fix(plan): prevent subagent plan escape, show plan in exit prompt, render as markdown#18516
Open
BYK wants to merge 5 commits intoanomalyco:devfrom
Open
fix(plan): prevent subagent plan escape, show plan in exit prompt, render as markdown#18516BYK wants to merge 5 commits intoanomalyco:devfrom
BYK wants to merge 5 commits intoanomalyco:devfrom
Conversation
github-actions
bot
added
needs:compliance
Contributor
|
Thanks for updating your PR! It now meets our contributing guidelines. 👍 |
BYK
force-pushed
the
fix/plan-mode-subagent-escape
branch
from
922ccf1 to
b7afaa3
Compare
3 tasks
…nder as markdown Three fixes for experimental planning mode: 1. Deny plan_exit/plan_enter permissions on subagent sessions so explore/general agents spawned by the plan agent cannot accidentally trigger a mode switch to build. 2. Read the plan file content in PlanExitTool and embed it in the question text so users see the full plan before deciding to switch. 3. Render question text with the Markdown component instead of raw text, both in the live question dock and historical message parts. Add overflow-y/max-height to question-text CSS so long plans scroll within the dock.
… minimize Two additional fixes: 1. Add plan_exit/plan_enter to the tools disable map in task.ts. The session permissions were being overwritten by SessionPrompt.prompt() which converts the tools map into session permissions. Without plan_exit in the tools map, it wasn't being denied. 2. Add minimize/expand toggle to the question dock so users can collapse it to read the conversation while a question is pending. Adds a chevron button in the header and makes the title clickable to toggle. DockPrompt gains a minimized prop that hides content and footer.
BYK
force-pushed
the
fix/plan-mode-subagent-escape
branch
2 times, most recently
from
317481c to
a42c629
Compare
…selection 1. Restore Markdown component usage in live question dock — the rebase dropped it, leaving plain text rendering while the import was still present. 2. Refuse plan_exit when plan file is empty/missing — return an error telling the agent to write the plan first instead of showing an empty question to the user. 3. Add question-text to the user-select: text allow-list so plan content in the question dock is selectable and copyable.
BYK
force-pushed
the
fix/plan-mode-subagent-escape
branch
from
a42c629 to
2a0d4cc
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue for this PR
Closes #18515
Type of change
What does this PR do?
Fixes three issues with the experimental planning mode and adds UX improvements to the question dock:
1. Subagents can escape plan mode — When the plan agent spawns explore/general subagents via the task tool, those child sessions had access to
plan_exit. If a subagent called it and the user accidentally confirmed, the session would switch to build mode prematurely. Fix: denyplan_exitandplan_enterboth in subagent session creation permissions (Session.create()) AND in the tools map passed toSessionPrompt.prompt(). The latter is critical becauseSessionPrompt.prompt()overwrites session permissions with its tools parameter — withoutplan_exit: falsein the tools map, the deny rule from session creation was silently lost.2. Plan not shown before build switch —
plan_exitasked "Would you like to switch?" without showing what the plan actually says. The user had to go read the plan file separately. Fix: read the plan file content viaBun.file()inPlanExitTooland append it to the question text below a horizontal rule. If the plan file is empty/missing, return an error telling the agent to write the plan first instead of showing an empty question.3. Question text renders as plain text — The question dock rendered
question.questionas raw text, not markdown. Even with the plan content included, headers/lists/code blocks would display unformatted. Fix: use theMarkdowncomponent in both the live question dock (session-question-dock.tsx) and historical message display (message-part.tsx). Addedoverflow-y: auto; max-height: 40vhto the question-text CSS so long plans scroll within the dock.4. Question dock can now be minimized — Added a minimize/expand toggle to the question dock so users can collapse it to read the conversation while a question is pending. The
DockPromptcomponent gains aminimizedprop that hides content and footer. The header title is clickable (withflex: 1to fill the row) and a chevron button toggles the state, matching the existing todo dock collapse pattern.5. Question dock text is now selectable — Added
[data-slot="question-text"]to theuser-select: textallow-list inmessage-part.cssso plan content is selectable and copyable.How did you verify your code works?
plan_exit: falseandplan_enter: falsewhich survives theSessionPrompt.prompt()permission overwriteMarkdowncomponent renders question text with proper formattingflex: 1for large click target[data-slot="question-text"]inuser-select: textallow-list enables copyScreenshots / recordings
N/A — planning mode is experimental and behind a flag. The markdown rendering, minimize, and text selection changes apply to all question docks.
Checklist