Spawned agents: bypassPermissions ineffective, worktree data loss, plan mode loop

Resolved 💬 10 comments Opened Feb 26, 2026 by houzrINC Closed Apr 30, 2026

Environment

  • Claude Code CLI (latest as of 2026-02-26)
  • macOS Darwin 25.3.0
  • Model: claude-opus-4-6
  • Repository: private Next.js/Prisma project

Summary

Three related bugs when using the Task tool to spawn agents with worktree isolation. All three were encountered in a single session attempting to run 3 parallel implementation tasks.

---

Bug 1: bypassPermissions mode does not grant Write/Edit/Bash to spawned agents

Steps to reproduce:

  1. Spawn an agent via Task tool with mode: "bypassPermissions" and isolation: "worktree"
  2. Agent attempts to use Write, Edit, or Bash tools
  3. All three are denied despite bypassPermissions

Expected: Agent has full tool access when bypassPermissions is set.

Actual: Agent is blocked on Write, Edit, and Bash. Can only Read/Grep/Glob. Agent returns with a message asking for permissions it should already have.

Affected agent types tested:

  • senior-backend-engineer
  • senior-frontend-engineer
  • senior-code-auditor
  • general-purpose

All exhibited the same behavior. Multiple retry rounds (3+ attempts per task) all failed identically.

---

Bug 2: Worktree cleanup destroys uncommitted agent work without warning

Steps to reproduce:

  1. Spawn agents with isolation: "worktree" — worktrees created under .claude/worktrees/
  2. Agents read files and report task completion (due to Bug 1, they couldn't actually write/commit)
  3. Call TeamDelete or otherwise trigger worktree cleanup
  4. All work is destroyed — branches exist but have zero commits ahead of main

Expected: Either (a) worktree cleanup warns if there are uncommitted changes, or (b) worktree is preserved if changes exist.

Actual: Worktrees are silently deleted. Branches remain but are empty. No recovery possible.

Impact: In our session, 3 agents reported successful task completion. We only discovered all work was lost when verifying branch commits afterward. Significant token burn with zero output.

---

Bug 3: Plan mode on worktree agents causes infinite approval loop

Steps to reproduce:

  1. Spawn an agent with mode: "plan" and isolation: "worktree"
  2. Agent produces a plan and calls ExitPlanMode
  3. Orchestrator approves the plan
  4. Agent re-enters a state requiring another plan approval
  5. Loop repeats indefinitely

Expected: After plan approval, agent exits plan mode and proceeds with implementation.

Actual: Each approval triggers a new context that requires another approval. The only fix was to shut down and respawn without plan mode.

---

Session context

These bugs were encountered while using an orchestrator agent pattern that spawns specialized sub-agents via the Task tool for a multi-agent pipeline. The combination of isolation: "worktree" + permission modes appears fundamentally broken — agents can be created in worktrees but cannot perform any file operations.

The workaround (spawning without worktree isolation or plan mode, and with bypassPermissions) also failed for Write/Edit, suggesting bypassPermissions is ineffective regardless of worktree usage.

View original on GitHub ↗

This issue has 10 comments on GitHub. Read the full discussion on GitHub ↗