[Feature Request] Per-agent permission scoping for tool restrictions

Resolved 💬 3 comments Opened Mar 31, 2026 by AmitKulkarni23 Closed Apr 3, 2026

Bug Description
---
Feature request: Per-agent permission scoping

Permission rules (permissions.deny/permissions.allow in settings.json) are project-level and apply uniformly to all agents, skills, and the user. There's no way to scope
permission rules to a specific agent.

Use case: I have multiple agents — an implementer agent that should be restricted from running destructive commands (cdk deploy, aws writes, git push), and other agents that
need those commands. Today I either deny at the project level (blocking myself and all agents) or rely on prompt-level instructions (advisory, not enforced).

Desired behavior: Something like:

```
{
"permissions": {
"deny": [
"Agent(implementer):Bash(cdk deploy *)",
"Agent(implementer):Bash(aws delete)",
"Agent(implementer):Bash(git push *)"
]
}
}


  Or alternatively, an agent-level permissions block in the agent definition frontmatter:

---
name: implementer
model: sonnet
tools: Read, Edit, Write, Bash, Grep, Glob, LSP
permissions:
deny:

  • "Bash(cdk deploy *)"
  • "Bash(aws delete)"
  • "Bash(git push *)"

---


  Workarounds considered: PreToolUse hooks (unclear if hook receives agent identity), prompt-level rules (not enforced). Neither is satisfactory.

**Environment Info**
- Platform: darwin
- Terminal: ghostty
- Version: 2.1.87
- Feedback ID: 855a6ce8-b9d9-4e69-9b30-8e1f37c9f69c

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗