[BUG] Task subagents fail to inherit permissions in MCP server mode (affects both WSL and native Windows)

[jrassi06]

[BUG] Task subagents fail to inherit permissions in MCP server mode (affects both WSL and native Windows)

Environment

• Claude Code Version: 1.0.72
• Platform: Windows 11 (Native installation, not WSL)
• Installation method: Official Windows installer (irm https://claude.ai/install.ps1 | iex)
• Running as: MCP server for Claude Desktop
• Claude Desktop Version: 0.12.55

Bug Description

When using the Task tool to spawn subagents in MCP server mode, the subagents fail to inherit file system permissions from the parent process. This results in permission prompts that cannot be answered through the MCP interface, making the Task feature unusable.

Steps to Reproduce

1. Install Claude Code native Windows version:

irm https://claude.ai/install.ps1 | iex

2. Configure Claude Desktop with MCP server:

{
  "mcpServers": {
    "claudecode": {
      "command": "C:\\Users\\username\\.local\\bin\\claude.exe",
      "args": ["mcp", "serve"],
      "env": {}
    }
  }
}

3. Through Claude Desktop, request a task that requires subagent file access:

"Use the Task tool to search for all Python files in my Documents folder"

4. Observe error: Subagent requests file system permissions that cannot be granted through MCP interface

Expected Behavior

Subagents should inherit the permissions of the parent Claude Code process, similar to how other tools (Read, Write, Bash) work without additional permission prompts.

Actual Behavior

Subagents spawn without inherited permissions and request permissions that cannot be granted through the MCP protocol, making the Task feature unusable.

Error Messages

I need permission to access the file system. Could you please grant me permission to read from the directory

Additional Context

This affects multiple environments:

• ✅ Confirmed on native Windows installation
• ✅ Confirmed on WSL with MCP server mode
• ✅ Confirmed with various permission flags (--permission-mode bypassPermissions doesn't propagate to subagents)

Attempted Workarounds (all failed):

1. Using --permission-mode bypassPermissions flag - doesn't propagate to subagents
2. Setting permissions in environment variables - not inherited
3. Running with elevated privileges - no effect
4. Using different shells (PowerShell, CMD, Git Bash) - same issue

Related Issues:

• Erratic Task/Subagent Behavior in Plan/Act Workflow: Premature Edits, Nested Plans, and UI Flickering #2073 - Subagent permission inheritance broken
• [BUG] --allowedTools no working reliably #563 - --allowedTools flag not working with subagents in WSL2
• Bash:* wildcard permission not working in settings.local.json #3428 - Bash wildcard permissions don't work in settings files
• [BUG] Denying Permission for a Single Subagent Halts All Parallel Subagents #2148 - Denying permission for one subagent terminates all parallel subagents

Impact

This bug makes the Task feature completely unusable in MCP server mode, which is a critical limitation for Windows users who want to use Claude Code with Claude Desktop. The Task tool is advertised as a core feature for handling complex, multi-step operations, but cannot be used at all due to this permission issue.

Proposed Solution

Subagents should automatically inherit the permission context of their parent process, or there should be a way to pre-authorize subagents through configuration (similar to how the main process can be configured with permission flags).

Workaround

Currently, the only workaround is to avoid using the Task tool entirely and manually perform operations using individual tools (Read, Write, Bash, etc.), which significantly limits the capability of Claude Code.

System Information

OS: Windows 11 Pro 23H2
Node.js: v20.11.0
npm: 10.2.4
Git: 2.43.0.windows.1
Claude Code: 1.0.72 (native Windows)
MCP Protocol Version: 2025-06-18

Reproduction Repository

Happy to provide access to a minimal reproduction setup if needed.

---

Note for maintainers: This issue affects both WSL and native Windows installations, suggesting it's a fundamental architectural issue with how subagents are spawned rather than a platform-specific problem.

[github-actions]

Found 3 possible duplicate issues:

1. Multi-agent flows don't inherit permission approvals, causing repetitive prompts #2823
2. [BUG] MCP resources not available for subagents #2169
3. [BUG] [1.0.64-] authentification to subagents are no longer propagated #4855

This issue will be automatically closed as a duplicate in 3 days.

• If your issue is a duplicate, please close it and 👍 the existing issue instead
• To prevent auto-closure, add a comment or 👎 this comment

🤖 Generated with Claude Code

[jrassi06]

it does not look like the same issue reported before....maybe a little related but its unique enough scenario a I think.

[TaylorFacen]

I thought I was running into this same issue as well. Turns out, I just needed to wait for the MCP to connect before prompting the sub-agent.