Micode agents have no permission config — silenced by root-level permission denies

[simplyenak]

Bug

Micode agents (planner, executor, codebase-locator, implementer, reviewer, etc.) define no permission field in their AgentConfig. When a project's opencode.json sets root-level permission denies (e.g. "task": "deny"), all micode agents inherit those denies and become non-functional — they spawn but return empty results because they can't use any tools.

Reproduction

1. Have a project opencode.json with root permission denies:

{
  "plugin": ["micode"],
  "permission": {
    "task": "deny"
  }
}

2. Try to use any micode agent via Task tool (planner, executor, codebase-locator, etc.)
3. Agent spawns, returns empty result, no tool calls made

Root Cause

In src/agents/*.ts, none of the agent configs include a permission block. The AgentConfig type supports:

permission?: {
  edit?: "ask" | "allow" | "deny";
  bash?: ("ask" | "allow" | "deny") | { [key: string]: "ask" | "allow" | "deny" };
  webfetch?: "ask" | "allow" | "deny";
  doom_loop?: "ask" | "allow" | "deny";
  external_directory?: "ask" | "allow" | "deny";
};

When no permission is declared, agents inherit from the project's root config. A root "task": "deny" (or any tool deny) effectively kills all micode agents.

Native OpenCode agents (like build, plan) that users define in their opencode.json under "agent" work fine because they have explicit permission overrides. Micode agents have no such overrides.

Expected Behavior

Micode agents should either:

1. Declare sensible default permissions in their AgentConfig so they work out-of-the-box regardless of root config, OR
2. Document that users must add permission overrides in their opencode.json for each micode agent

Option 1 is ideal — each agent should declare the permissions it needs:

• planner: read: allow, glob: allow, grep: allow, bash: allow (for research)
• executor: edit: allow, write: allow, bash: allow, task: allow (to spawn implementers)
• codebase-locator: read: allow, glob: allow, grep: allow
• implementer: edit: allow, write: allow, read: allow, bash: allow
• reviewer: read: allow, bash: allow (limited)

Workaround

Add permission overrides in the project's opencode.json:

{
  "agent": {
    "planner": { "permission": { "edit": "allow", "bash": "allow" } },
    "executor": { "permission": { "edit": "allow", "write": "allow", "bash": "allow", "task": "allow" } },
    "codebase-locator": { "permission": { "read": "allow", "glob": "allow", "grep": "allow", "bash": "allow" } },
    "implementer": { "permission": { "edit": "allow", "write": "allow", "read": "allow", "bash": "allow" } },
    "reviewer": { "permission": { "read": "allow", "bash": "allow" } }
  }
}

Environment

• micode: 0.10.0
• OpenCode: latest
• OS: Fedora 43 (Podman toolbox container)

Related

• The Task tool isn't registered #44 (Task tool not registered for micode agents)
• micode agents "plan" and "build" conflict with native OpenCode agents #41 (micode agents conflict with native agents)

[simplyenak]

Update: Config overrides don't work for plugin agents

Tested multiple approaches — none work:

1. Per-agent overrides in `opencode.json` `"agent"` section — ignored. OpenCode's plugin agent resolution doesn't merge these with plugin-registered agents.
2. Top-level `"model"` in project `opencode.json` — ignored. Plugin uses its own config loading path.
3. Removing root `"task": "deny"` — no effect. The real issue was never permissions.

Root cause confirmed

The actual failure is the hardcoded `DEFAULT_MODEL = "openai/gpt-5.2-codex"` in `src/utils/config.ts`. The `mergeAgentConfigs()` function in `dist/index.js` tries to override with the opencode.json top-level `"model"` field, but:

• Project-level `opencode.json` doesn't have `"model"` or `"provider"` sections
• Global `~/.config/opencode/opencode.json` has these, but `loadDefaultModel()` appears to use the project config dir
• Even if model validation passes (empty available models = skip validation), the override isn't applied

Suggested fix in micode

The plugin should:

1. Check both global and project config dirs for the model
2. Or better: respect the OpenCode session's active model (the one the primary agent uses)
3. Or: let `micode.json` agents section override models (it already supports this in `mergeAgentConfigs` but loading from `~/.config/opencode/micode.json`)

Workaround that actually works

Create `~/.config/opencode/micode.json`:

```json
{
"agents": {
"planner": { "model": "your-provider/your-model" },
"executor": { "model": "your-provider/your-model" },
"implementer": { "model": "your-provider/your-model" },
"codebase-locator": { "model": "your-provider/your-model" },
"codebase-analyzer": { "model": "your-provider/your-model" },
"pattern-finder": { "model": "your-provider/your-model" },
"reviewer": { "model": "your-provider/your-model" }
}
}
```

Note: this is untested because I don't have a non-OpenAI model to test with, but the code path in `mergeAgentConfigs` does read from `micode.json` agents section.