diff --git a/packages/core/src/core/agent.ts b/packages/core/src/core/agent.ts
index 435d5f5..8774b82 100644
--- a/packages/core/src/core/agent.ts
+++ b/packages/core/src/core/agent.ts
@@ -17,7 +17,7 @@ import {
   type CompressionConfig,
 } from '../context/index.js';
 import type { AgentInfo, ImageData } from '../agent/types.js';
-import { agentRegistry, AgentExecutor, SystemPrompt } from '../agent/index.js';
+import { agentRegistry, AgentExecutor, SystemPrompt, checkBashPermission } from '../agent/index.js';
 import { loadVisionConfig } from '../utils/config.js';
 import { getProviderRegistry, resolveApiKey } from '../provider/index.js';
 import { getHookManager } from '../hooks/index.js';
@@ -272,6 +272,21 @@ export class Agent {
             finalArgs = beforeOutput.args;
           }
 
+          // Agent 级别的权限检查（在全局权限检查之前）
+          if (tool.name === 'bash' && this.currentAgentMode?.permission?.bash) {
+            const command = finalArgs.command as string;
+            if (command) {
+              const action = checkBashPermission(command, this.currentAgentMode.permission.bash);
+              if (action === 'deny') {
+                return {
+                  success: false,
+                  output: '',
+                  error: `[Agent 权限拒绝] 当前模式 (${this.currentAgentMode.name}) 禁止执行此命令: ${command}`,
+                };
+              }
+            }
+          }
+
           // 执行工具
           const startTime = Date.now();
           let result = await tool.execute(finalArgs);