- Add docker risk markers config (config/docker_risk_markers.json) and load it in tools permission evaluation.
- In docker mode, pre-evaluate run_command/terminal_input: readonly-safe and no-risk -> direct run; otherwise require approval/auto-approval.
- Keep docker write_file/edit_file behavior aligned with agreed policy: approval requires review, auto_approval passes directly.
- Pass risk markers into auto approval payload and include current working directory context for approval agent.
- Fix permission dropdown layout: only use split two-column menu when execution mode section is enabled; remove empty right blank area in docker mode.
- Center mobile approval overlay to prevent sheet overflow on small screens.