feat(ai-chat): expand safe-bash list, scoped sidebar dark overrides, plan overlay css

* Safe-bash classifier in claude-code-agent.js now splits commands
  on `;`, `&&`, `||` and accepts the chain if every segment matches
  a safe pattern, so `git status && git log -5` and
  `sleep 1; echo done` no longer prompt. `sleep` (numeric durations)
  joins the allowlist. Process substitution (`$(...)`, backticks),
  redirection (`<`, `>`) and pipes (`|`) still fall through to a
  user prompt — chained destructive ops can't piggy-back on a safe
  prefix.

* New scoped overrides at the bottom of Extn-AIChatPanel.less
  neutralise Bootstrap's .btn / .btn-primary / .btn-secondary skins
  and add dark-theme defaults for inputs/textareas/selects inside
  .ai-chat-panel, so the always-dark sidebar renders identically in
  light and dark editor themes.

* Plan-card maximize: .ai-plan-maximize-btn (muted button flush
  right of the header) plus .ai-plan-fullscreen-overlay (fixed,
  z-index 10001, dark backdrop, 960px card with the same plan
  chrome). Strings AI_CHAT_PLAN_MAXIMIZE and
  AI_CHAT_PLAN_CLOSE_FULLSCREEN.

* First-time Full Auto warning strings:
  AI_CHAT_FULL_AUTO_WARNING_TITLE / _BODY / _PROCEED.

Author: abose

src-node/claude-code-agent.js

@@ -117,10 +117,10 @@ function _isToolResponseError(toolResponse) {
 // Bash commands the agent can run without prompting the user in Edit
 // Mode. Mirrors the CLI's default "permissions.allow" set
 // (cli.js:2925) plus a small handful of universally read-only shell
-// utilities. Shell-composition characters (`;`, `&&`, `||`, backticks,
-// pipes, redirection, command substitution) trip the safety belt
-// below — without that check `git status; rm -rf /` would slip through
-// since the prefix matches.
+// utilities. The safety belt in _isSafeReadOnlyBash splits on
+// `;` / `&&` / `||` and checks every segment, so chaining safe
+// commands (e.g. `git status && git log`, `sleep 1; echo done`)
+// works while `git status; rm -rf /` correctly falls through.
 const _SAFE_BASH_PATTERNS = [
     // git read-only
     /^git\s+status(\s|$)/,
@@ -143,6 +143,9 @@ const _SAFE_BASH_PATTERNS = [
     /^wc(\s|$)/,
     /^file\s/,
     /^stat\s/,
+    // numeric-only sleep — no `sleep $(...)` since process substitution
+    // is rejected separately, but be explicit so `sleep $VAR` also fails.
+    /^sleep\s+\d+(\.\d+)?$/,
     // version probes
     /^node\s+--version$/,
     /^npm\s+--version$/,
@@ -153,12 +156,19 @@ const _SAFE_BASH_PATTERNS = [
 function _isSafeReadOnlyBash(rawCmd) {
     const cmd = (rawCmd || "").trim();
     if (!cmd) { return false; }
-    // Reject anything that could chain a destructive op via shell
-    // composition: `;` `&&` `||` `|` backticks `$(...)` `<` `>`.
-    // The CLI's parser handles these; we keep matching simple by
-    // refusing to bypass the prompt if any of them are present.
-    if (/[;&|`$()<>]/.test(cmd)) { return false; }
-    return _SAFE_BASH_PATTERNS.some(function (rx) { return rx.test(cmd); });
+    // Reject command/process substitution, redirection, and pipes —
+    // these can hide arbitrary commands or send output to dangerous
+    // places. Backticks, `$(...)`, `<`, `>`, `|`. Plain `$VAR` is
+    // allowed (substitution-without-command).
+    if (/[`<>|]|\$\(/.test(cmd)) { return false; }
+    // Split on `;`, `&&`, `||` and verify EVERY segment matches a safe
+    // pattern. Quotes around delimiters are not handled — a command
+    // like `echo "a; b"` will split mid-string and fail safe-check
+    // (which is fine: false negatives are OK, false positives are not).
+    const segments = cmd.split(/\s*(?:;|&&|\|\|)\s*/).filter(Boolean);
+    return segments.every(function (seg) {
+        return _SAFE_BASH_PATTERNS.some(function (rx) { return rx.test(seg); });
+    });
 }
 
 /**

src/nls/root/strings.js

@@ -2223,6 +2223,9 @@ define({
     "AI_CHAT_FILE_NOT_FOUND_MSG": "Could not open <span class=\"dialog-filename\">{0}</span>. The file may have been moved or deleted.",
     "AI_CHAT_UNDO_RESTORE_WARNING_TITLE": "AI Undo & Restore",
     "AI_CHAT_UNDO_RESTORE_WARNING_BODY": "This will only undo changes made by the AI. Changes made outside the AI won’t be restored and may be lost. For full version history, use version control like Git.",
+    "AI_CHAT_FULL_AUTO_WARNING_TITLE": "Switch to Full Auto Mode?",
+    "AI_CHAT_FULL_AUTO_WARNING_BODY": "Full Auto mode lets the AI run any tool — Bash commands, file edits, file deletions, web fetches — without asking you first.<br><br>This is convenient for trusted scratch projects, but can be risky: a misjudged step could overwrite or delete files, run a destructive shell command, or push unintended changes. Use version control (Git) so you can recover if something goes wrong.<br><br>Only enable Full Auto in projects you trust. You can switch back to Edit Mode at any time using <kbd>Shift+Tab</kbd> or by clicking the mode bar.",
+    "AI_CHAT_FULL_AUTO_WARNING_PROCEED": "Enable Full Auto",
     "AI_CHAT_SHOW_DIFF": "Show diff",
     "AI_CHAT_HIDE_DIFF": "Hide diff",
     "AI_CHAT_DIFF_MORE_TITLE": "Diff options",
@@ -2249,6 +2252,8 @@ define({
     "AI_CHAT_TOOL_TASK_NAME": "Subagent: {0}",
     "AI_CHAT_TOOL_PLANNING": "Planning",
     "AI_CHAT_PLAN_TITLE": "Proposed Plan",
+    "AI_CHAT_PLAN_MAXIMIZE": "Open plan in full screen",
+    "AI_CHAT_PLAN_CLOSE_FULLSCREEN": "Close (Esc)",
     "AI_CHAT_PLAN_APPROVE": "Approve",
     "AI_CHAT_PLAN_REVISE": "Revise",
     "AI_CHAT_PLAN_FEEDBACK_PLACEHOLDER": "What would you like changed?",

src/styles/Extn-AIChatPanel.less

@@ -1365,6 +1365,94 @@
     font-weight: 600;
 }
 
+// Maximize button on the plan header — sits flush right via auto
+// margin so the title and icon stay left-aligned. Same muted look as
+// the diff toggle / more menu so it reads as a quiet affordance.
+.ai-plan-maximize-btn {
+    margin-left: auto;
+    background: none;
+    border: none;
+    color: #6b9eff;
+    font-size: @ai-text-secondary;
+    line-height: 1;
+    padding: 2px 6px;
+    border-radius: 4px;
+    cursor: pointer;
+    opacity: 0.65;
+    transition: opacity 0.15s ease, background-color 0.15s ease;
+
+    &:hover {
+        opacity: 1;
+        background-color: rgba(107, 158, 255, 0.15);
+    }
+}
+
+// Fullscreen plan overlay — covers the whole window (over the editor,
+// not just the AI panel). z-index above modal dialogs so a long plan
+// is readable in detail without horizontal cramping.
+.ai-plan-fullscreen-overlay {
+    position: fixed;
+    top: 0;
+    left: 0;
+    right: 0;
+    bottom: 0;
+    z-index: 10001;
+    background: rgba(0, 0, 0, 0.72);
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    padding: 24px;
+    -webkit-user-select: text;
+    -moz-user-select: text;
+    user-select: text;
+
+    .ai-plan-fullscreen-card {
+        // Same chrome as the inline plan card so the maximized view is
+        // a faithful magnification, not a different surface.
+        width: min(960px, 96vw);
+        max-height: 92vh;
+        display: flex;
+        flex-direction: column;
+        background-color: rgba(40, 44, 52, 0.98);
+        border: 1px solid rgba(107, 158, 255, 0.35);
+        border-radius: 8px;
+        overflow: hidden;
+        box-shadow: 0 8px 40px rgba(0, 0, 0, 0.6);
+
+        .ai-plan-header {
+            flex-shrink: 0;
+        }
+
+        .ai-plan-body {
+            // Override the inline card's max-height — in fullscreen we
+            // want the body to consume the remaining card height.
+            max-height: none;
+            flex: 1 1 auto;
+            overflow-y: auto;
+            padding: 22px 28px;
+        }
+    }
+
+    .ai-plan-fullscreen-close {
+        margin-left: auto;
+        background: none;
+        border: none;
+        color: #6b9eff;
+        font-size: @ai-text-body;
+        line-height: 1;
+        padding: 2px 8px;
+        border-radius: 4px;
+        cursor: pointer;
+        opacity: 0.7;
+        transition: opacity 0.15s ease, background-color 0.15s ease;
+
+        &:hover {
+            opacity: 1;
+            background-color: rgba(107, 158, 255, 0.15);
+        }
+    }
+}
+
 .ai-plan-body {
     padding: 14px 16px;
     font-size: @ai-text-body;
@@ -2745,3 +2833,62 @@
     text-align: center;
 }
 
+/* ── Sidebar-is-always-dark overrides ───────────────────────────────── */
+/* The AI panel renders against a fixed dark sidebar background. Both
+   Bootstrap's stock .btn skins AND Phoenix's light-theme overrides of
+   them paint badly here in light editor themes. Neutralise the skins
+   inside the panel so the AI panel's own per-element rules
+   (.ai-plan-approve-btn, .ai-plan-revise-btn, .ai-plan-feedback-send,
+   etc.) own the look — and that look is identical in both themes. */
+.ai-chat-panel {
+    .btn,
+    .btn:hover,
+    .btn:focus,
+    .btn:active,
+    .btn-primary,
+    .btn-primary:hover,
+    .btn-primary:focus,
+    .btn-primary:active,
+    .btn-secondary,
+    .btn-secondary:hover,
+    .btn-secondary:focus,
+    .btn-secondary:active {
+        background: none;
+        background-color: transparent;
+        background-image: none;
+        border-color: transparent;
+        box-shadow: none;
+        text-shadow: none;
+        color: inherit;
+    }
+
+    /* Inputs and textareas — same story. The chat textarea has its own
+       per-class style; this is the safety net for any other input we
+       drop in (plan feedback textarea today, future ones tomorrow). */
+    input[type="text"],
+    input[type="search"],
+    input[type="email"],
+    input[type="password"],
+    input[type="number"],
+    select,
+    textarea {
+        background-color: rgba(255, 255, 255, 0.04);
+        color: @project-panel-text-1;
+        border: 1px solid rgba(255, 255, 255, 0.12);
+        border-radius: 4px;
+        box-shadow: none;
+
+        &:focus {
+            background-color: rgba(255, 255, 255, 0.06);
+            border-color: rgba(107, 158, 255, 0.4);
+            outline: none;
+            box-shadow: none;
+        }
+
+        &::placeholder {
+            color: @project-panel-text-2;
+            opacity: 0.6;
+        }
+    }
+}
+