Dangerous mode: opt-in guardrail bypass for autonomous execution

[kovtcharov]

Summary

Add an opt-in dangerous mode that completely disables all guardrails — no confirmation prompts, no action tier restrictions. The agent executes everything immediately without asking. Disabled by default.

Parent issue: #555 (Autonomous mode)

Use Cases

• Power users who trust the agent fully
• Demos and presentations
• Automated pipelines where the agent runs without human-in-the-loop

UI

• Settings toggle: "Dangerous Mode" (off by default, requires confirmation dialog to enable)
• When enabled: persistent red banner — "Dangerous mode is ON — the agent will execute all actions without confirmation"
• CLI flag: gaia chat --autonomous --dangerous
• Config: dangerous_mode: true in agent config

Dangerous + Autonomous Double Confirmation

Enabling dangerous mode while autonomous mode is on triggers an additional confirmation:
"Dangerous mode with autonomous execution means the agent can take destructive actions without your approval, even when you are not watching. Are you sure?"

This combination requires explicit acknowledgment because the agent may act between sessions with no user present.

Standard Guardrail Tiers (for reference — dangerous mode skips all of these)

Tier	Actions	Normal Behavior
Safe	Memory recall, file read, web search, system info	Execute freely
Notify	File write, model switch, schedule creation	Execute + toast
Confirm	Browser automation, delete files, external APIs	Block until approved

Acceptance Criteria

• Dangerous mode toggle in settings with confirmation dialog
• Red persistent banner when enabled
• All guardrail tiers bypassed in dangerous mode
• Double confirmation when both dangerous + autonomous are on
• CLI --dangerous flag
• Config file support
• Can be disabled at any time (immediate effect)