[Feature Request] Per-agent permission scoping for tool restrictions
Bug Description
---
Feature request: Per-agent permission scoping
Permission rules (permissions.deny/permissions.allow in settings.json) are project-level and apply uniformly to all agents, skills, and the user. There's no way to scope
permission rules to a specific agent.
Use case: I have multiple agents — an implementer agent that should be restricted from running destructive commands (cdk deploy, aws writes, git push), and other agents that
need those commands. Today I either deny at the project level (blocking myself and all agents) or rely on prompt-level instructions (advisory, not enforced).
Desired behavior: Something like:
```
{
"permissions": {
"deny": [
"Agent(implementer):Bash(cdk deploy *)",
"Agent(implementer):Bash(aws delete)",
"Agent(implementer):Bash(git push *)"
]
}
}
Or alternatively, an agent-level permissions block in the agent definition frontmatter:
---
name: implementer
model: sonnet
tools: Read, Edit, Write, Bash, Grep, Glob, LSP
permissions:
deny:
- "Bash(cdk deploy *)"
- "Bash(aws delete)"
- "Bash(git push *)"
---
Workarounds considered: PreToolUse hooks (unclear if hook receives agent identity), prompt-level rules (not enforced). Neither is satisfactory.
**Environment Info**
- Platform: darwin
- Terminal: ghostty
- Version: 2.1.87
- Feedback ID: 855a6ce8-b9d9-4e69-9b30-8e1f37c9f69c
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗