feat(core): 重构 Plan 模式工具，新增 allowedWritePaths 路径限制

Plan 工具重构：
- 移除 plan_mode_respond 工具
- 新增 ask_user_question 工具：向用户提问并获取回复
- 新增 enter_plan_mode 工具：进入计划模式
- 新增 exit_plan_mode 工具：退出计划模式

allowedWritePaths 功能：
- AgentFilePermission 新增 allowedWritePaths 字段
- permission-merger 添加 isPathInAllowedWritePaths 检查函数
- executor 在写入操作时检查路径限制

packages/core/src/agent/executor.ts

@@ -15,7 +15,7 @@ import type {
   AgentExecutionResult,
   ImageData,
 } from './types.js';
-import { checkBashPermission } from './permission-merger.js';
+import { checkBashPermission, isPathInAllowedWritePaths } from './permission-merger.js';
 import { getProviderRegistry } from '../provider/index.js';
 
 /**
@@ -261,6 +261,17 @@ export class AgentExecutor {
         if (action === 'deny') {
           return { allowed: false, reason: `${operation} 操作被禁止` };
         }
+
+        // 检查 allowedWritePaths 限制（仅对 write 操作）
+        if (operation === 'write' && filePermission.allowedWritePaths) {
+          const filePath = params.path as string;
+          if (filePath && !isPathInAllowedWritePaths(filePath, filePermission.allowedWritePaths)) {
+            return {
+              allowed: false,
+              reason: `写入路径不在允许列表中: ${filePath}。只能写入: ${filePermission.allowedWritePaths.join(', ')}`,
+            };
+          }
+        }
       }
     }