#23752: Auto-reply: enforce per-session TTL elevated exec grants

## Summary - add explicit per-session elevated tool grants (`sessionEntry.elevatedGrants`) with per-tool keying and expiry - add `tools.elevated.ttlMs` (global + agent override) to control elevated grant lifetime (default 120s) - persist/clear exec grants when `/elevated on|ask|full|off` directives are used (both directive-only and mixed-message paths) - resolve effective elevated exec level from active grants for persisted session overrides, while still honoring inline directives immediately - keep explicit `/elevated off` sticky as an override and fail closed when grants are expired - add unit coverage for grant set/clear, expiry, and effective-level resolution ## Testing - pnpm check - pnpm vitest run --config vitest.unit.config.ts src/auto-reply/reply/reply-elevated.exec-grants.test.ts - pnpm vitest run --config vitest.unit.config.ts src/auto-reply/reply.directive.directive-behavior.shows-current-elevated-level-as-off-after.test.ts - pnpm vitest run --config vitest.unit.config.ts src/auto-reply/reply.triggers.trigger-handling.allows-approved-sender-toggle-elevated-mode.test.ts <!-- greptile_comment --> <h3>Greptile Summary</h3> Adds per-session TTL-gated elevated exec grants to the auto-reply system. When a user issues `/elevated on|ask|full`, a time-bounded grant is stored on the session entry (keyed by tool name) alongside the persisted `elevatedLevel`. The new `resolveEffectiveElevatedExecLevel` function serves as the single authority for computing the effective elevated level, unifying directive-only, session-persisted, and fallback paths. Grants expire after a configurable TTL (`tools.elevated.ttlMs`, default 120s, clamped to 10s–15min), at which point the effective level fails closed to `"off"` even if the session still says `"on"` or `"full"`. Explicit `/elevated off` is sticky and immediately clears grants. - New `SessionElevatedToolGrant` type and `elevatedGrants` field on `SessionEntry` for per-tool grant storage - New `tools.elevated.ttlMs` config option (global + per-agent override) with Zod validation (`z.number().int().positive().optional()`) - `resolveEffectiveElevatedExecLevel` replaces inline elevated-level resolution in `get-reply-directives.ts` and `directive-handling.levels.ts` - Grant set/clear logic added to both `directive-handling.impl.ts` (directive-only path) and `directive-handling.persist.ts` (mixed-message path) - Unit tests cover grant set/clear, TTL expiry, directive mapping, and fallback defaults <h3>Confidence Score: 4/5</h3> - This PR is safe to merge with low risk — it adds a security-hardening layer (TTL grants) with fail-closed defaults and good test coverage. - Score reflects well-structured TTL enforcement with defensive coding patterns (input clamping, fail-closed expiry, runtime type narrowing), consistent integration across both directive-only and mixed-message code paths, and unit test coverage for core grant lifecycle. Minor redundancy (double TTL clamping) is harmless. The behavioral change where `/elevated on` now resolves to "ask" rather than "on" at the effective level is intentional and consistent with the grant model. One point deducted because test coverage could be broader (e.g., missing tests for `resolveElevatedGrantTtlMs` agent vs global fallback, or the `elevatedAllowed: false` early return). - `src/auto-reply/reply/reply-elevated.ts` is the core logic file and deserves the most scrutiny during review. The grant resolution function `resolveEffectiveElevatedExecLevel` has nuanced control flow with multiple return paths. _{Last reviewed commit: 8934502} <!-- greptile_other_comments_section --> **Context used:** - Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=fd949e91-5c3a-4ab5-90a1-cbe184fd6ce8)) - Context from `dashboard` - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=0d0c8278-ef8e-4d6c-ab21-f5527e322f13)) <!-- /greptile_comment -->