fix(core): restore permission-aware subagent guidance#36403
Conversation
|
Thanks for your contribution! This PR doesn't have a linked issue. All PRs must reference an existing issue. Please:
See CONTRIBUTING.md for details. |
|
The PR already references Closes #35238, and the issue timeline shows the cross-reference. This targets the non-default v2 branch, so GitHub does not populate closingIssuesReferences; the standards workflow consequently adds needs:issue for V2 PRs (the same behavior is visible on other V2-targeted fixes). A maintainer will need to clear the label or adjust the workflow check for non-default release branches. |
|
@rekram1-node This addresses the remaining model-facing half of #35238 after runtime enforcement landed in #35794. The placement follows the current durable instruction-guidance pattern instead of restoring the removed public request hook; feedback on that V2 direction would be appreciated. |
Issue for this PR
Closes #35238
Type of change
What does this PR do?
V2 already rejects disallowed subagent targets at execution, but the model-facing filtered list disappeared when the public session request hook was removed in 761f373.
This adds a location-scoped SubagentGuidance instruction source. It lists only visible, non-primary agents whose effective per-target subagent rule is not deny, and emits instruction updates when that list changes. The existing runtime assertion remains the hard boundary; regression coverage verifies that a denied target creates no child session while a specifically allowed target still runs.
How did you verify your code works?
Screenshots / recordings
Not applicable; no UI change.
Checklist