claude-code - 💡(How to fix) Fix Agent Teams: subagent crashes with <Box> in <Text> Ink error on sensitive-path Edit/Write [1 participants]

Summary

Claude Code 2.1.117 and 2.1.118 subagents spawned in experimental Agent Teams mode crash with an Ink rendering error whenever the subagent issues an Edit or Write tool call targeting a file inside a "sensitive" path (e.g. .claude/commands/). Crash is reproducible, does not depend on mode: bypassPermissions, and does not fire on Read of the same path — only on Edit/Write.

Reproduction

1. Enable experimental teams: CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1 in ~/.claude/settings.json.
2. Parent session started with --dangerously-skip-permissions.
3. From parent, spawn a subagent via the Agent tool:

   Agent({
     subagent_type: "general-purpose",
     team_name: "<any>",
     name: "<any>"
   })

4. In the spawn prompt, direct the subagent to Edit or Write any file inside .claude/commands/ or another sensitive path.
5. Subagent crashes the moment the tool call is processed.

Error

ERROR  <Box> can't be nested inside <Text> component

  at createInstance (cli.js:495:249)
  at BU (cli.js:477:57938)
  at gTH (cli.js:477:87786)
  at XWH (cli.js:477:86997)
  at bgH (cli.js:477:85896)
  at Ir (cli.js:477:85717)
  at MWH (cli.js:477:82456)
  at T_ (cli.js:477:6497)
  at hH (cli.js:477:4980)
  at eH (cli.js:477:5281)

The Ink host-config createInstance rejects an ink-box created while the parent context has isInsideText: true. Almost certainly a <Box> element nested inside a <Text> wrapper within the sensitive-file Edit confirmation / preview UI component.

Differential matrix (all tested on 2.1.117, same session)

What was ruled out

• Permission prompts. Parent runs with --dangerously-skip-permissions; no prompt fires before the crash.
• Custom statusline. Removing statusLine config did not change behavior.
• Worktree path. Crash fires whether spawn CWD is main repo or worktree.
• Workload volume. Light workloads (single Edit) crash identically to heavy workloads.
• mode: bypassPermissions itself. Non-bypass spawns crash identically on sensitive-path Edit.
• Skill load. Probes that loaded bmad-agent-dev and probes that did not both crash when the Edit targets a sensitive path.

Environment

• Claude Code: 2.1.117 (also reproduces on 2.1.118)
• OS: macOS (Darwin 25.4.0)
• Terminal: tmux (subagents use backendType: "tmux")
• Experimental feature: CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1

Workaround

Parent session performs edits on sensitive paths. Team subagents are restricted to edits on non-sensitive paths (code, docs, tests). Reviewer subagents (Read-only) remain safe.

Impact

Blocks any workflow where team subagents must edit Claude Code config files (.claude/commands/, .claude/skills/, ~/.claude/settings.json, etc.). Because experimental Agent Teams is foundational to multi-agent pipelines, this bug blocks self-modifying pipeline rewrites and similar infrastructure work.

Likely area to inspect

The JSX rendering the sensitive-file Edit confirmation/preview in the subagent TUI. Most likely a <Box> placed inside a <Text> parent, only reachable when isSensitivePath(target) is true. Read paths are fine, so the bug is specifically in the Edit/Write confirmation render path, not the tool itself.