reinstall) to reinstall only VGXNESS-managed OpenCode entries while preserving unrelated config; --yes is still required to write.
   It writes only after --yes. The default target is $HOME/.config/opencode/opencode.json; use --scope project to target .opencode/opencode.json explicitly.
   Project OpenCode config can override user config. Plans are read-only; applies refuse unsafe existing config and create backups before merge.

package/dist/cli/tui/opentui/setup/smoke.js

@@ -13,7 +13,7 @@ try {
             workspaceRoot: '/tmp/project',
             db: { mode: 'global', path: '/tmp/db.sqlite', source: 'flag' },
             provider: 'opencode',
-            opencode: { scope: 'user', action: 'merge', targetPath: '/tmp/.config/opencode/opencode.json', installsAgents: true, agentNames: ['vgxness-manager'] },
+            opencode: { scope: 'user', action: 'merge', targetPath: '/tmp/.config/opencode/opencode.json', installsAgents: true, agentNames: ['vgxness-manager'], bashPermissionPolicy: { topLevel: 'ask', manager: 'allow' } },
             actions: [
                 {
                     id: 'opencode-merge',

package/dist/mcp/client-install-opencode-contract.js

@@ -34,9 +34,9 @@ export function planOpenCodeMcpInstall(input) {
         mcpOnly: input.mcpOnly,
     });
     const overwriteVgxness = input.overwriteVgxness === true;
-    const allowBash = true;
+    const bashPermissionPolicy = bashPermissionPolicyFor(agentPlan);
     if (scope === 'user') {
-        return planUserOpenCodeMcpInstall(input, databasePathSource, server, agentPlan, overwriteVgxness, allowBash);
+        return planUserOpenCodeMcpInstall(input, databasePathSource, server, agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     const existingTargets = supportedConfigTargets
         .map((relativePath) => ({
@@ -50,11 +50,11 @@ export function planOpenCodeMcpInstall(input) {
                 kind: 'manual-check',
                 message: 'Remove ambiguity by keeping exactly one OpenCode project config target before installing.',
             },
-        ], agentPlan, overwriteVgxness, allowBash);
+        ], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     if (existingTargets.length === 0) {
         return {
-            ...baseContract(input.databasePath, databasePathSource, scope, join(input.cwd, '.opencode', 'opencode.json'), false, 'create', agentPlan, overwriteVgxness, allowBash),
+            ...baseContract(input.databasePath, databasePathSource, scope, join(input.cwd, '.opencode', 'opencode.json'), false, 'create', agentPlan, overwriteVgxness, bashPermissionPolicy),
             status: 'would_install',
             action: 'create',
             targetPath: join(input.cwd, '.opencode', 'opencode.json'),
@@ -66,19 +66,19 @@ export function planOpenCodeMcpInstall(input) {
     }
     const [target] = existingTargets;
     if (target === undefined)
-        return refusal('ambiguous_target', 'Unable to resolve OpenCode project config target.', input.databasePath, databasePathSource, scope, undefined, [], undefined, overwriteVgxness, allowBash);
+        return refusal('ambiguous_target', 'Unable to resolve OpenCode project config target.', input.databasePath, databasePathSource, scope, undefined, [], undefined, overwriteVgxness, bashPermissionPolicy);
     if (target.relativePath.endsWith('.jsonc')) {
-        return refusal('unsupported_jsonc', `OpenCode JSONC config ${target.relativePath} is not supported yet; use JSON or remove comments first.`, input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, allowBash);
+        return refusal('unsupported_jsonc', `OpenCode JSONC config ${target.relativePath} is not supported yet; use JSON or remove comments first.`, input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     const parsed = parseConfig(target.absolutePath);
     if (!parsed.ok)
-        return refusal(parsed.reason, parsed.message, input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, allowBash);
+        return refusal(parsed.reason, parsed.message, input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     const config = parsed.value;
     if (config.mcp !== undefined && !isRecord(config.mcp)) {
-        return refusal('invalid_mcp_shape', 'Existing top-level mcp must be a JSON object before vgxness can be merged.', input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, allowBash);
+        return refusal('invalid_mcp_shape', 'Existing top-level mcp must be a JSON object before vgxness can be merged.', input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     if (isRecord(config.mcp) && Object.hasOwn(config.mcp, 'vgxness') && !overwriteVgxness) {
-        return refusal('existing_vgxness_mcp', 'Existing OpenCode config already contains mcp.vgxness; overwrite is refused by default.', input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, allowBash);
+        return refusal('existing_vgxness_mcp', 'Existing OpenCode config already contains mcp.vgxness; overwrite is refused by default.', input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     const agentConflict = findConflictingVgxnessAgents(config, agentPlan);
     if (agentConflict.length > 0 && !overwriteVgxness) {
@@ -87,16 +87,16 @@ export function planOpenCodeMcpInstall(input) {
                 kind: 'manual-check',
                 message: `Manually reconcile conflicting VGXNESS agent entries: ${agentConflict.join(', ')}.`,
             },
-        ], agentPlan, overwriteVgxness, allowBash);
+        ], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     if (agentPlan.installsAgents && config.agent !== undefined && !isRecord(config.agent)) {
-        return refusal('unsupported_config_shape', 'Existing top-level agent must be a JSON object before VGXNESS agent entries can be merged or overwritten.', input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, allowBash);
+        return refusal('unsupported_config_shape', 'Existing top-level agent must be a JSON object before VGXNESS agent entries can be merged or overwritten.', input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     if (config.permission !== undefined && !isRecord(config.permission)) {
-        return refusal('unsupported_config_shape', 'Existing top-level permission must be a JSON object before VGXNESS can set permission.bash to allow by default.', input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, allowBash);
+        return refusal('unsupported_config_shape', 'Existing top-level permission must be a JSON object before VGXNESS can set top-level permission.bash to ask.', input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     return {
-        ...baseContract(input.databasePath, databasePathSource, scope, target.absolutePath, true, 'merge-preserve-existing', agentPlan, overwriteVgxness, allowBash),
+        ...baseContract(input.databasePath, databasePathSource, scope, target.absolutePath, true, 'merge-preserve-existing', agentPlan, overwriteVgxness, bashPermissionPolicy),
         status: 'would_install',
         action: 'merge',
         targetPath: target.absolutePath,
@@ -106,22 +106,22 @@ export function planOpenCodeMcpInstall(input) {
         existingSchema: typeof config.$schema === 'string' ? config.$schema : opencodeConfigSchema,
     };
 }
-function planUserOpenCodeMcpInstall(input, databasePathSource, server, agentPlan, overwriteVgxness, allowBash) {
+function planUserOpenCodeMcpInstall(input, databasePathSource, server, agentPlan, overwriteVgxness, bashPermissionPolicy) {
     const target = resolveOpenCodeMcpInstallTarget({
         cwd: input.cwd,
         scope: 'user',
         env: input.env,
     });
     if (!target.ok) {
-        return refusal('unsupported_config_shape', target.message, input.databasePath, databasePathSource, 'user', undefined, [], undefined, overwriteVgxness, allowBash);
+        return refusal('unsupported_config_shape', target.message, input.databasePath, databasePathSource, 'user', undefined, [], undefined, overwriteVgxness, bashPermissionPolicy);
     }
     const jsoncPath = `${target.path}c`;
     if (existsSync(jsoncPath)) {
-        return refusal('unsupported_jsonc', 'OpenCode user JSONC config opencode.jsonc is not supported yet; use JSON or remove comments first.', input.databasePath, databasePathSource, 'user', jsoncPath, [], agentPlan, overwriteVgxness, allowBash);
+        return refusal('unsupported_jsonc', 'OpenCode user JSONC config opencode.jsonc is not supported yet; use JSON or remove comments first.', input.databasePath, databasePathSource, 'user', jsoncPath, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     if (!existsSync(target.path)) {
         return {
-            ...baseContract(input.databasePath, databasePathSource, 'user', target.path, false, 'create', agentPlan, overwriteVgxness, allowBash),
+            ...baseContract(input.databasePath, databasePathSource, 'user', target.path, false, 'create', agentPlan, overwriteVgxness, bashPermissionPolicy),
             status: 'would_install',
             action: 'create',
             targetPath: target.path,
@@ -133,13 +133,13 @@ function planUserOpenCodeMcpInstall(input, databasePathSource, server, agentPlan
     }
     const parsed = parseConfig(target.path);
     if (!parsed.ok)
-        return refusal(parsed.reason, parsed.message, input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness, allowBash);
+        return refusal(parsed.reason, parsed.message, input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     const config = parsed.value;
     if (config.mcp !== undefined && !isRecord(config.mcp)) {
-        return refusal('invalid_mcp_shape', 'Existing top-level mcp must be a JSON object before vgxness can be merged.', input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness, allowBash);
+        return refusal('invalid_mcp_shape', 'Existing top-level mcp must be a JSON object before vgxness can be merged.', input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     if (isRecord(config.mcp) && Object.hasOwn(config.mcp, 'vgxness') && !overwriteVgxness) {
-        return refusal('existing_vgxness_mcp', 'Existing OpenCode config already contains mcp.vgxness; overwrite is refused by default.', input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness, allowBash);
+        return refusal('existing_vgxness_mcp', 'Existing OpenCode config already contains mcp.vgxness; overwrite is refused by default.', input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     const agentConflict = findConflictingVgxnessAgents(config, agentPlan);
     if (agentConflict.length > 0 && !overwriteVgxness) {
@@ -148,16 +148,16 @@ function planUserOpenCodeMcpInstall(input, databasePathSource, server, agentPlan
                 kind: 'manual-check',
                 message: `Manually reconcile conflicting VGXNESS agent entries: ${agentConflict.join(', ')}.`,
             },
-        ], agentPlan, overwriteVgxness, allowBash);
+        ], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     if (agentPlan.installsAgents && config.agent !== undefined && !isRecord(config.agent)) {
-        return refusal('unsupported_config_shape', 'Existing top-level agent must be a JSON object before VGXNESS agent entries can be merged or overwritten.', input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness, allowBash);
+        return refusal('unsupported_config_shape', 'Existing top-level agent must be a JSON object before VGXNESS agent entries can be merged or overwritten.', input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     if (config.permission !== undefined && !isRecord(config.permission)) {
-        return refusal('unsupported_config_shape', 'Existing top-level permission must be a JSON object before VGXNESS can set permission.bash to allow by default.', input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness, allowBash);
+        return refusal('unsupported_config_shape', 'Existing top-level permission must be a JSON object before VGXNESS can set top-level permission.bash to ask.', input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     return {
-        ...baseContract(input.databasePath, databasePathSource, 'user', target.path, true, 'merge-preserve-existing', agentPlan, overwriteVgxness, allowBash),
+        ...baseContract(input.databasePath, databasePathSource, 'user', target.path, true, 'merge-preserve-existing', agentPlan, overwriteVgxness, bashPermissionPolicy),
         status: 'would_install',
         action: 'merge',
         targetPath: target.path,
@@ -220,7 +220,7 @@ function deepEqual(left, right) {
     const rightKeys = Object.keys(right).sort();
     return leftKeys.length === rightKeys.length && leftKeys.every((key, index) => key === rightKeys[index] && deepEqual(left[key], right[key]));
 }
-function baseContract(databasePath, source, scope, targetPath, backupRequired, mergePolicy, agentPlan = createOpenCodeDefaultAgentInstallPlan({ mcpOnly: true }), overwriteVgxness = false, allowBash = true) {
+function baseContract(databasePath, source, scope, targetPath, backupRequired, mergePolicy, agentPlan = createOpenCodeDefaultAgentInstallPlan({ mcpOnly: true }), overwriteVgxness = false, bashPermissionPolicy = bashPermissionPolicyFor(agentPlan)) {
     return {
         version: 1,
         kind: 'mcp-client-install-opencode',
@@ -235,18 +235,18 @@ function baseContract(databasePath, source, scope, targetPath, backupRequired, m
             mergePolicy,
         },
         scope,
-        warnings: warningsForScope(scope, overwriteVgxness, agentPlan, allowBash),
+        warnings: warningsForScope(scope, overwriteVgxness, agentPlan, bashPermissionPolicy),
         verificationHints: verificationHints(databasePath, source),
         manualTest: manualTestForScope(scope, databasePath, source),
         installsAgents: agentPlan.installsAgents,
         agentNames: agentPlan.agentNames,
         overwriteVgxness,
-        allowBash,
+        bashPermissionPolicy,
         ...(agentPlan.defaultAgent !== undefined ? { defaultAgent: agentPlan.defaultAgent } : {}),
     };
 }
-function refusal(reason, message, databasePath, source, scope, targetPath, extraVerificationHints = [], agentPlan = createOpenCodeDefaultAgentInstallPlan({ mcpOnly: true }), overwriteVgxness = false, allowBash = true) {
-    const contract = baseContract(databasePath, source, scope, targetPath, false, 'refuse-no-clobber', agentPlan, overwriteVgxness, allowBash);
+function refusal(reason, message, databasePath, source, scope, targetPath, extraVerificationHints = [], agentPlan = createOpenCodeDefaultAgentInstallPlan({ mcpOnly: true }), overwriteVgxness = false, bashPermissionPolicy = bashPermissionPolicyFor(agentPlan)) {
+    const contract = baseContract(databasePath, source, scope, targetPath, false, 'refuse-no-clobber', agentPlan, overwriteVgxness, bashPermissionPolicy);
     return {
         ...contract,
         verificationHints: [...extraVerificationHints, ...contract.verificationHints],
@@ -256,13 +256,13 @@ function refusal(reason, message, databasePath, source, scope, targetPath, extra
         ...(targetPath !== undefined ? { targetPath } : {}),
     };
 }
-function warningsForScope(scope, overwriteVgxness, agentPlan, allowBash) {
+function warningsForScope(scope, overwriteVgxness, agentPlan, bashPermissionPolicy) {
     const overwriteWarnings = overwriteVgxness
         ? [
             `Reinstall/overwrite is enabled: existing VGXNESS-managed OpenCode entries will be replaced (${agentPlan.installsAgents ? 'mcp.vgxness, default_agent, instructions AGENTS.md, and known VGXNESS agents' : 'mcp.vgxness only'}); unrelated OpenCode config is preserved.`,
         ]
         : [];
-    const bashWarnings = allowBash ? ['OpenCode permission.bash is set to allow by default; terminal commands may run without prompting.'] : [];
+    const bashWarnings = bashPermissionPolicy.manager === 'allow' ? ['OpenCode top-level permission.bash is set to ask; the VGXNESS manager agent allows bash while SDD subagents keep explicit permissions.'] : ['OpenCode top-level permission.bash is set to ask.'];
     if (scope === 'project')
         return ['Restart OpenCode after installation so it reloads the project MCP config.', ...overwriteWarnings, ...bashWarnings];
     return [
@@ -272,6 +272,9 @@ function warningsForScope(scope, overwriteVgxness, agentPlan, allowBash) {
         ...bashWarnings,
     ];
 }
+function bashPermissionPolicyFor(agentPlan) {
+    return agentPlan.installsAgents ? { topLevel: 'ask', manager: 'allow' } : { topLevel: 'ask' };
+}
 function createdConfigKeys(agentPlan) {
     const keys = agentPlan.installsAgents ? ['$schema', 'instructions', 'default_agent', 'agent', 'mcp'] : ['$schema', 'mcp'];
     return [...keys, 'permission'];

package/dist/mcp/client-install-opencode.js

@@ -28,7 +28,7 @@ export async function installOpenCodeMcpClient(input) {
         ...(input.overwriteVgxness !== undefined ? { overwriteVgxness: input.overwriteVgxness } : {}),
     });
     if (!input.confirmed) {
-        return refusal('confirmation_required', confirmationRequiredMessage(plan.scope), input.databasePath, databasePathSource, server, confirmationRequiredSafety(plan), 'targetPath' in plan ? plan.targetPath : undefined, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.allowBash);
+        return refusal('confirmation_required', confirmationRequiredMessage(plan.scope), input.databasePath, databasePathSource, server, confirmationRequiredSafety(plan), 'targetPath' in plan ? plan.targetPath : undefined, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.bashPermissionPolicy);
     }
     if (plan.status === 'refused')
         return refusalFromPlan(plan, input.databasePath, databasePathSource, server);
@@ -36,32 +36,32 @@ export async function installOpenCodeMcpClient(input) {
         if (existsSync(plan.targetPath)) {
             const reparsed = parseConfig(plan.targetPath);
             if (!reparsed.ok)
-                return refusal(reparsed.reason, reparsed.message, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.allowBash);
+                return refusal(reparsed.reason, reparsed.message, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.bashPermissionPolicy);
             const conflictingAgents = findConflictingVgxnessAgents(reparsed.value, agentPlan, {
                 effectiveManagerInstructions: input.effectiveManagerInstructions,
             });
             if (conflictingAgents.length > 0 && input.overwriteVgxness !== true)
-                return agentConflictRefusal(conflictingAgents, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.allowBash);
-            return refusal('unsupported_config_shape', 'OpenCode config appeared after planning; rerun setup apply so it can be merged safely without overwriting user config.', input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.allowBash);
+                return agentConflictRefusal(conflictingAgents, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.bashPermissionPolicy);
+            return refusal('unsupported_config_shape', 'OpenCode config appeared after planning; rerun setup apply so it can be merged safely without overwriting user config.', input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.bashPermissionPolicy);
         }
         writeConfig(plan.targetPath, mergeVgxnessOpenCodeConfig({ $schema: opencodeConfigSchema }, plan.server, plan.installsAgents, input.effectiveManagerInstructions));
-        return validateInstalledResult(plan.targetPath, undefined, server, input.databasePath, databasePathSource, applySafety(plan), plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.allowBash);
+        return validateInstalledResult(plan.targetPath, undefined, server, input.databasePath, databasePathSource, applySafety(plan), plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.bashPermissionPolicy);
     }
     const parsed = parseConfig(plan.targetPath);
     if (!parsed.ok)
-        return refusal(parsed.reason, parsed.message, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.allowBash);
+        return refusal(parsed.reason, parsed.message, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.bashPermissionPolicy);
     const conflictingAgents = findConflictingVgxnessAgents(parsed.value, agentPlan, {
         effectiveManagerInstructions: input.effectiveManagerInstructions,
     });
     if (conflictingAgents.length > 0 && input.overwriteVgxness !== true)
-        return agentConflictRefusal(conflictingAgents, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.allowBash);
+        return agentConflictRefusal(conflictingAgents, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.bashPermissionPolicy);
     const backup = createBackup(plan.targetPath, plan.scope);
     if (!backup.ok)
-        return refusal('post_write_validation_failed', backup.error.message, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.allowBash);
+        return refusal('post_write_validation_failed', backup.error.message, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.bashPermissionPolicy);
     const config = parsed.value;
     const mergedConfig = mergeVgxnessOpenCodeConfig({ ...config, $schema: plan.existingSchema ?? opencodeConfigSchema }, plan.server, plan.installsAgents, input.effectiveManagerInstructions);
     writeConfig(plan.targetPath, mergedConfig);
-    return validateInstalledResult(plan.targetPath, backup.value, server, input.databasePath, databasePathSource, applySafety(plan), plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.allowBash);
+    return validateInstalledResult(plan.targetPath, backup.value, server, input.databasePath, databasePathSource, applySafety(plan), plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.bashPermissionPolicy);
 }
 function mergeVgxnessOpenCodeConfig(config, server, installsAgents, effectiveManagerInstructions) {
     const merged = {
@@ -75,7 +75,7 @@ function mergeVgxnessOpenCodeConfig(config, server, installsAgents, effectiveMan
         merged.default_agent = defaults.defaultAgent;
         merged.agent = { ...(isRecord(config.agent) ? config.agent : {}), ...defaults.agents };
     }
-    merged.permission = { ...(isRecord(config.permission) ? config.permission : {}), bash: 'allow' };
+    merged.permission = { ...(isRecord(config.permission) ? config.permission : {}), bash: 'ask' };
     return merged;
 }
 function mergeOpenCodeInstructions(existing) {
@@ -107,24 +107,24 @@ function createBackup(path, scope) {
         description: 'Backup existing OpenCode config before merging VGXNESS MCP configuration.',
     });
 }
-function validateInstalledResult(targetPath, backup, server, databasePath, source, safety, verificationHints, warningMessages, manualTestGuidance, agentPlan, overwriteVgxness = false, allowBash = true) {
+function validateInstalledResult(targetPath, backup, server, databasePath, source, safety, verificationHints, warningMessages, manualTestGuidance, agentPlan, overwriteVgxness = false, bashPermissionPolicy = bashPermissionPolicyFor(agentPlan)) {
     const parsed = parseConfig(targetPath);
     if (!parsed.ok)
-        return refusal('post_write_validation_failed', 'OpenCode config could not be re-read after write.', databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, overwriteVgxness, allowBash);
+        return refusal('post_write_validation_failed', 'OpenCode config could not be re-read after write.', databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, overwriteVgxness, bashPermissionPolicy);
     const mcp = parsed.value.mcp;
     const installed = isRecord(mcp) ? mcp.vgxness : undefined;
     if (!isOpenCodeLocalMcpServerConfig(installed)) {
-        return refusal('post_write_validation_failed', 'OpenCode config was written but mcp.vgxness did not validate.', databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, overwriteVgxness, allowBash);
+        return refusal('post_write_validation_failed', 'OpenCode config was written but mcp.vgxness did not validate.', databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     if (agentPlan.installsAgents) {
         const agent = parsed.value.agent;
         if (!isRecord(agent) || parsed.value.default_agent !== agentPlan.defaultAgent || agentPlan.agentNames.some((name) => !isRecord(agent[name]))) {
-            return refusal('post_write_validation_failed', 'OpenCode config was written but VGXNESS agent entries did not validate.', databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, overwriteVgxness, allowBash);
+            return refusal('post_write_validation_failed', 'OpenCode config was written but VGXNESS agent entries did not validate.', databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, overwriteVgxness, bashPermissionPolicy);
         }
     }
     const permission = parsed.value.permission;
-    if (!isRecord(permission) || permission.bash !== 'allow') {
-        return refusal('post_write_validation_failed', 'OpenCode config was written but permission.bash did not validate as allow.', databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, overwriteVgxness, allowBash);
+    if (!isRecord(permission) || permission.bash !== 'ask') {
+        return refusal('post_write_validation_failed', 'OpenCode config was written but top-level permission.bash did not validate as ask.', databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     return {
         version: 1,
@@ -140,7 +140,7 @@ function validateInstalledResult(targetPath, backup, server, databasePath, sourc
         installsAgents: agentPlan.installsAgents,
         agentNames: agentPlan.agentNames,
         overwriteVgxness,
-        allowBash,
+        bashPermissionPolicy,
         ...(agentPlan.defaultAgent !== undefined ? { defaultAgent: agentPlan.defaultAgent } : {}),
     };
 }
@@ -165,7 +165,7 @@ function isOpenCodeLocalMcpServerConfig(value) {
 function isRecord(value) {
     return typeof value === 'object' && value !== null && !Array.isArray(value);
 }
-function refusal(reason, message, databasePath, source, server, safety, targetPath, verificationHints = defaultVerificationHints(databasePath, source), warningMessages = warnings(), manualTestGuidance = manualTest(databasePath, source), agentPlan = createOpenCodeDefaultAgentInstallPlan({ mcpOnly: true }), overwriteVgxness = false, allowBash = true) {
+function refusal(reason, message, databasePath, source, server, safety, targetPath, verificationHints = defaultVerificationHints(databasePath, source), warningMessages = warnings(), manualTestGuidance = manualTest(databasePath, source), agentPlan = createOpenCodeDefaultAgentInstallPlan({ mcpOnly: true }), overwriteVgxness = false, bashPermissionPolicy = bashPermissionPolicyFor(agentPlan)) {
     return {
         version: 1,
         kind: 'mcp-client-install-opencode',
@@ -181,15 +181,15 @@ function refusal(reason, message, databasePath, source, server, safety, targetPa
         installsAgents: agentPlan.installsAgents,
         agentNames: agentPlan.agentNames,
         overwriteVgxness,
-        allowBash,
+        bashPermissionPolicy,
         ...(agentPlan.defaultAgent !== undefined ? { defaultAgent: agentPlan.defaultAgent } : {}),
     };
 }
 function refusalFromPlan(plan, databasePath, source, server) {
-    return refusal(plan.reason, plan.message, databasePath, source, server, plan.safety, plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, plan, plan.overwriteVgxness, plan.allowBash);
+    return refusal(plan.reason, plan.message, databasePath, source, server, plan.safety, plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, plan, plan.overwriteVgxness, plan.bashPermissionPolicy);
 }
-function agentConflictRefusal(conflictingAgents, databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, allowBash = true) {
-    return refusal('existing_vgxness_agent', `Existing OpenCode config contains custom VGXNESS agent entries that would be overwritten: ${conflictingAgents.join(', ')}. Remove, rename, or manually reconcile them before installing.`, databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, false, allowBash);
+function agentConflictRefusal(conflictingAgents, databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, bashPermissionPolicy = bashPermissionPolicyFor(agentPlan)) {
+    return refusal('existing_vgxness_agent', `Existing OpenCode config contains custom VGXNESS agent entries that would be overwritten: ${conflictingAgents.join(', ')}. Remove, rename, or manually reconcile them before installing.`, databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, false, bashPermissionPolicy);
 }
 function applySafety(plan) {
     return {
@@ -213,7 +213,7 @@ function confirmationRequiredMessage(scope) {
     return `\`mcp install opencode\` requires explicit --yes before any ${scope} config write.`;
 }
 function warnings() {
-    return ['Restart OpenCode after installation so it reloads the project MCP config.', 'OpenCode permission.bash is set to allow by default; terminal commands may run without prompting.'];
+    return ['Restart OpenCode after installation so it reloads the project MCP config.', 'OpenCode top-level permission.bash is set to ask; the VGXNESS manager agent allows bash while SDD subagents keep explicit permissions.'];
 }
 function manualTest(databasePath, source) {
     return {
@@ -229,3 +229,6 @@ function defaultVerificationHints(databasePath, source) {
         { kind: 'command', message: 'Run the MCP doctor command after installation.', command: createVgxnessMcpDoctorCommand(databasePath, source) },
     ];
 }
+function bashPermissionPolicyFor(agentPlan) {
+    return agentPlan.installsAgents ? { topLevel: 'ask', manager: 'allow' } : { topLevel: 'ask' };
+}

package/dist/setup/providers/opencode-setup-adapter.js

@@ -61,8 +61,8 @@ export const openCodeSetupAdapter = {
             writesProviderConfig: false,
             summary: contract.status === 'would_install'
                 ? contract.overwriteVgxness
-                    ? `OpenCode ${contract.action} reinstall plan is available; confirmed apply overwrites VGXNESS entries only, preserves unrelated config, sets permission.bash=allow, and creates managed backups for existing targets.`
-                    : `OpenCode ${contract.action} plan is available for external application; confirmed applies mcp.vgxness and permission.bash=allow, and creates managed VGXNESS backups when merging.`
+                    ? `OpenCode ${contract.action} reinstall plan is available; confirmed apply overwrites VGXNESS entries only, preserves unrelated config, sets top-level permission.bash=ask and manager bash=allow, and creates managed backups for existing targets.`
+                    : `OpenCode ${contract.action} plan is available for external application; confirmed applies mcp.vgxness, top-level permission.bash=ask, and manager bash=allow, and creates managed VGXNESS backups when merging.`
                 : contract.message,
             ...(targetPath !== undefined ? { targetPath } : {}),
             warnings: contract.warnings,
@@ -122,7 +122,7 @@ function openCodePlanPreview(visibility, plan) {
             targetPath: source.targetPath,
             backupRequired: source.backupRequired,
             confirmationRequired: Boolean(plan?.actions.some((candidate) => candidate.safety.requiresExplicitConfirmation)),
-            risks: [...(source.overwriteVgxness ? overwriteInstallRisks(source.installsAgents) : source.action === 'create' ? createInstallRisks() : mergeInstallRisks()), ...bashPermissionRisks(source.allowBash)],
+            risks: [...(source.overwriteVgxness ? overwriteInstallRisks(source.installsAgents) : source.action === 'create' ? createInstallRisks() : mergeInstallRisks()), ...bashPermissionRisks(source.bashPermissionPolicy)],
             warnings: source.warnings,
         };
     }
@@ -154,8 +154,10 @@ function overwriteInstallRisks(installsAgents) {
         'OpenCode must be restarted after external installation before it discovers the updated vgxness MCP server.',
     ];
 }
-function bashPermissionRisks(allowBash) {
-    return allowBash === true ? ['OpenCode permission.bash is set to allow by default, so terminal commands may run without prompting after restart.'] : [];
+function bashPermissionRisks(policy) {
+    return policy.manager === 'allow'
+        ? ['OpenCode top-level permission.bash is set to ask; terminal commands prompt by default, while vgxness-manager allows bash after restart.']
+        : ['OpenCode top-level permission.bash is set to ask.'];
 }
 function refusedRepairRisks(message) {
     return [
@@ -179,8 +181,8 @@ function externalInstallAction(scope, targetPath, overwriteVgxness = false) {
         kind: 'copy-command',
         command: ['vgxness', 'mcp', 'install', 'opencode', '--scope', scope, '--yes', ...(overwriteVgxness ? ['--overwrite-vgxness'] : [])],
         description: overwriteVgxness
-            ? 'Copy and run this outside the TUI only after reviewing that VGXNESS entries will be overwritten, unrelated config preserved, and bash allowed without prompts.'
-            : 'Copy and run this outside the TUI only after reviewing the read-only plan and bash permission risk.',
+            ? 'Copy and run this outside the TUI only after reviewing that VGXNESS entries will be overwritten, unrelated config preserved, top-level bash prompts, and manager bash is allowed.'
+            : 'Copy and run this outside the TUI only after reviewing the read-only plan and scoped bash permission behavior.',
         safety: externalProviderWriteSafety(targetPath),
     };
 }

package/dist/setup/setup-plan.js

@@ -131,7 +131,7 @@ function setupPlanFromOpenCode(input) {
                 installsAgents: input.opencode.installsAgents,
                 agentNames: input.opencode.agentNames,
                 ...(input.opencode.overwriteVgxness ? { overwriteVgxness: true } : {}),
-                ...(input.opencode.allowBash ? { allowBash: true } : {}),
+                bashPermissionPolicy: input.opencode.bashPermissionPolicy,
             },
             actions: [],
             conflicts: [
@@ -159,12 +159,12 @@ function setupPlanFromOpenCode(input) {
             installsAgents: input.opencode.installsAgents,
             agentNames: input.opencode.agentNames,
             ...(input.opencode.overwriteVgxness ? { overwriteVgxness: true } : {}),
-            ...(input.opencode.allowBash ? { allowBash: true } : {}),
+            bashPermissionPolicy: input.opencode.bashPermissionPolicy,
         },
         actions: [
             {
                 id: `opencode-${input.opencode.action}`,
-                description: `${input.opencode.overwriteVgxness ? 'Reinstall/overwrite VGXNESS entries in' : input.opencode.action === 'create' ? 'Create' : 'Merge'} OpenCode config with mcp.vgxness using vgxness mcp start${input.installMode === 'mcp-plus-agents' ? ' and manager/SDD agents' : ''}${input.opencode.overwriteVgxness ? '; unrelated OpenCode config is preserved' : ''}${input.opencode.allowBash ? '; sets permission.bash to allow by default' : ''}.`,
+                description: `${input.opencode.overwriteVgxness ? 'Reinstall/overwrite VGXNESS entries in' : input.opencode.action === 'create' ? 'Create' : 'Merge'} OpenCode config with mcp.vgxness using vgxness mcp start${input.installMode === 'mcp-plus-agents' ? ' and manager/SDD agents' : ''}${input.opencode.overwriteVgxness ? '; unrelated OpenCode config is preserved' : ''}${bashPermissionDescription(input.opencode.bashPermissionPolicy)}.`,
                 mutating: false,
                 targetPath: input.opencode.targetPath,
                 backupRequired: input.opencode.backupRequired,
@@ -184,6 +184,9 @@ function setupPlanFromOpenCode(input) {
         nextCommands: ['vgxness setup apply --yes', 'vgxness doctor', 'Restart OpenCode and verify the vgxness MCP server is visible.'],
     };
 }
+function bashPermissionDescription(policy) {
+    return policy.manager === 'allow' ? '; sets top-level permission.bash to ask and manager bash to allow' : '; sets top-level permission.bash to ask';
+}
 function resolveSetupDatabase(input) {
     if (input.mode === 'global') {
         const resolved = resolveMemoryDatabasePath({ cwd: input.workspaceRoot, env: input.env });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vgxness",
-  "version": "1.9.5",
+  "version": "1.9.7",
   "description": "CLI and MCP control plane for guided AI-agent workflows, SDD, memory, and OpenCode setup.",
   "license": "SEE LICENSE IN LICENSE",
   "repository": {