fix(security): define explicit permissionMode for all AIOS core agents

[riaworks]

Summary

Define explicit permissionMode for all 12 AIOS core agents that previously had none, ensuring a consistent security posture across the agent fleet.

Context

Squad agents (chiefs, design-system, etc.) all had explicit permissionMode defined, but the 12 core AIOS agents did not. This created an inconsistency where some agents had clear permission boundaries and others inherited an implicit default.

Permission Matrix

Mode	Agents	Rationale
bypassPermissions	dev, devops, data-engineer, aios-master	High-risk agents that execute code autonomously, run git operations, or manage DDL
acceptEdits	qa, architect, ux-design-expert, squad-creator	Medium-risk agents that write files (tests, docs, components, definitions)
default	po, pm, sm, analyst	Low-risk agents focused on read-heavy operations (stories, PRDs, research)

Files Changed

12 agent files in .claude/agents/ — each received a single permissionMode: line addition in frontmatter.

Test plan

• All agents activate correctly with their new permissionMode
• dev and devops can execute without permission prompts
• qa and architect can edit files without bash prompts
• po, pm, sm, analyst prompt for destructive operations

🤖 Generated with Claude Code

[vercel]

@riaworks is attempting to deploy a commit to the Pedro Valério Lopez's projects Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

Note

Reviews paused

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

🗂️ Base branches to auto review (1)

• main

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[riaworks]

CodeRabbit review is running on the fork PR: riaworks#6
Review results will be validated there before requesting merge here.

@coderabbitai ignore

[coderabbitai]

@riaworks, understood! I'll pause reviews on this PR. You can validate the changes on your fork PR first, and when you're ready for me to review here, just mention me with "@coderabbitai resume" or use the "resume" command.

---

🧠 Learnings used

Learnt from: CR
Repo: SynkraAI/aios-core PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-15T19:15:34.768Z
Learning: Follow `.aios-core/constitution.md` as the source of truth for agent behavior, including principles: CLI First, Agent Authority, Story-Driven Development, No Invention, Quality First, and Absolute Imports

✅ Actions performed

Reviews paused.

[Pedrovaleriolopez]

Thank you @riaworks for this excellent security improvement! 🔒

However, we're closing this PR because the changes have been superseded by our AGF-6/7 agent architecture refactoring (currently in progress on a separate branch):

1. Files renamed: The agent stubs (devops.md, dev.md, etc.) have been renamed to aios-devops.md, aios-dev.md, etc.
2. permissionMode already defined: All 28+ agent definitions now include explicit permissionMode in the new architecture.
3. Values aligned: The autonomous agent design uses bypassPermissions for spawned agents (correct for Task tool usage).

Your security audit correctly identified the missing permissionMode field — the fix was incorporated into the AGF-6/7 refactoring. Thank you for the thorough analysis!

[Story NOG-17]