feat: default to full-access mode with hook-based sensitive guards

src/cli/setup/security.ts

@@ -2,10 +2,10 @@ import type { Prompter } from './prompts.js';
 import type { ConfigBuilder } from './config.js';
 
 const TOOL_PROFILES = [
-  { label: 'messaging (recommended)', value: 'messaging' },
-  { label: 'minimal (status only)', value: 'minimal' },
+  { label: 'full (recommended)', value: 'full' },
   { label: 'coding (fs + runtime)', value: 'coding' },
-  { label: 'full (unrestricted)', value: 'full' },
+  { label: 'messaging (read + services, no shell/writes)', value: 'messaging' },
+  { label: 'minimal (status only)', value: 'minimal' },
 ];
 
 const RESEARCH_AGENT_TIERS = [
@@ -35,12 +35,13 @@ export async function setupSecurity(p: Prompter, builder: ConfigBuilder): Promis
 
   p.println();
   p.println('  Tool profiles control which tools the agent can use:');
-  p.println('    full        — all tools available (file, shell, web, memory, messaging)');
+  p.println('    full        — all tools available (file, shell, web, memory, messaging) (default)');
   p.println('    coding      — file system + shell + sessions + memory');
   p.println('    messaging   — read-only + web/memory + connected services (no file writes/shell)');
   p.println('    minimal     — status checks only (read-only, safest)');
   const profile = await p.choose('Tool policy profile:', TOOL_PROFILES);
   builder.setToolProfile(profile);
+  builder.setSensitiveMode('confirm_without_elevation');
 
   p.println();
   p.println('  Research agent adds a dedicated specialist for deep web research.');