Agent Teams: subagent crashes with <Box> in <Text> Ink error on sensitive-path Edit/Write

Resolved 💬 3 comments Opened Apr 23, 2026 by meni-spikes Closed Apr 28, 2026

Summary

Claude Code 2.1.117 and 2.1.118 subagents spawned in experimental Agent Teams mode crash with an Ink rendering error whenever the subagent issues an Edit or Write tool call targeting a file inside a "sensitive" path (e.g. .claude/commands/). Crash is reproducible, does not depend on mode: bypassPermissions, and does not fire on Read of the same path — only on Edit/Write.

Reproduction

  1. Enable experimental teams: CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1 in ~/.claude/settings.json.
  2. Parent session started with --dangerously-skip-permissions.
  3. From parent, spawn a subagent via the Agent tool:

``
Agent({
subagent_type: "general-purpose",
team_name: "<any>",
name: "<any>"
})
``

  1. In the spawn prompt, direct the subagent to Edit or Write any file inside .claude/commands/ or another sensitive path.
  2. Subagent crashes the moment the tool call is processed.

Error

ERROR  <Box> can't be nested inside <Text> component

  at createInstance (cli.js:495:249)
  at BU (cli.js:477:57938)
  at gTH (cli.js:477:87786)
  at XWH (cli.js:477:86997)
  at bgH (cli.js:477:85896)
  at Ir (cli.js:477:85717)
  at MWH (cli.js:477:82456)
  at T_ (cli.js:477:6497)
  at hH (cli.js:477:4980)
  at eH (cli.js:477:5281)

The Ink host-config createInstance rejects an ink-box created while the parent context has isInsideText: true. Almost certainly a <Box> element nested inside a <Text> wrapper within the sensitive-file Edit confirmation / preview UI component.

Differential matrix (all tested on 2.1.117, same session)

| mode | Target path | Result |
|---|---|---|
| (none) | /tmp/<file> | pass |
| (none) | <worktree>/tmp/<file> | pass |
| (none) | .claude/commands/<file> (Read only) | pass |
| (none) | .claude/commands/<file> (Edit) | crash |
| bypassPermissions | /tmp/<file> | pass |
| bypassPermissions | .claude/commands/<file> (Edit) | crash |

What was ruled out

  • Permission prompts. Parent runs with --dangerously-skip-permissions; no prompt fires before the crash.
  • Custom statusline. Removing statusLine config did not change behavior.
  • Worktree path. Crash fires whether spawn CWD is main repo or worktree.
  • Workload volume. Light workloads (single Edit) crash identically to heavy workloads.
  • mode: bypassPermissions itself. Non-bypass spawns crash identically on sensitive-path Edit.
  • Skill load. Probes that loaded bmad-agent-dev and probes that did not both crash when the Edit targets a sensitive path.

Environment

  • Claude Code: 2.1.117 (also reproduces on 2.1.118)
  • OS: macOS (Darwin 25.4.0)
  • Terminal: tmux (subagents use backendType: "tmux")
  • Experimental feature: CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1

Workaround

Parent session performs edits on sensitive paths. Team subagents are restricted to edits on non-sensitive paths (code, docs, tests). Reviewer subagents (Read-only) remain safe.

Impact

Blocks any workflow where team subagents must edit Claude Code config files (.claude/commands/, .claude/skills/, ~/.claude/settings.json, etc.). Because experimental Agent Teams is foundational to multi-agent pipelines, this bug blocks self-modifying pipeline rewrites and similar infrastructure work.

Likely area to inspect

The JSX rendering the sensitive-file Edit confirmation/preview in the subagent TUI. Most likely a <Box> placed inside a <Text> parent, only reachable when isSensitivePath(target) is true. Read paths are fine, so the bug is specifically in the Edit/Write confirmation render path, not the tool itself.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗