refactor(plan) Clean default plan toml (#25037)

packages/core/src/policy/policies/plan.toml

@@ -80,6 +80,9 @@ priority = 40
 modes = ["plan"]
 denyMessage = "You are in Plan Mode with access to read-only tools. Execution of scripts (including those from skills) is blocked."
 
+# Explicitly allowed tools in Plan Mode (interactive: ask user, non-interactive: deny)
+# Priority 50 overrides the catch-all (40) and also ensures we override default tier ALLOW rules (e.g. from read-only.toml).
+
 [[rule]]
 toolName = "*"
 mcpName = "*"
@@ -89,15 +92,6 @@ priority = 50
 modes = ["plan"]
 interactive = true
 
-[[rule]]
-toolName = "*"
-mcpName = "*"
-toolAnnotations = { readOnlyHint = true }
-decision = "deny"
-priority = 50
-modes = ["plan"]
-interactive = false
-
 # Allow specific subagents in Plan mode.
 # We use argsPattern to match the agent_name argument for invoke_agent.
 [[rule]]
@@ -115,13 +109,6 @@ priority = 50
 modes = ["plan"]
 interactive = true
 
-[[rule]]
-toolName = ["ask_user", "save_memory", "web_fetch", "activate_skill"]
-decision = "deny"
-priority = 50
-modes = ["plan"]
-interactive = false
-
 # Allow write_file and replace for .md files in the plans directory (cross-platform)
 # We split this into two rules to avoid ReDoS checker issues with nested optional segments.
 # This rule handles the case where there is a session ID in the plan file path