feat: separate agentMode and permissionMode in API

2026-04-15 06:04:43 +00:00 · 2026-01-24 23:10:25 -08:00 · 2026-01-24 23:10:25 -08:00 · 7e1b63a622
commit 7e1b63a622
parent 46d8028cf7
1 changed files with 20 additions and 4 deletions
--- a/spec.md
+++ b/spec.md
@ -63,15 +63,19 @@ sandbox-daemon sessions get-messages --endpoint xxxx --token xxxx
 POST /agents/{}/install (this will install the agent)
 {}

+GET /agents/{}/modes
+< { modes: [{ id: "build", name: "Build", description: "..." }, ...] }
+
 POST /sessions/{} (will install agent if not already installed)
 >
 {
-	agent:"claud"|"codex"|"opencode",
-	model?:string,
-	variant?:string,
+    agent: "claude" | "codex" | "opencode",
+    agentMode?: string,        // Which agent/behavior: "build", "plan", or custom
+    permissionMode?: "default" | "plan" | "bypass",  // Permission restrictions
+    model?: string,
+    variant?: string,
    token?: string,
    validateToken?: boolean,
-    dangerouslySkipPermissions?: boolean,
    agentVersion?: string
 }
 <
@ -80,6 +84,18 @@ POST /sessions/{} (will install agent if not already installed)
    error?: AgentError
 }

+// agentMode vs permissionMode:
+// - agentMode = what the agent DOES (behavior, system prompt)
+// - permissionMode = what the agent CAN DO (capability restrictions)
+// These are separate concepts. OpenCode has custom agents. Claude has subagent types.
+//
+// Assertions:
+// - agentMode defaults to "build" if not specified
+// - permissionMode defaults to "default" if not specified
+// - permissionMode "plan" = read-only (no writes), agent must use ExitPlanMode to execute
+// - permissionMode "bypass" = skip all permission checks (dangerous)
+// - agentMode "plan" != permissionMode "plan" (one is behavior, one is restriction)
+
 POST /sessions/{}/messages
 {
    message: string