From 3dd80889a50493b8efcf5736b9a11d13690db2e4 Mon Sep 17 00:00:00 2001
From: YeonGyu-Kim <code.yeon.gyu@gmail.com>
Date: Wed, 28 Jan 2026 17:35:25 +0900
Subject: [PATCH] fix(tools): add permission field to session.create() for
 consistency (#1192) (#1199)

- Add permission field to look_at and call_omo_agent session.create()
- Match pattern used in delegate_task and background-agent
- Add better error messages for Unauthorized failures
- Provide actionable guidance in error messages

This addresses potential session creation failures by ensuring
consistent session configuration across all tools that create
child sessions.
---
 src/tools/call-omo-agent/tools.ts | 16 +++++++++++++++-
 src/tools/look-at/tools.ts        | 16 +++++++++++++++-
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/src/tools/call-omo-agent/tools.ts b/src/tools/call-omo-agent/tools.ts
index 373e27709..7de7ff310 100644
--- a/src/tools/call-omo-agent/tools.ts
+++ b/src/tools/call-omo-agent/tools.ts
@@ -163,7 +163,10 @@ async function executeSync(
       body: {
         parentID: toolContext.sessionID,
         title: `${args.description} (@${args.subagent_type} subagent)`,
-      },
+        permission: [
+          { permission: "question", action: "deny" as const, pattern: "*" },
+        ],
+      } as any,
       query: {
         directory: parentDirectory,
       },
@@ -171,6 +174,17 @@ async function executeSync(
 
     if (createResult.error) {
       log(`[call_omo_agent] Session create error:`, createResult.error)
+      const errorStr = String(createResult.error)
+      if (errorStr.toLowerCase().includes("unauthorized")) {
+        return `Error: Failed to create session (Unauthorized). This may be due to:
+1. OAuth token restrictions (e.g., Claude Code credentials are restricted to Claude Code only)
+2. Provider authentication issues
+3. Session permission inheritance problems
+
+Try using a different provider or API key authentication.
+
+Original error: ${createResult.error}`
+      }
       return `Error: Failed to create session: ${createResult.error}`
     }
 
diff --git a/src/tools/look-at/tools.ts b/src/tools/look-at/tools.ts
index 99b34268c..dea499a7f 100644
--- a/src/tools/look-at/tools.ts
+++ b/src/tools/look-at/tools.ts
@@ -102,7 +102,10 @@ If the requested information is not found, clearly state what is missing.`
         body: {
           parentID: toolContext.sessionID,
           title: `look_at: ${args.goal.substring(0, 50)}`,
-        },
+          permission: [
+            { permission: "question", action: "deny" as const, pattern: "*" },
+          ],
+        } as any,
         query: {
           directory: parentDirectory,
         },
@@ -110,6 +113,17 @@ If the requested information is not found, clearly state what is missing.`
 
       if (createResult.error) {
         log(`[look_at] Session create error:`, createResult.error)
+        const errorStr = String(createResult.error)
+        if (errorStr.toLowerCase().includes("unauthorized")) {
+          return `Error: Failed to create session (Unauthorized). This may be due to:
+1. OAuth token restrictions (e.g., Claude Code credentials are restricted to Claude Code only)
+2. Provider authentication issues
+3. Session permission inheritance problems
+
+Try using a different provider or API key authentication.
+
+Original error: ${createResult.error}`
+        }
         return `Error: Failed to create session: ${createResult.error}`
       }