# Source audit: security-gate Decision: disabled, report-only locally. Real tool approval belongs to OMP approval runtime; `miloc-pi` must port or thin-wrap that behavior before enabling a security/policy plugin. Current local state: - `extensions/security-gate/index.ts` registers only `/security-audit`. - The extension no longer registers a `tool_call` hook and cannot block tool execution. - `/security-audit` reports that OMP approval policy is the source truth and shows historical local audit events if any exist. - The extension is disabled by default through `package.json#pi.extensions`. OMP source evidence: - `/tmp/oh-my-pi-review/docs/approval-mode.md` documents approval tiers, `tools.approvalMode`, per-tool `tools.approval.` policies, yolo behavior, safety overrides, and prompt details. - `/tmp/oh-my-pi-review/packages/coding-agent/src/tools/approval.ts` owns `resolveApproval`, `requiresApproval`, policy normalization, tier comparison, and approval prompt formatting. - `/tmp/oh-my-pi-review/packages/coding-agent/src/extensibility/extensions/wrapper.ts` runs approval checks before extension `tool_call` handlers and before actual tool execution. - `/tmp/oh-my-pi-review/packages/coding-agent/src/tools/bash.ts` declares command-sensitive approval with critical-pattern override reasons. - `/tmp/oh-my-pi-review/packages/coding-agent/src/tools/write.ts`, `/tmp/oh-my-pi-review/packages/coding-agent/src/tools/browser.ts`, `/tmp/oh-my-pi-review/packages/coding-agent/src/task/index.ts`, and `/tmp/oh-my-pi-review/packages/coding-agent/src/lsp/index.ts` declare tool-specific approval tiers and prompt details. - `/tmp/oh-my-pi-review/packages/coding-agent/src/config/settings-schema.ts` defines `tools.approval` and `tools.approvalMode` settings. Implementation boundary: - Do not keep local blocking `tool_call` classification as product behavior. - Do not call this extension product-ready until it configures or reports OMP approval policy without bypassing native prompt/deny/allow behavior. - `_shared/permissions.classifyToolCall` is diagnostic/test support only until it is reconciled with OMP approval semantics. License note: OMP files are source evidence for the future port. No OMP implementation code was copied in the report-only slice.