fix(opencode): preserve readonly subagent restrictions across compaction

[Haohao-end]

Issue for this PR

Closes #18213

Type of change

• Bug fix
• New feature
• Refactor / code improvement
• Documentation

What does this PR do?

This fixes a case where readonly restrictions on plan-mode subagents could be lost after compaction.

The main issue was that when a child task session was created or resumed, the effective readonly edit restriction from the parent context was not being persisted into the child session. On top of that, the legacy tools path in SessionPrompt.prompt() could replace the existing session permission rules entirely, which removed inherited restrictions.

This PR fixes that by:

• persisting the parent readonly edit restriction into child subagent sessions in TaskTool, including resumed task_id sessions
• changing SessionPrompt.prompt() to merge tool-derived permissions into the existing session rules instead of replacing the whole ruleset
• requiring edit permission for the shell write paths used in this issue (cat > ... / output redirection and sed -i), so those writes cannot bypass readonly mode after compaction

I kept the shell-side change narrow to the repro path instead of expanding the general bash permission model.

How did you verify your code works?

I verified the change by:

• tracing the repro path through task.ts, prompt.ts, compaction.ts, message-v2.ts, and bash.ts
• checking that git diff --check passes
• adding regression tests for:
  • merging legacy tool permissions without wiping existing session permissions
  • requiring edit permission for output redirection
  • requiring edit permission for sed -i

I also verified this in CI after updating the branch: unit tests, e2e tests, typecheck, and nix-eval are now passing.

Screenshots / recordings

N/A

Checklist

• I have tested my changes locally
• I have not included unrelated changes in this PR

[github-actions]

Hey! Your PR title Fix readonly subagent restrictions being lost after compaction doesn't follow conventional commit format.

Please update it to start with one of:

• feat: or feat(scope): new feature
• fix: or fix(scope): bug fix
• docs: or docs(scope): documentation changes
• chore: or chore(scope): maintenance tasks
• refactor: or refactor(scope): code refactoring
• test: or test(scope): adding or updating tests

Where scope is the package name (e.g., app, desktop, opencode).

See CONTRIBUTING.md for details.

[Haohao-end]

I checked the Nix side locally and this looks unrelated to the changes in this PR.

This PR only touches:

• packages/opencode/src/tool/task.ts
• packages/opencode/src/session/prompt.ts
• packages/opencode/src/tool/bash.ts
• two test files

It does not touch flake.nix, flake.lock, nix/*, or any workflow.

The CI failure is invalid SRI hash 'TnrYykX8Mf/Ugtkix6V', which matches the prefix of the existing nixpkgs narHash already in flake.lock (sha256-TnrYykX8Mf/Ugtkix6V+PjW7miU2yClA6uqWl/v6KWM=). nix flake metadata still shows the full hash correctly.

Also, nix/opencode.nix:28 seems to just be where evaluation forces ${finalAttrs.node_modules} while computing the derivation. That file is not doing any hash parsing or rewriting.

So this seems more like a pre-existing Nix/CI hash truncation issue in the evaluation path, rather than something caused by this PR.

[github-actions]

Thanks for updating your PR! It now meets our contributing guidelines. 👍