fix(extension-agent): keep sub-agent tool permissions independent

[CookSleep]

Summary

• 修复主 Agent 调用 Sub Agent 时，Sub Agent 意外继承父级工具掩码的问题。
• 让 Sub Agent 仅按自身权限配置与工具级 subAgents 规则决定可用工具，避免黑名单模式被父级白名单再次收窄。

Verification

• yarn fast-build extension-agent
• ./node_modules/.bin/tsc --noEmit -p packages/extension-agent/tsconfig.json

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: db721cc3-0c66-40c1-babe-5030e4c39de1

📥 Commits

Reviewing files that changed from the base of the PR and between 086a1f7 and 79f127d.

📒 Files selected for processing (1)

• packages/extension-agent/src/service/sub_agent.ts

---

Walkthrough

移除了子代理工具掩码的本地构建逻辑，转由权限服务的 createSubAgentToolMask 方法负责计算。删除了 buildSubAgentToolMask 和 buildToolMask 辅助函数，简化了掩码获取流程。

Changes

Cohort / File(s)	Summary
工具掩码逻辑重构 packages/extension-agent/src/service/sub_agent.ts	移除本地工具掩码构建逻辑，改为直接调用权限服务的 createSubAgentToolMask 方法计算掩码。删除了 buildSubAgentToolMask 和 buildToolMask 辅助函数，精简代码34行。

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• dingyi222666

Poem

🐰 删除旧代码，权限来指引，
工具掩码不再手工织，
一行代替三十四，
简洁之美显妙笔，
服务调用更清晰。

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	标题清晰准确地总结了主要变更：修复Sub Agent在继承父级工具掩码时的问题，使其权限独立。
Description check	✅ Passed	描述与变更内容相关，说明了修复的问题和期望的行为，提供了验证步骤。

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request simplifies the sub-agent tool mask creation by removing the logic that merged sub-agent masks with parent or configuration-based masks. The review feedback identifies a potential security risk where removing the base mask could allow unauthorized tool access by bypassing session-level permissions. Additionally, the feedback notes a functional regression, as users can no longer restrict sub-agent tools through runtime configuration.