refactor(security): unify elevated mode handling across surfaces

docs/plans/2026-02-15-openclaw-gap-roadmap.md

@@ -38,10 +38,10 @@ A gap item is considered implemented when:
 
 - QMD backend (experimental) — completed on 2026-02-16
 
-### Security (MISSING)
+### Security
 
-- Skill/plugin code safety scanner (static analysis)
-- Elevated mode (explicit host-exec escape hatch)
+- Skill/plugin code safety scanner (static analysis) — completed on 2026-02-16
+- Elevated mode (explicit host-exec escape hatch) — completed on 2026-02-16, hardening pass completed on 2026-02-19 (shared elevation module + parity refactor)
 
 ### Skills Ecosystem (MISSING)
 
@@ -246,6 +246,8 @@ Optional second insertion:
 
 ## Milestone 4 (P2): Elevated Mode (Break Glass)
 
+Status: completed (2026-02-16), hardened and unified on 2026-02-19.
+
 ### Scope
 
 Add a user-visible, auditable, time-bounded mechanism to permit host execution of high-risk tools.
@@ -265,6 +267,7 @@ Constraints:
 ### Tests
 
 - Unit tests for TTL expiry and denial without elevation.
+- Cross-surface parity tests for command behavior (`daemon`/`gateway`/`tui`) and shared helper tests (`src/security/elevation.test.ts`).
 
 ---
 
@@ -329,9 +332,6 @@ These are substantial UX/ecosystem projects or highly platform-specific; defer u
 
 ## Suggested Next Execution Order
 
-1) Credential System v2 (API + OAuth/token)
-2) Vercel AI Gateway provider
-3) Skill safety scanner
-4) Elevated mode
-5) Matrix adapter
-6) Deployment targets
+1) Auth profile rotation/stickiness before provider fallback
+2) Queue/run-control polish (interrupt preemption telemetry + UX)
+3) Daily memory continuity tuning (if continuity quality is still lacking)