Skip to content

fix: correct Decide precedence and remove sub-session scope escalation#3542

Merged
Sayt-0 merged 10 commits into
docker:mainfrom
Piyush0049:fix/subsession-permissions
Jul 15, 2026
Merged

fix: correct Decide precedence and remove sub-session scope escalation#3542
Sayt-0 merged 10 commits into
docker:mainfrom
Piyush0049:fix/subsession-permissions

Conversation

@Piyush0049

@Piyush0049 Piyush0049 commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

What this PR does / why we need it:
This PR resolves permission override scoping issues between parent and child sessions and fixes the tool-approval chain precedence.

Previously, a successful sub-session would back-propagate its ToolsApproved boolean and Permissions to the parent session. This created a scope escalation bug where a sub-agent could elevate the parent's permissions for the remainder of the parent's turn. Additionally, the tool execution pipeline didn't correctly prioritize explicit Deny rules over the --yolo flag.

This PR fixes these issues by:

  1. Removing the upward permission back-propagation (SetToolsApproved and SetPermissions) when a child session completes, ensuring permissions only flow downwards.
  2. Correcting the Decide precedence logic so that explicit Deny rules correctly override --yolo, while keeping --yolo above ForceAsk.
  3. Integrating the PermissionsConfig.Clone() refactor to safely isolate parent and child session permissions without data races.

Special notes for your reviewer:

  • Added TestRunAgent_EndToEndPermissions to explicitly verify that the Allow, Ask, and Deny rules are correctly enforced along the real dispatch path.
  • Restored the exhaustive Decide test matrix by adding tests for YOLO paths without checker matches and YOLO overriding ForceAsk.
  • Refreshed relevant documentation in docs/ to correctly indicate that explicit Deny rules block tools even in YOLO mode.

Sub-agents now inherit the exact Allow, Ask, and Deny rules from the parent session instead of bypassing them. This resolves a known prompt-injection loophole for background agents.

Signed-off-by: piyush0049 <piyushjoshi81204@gmail.com>
@Piyush0049 Piyush0049 requested a review from a team as a code owner July 8, 2026 17:35
@Piyush0049

Copy link
Copy Markdown
Contributor Author

Note: Learning from previous PRs, I also added a unit test to verify that this behavior works correctly and stays fixed in the future. You can run the test locally using this command:
go test -v -run TestSubSessionInheritsPermissions ./pkg/runtime/...

@aheritier aheritier added kind/fix PR fixes a bug (maps to fix:). Use on PRs only. area/runtime Runtime engine, agent loop execution, tool dispatch, loop detection labels Jul 8, 2026

@Sayt-0 Sayt-0 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for tackling this. Inheriting the parent permissions in newSubSession is the right insertion point. Two points look blocking before this can land, plus a test gap; details are inline.

area concern
correctness background agents run with ToolsApproved: true, and Decide short-circuits on the yolo flag before any checker runs, so the inherited Allow/Ask/Deny rules are never consulted on that path (the exact case the removed TODO described)
isolation the parent PermissionsConfig pointer is shared with the child instead of cloned, unlike every other call site
tests the new test asserts field copying only, not dispatch behaviour

Comment thread pkg/runtime/agent_delegation.go Outdated
Comment thread pkg/runtime/agent_delegation.go Outdated
Comment thread pkg/runtime/agent_delegation_test.go
- Deep clone parent permissions into the child session to prevent aliasing

- Re-order yolo check in Decide to ensure inherited Deny/ForceAsk overrides ToolsApproved: true

- Enhance TestSubSessionInheritsPermissions to assert actual dispatch behavior

Signed-off-by: piyush0049 <piyushjoshi81204@gmail.com>
@Piyush0049

Copy link
Copy Markdown
Contributor Author

@Sayt-0 Thank you for the review, I read it and have pushed an update addressing all three of your points:

  1. Isolation / Aliasing: Added a public .Clone() method to PermissionsConfig and updated newSubSession to use it, ensuring child permissions don't alias the parent. (Also cleaned up the old unexported helper in pkg/session).
  2. Correctness (YOLO Flag): Re-ordered the logic in Decide() so that explicit Deny and ForceAsk rules now properly win over the ToolsApproved: true (yolo) flag for background agents.
  3. Dispatch Test: Updated TestSubSessionInheritsPermissions to explicitly drive the approval path, proving that a background agent (with the yolo flag on) correctly returns OutcomeDeny when inheriting a parent's denial.

All tests are passing locally. Do let me know if any change is required please.

Signed-off-by: piyush0049 <piyushjoshi81204@gmail.com>
@Piyush0049

Copy link
Copy Markdown
Contributor Author

I just pushed a quick follow-up commit to fix the CI failures.

@Sayt-0

Sayt-0 commented Jul 10, 2026

Copy link
Copy Markdown
Member

HI @Piyush0049 can you resolve the conflicts ? ping me when its done

@Piyush0049

Copy link
Copy Markdown
Contributor Author

Sayt-0 Sure

…sions

# Conflicts:
#	pkg/runtime/agent_delegation.go
#	pkg/runtime/agent_delegation_test.go

Signed-off-by: piyush0049 <piyushjoshi81204@gmail.com>
…sions

# Conflicts:
#	pkg/runtime/toolexec/dispatcher.go

Signed-off-by: piyush0049 <piyushjoshi81204@gmail.com>
@Piyush0049

Copy link
Copy Markdown
Contributor Author

Sayt-0 I have resolved the merge conflicts. Please do let me know if any changes are required.

Signed-off-by: piyush0049 <piyushjoshi81204@gmail.com>
@Piyush0049

Copy link
Copy Markdown
Contributor Author

I've pushed a commit to fix the CI timeout in build-and-test.

The TestForceAskOverridesYoloMode test was hanging because it routed to askUser(), which blocked indefinitely waiting for UI input. Adding sess.NonInteractive = true allows it to correctly fail fast without hanging.

Side Note: While testing locally on Windows, I noticed a few pre-existing issues in main that break the local test suite (e.g. syscall.Mkfifo breaks compilation, hardcoded /abs/foo.go paths fail filepath.IsAbs, and sh/jq commands in hooks). Since these pass on Linux CI, I kept them out of this PR, but let me know if you'd like a separate PR later to make the tests Windows compatible

@Piyush0049

Copy link
Copy Markdown
Contributor Author

The build-image CI job probably failed due to a transient apt-get mirror sync error on download.docker.com. Could a maintainer please re-run the failed jobs when they get a chance?

@Piyush0049

Copy link
Copy Markdown
Contributor Author

Thanks for re-running the jobs. Please do let me know if any other changes are required.

@Sayt-0 Sayt-0 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the follow-up and for iterating on the earlier feedback. The isolation fix (PermissionsConfig.Clone()) is clean, and the race-prone double-cloning issue from the earlier round looks closed (verified locally with go test -race ./pkg/runtime/... ./pkg/session/..., no race, all green, matching CI).

One design point needs a decision before this can merge, plus a few smaller items, all left as inline comments.

Area Concern Blocking
Scope / design Decide() reordering makes Deny and ForceAsk win over --yolo globally, not just for inherited sub-sessions yes, needs a decision
Docs consistency Several comments and one public doc page still describe the old ordering yes
Diff hygiene A few hunks are pure reformatting unrelated to the fix no, nit
Test depth New test exercises Decide() directly rather than the full dispatch path no, nit

What's good:

  • PermissionsConfig.Clone(): exported, nil-safe, doc-commented, consistent with Session.ClonePermissions().
  • TestSubSessionInheritsPermissions is a real improvement over asserting field copies only.
  • No new allocations or performance concerns; slices.Clone is equivalent to the helper it replaces.

}
}

if yoloApproved {

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This reorders the approval pipeline for every session, not just sub-sessions with inherited permissions.

Deny winning over --yolo matches the contract PermissionsConfig has documented since it was introduced (pkg/config/latest/types.go, and every frozen version v3 to v11): "Deny: Tools matching these patterns are always rejected, even with --yolo".

ForceAsk winning over --yolo reverses commit 7351e4fa0 ("--yolo must accept any tool call"), which added TestYoloMode_OverridesForceAsk (renamed here to TestForceAskOverridesYoloMode, assertion flipped) specifically to lock in the opposite behavior, and documented it in pkg/permissions/permissions.go's CheckWithArgs comment: "Note that --yolo mode takes precedence over ForceAsk" (still present on main, now stale).

The doc comment on this function, line 61, still lists yolo as step 1 ahead of the checkers; it needs updating either way this lands.

Question: should this only reorder the Deny case and leave ForceAsk behind --yolo (matching the two contracts above), or is overriding ForceAsk too an intentional posture change? If the latter, pkg/permissions/permissions.go and docs/tools/background-agents/index.md:33 ("via YOLO mode or explicit allow rules") need updating in this PR.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was not an intentional posture change! I have updated the logic to only reorder the Deny case, leaving ForceAsk behind --yolo as originally intended.

Because this preserves the original contract, the external docs (pkg/permissions/permissions.go and index.md) remain accurate and didn't need updating. (I've also fixed the doc comment on Decide() to reflect this correctly).

}, "shell", nil, false)

assert.Equal(t, PermissionDecision{Outcome: OutcomeAllow, Reason: ReasonYolo}, d)
assert.Equal(t, PermissionDecision{Outcome: OutcomeDeny, Reason: ReasonChecker, Source: "team"}, d)

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Matches the documented PermissionsConfig contract for Deny, no objection to this one specifically. See the comment on pkg/runtime/toolexec/permissions.go about the related ForceAsk case that still needs a decision.

Comment thread pkg/runtime/runtime_test.go Outdated
Comment thread pkg/runtime/agent_delegation.go Outdated
Comment thread pkg/runtime/agent_delegation_test.go Outdated
Comment thread pkg/runtime/agent_delegation_test.go
@Piyush0049

Copy link
Copy Markdown
Contributor Author

Thanks for the review. I read it and have addressed all the points in the table:

  1. Scope/design: Decided to revert the ForceAsk change. It now stays behind --yolo as originally intended, while Deny correctly continues to override it.
  2. Docs consistency: Updated the Decide() block comment. Since the original contract for ForceAsk was restored, the external docs are still accurate and were left untouched.
  3. Diff hygiene: Reverted the formatting noise in agent_delegation.go (both the EmitLegacyAttributes hunk and the applyForceHandoff closing paren) and the agent.New() reflows in the test file.
  4. Test depth: Fixed the expectation on TestYoloMode_OverridesForceAsk (kept the CI hang fix) and added a brand new TestRunAgent_EndToEndPermissions to verify the permissions.Checker end-to-end through the real RunAgent dispatcher path.

Please do let me know if any other changes are required.

@Sayt-0 Sayt-0 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for iterating again. The design question from the previous round is now settled: making explicit Deny win over --yolo globally is accepted. It matches the documented "Deny patterns take priority" philosophy, and background agents inheriting ToolsApproved: true would otherwise carry dead-letter Deny rules. Keeping YOLO above ForceAsk restores the original contract, good call.

Verified locally on the branch: go build ./... and go test -race ./pkg/runtime/... ./pkg/session/... are green.

Remaining items before merge, all small; details inline.

# Area Concern Blocking
1 Stale comments Two inline comments in runtime_test.go still state the old behavior ("--yolo takes precedence over deny") under tests that now assert the opposite yes
2 Docs consistency Three doc lines still describe the old chain order (table below) yes
3 Test robustness TestRunAgent_EndToEndPermissions discards the RunAgent result, so it would pass vacuously if the run failed before any tool call yes
4 PR title/description The newSubSession inheritance described in the PR body already landed on main via fd89580; the merge commit would tell the wrong story. Refresh both to describe the actual change (Decide precedence + Clone() refactor) yes
5 Diff hygiene Two NewLocalRuntime( reflow-only hunks remain in agent_delegation_test.go no, nit
6 Test coverage After the rename, no Decide-level case covers plain yolo-allow or yolo-over-ForceAsk no, nit

Docs lines to update (files not in the diff, need a commit):

File Line Current Problem
docs/configuration/hooks/index.md 60 "approval chain (yolo / permissions / readonly / ask)" Deny permissions now precede yolo
docs/configuration/hooks/index.md 716 "tool-approval chain (yolo / permissions / readonly / ...)" same
docs/features/cli/index.md 31 "--yolo: Auto-approve all tool calls" no longer "all": explicit deny rules still block

Non-blocking observation, for the record: with first-checker-wins semantics, a session-level ForceAsk consulted before a team-level Deny still yields Allow under yolo. This is pre-existing layer-precedence behavior, unchanged by this PR.

What's good:

  • The Decide() reordering is minimal and keeps the function pure; returning ReasonYolo on the ForceAsk-under-yolo path keeps approval_source audit labels consistent for hooks.
  • PermissionsConfig.Clone() is nil-safe and removes the private helper cleanly across all six call sites.
  • TestRunAgent_EndToEndPermissions finally exercises the real dispatch path, closing the test-depth gap from round one.

Comment thread pkg/runtime/runtime_test.go Outdated
Comment thread pkg/runtime/runtime_test.go Outdated
Comment thread pkg/runtime/agent_delegation_test.go Outdated
Comment thread pkg/runtime/agent_delegation_test.go Outdated
}

func TestDecide_YoloShortCircuits(t *testing.T) {
func TestDecide_DenyOverridesYolo(t *testing.T) {

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: after the rename, two paths of the new ordering have no Decide-level case left: plain yolo-allow (no checker match) and yolo-over-ForceAsk. Two one-liners would restore the exhaustive matrix promised by Decide's doc comment (both verified locally):

func TestDecide_YoloAllowsWhenNoCheckerMatches(t *testing.T) {
	t.Parallel()
	d := Decide(true, nil, "shell", nil, false)
	assert.Equal(t, PermissionDecision{Outcome: OutcomeAllow, Reason: ReasonYolo}, d)
}

func TestDecide_YoloOverridesForceAsk(t *testing.T) {
	t.Parallel()
	d := Decide(true, []NamedChecker{
		{Checker: newChecker(t, nil, []string{"shell"}, nil), Source: "team"},
	}, "shell", nil, false)
	assert.Equal(t, PermissionDecision{Outcome: OutcomeAllow, Reason: ReasonYolo}, d)
}

Comment thread pkg/runtime/runtime_test.go Outdated
Comment thread pkg/runtime/agent_delegation_test.go Outdated
Comment thread pkg/runtime/agent_delegation_test.go Outdated
@Piyush0049

Copy link
Copy Markdown
Contributor Author

Thank you for the review. I read it and have pushed an update addressing your feedback:

  • Fixed the stale test comments and updated the docs to correctly reflect that Deny rules precede --yolo.
  • Removed the upward permission back-propagation bug in agent_delegation.go.
  • Added the missing YOLO paths to the Decide test matrix.
  • Fixed the TestRunAgent_EndToEndPermissions assertions and reverted the formatting noise.
  • The PR title and description have also been updated to reflect the Decide precedence and bug fixes.

@Piyush0049 Piyush0049 changed the title fix: propagate session permissions correctly to sub-sessions fix: correct Decide precedence and remove sub-session scope escalation Jul 13, 2026
@Piyush0049

Copy link
Copy Markdown
Contributor Author

I have also updated the PR title and description according to the review. Please do let me know if any other change is required.

@Sayt-0 Sayt-0 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the follow-up. All six items from the previous round are addressed: the stale runtime_test.go comments are gone, the three doc lines now describe the permissions / yolo order, TestRunAgent_EndToEndPermissions asserts the run result, the reflow-only hunks are reverted, the Decide matrix is exhaustive again, and the PR title/body were refreshed.

Verified locally on the branch head (d12ae3f): go build ./... and go test -race ./pkg/runtime/... ./pkg/session/... are green.

The last push, however, adds a behavior change that was not among the previous round's asks: the removal of the success-path back-propagation in runForwarding. It needs an explicit decision plus two follow-ups; details inline.

# Area Concern Blocking
1 Scope / design Removing the runForwarding back-propagation reverses a deliberate behavior (838f7dd); the direction fits the "permissions flow downwards" philosophy, but the UX change must be decided explicitly rather than land silently in a follow-up push yes, needs a decision
2 Stale doc comment runForwarding's doc comment still says "propagating tool-approval state back to the parent on completion" yes
3 Test coverage No test locks the new no-back-propagation invariant; a ready-made test is proposed inline (passes on this branch, fails on the pre-removal code) yes
4 Test depth TestRunAgent_EndToEndPermissions nil-checks childSession but never inspects it no, nit

What's good:

  • TestDecide_YoloAllowsWhenNoCheckerMatches and TestDecide_YoloOverridesForceAsk restore the exhaustive matrix promised by Decide's doc comment, asserting exact PermissionDecision values.
  • The doc updates land exactly where round 3 asked (hooks page twice, CLI page twice, including the alias bullet).
  • TestRunAgent_EndToEndPermissions now asserts result.ErrMsg and the sub-session presence, closing the vacuous-pass gap.
  • The diff is free of reformat-only hunks.

// should not carry over to the parent's remaining turns.
parent.SetToolsApproved(s.IsToolsApproved())
parent.SetPermissions(s.ClonePermissions())
span.SetStatus(codes.Ok, "sub-session completed")

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This removal is a real behavior change, not a cleanup, and it was not among the previous round's asks. The success-path back-propagation was introduced deliberately in 838f7dd ("Update the tools approved of the parent session once the sub-session ended") and recently narrowed to the success path on main (fd89580) with an explicit rationale comment, the one deleted here.

What changes for interactive users:

Action inside a transfer_task / run_skill child before after
"Approve all for session" carries over to the parent's remaining turns scoped to the child; the parent re-prompts
"Always allow <tool>" appended to the parent's Allow list scoped to the child
Failed child session no propagation no propagation (unchanged)

The security argument is sound: it matches the "permissions only flow downwards" scoping this PR establishes, and it closes the ratchet where a child scope elevates the parent for the rest of the turn. The cost is UX: users who click "approve all" inside a delegation will be prompted again in the parent.

Accepting the removal is reasonable, under two conditions (tracked in the summary table):

  1. the runForwarding doc comment (line 251, "propagating tool-approval state back to the parent on completion") must state the new contract instead, e.g. "The child's approval state stays scoped to the sub-session and never flows back to the parent";
  2. a test must lock the invariant, otherwise the next reader may take this for an accidental drop and restore it; see the proposal on agent_delegation_test.go.

If keeping the "approve all persists to the parent" UX is preferred instead, this hunk can be reverted and moved to its own PR so the Decide precedence fix is not held up.

"parent permissions must be isolated from child mutations")
}

func TestRunAgent_EndToEndPermissions(t *testing.T) {

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new no-back-propagation invariant has no locking test: no existing test fails if parent.SetToolsApproved(...) / parent.SetPermissions(...) come back. The following drives the real runForwarding path with a child scope broader than the parent's (as if the user had clicked "approve all" inside the sub-session) and asserts the parent is untouched. Verified: passes on d12ae3f, fails on the parent commit 38c27a8 (pre-removal code) on both assertions.

// TestRunForwarding_DoesNotBackPropagateApprovals locks the "permissions only
// flow downwards" invariant: approvals granted within a sub-session scope must
// not escalate the parent's ToolsApproved gate or permission rules.
func TestRunForwarding_DoesNotBackPropagateApprovals(t *testing.T) {
	t.Parallel()

	childStream := newStreamBuilder().AddContent("done").AddStopWithUsage(10, 5).Build()
	prov := &mockProvider{id: "test/mock-model", stream: childStream}

	librarian := agent.New("librarian", "Library agent", agent.WithModel(prov))
	root := agent.New("root", "Root agent", agent.WithModel(prov))
	agent.WithSubAgents(librarian)(root)

	tm := team.New(team.WithAgents(root, librarian))
	rt, err := NewLocalRuntime(t.Context(), tm,
		WithSessionCompaction(false),
		WithModelStore(mockModelStore{}),
	)
	require.NoError(t, err)

	parent := session.New(
		session.WithUserMessage("Test"),
		session.WithPermissions(&session.PermissionsConfig{Deny: []string{"dangerous_tool"}}),
	)
	require.False(t, parent.IsToolsApproved())

	evts := make(chan Event, 128)
	// Child scope broader than the parent's, as if the user had clicked
	// "approve all" / "always allow" inside the sub-session.
	_, err = rt.runForwarding(t.Context(), parent, NewChannelSink(evts), delegationRequest{
		SubSessionConfig: SubSessionConfig{
			Task:          "find a book",
			AgentName:     "librarian",
			Title:         "Transferred task",
			ToolsApproved: true,
			Permissions: &session.PermissionsConfig{
				Allow: []string{"exploit_tool"},
				Deny:  []string{"dangerous_tool"},
			},
		},
		SwitchCurrentAgent: true,
	})
	require.NoError(t, err)

	assert.False(t, parent.IsToolsApproved(),
		"a sub-session must not escalate the parent's ToolsApproved gate")
	parentPerms := parent.ClonePermissions()
	require.NotNil(t, parentPerms)
	assert.Empty(t, parentPerms.Allow,
		"child-scope approvals must not leak into the parent's Allow list")
	assert.Equal(t, []string{"dangerous_tool"}, parentPerms.Deny)
}

Comment on lines +516 to +518
require.NotNil(t, childSession, "parent must have a sub-session")

require.False(t, executed, "expected dangerous_tool to NOT be executed because it is denied by inherited permissions")

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: childSession is fetched but only nil-checked. Asserting the inherited Deny actually reached the child makes the executed == false assertion self-explanatory (denied because inherited, not because of an unrelated failure). Verified locally, the suggestion passes on this branch.

Suggested change
require.NotNil(t, childSession, "parent must have a sub-session")
require.False(t, executed, "expected dangerous_tool to NOT be executed because it is denied by inherited permissions")
require.NotNil(t, childSession, "parent must have a sub-session")
require.NotNil(t, childSession.Permissions)
assert.Equal(t, []string{"dangerous_tool"}, childSession.Permissions.Deny,
"child must inherit the parent's Deny rules")
require.False(t, executed, "expected dangerous_tool to NOT be executed because it is denied by inherited permissions")

@Piyush0049

Copy link
Copy Markdown
Contributor Author

@Sayt-0 Thank you for the review, I read it and have pushed a commit addressing :

  • Updated the runForwarding doc comment to explicitly state that the approval state stays scoped to the sub-session and never flows back up.
  • Added the TestRunForwarding_DoesNotBackPropagateApprovals test to lock the no-back-propagation invariant.
  • Added the explicit Deny list assertion to TestRunAgent_EndToEndPermissions.

Please do let me know if any other change is required please.

Sayt-0
Sayt-0 previously approved these changes Jul 15, 2026

@Sayt-0 Sayt-0 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good now ! Thank you !

@Sayt-0

Sayt-0 commented Jul 15, 2026

Copy link
Copy Markdown
Member

Can you sign your commits ?

Signed-off-by: piyush0049 <piyushjoshi81204@gmail.com>
Restores YOLO overriding ForceAsk while keeping Deny overriding YOLO. Reverts unrelated formatting noise in agent_delegation.go and tests. Adds end-to-end TestRunAgent_EndToEndPermissions to verify dispatch path inheritance.

Signed-off-by: piyush0049 <piyushjoshi81204@gmail.com>
Signed-off-by: piyush0049 <piyushjoshi81204@gmail.com>
Signed-off-by: piyush0049 <piyushjoshi81204@gmail.com>
@Piyush0049 Piyush0049 force-pushed the fix/subsession-permissions branch from 3921031 to 5faaafc Compare July 15, 2026 10:08
@Piyush0049

Copy link
Copy Markdown
Contributor Author

@Sayt-0 Thank you for the approval.
I have just rebased the branch to properly sign off the remaining commits.

@Sayt-0

Sayt-0 commented Jul 15, 2026

Copy link
Copy Markdown
Member

Hi @Piyush0049 ! all commits must be signed. Can you take a look and ping me when it's done ?

@Piyush0049 Piyush0049 force-pushed the fix/subsession-permissions branch from 5faaafc to fe11295 Compare July 15, 2026 11:45
@Piyush0049 Piyush0049 dismissed Sayt-0’s stale review July 15, 2026 11:46

The merge-base changed after approval.

@Piyush0049 Piyush0049 force-pushed the fix/subsession-permissions branch 3 times, most recently from 31be792 to f18be82 Compare July 15, 2026 11:54
@Piyush0049

Copy link
Copy Markdown
Contributor Author

@Sayt-0 Now all the commits are verified. I actually missed one commit last time. I hope everything is fine now.
Please do let me know if any other changes are required.

@Sayt-0

Sayt-0 commented Jul 15, 2026

Copy link
Copy Markdown
Member

good now ! thank you !

@Sayt-0 Sayt-0 merged commit c4f3ab3 into docker:main Jul 15, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/runtime Runtime engine, agent loop execution, tool dispatch, loop detection kind/fix PR fixes a bug (maps to fix:). Use on PRs only.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants