feat(safety): gate sensitive tools behind elevation and immutable denylist

src/daemon/routing.ts

@@ -273,6 +273,12 @@ export function createMessageRouter(deps: {
         sender: senderId,
         tier: effectiveTier,
         autonomyLevel: deps.config.agents.autonomy_level ?? 'standard',
+        sensitiveMode: deps.config.agents.sensitive_mode,
+        immutableDenylist: deps.config.agents.immutable_denylist.map((rule) => ({
+          tool: rule.tool,
+          argsPattern: rule.args_pattern,
+          reason: rule.reason,
+        })),
         skillName: activeSkillName,
         skillPermissions: activeSkill?.manifest.permissions,
         allowedSecretScopes: activeSkill?.manifest.permissions?.secrets,

src/daemon/tools.ts

@@ -91,7 +91,14 @@ export function initTools(deps: ToolsDeps): ToolsResult {
     console.log('Browser tools disabled (set browser.enabled=true to register browser.* tools)');
   }
 
-  const toolExecutor = new ToolExecutor(toolRegistry, hookEngine);
+  const toolExecutor = new ToolExecutor(toolRegistry, hookEngine, {
+    sensitiveMode: config.agents.sensitive_mode,
+    immutableDenylist: config.agents.immutable_denylist.map((rule) => ({
+      tool: rule.tool,
+      argsPattern: rule.args_pattern,
+      reason: rule.reason,
+    })),
+  });
 
   // Initialize tool policy from config
   const toolPolicy = new ToolPolicy(config.tools);