From 775f73348a2abd9a6369ec27f3ba1167f831f855 Mon Sep 17 00:00:00 2001
From: shokollm <270575765+shokollm@users.noreply.github.com>
Date: Thu, 2 Apr 2026 11:15:27 +0000
Subject: [PATCH] fix(kugetsu): update forked session permissions after
 detection

Previously we only fixed base session permissions before forking.
But permissions are NOT inherited from parent to child.

Now we update the newly created session's permissions immediately
after detection, ensuring the forked session can access external
directories like ~/.kugetsu/worktrees/.
---
 skills/kugetsu/scripts/kugetsu | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/skills/kugetsu/scripts/kugetsu b/skills/kugetsu/scripts/kugetsu
index 19c1147..134406f 100755
--- a/skills/kugetsu/scripts/kugetsu
+++ b/skills/kugetsu/scripts/kugetsu
@@ -1319,6 +1319,17 @@ for row in cursor.fetchall():
         exit 1
     fi
 
+    echo "Updating permissions for new session: $new_session_id"
+    python3 -c "
+import sqlite3
+conn = sqlite3.connect('$opencode_db')
+cursor = conn.cursor()
+PERMISSION_JSON = '[{\"permission\":\"question\",\"pattern\":\"*\",\"action\":\"deny\"},{\"permission\":\"plan_enter\",\"pattern\":\"*\",\"action\":\"deny\"},{\"permission\":\"plan_exit\",\"pattern\":\"*\",\"action\":\"deny\"},{\"permission\":\"external_directory\",\"pattern\":\"*\",\"action\":\"allow\"}]'
+cursor.execute('UPDATE session SET permission = ? WHERE id = ?', (PERMISSION_JSON, '$new_session_id'))
+conn.commit()
+print('[OK] Session permissions updated')
+"
+
     if [ "$DEBUG_MODE" = true ]; then
         echo "[DEBUG] Forked session permissions check:"
         python3 -c "