fix(bridge): auto-approve crash — DOM observer Deny filter + bot reject-word guard + AGENT rule

bot.py

@@ -564,12 +564,41 @@ class GravityBot(commands.Bot):
 
                 # ── Auto-approve: if project has auto enabled, approve immediately ──
                 if project in self.auto_approve_projects:
+                    # Defence: reject-word commands should NEVER be auto-approved
+                    # (DOM observer may create standalone "Deny" pending from file_permission UI)
+                    reject_commands = {"deny", "reject", "cancel", "decline", "dismiss", "stop"}
+                    if req.command.strip().lower() in reject_commands:
+                        logger.warning(f"Auto-approve BLOCKED: command='{req.command}' is reject-word — skipping")
+                        self._sent_approval_ids.add(req.request_id)
+                        continue
+
                     self._sent_approval_ids.add(req.request_id)
+
+                    # Smart button_index: read buttons array from pending file
+                    # file_permission buttons = [Allow Once(0), Allow This Conv(1), Deny(2)]
+                    # MUST pick non-reject button for safety
+                    approve_btn_index = 0
+                    pending_file = self.bridge.pending_dir / f"{req.request_id}.json"
+                    if pending_file.exists():
+                        try:
+                            pdata = json.loads(pending_file.read_text(encoding="utf-8-sig"))
+                            btns = pdata.get("buttons")
+                            if btns and len(btns) > 1:
+                                reject_words = {"deny", "reject", "cancel", "reject all",
+                                                "decline", "dismiss", "stop"}
+                                for b in btns:
+                                    txt = b.get("text", "").lower().strip()
+                                    if txt not in reject_words:
+                                        approve_btn_index = b.get("index", 0)
+                                        break
+                        except (json.JSONDecodeError, OSError):
+                            pass
+
                     # Write auto-approve response for Extension
                     self.bridge.write_response(UserResponse(
                         request_id=req.request_id,
                         approved=True,
-                        button_index=0,  # first button (Allow Once / Run)
+                        button_index=approve_btn_index,
                         step_type=getattr(req, 'step_type', ''),
                         project_name=project,
                     ))
@@ -583,7 +612,7 @@ class GravityBot(commands.Bot):
                         )
                         embed.set_footer(text=f"auto-approve | {req.request_id[:12]}")
                         await channel.send(embed=embed)
-                    logger.info(f"Auto-approved: {req.request_id[:12]} project={project}")
+                    logger.info(f"Auto-approved: {req.request_id[:12]} project={project} btn_idx={approve_btn_index}")
                     continue
 
                 # Defer short-command pendings (e.g. "Run") by 4 cycles (~12s)