fix(task): enforce permission checks for subagent-to-subagent delegation

Fixes a critical bug where bypassAgentCheck flag (set when user invokes
agents with @ or when prompt resolution creates agent parts) was propagating
to Task tool calls made BY subagents, causing permission rules to be ignored.

Root cause:
- When Task tool creates a subagent session, resolvePromptParts() may create
  "agent" type parts if prompt contains unresolved {file:...} references
- This triggers bypassAgentCheck=true for the entire subagent session
- All subsequent Task calls by that subagent bypass permission checks

Fix:
- Move isSubagent check before permission check
- Always enforce permissions when caller is a subagent, even if
  bypassAgentCheck is set
- Preserves OpenCode's intended behavior: user @ invocation can bypass,
  but subagent-to-subagent delegation always checks permissions

Impact:
- Subagent permission.task rules now work correctly
- User @ invocation bypass still works (OpenCode behavior preserved)
- Fixes reported issue: assistant-sonnet could task any agent despite
  permission rules denying it

Tests: 6/6 passing
Typecheck: Clean

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: NamedIdentity

packages/opencode/src/tool/task.ts

@@ -59,8 +59,13 @@ export const TaskTool = Tool.define("task", async (ctx) => {
     async execute(params: z.infer<typeof parameters>, ctx) {
       const config = await Config.get()
 
+      // Get caller's session to check if this is a subagent calling
+      const callerSession = await Session.get(ctx.sessionID)
+      const isSubagent = callerSession.parentID !== undefined
+
       // Skip permission check when user explicitly invoked via @ or command subtask
-      if (!ctx.extra?.bypassAgentCheck) {
+      // BUT: always check permissions for subagent-to-subagent delegation
+      if (!ctx.extra?.bypassAgentCheck || isSubagent) {
         await ctx.ask({
           permission: "task",
           patterns: [params.subagent_type],
@@ -75,10 +80,6 @@ export const TaskTool = Tool.define("task", async (ctx) => {
       const targetAgent = await Agent.get(params.subagent_type)
       if (!targetAgent) throw new Error(`Unknown agent type: ${params.subagent_type} is not a valid agent type`)
 
-      // Get caller's session to check if this is a subagent calling
-      const callerSession = await Session.get(ctx.sessionID)
-      const isSubagent = callerSession.parentID !== undefined
-
       // Get caller agent info for budget check (ctx.agent is just the name)
       const callerAgentInfo = ctx.agent ? await Agent.get(ctx.agent) : undefined