refactor(security): unify elevated mode handling across surfaces

docs/plans/state.json

@@ -5756,6 +5756,25 @@
         "docs/plans/state.json"
       ],
       "test_status": "pnpm test:run src/frontends/tui/minimal.test.ts passing"
+    },
+    "elevation-hardening-unification": {
+      "status": "completed",
+      "date": "2026-02-19",
+      "updated": "2026-02-19",
+      "summary": "Unified elevated mode behavior into a shared `src/security/elevation.ts` module and refactored daemon, gateway, native agent, and TUI surfaces to use it. This removes duplicated TTL/expiry parsing and keeps `/elevate` semantics/auditing consistent across execution paths.",
+      "files_modified": [
+        "src/security/elevation.ts",
+        "src/security/elevation.test.ts",
+        "src/daemon/routing.ts",
+        "src/gateway/handlers/agent.ts",
+        "src/backends/native/agent.ts",
+        "src/frontends/tui/minimal.ts",
+        "src/frontends/tui/components/App.tsx",
+        "docs/security/SAFE_PERSONAL_AGENT.md",
+        "docs/plans/2026-02-15-openclaw-gap-roadmap.md",
+        "docs/plans/state.json"
+      ],
+      "test_status": "pnpm test:run src/security/elevation.test.ts src/gateway/handlers/agent.test.ts src/frontends/tui/minimal.test.ts src/backends/native/agent.test.ts src/daemon/routing.test.ts src/commands/builtin/index.test.ts + pnpm typecheck passing"
     }
   },
   "overall_progress": {