[BUG] Plan agent requests permission for piped commands despite allowed settings (regression of #1271) #11775
Description
What's Wrong?
The Plan agent keeps requesting permission for piped commands even when both commands are explicitly listed in the allowed permissions in settings.json.
For example, when the Plan agent tries to run:
ls -lh /Users/prb/sablier/frontend/ui/apps/landing/public/blog/*.webp | awk '{print $5, $9}'I get a permission prompt asking me to approve the command, despite having both ls and awk already configured in my allowed permissions.
What Should Happen?
When both ls and awk are in the allowed permissions list, the Plan agent should execute piped commands like ls | awk without requesting permission. This is a regression of the fix from issue #1271.
Steps to Reproduce
- Add both
lsandawkto allowed permissions insettings.json - Start a Plan agent session
- Ask the agent to analyze files using a piped command (e.g., listing files with sizes)
- Agent attempts to run a command like
ls -lh path/*.webp | awk '{print $5, $9}' - Permission prompt appears despite both commands being whitelisted
Is this a regression?
Yes, this worked in a previous version. This issue was previously fixed in #1271 but has regressed, specifically in the context of the Plan agent.
Related Issues
- [BUG] Respect
allowed-toolswhen using combined / piped tool commands #1271 - Original fix for piped command permissions - Built-in Plan agent ignores parent settings.json permissions and repeatedly prompts for pre-approved tools #10906 - Related permission handling issue
Note
This bug appears to be specific to the Plan agent context. The regression may be related to how the Plan agent processes tool permissions differently from the main agent.