feat(safety): gate sensitive tools behind elevation and immutable denylist

src/config/schema.test.ts

@@ -1395,6 +1395,13 @@ describe('configSchema — agents truthfulness/autonomy', () => {
     const result = configSchema.parse(minimalConfig);
     expect(result.agents.truthfulness_mode).toBe('standard');
     expect(result.agents.autonomy_level).toBe('standard');
+    expect(result.agents.sensitive_mode).toBe('deny_without_elevation');
+    expect(result.agents.immutable_denylist).toEqual(
+      expect.arrayContaining([
+        expect.objectContaining({ tool: 'shell.exec', args_pattern: 'git push origin main' }),
+        expect.objectContaining({ tool: 'shell.exec', args_pattern: 'git reset --hard' }),
+      ]),
+    );
   });
 
   it('accepts explicit truthfulness and autonomy modes', () => {
@@ -1403,11 +1410,19 @@ describe('configSchema — agents truthfulness/autonomy', () => {
       agents: {
         truthfulness_mode: 'strict',
         autonomy_level: 'conservative',
+        sensitive_mode: 'confirm_without_elevation',
+        immutable_denylist: [
+          { tool: 'shell.exec', args_pattern: 'rm -rf /', reason: 'too destructive' },
+        ],
       },
     });
 
     expect(result.agents.truthfulness_mode).toBe('strict');
     expect(result.agents.autonomy_level).toBe('conservative');
+    expect(result.agents.sensitive_mode).toBe('confirm_without_elevation');
+    expect(result.agents.immutable_denylist).toEqual([
+      { tool: 'shell.exec', args_pattern: 'rm -rf /', reason: 'too destructive' },
+    ]);
   });
 
   it('rejects invalid truthfulness_mode', () => {
@@ -1427,6 +1442,15 @@ describe('configSchema — agents truthfulness/autonomy', () => {
       },
     })).toThrow();
   });
+
+  it('rejects invalid sensitive_mode', () => {
+    expect(() => configSchema.parse({
+      ...minimalConfig,
+      agents: {
+        sensitive_mode: 'allow_everything',
+      },
+    })).toThrow();
+  });
 });
 
 describe('configSchema — skills registry source', () => {