Spawned agents: bypassPermissions ineffective, worktree data loss, plan mode loop
Environment
- Claude Code CLI (latest as of 2026-02-26)
- macOS Darwin 25.3.0
- Model: claude-opus-4-6
- Repository: private Next.js/Prisma project
Summary
Three related bugs when using the Task tool to spawn agents with worktree isolation. All three were encountered in a single session attempting to run 3 parallel implementation tasks.
---
Bug 1: bypassPermissions mode does not grant Write/Edit/Bash to spawned agents
Steps to reproduce:
- Spawn an agent via Task tool with
mode: "bypassPermissions"andisolation: "worktree" - Agent attempts to use Write, Edit, or Bash tools
- All three are denied despite
bypassPermissions
Expected: Agent has full tool access when bypassPermissions is set.
Actual: Agent is blocked on Write, Edit, and Bash. Can only Read/Grep/Glob. Agent returns with a message asking for permissions it should already have.
Affected agent types tested:
senior-backend-engineersenior-frontend-engineersenior-code-auditorgeneral-purpose
All exhibited the same behavior. Multiple retry rounds (3+ attempts per task) all failed identically.
---
Bug 2: Worktree cleanup destroys uncommitted agent work without warning
Steps to reproduce:
- Spawn agents with
isolation: "worktree"— worktrees created under.claude/worktrees/ - Agents read files and report task completion (due to Bug 1, they couldn't actually write/commit)
- Call TeamDelete or otherwise trigger worktree cleanup
- All work is destroyed — branches exist but have zero commits ahead of main
Expected: Either (a) worktree cleanup warns if there are uncommitted changes, or (b) worktree is preserved if changes exist.
Actual: Worktrees are silently deleted. Branches remain but are empty. No recovery possible.
Impact: In our session, 3 agents reported successful task completion. We only discovered all work was lost when verifying branch commits afterward. Significant token burn with zero output.
---
Bug 3: Plan mode on worktree agents causes infinite approval loop
Steps to reproduce:
- Spawn an agent with
mode: "plan"andisolation: "worktree" - Agent produces a plan and calls ExitPlanMode
- Orchestrator approves the plan
- Agent re-enters a state requiring another plan approval
- Loop repeats indefinitely
Expected: After plan approval, agent exits plan mode and proceeds with implementation.
Actual: Each approval triggers a new context that requires another approval. The only fix was to shut down and respawn without plan mode.
---
Session context
These bugs were encountered while using an orchestrator agent pattern that spawns specialized sub-agents via the Task tool for a multi-agent pipeline. The combination of isolation: "worktree" + permission modes appears fundamentally broken — agents can be created in worktrees but cannot perform any file operations.
The workaround (spawning without worktree isolation or plan mode, and with bypassPermissions) also failed for Write/Edit, suggesting bypassPermissions is ineffective regardless of worktree usage.
This issue has 10 comments on GitHub. Read the full discussion on GitHub ↗