@ironbee-ai/cli 0.8.3 → 0.9.0

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 0.9.0 (2026-05-11)
+
+### Features
+
+* **backend:** support backend platform ([#10](https://github.com/ironbee-ai/ironbee-cli/issues/10)) ([516aad3](https://github.com/ironbee-ai/ironbee-cli/commit/516aad32915d05da07e971fa151678652d97b5b4))
+
 ## 0.8.3 (2026-05-09)
 
 ### Features

package/README.md

@@ -115,15 +115,37 @@ ironbee import --all-projects --since 6m --concurrency 2
 - `--concurrency <N>` — parallel sessions (default 4, clamped to `[1, 32]`); also configurable via `import.concurrency` in `~/.ironbee/config.json` or `<project>/.ironbee/config.json`
 
 
-### Optional: enable Node backend verification
+### Optional: opt out of the browser cycle
 
 ```bash
-ironbee enable-backend node
+ironbee browser disable
 ```
 
-Run this once per project that has Node backend code you want IronBee to gate. It writes opinionated default `verifyPatterns` (e.g. `server/**`, `pages/api/**`, `**/server.{ts,js,mjs,cjs}`) under `backend.node.verifyPatterns` in the project config. From then on, edits to matching paths require Node-cycle verification (connect + probes/logs) alongside any browser-cycle verification.
+The **browser cycle** is the default-on cycle — every code-file edit (40+ extensions: `.ts`, `.tsx`, `.css`, `.html`, `.py`, `.go`, `.java`, …) requires browser-driven verification (navigate / screenshot / aria / console). Run `browser disable` for projects where you don't want browser-cycle enforcement (e.g. backend-only services where only `node enable` / `backend enable` apply). It writes `browser.verifyPatterns: []` to override the legacy 40+ extension default; customizations of `alwaysRequired` / `evidencePaths` / `additionalVerifyPatterns` are preserved.
 
-To revert: `ironbee disable-backend node`. This empties `verifyPatterns` (no enforcement) but preserves any customizations you made to `alwaysRequired` / `evidencePaths`, so re-enabling later restores your tuned setup.
+To re-enable: `ironbee browser enable` — strips the `verifyPatterns: []` override so the code defaults (legacy 40+ extension list) flow back in at runtime. `config.json` stays minimal; the default list is NOT materialized into the file (it lives in code and tracks the CLI version automatically).
+
+### Optional: enable Node.js runtime debug verification
+
+```bash
+ironbee node enable
+```
+
+Run this once per project whose backend is Node.js and you want IronBee to gate at the runtime level (V8 inspector probes via `node-devtools`). It writes a minimal `{ "node": {} }` block to config — code defaults (e.g. `server/**`, `pages/api/**`, `**/server.{ts,js,mjs,cjs}`) flow in at runtime; nothing is materialized into the file. From then on, edits to matching paths require Node-cycle verification (connect + probes/logs) alongside any browser-cycle verification. To customize, set `node.verifyPatterns` (replaces defaults) or `node.additionalVerifyPatterns` (appends).
+
+To revert: `ironbee node disable`. With no customizations the entire `node` block is dropped (clean config). With customizations or a lower-layer override, writes `verifyPatterns: []` (hard kill, preserves `alwaysRequired` / `evidencePaths` / `additionalVerifyPatterns` so re-enabling later restores your tuned setup).
+
+### Optional: enable runtime-agnostic backend protocol verification
+
+```bash
+ironbee backend enable
+```
+
+Activates the **backend protocol cycle** — drives real HTTP / gRPC / GraphQL / WebSocket calls against your running backend service via the `backend-devtools` MCP (`bedt_*` tools) and verifies the responses. Works for any backend runtime: Node, Java, Python, Go, Rust, Ruby, .NET, PHP, Elixir, Kotlin, Scala. The command writes a minimal `{ "backend": {} }` block to config — code defaults (multi-language paths covering `server/**`, `api/**`, `routes/**`, `controllers/**`, `handlers/**`, `services/**`) flow in at runtime.
+
+The backend cycle is independent of the node cycle — node attaches to a Node.js process and sets non-blocking debug probes; backend drives the wire protocol from outside. Both can be enabled simultaneously; both must pass.
+
+To revert: `ironbee backend disable` (drops the block clean if no customizations / lower-layer override; otherwise hard-kills via `verifyPatterns: []`).
 
 ### Optional: monitoring-only mode (no enforcement)
 
@@ -140,7 +162,7 @@ The toggle re-renders all client artifacts (hooks, skill, rule, MCP servers, per
 Cursor requires manual activation of MCP servers after install:
 
 1. **Restart Cursor** to load the new hooks and MCP config
-2. Go to **Settings → Tools & MCP** and verify both **browser-devtools** and **node-devtools** are enabled
+2. Go to **Settings → Tools & MCP** and verify all three of **browser-devtools**, **node-devtools**, and **backend-devtools** are enabled
 3. If a server shows as enabled but tools are unavailable, toggle it off and on
 
 > **Note:** This is a [known Cursor limitation](https://forum.cursor.com/t/mcp-tools-only-available-to-agent-after-manually-toggling-server-off-on-even-when-already-enabled/152859) — MCP servers added via `mcp.json` may need manual activation.
@@ -157,8 +179,9 @@ ironbee uninstall [project-dir] [--client <name>] [--all] [-y]   Remove hooks an
 ironbee status [project-dir]                      Show verdict status for active sessions
 ironbee verify [session-id]                       Dry-run verdict validation
 ironbee analyze [session-id]                      Analyze session metrics (or all sessions)
-ironbee enable-backend <runtime>                  Opt into backend verification (today: node)
-ironbee disable-backend <runtime>                 Opt out (resets verifyPatterns to []; preserves customizations)
+ironbee browser <enable|disable>                  Manage the browser cycle (default-on; bdt_* tools via browser-devtools)
+ironbee node <enable|disable>                     Manage the Node.js runtime debug cycle (V8 inspector probes via node-devtools)
+ironbee backend <enable|disable>                  Manage the runtime-agnostic backend protocol cycle (HTTP/gRPC/GraphQL/WS via backend-devtools)
 ironbee enable-verification                       Turn enforcement on (default state)
 ironbee disable-verification                      Monitoring-only mode (no enforcement; sessions still ship to collector)
 ironbee config get <key>                          Read a config value (default: merged effective value)
@@ -176,7 +199,7 @@ ironbee unregister                                Remove this project from the u
 
 - **`ironbee install --all`** — explicit batch op that re-runs install on every registered project. Use after a global config change to propagate it everywhere; uses each project's currently detected clients (or pass `--client <name>` to override).
 - **`ironbee uninstall --all`** — destructive batch op that wipes ironbee from every registered project. Prompts with default-No before acting; pass `--yes` / `-y` to skip the prompt. Refuses without `--yes` in non-interactive contexts.
-- **Prompt on global config writes** — `ironbee config set <key> <val> -g` (and `unset`) on an artifact-affecting key (`collector`, `verification`, `browser`, `backend`, `browserDevTools`, `nodeDevTools`) lists up to 10 other registered project paths still on the prior state and asks `Apply this change to these N projects now? [Y/n]` (default Yes). Pass `--apply-all` / `--no-apply-all` to skip the prompt; non-TTY contexts skip it and print a hint pointing at `install --all`.
+- **Prompt on global config writes** — `ironbee config set <key> <val> -g` (and `unset`) on an artifact-affecting key (`collector`, `verification`, `browser`, `node`, `backend`, `browserDevTools`, `nodeDevTools`, `backendDevTools`) lists up to 10 other registered project paths still on the prior state and asks `Apply this change to these N projects now? [Y/n]` (default Yes). Pass `--apply-all` / `--no-apply-all` to skip the prompt; non-TTY contexts skip it and print a hint pointing at `install --all`.
 
 For pure inventory bookkeeping (no artifact writes):
 
@@ -232,18 +255,18 @@ IronBee loads config from two locations (project deep-merges over global):
 
 | Key | Description | Default |
 |-----|-------------|---------|
-| `browser.verifyPatterns` | Glob patterns for files requiring **browser** verification (replaces defaults) | 40+ code extensions |
+| `browser.verifyPatterns` | Glob patterns for files requiring **browser** verification (replaces defaults). Four-state semantic: block-absent → code defaults (40+ ext, default-on); block-present + verifyPatterns unset → code defaults (post-`browser enable` shape); `[]` → hard kill (also disables `additionalVerifyPatterns`); custom `[...]` → user-defined. | 40+ code extensions when block absent OR `verifyPatterns` unset |
 | `browser.additionalVerifyPatterns` | Extra browser patterns appended to defaults | `[]` |
-| `backend.<runtime>.verifyPatterns` | Glob patterns for files requiring **backend** verification, per runtime (today: `node`). Empty by default — opt in via `ironbee enable-backend <runtime>`. | `[]` |
-| `backend.<runtime>.additionalVerifyPatterns` | Extra backend patterns | `[]` |
+| `node.verifyPatterns` | Glob patterns activating the **Node.js runtime debug cycle** (`node-devtools` MCP, `ndt_*` tools — V8 inspector probes). Empty by default — opt in via `ironbee node enable`. | `[]` |
+| `node.additionalVerifyPatterns` | Extra patterns appended to `node.verifyPatterns` | `[]` |
+| `backend.verifyPatterns` | Glob patterns activating the **runtime-agnostic backend protocol cycle** (`backend-devtools` MCP, `bedt_*` tools — HTTP/gRPC/GraphQL/WebSocket). Empty by default — opt in via `ironbee backend enable`. | `[]` |
+| `backend.additionalVerifyPatterns` | Extra patterns appended to `backend.verifyPatterns` | `[]` |
 | `ignoredVerifyPatterns` | Patterns to exclude from verification (checked first, applies to all cycles) | `[]` |
 | `maxRetries` | Max retry attempts before allowing completion (single global counter regardless of how many cycles run) | `3` |
 | `verification.enable` | Master switch for enforcement. **Inverse semantics from `recording`/`jobQueue`/`collector`** — verification is the core feature, opt-out via `enable: false`. When disabled, ironbee runs in monitoring-only mode (no enforcement hooks, skill, rule, or MCP servers; only session/activity/tool_call telemetry flows to the collector). | `true` |
 | `fileChange.captureChangeset` | When `true`, every `file_change` event carries a hunks-only unified-diff `changeset` string (`@@` headers + `space`/`-`/`+` lines, no filename header — `file_path` already lives on the parent event). Off by default — the default `tool_input` whitelist deliberately strips file content from the wire; turning this on routes content through `file_change` instead. PreToolUse pre-reads the file when enabled so PostToolUse can produce a real before/after diff (Write/Edit on Claude; Write/StrReplace/Delete on Cursor). Skipped on binary content (NUL byte in first 4 KB). | `false` |
 | `fileChange.maxChangesetBytes` | Hard cap on the `changeset` string size. Diffs over the cap are sliced on a UTF-8 byte boundary and end with a `\n... (truncated, N bytes omitted)\n` footer so the collector POST stays within typical reverse-proxy body limits. | `65536` (64 KB) |
 
-> **Migrating from older versions:** the previous flat `verifyPatterns` / `additionalVerifyPatterns` at the top level is no longer supported. The config loader fails loudly on legacy shape — move them under `browser.*` (or the appropriate runtime under `backend.<runtime>.*`).
-
 ### Editing config from the CLI (`ironbee config`)
 
 You can edit either config file via the CLI instead of hand-rolling JSON:
@@ -273,7 +296,7 @@ ironbee config path                # print the project config file path
 
 **Type coercion** — `set` parses the value as JSON when it can (`true`/`42`/`[…]`/`{…}`) and falls back to a raw string when JSON parse fails. URLs and paths pass through unquoted; pass `--json` to force strict JSON parsing (e.g. when you want the literal string `"42"` instead of the number `42`).
 
-**Smart artifact re-render** — when a top-level key affects installed client artifacts (`verification`, `collector`, `browser`, `backend`, `browserDevTools`, `nodeDevTools`), `set` and `unset` re-render the client files (hooks, MCP entries, skill, rule, permissions) automatically — same code path `enable-verification` / `enable-backend` use. Other keys (`maxRetries`, `recording`, `jobQueue`, `analytics`, `import`, `ignoredVerifyPatterns`) are pure config flips that the next agent session picks up — no rerender needed.
+**Smart artifact re-render** — when a top-level key affects installed client artifacts (`verification`, `collector`, `browser`, `node`, `backend`, `browserDevTools`, `nodeDevTools`, `backendDevTools`), `set` and `unset` re-render the client files (hooks, MCP entries, skill, rule, permissions) automatically — same code path `enable-verification` / `node enable` / `backend enable` use. Other keys (`maxRetries`, `recording`, `jobQueue`, `analytics`, `import`, `ignoredVerifyPatterns`) are pure config flips that the next agent session picks up — no rerender needed.
 
 Pass `--no-rerender` to skip the rerender on artifact-affecting keys (handy for scripted bulk edits — follow up with `ironbee install` to resync). If a rerender fails midway, the config file is rolled back to its prior bytes so disk state never diverges from installed artifacts.
 
@@ -281,9 +304,11 @@ Pass `--no-rerender` to skip the rerender on artifact-affecting keys (handy for
 
 ### Default verify patterns
 
-By default, the **browser cycle** matches common code file extensions: `.ts`, `.tsx`, `.js`, `.jsx`, `.css`, `.scss`, `.html`, `.py`, `.go`, `.rs`, `.java`, `.vue`, `.svelte`, and [many more](src/lib/config.ts). Backend file edits trigger browser verification by default since they often affect frontend behavior.
+By default, the **browser cycle** is enabled and matches common code file extensions: `.ts`, `.tsx`, `.js`, `.jsx`, `.css`, `.scss`, `.html`, `.py`, `.go`, `.rs`, `.java`, `.vue`, `.svelte`, and [many more](src/lib/config.ts) (`DEFAULT_BROWSER_VERIFY_PATTERNS`). Backend file edits trigger browser verification by default since they often affect frontend behavior. Run `ironbee browser disable` for projects where the browser-cycle gate isn't appropriate (e.g. backend-only services); `ironbee browser enable` re-enables.
+
+**Patterns are NOT materialized into `config.json`** — they live in the CLI source (`DEFAULT_BROWSER_VERIFY_PATTERNS` / `DEFAULT_NODE_VERIFY_PATTERNS` / `DEFAULT_BACKEND_VERIFY_PATTERNS`) and flow in at runtime when the cycle block exists without an explicit `verifyPatterns` key. Keeps `config.json` minimal AND lets defaults track CLI updates automatically (no frozen-at-install-time drift). To customize, set the explicit `<cycle>.verifyPatterns` (replaces defaults) or `<cycle>.additionalVerifyPatterns` (appends).
 
-The **node cycle** has no default patterns — running `ironbee enable-backend node` writes opinionated defaults (`server/**`, `pages/api/**`, etc.) which you can customize after.
+The **node cycle** is opt-in via `ironbee node enable` (only meaningful for Node.js backends — `node-devtools` is a V8 inspector wrapper). The **backend cycle** is opt-in via `ironbee backend enable` and is runtime-agnostic (drives wire protocols via `backend-devtools`).
 
 Non-code files like `README.md`, `package.json`, or `.gitignore` do not trigger any cycle.
 
@@ -342,7 +367,7 @@ You can mix-and-match: full config replacement via `mcp`, or just env-var additi
 When the agent tries to complete a task, IronBee runs these checks:
 
 1. **Were code files edited?** — If no matching files were changed, the agent completes normally.
-2. **Which cycles are active?** — IronBee matches each edited file against `browser.verifyPatterns` and (if you opted in) `backend.<runtime>.verifyPatterns`. A single file may activate both cycles; both then run in parallel.
+2. **Which cycles are active?** — IronBee matches each edited file against `browser.verifyPatterns` and (if you opted in) `node.verifyPatterns` and/or `backend.verifyPatterns`. A single file may activate two or three cycles; they all run in parallel and pass/fail combine with AND.
 3. **Were the cycle's required tools used?**
    - **Browser cycle**: navigate, screenshot, accessibility snapshot, console check (all-of)
    - **Node cycle**: connect; then either probe path (`(put-tracepoint | put-logpoint | put-exceptionpoint) AND get-probe-snapshots`) OR log path (`get-logs`)

package/dist/clients/claude/commands/ironbee-verify.md

@@ -1,120 +1,38 @@
 # IronBee Verify
 
-Verify the current code changes through real tools — browser interaction for frontend, runtime-specific debugger for any enabled backend cycle.
+Verify the current code changes through real tools. The gate runs every cycle that has been wired up for this project, and all active cycles must be satisfied within a single verification cycle for `status: pass`. Each cycle has its own tools, flow, and verdict fields — **see the platform sections near the bottom of this file** for which cycles apply and what to call.
 
-## Usage
-- `/ironbee-verify` — **default** — focus on what changed, visual + functional checks on affected areas (browser-cycle modes; any enabled backend-runtime cycle runs alongside automatically — see runtime section below)
-- `/ironbee-verify full` — **full scope** — entire application, all checklists, edge cases, responsive, accessibility deep dive
-- `/ironbee-verify visual` — **visual only** — contrast, layout, spacing, fonts, images, theming
-- `/ironbee-verify functional` — **functional only** — clicks, forms, navigation, data flow, error handling
-
-If no argument is given, use **default** mode. The mode argument controls only the browser-cycle thoroughness — any active backend-runtime cycle runs the same way regardless of mode.
-
-A backend-runtime cycle (e.g. `node` after `ironbee enable-backend node`) may also be active for this project — **see the runtime section near the bottom of this file** for whether it applies and which tools to call.
-
----
-
-## Steps (all modes)
+## Universal steps
 
 1. **Start verification**: Run `echo '{"session_id":"<your-session-id>"}' | ironbee hook verification-start` via Bash (substitute the actual session ID printed by the SessionStart hook).
-2. **Build and start** the application if not already running
-3. **For EVERY page you visit**, repeat this cycle:
-   a. **Navigate** using `mcp__browser-devtools__bdt_navigation_go-to`
-   b. **Take a FULL PAGE screenshot** using `mcp__browser-devtools__bdt_content_take-screenshot` with `fullPage: true`
-   c. **Take an ARIA snapshot** using `mcp__browser-devtools__bdt_a11y_take-aria-snapshot`
-   d. **STOP and visually analyze the screenshot** — switch your focus entirely to finding visual problems. Look at this screenshot as if your ONLY job is to find visual defects:
-      **WARNING: ARIA reports DOM content, not what the user actually sees.** Do NOT assume the page looks correct just because ARIA shows the right content. Only the screenshot tells you what the user actually sees.
-      - Text readability — is it readable against its background? Look for text that blends in or poor contrast
-      - Layout — overlapping elements, unexpected gaps, overflow, content cut off
-      - Spacing — consistent padding/margin? Too cramped or too far apart?
-      - Colors — intentional and consistent? Any jarring mismatches?
-      - Typography — right sizes? Clipped or truncated text?
-      - Images/icons — loaded? Right size and aspect ratio?
-      - States — empty, loading, disabled, error states rendered properly?
-      Report your visual findings before continuing.
-   e. **Read the ARIA snapshot** — verify headings, labels, landmarks, and structure
-   f. If anything looks wrong → note it as an issue
-4. **Functionally test** — run the checklist for your mode (see below). After each significant interaction, take another screenshot and repeat the visual analysis.
-5. **Check console** for errors using `mcp__browser-devtools__bdt_o11y_get-console-messages`
-6. **Stop** the dev server when verification is complete
-7. **If recording was started, stop it now** — `mcp__browser-devtools__bdt_content_stop-recording`. submit-verdict rejects with `"recording is still active"` when this step is skipped. (Recording is a server-side opt-in via `recording.enable` — when on, the gate forces `bdt_content_start-recording` BEFORE the steps above and demands the matching stop here.)
-8. **Submit your verdict** via Bash:
-    - Pass: `echo '{"session_id":"...","status":"pass","pages_tested":[...],"checks":[...],"console_errors":0,"network_failures":0}' | ironbee hook submit-verdict`
-    - Fail: `echo '{"session_id":"...","status":"fail","pages_tested":[...],"checks":[...],"console_errors":N,"network_failures":N,"issues":["describe what failed"]}' | ironbee hook submit-verdict`
-9. **If failed** → collect ALL issues first (finish testing all affected pages), submit one fail verdict with all issues, then fix everything, rebuild, and re-verify. Do not fix one issue at a time — batch fixes to avoid repeated build/restart cycles.
-10. If pass after a previous fail, include `"fixes"` in the verdict describing what was fixed
-
----
-
-## Default Mode
-
-Focus on the code you changed — not the entire application.
-
-### 1. Study the changes
-1. Run `git diff --name-only` and `git diff --name-only HEAD~1`
-2. **Ignore `.ironbee/`, `.claude/`, `.cursor/`** — tool config, not application code
-3. **Read the full diff** (`git diff` and/or `git diff HEAD~1`) — understand every change: what was added, removed, modified. Note specific values (colors, sizes, conditions, logic, API endpoints, component props).
-4. Before opening the browser, you should be able to answer: what exactly changed, what should look or behave differently, and what could go wrong?
-
-### 2. Verify in the browser
-- **Cross-reference the diff against what you see.** For each change in the diff, verify it is correctly reflected in the browser. If the diff changes a color → check that color. If it changes a calculation → verify the result. If it adds a component → confirm it renders.
-- **Test the flow end-to-end** — navigate, click, fill forms, submit, verify the outcome
-- **Check one edge case** — empty input, invalid data, or double-click
-- **Console** — any new errors or warnings?
-
----
-
-## Full Mode (`/ironbee-verify full`)
-
-Comprehensive verification of the **entire application**. Do NOT run `git diff` or scope to recent changes. Test every page, every flow, every visual detail. Any issue is a failure, regardless of when it was introduced.
-
-### Visual Checklist
-In addition to the per-page visual analysis in step 3d:
-- **Responsiveness** — does the layout adapt if viewport changes? No horizontal scrolling on standard widths
-- **Borders & separators** — visible and consistent? Not too faint or missing
-- **Scroll behavior** — does the page scroll smoothly? No content hidden behind sticky headers/footers?
-
-### Functional Checklist
-- **Navigation** — do links and buttons navigate to the correct pages?
-- **Forms** — fill inputs with real data, select options, submit. Do validation messages appear correctly?
-- **Buttons & interactions** — do click handlers fire? Do toggles, dropdowns, and modals work?
-- **Data flow** — does submitted data appear where expected?
-- **Error handling** — what happens with invalid input? Does the UI handle errors gracefully?
-- **Authentication** — if applicable, do protected routes redirect correctly?
-- **API calls** — do network requests succeed? Check for failed requests in console/network
-- **State persistence** — does state survive page refresh where expected?
-- **Edge cases** — empty inputs, very long text, special characters, rapid clicks
-
-### Accessibility (deep dive)
-- Are headings hierarchical? Do form inputs have labels? Are landmarks present?
-- Check for missing alt text on images
+2. **Build and start** the application if not already running.
+3. **For every active cycle, run its flow** as described in the platform sections near the bottom of this file. All active cycles must be exercised within this same verification cycle.
+4. **Stop** the dev server when verification is complete.
+5. **Honor any cycle-specific teardown** noted in the platform sections BEFORE submitting your verdict.
+6. **Submit your verdict** via Bash. Include fields for every active cycle:
+    - Pass: `echo '{"session_id":"...","status":"pass", ...cycle-specific fields...}' | ironbee hook submit-verdict`
+    - Fail: `echo '{"session_id":"...","status":"fail", ...cycle-specific fields..., "issues":["describe what failed"]}' | ironbee hook submit-verdict`
+7. **If failed** → collect ALL issues first (finish testing every active cycle), submit one fail verdict with all issues, then fix everything, rebuild, and re-verify. Do not fix one issue at a time — batch fixes to avoid repeated build/restart cycles.
+8. If pass after a previous fail, include `"fixes"` in the verdict describing what was fixed.
 
 ---
 
-## Visual Mode (`/ironbee-verify visual`)
+<!--IRONBEE:PLATFORM:browser-->
+<!--/IRONBEE:PLATFORM:browser-->
 
-Focus exclusively on visual quality. Run the per-page visual analysis from step 3d on every page, plus:
-- **Responsiveness** — viewport changes, no horizontal scrolling
-- **Borders & separators** — visible and consistent?
-- **Scroll behavior** — smooth scrolling, no hidden content
+<!--IRONBEE:PLATFORM:node-->
+<!--/IRONBEE:PLATFORM:node-->
 
-Take screenshots of **multiple states** if applicable (hover, active, disabled, empty, populated).
-
----
-
-## Functional Mode (`/ironbee-verify functional`)
-
-Focus exclusively on behavior. Use the same functional checklist as Full Mode above.
-
-Test the **complete user flow**, not just the single step you changed.
+<!--IRONBEE:PLATFORM:backend-->
+<!--/IRONBEE:PLATFORM:backend-->
 
 ---
 
 ## When to FAIL
 
-If you observe ANY problem — wrong data, unexpected errors, visual defects, broken interactions, console errors, data inconsistency between pages — you MUST submit a **fail** verdict.
+If you observe ANY problem on any active cycle — wrong data, unexpected errors, broken interactions, missing evidence, anything that doesn't match the spec — you MUST submit a **fail** verdict.
 
-**Do NOT rationalize away problems.** If something looks wrong or behaves unexpectedly, it IS wrong. In **full** mode, there is no such thing as "pre-existing" — if it's broken, fail it.
+**Do NOT rationalize away problems.** If something looks wrong or behaves unexpectedly, it IS wrong.
 
 **After a fail verdict, you MUST fix the issues and re-verify.** Do not just report and stop.
 
@@ -128,8 +46,3 @@ Your `checks` array must list **specific observations**, not generic statements:
 - ALWAYS submit a verdict after every verification attempt — both pass AND fail
 - Do NOT edit code before submitting a fail verdict
 - **Noticing a bug and submitting pass is the #1 violation** — if you see it, fail it
-
----
-
-<!--IRONBEE:RUNTIME:node-->
-<!--/IRONBEE:RUNTIME:node-->

package/dist/clients/claude/hooks/require-verdict.d.ts

@@ -2,9 +2,9 @@
  * Claude Code — require-verdict hook adapter
  *
  * PreToolUse hook for Write|Edit — blocks file edits if the agent used
- * any devtools tools (browser-devtools or node-devtools) but hasn't
- * submitted a verdict yet. Forces the agent to submit a fail verdict
- * before fixing code.
+ * any devtools tools (browser-devtools / node-devtools / backend-devtools)
+ * but hasn't submitted a verdict yet. Forces the agent to submit a fail
+ * verdict before fixing code.
  *
  * Side effect: when `tool_name === "Write"`, stashes whether the target
  * file already exists so the matching PostToolUse adapter can decide

package/dist/clients/claude/hooks/require-verdict.js

@@ -3,9 +3,9 @@
  * Claude Code — require-verdict hook adapter
  *
  * PreToolUse hook for Write|Edit — blocks file edits if the agent used
- * any devtools tools (browser-devtools or node-devtools) but hasn't
- * submitted a verdict yet. Forces the agent to submit a fail verdict
- * before fixing code.
+ * any devtools tools (browser-devtools / node-devtools / backend-devtools)
+ * but hasn't submitted a verdict yet. Forces the agent to submit a fail
+ * verdict before fixing code.
  *
  * Side effect: when `tool_name === "Write"`, stashes whether the target
  * file already exists so the matching PostToolUse adapter can decide
@@ -38,9 +38,9 @@ async function run(projectDir) {
     const sessionDir = `${projectDir}/.ironbee/sessions/${sessionId}`;
     const actionsFile = `${sessionDir}/actions.jsonl`;
     if ((0, actions_1.hasToolCallsSinceLastVerdict)(actionsFile)) {
-        process.stderr.write(`BLOCKED: You used verification tools (browser-devtools or node-devtools) but did not submit a verdict. You MUST submit a verdict (pass or fail) before editing code.
+        process.stderr.write(`BLOCKED: You used verification tools (browser-devtools / node-devtools / backend-devtools) but did not submit a verdict. You MUST submit a verdict (pass or fail) before editing code.
 
-Submit your verdict first (include cycle-appropriate fields — browser fields for bdt_*, backend_node_* fields for ndt_*):
+Submit your verdict first (include cycle-appropriate fields — browser fields for bdt_*, backend_node_* for ndt_*, backend_endpoints_called/backend_response_statuses for bedt_*):
   echo '{"session_id":"${sessionId}","status":"fail","checks":[...],"issues":["describe what failed"], ...}' | ironbee hook submit-verdict
 
 Then you can edit code to fix the issues.

package/dist/clients/claude/hooks/require-verification.d.ts

@@ -1,15 +1,16 @@
 /**
  * Claude Code — require-verification hook adapter
  *
- * PreToolUse hook for `mcp__browser-devtools__.*|mcp__node-devtools__.*`
- * — blocks devtools tool usage if no active verification cycle. Forces
- * the agent to call `ironbee hook verification-start` before using any
- * verification tooling (browser or node).
+ * PreToolUse hook for the three devtools matchers — `mcp__browser-devtools__.*`,
+ * `mcp__node-devtools__.*`, `mcp__backend-devtools__.*` — blocks devtools tool
+ * usage if no active verification cycle. Forces the agent to call
+ * `ironbee hook verification-start` before using any verification tooling
+ * (browser, node, or backend).
  *
  * When allowed, injects `_metadata` into tool input with sessionId and traceId
  * so the MCP server knows the active session/trace context. The `mcpServer`
  * field is parsed from `tool_name` so each server (browser-devtools /
- * node-devtools) sees its own correct identity.
+ * node-devtools / backend-devtools) sees its own correct identity.
  *
  * Exit 0 = allow tool (with updatedInput containing _metadata)
  * Exit 2 = block tool

package/dist/clients/claude/hooks/require-verification.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"require-verification.d.ts","sourceRoot":"","sources":["../../../../src/clients/claude/hooks/require-verification.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAgCH,wBAAsB,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAoH3D"}
+{"version":3,"file":"require-verification.d.ts","sourceRoot":"","sources":["../../../../src/clients/claude/hooks/require-verification.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAiCH,wBAAsB,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAqH3D"}

package/dist/clients/claude/hooks/require-verification.js

@@ -2,15 +2,16 @@
 /**
  * Claude Code — require-verification hook adapter
  *
- * PreToolUse hook for `mcp__browser-devtools__.*|mcp__node-devtools__.*`
- * — blocks devtools tool usage if no active verification cycle. Forces
- * the agent to call `ironbee hook verification-start` before using any
- * verification tooling (browser or node).
+ * PreToolUse hook for the three devtools matchers — `mcp__browser-devtools__.*`,
+ * `mcp__node-devtools__.*`, `mcp__backend-devtools__.*` — blocks devtools tool
+ * usage if no active verification cycle. Forces the agent to call
+ * `ironbee hook verification-start` before using any verification tooling
+ * (browser, node, or backend).
  *
  * When allowed, injects `_metadata` into tool input with sessionId and traceId
  * so the MCP server knows the active session/trace context. The `mcpServer`
  * field is parsed from `tool_name` so each server (browser-devtools /
- * node-devtools) sees its own correct identity.
+ * node-devtools / backend-devtools) sees its own correct identity.
  *
  * Exit 0 = allow tool (with updatedInput containing _metadata)
  * Exit 2 = block tool
@@ -26,9 +27,10 @@ const logger_1 = require("../../../lib/logger");
 const util_1 = require("../util");
 const stdin_1 = require("../../../lib/stdin");
 /** Fallback MCP server when `tool_name` parsing fails. The matcher routes
- *  both `mcp__browser-devtools__.*` and `mcp__node-devtools__.*` here, so
- *  `extractMcpServerName` is the source of truth — this is only used if the
- *  tool_name field is malformed or absent. */
+ *  all three of `mcp__browser-devtools__.*`, `mcp__node-devtools__.*`, and
+ *  `mcp__backend-devtools__.*` here, so `extractMcpServerName` is the source
+ *  of truth — this fallback is only used if the tool_name field is malformed
+ *  or absent. */
 const FALLBACK_MCP_SERVER_NAME = "browser-devtools";
 async function run(projectDir) {
     let input;
@@ -45,12 +47,12 @@ async function run(projectDir) {
     const actionsFile = `${sessionDir}/actions.jsonl`;
     const verificationId = (0, session_state_1.getActiveVerificationId)(sessionDir);
     if (!verificationId) {
-        process.stderr.write(`BLOCKED: You must start a verification cycle before using devtools tools (browser-devtools or node-devtools).
+        process.stderr.write(`BLOCKED: You must start a verification cycle before using devtools tools (browser-devtools / node-devtools / backend-devtools).
 
 Start verification first:
   echo '{"session_id":"${sessionId}"}' | ironbee hook verification-start
 
-Then use the verification tools for the active cycle(s) — bdt_* for browser, ndt_* for node.
+Then use the verification tools for the active cycle(s) — bdt_* for browser, ndt_* for node, bedt_* for backend.
 `);
         process.exit(2);
     }
@@ -108,13 +110,14 @@ Then use the verification tools for the active cycle(s) — bdt_* for browser, n
     if (input.tool_use_id) {
         metadata.toolUseId = input.tool_use_id;
     }
-    // The matcher routes both `mcp__browser-devtools__.*` and
-    // `mcp__node-devtools__.*` here, so the tool_name reliably encodes a
-    // server. Parse it so each server gets its correct identity in the
-    // metadata. Falls back to a hardcoded browser-devtools constant if
-    // parsing ever fails (malformed tool_name, missing field, …). This
-    // keeps MCP-emitted OTel events tagged with the same `mcp_server`
-    // dimension our own tool_call events carry.
+    // The matcher routes all three of `mcp__browser-devtools__.*`,
+    // `mcp__node-devtools__.*`, and `mcp__backend-devtools__.*` here, so
+    // the tool_name reliably encodes a server. Parse it so each server
+    // gets its correct identity in the metadata. Falls back to a
+    // hardcoded browser-devtools constant if parsing ever fails (malformed
+    // tool_name, missing field, …). This keeps MCP-emitted OTel events
+    // tagged with the same `mcp_server` dimension our own tool_call
+    // events carry.
     metadata.mcpServer = (0, util_1.extractMcpServerName)(input.tool_name) ?? FALLBACK_MCP_SERVER_NAME;
     const userEmail = (0, session_state_1.getUserEmail)(sessionDir);
     if (userEmail) {

package/dist/clients/claude/hooks/require-verification.js.map

@@ -1 +1 @@
-{"version":3,"file":"require-verification.js","sourceRoot":"","sources":["../../../../src/clients/claude/hooks/require-verification.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;AAgCH,kBAoHC;AAlJD,mCAAoC;AACpC,qEAAyK;AACzK,yDAAiE;AACjE,2DAA6D;AAC7D,gDAAiD;AACjD,gDAAyD;AACzD,kCAA+C;AAC/C,8CAA+C;AAE/C;;;8CAG8C;AAC9C,MAAM,wBAAwB,GAAW,kBAAkB,CAAC;AAiBrD,KAAK,UAAU,GAAG,CAAC,UAAkB;IACxC,IAAI,KAA4B,CAAC;IACjC,IAAI,CAAC;QACD,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAS,GAAE,CAA0B,CAAC;IAC7D,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QAClB,eAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,EAAE,CAAC,CAAC;QAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,MAAM,SAAS,GAAW,KAAK,CAAC,UAAU,IAAI,SAAS,CAAC;IACxD,MAAM,UAAU,GAAW,GAAG,UAAU,sBAAsB,SAAS,EAAE,CAAC;IAC1E,IAAA,mBAAU,EAAC,GAAG,UAAU,cAAc,CAAC,CAAC;IAExC,MAAM,WAAW,GAAW,GAAG,UAAU,gBAAgB,CAAC;IAE1D,MAAM,cAAc,GAAuB,IAAA,uCAAuB,EAAC,UAAU,CAAC,CAAC;IAC/E,IAAI,CAAC,cAAc,EAAE,CAAC;QAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;;;yBAGJ,SAAS;;;CAGjC,CAAC,CAAC;QACK,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,mEAAmE;IACnE,sEAAsE;IACtE,gCAAgC;IAChC,MAAM,QAAQ,GAAW,KAAK,CAAC,SAAS,IAAI,EAAE,CAAC;IAC/C,MAAM,qBAAqB,GAAY,QAAQ,CAAC,UAAU,CAAC,yBAAyB,CAAC,CAAC;IACtF,MAAM,oBAAoB,GAAY,QAAQ,CAAC,QAAQ,CAAC,6BAA6B,CAAC,CAAC;IACvF,IACI,qBAAqB;QACrB,IAAA,mCAAmB,EAAC,UAAU,CAAC;QAC/B,CAAC,IAAA,iCAAiB,EAAC,UAAU,CAAC;QAC9B,CAAC,oBAAoB,EACvB,CAAC;QACC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;;;;;;;;;;CAU5B,CAAC,CAAC;QACK,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,yEAAyE;IACzE,MAAM,IAAA,wBAAa,EAAC,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC;IAEzE,MAAM,OAAO,GAAuB,IAAA,gCAAgB,EAAC,UAAU,CAAC,CAAC;IACjE,MAAM,UAAU,GAAuB,IAAA,mCAAmB,EAAC,UAAU,CAAC,CAAC;IAEvE,6EAA6E;IAC7E,MAAM,WAAW,GAAW,IAAA,4BAAkB,EAAC,UAAU,CAAC,CAAC;IAC3D,MAAM,eAAe,GAAa,CAAC,OAAO,WAAW,EAAE,EAAE,OAAO,SAAS,EAAE,CAAC,CAAC;IAC7E,IAAI,UAAU,EAAE,CAAC;QACb,eAAe,CAAC,IAAI,CAAC,OAAO,UAAU,EAAE,CAAC,CAAC;IAC9C,CAAC;IACD,eAAe,CAAC,IAAI,CAAC,OAAO,cAAc,EAAE,CAAC,CAAC;IAC9C,MAAM,UAAU,GAAW,WAAW,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;IAClE,MAAM,MAAM,GAAkC,IAAA,mBAAU,EAAC,UAAU,CAAC,CAAC;IACrE,MAAM,YAAY,GAA4B,EAAE,GAAG,CAAC,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE,CAAC;IAC9E,MAAM,QAAQ,GAA4B;QACtC,WAAW;QACX,SAAS;QACT,UAAU;QACV,cAAc;QACd,OAAO;QACP,UAAU;QACV,oEAAoE;QACpE,kEAAkE;QAClE,gEAAgE;QAChE,gEAAgE;QAChE,kDAAkD;QAClD,UAAU,EAAE,IAAA,mBAAU,GAAE;KAC3B,CAAC;IACF,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;QACpB,QAAQ,CAAC,SAAS,GAAG,KAAK,CAAC,WAAW,CAAC;IAC3C,CAAC;IACD,0DAA0D;IAC1D,qEAAqE;IACrE,mEAAmE;IACnE,mEAAmE;IACnE,mEAAmE;IACnE,kEAAkE;IAClE,4CAA4C;IAC5C,QAAQ,CAAC,SAAS,GAAG,IAAA,2BAAoB,EAAC,KAAK,CAAC,SAAS,CAAC,IAAI,wBAAwB,CAAC;IACvF,MAAM,SAAS,GAAuB,IAAA,4BAAY,EAAC,UAAU,CAAC,CAAC;IAC/D,IAAI,SAAS,EAAE,CAAC;QACZ,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC;IACnC,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC;QACxB,QAAQ,CAAC,YAAY,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC;IACjD,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC;QAC3B,QAAQ,CAAC,eAAe,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC;IACvD,CAAC;IACD,YAAY,CAAC,SAAS,GAAG,QAAQ,CAAC;IAElC,MAAM,MAAM,GAA2B;QACnC,kBAAkB,EAAE;YAChB,aAAa,EAAE,YAAY;YAC3B,kBAAkB,EAAE,OAAO;YAC3B,YAAY;SACf;KACJ,CAAC;IAEF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC"}
+{"version":3,"file":"require-verification.js","sourceRoot":"","sources":["../../../../src/clients/claude/hooks/require-verification.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;GAgBG;;AAiCH,kBAqHC;AApJD,mCAAoC;AACpC,qEAAyK;AACzK,yDAAiE;AACjE,2DAA6D;AAC7D,gDAAiD;AACjD,gDAAyD;AACzD,kCAA+C;AAC/C,8CAA+C;AAE/C;;;;iBAIiB;AACjB,MAAM,wBAAwB,GAAW,kBAAkB,CAAC;AAiBrD,KAAK,UAAU,GAAG,CAAC,UAAkB;IACxC,IAAI,KAA4B,CAAC;IACjC,IAAI,CAAC;QACD,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAS,GAAE,CAA0B,CAAC;IAC7D,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QAClB,eAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,EAAE,CAAC,CAAC;QAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,MAAM,SAAS,GAAW,KAAK,CAAC,UAAU,IAAI,SAAS,CAAC;IACxD,MAAM,UAAU,GAAW,GAAG,UAAU,sBAAsB,SAAS,EAAE,CAAC;IAC1E,IAAA,mBAAU,EAAC,GAAG,UAAU,cAAc,CAAC,CAAC;IAExC,MAAM,WAAW,GAAW,GAAG,UAAU,gBAAgB,CAAC;IAE1D,MAAM,cAAc,GAAuB,IAAA,uCAAuB,EAAC,UAAU,CAAC,CAAC;IAC/E,IAAI,CAAC,cAAc,EAAE,CAAC;QAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;;;yBAGJ,SAAS;;;CAGjC,CAAC,CAAC;QACK,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,mEAAmE;IACnE,sEAAsE;IACtE,gCAAgC;IAChC,MAAM,QAAQ,GAAW,KAAK,CAAC,SAAS,IAAI,EAAE,CAAC;IAC/C,MAAM,qBAAqB,GAAY,QAAQ,CAAC,UAAU,CAAC,yBAAyB,CAAC,CAAC;IACtF,MAAM,oBAAoB,GAAY,QAAQ,CAAC,QAAQ,CAAC,6BAA6B,CAAC,CAAC;IACvF,IACI,qBAAqB;QACrB,IAAA,mCAAmB,EAAC,UAAU,CAAC;QAC/B,CAAC,IAAA,iCAAiB,EAAC,UAAU,CAAC;QAC9B,CAAC,oBAAoB,EACvB,CAAC;QACC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;;;;;;;;;;CAU5B,CAAC,CAAC;QACK,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,yEAAyE;IACzE,MAAM,IAAA,wBAAa,EAAC,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC;IAEzE,MAAM,OAAO,GAAuB,IAAA,gCAAgB,EAAC,UAAU,CAAC,CAAC;IACjE,MAAM,UAAU,GAAuB,IAAA,mCAAmB,EAAC,UAAU,CAAC,CAAC;IAEvE,6EAA6E;IAC7E,MAAM,WAAW,GAAW,IAAA,4BAAkB,EAAC,UAAU,CAAC,CAAC;IAC3D,MAAM,eAAe,GAAa,CAAC,OAAO,WAAW,EAAE,EAAE,OAAO,SAAS,EAAE,CAAC,CAAC;IAC7E,IAAI,UAAU,EAAE,CAAC;QACb,eAAe,CAAC,IAAI,CAAC,OAAO,UAAU,EAAE,CAAC,CAAC;IAC9C,CAAC;IACD,eAAe,CAAC,IAAI,CAAC,OAAO,cAAc,EAAE,CAAC,CAAC;IAC9C,MAAM,UAAU,GAAW,WAAW,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;IAClE,MAAM,MAAM,GAAkC,IAAA,mBAAU,EAAC,UAAU,CAAC,CAAC;IACrE,MAAM,YAAY,GAA4B,EAAE,GAAG,CAAC,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE,CAAC;IAC9E,MAAM,QAAQ,GAA4B;QACtC,WAAW;QACX,SAAS;QACT,UAAU;QACV,cAAc;QACd,OAAO;QACP,UAAU;QACV,oEAAoE;QACpE,kEAAkE;QAClE,gEAAgE;QAChE,gEAAgE;QAChE,kDAAkD;QAClD,UAAU,EAAE,IAAA,mBAAU,GAAE;KAC3B,CAAC;IACF,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;QACpB,QAAQ,CAAC,SAAS,GAAG,KAAK,CAAC,WAAW,CAAC;IAC3C,CAAC;IACD,+DAA+D;IAC/D,qEAAqE;IACrE,mEAAmE;IACnE,6DAA6D;IAC7D,uEAAuE;IACvE,mEAAmE;IACnE,gEAAgE;IAChE,gBAAgB;IAChB,QAAQ,CAAC,SAAS,GAAG,IAAA,2BAAoB,EAAC,KAAK,CAAC,SAAS,CAAC,IAAI,wBAAwB,CAAC;IACvF,MAAM,SAAS,GAAuB,IAAA,4BAAY,EAAC,UAAU,CAAC,CAAC;IAC/D,IAAI,SAAS,EAAE,CAAC;QACZ,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC;IACnC,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC;QACxB,QAAQ,CAAC,YAAY,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC;IACjD,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC;QAC3B,QAAQ,CAAC,eAAe,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC;IACvD,CAAC;IACD,YAAY,CAAC,SAAS,GAAG,QAAQ,CAAC;IAElC,MAAM,MAAM,GAA2B;QACnC,kBAAkB,EAAE;YAChB,aAAa,EAAE,YAAY;YAC3B,kBAAkB,EAAE,OAAO;YAC3B,YAAY;SACf;KACJ,CAAC;IAEF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC"}

package/dist/clients/claude/hooks/track-action-monitor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"track-action-monitor.d.ts","sourceRoot":"","sources":["../../../../src/clients/claude/hooks/track-action-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAyBH,wBAAsB,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAkE3D"}
+{"version":3,"file":"track-action-monitor.d.ts","sourceRoot":"","sources":["../../../../src/clients/claude/hooks/track-action-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AA0BH,wBAAsB,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAoE3D"}

package/dist/clients/claude/hooks/track-action-monitor.js

@@ -36,6 +36,7 @@ const queue_1 = require("../../../queue");
 const util_1 = require("../util");
 const BROWSER_DEVTOOLS_SERVER = "browser-devtools";
 const NODE_DEVTOOLS_SERVER = "node-devtools";
+const BACKEND_DEVTOOLS_SERVER = "backend-devtools";
 async function run(projectDir) {
     let input;
     try {
@@ -63,7 +64,9 @@ async function run(projectDir) {
     const activityId = (0, session_state_1.getActiveActivityId)(sessionDir);
     const classified = (0, util_1.classifyTool)(rawToolName, input.tool_input);
     const isOurDevToolsTool = classified.tool_type === "mcp"
-        && (classified.mcp_server === BROWSER_DEVTOOLS_SERVER || classified.mcp_server === NODE_DEVTOOLS_SERVER);
+        && (classified.mcp_server === BROWSER_DEVTOOLS_SERVER
+            || classified.mcp_server === NODE_DEVTOOLS_SERVER
+            || classified.mcp_server === BACKEND_DEVTOOLS_SERVER);
     // Devtools events self-ship via the MCP server; in monitoring-only mode
     // the server isn't even installed. No queue submit, no actions.jsonl.
     if (isOurDevToolsTool) {

package/dist/clients/claude/hooks/track-action-monitor.js.map

@@ -1 +1 @@
-{"version":3,"file":"track-action-monitor.js","sourceRoot":"","sources":["../../../../src/clients/claude/hooks/track-action-monitor.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;;AAyBH,kBAkEC;AAzFD,yDAAyE;AACzE,2DAA6D;AAC7D,qEAAwE;AACxE,gDAAwD;AACxD,gDAAyD;AACzD,8CAA+C;AAC/C,0CAA2E;AAC3E,kCAA+E;AAE/E,MAAM,uBAAuB,GAAW,kBAAkB,CAAC;AAC3D,MAAM,oBAAoB,GAAW,eAAe,CAAC;AAa9C,KAAK,UAAU,GAAG,CAAC,UAAkB;IACxC,IAAI,KAA6B,CAAC;IAClC,IAAI,CAAC;QACD,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAS,GAAE,CAA2B,CAAC;IAC9D,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QAClB,eAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,EAAE,CAAC,CAAC;QAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,MAAM,SAAS,GAAW,KAAK,CAAC,UAAU,IAAI,SAAS,CAAC;IACxD,MAAM,UAAU,GAAW,GAAG,UAAU,sBAAsB,SAAS,EAAE,CAAC;IAC1E,MAAM,WAAW,GAAW,GAAG,UAAU,gBAAgB,CAAC;IAC1D,IAAA,mBAAU,EAAC,GAAG,UAAU,cAAc,CAAC,CAAC;IAExC,wEAAwE;IACxE,mEAAmE;IACnE,mDAAmD;IACnD,IAAI,IAAA,mCAAmB,EAAC,UAAU,CAAC,KAAK,SAAS,EAAE,CAAC;QAChD,MAAM,IAAA,wBAAa,EAAC,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,WAAW,GAAW,KAAK,CAAC,SAAS,IAAI,SAAS,CAAC;IACzD,MAAM,SAAS,GAAW,IAAI,CAAC,GAAG,EAAE,CAAC;IAErC,MAAM,iBAAiB,GAAY,CAAC,KAAK,CAAC,UAAU,IAAI,OAAO,KAAK,CAAC,UAAU,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC7H,CAAC,CAAC,EAAE,GAAI,KAAK,CAAC,UAAsC,EAAE,SAAS,EAAE,SAAS,EAAE;QAC5E,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC;IAEvB,MAAM,UAAU,GAAuB,IAAA,mCAAmB,EAAC,UAAU,CAAC,CAAC;IAEvE,MAAM,UAAU,GAAmB,IAAA,mBAAY,EAAC,WAAW,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;IAC/E,MAAM,iBAAiB,GAAY,UAAU,CAAC,SAAS,KAAK,KAAK;WAC1D,CAAC,UAAU,CAAC,UAAU,KAAK,uBAAuB,IAAI,UAAU,CAAC,UAAU,KAAK,oBAAoB,CAAC,CAAC;IAE7G,wEAAwE;IACxE,sEAAsE;IACtE,IAAI,iBAAiB,EAAE,CAAC;QACpB,eAAM,CAAC,KAAK,CAAC,+CAA+C,WAAW,EAAE,CAAC,CAAC;QAC3E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,MAAM,QAAQ,GAAuB,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;IACzH,MAAM,QAAQ,GAAuB,QAAQ;QACzC,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,gBAAgB,QAAQ,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,KAAK,GAAmB;QAC1B,GAAG,IAAA,oBAAU,EAAC,WAAW,CAAC;QAC1B,IAAI,EAAE,WAAW;QACjB,SAAS;QACT,SAAS,EAAE,UAAU,CAAC,SAAS;QAC/B,SAAS,EAAE,UAAU,CAAC,SAAS;QAC/B,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,UAAU,EAAE,IAAA,6BAAsB,EAAC,WAAW,EAAE,iBAAiB,CAAC;QAClE,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC;QAC3C,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa;QACzD,kBAAkB,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC;QACxE,WAAW,EAAE,UAAW;QACxB,QAAQ,EAAE,OAAO,KAAK,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI;QAC1E,UAAU,EAAE,UAAU,CAAC,UAAU;QACjC,KAAK,EAAE,QAAQ;KAClB,CAAC;IAEF,WAAW,CAAC,UAAU,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;IAC1C,eAAM,CAAC,KAAK,CAAC,yBAAyB,WAAW,GAAG,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACnF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC;AAED,SAAS,WAAW,CAAC,UAAkB,EAAE,SAAiB,EAAE,KAAqB;IAC7E,IAAI,CAAC,IAAA,0BAAiB,EAAC,UAAU,CAAC,EAAE,CAAC;QACjC,OAAO;IACX,CAAC;IACD,MAAM,IAAI,GAA4B,EAAE,GAAG,KAAK,EAAE,CAAC;IACnD,OAAO,IAAI,CAAC,aAAa,CAAC;IAC1B,IAAI,CAAC;QACD,IAAA,cAAM,EAAC,UAAU,EAAE,SAAS,EAAE,uBAAe,EAAE,IAAI,CAAC,CAAC;IACzD,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QAClB,IAAI,CAAC,YAAY,wBAAgB,EAAE,CAAC;YAChC,eAAM,CAAC,KAAK,CAAC,kDAAkD,KAAK,CAAC,SAAS,YAAY,CAAC,CAAC;YAC5F,OAAO;QACX,CAAC;QACD,eAAM,CAAC,KAAK,CAAC,0CAA0C,KAAK,CAAC,SAAS,KAAK,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACrH,CAAC;AACL,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC5B,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACxC,OAAO,CAAC,CAAC;IACb,CAAC;IACD,IAAI,CAAC;QACD,MAAM,CAAC,GAAW,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC5E,OAAO,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,CAAC,CAAC;IACb,CAAC;AACL,CAAC"}
+{"version":3,"file":"track-action-monitor.js","sourceRoot":"","sources":["../../../../src/clients/claude/hooks/track-action-monitor.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;;AA0BH,kBAoEC;AA5FD,yDAAyE;AACzE,2DAA6D;AAC7D,qEAAwE;AACxE,gDAAwD;AACxD,gDAAyD;AACzD,8CAA+C;AAC/C,0CAA2E;AAC3E,kCAA+E;AAE/E,MAAM,uBAAuB,GAAW,kBAAkB,CAAC;AAC3D,MAAM,oBAAoB,GAAW,eAAe,CAAC;AACrD,MAAM,uBAAuB,GAAW,kBAAkB,CAAC;AAapD,KAAK,UAAU,GAAG,CAAC,UAAkB;IACxC,IAAI,KAA6B,CAAC;IAClC,IAAI,CAAC;QACD,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAS,GAAE,CAA2B,CAAC;IAC9D,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QAClB,eAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,EAAE,CAAC,CAAC;QAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,MAAM,SAAS,GAAW,KAAK,CAAC,UAAU,IAAI,SAAS,CAAC;IACxD,MAAM,UAAU,GAAW,GAAG,UAAU,sBAAsB,SAAS,EAAE,CAAC;IAC1E,MAAM,WAAW,GAAW,GAAG,UAAU,gBAAgB,CAAC;IAC1D,IAAA,mBAAU,EAAC,GAAG,UAAU,cAAc,CAAC,CAAC;IAExC,wEAAwE;IACxE,mEAAmE;IACnE,mDAAmD;IACnD,IAAI,IAAA,mCAAmB,EAAC,UAAU,CAAC,KAAK,SAAS,EAAE,CAAC;QAChD,MAAM,IAAA,wBAAa,EAAC,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,WAAW,GAAW,KAAK,CAAC,SAAS,IAAI,SAAS,CAAC;IACzD,MAAM,SAAS,GAAW,IAAI,CAAC,GAAG,EAAE,CAAC;IAErC,MAAM,iBAAiB,GAAY,CAAC,KAAK,CAAC,UAAU,IAAI,OAAO,KAAK,CAAC,UAAU,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC7H,CAAC,CAAC,EAAE,GAAI,KAAK,CAAC,UAAsC,EAAE,SAAS,EAAE,SAAS,EAAE;QAC5E,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC;IAEvB,MAAM,UAAU,GAAuB,IAAA,mCAAmB,EAAC,UAAU,CAAC,CAAC;IAEvE,MAAM,UAAU,GAAmB,IAAA,mBAAY,EAAC,WAAW,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;IAC/E,MAAM,iBAAiB,GAAY,UAAU,CAAC,SAAS,KAAK,KAAK;WAC1D,CAAC,UAAU,CAAC,UAAU,KAAK,uBAAuB;eAC9C,UAAU,CAAC,UAAU,KAAK,oBAAoB;eAC9C,UAAU,CAAC,UAAU,KAAK,uBAAuB,CAAC,CAAC;IAE9D,wEAAwE;IACxE,sEAAsE;IACtE,IAAI,iBAAiB,EAAE,CAAC;QACpB,eAAM,CAAC,KAAK,CAAC,+CAA+C,WAAW,EAAE,CAAC,CAAC;QAC3E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,MAAM,QAAQ,GAAuB,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;IACzH,MAAM,QAAQ,GAAuB,QAAQ;QACzC,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,gBAAgB,QAAQ,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,KAAK,GAAmB;QAC1B,GAAG,IAAA,oBAAU,EAAC,WAAW,CAAC;QAC1B,IAAI,EAAE,WAAW;QACjB,SAAS;QACT,SAAS,EAAE,UAAU,CAAC,SAAS;QAC/B,SAAS,EAAE,UAAU,CAAC,SAAS;QAC/B,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,UAAU,EAAE,IAAA,6BAAsB,EAAC,WAAW,EAAE,iBAAiB,CAAC;QAClE,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC;QAC3C,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa;QACzD,kBAAkB,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC;QACxE,WAAW,EAAE,UAAW;QACxB,QAAQ,EAAE,OAAO,KAAK,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI;QAC1E,UAAU,EAAE,UAAU,CAAC,UAAU;QACjC,KAAK,EAAE,QAAQ;KAClB,CAAC;IAEF,WAAW,CAAC,UAAU,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;IAC1C,eAAM,CAAC,KAAK,CAAC,yBAAyB,WAAW,GAAG,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACnF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC;AAED,SAAS,WAAW,CAAC,UAAkB,EAAE,SAAiB,EAAE,KAAqB;IAC7E,IAAI,CAAC,IAAA,0BAAiB,EAAC,UAAU,CAAC,EAAE,CAAC;QACjC,OAAO;IACX,CAAC;IACD,MAAM,IAAI,GAA4B,EAAE,GAAG,KAAK,EAAE,CAAC;IACnD,OAAO,IAAI,CAAC,aAAa,CAAC;IAC1B,IAAI,CAAC;QACD,IAAA,cAAM,EAAC,UAAU,EAAE,SAAS,EAAE,uBAAe,EAAE,IAAI,CAAC,CAAC;IACzD,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QAClB,IAAI,CAAC,YAAY,wBAAgB,EAAE,CAAC;YAChC,eAAM,CAAC,KAAK,CAAC,kDAAkD,KAAK,CAAC,SAAS,YAAY,CAAC,CAAC;YAC5F,OAAO;QACX,CAAC;QACD,eAAM,CAAC,KAAK,CAAC,0CAA0C,KAAK,CAAC,SAAS,KAAK,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACrH,CAAC;AACL,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC5B,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACxC,OAAO,CAAC,CAAC;IACb,CAAC;IACD,IAAI,CAAC;QACD,MAAM,CAAC,GAAW,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC5E,OAAO,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,CAAC,CAAC;IACb,CAAC;AACL,CAAC"}

package/dist/clients/claude/hooks/track-action.d.ts

@@ -6,14 +6,17 @@
  * the `error` field on stdin (Claude hook contract).
  *
  * Responsibilities:
- *   1. **browser-devtools (mcp__browser-devtools__*)**: append the tool_call
- *      entry to `actions.jsonl` (verify-gate depends on these records),
- *      update recording state, extract nested `callTool()` invocations from
- *      `bdt_execute`. Browser tools are NOT submitted to the send_event
- *      queue — browser-devtools-mcp ships them directly to the collector,
- *      so double-sending would cause duplicates (with different ids) that
- *      downstream dedup cannot collapse. tool_input is preserved AS-IS for
- *      these so the local nested parser keeps working.
+ *   1. **devtools MCP (browser-devtools / node-devtools / backend-devtools)**:
+ *      append the tool_call entry to `actions.jsonl` (verify-gate depends
+ *      on these records); for browser tools, also update recording state
+ *      and extract nested `callTool()` invocations from `bdt_execute`.
+ *      Devtools tools are NOT submitted to the send_event queue — all
+ *      three modes use the same `browser-devtools-mcp` package, which
+ *      ships its own `tool_call` events directly to the collector, so
+ *      double-sending would cause duplicates (with different ids) that
+ *      downstream dedup cannot collapse. tool_input is preserved AS-IS
+ *      for devtools tools so the local nested parser (browser-only) keeps
+ *      working and verify-gate sees the raw shape.
  *   2. **All other tools** (Read/Write/Bash/…): submit a send_event job.
  *      `tool_input` is replaced with a per-tool safe projection (see
  *      `extractClaudeToolInput`) — only labels (file_path, pattern, url,

package/dist/clients/claude/hooks/track-action.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"track-action.d.ts","sourceRoot":"","sources":["../../../../src/clients/claude/hooks/track-action.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAwGH,wBAAsB,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAmI3D"}
+{"version":3,"file":"track-action.d.ts","sourceRoot":"","sources":["../../../../src/clients/claude/hooks/track-action.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAyGH,wBAAsB,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAoI3D"}

package/dist/clients/claude/hooks/track-action.js

@@ -7,14 +7,17 @@
  * the `error` field on stdin (Claude hook contract).
  *
  * Responsibilities:
- *   1. **browser-devtools (mcp__browser-devtools__*)**: append the tool_call
- *      entry to `actions.jsonl` (verify-gate depends on these records),
- *      update recording state, extract nested `callTool()` invocations from
- *      `bdt_execute`. Browser tools are NOT submitted to the send_event
- *      queue — browser-devtools-mcp ships them directly to the collector,
- *      so double-sending would cause duplicates (with different ids) that
- *      downstream dedup cannot collapse. tool_input is preserved AS-IS for
- *      these so the local nested parser keeps working.
+ *   1. **devtools MCP (browser-devtools / node-devtools / backend-devtools)**:
+ *      append the tool_call entry to `actions.jsonl` (verify-gate depends
+ *      on these records); for browser tools, also update recording state
+ *      and extract nested `callTool()` invocations from `bdt_execute`.
+ *      Devtools tools are NOT submitted to the send_event queue — all
+ *      three modes use the same `browser-devtools-mcp` package, which
+ *      ships its own `tool_call` events directly to the collector, so
+ *      double-sending would cause duplicates (with different ids) that
+ *      downstream dedup cannot collapse. tool_input is preserved AS-IS
+ *      for devtools tools so the local nested parser (browser-only) keeps
+ *      working and verify-gate sees the raw shape.
  *   2. **All other tools** (Read/Write/Bash/…): submit a send_event job.
  *      `tool_input` is replaced with a per-tool safe projection (see
  *      `extractClaudeToolInput`) — only labels (file_path, pattern, url,
@@ -43,6 +46,7 @@ const MCP_PREFIX = "mcp__browser-devtools__";
 const TOOL_NAME_PREFIX = "bdt_";
 const BROWSER_DEVTOOLS_SERVER = "browser-devtools";
 const NODE_DEVTOOLS_SERVER = "node-devtools";
+const BACKEND_DEVTOOLS_SERVER = "backend-devtools";
 /** Bare (post-classification) names used for recording-state detection and nested extract gating. */
 const EXECUTE_TOOL_BARE = `${TOOL_NAME_PREFIX}execute`;
 const RECORDING_START_BARE = `${TOOL_NAME_PREFIX}content_start-recording`;
@@ -134,7 +138,8 @@ async function run(projectDir) {
     const classified = (0, util_1.classifyTool)(rawToolName, input.tool_input);
     const isBrowserTool = classified.tool_type === "mcp" && classified.mcp_server === BROWSER_DEVTOOLS_SERVER;
     const isNodeTool = classified.tool_type === "mcp" && classified.mcp_server === NODE_DEVTOOLS_SERVER;
-    const isOurDevToolsTool = isBrowserTool || isNodeTool;
+    const isBackendTool = classified.tool_type === "mcp" && classified.mcp_server === BACKEND_DEVTOOLS_SERVER;
+    const isOurDevToolsTool = isBrowserTool || isNodeTool || isBackendTool;
     // For browser-devtools / node-devtools tools we keep tool_input AS-IS:
     // verify-gate and the bdt_execute nested-callTool parser need the raw
     // shape; both servers self-ship to the collector so the queue exemption