perf: unify approval profile and mode

Author: voocel

README.md

@@ -33,7 +33,7 @@ Each layer has one job. No layer knows about the layers above it.
 - Model and thinking level restored per session
 
 **Security**
-- Three profiles: `strict` / `balanced` / `off`
+- Four permission modes: `strict` / `balanced` / `accept-edits` / `trust`
 - Dangerous command blocking (rm -rf, sudo, dd, ...)
 - Workspace-scoped file access
 - JSON audit log for every tool decision
@@ -112,15 +112,15 @@ echo "explain main.go" | codebot -p
 codebot -c
 
 # Strict security
-codebot -policy-profile strict
+codebot --mode strict
 ```
 
 ## Design Principles
 
 1. **Reuse before reinvent** — agentcore does the agent loop, codebot doesn't redo it
 2. **No premature abstraction** — every interface has at least two real callers
 3. **Convention over configuration** — sensible defaults, explicit overrides
-4. **Secure by default** — balanced policy, audit trail, workspace boundaries
+4. **Secure by default** — balanced mode, audit trail, workspace boundaries
 
 ## Configuration
 

README_zh.md

@@ -33,7 +33,7 @@
 - 模型和思考级别按会话保存
 
 **安全**
-- 三种策略：`strict` / `balanced` / `off`
+- 四种权限模式：`strict` / `balanced` / `accept-edits` / `trust`
 - 危险命令拦截（rm -rf, sudo, dd, ...）
 - 工作区范围的文件访问控制
 - 每次工具决策的 JSON 审计日志
@@ -112,15 +112,15 @@ echo "explain main.go" | codebot -p
 codebot -c
 
 # 严格安全策略
-codebot -policy-profile strict
+codebot --mode strict
 ```
 
 ## 设计原则
 
 1. **复用优先** — agentcore 做 Agent 循环，codebot 不重复造轮子
 2. **拒绝过早抽象** — 每个接口至少有两个真实调用者
 3. **约定优于配置** — 合理默认值，显式覆盖
-4. **默认安全** — balanced 策略、审计追踪、工作区边界
+4. **默认安全** — balanced 模式、审计追踪、工作区边界
 
 ## 配置
 

cmd/codebot/main.go

@@ -4,9 +4,7 @@ import (
 	"flag"
 	"fmt"
 	"os"
-	"strings"
 
-	"github.com/voocel/codebot/internal/approval"
 	"github.com/voocel/codebot/internal/bootstrap"
 	"github.com/voocel/codebot/internal/config"
 	"github.com/voocel/codebot/internal/ui"
@@ -25,9 +23,7 @@ func main() {
 	jsonFlag := flag.Bool("json", false, "JSON output mode (implies -p)")
 	continueFlag := flag.Bool("c", false, "Continue most recent session")
 	resumeFlag := flag.Bool("r", false, "Select a session to resume")
-	approvalProfileFlag := flag.String("approval-profile", "balanced", "Approval profile: strict, balanced, off")
-	modeFlag := flag.String("mode", "normal", "Permission mode: normal, accept-edits, trust")
-	trustFlag := flag.Bool("trust", false, "Start in trust mode (skip approval prompts, deny rules still enforced)")
+	modeFlag := flag.String("mode", "balanced", "Permission mode: strict, balanced, accept-edits, trust")
 	flag.Parse()
 
 	if *versionFlag {
@@ -38,27 +34,17 @@ func main() {
 	printMode := *printFlag || *jsonFlag
 
 	rt, err := bootstrap.Boot(bootstrap.Options{
-		Continue:        *continueFlag,
-		Resume:          *resumeFlag,
-		NonTTYMode:      printMode,
-		ApprovalProfile: *approvalProfileFlag,
+		Continue:     *continueFlag,
+		Resume:       *resumeFlag,
+		NonTTYMode:   printMode,
+		ApprovalMode: *modeFlag,
 	})
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "boot error: %v\n", err)
 		os.Exit(1)
 	}
 	defer rt.Close()
 
-	if rt.ApprovalEngine != nil {
-		switch {
-		case *trustFlag:
-			rt.ApprovalEngine.SetMode(approval.ModeTrust)
-		case *modeFlag != "normal":
-			m := strings.ReplaceAll(*modeFlag, "-", "_")
-			rt.ApprovalEngine.SetMode(approval.Mode(m))
-		}
-	}
-
 	if printMode {
 		if err := ui.RunPrint(rt.Session, flag.Args(), *jsonFlag); err != nil {
 			fmt.Fprintf(os.Stderr, "error: %v\n", err)

internal/approval/engine.go

@@ -14,7 +14,8 @@ import (
 type Mode string
 
 const (
-	ModeNormal      Mode = "normal"
+	ModeStrict      Mode = "strict"
+	ModeBalanced    Mode = "balanced"
 	ModeAcceptEdits Mode = "accept_edits"
 	ModeTrust       Mode = "trust"
 	ModePlan        Mode = "plan" // 兼容旧调用；新代码应使用 SetPlanMode
@@ -82,7 +83,6 @@ type HookRequest struct {
 
 type AuditEntry struct {
 	Time       time.Time
-	Profile    Profile
 	Mode       Mode
 	PlanMode   bool
 	Tool       string
@@ -101,7 +101,6 @@ type FilesystemRoots struct {
 type Engine struct {
 	workspace string
 	fsRoots   FilesystemRoots
-	profile   Profile
 	rules     *RuleSet
 
 	mu           sync.RWMutex
@@ -115,7 +114,7 @@ type Engine struct {
 	toolMeta     map[string]ToolMetadata
 }
 
-func NewEngine(cwd string, profile Profile, rules *RuleSet, onAudit func(AuditEntry)) (*Engine, error) {
+func NewEngine(cwd string, mode Mode, rules *RuleSet, onAudit func(AuditEntry)) (*Engine, error) {
 	store, err := NewStore(config.ApprovalsPath(cwd))
 	if err != nil {
 		return nil, fmt.Errorf("load approvals: %w", err)
@@ -126,9 +125,8 @@ func NewEngine(cwd string, profile Profile, rules *RuleSet, onAudit func(AuditEn
 			ReadRoots:  []string{cwd},
 			WriteRoots: []string{cwd},
 		},
-		profile:      profile,
 		rules:        rules,
-		mode:         ModeNormal,
+		mode:         mode,
 		sessionAllow: make(map[string]storedEntry),
 		store:        store,
 		onAudit:      onAudit,
@@ -311,7 +309,7 @@ const (
 )
 
 func (e *Engine) decide(info toolInfo, mode Mode, planMode bool) (ruleAction, string) {
-	// Deny rules have highest priority — override even ProfileOff and cached approvals.
+	// Deny rules have highest priority — override everything.
 	var ruleResult ruleAction
 	var ruleMatched bool
 	if e.rules != nil {
@@ -321,8 +319,7 @@ func (e *Engine) decide(info toolInfo, mode Mode, planMode bool) (ruleAction, st
 		}
 	}
 
-	// Paths outside configured roots always require explicit approval,
-	// regardless of profile, skill allows, or cached approvals.
+	// Paths outside configured roots always require explicit approval.
 	if info.outsideRoots {
 		return ruleAsk, info.reason
 	}
@@ -337,19 +334,16 @@ func (e *Engine) decide(info toolInfo, mode Mode, planMode bool) (ruleAction, st
 		}
 	}
 
-	if e.profile == ProfileOff {
-		return ruleAllow, ""
-	}
-
 	if e.allowed(info.key) || e.allowedSession(info.capability) {
 		return ruleAllow, ""
 	}
 
-	// Allow rules take precedence over mode/profile defaults.
+	// Allow rules take precedence over mode defaults.
 	if ruleMatched && ruleResult == ruleAllow {
 		return ruleAllow, "allowed by permission rule"
 	}
 
+	// Plan mode enforces read-only regardless of mode.
 	if planMode {
 		switch info.capability {
 		case CapRead, CapInternal:
@@ -358,31 +352,33 @@ func (e *Engine) decide(info toolInfo, mode Mode, planMode bool) (ruleAction, st
 			return ruleDeny, "plan mode is read-only"
 		}
 	}
-	if mode == ModeTrust {
-		return ruleAllow, ""
-	}
-	if mode == ModeAcceptEdits && info.capability == CapWrite {
-		return ruleAllow, "auto-approved in accept-edits mode"
-	}
 
-	switch e.profile {
-	case ProfileStrict:
+	// Mode-based decisions (strict → balanced → accept-edits → trust).
+	switch mode {
+	case ModeTrust:
+		return ruleAllow, ""
+	case ModeAcceptEdits:
+		switch info.capability {
+		case CapRead, CapInternal, CapWrite:
+			return ruleAllow, ""
+		default:
+			return ruleAsk, "approval required for side effects"
+		}
+	case ModeStrict:
 		switch info.capability {
 		case CapRead, CapInternal:
 			return ruleAllow, ""
 		case CapWrite:
-			return ruleAsk, "strict profile requires approval for writes"
+			return ruleAsk, "strict mode requires approval for writes"
 		default:
-			return ruleDeny, "strict profile denies this capability"
+			return ruleDeny, "strict mode denies this capability"
 		}
-	default:
+	default: // ModeBalanced
 		switch info.capability {
 		case CapRead, CapInternal:
 			return ruleAllow, ""
-		case CapWrite, CapExec, CapHook, CapNetwork, CapSubagent, CapUnknown:
-			return ruleAsk, "approval required for side effects"
 		default:
-			return ruleAsk, "approval required"
+			return ruleAsk, "approval required for side effects"
 		}
 	}
 }
@@ -498,7 +494,6 @@ func (e *Engine) audit(info toolInfo, mode Mode, planMode bool, decision string,
 	}
 	e.onAudit(AuditEntry{
 		Time:       time.Now(),
-		Profile:    e.profile,
 		Mode:       mode,
 		PlanMode:   planMode,
 		Tool:       info.tool,