permission-overlay-inheritance
Layer child permission rules over parent session policy without dropping root-level grants or mutating shared state.
What it does
SKILL: Permission Overlay Inheritance
Domain: permission-gating Trigger: Apply when a subagent or nested workflow needs a narrower permission contract but must still inherit the parent session's top-level grants. Source Pattern: Distilled from reviewed subagent orchestration, isolation, and lifecycle implementations.
Core Method
Start from the current app state, then derive a child-specific permission view by overlaying only the fields the child actually owns: permission mode, promptability flags, session-scoped allow rules, and effort level. Preserve parent bypass and SDK-level permissions so nested agents cannot accidentally weaken operator intent, and return the original state unchanged when no overlay is needed. This keeps permission inheritance explicit, composable, and side-effect-free.
Key Rules
- Treat the parent permission context as the base contract; never mutate it in place when preparing a child view.
- Allow child permission modes only when they do not override stronger parent modes like bypass permissions or accept edits.
- Preserve root or CLI-supplied allow rules while replacing only the session-scoped rules the child explicitly owns.
- Derive prompt-suppression flags from runtime reality, such as async execution or an explicit can show permission prompts override.
Example Application
If a background review agent should only use Read and Grep while the main session still has broader CLI-granted access, build its permission context as an overlay so the child narrows its own session rules without discarding the root-level contract.
Anti-Patterns (What NOT to do)
- Do not copy the parent permission object and then mutate shared references; later agents will inherit unintended changes.
- Do not wipe all inherited allow rules when a child provides allowed tools; preserve the parent layer that came from explicit operator input.
Capabilities
Install
Quality
deterministic score 0.47 from registry signals: · indexed on github topic:agent-skills · 34 github stars · SKILL.md body (1,904 chars)