@makefinks/daemon 0.1.2 → 0.1.4

package/README.md

@@ -1,7 +1,8 @@
 # DAEMON
 **DAEMON** (pronounced "day-mon") is an opinionated **terminal-based AI agent** with distinct sci-fi theming,
-delivered through a well-thought-out TUI powered by [OpenTUI](https://github.com/anomalyco/opentui).
-It supports **text and voice interaction** and can be fully controlled through **hotkeys**.
+delivered through a highly performant TUI powered by [OpenTUI](https://github.com/anomalyco/opentui).
+
+It supports **text and voice interaction**, can be fully controlled through **hotkeys** and offers **vim-like controls**.
 
 DAEMON is focused on **information-gathering workflows** that benefit from **grounded responses**
 but can also interact with and **control** your system through the terminal with scoped permissions.
@@ -36,7 +37,7 @@ See full installation details below for configuration and system dependencies.
 At the core of the TUI is DAEMON's **animated avatar**, reacting to what it's doing in real time:
 listening to audio input, reasoning about questions, calling tools, and generating an answer.
 
-The avatar was deliberately designed to feel slightly ominous and alien-like playing into
+The avatar was deliberately designed to feel slightly ominous and alien-like playing into sci-fi depictions.
 
 ### 🧠 LLMs
 DAEMON can be powered by **any** model available on [OpenRouter](https://openrouter.ai/models).
@@ -55,8 +56,22 @@ It features a large vocabulary and can transcribe multilingual inputs with compl
 
 OpenAI's TTS model `gpt-4o-mini-tts-2025-03-20` is used to generate voice output with as little latency as possible.
 
-### 🔎 Web Search
-DAEMON uses the [Exa](https://exa.ai/) search and fetch API for retrieving accurate and up-to-date information.
+### 🔎 Web Search with Grounding
+DAEMON uses the [Exa](https://exa.ai/) search and fetch API for retrieving **accurate** and **up-to-date information**.
+
+After fetching relevant information, DAEMON has the ability to **ground** statements with **source links** that contain **highlightable fragments**.
+The TUI comes with a menu for reading, verifying and opening sources for the current session.
+
+![grounding-menu](img/grounding-menu.png)
+For most statements, pressing Enter opens the source in your browser and **highlights the passage that supports the claim**.
+
+<p align="center">
+  <img src="img/grounding-highlight.png" alt="grounding-highlight" width="320" />
+  <img src="img/grounding-highlight-2.png" alt="grounding-highlight" width="320" />
+</p>
+While DAEMON is encouraged to always cite sources you can always prompt to get groundings:
+
+> "Use the grounding tool" / "Ground your answers"
 
 ### 💾 Session Persistence
 DAEMON stores chat sessions locally (SQLite) and lets you resume past conversations.
@@ -105,7 +120,7 @@ Configuration is done via environment variables (or the onboarding UI):
 
 ## 🛠️ System dependencies
 
-Voice input requires `sox` and platform-specific audio libraries:
+Voice input requires `sox` or other platform-specific audio libraries:
 
 ### macOS
 ```bash

package/package.json

@@ -28,7 +28,7 @@
 	},
 	"module": "src/index.tsx",
 	"type": "module",
-	"version": "0.1.2",
+	"version": "0.1.4",
 	"bin": {
 		"daemon": "dist/cli.js"
 	},

package/src/ai/model-config.ts

@@ -20,7 +20,7 @@ export const AVAILABLE_MODELS: ModelOption[] = [
 ];
 
 // Default model ID
-export const DEFAULT_MODEL_ID = "google/gemini-3-flash-preview";
+export const DEFAULT_MODEL_ID = "z-ai/glm-4.7";
 
 // Current selected model (mutable)
 let currentModelId = DEFAULT_MODEL_ID;

package/src/ai/tools/run-bash.ts

@@ -1,123 +1,12 @@
+import { spawn } from "node:child_process";
 import { tool } from "ai";
 import { z } from "zod";
-import { spawn } from "node:child_process";
+import { isDangerousCommand, isSensitivePathAccess } from "../../security/bash-security-policy";
 import { getDaemonManager } from "../../state/daemon-state";
 
-const DEFAULT_TIMEOUT_MS = 30000; // 30 seconds
+const DEFAULT_TIMEOUT_MS = 30000;
 const MAX_OUTPUT_LENGTH = 50000;
 
-const DANGEROUS_COMMANDS = [
-	"rm",
-	"rmdir",
-	"mv",
-	"kill",
-	"killall",
-	"pkill",
-	"shutdown",
-	"reboot",
-	"halt",
-	"poweroff",
-	"init",
-	"systemctl",
-	"chmod",
-	"chown",
-	"chgrp",
-	"mkfs",
-	"fdisk",
-	"dd",
-	"format",
-	"sudo",
-	"su",
-	"doas",
-	"passwd",
-	"useradd",
-	"userdel",
-	"usermod",
-	"groupadd",
-	"groupdel",
-	"visudo",
-	"crontab",
-	"iptables",
-	"ufw",
-	"firewall-cmd",
-	"mount",
-	"umount",
-	"fstab",
-	"apt-get remove",
-	"apt-get purge",
-	"apt remove",
-	"apt purge",
-	"yum remove",
-	"yum erase",
-	"dnf remove",
-	"pacman -R",
-	"brew uninstall",
-	"npm uninstall -g",
-	"pip uninstall",
-	"truncate",
-	"shred",
-	"wipefs",
-	">",
-	">>",
-	"git push --force",
-	"git push -f",
-	"git reset --hard",
-	"git clean -fd",
-	"docker rm",
-	"docker rmi",
-	"docker system prune",
-	"kubectl delete",
-	"terraform destroy",
-	"drop database",
-	"drop table",
-	"delete from",
-	"truncate table",
-];
-
-const DANGEROUS_PATTERNS = [
-	/\brm\s+(-[a-zA-Z]*r[a-zA-Z]*|-[a-zA-Z]*f[a-zA-Z]*|\s).*\//i,
-	/\brm\s+-rf?\s/i,
-	/\bkill\s+-9\b/i,
-	/\bsudo\s/i,
-	/\bsu\s+-?\s*$/i,
-	/\bchmod\s+[0-7]{3,4}\s/i,
-	/\bchown\s/i,
-	/\bdd\s+if=/i,
-	/>\s*\/dev\//i,
-	/\|.*\bsh\b/i,
-	/\|.*\bbash\b/i,
-	/curl.*\|\s*(ba)?sh/i,
-	/wget.*\|\s*(ba)?sh/i,
-	/eval\s*\$/i,
-	/\$\(.*\)/,
-	/`.*`/,
-];
-
-function isDangerousCommand(command: string): boolean {
-	const normalizedCmd = command.toLowerCase().trim();
-
-	for (const dangerous of DANGEROUS_COMMANDS) {
-		if (dangerous.includes(" ")) {
-			if (normalizedCmd.includes(dangerous.toLowerCase())) {
-				return true;
-			}
-		} else {
-			const wordBoundaryRegex = new RegExp(`\\b${dangerous}\\b`, "i");
-			if (wordBoundaryRegex.test(command)) {
-				return true;
-			}
-		}
-	}
-
-	for (const pattern of DANGEROUS_PATTERNS) {
-		if (pattern.test(command)) {
-			return true;
-		}
-	}
-
-	return false;
-}
-
 export const runBash = tool({
 	description:
 		"Execute a bash command on the user's system. Use this to run shell commands, scripts, install packages, manage files, or perform any terminal operation. Commands run in the current working directory by default.",
@@ -152,7 +41,7 @@ export const runBash = tool({
 			return true;
 		}
 
-		return isDangerousCommand(command);
+		return isDangerousCommand(command) || isSensitivePathAccess(command);
 	},
 	execute: async ({ command, workdir, timeout }) => {
 		return new Promise((resolve) => {

package/src/ai/tools/todo-manager.ts

@@ -1,23 +1,11 @@
 import { tool } from "ai";
 import { z } from "zod";
-import type { TodoItem, TodoStatus } from "../../types";
+import { getRuntimeContext } from "../../state/runtime-context";
+import { loadLatestTodoList, saveTodoList } from "../../state/session-store";
+import type { TodoItem } from "../../types";
 
-// Session-based todo storage
-const todoSessions = new Map<string, TodoItem[]>();
-
-// Default session for single-user mode
-const DEFAULT_SESSION = "default";
-
-function getTodos(sessionId: string = DEFAULT_SESSION): TodoItem[] {
-	if (!todoSessions.has(sessionId)) {
-		todoSessions.set(sessionId, []);
-	}
-	return todoSessions.get(sessionId)!;
-}
-
-function setTodos(sessionId: string, todos: TodoItem[]): void {
-	todoSessions.set(sessionId, todos);
-}
+let currentTodos: TodoItem[] = [];
+let lastSessionId: string | null = null;
 
 function formatTodoList(todos: TodoItem[]): string {
 	if (todos.length === 0) {
@@ -38,7 +26,17 @@ function formatTodoList(todos: TodoItem[]): string {
 	return lines.join("\n");
 }
 
-// Schema for a single todo item in the write action
+async function ensureTodosLoaded(sessionId: string | null): Promise<void> {
+	if (sessionId === lastSessionId) return;
+
+	lastSessionId = sessionId;
+	if (sessionId) {
+		currentTodos = await loadLatestTodoList(sessionId);
+	} else {
+		currentTodos = [];
+	}
+}
+
 const todoItemSchema = z.object({
 	content: z.string().describe("The todo item description"),
 	status: z
@@ -65,30 +63,37 @@ Example write with status:
 			.enum(["pending", "in_progress", "completed", "cancelled"])
 			.optional()
 			.describe("New status for the todo (used with 'update')"),
-		sessionId: z.string().optional().describe("Session ID for isolation. Defaults to 'default'."),
 	}),
-	execute: async ({ action, todos: newTodos, index, status, sessionId }) => {
-		const session = sessionId || DEFAULT_SESSION;
+	execute: async ({ action, todos: newTodos, index, status }) => {
+		const context = getRuntimeContext();
+
+		if (!context.sessionId) {
+			return {
+				success: false,
+				error: "No active session for todos",
+			};
+		}
+
+		await ensureTodosLoaded(context.sessionId);
 
 		switch (action) {
 			case "write": {
 				if (!newTodos || newTodos.length === 0) {
-					setTodos(session, []);
+					currentTodos = [];
+					await saveTodoList(context.sessionId, currentTodos);
 					return {
 						success: true,
-						message: "Cleared all todos",
-						list: "No todos.",
+						todos: formatTodoList(currentTodos),
 					};
 				}
-				const items: TodoItem[] = newTodos.map((t) => ({
+				currentTodos = newTodos.map((t) => ({
 					content: t.content,
 					status: t.status || "pending",
 				}));
-				setTodos(session, items);
+				await saveTodoList(context.sessionId, currentTodos);
 				return {
 					success: true,
-					message: `Set ${items.length} todos`,
-					list: formatTodoList(items),
+					todos: formatTodoList(currentTodos),
 				};
 			}
 
@@ -99,34 +104,28 @@ Example write with status:
 						error: "Index is required for 'update'",
 					};
 				}
-				const todos = getTodos(session);
-				const idx = index - 1; // Convert to 0-based
-				if (idx < 0 || idx >= todos.length) {
+				const idx = index - 1;
+				if (idx < 0 || idx >= currentTodos.length) {
 					return {
 						success: false,
-						error: `Invalid index ${index}. Valid range: 1-${todos.length}`,
+						error: `Invalid index ${index}. Valid range: 1-${currentTodos.length}`,
 					};
 				}
-				const todo = todos[idx]!;
+				const todo = currentTodos[idx]!;
 				if (status) {
 					todo.status = status;
 				}
+				await saveTodoList(context.sessionId, currentTodos);
 				return {
 					success: true,
-					message: `Updated #${index}: ${todo.content} -> ${todo.status}`,
-					list: formatTodoList(todos),
+					todos: formatTodoList(currentTodos),
 				};
 			}
 
 			case "list": {
-				const todos = getTodos(session);
 				return {
 					success: true,
-					count: todos.length,
-					pending: todos.filter((t) => t.status === "pending").length,
-					inProgress: todos.filter((t) => t.status === "in_progress").length,
-					completed: todos.filter((t) => t.status === "completed").length,
-					list: formatTodoList(todos),
+					todos: formatTodoList(currentTodos),
 				};
 			}
 
@@ -139,12 +138,11 @@ Example write with status:
 	},
 });
 
-// Export a function to clear all sessions (useful for testing)
-export function clearAllTodoSessions(): void {
-	todoSessions.clear();
+export function clearAllTodos(): void {
+	currentTodos = [];
+	lastSessionId = null;
 }
 
-// Export function to get current todos for UI display
-export function getCurrentTodos(sessionId: string = DEFAULT_SESSION): TodoItem[] {
-	return [...getTodos(sessionId)];
+export function getCurrentTodos(): TodoItem[] {
+	return [...currentTodos];
 }

package/src/app/App.tsx

@@ -81,8 +81,9 @@ extend({
 export function App() {
 	const renderer = useRenderer();
 
-	usePlaywrightNotification();
-	useVoiceDependenciesNotification();
+	const [onboardingActive, setOnboardingActive] = useState(false);
+	usePlaywrightNotification({ enabled: !onboardingActive });
+	useVoiceDependenciesNotification({ enabled: !onboardingActive });
 	const { handleCopyOnSelectMouseUp } = useCopyOnSelect();
 
 	const {
@@ -223,7 +224,6 @@ export function App() {
 	const { responseElapsedMs } = useResponseTimer({ daemonState });
 
 	const [loadedPreferences, setLoadedPreferences] = useState<AppPreferences | null>(null);
-	const [onboardingActive, setOnboardingActive] = useState(false);
 	const [onboardingStep, setOnboardingStep] = useState<OnboardingStep>("intro");
 	const [devices, setDevices] = useState<AudioDevice[]>([]);
 	const [currentDevice, setCurrentDevice] = useState<string | undefined>(undefined);

package/src/app/components/AppOverlays.tsx

@@ -114,6 +114,8 @@ function AppOverlaysImpl() {
 					models={model.curatedModels}
 					currentModelId={model.currentModelId}
 					deviceLoadTimedOut={device.deviceLoadTimedOut}
+					soxAvailable={device.soxAvailable}
+					soxInstallHint={device.soxInstallHint}
 					setCurrentDevice={device.setCurrentDevice}
 					setCurrentOutputDevice={device.setCurrentOutputDevice}
 					setCurrentModelId={model.setCurrentModelId}

package/src/components/OnboardingOverlay.tsx

@@ -2,11 +2,11 @@ import type { KeyEvent, TextareaRenderable } from "@opentui/core";
 import { useKeyboard } from "@opentui/react";
 import { useCallback, useEffect, useMemo, useState } from "react";
 import type { RefObject } from "react";
-import type { AppPreferences, AudioDevice, ModelOption, OnboardingStep } from "../types";
-import { ApiKeyStep } from "./ApiKeyStep";
 import { handleOnboardingKey } from "../hooks/keyboard-handlers";
+import type { AppPreferences, AudioDevice, ModelOption, OnboardingStep } from "../types";
 import { COLORS } from "../ui/constants";
 import { formatContextWindowK, formatPrice } from "../utils/formatters";
+import { ApiKeyStep } from "./ApiKeyStep";
 
 const MODEL_COL_WIDTH = {
 	CTX: 6,
@@ -53,6 +53,8 @@ interface OnboardingOverlayProps {
 	models: ModelOption[];
 	currentModelId: string;
 	deviceLoadTimedOut?: boolean;
+	soxAvailable: boolean;
+	soxInstallHint: string;
 	setCurrentDevice: (deviceName: string | undefined) => void;
 	setCurrentOutputDevice: (deviceName: string | undefined) => void;
 	setCurrentModelId: (modelId: string) => void;
@@ -74,6 +76,8 @@ export function OnboardingOverlay({
 	models,
 	currentModelId,
 	deviceLoadTimedOut,
+	soxAvailable,
+	soxInstallHint,
 	setCurrentDevice,
 	setCurrentOutputDevice,
 	setCurrentModelId,
@@ -200,7 +204,6 @@ export function OnboardingOverlay({
 						<box justifyContent="center">
 							<text>
 								<span fg={COLORS.DAEMON_LABEL}>Press ENTER to begin</span>
-								<span fg={COLORS.REASONING_DIM}> · ESC to skip</span>
 							</text>
 						</box>
 					</>
@@ -242,11 +245,29 @@ export function OnboardingOverlay({
 						</box>
 						<box marginBottom={1}>
 							<text>
-								<span fg={COLORS.USER_LABEL}>↑/↓ navigate, ENTER select</span>
-								<span fg={COLORS.REASONING_DIM}> · TAB continue · ESC skip</span>
+								<span fg={COLORS.USER_LABEL}>
+									{soxAvailable ? "↑/↓ navigate, ENTER select" : "ESC to skip"}
+								</span>
+								{soxAvailable && <span fg={COLORS.REASONING_DIM}> · TAB continue · ESC skip</span>}
 							</text>
 						</box>
-						{devices.length === 0 ? (
+						{!soxAvailable ? (
+							<box flexDirection="column" paddingTop={1}>
+								<text>
+									<span fg={COLORS.ERROR}>sox is not installed</span>
+								</text>
+								<box marginTop={1}>
+									<text>
+										<span fg={COLORS.USER_LABEL}>Voice input requires sox for audio capture.</span>
+									</text>
+								</box>
+								<box marginTop={1}>
+									<text>
+										<span fg={COLORS.MENU_TEXT}>{soxInstallHint}</span>
+									</text>
+								</box>
+							</box>
+						) : devices.length === 0 ? (
 							<box flexDirection="column">
 								<box>
 									<text>

package/src/hooks/keyboard-handlers.ts

@@ -1,19 +1,19 @@
 import type { KeyEvent } from "@opentui/core";
+import { setResponseModel } from "../ai/model-config";
 import type {
+	AppPreferences,
 	AudioDevice,
+	BashApprovalLevel,
 	ModelOption,
 	OnboardingStep,
-	SpeechSpeed,
 	ReasoningEffort,
-	BashApprovalLevel,
+	SpeechSpeed,
 	VoiceInteractionType,
-	AppPreferences,
 } from "../types";
-import { REASONING_EFFORT_LEVELS, BASH_APPROVAL_LEVELS } from "../types";
-import { setAudioDevice } from "../voice/audio-recorder";
-import { setResponseModel } from "../ai/model-config";
+import { BASH_APPROVAL_LEVELS, REASONING_EFFORT_LEVELS } from "../types";
 import { openUrlInBrowser } from "../utils/preferences";
-import { isNavigateUpKey, isNavigateDownKey } from "./menu-navigation";
+import { setAudioDevice } from "../voice/audio-recorder";
+import { isNavigateDownKey, isNavigateUpKey } from "./menu-navigation";
 
 export type KeyHandler = (key: KeyEvent) => boolean;
 
@@ -103,12 +103,7 @@ export function determineNextStep(
 type EscapeHandler = (ctx: OnboardingContext) => void;
 
 const ESCAPE_HANDLERS: Partial<Record<OnboardingStep, EscapeHandler>> = {
-	intro: (ctx) => {
-		if (process.env.OPENROUTER_API_KEY) {
-			ctx.persistPreferences({ onboardingCompleted: true });
-			ctx.completeOnboarding();
-		}
-	},
+	intro: () => {},
 	openrouter_key: () => {},
 	openai_key: (ctx) => {
 		const nextStep = determineNextStep("openai_key", ctx.preferences);

package/src/hooks/use-conversation-manager.ts

@@ -1,5 +1,5 @@
-import { useCallback } from "react";
 import { toast } from "@opentui-ui/toast/react";
+import { useCallback } from "react";
 import { getDaemonManager } from "../state/daemon-state";
 import {
 	buildModelHistoryFromConversation,

package/src/hooks/use-playwright-notification.ts

@@ -1,8 +1,16 @@
-import { useEffect } from "react";
 import { toast } from "@opentui-ui/toast/react";
+import { useEffect, useRef } from "react";
 import { detectLocalPlaywrightChromium } from "../utils/js-rendering";
 
-export function usePlaywrightNotification(): void {
+export interface UsePlaywrightNotificationParams {
+	enabled: boolean;
+}
+
+export function usePlaywrightNotification(params: UsePlaywrightNotificationParams): void {
+	const { enabled } = params;
+	const hasNotifiedRef = useRef(false);
+	const pendingNotificationRef = useRef<{ reason: string; hint?: string } | null>(null);
+
 	useEffect(() => {
 		let cancelled = false;
 
@@ -12,12 +20,22 @@ export function usePlaywrightNotification(): void {
 
 			if (capability.available) return;
 
-			const description = capability.hint ? `${capability.reason}\n\n${capability.hint}` : capability.reason;
-			toast.warning("JS-rendered pages unavailable", { description });
+			pendingNotificationRef.current = { reason: capability.reason, hint: capability.hint };
 		})();
 
 		return () => {
 			cancelled = true;
 		};
 	}, []);
+
+	useEffect(() => {
+		if (!enabled || hasNotifiedRef.current) return;
+		const pending = pendingNotificationRef.current;
+		if (!pending) return;
+
+		hasNotifiedRef.current = true;
+
+		const description = pending.hint ? `${pending.reason}\n\n${pending.hint}` : pending.reason;
+		toast.warning("JS-rendered pages unavailable", { description });
+	}, [enabled]);
 }

package/src/hooks/use-voice-dependencies-notification.ts

@@ -1,8 +1,19 @@
-import { useEffect } from "react";
 import { toast } from "@opentui-ui/toast/react";
-import { detectVoiceDependencies, type VoiceDependencies } from "../utils/voice-dependencies";
+import { useEffect, useRef } from "react";
+import { type VoiceDependencies, detectVoiceDependencies } from "../utils/voice-dependencies";
+
+export interface UseVoiceDependenciesNotificationParams {
+	/** When false, the notification is deferred until enabled becomes true */
+	enabled: boolean;
+}
+
+export function useVoiceDependenciesNotification(params: UseVoiceDependenciesNotificationParams): void {
+	const { enabled } = params;
+	const hasNotifiedRef = useRef(false);
+	const pendingNotificationRef = useRef<
+		{ type: "error"; message: string } | { type: "sox"; hint: string } | null
+	>(null);
 
-export function useVoiceDependenciesNotification(): void {
 	useEffect(() => {
 		let cancelled = false;
 
@@ -13,9 +24,7 @@ export function useVoiceDependenciesNotification(): void {
 			} catch (error) {
 				if (cancelled) return;
 				const err = error instanceof Error ? error : new Error(String(error));
-				toast.warning("Voice dependency check failed", {
-					description: err.message,
-				});
+				pendingNotificationRef.current = { type: "error", message: err.message };
 				return;
 			}
 
@@ -24,9 +33,7 @@ export function useVoiceDependenciesNotification(): void {
 			if (!deps.sox.available) {
 				const hint =
 					deps.sox.hint ?? (process.platform === "darwin" ? "Run: brew install sox" : "Install sox");
-				toast.warning("Voice features unavailable", {
-					description: `sox is not installed. ${hint}`,
-				});
+				pendingNotificationRef.current = { type: "sox", hint };
 			}
 		})();
 
@@ -34,4 +41,22 @@ export function useVoiceDependenciesNotification(): void {
 			cancelled = true;
 		};
 	}, []);
+
+	useEffect(() => {
+		if (!enabled || hasNotifiedRef.current) return;
+		const pending = pendingNotificationRef.current;
+		if (!pending) return;
+
+		hasNotifiedRef.current = true;
+
+		if (pending.type === "error") {
+			toast.warning("Voice dependency check failed", {
+				description: pending.message,
+			});
+		} else {
+			toast.warning("Voice features unavailable", {
+				description: `sox is not installed. ${pending.hint}`,
+			});
+		}
+	}, [enabled]);
 }

package/src/security/bash-security-policy.ts

@@ -0,0 +1,250 @@
+import { homedir } from "node:os";
+
+const SENSITIVE_PATHS = [
+	"~/.ssh",
+	"~/.gnupg",
+	"~/.gpg",
+	"~/.aws",
+	"~/.azure",
+	"~/.config/gcloud",
+	"~/.kube",
+	"~/Library/Application Support/Google/Chrome",
+	"~/Library/Application Support/Firefox",
+	"~/Library/Application Support/Microsoft Edge",
+	"~/Library/Safari",
+	"~/.config/google-chrome",
+	"~/.config/chromium",
+	"~/.mozilla/firefox",
+	"~/Library/Keychains",
+	"~/.password-store",
+	"~/.local/share/keyrings",
+	"~/.env",
+	"~/.envrc",
+	"~/.netrc",
+	"~/Downloads",
+	"~/Documents",
+	"~/Desktop",
+	"~/Pictures",
+	"~/Movies",
+	"~/Music",
+	"~/Library/Messages",
+	"~/Library/Mail",
+	"~/Library/Calendars",
+	"~/Library/Contacts",
+	"~/Library/Cookies",
+	"~/.docker/config.json",
+	"~/.npmrc",
+	"~/.pypirc",
+	"~/.gem/credentials",
+	"~/.config/gh",
+	"~/.config/hub",
+	"~/.bash_history",
+	"~/.zsh_history",
+	"~/.node_repl_history",
+	"~/.python_history",
+];
+
+const SENSITIVE_PATH_PATTERNS = [
+	/\bid_rsa\b/i,
+	/\bid_ed25519\b/i,
+	/\bid_ecdsa\b/i,
+	/\bid_dsa\b/i,
+	/\bauthorized_keys\b/i,
+	/\bknown_hosts\b/i,
+	/\.pem\b/i,
+	/\.key\b/i,
+	/private.*key/i,
+	/\.env(\.|$)/i,
+	/\.envrc\b/i,
+	/aws.*credentials/i,
+	/aws.*config/i,
+	/\bkeychain\b/i,
+	/\bkeyring\b/i,
+	/\bLogin Data\b/i,
+	/\bCookies\b/i,
+	/\bWeb Data\b/i,
+	/\bsecurity\s+(find|dump|export)/i,
+];
+
+const DANGEROUS_COMMANDS = [
+	"rm",
+	"rmdir",
+	"mv",
+	"kill",
+	"killall",
+	"pkill",
+	"shutdown",
+	"reboot",
+	"halt",
+	"poweroff",
+	"init",
+	"systemctl",
+	"chmod",
+	"chown",
+	"chgrp",
+	"mkfs",
+	"fdisk",
+	"dd",
+	"format",
+	"sudo",
+	"su",
+	"doas",
+	"env",
+	"printenv",
+	"export",
+	"passwd",
+	"useradd",
+	"userdel",
+	"usermod",
+	"groupadd",
+	"groupdel",
+	"visudo",
+	"crontab",
+	"iptables",
+	"ufw",
+	"firewall-cmd",
+	"mount",
+	"umount",
+	"fstab",
+	"apt-get remove",
+	"apt-get purge",
+	"apt remove",
+	"apt purge",
+	"yum remove",
+	"yum erase",
+	"dnf remove",
+	"pacman -R",
+	"brew uninstall",
+	"npm uninstall -g",
+	"pip uninstall",
+	"truncate",
+	"shred",
+	"wipefs",
+	">",
+	">>",
+	"git push --force",
+	"git push -f",
+	"git reset --hard",
+	"git clean -fd",
+	"docker rm",
+	"docker rmi",
+	"docker system prune",
+	"kubectl delete",
+	"terraform destroy",
+	"drop database",
+	"drop table",
+	"delete from",
+	"truncate table",
+];
+
+const DANGEROUS_PATTERNS = [
+	/\brm\s+(-[a-zA-Z]*r[a-zA-Z]*|-[a-zA-Z]*f[a-zA-Z]*|\s).*\//i,
+	/\brm\s+-rf?\s/i,
+	/\bkill\s+-9\b/i,
+	/\bsudo\s/i,
+	/\bsu\s+-?\s*$/i,
+	/\bchmod\s+[0-7]{3,4}\s/i,
+	/\bchown\s/i,
+	/\bdd\s+if=/i,
+	/>\s*\/dev\//i,
+	/\|.*\bsh\b/i,
+	/\|.*\bbash\b/i,
+	/curl.*\|\s*(ba)?sh/i,
+	/wget.*\|\s*(ba)?sh/i,
+	/eval\s*\$/i,
+	/\$\(.*\)/,
+	/`.*`/,
+	/\benv\s*$/i,
+	/\bprintenv\s*$/i,
+	/\bexport\s+-p/i,
+	/\bset\s*\|/i,
+	/echo\s+\$\w*_?(KEY|TOKEN|SECRET|PASSWORD|CREDENTIALS)/i,
+];
+
+function expandPath(path: string): string {
+	if (path.startsWith("~/")) {
+		return path.replace("~", homedir());
+	}
+	if (path === "~") {
+		return homedir();
+	}
+	return path;
+}
+
+function isSensitivePathAccess(command: string): boolean {
+	const normalizedCmd = command.trim();
+	const home = homedir();
+
+	for (const sensitivePath of SENSITIVE_PATHS) {
+		const expandedPath = expandPath(sensitivePath);
+		if (normalizedCmd.includes(expandedPath)) {
+			return true;
+		}
+		if (sensitivePath.startsWith("~/") && normalizedCmd.includes(sensitivePath)) {
+			return true;
+		}
+		if (normalizedCmd.includes(sensitivePath.replace("~", "$HOME"))) {
+			return true;
+		}
+	}
+
+	for (const pattern of SENSITIVE_PATH_PATTERNS) {
+		if (pattern.test(normalizedCmd)) {
+			return true;
+		}
+	}
+
+	const homeAccessPattern = new RegExp(
+		`(cat|less|head|tail|more|bat|grep|rg|awk|sed|find|ls|tree|du)\\s+[^|;]*?(~(?:/[^\\s/]+)?(?:\\s|$)|${home.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}(?:/[^\\s/]+)?(?:\\s|$))`
+	);
+	if (homeAccessPattern.test(normalizedCmd)) {
+		const allowedHomePaths = [
+			"~/projects",
+			"~/code",
+			"~/dev",
+			"~/src",
+			"~/repos",
+			"~/workspace",
+			"~/work",
+			"~/.local/bin",
+			"~/go",
+			"~/bin",
+		];
+		const isAllowedPath = allowedHomePaths.some((allowed) => {
+			const expanded = expandPath(allowed);
+			return normalizedCmd.includes(expanded) || normalizedCmd.includes(allowed);
+		});
+		if (!isAllowedPath) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+function isDangerousCommand(command: string): boolean {
+	const normalizedCmd = command.toLowerCase().trim();
+
+	for (const dangerous of DANGEROUS_COMMANDS) {
+		if (dangerous.includes(" ")) {
+			if (normalizedCmd.includes(dangerous.toLowerCase())) {
+				return true;
+			}
+		} else {
+			const wordBoundaryRegex = new RegExp(`\\b${dangerous}\\b`, "i");
+			if (wordBoundaryRegex.test(command)) {
+				return true;
+			}
+		}
+	}
+
+	for (const pattern of DANGEROUS_PATTERNS) {
+		if (pattern.test(command)) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+export { isDangerousCommand, isSensitivePathAccess };

package/src/state/migrations/001-init.ts

@@ -29,5 +29,17 @@ export function createMigration001Init(defaultUsageJson: string): (db: Database)
 			CREATE INDEX IF NOT EXISTS idx_grounding_maps_session_message
 			ON grounding_maps(session_id, message_id);
 		`);
+		db.exec(`
+			CREATE TABLE IF NOT EXISTS todo_lists (
+				id TEXT PRIMARY KEY,
+				session_id TEXT NOT NULL,
+				created_at TEXT NOT NULL,
+				items_json TEXT NOT NULL
+			);
+		`);
+		db.exec(`
+			CREATE INDEX IF NOT EXISTS idx_todo_lists_session_created
+			ON todo_lists(session_id, created_at DESC);
+		`);
 	};
 }

package/src/state/session-store.ts

@@ -12,11 +12,12 @@ import type {
 	ModelMessage,
 	SessionInfo,
 	SessionSnapshot,
+	TodoItem,
 	TokenUsage,
 } from "../types";
 import { debug } from "../utils/debug-logger";
 import { getAppConfigDir } from "../utils/preferences";
-import { ensureWorkspaceExists, deleteWorkspace } from "../utils/workspace-manager";
+import { deleteWorkspace, ensureWorkspaceExists } from "../utils/workspace-manager";
 import { getSessionMigrations } from "./migrations";
 
 const SESSION_DB_FILE = "sessions.sqlite";
@@ -357,3 +358,46 @@ export async function loadLatestGroundingMap(sessionId: string): Promise<Groundi
 		return null;
 	}
 }
+
+function parseTodoItems(raw: string): TodoItem[] {
+	try {
+		const parsed = JSON.parse(raw) as unknown;
+		if (!Array.isArray(parsed)) return [];
+		return parsed as TodoItem[];
+	} catch {
+		return [];
+	}
+}
+
+export async function saveTodoList(sessionId: string, items: TodoItem[]): Promise<void> {
+	try {
+		const database = await getDb();
+		const now = new Date().toISOString();
+		const id = crypto.randomUUID();
+		const itemsJson = JSON.stringify(items);
+
+		database
+			.prepare("INSERT INTO todo_lists (id, session_id, created_at, items_json) VALUES (?, ?, ?, ?)")
+			.run(id, sessionId, now, itemsJson);
+	} catch (error) {
+		const err = error instanceof Error ? error : new Error(String(error));
+		debug.error("todo-save-failed", { message: err.message });
+	}
+}
+
+export async function loadLatestTodoList(sessionId: string): Promise<TodoItem[]> {
+	try {
+		const database = await getDb();
+		const row = database
+			.prepare("SELECT items_json FROM todo_lists WHERE session_id = ? ORDER BY created_at DESC LIMIT 1")
+			.get(sessionId) as { items_json: string } | undefined;
+
+		if (!row) return [];
+
+		return parseTodoItems(row.items_json);
+	} catch (error) {
+		const err = error instanceof Error ? error : new Error(String(error));
+		debug.error("todo-load-failed", { message: err.message });
+		return [];
+	}
+}