fix(core): 添加 Agent 级别的 bash 权限检查

在 getVercelTools 中添加 Agent 权限检查层，确保 Plan Agent 的 bash 规则
（如 touch * -> deny）在工具执行前生效，而不是仅依赖全局权限管理器。

packages/core/src/core/agent.ts

@@ -17,7 +17,7 @@ import {
   type CompressionConfig,
 } from '../context/index.js';
 import type { AgentInfo, ImageData } from '../agent/types.js';
-import { agentRegistry, AgentExecutor, SystemPrompt } from '../agent/index.js';
+import { agentRegistry, AgentExecutor, SystemPrompt, checkBashPermission } from '../agent/index.js';
 import { loadVisionConfig } from '../utils/config.js';
 import { getProviderRegistry, resolveApiKey } from '../provider/index.js';
 import { getHookManager } from '../hooks/index.js';
@@ -272,6 +272,21 @@ export class Agent {
             finalArgs = beforeOutput.args;
           }
 
+          // Agent 级别的权限检查（在全局权限检查之前）
+          if (tool.name === 'bash' && this.currentAgentMode?.permission?.bash) {
+            const command = finalArgs.command as string;
+            if (command) {
+              const action = checkBashPermission(command, this.currentAgentMode.permission.bash);
+              if (action === 'deny') {
+                return {
+                  success: false,
+                  output: '',
+                  error: `[Agent 权限拒绝] 当前模式 (${this.currentAgentMode.name}) 禁止执行此命令: ${command}`,
+                };
+              }
+            }
+          }
+
           // 执行工具
           const startTime = Date.now();
           let result = await tool.execute(finalArgs);