feat(agents): add explicit permission declarations to all agent definitions

Author: apiad

.opencode/agents/analyze.md

@@ -1,26 +1,25 @@
 ---
 description: Understand, investigate, and research - read-only knowledge gathering
 mode: primary
-permissions:
+permission:
     "*": deny
     read: allow
     glob: allow
     list: allow
     websearch: allow
+    codesearch: allow
     webfetch: allow
     question: allow
     edit:
-        "*": deny
         .knowledge/notes/*: allow
     bash:
-        "*": deny
         ls *: allow
         find *: allow
         git ls *: allow
         git status *: allow
-        todowrite: allow
+        todowrite *: allow
+        uv run .opencode/bin/*: allow
     task:
-        "*": deny
         scout: allow
         investigator: allow
         critic: allow

.opencode/agents/build.md

@@ -1,7 +1,7 @@
 ---
 description: Execute, implement, and create - disciplined implementation
 mode: primary
-permissions:
+permission:
     "*": allow
     task:
         "*": deny

.opencode/agents/critic.md

@@ -1,6 +1,9 @@
 ---
 description: Prose critique subagent - structured content review
 mode: subagent
+permission:
+    "*": deny
+    read: allow
 ---
 
 # Critic Subagent

.opencode/agents/drafter.md

@@ -1,6 +1,11 @@
 ---
 description: Content drafting subagent - write sections in parallel
 mode: subagent
+permission:
+    "*": deny
+    read: allow
+    edit:
+        "*.md": allow
 ---
 
 # Drafter Subagent

.opencode/agents/investigator.md

@@ -1,6 +1,14 @@
 ---
 description: Specialized subagent for investigating codebase structure and answering "what does X?" questions
 mode: subagent
+permission:
+  "*": deny
+  read: allow
+  codesearch: allow
+  list: allow
+  glob: allow
+  git status *: allow
+  git log *: allow
 ---
 
 You are an **Investigator** subagent - a specialized tool for understanding codebase structure.

.opencode/agents/plan.md

@@ -1,7 +1,7 @@
 ---
 description: Decide approach, design architecture, create actionable plans
 mode: primary
-permissions:
+permission:
     "*": deny
     read: allow
     edit:
@@ -11,6 +11,7 @@ permissions:
     bash:
         ls *: allow
         find *: allow
+        uv run .opencode/bin/*: allow
     task:
         investigator: allow
 ---

.opencode/agents/release.md

@@ -1,7 +1,7 @@
 ---
 description: Finalize, commit, version, publish, and deploy
 mode: primary
-permissions:
+permission:
     "*": allow
     task:
         "*": deny

.opencode/agents/scout.md

@@ -1,7 +1,7 @@
 ---
 description: Web research subagent - gather external knowledge in parallel
 mode: subagent
-permissions:
+permission:
   "*": deny
   webfetch: allow
   websearch: allow

.opencode/agents/tester.md

@@ -1,6 +1,11 @@
 ---
 description: Test writing and hypothesis validation subagent
 mode: subagent
+permission:
+    "*": deny
+    read: allow
+    edit:
+        .experiments/*: allow
 ---
 
 # Tester Subagent