diff --git a/skills/kugetsu/scripts/kugetsu b/skills/kugetsu/scripts/kugetsu
index 29348bc..df1b4b9 100755
--- a/skills/kugetsu/scripts/kugetsu
+++ b/skills/kugetsu/scripts/kugetsu
@@ -695,12 +695,16 @@ cmd_env() {
 
 cmd_doctor() {
     local fix=false
+    local fix_permissions=false
     
     while [ $# -gt 0 ]; do
         case "$1" in
             --fix)
                 fix=true
                 ;;
+            --fix-permissions)
+                fix_permissions=true
+                ;;
             *)
                 ;;
         esac
@@ -798,6 +802,52 @@ cmd_doctor() {
             fi
         fi
     fi
+    
+    if [ "$fix_permissions" = true ]; then
+        echo ""
+        echo "Fixing session permissions..."
+        fix_session_permissions
+    fi
+}
+
+fix_session_permissions() {
+    local opencode_db="${OPENCODE_DB:-$HOME/.opencode/opencode.db}"
+    
+    if [ ! -f "$opencode_db" ]; then
+        echo "[ERROR] opencode database not found: $opencode_db"
+        return 1
+    fi
+    
+    local base_session_id=$(get_base_session_id)
+    local pm_agent_session_id=$(get_pm_agent_session_id)
+    
+    local PERMISSION_JSON='[{"permission":"question","pattern":"*","action":"deny"},{"permission":"plan_enter","pattern":"*","action":"deny"},{"permission":"plan_exit","pattern":"*","action":"deny"},{"permission":"external_directory","pattern":"*","action":"allow"}]'
+    
+    if [ -n "$base_session_id" ] && [ "$base_session_id" != "null" ]; then
+        echo "Updating base session permissions: $base_session_id"
+        python3 -c "
+import sqlite3
+conn = sqlite3.connect('$opencode_db')
+cursor = conn.cursor()
+cursor.execute(\"UPDATE session SET permission = ? WHERE id = ?\", ('$PERMISSION_JSON', '$base_session_id'))
+conn.commit()
+print('[OK] Base session permissions updated')
+"
+    fi
+    
+    if [ -n "$pm_agent_session_id" ] && [ "$pm_agent_session_id" != "null" ] && [ "$pm_agent_session_id" != "None" ]; then
+        echo "Updating PM agent session permissions: $pm_agent_session_id"
+        python3 -c "
+import sqlite3
+conn = sqlite3.connect('$opencode_db')
+cursor = conn.cursor()
+cursor.execute(\"UPDATE session SET permission = ? WHERE id = ?\", ('$PERMISSION_JSON', '$pm_agent_session_id'))
+conn.commit()
+print('[OK] PM agent session permissions updated')
+"
+    fi
+    
+    echo "Session permissions fix complete"
 }
 
 DEBUG_MODE=false