fix(background-agent): fix tool permission spread order so agent restrictions are respected

[sjawhar]

Summary

Fixes the tool permission spread order in background task startTask and resume paths so that agent-specific restrictions take priority over defaults.

Problem

In BackgroundManager.startTask() and the resume path, tool permissions were constructed with the defaults coming AFTER the agent restrictions:

// BEFORE (buggy): defaults override restrictions
tools: {
  ...getAgentToolRestrictions(input.agent),  // e.g., explore: { call_omo_agent: false }
  task: false,
  call_omo_agent: true,   // ← stomps the restriction above
  question: false,
}

Due to JS spread semantics, later keys override earlier ones, meaning call_omo_agent: true would always win, even for agents like explore and librarian whose restrictions explicitly set call_omo_agent: false.

The correct pattern already existed in sync-prompt-sender.ts:

// CORRECT: restrictions come last and win
tools: {
  task: allowTask,
  call_omo_agent: true,
  question: false,
  ...getAgentToolRestrictions(input.agentToUse),  // restrictions override defaults
}

Changes

Implementation (src/features/background-agent/manager.ts):

• Reordered tool permission spread in startTask — defaults first, ...getAgentToolRestrictions() last
• Same reorder in the resume path
• Preserved the setSessionTools IIFE wrapper

Tests (src/features/background-agent/manager.test.ts):

• Added 2 new tests in "BackgroundManager - tool permission spread order" describe block
• Captures tools passed to promptWithModelSuggestionRetry via mock
• Verifies call_omo_agent, write, edit are all false for explore agent (matching EXPLORATION_AGENT_DENYLIST)

Context

Runtime logs show explore/librarian agents never actually invoked call_omo_agent despite having access (0 occurrences in 107MB of logs). This is a latent defect fix for correctness — the override contradicted the carefully defined restrictions in agent-tool-restrictions.ts and was inconsistent with the sync path.

Testing

• 93/93 tests pass in manager.test.ts (91 existing + 2 new)
• No regressions

---

Summary by cubic

Fixes tool permission order across background agent launch and resume so agent-specific restrictions override defaults. Restricted agents (e.g., explore) no longer gain call_omo_agent, write, or edit when denied.

• Bug Fixes
  • Reordered tool spread to apply defaults first, then ...getAgentToolRestrictions() in BackgroundManager startTask/resume and spawner startTask.
  • Added tests confirming explore agent sets call_omo_agent, task, write, and edit to false in startTask and resume.

^{Written for commit 025eb14. Summary will update on new commits.}

[cubic-dev-ai]

No issues found across 2 files

Confidence score: 5/5

• Automated review surfaced no issues in the provided summaries.
• No files require special attention.

_{Auto-approved: Tests verify tool restrictions order correctly without introducing regressions; changes are small and reviewed with no issues found.}

[github-actions]

All contributors have signed the CLA. Thank you! ✅
_{Posted by the CLA Assistant Lite bot.}