@node9/proxy 1.0.13 → 1.0.15

package/dist/cli.js

@@ -6,6 +6,13 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
 var __copyProps = (to, from, except, desc) => {
   if (from && typeof from === "object" || typeof from === "function") {
     for (let key of __getOwnPropNames(from))
@@ -23,25 +30,7 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   mod
 ));
 
-// src/cli.ts
-var import_commander = require("commander");
-
-// src/core.ts
-var import_chalk2 = __toESM(require("chalk"));
-var import_prompts = require("@inquirer/prompts");
-var import_fs = __toESM(require("fs"));
-var import_path3 = __toESM(require("path"));
-var import_os = __toESM(require("os"));
-var import_picomatch = __toESM(require("picomatch"));
-var import_sh_syntax = require("sh-syntax");
-
-// src/ui/native.ts
-var import_child_process = require("child_process");
-var import_path2 = __toESM(require("path"));
-var import_chalk = __toESM(require("chalk"));
-
 // src/context-sniper.ts
-var import_path = __toESM(require("path"));
 function smartTruncate(str, maxLen = 500) {
   if (str.length <= maxLen) return str;
   const edge = Math.floor(maxLen / 2) - 3;
@@ -71,22 +60,6 @@ function extractContext(text, matchedWord) {
 ... [${lines.length - end} lines hidden] ...` : "";
   return { snippet: `${head}${snippet}${tail}`, lineIndex };
 }
-var CODE_KEYS = [
-  "command",
-  "cmd",
-  "shell_command",
-  "bash_command",
-  "script",
-  "code",
-  "input",
-  "sql",
-  "query",
-  "arguments",
-  "args",
-  "param",
-  "params",
-  "text"
-];
 function computeRiskMetadata(args, tier, blockedByLabel, matchedField, matchedWord, ruleName) {
   let intent = "EXEC";
   let contextSnippet;
@@ -141,11 +114,31 @@ function computeRiskMetadata(args, tier, blockedByLabel, matchedField, matchedWo
     ...ruleName && { ruleName }
   };
 }
+var import_path, CODE_KEYS;
+var init_context_sniper = __esm({
+  "src/context-sniper.ts"() {
+    "use strict";
+    import_path = __toESM(require("path"));
+    CODE_KEYS = [
+      "command",
+      "cmd",
+      "shell_command",
+      "bash_command",
+      "script",
+      "code",
+      "input",
+      "sql",
+      "query",
+      "arguments",
+      "args",
+      "param",
+      "params",
+      "text"
+    ];
+  }
+});
 
 // src/ui/native.ts
-var isTestEnv = () => {
-  return process.env.NODE_ENV === "test" || process.env.VITEST === "true" || !!process.env.VITEST || process.env.CI === "true" || !!process.env.CI || process.env.NODE9_TESTING === "1";
-};
 function formatArgs(args, matchedField, matchedWord) {
   if (args === null || args === void 0) return { message: "(none)", intent: "EXEC" };
   let parsed = args;
@@ -355,82 +348,21 @@ end run`;
     }
   });
 }
+var import_child_process, import_path2, import_chalk, isTestEnv;
+var init_native = __esm({
+  "src/ui/native.ts"() {
+    "use strict";
+    import_child_process = require("child_process");
+    import_path2 = __toESM(require("path"));
+    import_chalk = __toESM(require("chalk"));
+    init_context_sniper();
+    isTestEnv = () => {
+      return process.env.NODE_ENV === "test" || process.env.VITEST === "true" || !!process.env.VITEST || process.env.CI === "true" || !!process.env.CI || process.env.NODE9_TESTING === "1";
+    };
+  }
+});
 
 // src/config-schema.ts
-var import_zod = require("zod");
-var noNewlines = import_zod.z.string().refine((s) => !s.includes("\n") && !s.includes("\r"), {
-  message: "Value must not contain literal newline characters (use \\n instead)"
-});
-var validRegex = noNewlines.refine(
-  (s) => {
-    try {
-      new RegExp(s);
-      return true;
-    } catch {
-      return false;
-    }
-  },
-  { message: "Value must be a valid regular expression" }
-);
-var SmartConditionSchema = import_zod.z.object({
-  field: import_zod.z.string().min(1, "Condition field must not be empty"),
-  op: import_zod.z.enum(["matches", "notMatches", "contains", "notContains", "exists", "notExists"], {
-    errorMap: () => ({
-      message: "op must be one of: matches, notMatches, contains, notContains, exists, notExists"
-    })
-  }),
-  value: validRegex.optional(),
-  flags: import_zod.z.string().optional()
-});
-var SmartRuleSchema = import_zod.z.object({
-  name: import_zod.z.string().optional(),
-  tool: import_zod.z.string().min(1, "Smart rule tool must not be empty"),
-  conditions: import_zod.z.array(SmartConditionSchema).min(1, "Smart rule must have at least one condition"),
-  conditionMode: import_zod.z.enum(["all", "any"]).optional(),
-  verdict: import_zod.z.enum(["allow", "review", "block"], {
-    errorMap: () => ({ message: "verdict must be one of: allow, review, block" })
-  }),
-  reason: import_zod.z.string().optional()
-});
-var PolicyRuleSchema = import_zod.z.object({
-  action: import_zod.z.string().min(1),
-  allowPaths: import_zod.z.array(import_zod.z.string()).optional(),
-  blockPaths: import_zod.z.array(import_zod.z.string()).optional()
-});
-var ConfigFileSchema = import_zod.z.object({
-  version: import_zod.z.string().optional(),
-  settings: import_zod.z.object({
-    mode: import_zod.z.enum(["standard", "strict", "audit"]).optional(),
-    autoStartDaemon: import_zod.z.boolean().optional(),
-    enableUndo: import_zod.z.boolean().optional(),
-    enableHookLogDebug: import_zod.z.boolean().optional(),
-    approvalTimeoutMs: import_zod.z.number().nonnegative().optional(),
-    approvers: import_zod.z.object({
-      native: import_zod.z.boolean().optional(),
-      browser: import_zod.z.boolean().optional(),
-      cloud: import_zod.z.boolean().optional(),
-      terminal: import_zod.z.boolean().optional()
-    }).optional(),
-    environment: import_zod.z.string().optional(),
-    slackEnabled: import_zod.z.boolean().optional(),
-    enableTrustSessions: import_zod.z.boolean().optional(),
-    allowGlobalPause: import_zod.z.boolean().optional()
-  }).optional(),
-  policy: import_zod.z.object({
-    sandboxPaths: import_zod.z.array(import_zod.z.string()).optional(),
-    dangerousWords: import_zod.z.array(noNewlines).optional(),
-    ignoredTools: import_zod.z.array(import_zod.z.string()).optional(),
-    toolInspection: import_zod.z.record(import_zod.z.string()).optional(),
-    rules: import_zod.z.array(PolicyRuleSchema).optional(),
-    smartRules: import_zod.z.array(SmartRuleSchema).optional(),
-    snapshot: import_zod.z.object({
-      tools: import_zod.z.array(import_zod.z.string()).optional(),
-      onlyPaths: import_zod.z.array(import_zod.z.string()).optional(),
-      ignorePaths: import_zod.z.array(import_zod.z.string()).optional()
-    }).optional()
-  }).optional(),
-  environments: import_zod.z.record(import_zod.z.object({ requireApproval: import_zod.z.boolean().optional() })).optional()
-}).strict({ message: "Config contains unknown top-level keys" });
 function sanitizeConfig(raw) {
   const result = ConfigFileSchema.safeParse(raw);
   if (result.success) {
@@ -448,8 +380,8 @@ function sanitizeConfig(raw) {
     }
   }
   const lines = result.error.issues.map((issue) => {
-    const path8 = issue.path.length > 0 ? issue.path.join(".") : "root";
-    return `  \u2022 ${path8}: ${issue.message}`;
+    const path10 = issue.path.length > 0 ? issue.path.join(".") : "root";
+    return `  \u2022 ${path10}: ${issue.message}`;
   });
   return {
     sanitized,
@@ -457,19 +389,389 @@ function sanitizeConfig(raw) {
 ${lines.join("\n")}`
   };
 }
+var import_zod, noNewlines, SmartConditionSchema, SmartRuleSchema, ConfigFileSchema;
+var init_config_schema = __esm({
+  "src/config-schema.ts"() {
+    "use strict";
+    import_zod = require("zod");
+    noNewlines = import_zod.z.string().refine((s) => !s.includes("\n") && !s.includes("\r"), {
+      message: "Value must not contain literal newline characters (use \\n instead)"
+    });
+    SmartConditionSchema = import_zod.z.object({
+      field: import_zod.z.string().min(1, "Condition field must not be empty"),
+      op: import_zod.z.enum(
+        [
+          "matches",
+          "notMatches",
+          "contains",
+          "notContains",
+          "exists",
+          "notExists",
+          "matchesGlob",
+          "notMatchesGlob"
+        ],
+        {
+          errorMap: () => ({
+            message: "op must be one of: matches, notMatches, contains, notContains, exists, notExists, matchesGlob, notMatchesGlob"
+          })
+        }
+      ),
+      value: import_zod.z.string().optional(),
+      flags: import_zod.z.string().optional()
+    });
+    SmartRuleSchema = import_zod.z.object({
+      name: import_zod.z.string().optional(),
+      tool: import_zod.z.string().min(1, "Smart rule tool must not be empty"),
+      conditions: import_zod.z.array(SmartConditionSchema).min(1, "Smart rule must have at least one condition"),
+      conditionMode: import_zod.z.enum(["all", "any"]).optional(),
+      verdict: import_zod.z.enum(["allow", "review", "block"], {
+        errorMap: () => ({ message: "verdict must be one of: allow, review, block" })
+      }),
+      reason: import_zod.z.string().optional()
+    });
+    ConfigFileSchema = import_zod.z.object({
+      version: import_zod.z.string().optional(),
+      settings: import_zod.z.object({
+        mode: import_zod.z.enum(["standard", "strict", "audit"]).optional(),
+        autoStartDaemon: import_zod.z.boolean().optional(),
+        enableUndo: import_zod.z.boolean().optional(),
+        enableHookLogDebug: import_zod.z.boolean().optional(),
+        approvalTimeoutMs: import_zod.z.number().nonnegative().optional(),
+        approvers: import_zod.z.object({
+          native: import_zod.z.boolean().optional(),
+          browser: import_zod.z.boolean().optional(),
+          cloud: import_zod.z.boolean().optional(),
+          terminal: import_zod.z.boolean().optional()
+        }).optional(),
+        environment: import_zod.z.string().optional(),
+        slackEnabled: import_zod.z.boolean().optional(),
+        enableTrustSessions: import_zod.z.boolean().optional(),
+        allowGlobalPause: import_zod.z.boolean().optional()
+      }).optional(),
+      policy: import_zod.z.object({
+        sandboxPaths: import_zod.z.array(import_zod.z.string()).optional(),
+        dangerousWords: import_zod.z.array(noNewlines).optional(),
+        ignoredTools: import_zod.z.array(import_zod.z.string()).optional(),
+        toolInspection: import_zod.z.record(import_zod.z.string()).optional(),
+        smartRules: import_zod.z.array(SmartRuleSchema).optional(),
+        snapshot: import_zod.z.object({
+          tools: import_zod.z.array(import_zod.z.string()).optional(),
+          onlyPaths: import_zod.z.array(import_zod.z.string()).optional(),
+          ignorePaths: import_zod.z.array(import_zod.z.string()).optional()
+        }).optional(),
+        dlp: import_zod.z.object({
+          enabled: import_zod.z.boolean().optional(),
+          scanIgnoredTools: import_zod.z.boolean().optional()
+        }).optional()
+      }).optional(),
+      environments: import_zod.z.record(import_zod.z.object({ requireApproval: import_zod.z.boolean().optional() })).optional()
+    }).strict({ message: "Config contains unknown top-level keys" });
+  }
+});
+
+// src/shields.ts
+function resolveShieldName(input) {
+  const lower = input.toLowerCase();
+  if (SHIELDS[lower]) return lower;
+  for (const [name, def] of Object.entries(SHIELDS)) {
+    if (def.aliases.includes(lower)) return name;
+  }
+  return null;
+}
+function getShield(name) {
+  const resolved = resolveShieldName(name);
+  return resolved ? SHIELDS[resolved] : null;
+}
+function listShields() {
+  return Object.values(SHIELDS);
+}
+function readActiveShields() {
+  try {
+    const raw = import_fs.default.readFileSync(SHIELDS_STATE_FILE, "utf-8");
+    if (!raw.trim()) return [];
+    const parsed = JSON.parse(raw);
+    if (Array.isArray(parsed.active)) {
+      return parsed.active.filter(
+        (e) => typeof e === "string" && e.length > 0 && e in SHIELDS
+      );
+    }
+  } catch (err) {
+    if (err.code !== "ENOENT") {
+      process.stderr.write(`[node9] Warning: could not read shields state: ${String(err)}
+`);
+    }
+  }
+  return [];
+}
+function writeActiveShields(active) {
+  import_fs.default.mkdirSync(import_path3.default.dirname(SHIELDS_STATE_FILE), { recursive: true });
+  const tmp = `${SHIELDS_STATE_FILE}.${import_crypto.default.randomBytes(6).toString("hex")}.tmp`;
+  import_fs.default.writeFileSync(tmp, JSON.stringify({ active }, null, 2), { mode: 384 });
+  import_fs.default.renameSync(tmp, SHIELDS_STATE_FILE);
+}
+var import_fs, import_path3, import_os, import_crypto, SHIELDS, SHIELDS_STATE_FILE;
+var init_shields = __esm({
+  "src/shields.ts"() {
+    "use strict";
+    import_fs = __toESM(require("fs"));
+    import_path3 = __toESM(require("path"));
+    import_os = __toESM(require("os"));
+    import_crypto = __toESM(require("crypto"));
+    SHIELDS = {
+      postgres: {
+        name: "postgres",
+        description: "Protects PostgreSQL databases from destructive AI operations",
+        aliases: ["pg", "postgresql"],
+        smartRules: [
+          {
+            name: "shield:postgres:block-drop-table",
+            tool: "*",
+            conditions: [{ field: "sql", op: "matches", value: "DROP\\s+TABLE", flags: "i" }],
+            verdict: "block",
+            reason: "DROP TABLE is irreversible \u2014 blocked by Postgres shield"
+          },
+          {
+            name: "shield:postgres:block-truncate",
+            tool: "*",
+            conditions: [{ field: "sql", op: "matches", value: "TRUNCATE\\s+TABLE", flags: "i" }],
+            verdict: "block",
+            reason: "TRUNCATE is irreversible \u2014 blocked by Postgres shield"
+          },
+          {
+            name: "shield:postgres:block-drop-column",
+            tool: "*",
+            conditions: [
+              { field: "sql", op: "matches", value: "ALTER\\s+TABLE.*DROP\\s+COLUMN", flags: "i" }
+            ],
+            verdict: "block",
+            reason: "DROP COLUMN is irreversible \u2014 blocked by Postgres shield"
+          },
+          {
+            name: "shield:postgres:review-grant-revoke",
+            tool: "*",
+            conditions: [{ field: "sql", op: "matches", value: "\\b(GRANT|REVOKE)\\b", flags: "i" }],
+            verdict: "review",
+            reason: "Permission changes require human approval (Postgres shield)"
+          }
+        ],
+        dangerousWords: ["dropdb", "pg_dropcluster"]
+      },
+      github: {
+        name: "github",
+        description: "Protects GitHub repositories from destructive AI operations",
+        aliases: ["git"],
+        smartRules: [
+          {
+            // Note: git branch -d/-D is already caught by the built-in review-git-destructive rule.
+            // This rule adds coverage for `git push --delete` which the built-in does not match.
+            name: "shield:github:review-delete-branch-remote",
+            tool: "bash",
+            conditions: [
+              {
+                field: "command",
+                op: "matches",
+                value: "git\\s+push\\s+.*--delete",
+                flags: "i"
+              }
+            ],
+            verdict: "review",
+            reason: "Remote branch deletion requires human approval (GitHub shield)"
+          },
+          {
+            name: "shield:github:block-delete-repo",
+            tool: "*",
+            conditions: [
+              { field: "command", op: "matches", value: "gh\\s+repo\\s+delete", flags: "i" }
+            ],
+            verdict: "block",
+            reason: "Repository deletion is irreversible \u2014 blocked by GitHub shield"
+          }
+        ],
+        dangerousWords: []
+      },
+      aws: {
+        name: "aws",
+        description: "Protects AWS infrastructure from destructive AI operations",
+        aliases: ["amazon"],
+        smartRules: [
+          {
+            name: "shield:aws:block-delete-s3-bucket",
+            tool: "*",
+            conditions: [
+              {
+                field: "command",
+                op: "matches",
+                value: "aws\\s+s3.*rb\\s|aws\\s+s3api\\s+delete-bucket",
+                flags: "i"
+              }
+            ],
+            verdict: "block",
+            reason: "S3 bucket deletion is irreversible \u2014 blocked by AWS shield"
+          },
+          {
+            name: "shield:aws:review-iam-changes",
+            tool: "*",
+            conditions: [
+              {
+                field: "command",
+                op: "matches",
+                value: "aws\\s+iam\\s+(create|delete|attach|detach|put|remove)",
+                flags: "i"
+              }
+            ],
+            verdict: "review",
+            reason: "IAM changes require human approval (AWS shield)"
+          },
+          {
+            name: "shield:aws:block-ec2-terminate",
+            tool: "*",
+            conditions: [
+              {
+                field: "command",
+                op: "matches",
+                value: "aws\\s+ec2\\s+terminate-instances",
+                flags: "i"
+              }
+            ],
+            verdict: "block",
+            reason: "EC2 instance termination is irreversible \u2014 blocked by AWS shield"
+          },
+          {
+            name: "shield:aws:review-rds-delete",
+            tool: "*",
+            conditions: [
+              { field: "command", op: "matches", value: "aws\\s+rds\\s+delete-", flags: "i" }
+            ],
+            verdict: "review",
+            reason: "RDS deletion requires human approval (AWS shield)"
+          }
+        ],
+        dangerousWords: []
+      },
+      filesystem: {
+        name: "filesystem",
+        description: "Protects the local filesystem from dangerous AI operations",
+        aliases: ["fs"],
+        smartRules: [
+          {
+            name: "shield:filesystem:review-chmod-777",
+            tool: "bash",
+            conditions: [
+              { field: "command", op: "matches", value: "chmod\\s+(777|a\\+rwx)", flags: "i" }
+            ],
+            verdict: "review",
+            reason: "chmod 777 requires human approval (filesystem shield)"
+          },
+          {
+            name: "shield:filesystem:review-write-etc",
+            tool: "bash",
+            conditions: [
+              {
+                field: "command",
+                // Narrow to write-indicative operations to avoid approval fatigue on reads.
+                // Matches: tee /etc/*, cp .../etc/*, mv .../etc/*, > /etc/*, install .../etc/*
+                op: "matches",
+                value: "(tee|\\bcp\\b|\\bmv\\b|install|>+)\\s+.*\\/etc\\/"
+              }
+            ],
+            verdict: "review",
+            reason: "Writing to /etc requires human approval (filesystem shield)"
+          }
+        ],
+        // dd removed: too common as a legitimate tool (disk imaging, file ops).
+        // mkfs removed: already in the built-in DANGEROUS_WORDS baseline.
+        // wipefs retained: rarely legitimate in an agent context and not in built-ins.
+        dangerousWords: ["wipefs"]
+      }
+    };
+    SHIELDS_STATE_FILE = import_path3.default.join(import_os.default.homedir(), ".node9", "shields.json");
+  }
+});
+
+// src/dlp.ts
+function maskSecret(raw, pattern) {
+  const match = raw.match(pattern);
+  if (!match) return "****";
+  const secret = match[0];
+  if (secret.length < 8) return "****";
+  const prefix = secret.slice(0, 4);
+  const suffix = secret.slice(-4);
+  const stars = "*".repeat(Math.min(secret.length - 8, 12));
+  return `${prefix}${stars}${suffix}`;
+}
+function scanArgs(args, depth = 0, fieldPath = "args") {
+  if (depth > MAX_DEPTH || args === null || args === void 0) return null;
+  if (Array.isArray(args)) {
+    for (let i = 0; i < args.length; i++) {
+      const match = scanArgs(args[i], depth + 1, `${fieldPath}[${i}]`);
+      if (match) return match;
+    }
+    return null;
+  }
+  if (typeof args === "object") {
+    for (const [key, value] of Object.entries(args)) {
+      const match = scanArgs(value, depth + 1, `${fieldPath}.${key}`);
+      if (match) return match;
+    }
+    return null;
+  }
+  if (typeof args === "string") {
+    const text = args.length > MAX_STRING_BYTES ? args.slice(0, MAX_STRING_BYTES) : args;
+    for (const pattern of DLP_PATTERNS) {
+      if (pattern.regex.test(text)) {
+        return {
+          patternName: pattern.name,
+          fieldPath,
+          redactedSample: maskSecret(text, pattern.regex),
+          severity: pattern.severity
+        };
+      }
+    }
+    if (text.length < MAX_JSON_PARSE_BYTES) {
+      const trimmed = text.trim();
+      if (trimmed.startsWith("{") || trimmed.startsWith("[")) {
+        try {
+          const parsed = JSON.parse(text);
+          const inner = scanArgs(parsed, depth + 1, fieldPath);
+          if (inner) return inner;
+        } catch {
+        }
+      }
+    }
+  }
+  return null;
+}
+var DLP_PATTERNS, MAX_DEPTH, MAX_STRING_BYTES, MAX_JSON_PARSE_BYTES;
+var init_dlp = __esm({
+  "src/dlp.ts"() {
+    "use strict";
+    DLP_PATTERNS = [
+      { name: "AWS Access Key ID", regex: /\bAKIA[0-9A-Z]{16}\b/, severity: "block" },
+      { name: "GitHub Token", regex: /\bgh[pous]_[A-Za-z0-9]{36}\b/, severity: "block" },
+      { name: "Slack Bot Token", regex: /\bxoxb-[0-9A-Za-z-]+\b/, severity: "block" },
+      { name: "OpenAI API Key", regex: /\bsk-[a-zA-Z0-9_-]{20,}\b/, severity: "block" },
+      { name: "Stripe Secret Key", regex: /\bsk_(?:live|test)_[0-9a-zA-Z]{24}\b/, severity: "block" },
+      {
+        name: "Private Key (PEM)",
+        regex: /-----BEGIN (?:RSA |EC |OPENSSH )?PRIVATE KEY-----/,
+        severity: "block"
+      },
+      { name: "Bearer Token", regex: /Bearer\s+[a-zA-Z0-9\-._~+/]+=*/i, severity: "review" }
+    ];
+    MAX_DEPTH = 5;
+    MAX_STRING_BYTES = 1e5;
+    MAX_JSON_PARSE_BYTES = 1e4;
+  }
+});
 
 // src/core.ts
-var PAUSED_FILE = import_path3.default.join(import_os.default.homedir(), ".node9", "PAUSED");
-var TRUST_FILE = import_path3.default.join(import_os.default.homedir(), ".node9", "trust.json");
-var LOCAL_AUDIT_LOG = import_path3.default.join(import_os.default.homedir(), ".node9", "audit.log");
-var HOOK_DEBUG_LOG = import_path3.default.join(import_os.default.homedir(), ".node9", "hook-debug.log");
 function checkPause() {
   try {
-    if (!import_fs.default.existsSync(PAUSED_FILE)) return { paused: false };
-    const state = JSON.parse(import_fs.default.readFileSync(PAUSED_FILE, "utf-8"));
+    if (!import_fs2.default.existsSync(PAUSED_FILE)) return { paused: false };
+    const state = JSON.parse(import_fs2.default.readFileSync(PAUSED_FILE, "utf-8"));
     if (state.expiry > 0 && Date.now() >= state.expiry) {
       try {
-        import_fs.default.unlinkSync(PAUSED_FILE);
+        import_fs2.default.unlinkSync(PAUSED_FILE);
       } catch {
       }
       return { paused: false };
@@ -480,11 +782,11 @@ function checkPause() {
   }
 }
 function atomicWriteSync(filePath, data, options) {
-  const dir = import_path3.default.dirname(filePath);
-  if (!import_fs.default.existsSync(dir)) import_fs.default.mkdirSync(dir, { recursive: true });
-  const tmpPath = `${filePath}.${import_os.default.hostname()}.${process.pid}.tmp`;
-  import_fs.default.writeFileSync(tmpPath, data, options);
-  import_fs.default.renameSync(tmpPath, filePath);
+  const dir = import_path4.default.dirname(filePath);
+  if (!import_fs2.default.existsSync(dir)) import_fs2.default.mkdirSync(dir, { recursive: true });
+  const tmpPath = `${filePath}.${import_os2.default.hostname()}.${process.pid}.tmp`;
+  import_fs2.default.writeFileSync(tmpPath, data, options);
+  import_fs2.default.renameSync(tmpPath, filePath);
 }
 function pauseNode9(durationMs, durationStr) {
   const state = { expiry: Date.now() + durationMs, duration: durationStr };
@@ -492,18 +794,18 @@ function pauseNode9(durationMs, durationStr) {
 }
 function resumeNode9() {
   try {
-    if (import_fs.default.existsSync(PAUSED_FILE)) import_fs.default.unlinkSync(PAUSED_FILE);
+    if (import_fs2.default.existsSync(PAUSED_FILE)) import_fs2.default.unlinkSync(PAUSED_FILE);
   } catch {
   }
 }
 function getActiveTrustSession(toolName) {
   try {
-    if (!import_fs.default.existsSync(TRUST_FILE)) return false;
-    const trust = JSON.parse(import_fs.default.readFileSync(TRUST_FILE, "utf-8"));
+    if (!import_fs2.default.existsSync(TRUST_FILE)) return false;
+    const trust = JSON.parse(import_fs2.default.readFileSync(TRUST_FILE, "utf-8"));
     const now = Date.now();
     const active = trust.entries.filter((e) => e.expiry > now);
     if (active.length !== trust.entries.length) {
-      import_fs.default.writeFileSync(TRUST_FILE, JSON.stringify({ entries: active }, null, 2));
+      import_fs2.default.writeFileSync(TRUST_FILE, JSON.stringify({ entries: active }, null, 2));
     }
     return active.some((e) => e.tool === toolName || matchesPattern(toolName, e.tool));
   } catch {
@@ -514,8 +816,8 @@ function writeTrustSession(toolName, durationMs) {
   try {
     let trust = { entries: [] };
     try {
-      if (import_fs.default.existsSync(TRUST_FILE)) {
-        trust = JSON.parse(import_fs.default.readFileSync(TRUST_FILE, "utf-8"));
+      if (import_fs2.default.existsSync(TRUST_FILE)) {
+        trust = JSON.parse(import_fs2.default.readFileSync(TRUST_FILE, "utf-8"));
       }
     } catch {
     }
@@ -531,9 +833,9 @@ function writeTrustSession(toolName, durationMs) {
 }
 function appendToLog(logPath, entry) {
   try {
-    const dir = import_path3.default.dirname(logPath);
-    if (!import_fs.default.existsSync(dir)) import_fs.default.mkdirSync(dir, { recursive: true });
-    import_fs.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
+    const dir = import_path4.default.dirname(logPath);
+    if (!import_fs2.default.existsSync(dir)) import_fs2.default.mkdirSync(dir, { recursive: true });
+    import_fs2.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
   } catch {
   }
 }
@@ -545,7 +847,7 @@ function appendHookDebug(toolName, args, meta) {
     args: safeArgs,
     agent: meta?.agent,
     mcpServer: meta?.mcpServer,
-    hostname: import_os.default.hostname(),
+    hostname: import_os2.default.hostname(),
     cwd: process.cwd()
   });
 }
@@ -559,7 +861,7 @@ function appendLocalAudit(toolName, args, decision, checkedBy, meta) {
     checkedBy,
     agent: meta?.agent,
     mcpServer: meta?.mcpServer,
-    hostname: import_os.default.hostname()
+    hostname: import_os2.default.hostname()
   });
 }
 function tokenize(toolName) {
@@ -575,9 +877,9 @@ function matchesPattern(text, patterns) {
   const withoutDotSlash = text.replace(/^\.\//, "");
   return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
 }
-function getNestedValue(obj, path8) {
+function getNestedValue(obj, path10) {
   if (!obj || typeof obj !== "object") return null;
-  return path8.split(".").reduce((prev, curr) => prev?.[curr], obj);
+  return path10.split(".").reduce((prev, curr) => prev?.[curr], obj);
 }
 function shouldSnapshot(toolName, args, config) {
   if (!config.settings.enableUndo) return false;
@@ -622,6 +924,10 @@ function evaluateSmartConditions(args, rule) {
           return true;
         }
       }
+      case "matchesGlob":
+        return val !== null && cond.value ? import_picomatch.default.isMatch(val, cond.value) : false;
+      case "notMatchesGlob":
+        return val !== null && cond.value ? !import_picomatch.default.isMatch(val, cond.value) : true;
       default:
         return false;
     }
@@ -643,7 +949,6 @@ function isSqlTool(toolName, toolInspection) {
   const fieldName = toolInspection[matchingPattern];
   return fieldName === "sql" || fieldName === "query";
 }
-var SQL_DML_KEYWORDS = /* @__PURE__ */ new Set(["select", "insert", "update", "delete", "merge", "upsert"]);
 async function analyzeShellCommand(command) {
   const actions = [];
   const paths = [];
@@ -725,188 +1030,14 @@ function redactSecrets(text) {
   );
   return redacted;
 }
-var DANGEROUS_WORDS = [
-  "mkfs",
-  // formats/wipes a filesystem partition
-  "shred"
-  // permanently overwrites file contents (unrecoverable)
-];
-var DEFAULT_CONFIG = {
-  settings: {
-    mode: "standard",
-    autoStartDaemon: true,
-    enableUndo: true,
-    // 🔥 ALWAYS TRUE BY DEFAULT for the safety net
-    enableHookLogDebug: false,
-    approvalTimeoutMs: 0,
-    // 0 = disabled; set e.g. 30000 for 30-second auto-deny
-    approvers: { native: true, browser: true, cloud: true, terminal: true }
-  },
-  policy: {
-    sandboxPaths: ["/tmp/**", "**/sandbox/**", "**/test-results/**"],
-    dangerousWords: DANGEROUS_WORDS,
-    ignoredTools: [
-      "list_*",
-      "get_*",
-      "read_*",
-      "describe_*",
-      "read",
-      "glob",
-      "grep",
-      "ls",
-      "notebookread",
-      "notebookedit",
-      "webfetch",
-      "websearch",
-      "exitplanmode",
-      "askuserquestion",
-      "agent",
-      "task*",
-      "toolsearch",
-      "mcp__ide__*",
-      "getDiagnostics"
-    ],
-    toolInspection: {
-      bash: "command",
-      shell: "command",
-      run_shell_command: "command",
-      "terminal.execute": "command",
-      "postgres:query": "sql"
-    },
-    snapshot: {
-      tools: [
-        "str_replace_based_edit_tool",
-        "write_file",
-        "edit_file",
-        "create_file",
-        "edit",
-        "replace"
-      ],
-      onlyPaths: [],
-      ignorePaths: ["**/node_modules/**", "dist/**", "build/**", ".next/**", "**/*.log"]
-    },
-    rules: [
-      // Only use the legacy rules format for simple path-based rm control.
-      // All other command-level enforcement lives in smartRules below.
-      {
-        action: "rm",
-        allowPaths: [
-          "**/node_modules/**",
-          "dist/**",
-          "build/**",
-          ".next/**",
-          "coverage/**",
-          ".cache/**",
-          "tmp/**",
-          "temp/**",
-          ".DS_Store"
-        ]
-      }
-    ],
-    smartRules: [
-      // ── SQL safety ────────────────────────────────────────────────────────
-      {
-        name: "no-delete-without-where",
-        tool: "*",
-        conditions: [
-          { field: "sql", op: "matches", value: "^(DELETE|UPDATE)\\s", flags: "i" },
-          { field: "sql", op: "notMatches", value: "\\bWHERE\\b", flags: "i" }
-        ],
-        conditionMode: "all",
-        verdict: "review",
-        reason: "DELETE/UPDATE without WHERE clause \u2014 would affect every row in the table"
-      },
-      {
-        name: "review-drop-truncate-shell",
-        tool: "bash",
-        conditions: [
-          {
-            field: "command",
-            op: "matches",
-            value: "\\b(DROP|TRUNCATE)\\s+(TABLE|DATABASE|SCHEMA|INDEX)",
-            flags: "i"
-          }
-        ],
-        conditionMode: "all",
-        verdict: "review",
-        reason: "SQL DDL destructive statement inside a shell command"
-      },
-      // ── Git safety ────────────────────────────────────────────────────────
-      {
-        name: "block-force-push",
-        tool: "bash",
-        conditions: [
-          {
-            field: "command",
-            op: "matches",
-            value: "git push.*(--force|--force-with-lease|-f\\b)",
-            flags: "i"
-          }
-        ],
-        conditionMode: "all",
-        verdict: "block",
-        reason: "Force push overwrites remote history and cannot be undone"
-      },
-      {
-        name: "review-git-push",
-        tool: "bash",
-        conditions: [{ field: "command", op: "matches", value: "^\\s*git\\s+push\\b", flags: "i" }],
-        conditionMode: "all",
-        verdict: "review",
-        reason: "git push sends changes to a shared remote"
-      },
-      {
-        name: "review-git-destructive",
-        tool: "bash",
-        conditions: [
-          {
-            field: "command",
-            op: "matches",
-            value: "git\\s+(reset\\s+--hard|clean\\s+-[fdxX]|rebase|tag\\s+-d|branch\\s+-[dD])",
-            flags: "i"
-          }
-        ],
-        conditionMode: "all",
-        verdict: "review",
-        reason: "Destructive git operation \u2014 discards history or working-tree changes"
-      },
-      // ── Shell safety ──────────────────────────────────────────────────────
-      {
-        name: "review-sudo",
-        tool: "bash",
-        conditions: [{ field: "command", op: "matches", value: "^\\s*sudo\\s", flags: "i" }],
-        conditionMode: "all",
-        verdict: "review",
-        reason: "Command requires elevated privileges"
-      },
-      {
-        name: "review-curl-pipe-shell",
-        tool: "bash",
-        conditions: [
-          {
-            field: "command",
-            op: "matches",
-            value: "(curl|wget)[^|]*\\|\\s*(ba|z|da|fi|c|k)?sh",
-            flags: "i"
-          }
-        ],
-        conditionMode: "all",
-        verdict: "block",
-        reason: "Piping remote script into a shell is a supply-chain attack vector"
-      }
-    ]
-  },
-  environments: {}
-};
-var cachedConfig = null;
 function _resetConfigCache() {
   cachedConfig = null;
 }
 function getGlobalSettings() {
   try {
-    const globalConfigPath = import_path3.default.join(import_os.default.homedir(), ".node9", "config.json");
-    if (import_fs.default.existsSync(globalConfigPath)) {
-      const parsed = JSON.parse(import_fs.default.readFileSync(globalConfigPath, "utf-8"));
+    const globalConfigPath = import_path4.default.join(import_os2.default.homedir(), ".node9", "config.json");
+    if (import_fs2.default.existsSync(globalConfigPath)) {
+      const parsed = JSON.parse(import_fs2.default.readFileSync(globalConfigPath, "utf-8"));
       const settings = parsed.settings || {};
       return {
         mode: settings.mode || "standard",
@@ -928,9 +1059,9 @@ function getGlobalSettings() {
 }
 function getInternalToken() {
   try {
-    const pidFile = import_path3.default.join(import_os.default.homedir(), ".node9", "daemon.pid");
-    if (!import_fs.default.existsSync(pidFile)) return null;
-    const data = JSON.parse(import_fs.default.readFileSync(pidFile, "utf-8"));
+    const pidFile = import_path4.default.join(import_os2.default.homedir(), ".node9", "daemon.pid");
+    if (!import_fs2.default.existsSync(pidFile)) return null;
+    const data = JSON.parse(import_fs2.default.readFileSync(pidFile, "utf-8"));
     process.kill(data.pid, 0);
     return data.internalToken ?? null;
   } catch {
@@ -945,7 +1076,8 @@ async function evaluatePolicy(toolName, args, agent) {
       (rule) => matchesPattern(toolName, rule.tool) && evaluateSmartConditions(args, rule)
     );
     if (matchedRule) {
-      if (matchedRule.verdict === "allow") return { decision: "allow" };
+      if (matchedRule.verdict === "allow")
+        return { decision: "allow", ruleName: matchedRule.name ?? matchedRule.tool };
       return {
         decision: matchedRule.verdict,
         blockedByLabel: `Smart Rule: ${matchedRule.name ?? matchedRule.tool}`,
@@ -956,13 +1088,11 @@ async function evaluatePolicy(toolName, args, agent) {
     }
   }
   let allTokens = [];
-  let actionTokens = [];
   let pathTokens = [];
   const shellCommand = extractShellCommand(toolName, args, config.policy.toolInspection);
   if (shellCommand) {
     const analyzed = await analyzeShellCommand(shellCommand);
     allTokens = analyzed.allTokens;
-    actionTokens = analyzed.actions;
     pathTokens = analyzed.paths;
     const INLINE_EXEC_PATTERN = /^(python3?|bash|sh|zsh|perl|ruby|node|php|lua)\s+(-c|-e|-eval)\s/i;
     if (INLINE_EXEC_PATTERN.test(shellCommand.trim())) {
@@ -970,11 +1100,9 @@ async function evaluatePolicy(toolName, args, agent) {
     }
     if (isSqlTool(toolName, config.policy.toolInspection)) {
       allTokens = allTokens.filter((t) => !SQL_DML_KEYWORDS.has(t.toLowerCase()));
-      actionTokens = actionTokens.filter((t) => !SQL_DML_KEYWORDS.has(t.toLowerCase()));
     }
   } else {
     allTokens = tokenize(toolName);
-    actionTokens = [toolName];
     if (args && typeof args === "object") {
       const flattenedArgs = JSON.stringify(args).toLowerCase();
       const extraTokens = flattenedArgs.split(/[^a-zA-Z0-9]+/).filter((t) => t.length > 1);
@@ -997,29 +1125,6 @@ async function evaluatePolicy(toolName, args, agent) {
     const allInSandbox = pathTokens.every((p) => matchesPattern(p, config.policy.sandboxPaths));
     if (allInSandbox) return { decision: "allow" };
   }
-  for (const action of actionTokens) {
-    const rule = config.policy.rules.find(
-      (r) => r.action === action || matchesPattern(action, r.action)
-    );
-    if (rule) {
-      if (pathTokens.length > 0) {
-        const anyBlocked = pathTokens.some((p) => matchesPattern(p, rule.blockPaths || []));
-        if (anyBlocked)
-          return {
-            decision: "review",
-            blockedByLabel: `Project/Global Config \u2014 rule "${rule.action}" (path blocked)`,
-            tier: 5
-          };
-        const allAllowed = pathTokens.every((p) => matchesPattern(p, rule.allowPaths || []));
-        if (allAllowed) return { decision: "allow" };
-      }
-      return {
-        decision: "review",
-        blockedByLabel: `Project/Global Config \u2014 rule "${rule.action}" (default block)`,
-        tier: 5
-      };
-    }
-  }
   let matchedDangerousWord;
   const isDangerous = allTokens.some(
     (token) => config.policy.dangerousWords.some((word) => {
@@ -1071,9 +1176,9 @@ async function evaluatePolicy(toolName, args, agent) {
 }
 async function explainPolicy(toolName, args) {
   const steps = [];
-  const globalPath = import_path3.default.join(import_os.default.homedir(), ".node9", "config.json");
-  const projectPath = import_path3.default.join(process.cwd(), "node9.config.json");
-  const credsPath = import_path3.default.join(import_os.default.homedir(), ".node9", "credentials.json");
+  const globalPath = import_path4.default.join(import_os2.default.homedir(), ".node9", "config.json");
+  const projectPath = import_path4.default.join(process.cwd(), "node9.config.json");
+  const credsPath = import_path4.default.join(import_os2.default.homedir(), ".node9", "credentials.json");
   const waterfall = [
     {
       tier: 1,
@@ -1084,19 +1189,19 @@ async function explainPolicy(toolName, args) {
     {
       tier: 2,
       label: "Cloud policy",
-      status: import_fs.default.existsSync(credsPath) ? "active" : "missing",
-      note: import_fs.default.existsSync(credsPath) ? "credentials found (not evaluated in explain mode)" : "not connected \u2014 run: node9 login"
+      status: import_fs2.default.existsSync(credsPath) ? "active" : "missing",
+      note: import_fs2.default.existsSync(credsPath) ? "credentials found (not evaluated in explain mode)" : "not connected \u2014 run: node9 login"
     },
     {
       tier: 3,
       label: "Project config",
-      status: import_fs.default.existsSync(projectPath) ? "active" : "missing",
+      status: import_fs2.default.existsSync(projectPath) ? "active" : "missing",
       path: projectPath
     },
     {
       tier: 4,
       label: "Global config",
-      status: import_fs.default.existsSync(globalPath) ? "active" : "missing",
+      status: import_fs2.default.existsSync(globalPath) ? "active" : "missing",
       path: globalPath
     },
     {
@@ -1107,7 +1212,28 @@ async function explainPolicy(toolName, args) {
     }
   ];
   const config = getConfig();
-  if (matchesPattern(toolName, config.policy.ignoredTools)) {
+  const wouldBeIgnored = matchesPattern(toolName, config.policy.ignoredTools);
+  if (config.policy.dlp.enabled && (!wouldBeIgnored || config.policy.dlp.scanIgnoredTools)) {
+    const dlpMatch = args !== void 0 ? scanArgs(args) : null;
+    if (dlpMatch) {
+      steps.push({
+        name: "DLP Content Scanner",
+        outcome: dlpMatch.severity === "block" ? "block" : "review",
+        detail: `\u{1F6A8} ${dlpMatch.patternName} detected in ${dlpMatch.fieldPath} \u2014 sample: ${dlpMatch.redactedSample}`,
+        isFinal: dlpMatch.severity === "block"
+      });
+      if (dlpMatch.severity === "block") {
+        return { tool: toolName, args, waterfall, steps, decision: "block" };
+      }
+    } else {
+      steps.push({
+        name: "DLP Content Scanner",
+        outcome: "checked",
+        detail: "No sensitive credentials detected in args"
+      });
+    }
+  }
+  if (wouldBeIgnored) {
     steps.push({
       name: "Ignored tools",
       outcome: "allow",
@@ -1160,13 +1286,11 @@ async function explainPolicy(toolName, args) {
     steps.push({ name: "Smart rules", outcome: "skip", detail: "No smart rules configured" });
   }
   let allTokens = [];
-  let actionTokens = [];
   let pathTokens = [];
   const shellCommand = extractShellCommand(toolName, args, config.policy.toolInspection);
   if (shellCommand) {
     const analyzed = await analyzeShellCommand(shellCommand);
     allTokens = analyzed.allTokens;
-    actionTokens = analyzed.actions;
     pathTokens = analyzed.paths;
     const patterns = Object.keys(config.policy.toolInspection);
     const matchingPattern = patterns.find((p) => matchesPattern(toolName, p));
@@ -1200,7 +1324,6 @@ async function explainPolicy(toolName, args) {
     });
     if (isSqlTool(toolName, config.policy.toolInspection)) {
       allTokens = allTokens.filter((t) => !SQL_DML_KEYWORDS.has(t.toLowerCase()));
-      actionTokens = actionTokens.filter((t) => !SQL_DML_KEYWORDS.has(t.toLowerCase()));
       steps.push({
         name: "SQL token stripping",
         outcome: "checked",
@@ -1209,7 +1332,6 @@ async function explainPolicy(toolName, args) {
     }
   } else {
     allTokens = tokenize(toolName);
-    actionTokens = [toolName];
     let detail = `No toolInspection match for "${toolName}" \u2014 tokens: [${allTokens.join(", ")}]`;
     if (args && typeof args === "object") {
       const flattenedArgs = JSON.stringify(args).toLowerCase();
@@ -1250,65 +1372,6 @@ async function explainPolicy(toolName, args) {
       detail: pathTokens.length === 0 ? "No path tokens found in input" : "No sandbox paths configured"
     });
   }
-  let ruleMatched = false;
-  for (const action of actionTokens) {
-    const rule = config.policy.rules.find(
-      (r) => r.action === action || matchesPattern(action, r.action)
-    );
-    if (rule) {
-      ruleMatched = true;
-      if (pathTokens.length > 0) {
-        const anyBlocked = pathTokens.some((p) => matchesPattern(p, rule.blockPaths || []));
-        if (anyBlocked) {
-          steps.push({
-            name: "Policy rules",
-            outcome: "review",
-            detail: `Rule "${rule.action}" matched + path is in blockPaths`,
-            isFinal: true
-          });
-          return {
-            tool: toolName,
-            args,
-            waterfall,
-            steps,
-            decision: "review",
-            blockedByLabel: `Project/Global Config \u2014 rule "${rule.action}" (path blocked)`
-          };
-        }
-        const allAllowed = pathTokens.every((p) => matchesPattern(p, rule.allowPaths || []));
-        if (allAllowed) {
-          steps.push({
-            name: "Policy rules",
-            outcome: "allow",
-            detail: `Rule "${rule.action}" matched + all paths are in allowPaths`,
-            isFinal: true
-          });
-          return { tool: toolName, args, waterfall, steps, decision: "allow" };
-        }
-      }
-      steps.push({
-        name: "Policy rules",
-        outcome: "review",
-        detail: `Rule "${rule.action}" matched \u2014 default block (no path exception)`,
-        isFinal: true
-      });
-      return {
-        tool: toolName,
-        args,
-        waterfall,
-        steps,
-        decision: "review",
-        blockedByLabel: `Project/Global Config \u2014 rule "${rule.action}" (default block)`
-      };
-    }
-  }
-  if (!ruleMatched) {
-    steps.push({
-      name: "Policy rules",
-      outcome: "skip",
-      detail: config.policy.rules.length === 0 ? "No rules configured" : `No rule matched [${actionTokens.join(", ")}]`
-    });
-  }
   let matchedDangerousWord;
   const isDangerous = uniqueTokens.some(
     (token) => config.policy.dangerousWords.some((word) => {
@@ -1373,13 +1436,11 @@ function isIgnoredTool(toolName) {
   const config = getConfig();
   return matchesPattern(toolName, config.policy.ignoredTools);
 }
-var DAEMON_PORT = 7391;
-var DAEMON_HOST = "127.0.0.1";
 function isDaemonRunning() {
   try {
-    const pidFile = import_path3.default.join(import_os.default.homedir(), ".node9", "daemon.pid");
-    if (!import_fs.default.existsSync(pidFile)) return false;
-    const { pid, port } = JSON.parse(import_fs.default.readFileSync(pidFile, "utf-8"));
+    const pidFile = import_path4.default.join(import_os2.default.homedir(), ".node9", "daemon.pid");
+    if (!import_fs2.default.existsSync(pidFile)) return false;
+    const { pid, port } = JSON.parse(import_fs2.default.readFileSync(pidFile, "utf-8"));
     if (port !== DAEMON_PORT) return false;
     process.kill(pid, 0);
     return true;
@@ -1389,16 +1450,16 @@ function isDaemonRunning() {
 }
 function getPersistentDecision(toolName) {
   try {
-    const file = import_path3.default.join(import_os.default.homedir(), ".node9", "decisions.json");
-    if (!import_fs.default.existsSync(file)) return null;
-    const decisions = JSON.parse(import_fs.default.readFileSync(file, "utf-8"));
+    const file = import_path4.default.join(import_os2.default.homedir(), ".node9", "decisions.json");
+    if (!import_fs2.default.existsSync(file)) return null;
+    const decisions = JSON.parse(import_fs2.default.readFileSync(file, "utf-8"));
     const d = decisions[toolName];
     if (d === "allow" || d === "deny") return d;
   } catch {
   }
   return null;
 }
-async function askDaemon(toolName, args, meta, signal, riskMetadata) {
+async function askDaemon(toolName, args, meta, signal, riskMetadata, activityId) {
   const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
   const checkCtrl = new AbortController();
   const checkTimer = setTimeout(() => checkCtrl.abort(), 5e3);
@@ -1413,6 +1474,12 @@ async function askDaemon(toolName, args, meta, signal, riskMetadata) {
         args,
         agent: meta?.agent,
         mcpServer: meta?.mcpServer,
+        fromCLI: true,
+        // Pass the flight-recorder ID so the daemon uses the same UUID for
+        // activity-result as the CLI used for the pending activity event.
+        // Without this, the two UUIDs never match and tail.ts never resolves
+        // the pending item.
+        activityId,
         ...riskMetadata && { riskMetadata }
       }),
       signal: checkCtrl.signal
@@ -1467,7 +1534,44 @@ async function resolveViaDaemon(id, decision, internalToken) {
     signal: AbortSignal.timeout(3e3)
   });
 }
+function notifyActivity(data) {
+  return new Promise((resolve) => {
+    try {
+      const payload = JSON.stringify(data);
+      const sock = import_net.default.createConnection(ACTIVITY_SOCKET_PATH);
+      sock.on("connect", () => {
+        sock.on("close", resolve);
+        sock.end(payload);
+      });
+      sock.on("error", resolve);
+    } catch {
+      resolve();
+    }
+  });
+}
 async function authorizeHeadless(toolName, args, allowTerminalFallback = false, meta, options) {
+  if (!options?.calledFromDaemon) {
+    const actId = (0, import_crypto2.randomUUID)();
+    const actTs = Date.now();
+    await notifyActivity({ id: actId, ts: actTs, tool: toolName, args, status: "pending" });
+    const result = await _authorizeHeadlessCore(toolName, args, allowTerminalFallback, meta, {
+      ...options,
+      activityId: actId
+    });
+    if (!result.noApprovalMechanism) {
+      await notifyActivity({
+        id: actId,
+        tool: toolName,
+        ts: actTs,
+        status: result.approved ? "allow" : result.blockedByLabel?.includes("DLP") ? "dlp" : "block",
+        label: result.blockedByLabel
+      });
+    }
+    return result;
+  }
+  return _authorizeHeadlessCore(toolName, args, allowTerminalFallback, meta, options);
+}
+async function _authorizeHeadlessCore(toolName, args, allowTerminalFallback = false, meta, options) {
   if (process.env.NODE9_PAUSED === "1") return { approved: true, checkedBy: "paused" };
   const pauseState = checkPause();
   if (pauseState.paused) return { approved: true, checkedBy: "paused" };
@@ -1490,10 +1594,27 @@ async function authorizeHeadless(toolName, args, allowTerminalFallback = false,
   let policyMatchedField;
   let policyMatchedWord;
   let riskMetadata;
-  if (config.settings.mode === "audit") {
-    if (!isIgnoredTool(toolName)) {
-      const policyResult = await evaluatePolicy(toolName, args, meta?.agent);
-      if (policyResult.decision === "review") {
+  if (config.policy.dlp.enabled && (!isIgnoredTool(toolName) || config.policy.dlp.scanIgnoredTools)) {
+    const dlpMatch = scanArgs(args);
+    if (dlpMatch) {
+      const dlpReason = `\u{1F6A8} DATA LOSS PREVENTION: ${dlpMatch.patternName} detected in field "${dlpMatch.fieldPath}" (${dlpMatch.redactedSample})`;
+      if (dlpMatch.severity === "block") {
+        if (!isManual) appendLocalAudit(toolName, args, "deny", "dlp-block", meta);
+        return {
+          approved: false,
+          reason: dlpReason,
+          blockedBy: "local-config",
+          blockedByLabel: "\u{1F6A8} Node9 DLP (Secret Detected)"
+        };
+      }
+      if (!isManual) appendLocalAudit(toolName, args, "allow", "dlp-review-flagged", meta);
+      explainableLabel = "\u{1F6A8} Node9 DLP (Credential Review)";
+    }
+  }
+  if (config.settings.mode === "audit") {
+    if (!isIgnoredTool(toolName)) {
+      const policyResult = await evaluatePolicy(toolName, args, meta?.agent);
+      if (policyResult.decision === "review") {
         appendLocalAudit(toolName, args, "allow", "audit-mode", meta);
         if (approvers.cloud && creds?.apiKey) {
           await auditLocalAllow(toolName, args, "audit-mode", creds, meta);
@@ -1709,7 +1830,14 @@ async function authorizeHeadless(toolName, args, allowTerminalFallback = false,
             console.error(import_chalk2.default.cyan(`   URL \u2192 http://${DAEMON_HOST}:${DAEMON_PORT}/
 `));
           }
-          const daemonDecision = await askDaemon(toolName, args, meta, signal, riskMetadata);
+          const daemonDecision = await askDaemon(
+            toolName,
+            args,
+            meta,
+            signal,
+            riskMetadata,
+            options?.activityId
+          );
           if (daemonDecision === "abandoned") throw new Error("Abandoned");
           const isApproved = daemonDecision === "allow";
           return {
@@ -1729,7 +1857,14 @@ async function authorizeHeadless(toolName, args, allowTerminalFallback = false,
     racePromises.push(
       (async () => {
         try {
-          console.log(import_chalk2.default.bgRed.white.bold(` \u{1F6D1} NODE9 INTERCEPTOR `));
+          if (explainableLabel.includes("DLP")) {
+            console.log(import_chalk2.default.bgRed.white.bold(` \u{1F6A8} NODE9 DLP ALERT \u2014 CREDENTIAL DETECTED `));
+            console.log(
+              import_chalk2.default.red.bold(`   A sensitive secret was detected in the tool arguments!`)
+            );
+          } else {
+            console.log(import_chalk2.default.bgRed.white.bold(` \u{1F6D1} NODE9 INTERCEPTOR `));
+          }
           console.log(`${import_chalk2.default.bold("Action:")} ${import_chalk2.default.red(toolName)}`);
           console.log(`${import_chalk2.default.bold("Flagged By:")} ${import_chalk2.default.yellow(explainableLabel)}`);
           if (isRemoteLocked) {
@@ -1834,8 +1969,8 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
 }
 function getConfig() {
   if (cachedConfig) return cachedConfig;
-  const globalPath = import_path3.default.join(import_os.default.homedir(), ".node9", "config.json");
-  const projectPath = import_path3.default.join(process.cwd(), "node9.config.json");
+  const globalPath = import_path4.default.join(import_os2.default.homedir(), ".node9", "config.json");
+  const projectPath = import_path4.default.join(process.cwd(), "node9.config.json");
   const globalConfig = tryLoadConfig(globalPath);
   const projectConfig = tryLoadConfig(projectPath);
   const mergedSettings = {
@@ -1847,13 +1982,13 @@ function getConfig() {
     dangerousWords: [...DEFAULT_CONFIG.policy.dangerousWords],
     ignoredTools: [...DEFAULT_CONFIG.policy.ignoredTools],
     toolInspection: { ...DEFAULT_CONFIG.policy.toolInspection },
-    rules: [...DEFAULT_CONFIG.policy.rules],
     smartRules: [...DEFAULT_CONFIG.policy.smartRules],
     snapshot: {
       tools: [...DEFAULT_CONFIG.policy.snapshot.tools],
       onlyPaths: [...DEFAULT_CONFIG.policy.snapshot.onlyPaths],
       ignorePaths: [...DEFAULT_CONFIG.policy.snapshot.ignorePaths]
-    }
+    },
+    dlp: { ...DEFAULT_CONFIG.policy.dlp }
   };
   const mergedEnvironments = { ...DEFAULT_CONFIG.environments };
   const applyLayer = (source) => {
@@ -1873,7 +2008,6 @@ function getConfig() {
     if (p.dangerousWords) mergedPolicy.dangerousWords = [...p.dangerousWords];
     if (p.toolInspection)
       mergedPolicy.toolInspection = { ...mergedPolicy.toolInspection, ...p.toolInspection };
-    if (p.rules) mergedPolicy.rules.push(...p.rules);
     if (p.smartRules) mergedPolicy.smartRules.push(...p.smartRules);
     if (p.snapshot) {
       const s2 = p.snapshot;
@@ -1881,6 +2015,11 @@ function getConfig() {
       if (s2.onlyPaths) mergedPolicy.snapshot.onlyPaths.push(...s2.onlyPaths);
       if (s2.ignorePaths) mergedPolicy.snapshot.ignorePaths.push(...s2.ignorePaths);
     }
+    if (p.dlp) {
+      const d = p.dlp;
+      if (d.enabled !== void 0) mergedPolicy.dlp.enabled = d.enabled;
+      if (d.scanIgnoredTools !== void 0) mergedPolicy.dlp.scanIgnoredTools = d.scanIgnoredTools;
+    }
     const envs = source.environments || {};
     for (const [envName, envConfig] of Object.entries(envs)) {
       if (envConfig && typeof envConfig === "object") {
@@ -1895,6 +2034,22 @@ function getConfig() {
   };
   applyLayer(globalConfig);
   applyLayer(projectConfig);
+  for (const shieldName of readActiveShields()) {
+    const shield = getShield(shieldName);
+    if (!shield) continue;
+    const existingRuleNames = new Set(mergedPolicy.smartRules.map((r) => r.name));
+    for (const rule of shield.smartRules) {
+      if (!existingRuleNames.has(rule.name)) mergedPolicy.smartRules.push(rule);
+    }
+    const existingWords = new Set(mergedPolicy.dangerousWords);
+    for (const word of shield.dangerousWords) {
+      if (!existingWords.has(word)) mergedPolicy.dangerousWords.push(word);
+    }
+  }
+  const existingAdvisoryNames = new Set(mergedPolicy.smartRules.map((r) => r.name));
+  for (const rule of ADVISORY_SMART_RULES) {
+    if (!existingAdvisoryNames.has(rule.name)) mergedPolicy.smartRules.push(rule);
+  }
   if (process.env.NODE9_MODE) mergedSettings.mode = process.env.NODE9_MODE;
   mergedPolicy.sandboxPaths = [...new Set(mergedPolicy.sandboxPaths)];
   mergedPolicy.dangerousWords = [...new Set(mergedPolicy.dangerousWords)];
@@ -1910,10 +2065,10 @@ function getConfig() {
   return cachedConfig;
 }
 function tryLoadConfig(filePath) {
-  if (!import_fs.default.existsSync(filePath)) return null;
+  if (!import_fs2.default.existsSync(filePath)) return null;
   let raw;
   try {
-    raw = JSON.parse(import_fs.default.readFileSync(filePath, "utf-8"));
+    raw = JSON.parse(import_fs2.default.readFileSync(filePath, "utf-8"));
   } catch (err) {
     const msg = err instanceof Error ? err.message : String(err);
     process.stderr.write(
@@ -1975,9 +2130,9 @@ function getCredentials() {
     };
   }
   try {
-    const credPath = import_path3.default.join(import_os.default.homedir(), ".node9", "credentials.json");
-    if (import_fs.default.existsSync(credPath)) {
-      const creds = JSON.parse(import_fs.default.readFileSync(credPath, "utf-8"));
+    const credPath = import_path4.default.join(import_os2.default.homedir(), ".node9", "credentials.json");
+    if (import_fs2.default.existsSync(credPath)) {
+      const creds = JSON.parse(import_fs2.default.readFileSync(credPath, "utf-8"));
       const profileName = process.env.NODE9_PROFILE || "default";
       const profile = creds[profileName];
       if (profile?.apiKey) {
@@ -2008,9 +2163,9 @@ function auditLocalAllow(toolName, args, checkedBy, creds, meta) {
       context: {
         agent: meta?.agent,
         mcpServer: meta?.mcpServer,
-        hostname: import_os.default.hostname(),
+        hostname: import_os2.default.hostname(),
         cwd: process.cwd(),
-        platform: import_os.default.platform()
+        platform: import_os2.default.platform()
       }
     }),
     signal: AbortSignal.timeout(5e3)
@@ -2031,9 +2186,9 @@ async function initNode9SaaS(toolName, args, creds, meta, riskMetadata) {
         context: {
           agent: meta?.agent,
           mcpServer: meta?.mcpServer,
-          hostname: import_os.default.hostname(),
+          hostname: import_os2.default.hostname(),
           cwd: process.cwd(),
-          platform: import_os.default.platform()
+          platform: import_os2.default.platform()
         },
         ...riskMetadata && { riskMetadata }
       }),
@@ -2090,295 +2245,272 @@ async function resolveNode9SaaS(requestId, creds, approved) {
   } catch {
   }
 }
-
-// src/setup.ts
-var import_fs2 = __toESM(require("fs"));
-var import_path4 = __toESM(require("path"));
-var import_os2 = __toESM(require("os"));
-var import_chalk3 = __toESM(require("chalk"));
-var import_prompts2 = require("@inquirer/prompts");
-function printDaemonTip() {
-  console.log(
-    import_chalk3.default.cyan("\n   \u{1F4A1} Node9 will protect you automatically using Native OS popups.") + import_chalk3.default.white("\n      To view your history or manage persistent rules, run:") + import_chalk3.default.green("\n      node9 daemon --openui")
-  );
-}
-function fullPathCommand(subcommand) {
-  if (process.env.NODE9_TESTING === "1") return `node9 ${subcommand}`;
-  const nodeExec = process.execPath;
-  const cliScript = process.argv[1];
-  return `${nodeExec} ${cliScript} ${subcommand}`;
-}
-function readJson(filePath) {
-  try {
-    if (import_fs2.default.existsSync(filePath)) {
-      return JSON.parse(import_fs2.default.readFileSync(filePath, "utf-8"));
-    }
-  } catch {
-  }
-  return null;
-}
-function writeJson(filePath, data) {
-  const dir = import_path4.default.dirname(filePath);
-  if (!import_fs2.default.existsSync(dir)) import_fs2.default.mkdirSync(dir, { recursive: true });
-  import_fs2.default.writeFileSync(filePath, JSON.stringify(data, null, 2) + "\n");
-}
-async function setupClaude() {
-  const homeDir2 = import_os2.default.homedir();
-  const mcpPath = import_path4.default.join(homeDir2, ".claude.json");
-  const hooksPath = import_path4.default.join(homeDir2, ".claude", "settings.json");
-  const claudeConfig = readJson(mcpPath) ?? {};
-  const settings = readJson(hooksPath) ?? {};
-  const servers = claudeConfig.mcpServers ?? {};
-  let anythingChanged = false;
-  if (!settings.hooks) settings.hooks = {};
-  const hasPreHook = settings.hooks.PreToolUse?.some(
-    (m) => m.hooks.some((h) => h.command?.includes("node9 check") || h.command?.includes("cli.js check"))
-  );
-  if (!hasPreHook) {
-    if (!settings.hooks.PreToolUse) settings.hooks.PreToolUse = [];
-    settings.hooks.PreToolUse.push({
-      matcher: ".*",
-      hooks: [{ type: "command", command: fullPathCommand("check"), timeout: 60 }]
-    });
-    console.log(import_chalk3.default.green("  \u2705 PreToolUse hook added  \u2192 node9 check"));
-    anythingChanged = true;
-  }
-  const hasPostHook = settings.hooks.PostToolUse?.some(
-    (m) => m.hooks.some((h) => h.command?.includes("node9 log") || h.command?.includes("cli.js log"))
-  );
-  if (!hasPostHook) {
-    if (!settings.hooks.PostToolUse) settings.hooks.PostToolUse = [];
-    settings.hooks.PostToolUse.push({
-      matcher: ".*",
-      hooks: [{ type: "command", command: fullPathCommand("log"), timeout: 600 }]
-    });
-    console.log(import_chalk3.default.green("  \u2705 PostToolUse hook added \u2192 node9 log"));
-    anythingChanged = true;
-  }
-  if (anythingChanged) {
-    writeJson(hooksPath, settings);
-    console.log("");
-  }
-  const serversToWrap = [];
-  for (const [name, server] of Object.entries(servers)) {
-    if (!server.command || server.command === "node9") continue;
-    const parts = [server.command, ...server.args ?? []];
-    serversToWrap.push({ name, originalCmd: parts.join(" "), parts });
-  }
-  if (serversToWrap.length > 0) {
-    console.log(import_chalk3.default.bold("The following existing entries will be modified:\n"));
-    console.log(import_chalk3.default.white(`  ${mcpPath}`));
-    for (const { name, originalCmd } of serversToWrap) {
-      console.log(import_chalk3.default.gray(`    \u2022 ${name}: "${originalCmd}" \u2192 node9 ${originalCmd}`));
-    }
-    console.log("");
-    const proceed = await (0, import_prompts2.confirm)({ message: "Wrap these MCP servers?", default: true });
-    if (proceed) {
-      for (const { name, parts } of serversToWrap) {
-        servers[name] = { ...servers[name], command: "node9", args: parts };
+var import_chalk2, import_prompts, import_fs2, import_path4, import_os2, import_net, import_crypto2, import_picomatch, import_sh_syntax, PAUSED_FILE, TRUST_FILE, LOCAL_AUDIT_LOG, HOOK_DEBUG_LOG, SQL_DML_KEYWORDS, DANGEROUS_WORDS, DEFAULT_CONFIG, ADVISORY_SMART_RULES, cachedConfig, DAEMON_PORT, DAEMON_HOST, ACTIVITY_SOCKET_PATH;
+var init_core = __esm({
+  "src/core.ts"() {
+    "use strict";
+    import_chalk2 = __toESM(require("chalk"));
+    import_prompts = require("@inquirer/prompts");
+    import_fs2 = __toESM(require("fs"));
+    import_path4 = __toESM(require("path"));
+    import_os2 = __toESM(require("os"));
+    import_net = __toESM(require("net"));
+    import_crypto2 = require("crypto");
+    import_picomatch = __toESM(require("picomatch"));
+    import_sh_syntax = require("sh-syntax");
+    init_native();
+    init_context_sniper();
+    init_config_schema();
+    init_shields();
+    init_dlp();
+    PAUSED_FILE = import_path4.default.join(import_os2.default.homedir(), ".node9", "PAUSED");
+    TRUST_FILE = import_path4.default.join(import_os2.default.homedir(), ".node9", "trust.json");
+    LOCAL_AUDIT_LOG = import_path4.default.join(import_os2.default.homedir(), ".node9", "audit.log");
+    HOOK_DEBUG_LOG = import_path4.default.join(import_os2.default.homedir(), ".node9", "hook-debug.log");
+    SQL_DML_KEYWORDS = /* @__PURE__ */ new Set(["select", "insert", "update", "delete", "merge", "upsert"]);
+    DANGEROUS_WORDS = [
+      "mkfs",
+      // formats/wipes a filesystem partition
+      "shred"
+      // permanently overwrites file contents (unrecoverable)
+    ];
+    DEFAULT_CONFIG = {
+      settings: {
+        mode: "standard",
+        autoStartDaemon: true,
+        enableUndo: true,
+        // 🔥 ALWAYS TRUE BY DEFAULT for the safety net
+        enableHookLogDebug: false,
+        approvalTimeoutMs: 0,
+        // 0 = disabled; set e.g. 30000 for 30-second auto-deny
+        approvers: { native: true, browser: true, cloud: true, terminal: true }
+      },
+      policy: {
+        sandboxPaths: ["/tmp/**", "**/sandbox/**", "**/test-results/**"],
+        dangerousWords: DANGEROUS_WORDS,
+        ignoredTools: [
+          "list_*",
+          "get_*",
+          "read_*",
+          "describe_*",
+          "read",
+          "glob",
+          "grep",
+          "ls",
+          "notebookread",
+          "notebookedit",
+          "webfetch",
+          "websearch",
+          "exitplanmode",
+          "askuserquestion",
+          "agent",
+          "task*",
+          "toolsearch",
+          "mcp__ide__*",
+          "getDiagnostics"
+        ],
+        toolInspection: {
+          bash: "command",
+          shell: "command",
+          run_shell_command: "command",
+          "terminal.execute": "command",
+          "postgres:query": "sql"
+        },
+        snapshot: {
+          tools: [
+            "str_replace_based_edit_tool",
+            "write_file",
+            "edit_file",
+            "create_file",
+            "edit",
+            "replace"
+          ],
+          onlyPaths: [],
+          ignorePaths: ["**/node_modules/**", "dist/**", "build/**", ".next/**", "**/*.log"]
+        },
+        smartRules: [
+          // ── rm safety (critical — always evaluated first) ──────────────────────
+          {
+            name: "block-rm-rf-home",
+            tool: "bash",
+            conditionMode: "all",
+            conditions: [
+              {
+                field: "command",
+                op: "matches",
+                value: "rm\\b.*(-[rRfF]*[rR][rRfF]*|--recursive)"
+              },
+              {
+                field: "command",
+                op: "matches",
+                value: "(~|\\/root(\\/|$)|\\$HOME|\\/home\\/)"
+              }
+            ],
+            verdict: "block",
+            reason: "Recursive delete of home directory is irreversible"
+          },
+          // ── SQL safety ────────────────────────────────────────────────────────
+          {
+            name: "no-delete-without-where",
+            tool: "*",
+            conditions: [
+              { field: "sql", op: "matches", value: "^(DELETE|UPDATE)\\s", flags: "i" },
+              { field: "sql", op: "notMatches", value: "\\bWHERE\\b", flags: "i" }
+            ],
+            conditionMode: "all",
+            verdict: "review",
+            reason: "DELETE/UPDATE without WHERE clause \u2014 would affect every row in the table"
+          },
+          {
+            name: "review-drop-truncate-shell",
+            tool: "bash",
+            conditions: [
+              {
+                field: "command",
+                op: "matches",
+                value: "\\b(DROP|TRUNCATE)\\s+(TABLE|DATABASE|SCHEMA|INDEX)",
+                flags: "i"
+              }
+            ],
+            conditionMode: "all",
+            verdict: "review",
+            reason: "SQL DDL destructive statement inside a shell command"
+          },
+          // ── Git safety ────────────────────────────────────────────────────────
+          {
+            name: "block-force-push",
+            tool: "bash",
+            conditions: [
+              {
+                field: "command",
+                op: "matches",
+                value: "git push.*(--force|--force-with-lease|-f\\b)",
+                flags: "i"
+              }
+            ],
+            conditionMode: "all",
+            verdict: "block",
+            reason: "Force push overwrites remote history and cannot be undone"
+          },
+          {
+            name: "review-git-push",
+            tool: "bash",
+            conditions: [{ field: "command", op: "matches", value: "^\\s*git\\s+push\\b", flags: "i" }],
+            conditionMode: "all",
+            verdict: "review",
+            reason: "git push sends changes to a shared remote"
+          },
+          {
+            name: "review-git-destructive",
+            tool: "bash",
+            conditions: [
+              {
+                field: "command",
+                op: "matches",
+                value: "git\\s+(reset\\s+--hard|clean\\s+-[fdxX]|rebase|tag\\s+-d|branch\\s+-[dD])",
+                flags: "i"
+              }
+            ],
+            conditionMode: "all",
+            verdict: "review",
+            reason: "Destructive git operation \u2014 discards history or working-tree changes"
+          },
+          // ── Shell safety ──────────────────────────────────────────────────────
+          {
+            name: "review-sudo",
+            tool: "bash",
+            conditions: [{ field: "command", op: "matches", value: "^\\s*sudo\\s", flags: "i" }],
+            conditionMode: "all",
+            verdict: "review",
+            reason: "Command requires elevated privileges"
+          },
+          {
+            name: "review-curl-pipe-shell",
+            tool: "bash",
+            conditions: [
+              {
+                field: "command",
+                op: "matches",
+                value: "(curl|wget)[^|]*\\|\\s*(ba|z|da|fi|c|k)?sh",
+                flags: "i"
+              }
+            ],
+            conditionMode: "all",
+            verdict: "block",
+            reason: "Piping remote script into a shell is a supply-chain attack vector"
+          }
+        ],
+        dlp: { enabled: true, scanIgnoredTools: true }
+      },
+      environments: {}
+    };
+    ADVISORY_SMART_RULES = [
+      {
+        name: "allow-rm-safe-paths",
+        tool: "*",
+        conditionMode: "all",
+        conditions: [
+          { field: "command", op: "matches", value: "(^|&&|\\|\\||;)\\s*rm\\b" },
+          {
+            field: "command",
+            op: "matches",
+            // Matches known-safe build artifact paths in the command.
+            value: "(node_modules|\\bdist\\b|\\.next|\\bcoverage\\b|\\.cache|\\btmp\\b|\\btemp\\b|\\.DS_Store)(\\/|\\s|$)"
+          }
+        ],
+        verdict: "allow",
+        reason: "Deleting a known-safe build artifact path"
+      },
+      {
+        name: "review-rm",
+        tool: "*",
+        conditions: [{ field: "command", op: "matches", value: "(^|&&|\\|\\||;)\\s*rm\\b" }],
+        verdict: "review",
+        reason: "rm can permanently delete files \u2014 confirm the target path"
       }
-      claudeConfig.mcpServers = servers;
-      writeJson(mcpPath, claudeConfig);
-      console.log(import_chalk3.default.green(`
-  \u2705 ${serversToWrap.length} MCP server(s) wrapped`));
-      anythingChanged = true;
-    } else {
-      console.log(import_chalk3.default.yellow("  Skipped MCP server wrapping."));
-    }
-    console.log("");
-  }
-  if (!anythingChanged && serversToWrap.length === 0) {
-    console.log(import_chalk3.default.blue("\u2139\uFE0F  Node9 is already fully configured for Claude Code."));
-    printDaemonTip();
-    return;
-  }
-  if (anythingChanged) {
-    console.log(import_chalk3.default.green.bold("\u{1F6E1}\uFE0F  Node9 is now protecting Claude Code!"));
-    console.log(import_chalk3.default.gray("    Restart Claude Code for changes to take effect."));
-    printDaemonTip();
-  }
-}
-async function setupGemini() {
-  const homeDir2 = import_os2.default.homedir();
-  const settingsPath = import_path4.default.join(homeDir2, ".gemini", "settings.json");
-  const settings = readJson(settingsPath) ?? {};
-  const servers = settings.mcpServers ?? {};
-  let anythingChanged = false;
-  if (!settings.hooks) settings.hooks = {};
-  const hasBeforeHook = Array.isArray(settings.hooks.BeforeTool) && settings.hooks.BeforeTool.some(
-    (m) => m.hooks.some((h) => h.command?.includes("node9 check") || h.command?.includes("cli.js check"))
-  );
-  if (!hasBeforeHook) {
-    if (!settings.hooks.BeforeTool) settings.hooks.BeforeTool = [];
-    if (!Array.isArray(settings.hooks.BeforeTool)) settings.hooks.BeforeTool = [];
-    settings.hooks.BeforeTool.push({
-      matcher: ".*",
-      hooks: [
-        {
-          name: "node9-check",
-          type: "command",
-          command: fullPathCommand("check"),
-          timeout: 6e5
-        }
-      ]
-    });
-    console.log(import_chalk3.default.green("  \u2705 BeforeTool hook added \u2192 node9 check"));
-    anythingChanged = true;
-  }
-  const hasAfterHook = Array.isArray(settings.hooks.AfterTool) && settings.hooks.AfterTool.some(
-    (m) => m.hooks.some((h) => h.command?.includes("node9 log") || h.command?.includes("cli.js log"))
-  );
-  if (!hasAfterHook) {
-    if (!settings.hooks.AfterTool) settings.hooks.AfterTool = [];
-    if (!Array.isArray(settings.hooks.AfterTool)) settings.hooks.AfterTool = [];
-    settings.hooks.AfterTool.push({
-      matcher: ".*",
-      hooks: [{ name: "node9-log", type: "command", command: fullPathCommand("log") }]
-    });
-    console.log(import_chalk3.default.green("  \u2705 AfterTool hook added  \u2192 node9 log"));
-    anythingChanged = true;
-  }
-  if (anythingChanged) {
-    writeJson(settingsPath, settings);
-    console.log("");
-  }
-  const serversToWrap = [];
-  for (const [name, server] of Object.entries(servers)) {
-    if (!server.command || server.command === "node9") continue;
-    const parts = [server.command, ...server.args ?? []];
-    serversToWrap.push({ name, originalCmd: parts.join(" "), parts });
+    ];
+    cachedConfig = null;
+    DAEMON_PORT = 7391;
+    DAEMON_HOST = "127.0.0.1";
+    ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path4.default.join(import_os2.default.tmpdir(), "node9-activity.sock");
   }
-  if (serversToWrap.length > 0) {
-    console.log(import_chalk3.default.bold("The following existing entries will be modified:\n"));
-    console.log(import_chalk3.default.white(`  ${settingsPath}  (mcpServers)`));
-    for (const { name, originalCmd } of serversToWrap) {
-      console.log(import_chalk3.default.gray(`    \u2022 ${name}: "${originalCmd}" \u2192 node9 ${originalCmd}`));
-    }
-    console.log("");
-    const proceed = await (0, import_prompts2.confirm)({ message: "Wrap these MCP servers?", default: true });
-    if (proceed) {
-      for (const { name, parts } of serversToWrap) {
-        servers[name] = { ...servers[name], command: "node9", args: parts };
-      }
-      settings.mcpServers = servers;
-      writeJson(settingsPath, settings);
-      console.log(import_chalk3.default.green(`
-  \u2705 ${serversToWrap.length} MCP server(s) wrapped`));
-      anythingChanged = true;
-    } else {
-      console.log(import_chalk3.default.yellow("  Skipped MCP server wrapping."));
-    }
-    console.log("");
-  }
-  if (!anythingChanged && serversToWrap.length === 0) {
-    console.log(import_chalk3.default.blue("\u2139\uFE0F  Node9 is already fully configured for Gemini CLI."));
-    printDaemonTip();
-    return;
-  }
-  if (anythingChanged) {
-    console.log(import_chalk3.default.green.bold("\u{1F6E1}\uFE0F  Node9 is now protecting Gemini CLI!"));
-    console.log(import_chalk3.default.gray("    Restart Gemini CLI for changes to take effect."));
-    printDaemonTip();
-  }
-}
-async function setupCursor() {
-  const homeDir2 = import_os2.default.homedir();
-  const mcpPath = import_path4.default.join(homeDir2, ".cursor", "mcp.json");
-  const hooksPath = import_path4.default.join(homeDir2, ".cursor", "hooks.json");
-  const mcpConfig = readJson(mcpPath) ?? {};
-  const hooksFile = readJson(hooksPath) ?? { version: 1 };
-  const servers = mcpConfig.mcpServers ?? {};
-  let anythingChanged = false;
-  if (!hooksFile.hooks) hooksFile.hooks = {};
-  const hasPreHook = hooksFile.hooks.preToolUse?.some(
-    (h) => h.command === "node9" && h.args?.includes("check") || h.command?.includes("cli.js")
-  );
-  if (!hasPreHook) {
-    if (!hooksFile.hooks.preToolUse) hooksFile.hooks.preToolUse = [];
-    hooksFile.hooks.preToolUse.push({ command: fullPathCommand("check") });
-    console.log(import_chalk3.default.green("  \u2705 preToolUse hook added \u2192 node9 check"));
-    anythingChanged = true;
-  }
-  const hasPostHook = hooksFile.hooks.postToolUse?.some(
-    (h) => h.command === "node9" && h.args?.includes("log") || h.command?.includes("cli.js")
-  );
-  if (!hasPostHook) {
-    if (!hooksFile.hooks.postToolUse) hooksFile.hooks.postToolUse = [];
-    hooksFile.hooks.postToolUse.push({ command: fullPathCommand("log") });
-    console.log(import_chalk3.default.green("  \u2705 postToolUse hook added \u2192 node9 log"));
-    anythingChanged = true;
-  }
-  if (anythingChanged) {
-    writeJson(hooksPath, hooksFile);
-    console.log("");
-  }
-  const serversToWrap = [];
-  for (const [name, server] of Object.entries(servers)) {
-    if (!server.command || server.command === "node9") continue;
-    const parts = [server.command, ...server.args ?? []];
-    serversToWrap.push({ name, originalCmd: parts.join(" "), parts });
-  }
-  if (serversToWrap.length > 0) {
-    console.log(import_chalk3.default.bold("The following existing entries will be modified:\n"));
-    console.log(import_chalk3.default.white(`  ${mcpPath}`));
-    for (const { name, originalCmd } of serversToWrap) {
-      console.log(import_chalk3.default.gray(`    \u2022 ${name}: "${originalCmd}" \u2192 node9 ${originalCmd}`));
-    }
-    console.log("");
-    const proceed = await (0, import_prompts2.confirm)({ message: "Wrap these MCP servers?", default: true });
-    if (proceed) {
-      for (const { name, parts } of serversToWrap) {
-        servers[name] = { ...servers[name], command: "node9", args: parts };
-      }
-      mcpConfig.mcpServers = servers;
-      writeJson(mcpPath, mcpConfig);
-      console.log(import_chalk3.default.green(`
-  \u2705 ${serversToWrap.length} MCP server(s) wrapped`));
-      anythingChanged = true;
-    } else {
-      console.log(import_chalk3.default.yellow("  Skipped MCP server wrapping."));
-    }
-    console.log("");
-  }
-  if (!anythingChanged && serversToWrap.length === 0) {
-    console.log(import_chalk3.default.blue("\u2139\uFE0F  Node9 is already fully configured for Cursor."));
-    printDaemonTip();
-    return;
-  }
-  if (anythingChanged) {
-    console.log(import_chalk3.default.green.bold("\u{1F6E1}\uFE0F  Node9 is now protecting Cursor!"));
-    console.log(import_chalk3.default.gray("    Restart Cursor for changes to take effect."));
-    printDaemonTip();
-  }
-}
-
-// src/daemon/ui.html
-var ui_default = `<!doctype html>
-<html lang="en">
-  <head>
-    <meta charset="UTF-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1" />
-    <title>Node9 Security Guard</title>
-    <style>
-      @import url('https://fonts.googleapis.com/css2?family=Inter:wght@400;600;700&family=Fira+Code:wght@400;500&display=swap');
-      :root {
-        --bg: #0a0c10;
-        --card: #1c2128;
-        --panel: #161b22;
-        --border: #30363d;
-        --text: #adbac7;
-        --text-bright: #cdd9e5;
-        --muted: #768390;
-        --primary: #f0883e;
-        --success: #347d39;
-        --danger: #c93c37;
-        --accent: #539bf5;
+});
+
+// src/daemon/ui.html
+var ui_default;
+var init_ui = __esm({
+  "src/daemon/ui.html"() {
+    ui_default = `<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <title>Node9 Security Guard</title>
+    <style>
+      @import url('https://fonts.googleapis.com/css2?family=Inter:wght@400;600;700&family=Fira+Code:wght@400;500&display=swap');
+      :root {
+        --bg: #0a0c10;
+        --card: #1c2128;
+        --panel: #161b22;
+        --border: #30363d;
+        --text: #adbac7;
+        --text-bright: #cdd9e5;
+        --muted: #768390;
+        --primary: #f0883e;
+        --success: #347d39;
+        --danger: #c93c37;
+        --accent: #539bf5;
       }
       * {
         box-sizing: border-box;
         margin: 0;
         padding: 0;
       }
+      html,
+      body {
+        height: 100%;
+        overflow: hidden;
+      }
       body {
         background: var(--bg);
         color: var(--text);
@@ -2386,16 +2518,17 @@ var ui_default = `<!doctype html>
           'Inter',
           -apple-system,
           sans-serif;
-        min-height: 100vh;
       }
 
       .shell {
-        max-width: 1000px;
+        max-width: 1440px;
+        height: 100vh;
         margin: 0 auto;
-        padding: 32px 24px 48px;
+        padding: 16px 20px 16px;
         display: grid;
         grid-template-rows: auto 1fr;
-        gap: 24px;
+        gap: 16px;
+        overflow: hidden;
       }
       header {
         display: flex;
@@ -2432,9 +2565,10 @@ var ui_default = `<!doctype html>
 
       .body {
         display: grid;
-        grid-template-columns: 1fr 272px;
-        gap: 20px;
-        align-items: start;
+        grid-template-columns: 360px 1fr 270px;
+        gap: 16px;
+        min-height: 0;
+        overflow: hidden;
       }
 
       .warning-banner {
@@ -2454,6 +2588,10 @@ var ui_default = `<!doctype html>
 
       .main {
         min-width: 0;
+        min-height: 0;
+        overflow-y: auto;
+        scrollbar-width: thin;
+        scrollbar-color: var(--border) transparent;
       }
       .section-title {
         font-size: 11px;
@@ -2484,14 +2622,64 @@ var ui_default = `<!doctype html>
         background: var(--card);
         border: 1px solid var(--border);
         border-radius: 14px;
-        padding: 24px;
-        margin-bottom: 16px;
+        padding: 20px;
+        margin-bottom: 14px;
         box-shadow: 0 8px 24px rgba(0, 0, 0, 0.3);
         animation: pop 0.35s cubic-bezier(0.175, 0.885, 0.32, 1.275);
       }
       .card.slack-viewer {
         border-color: rgba(83, 155, 245, 0.3);
       }
+      .card-header {
+        display: flex;
+        align-items: center;
+        gap: 8px;
+        margin-bottom: 12px;
+        padding-bottom: 12px;
+        border-bottom: 1px solid var(--border);
+      }
+      .card-header-icon {
+        font-size: 16px;
+      }
+      .card-header-title {
+        font-size: 12px;
+        font-weight: 700;
+        color: var(--text-bright);
+        text-transform: uppercase;
+        letter-spacing: 0.5px;
+      }
+      .card-timer {
+        margin-left: auto;
+        font-size: 11px;
+        font-family: 'Fira Code', monospace;
+        color: var(--muted);
+        background: rgba(48, 54, 61, 0.6);
+        padding: 2px 8px;
+        border-radius: 5px;
+      }
+      .card-timer.urgent {
+        color: var(--danger);
+        background: rgba(201, 60, 55, 0.1);
+      }
+      .btn-allow {
+        background: var(--success);
+        color: #fff;
+        grid-column: span 2;
+        font-size: 14px;
+        padding: 13px 14px;
+      }
+      .btn-deny {
+        background: rgba(201, 60, 55, 0.15);
+        color: #e5534b;
+        border: 1px solid rgba(201, 60, 55, 0.3);
+        grid-column: span 2;
+      }
+      .btn-deny:hover:not(:disabled) {
+        background: var(--danger);
+        color: #fff;
+        border-color: transparent;
+        filter: none;
+      }
       @keyframes pop {
         from {
           opacity: 0;
@@ -2699,24 +2887,178 @@ var ui_default = `<!doctype html>
         cursor: not-allowed;
       }
 
+      .flight-col {
+        display: flex;
+        flex-direction: column;
+        min-height: 0;
+        overflow: hidden;
+      }
+      .flight-panel {
+        flex: 1;
+        min-height: 0;
+        display: flex;
+        flex-direction: column;
+        overflow: hidden;
+      }
       .sidebar {
         display: flex;
         flex-direction: column;
         gap: 12px;
-        position: sticky;
-        top: 24px;
+        min-height: 0;
+        overflow-y: auto;
+        scrollbar-width: thin;
+        scrollbar-color: var(--border) transparent;
       }
       .panel {
         background: var(--panel);
         border: 1px solid var(--border);
         border-radius: 12px;
-        padding: 16px;
+        padding: 14px;
+      }
+      /* \u2500\u2500 Flight Recorder \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+      #activity-feed {
+        display: flex;
+        flex-direction: column;
+        gap: 4px;
+        margin-top: 4px;
+        flex: 1;
+        min-height: 0;
+        overflow-y: auto;
+        scrollbar-width: thin;
+        scrollbar-color: var(--border) transparent;
+      }
+      .feed-row {
+        display: grid;
+        grid-template-columns: 58px 20px 1fr 48px;
+        align-items: start;
+        gap: 6px;
+        background: rgba(22, 27, 34, 0.6);
+        border: 1px solid var(--border);
+        padding: 7px 10px;
+        border-radius: 7px;
+        font-size: 11px;
+        animation: frSlideIn 0.15s ease-out;
+        transition: background 0.1s;
+        cursor: default;
+      }
+      .feed-row:hover {
+        background: rgba(30, 38, 48, 0.9);
+        border-color: rgba(83, 155, 245, 0.2);
+      }
+      @keyframes frSlideIn {
+        from {
+          opacity: 0;
+          transform: translateX(-4px);
+        }
+        to {
+          opacity: 1;
+          transform: none;
+        }
+      }
+      .feed-ts {
+        color: var(--muted);
+        font-family: monospace;
+        font-size: 9px;
+      }
+      .feed-icon {
+        text-align: center;
+        font-size: 13px;
+      }
+      .feed-content {
+        min-width: 0;
+        color: var(--text-bright);
+        word-break: break-all;
+      }
+      .feed-args {
+        display: block;
+        color: var(--muted);
+        font-family: monospace;
+        margin-top: 2px;
+        font-size: 10px;
+        word-break: break-all;
+      }
+      .feed-badge {
+        text-align: right;
+        font-weight: 700;
+        font-size: 9px;
+        letter-spacing: 0.03em;
+      }
+      .fr-pending {
+        color: var(--muted);
+      }
+      .fr-allow {
+        color: #57ab5a;
+      }
+      .fr-block {
+        color: var(--danger);
+      }
+      .fr-dlp {
+        color: var(--primary);
+        animation: frBlink 1s infinite;
+      }
+      @keyframes frBlink {
+        50% {
+          opacity: 0.4;
+        }
+      }
+      .fr-dlp-row {
+        border-color: var(--primary) !important;
+      }
+      .feed-clear-btn {
+        background: transparent;
+        border: none;
+        color: var(--muted);
+        font-size: 10px;
+        padding: 0;
+        cursor: pointer;
+        margin-left: auto;
+        font-family: inherit;
+        font-weight: 500;
+        transition: color 0.15s;
+      }
+      .feed-clear-btn:hover {
+        color: var(--text);
+        filter: none;
+        transform: none;
+      }
+      /* \u2500\u2500 Shields \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+      .shield-row {
+        display: flex;
+        align-items: flex-start;
+        gap: 10px;
+        padding: 8px 0;
+        border-bottom: 1px solid var(--border);
+      }
+      .shield-row:last-child {
+        border-bottom: none;
+        padding-bottom: 0;
+      }
+      .shield-row:first-child {
+        padding-top: 0;
+      }
+      .shield-info {
+        flex: 1;
+        min-width: 0;
+      }
+      .shield-name {
+        font-size: 12px;
+        color: var(--text-bright);
+        font-weight: 600;
+        font-family: 'Fira Code', monospace;
+      }
+      .shield-desc {
+        font-size: 10px;
+        color: var(--muted);
+        margin-top: 2px;
+        line-height: 1.4;
       }
+
       .panel-title {
         font-size: 12px;
         font-weight: 700;
         color: var(--text-bright);
         margin-bottom: 12px;
+        flex-shrink: 0;
         display: flex;
         align-items: center;
         gap: 6px;
@@ -2724,8 +3066,8 @@ var ui_default = `<!doctype html>
       .setting-row {
         display: flex;
         align-items: flex-start;
-        gap: 12px;
-        margin-bottom: 12px;
+        gap: 10px;
+        margin-bottom: 8px;
       }
       .setting-row:last-child {
         margin-bottom: 0;
@@ -2734,20 +3076,21 @@ var ui_default = `<!doctype html>
         flex: 1;
       }
       .setting-label {
-        font-size: 12px;
+        font-size: 11px;
         color: var(--text-bright);
-        margin-bottom: 3px;
+        margin-bottom: 2px;
+        font-weight: 600;
       }
       .setting-desc {
-        font-size: 11px;
+        font-size: 10px;
         color: var(--muted);
-        line-height: 1.5;
+        line-height: 1.4;
       }
       .toggle {
         position: relative;
         display: inline-block;
-        width: 40px;
-        height: 22px;
+        width: 34px;
+        height: 19px;
         flex-shrink: 0;
         margin-top: 1px;
       }
@@ -2767,8 +3110,8 @@ var ui_default = `<!doctype html>
       .slider:before {
         content: '';
         position: absolute;
-        width: 16px;
-        height: 16px;
+        width: 13px;
+        height: 13px;
         left: 3px;
         bottom: 3px;
         background: #fff;
@@ -2779,7 +3122,7 @@ var ui_default = `<!doctype html>
         background: var(--success);
       }
       input:checked + .slider:before {
-        transform: translateX(18px);
+        transform: translateX(15px);
       }
       input:disabled + .slider {
         opacity: 0.4;
@@ -2938,12 +3281,17 @@ var ui_default = `<!doctype html>
         border: 1px solid var(--border);
       }
 
-      @media (max-width: 680px) {
+      @media (max-width: 960px) {
         .body {
-          grid-template-columns: 1fr;
+          grid-template-columns: 1fr 220px;
         }
-        .sidebar {
-          position: static;
+        .flight-col {
+          display: none;
+        }
+      }
+      @media (max-width: 640px) {
+        .body {
+          grid-template-columns: 1fr;
         }
       }
     </style>
@@ -2957,6 +3305,19 @@ var ui_default = `<!doctype html>
       </header>
 
       <div class="body">
+        <div class="flight-col">
+          <div class="panel flight-panel">
+            <div class="panel-title">
+              \u{1F6F0}\uFE0F Flight Recorder
+              <span style="font-weight: 400; color: var(--muted); font-size: 11px">live</span>
+              <button class="feed-clear-btn" onclick="clearFeed()">clear</button>
+            </div>
+            <div id="activity-feed">
+              <span class="decisions-empty">Waiting for agent activity\u2026</span>
+            </div>
+          </div>
+        </div>
+
         <div class="main">
           <div id="warnBanner" class="warning-banner">
             \u26A0\uFE0F Auto-start is off \u2014 daemon started manually. Run "node9 daemon stop" to stop it, or
@@ -3037,6 +3398,11 @@ var ui_default = `<!doctype html>
             <div id="slackStatusLine" class="slack-status-line">No key saved</div>
           </div>
 
+          <div class="panel">
+            <div class="panel-title">\u{1F6E1}\uFE0F Active Shields</div>
+            <div id="shieldsList"><span class="decisions-empty">Loading\u2026</span></div>
+          </div>
+
           <div class="panel">
             <div class="panel-title">\u{1F4CB} Persistent Decisions</div>
             <div id="decisionsList"><span class="decisions-empty">None yet.</span></div>
@@ -3082,14 +3448,23 @@ var ui_default = `<!doctype html>
 
       function updateDenyButton(id, timestamp) {
         const btn = document.querySelector('#c-' + id + ' .btn-deny');
+        const timer = document.querySelector('#timer-' + id);
         if (!btn) return;
         const elapsed = Date.now() - timestamp;
         const remaining = Math.max(0, Math.ceil((autoDenyMs - elapsed) / 1000));
         if (remaining <= 0) {
-          btn.textContent = 'Auto-Denying...';
+          btn.textContent = '\u23F3 Auto-Denying\u2026';
           btn.disabled = true;
+          if (timer) {
+            timer.textContent = 'auto-deny';
+            timer.className = 'card-timer urgent';
+          }
         } else {
-          btn.textContent = 'Block Action (' + remaining + 's)';
+          btn.textContent = '\u{1F6AB} Block this Action';
+          if (timer) {
+            timer.textContent = remaining + 's';
+            timer.className = 'card-timer' + (remaining < 15 ? ' urgent' : '');
+          }
           setTimeout(() => updateDenyButton(id, timestamp), 1000);
         }
       }
@@ -3105,34 +3480,61 @@ var ui_default = `<!doctype html>
         empty.style.display = requests.size === 0 ? 'block' : 'none';
       }
 
-      function sendDecision(id, decision, persist) {
+      function setCardBusy(card, busy) {
+        if (!card) return;
+        card.querySelectorAll('button').forEach((b) => (b.disabled = busy));
+        card.style.opacity = busy ? '0.5' : '1';
+      }
+
+      function showCardError(card, msg) {
+        if (!card) return;
+        card.style.outline = '2px solid #f87171';
+        let err = card.querySelector('.card-error');
+        if (!err) {
+          err = document.createElement('p');
+          err.className = 'card-error';
+          err.style.cssText = 'color:#f87171;font-size:11px;margin:6px 0 0;';
+          card.appendChild(err);
+        }
+        err.textContent = '\u26A0 ' + msg + ' \u2014 please try again or refresh.';
+      }
+
+      async function sendDecision(id, decision, persist) {
         const card = document.getElementById('c-' + id);
-        if (card) card.style.opacity = '0.5';
-        fetch('/decision/' + id, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json', 'X-Node9-Token': CSRF_TOKEN },
-          body: JSON.stringify({ decision, persist: !!persist }),
-        });
-        setTimeout(() => {
+        setCardBusy(card, true);
+        try {
+          const res = await fetch('/decision/' + id, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json', 'X-Node9-Token': CSRF_TOKEN },
+            body: JSON.stringify({ decision, persist: !!persist }),
+          });
+          if (!res.ok) throw new Error('Request failed (HTTP ' + res.status + ')');
           card?.remove();
           requests.delete(id);
           refresh();
-        }, 200);
+        } catch (err) {
+          setCardBusy(card, false);
+          showCardError(card, err.message || 'Network error');
+        }
       }
 
-      function sendTrust(id, duration) {
+      async function sendTrust(id, duration) {
         const card = document.getElementById('c-' + id);
-        if (card) card.style.opacity = '0.5';
-        fetch('/decision/' + id, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json', 'X-Node9-Token': CSRF_TOKEN },
-          body: JSON.stringify({ decision: 'trust', trustDuration: duration }),
-        });
-        setTimeout(() => {
+        setCardBusy(card, true);
+        try {
+          const res = await fetch('/decision/' + id, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json', 'X-Node9-Token': CSRF_TOKEN },
+            body: JSON.stringify({ decision: 'trust', trustDuration: duration }),
+          });
+          if (!res.ok) throw new Error('Request failed (HTTP ' + res.status + ')');
           card?.remove();
           requests.delete(id);
           refresh();
-        }, 200);
+        } catch (err) {
+          setCardBusy(card, false);
+          showCardError(card, err.message || 'Network error');
+        }
       }
 
       function renderPayload(req) {
@@ -3183,16 +3585,21 @@ var ui_default = `<!doctype html>
         const mcpLabel = req.mcpServer ? esc(req.mcpServer) : null;
         const dis = isSlack ? 'disabled' : '';
         card.innerHTML = \`
+        <div class="card-header">
+          <span class="card-header-icon">\${isSlack ? '\u26A1' : '\u26A0\uFE0F'}</span>
+          <span class="card-header-title">\${isSlack ? 'Awaiting Cloud Approval' : 'Action Required'}</span>
+          <span class="card-timer" id="timer-\${req.id}">\${autoDenyMs > 0 ? Math.ceil(autoDenyMs / 1000) + 's' : ''}</span>
+        </div>
         <div class="source-row">
           <span class="agent-badge">\${agentLabel}</span>
           \${mcpLabel ? \`<span class="source-arrow">\u2192</span><span class="mcp-badge">mcp::\${mcpLabel}</span>\` : ''}
         </div>
         <div class="tool-chip">\${esc(req.toolName)}</div>
-        \${isSlack ? '<div class="slack-indicator">\u26A1 Awaiting Slack approval \u2014 view only</div>' : ''}
+        \${isSlack ? '<div class="slack-indicator">\u26A1 Awaiting Cloud approval \u2014 view only</div>' : ''}
         \${renderPayload(req)}
         <div class="actions" id="act-\${req.id}">
-          <button class="btn-allow" onclick="sendDecision('\${req.id}','allow',false)" \${dis}>Approve Execution</button>
-          <button class="btn-deny"  onclick="sendDecision('\${req.id}','deny',false)"  \${dis}>Block Action</button>
+          <button class="btn-allow" onclick="sendDecision('\${req.id}','allow',false)" \${dis}>\u2705 Allow this Action</button>
+          <button class="btn-deny"  onclick="sendDecision('\${req.id}','deny',false)"  \${dis}>\u{1F6AB} Block this Action</button>
           <div class="trust-row\${trustEnabled ? ' show' : ''}" id="tr-\${req.id}">
             <button class="btn-trust" onclick="sendTrust('\${req.id}','30m')" \${dis}>\u23F1 Trust 30m</button>
             <button class="btn-trust" onclick="sendTrust('\${req.id}','1h')"  \${dis}>\u23F1 Trust 1h</button>
@@ -3252,9 +3659,84 @@ var ui_default = `<!doctype html>
         ev.addEventListener('slack-status', (e) => {
           applySlackStatus(JSON.parse(e.data));
         });
+        ev.addEventListener('shields-status', (e) => {
+          renderShields(JSON.parse(e.data).shields);
+        });
+
+        // \u2500\u2500 Flight Recorder \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+        ev.addEventListener('activity', (e) => {
+          const data = JSON.parse(e.data);
+          const feed = document.getElementById('activity-feed');
+          // Remove placeholder on first item
+          const placeholder = feed.querySelector('.decisions-empty');
+          if (placeholder) placeholder.remove();
+
+          const time = new Date(data.ts).toLocaleTimeString([], {
+            hour12: false,
+            hour: '2-digit',
+            minute: '2-digit',
+            second: '2-digit',
+          });
+          const icon = frIcon(data.tool);
+          const argsStr = JSON.stringify(data.args ?? {});
+          const argsPreview = esc(argsStr.length > 120 ? argsStr.slice(0, 120) + '\u2026' : argsStr);
+
+          const row = document.createElement('div');
+          row.className = 'feed-row';
+          row.id = 'fr-' + data.id;
+          row.innerHTML = \`
+            <span class="feed-ts">\${time}</span>
+            <span class="feed-icon">\${icon}</span>
+            <span class="feed-content"><strong>\${esc(data.tool)}</strong><span class="feed-args">\${argsPreview}</span></span>
+            <span class="feed-badge fr-pending">\u25CF</span>
+          \`;
+          feed.prepend(row);
+          if (feed.children.length > 100) feed.lastChild.remove();
+        });
+
+        ev.addEventListener('activity-result', (e) => {
+          const { id, status, label } = JSON.parse(e.data);
+          const row = document.getElementById('fr-' + id);
+          if (!row) return;
+          const badge = row.querySelector('.feed-badge');
+          if (status === 'allow') {
+            badge.textContent = 'ALLOW';
+            badge.className = 'feed-badge fr-allow';
+          } else if (status === 'dlp') {
+            badge.textContent = '\u{1F6E1}\uFE0F DLP';
+            badge.className = 'feed-badge fr-dlp';
+            row.classList.add('fr-dlp-row');
+          } else {
+            badge.textContent = 'BLOCK';
+            badge.className = 'feed-badge fr-block';
+          }
+        });
       }
       connect();
 
+      const FR_ICONS = {
+        bash: '\u{1F4BB}',
+        read: '\u{1F4D6}',
+        edit: '\u270F\uFE0F',
+        write: '\u270F\uFE0F',
+        glob: '\u{1F4C2}',
+        grep: '\u{1F50D}',
+        agent: '\u{1F916}',
+        search: '\u{1F50D}',
+        sql: '\u{1F5C4}\uFE0F',
+        query: '\u{1F5C4}\uFE0F',
+        list: '\u{1F4C2}',
+        delete: '\u{1F5D1}\uFE0F',
+        web: '\u{1F310}',
+      };
+      function frIcon(tool) {
+        const t = (tool || '').toLowerCase();
+        for (const [k, v] of Object.entries(FR_ICONS)) {
+          if (t.includes(k)) return v;
+        }
+        return '\u{1F6E0}\uFE0F';
+      }
+
       function saveSetting(key, value) {
         fetch('/settings', {
           method: 'POST',
@@ -3344,6 +3826,49 @@ var ui_default = `<!doctype html>
         }
       }
 
+      function clearFeed() {
+        const feed = document.getElementById('activity-feed');
+        feed.innerHTML = '<span class="decisions-empty">Feed cleared.</span>';
+      }
+
+      function renderShields(shields) {
+        const list = document.getElementById('shieldsList');
+        if (!shields || shields.length === 0) {
+          list.innerHTML = '<span class="decisions-empty">No shields available.</span>';
+          return;
+        }
+        list.innerHTML = shields
+          .map(
+            (s) => \`
+          <div class="shield-row">
+            <div class="shield-info">
+              <div class="shield-name">\${esc(s.name)}</div>
+              <div class="shield-desc">\${esc(s.description)}</div>
+            </div>
+            <label class="toggle">
+              <input type="checkbox" \${s.active ? 'checked' : ''}
+                onchange="toggleShield('\${esc(s.name)}', this.checked)" />
+              <span class="slider"></span>
+            </label>
+          </div>
+        \`
+          )
+          .join('');
+      }
+
+      function toggleShield(name, active) {
+        fetch('/shields', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json', 'X-Node9-Token': CSRF_TOKEN },
+          body: JSON.stringify({ name, active }),
+        }).catch(() => {});
+      }
+
+      fetch('/shields')
+        .then((r) => r.json())
+        .then(({ shields }) => renderShields(shields))
+        .catch(() => {});
+
       function renderDecisions(decisions) {
         const dl = document.getElementById('decisionsList');
         const entries = Object.entries(decisions);
@@ -3390,40 +3915,33 @@ var ui_default = `<!doctype html>
   </body>
 </html>
 `;
+  }
+});
 
 // src/daemon/ui.ts
-var UI_HTML_TEMPLATE = ui_default;
+var UI_HTML_TEMPLATE;
+var init_ui2 = __esm({
+  "src/daemon/ui.ts"() {
+    "use strict";
+    init_ui();
+    UI_HTML_TEMPLATE = ui_default;
+  }
+});
 
 // src/daemon/index.ts
-var import_http = __toESM(require("http"));
-var import_fs3 = __toESM(require("fs"));
-var import_path5 = __toESM(require("path"));
-var import_os3 = __toESM(require("os"));
-var import_child_process2 = require("child_process");
-var import_crypto = require("crypto");
-var import_chalk4 = __toESM(require("chalk"));
-var DAEMON_PORT2 = 7391;
-var DAEMON_HOST2 = "127.0.0.1";
-var homeDir = import_os3.default.homedir();
-var DAEMON_PID_FILE = import_path5.default.join(homeDir, ".node9", "daemon.pid");
-var DECISIONS_FILE = import_path5.default.join(homeDir, ".node9", "decisions.json");
-var GLOBAL_CONFIG_FILE = import_path5.default.join(homeDir, ".node9", "config.json");
-var CREDENTIALS_FILE = import_path5.default.join(homeDir, ".node9", "credentials.json");
-var AUDIT_LOG_FILE = import_path5.default.join(homeDir, ".node9", "audit.log");
-var TRUST_FILE2 = import_path5.default.join(homeDir, ".node9", "trust.json");
 function atomicWriteSync2(filePath, data, options) {
-  const dir = import_path5.default.dirname(filePath);
-  if (!import_fs3.default.existsSync(dir)) import_fs3.default.mkdirSync(dir, { recursive: true });
-  const tmpPath = `${filePath}.${(0, import_crypto.randomUUID)()}.tmp`;
-  import_fs3.default.writeFileSync(tmpPath, data, options);
-  import_fs3.default.renameSync(tmpPath, filePath);
+  const dir = import_path6.default.dirname(filePath);
+  if (!import_fs4.default.existsSync(dir)) import_fs4.default.mkdirSync(dir, { recursive: true });
+  const tmpPath = `${filePath}.${(0, import_crypto3.randomUUID)()}.tmp`;
+  import_fs4.default.writeFileSync(tmpPath, data, options);
+  import_fs4.default.renameSync(tmpPath, filePath);
 }
 function writeTrustEntry(toolName, durationMs) {
   try {
     let trust = { entries: [] };
     try {
-      if (import_fs3.default.existsSync(TRUST_FILE2))
-        trust = JSON.parse(import_fs3.default.readFileSync(TRUST_FILE2, "utf-8"));
+      if (import_fs4.default.existsSync(TRUST_FILE2))
+        trust = JSON.parse(import_fs4.default.readFileSync(TRUST_FILE2, "utf-8"));
     } catch {
     }
     trust.entries = trust.entries.filter((e) => e.tool !== toolName && e.expiry > Date.now());
@@ -3432,12 +3950,6 @@ function writeTrustEntry(toolName, durationMs) {
   } catch {
   }
 }
-var TRUST_DURATIONS = {
-  "30m": 30 * 6e4,
-  "1h": 60 * 6e4,
-  "2h": 2 * 60 * 6e4
-};
-var SECRET_KEY_RE = /password|secret|token|key|apikey|credential|auth/i;
 function redactArgs(value) {
   if (!value || typeof value !== "object") return value;
   if (Array.isArray(value)) return value.map(redactArgs);
@@ -3456,41 +3968,39 @@ function appendAuditLog(data) {
       decision: data.decision,
       source: "daemon"
     };
-    const dir = import_path5.default.dirname(AUDIT_LOG_FILE);
-    if (!import_fs3.default.existsSync(dir)) import_fs3.default.mkdirSync(dir, { recursive: true });
-    import_fs3.default.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
+    const dir = import_path6.default.dirname(AUDIT_LOG_FILE);
+    if (!import_fs4.default.existsSync(dir)) import_fs4.default.mkdirSync(dir, { recursive: true });
+    import_fs4.default.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
   } catch {
   }
 }
 function getAuditHistory(limit = 20) {
   try {
-    if (!import_fs3.default.existsSync(AUDIT_LOG_FILE)) return [];
-    const lines = import_fs3.default.readFileSync(AUDIT_LOG_FILE, "utf-8").trim().split("\n");
+    if (!import_fs4.default.existsSync(AUDIT_LOG_FILE)) return [];
+    const lines = import_fs4.default.readFileSync(AUDIT_LOG_FILE, "utf-8").trim().split("\n");
     if (lines.length === 1 && lines[0] === "") return [];
     return lines.slice(-limit).map((l) => JSON.parse(l)).reverse();
   } catch {
     return [];
   }
 }
-var AUTO_DENY_MS = 12e4;
 function getOrgName() {
   try {
-    if (import_fs3.default.existsSync(CREDENTIALS_FILE)) {
+    if (import_fs4.default.existsSync(CREDENTIALS_FILE)) {
       return "Node9 Cloud";
     }
   } catch {
   }
   return null;
 }
-var autoStarted = process.env.NODE9_AUTO_STARTED === "1";
 function hasStoredSlackKey() {
-  return import_fs3.default.existsSync(CREDENTIALS_FILE);
+  return import_fs4.default.existsSync(CREDENTIALS_FILE);
 }
 function writeGlobalSetting(key, value) {
   let config = {};
   try {
-    if (import_fs3.default.existsSync(GLOBAL_CONFIG_FILE)) {
-      config = JSON.parse(import_fs3.default.readFileSync(GLOBAL_CONFIG_FILE, "utf-8"));
+    if (import_fs4.default.existsSync(GLOBAL_CONFIG_FILE)) {
+      config = JSON.parse(import_fs4.default.readFileSync(GLOBAL_CONFIG_FILE, "utf-8"));
     }
   } catch {
   }
@@ -3498,11 +4008,6 @@ function writeGlobalSetting(key, value) {
   config.settings[key] = value;
   atomicWriteSync2(GLOBAL_CONFIG_FILE, JSON.stringify(config, null, 2), { mode: 384 });
 }
-var pending = /* @__PURE__ */ new Map();
-var sseClients = /* @__PURE__ */ new Set();
-var abandonTimer = null;
-var daemonServer = null;
-var hadBrowserClient = false;
 function abandonPending() {
   abandonTimer = null;
   pending.forEach((entry, id) => {
@@ -3514,7 +4019,7 @@ function abandonPending() {
   });
   if (autoStarted) {
     try {
-      import_fs3.default.unlinkSync(DAEMON_PID_FILE);
+      import_fs4.default.unlinkSync(DAEMON_PID_FILE);
     } catch {
     }
     setTimeout(() => {
@@ -3524,6 +4029,18 @@ function abandonPending() {
   }
 }
 function broadcast(event, data) {
+  if (event === "activity") {
+    activityRing.push({ event, data });
+    if (activityRing.length > ACTIVITY_RING_SIZE) activityRing.shift();
+  } else if (event === "activity-result") {
+    const { id, status, label } = data;
+    for (let i = activityRing.length - 1; i >= 0; i--) {
+      if (activityRing[i].data.id === id) {
+        Object.assign(activityRing[i].data, { status, label });
+        break;
+      }
+    }
+  }
   const msg = `event: ${event}
 data: ${JSON.stringify(data)}
 
@@ -3552,8 +4069,8 @@ function readBody(req) {
 }
 function readPersistentDecisions() {
   try {
-    if (import_fs3.default.existsSync(DECISIONS_FILE)) {
-      return JSON.parse(import_fs3.default.readFileSync(DECISIONS_FILE, "utf-8"));
+    if (import_fs4.default.existsSync(DECISIONS_FILE)) {
+      return JSON.parse(import_fs4.default.readFileSync(DECISIONS_FILE, "utf-8"));
     }
   } catch {
   }
@@ -3569,18 +4086,20 @@ function writePersistentDecision(toolName, decision) {
   }
 }
 function startDaemon() {
-  const csrfToken = (0, import_crypto.randomUUID)();
-  const internalToken = (0, import_crypto.randomUUID)();
+  const csrfToken = (0, import_crypto3.randomUUID)();
+  const internalToken = (0, import_crypto3.randomUUID)();
   const UI_HTML = UI_HTML_TEMPLATE.replace("{{CSRF_TOKEN}}", csrfToken);
   const validToken = (req) => req.headers["x-node9-token"] === csrfToken;
   const IDLE_TIMEOUT_MS = 12 * 60 * 60 * 1e3;
+  const watchMode = process.env.NODE9_WATCH_MODE === "1";
   let idleTimer;
   function resetIdleTimer() {
+    if (watchMode) return;
     if (idleTimer) clearTimeout(idleTimer);
     idleTimer = setTimeout(() => {
       if (autoStarted) {
         try {
-          import_fs3.default.unlinkSync(DAEMON_PID_FILE);
+          import_fs4.default.unlinkSync(DAEMON_PID_FILE);
         } catch {
         }
       }
@@ -3630,6 +4149,12 @@ data: ${JSON.stringify({
 data: ${JSON.stringify(readPersistentDecisions())}
 
 `);
+      for (const item of activityRing) {
+        res.write(`event: ${item.event}
+data: ${JSON.stringify(item.data)}
+
+`);
+      }
       return req.on("close", () => {
         sseClients.delete(res);
         if (sseClients.size === 0 && pending.size > 0) {
@@ -3649,9 +4174,11 @@ data: ${JSON.stringify(readPersistentDecisions())}
           slackDelegated = false,
           agent,
           mcpServer,
-          riskMetadata
+          riskMetadata,
+          fromCLI = false,
+          activityId
         } = JSON.parse(body);
-        const id = (0, import_crypto.randomUUID)();
+        const id = fromCLI && typeof activityId === "string" && activityId || (0, import_crypto3.randomUUID)();
         const entry = {
           id,
           toolName,
@@ -3682,6 +4209,15 @@ data: ${JSON.stringify(readPersistentDecisions())}
           }, AUTO_DENY_MS)
         };
         pending.set(id, entry);
+        if (!fromCLI) {
+          broadcast("activity", {
+            id,
+            ts: entry.timestamp,
+            tool: toolName,
+            args: redactArgs(args),
+            status: "pending"
+          });
+        }
         const browserEnabled = getConfig().settings.approvers?.browser !== false;
         if (browserEnabled) {
           broadcast("add", {
@@ -3711,6 +4247,11 @@ data: ${JSON.stringify(readPersistentDecisions())}
           const e = pending.get(id);
           if (!e) return;
           if (result.noApprovalMechanism) return;
+          broadcast("activity-result", {
+            id,
+            status: result.approved ? "allow" : result.blockedByLabel?.includes("DLP") ? "dlp" : "block",
+            label: result.blockedByLabel
+          });
           clearTimeout(e.timer);
           const decision = result.approved ? "allow" : "deny";
           appendAuditLog({ toolName: e.toolName, args: e.args, decision });
@@ -3745,8 +4286,8 @@ data: ${JSON.stringify(readPersistentDecisions())}
       const entry = pending.get(id);
       if (!entry) return res.writeHead(404).end();
       if (entry.earlyDecision) {
+        clearTimeout(entry.timer);
         pending.delete(id);
-        broadcast("remove", { id });
         res.writeHead(200, { "Content-Type": "application/json" });
         const body = { decision: entry.earlyDecision };
         if (entry.earlyReason) body.reason = entry.earlyReason;
@@ -3776,10 +4317,15 @@ data: ${JSON.stringify(readPersistentDecisions())}
             decision: `trust:${trustDuration}`
           });
           clearTimeout(entry.timer);
-          if (entry.waiter) entry.waiter("allow");
-          else entry.earlyDecision = "allow";
-          pending.delete(id);
-          broadcast("remove", { id });
+          if (entry.waiter) {
+            entry.waiter("allow");
+            pending.delete(id);
+            broadcast("remove", { id });
+          } else {
+            entry.earlyDecision = "allow";
+            broadcast("remove", { id });
+            entry.timer = setTimeout(() => pending.delete(id), 3e4);
+          }
           res.writeHead(200);
           return res.end(JSON.stringify({ ok: true }));
         }
@@ -3791,13 +4337,16 @@ data: ${JSON.stringify(readPersistentDecisions())}
           decision: resolvedDecision
         });
         clearTimeout(entry.timer);
-        if (entry.waiter) entry.waiter(resolvedDecision, reason);
-        else {
+        if (entry.waiter) {
+          entry.waiter(resolvedDecision, reason);
+          pending.delete(id);
+          broadcast("remove", { id });
+        } else {
           entry.earlyDecision = resolvedDecision;
           entry.earlyReason = reason;
+          broadcast("remove", { id });
+          entry.timer = setTimeout(() => pending.delete(id), 3e4);
         }
-        pending.delete(id);
-        broadcast("remove", { id });
         res.writeHead(200);
         return res.end(JSON.stringify({ ok: true }));
       } catch {
@@ -3888,99 +4437,666 @@ data: ${JSON.stringify(readPersistentDecisions())}
         res.writeHead(400).end();
       }
     }
-    if (req.method === "GET" && pathname === "/audit") {
-      res.writeHead(200, { "Content-Type": "application/json" });
-      return res.end(JSON.stringify(getAuditHistory()));
+    if (req.method === "GET" && pathname === "/audit") {
+      res.writeHead(200, { "Content-Type": "application/json" });
+      return res.end(JSON.stringify(getAuditHistory()));
+    }
+    if (req.method === "GET" && pathname === "/shields") {
+      if (!validToken(req)) return res.writeHead(403).end();
+      const active = readActiveShields();
+      const shields = Object.values(SHIELDS).map((s) => ({
+        name: s.name,
+        description: s.description,
+        active: active.includes(s.name)
+      }));
+      res.writeHead(200, { "Content-Type": "application/json" });
+      return res.end(JSON.stringify({ shields }));
+    }
+    if (req.method === "POST" && pathname === "/shields") {
+      if (!validToken(req)) return res.writeHead(403).end();
+      try {
+        const { name, active } = JSON.parse(await readBody(req));
+        if (!SHIELDS[name]) return res.writeHead(400).end();
+        const current = readActiveShields();
+        const updated = active ? [.../* @__PURE__ */ new Set([...current, name])] : current.filter((n) => n !== name);
+        writeActiveShields(updated);
+        _resetConfigCache();
+        const shieldsPayload = Object.values(SHIELDS).map((s) => ({
+          name: s.name,
+          description: s.description,
+          active: updated.includes(s.name)
+        }));
+        broadcast("shields-status", { shields: shieldsPayload });
+        res.writeHead(200);
+        return res.end(JSON.stringify({ ok: true }));
+      } catch {
+        res.writeHead(400).end();
+      }
+    }
+    res.writeHead(404).end();
+  });
+  daemonServer = server;
+  server.on("error", (e) => {
+    if (e.code === "EADDRINUSE") {
+      try {
+        if (import_fs4.default.existsSync(DAEMON_PID_FILE)) {
+          const { pid } = JSON.parse(import_fs4.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
+          process.kill(pid, 0);
+          return process.exit(0);
+        }
+      } catch {
+        try {
+          import_fs4.default.unlinkSync(DAEMON_PID_FILE);
+        } catch {
+        }
+        server.listen(DAEMON_PORT2, DAEMON_HOST2);
+        return;
+      }
+    }
+    console.error(import_chalk4.default.red("\n\u{1F6D1} Node9 Daemon Error:"), e.message);
+    process.exit(1);
+  });
+  server.listen(DAEMON_PORT2, DAEMON_HOST2, () => {
+    atomicWriteSync2(
+      DAEMON_PID_FILE,
+      JSON.stringify({ pid: process.pid, port: DAEMON_PORT2, internalToken, autoStarted }),
+      { mode: 384 }
+    );
+    console.log(import_chalk4.default.green(`\u{1F6E1}\uFE0F  Node9 Guard LIVE: http://127.0.0.1:${DAEMON_PORT2}`));
+  });
+  if (watchMode) {
+    console.log(import_chalk4.default.cyan("\u{1F6F0}\uFE0F  Flight Recorder active \u2014 daemon will not idle-timeout"));
+  }
+  try {
+    import_fs4.default.unlinkSync(ACTIVITY_SOCKET_PATH2);
+  } catch {
+  }
+  const ACTIVITY_MAX_BYTES = 1024 * 1024;
+  const unixServer = import_net2.default.createServer((socket) => {
+    const chunks = [];
+    let bytesReceived = 0;
+    socket.on("data", (chunk) => {
+      bytesReceived += chunk.length;
+      if (bytesReceived > ACTIVITY_MAX_BYTES) {
+        socket.destroy();
+        return;
+      }
+      chunks.push(chunk);
+    });
+    socket.on("end", () => {
+      try {
+        const data = JSON.parse(Buffer.concat(chunks).toString());
+        if (data.status === "pending") {
+          broadcast("activity", {
+            id: data.id,
+            ts: data.ts,
+            tool: data.tool,
+            args: redactArgs(data.args),
+            status: "pending"
+          });
+        } else {
+          broadcast("activity-result", {
+            id: data.id,
+            status: data.status,
+            label: data.label
+          });
+        }
+      } catch {
+      }
+    });
+    socket.on("error", () => {
+    });
+  });
+  unixServer.listen(ACTIVITY_SOCKET_PATH2);
+  process.on("exit", () => {
+    try {
+      import_fs4.default.unlinkSync(ACTIVITY_SOCKET_PATH2);
+    } catch {
+    }
+  });
+}
+function stopDaemon() {
+  if (!import_fs4.default.existsSync(DAEMON_PID_FILE)) return console.log(import_chalk4.default.yellow("Not running."));
+  try {
+    const { pid } = JSON.parse(import_fs4.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
+    process.kill(pid, "SIGTERM");
+    console.log(import_chalk4.default.green("\u2705 Stopped."));
+  } catch {
+    console.log(import_chalk4.default.gray("Cleaned up stale PID file."));
+  } finally {
+    try {
+      import_fs4.default.unlinkSync(DAEMON_PID_FILE);
+    } catch {
+    }
+  }
+}
+function daemonStatus() {
+  if (!import_fs4.default.existsSync(DAEMON_PID_FILE))
+    return console.log(import_chalk4.default.yellow("Node9 daemon: not running"));
+  try {
+    const { pid } = JSON.parse(import_fs4.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
+    process.kill(pid, 0);
+    console.log(import_chalk4.default.green("Node9 daemon: running"));
+  } catch {
+    console.log(import_chalk4.default.yellow("Node9 daemon: not running (stale PID)"));
+  }
+}
+var import_http, import_net2, import_fs4, import_path6, import_os4, import_child_process2, import_crypto3, import_chalk4, ACTIVITY_SOCKET_PATH2, DAEMON_PORT2, DAEMON_HOST2, homeDir, DAEMON_PID_FILE, DECISIONS_FILE, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, TRUST_DURATIONS, SECRET_KEY_RE, AUTO_DENY_MS, autoStarted, pending, sseClients, abandonTimer, daemonServer, hadBrowserClient, ACTIVITY_RING_SIZE, activityRing;
+var init_daemon = __esm({
+  "src/daemon/index.ts"() {
+    "use strict";
+    init_ui2();
+    import_http = __toESM(require("http"));
+    import_net2 = __toESM(require("net"));
+    import_fs4 = __toESM(require("fs"));
+    import_path6 = __toESM(require("path"));
+    import_os4 = __toESM(require("os"));
+    import_child_process2 = require("child_process");
+    import_crypto3 = require("crypto");
+    import_chalk4 = __toESM(require("chalk"));
+    init_core();
+    init_shields();
+    ACTIVITY_SOCKET_PATH2 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path6.default.join(import_os4.default.tmpdir(), "node9-activity.sock");
+    DAEMON_PORT2 = 7391;
+    DAEMON_HOST2 = "127.0.0.1";
+    homeDir = import_os4.default.homedir();
+    DAEMON_PID_FILE = import_path6.default.join(homeDir, ".node9", "daemon.pid");
+    DECISIONS_FILE = import_path6.default.join(homeDir, ".node9", "decisions.json");
+    GLOBAL_CONFIG_FILE = import_path6.default.join(homeDir, ".node9", "config.json");
+    CREDENTIALS_FILE = import_path6.default.join(homeDir, ".node9", "credentials.json");
+    AUDIT_LOG_FILE = import_path6.default.join(homeDir, ".node9", "audit.log");
+    TRUST_FILE2 = import_path6.default.join(homeDir, ".node9", "trust.json");
+    TRUST_DURATIONS = {
+      "30m": 30 * 6e4,
+      "1h": 60 * 6e4,
+      "2h": 2 * 60 * 6e4
+    };
+    SECRET_KEY_RE = /password|secret|token|key|apikey|credential|auth/i;
+    AUTO_DENY_MS = 12e4;
+    autoStarted = process.env.NODE9_AUTO_STARTED === "1";
+    pending = /* @__PURE__ */ new Map();
+    sseClients = /* @__PURE__ */ new Set();
+    abandonTimer = null;
+    daemonServer = null;
+    hadBrowserClient = false;
+    ACTIVITY_RING_SIZE = 100;
+    activityRing = [];
+  }
+});
+
+// src/tui/tail.ts
+var tail_exports = {};
+__export(tail_exports, {
+  startTail: () => startTail
+});
+function getIcon(tool) {
+  const t = tool.toLowerCase();
+  for (const [k, v] of Object.entries(ICONS)) {
+    if (t.includes(k)) return v;
+  }
+  return "\u{1F6E0}\uFE0F";
+}
+function formatBase(activity) {
+  const time = new Date(activity.ts).toLocaleTimeString([], { hour12: false });
+  const icon = getIcon(activity.tool);
+  const toolName = activity.tool.slice(0, 16).padEnd(16);
+  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ");
+  const argsPreview = argsStr.length > 70 ? argsStr.slice(0, 70) + "\u2026" : argsStr;
+  return `${import_chalk5.default.gray(time)} ${icon} ${import_chalk5.default.white.bold(toolName)} ${import_chalk5.default.dim(argsPreview)}`;
+}
+function renderResult(activity, result) {
+  const base = formatBase(activity);
+  let status;
+  if (result.status === "allow") {
+    status = import_chalk5.default.green("\u2713 ALLOW");
+  } else if (result.status === "dlp") {
+    status = import_chalk5.default.bgRed.white.bold(" \u{1F6E1}\uFE0F  DLP ");
+  } else {
+    status = import_chalk5.default.red("\u2717 BLOCK");
+  }
+  if (process.stdout.isTTY) {
+    import_readline.default.clearLine(process.stdout, 0);
+    import_readline.default.cursorTo(process.stdout, 0);
+  }
+  console.log(`${base}  ${status}`);
+}
+function renderPending(activity) {
+  if (!process.stdout.isTTY) return;
+  process.stdout.write(`${formatBase(activity)}  ${import_chalk5.default.yellow("\u25CF \u2026")}\r`);
+}
+async function ensureDaemon() {
+  if (import_fs6.default.existsSync(PID_FILE)) {
+    try {
+      const { port } = JSON.parse(import_fs6.default.readFileSync(PID_FILE, "utf-8"));
+      return port;
+    } catch {
+    }
+  }
+  console.log(import_chalk5.default.dim("\u{1F6E1}\uFE0F  Starting Node9 daemon..."));
+  const child = (0, import_child_process4.spawn)(process.execPath, [process.argv[1], "daemon"], {
+    detached: true,
+    stdio: "ignore",
+    env: { ...process.env, NODE9_AUTO_STARTED: "1" }
+  });
+  child.unref();
+  for (let i = 0; i < 20; i++) {
+    await new Promise((r) => setTimeout(r, 250));
+    if (!import_fs6.default.existsSync(PID_FILE)) continue;
+    try {
+      const res = await fetch(`http://127.0.0.1:${DAEMON_PORT2}/settings`, {
+        signal: AbortSignal.timeout(500)
+      });
+      if (res.ok) {
+        const { port } = JSON.parse(import_fs6.default.readFileSync(PID_FILE, "utf-8"));
+        return port;
+      }
+    } catch {
+    }
+  }
+  console.error(import_chalk5.default.red("\u274C Daemon failed to start. Try: node9 daemon start"));
+  process.exit(1);
+}
+async function startTail(options = {}) {
+  const port = await ensureDaemon();
+  const connectionTime = Date.now();
+  const pending2 = /* @__PURE__ */ new Map();
+  console.log(import_chalk5.default.cyan.bold(`
+\u{1F6F0}\uFE0F  Node9 tail  `) + import_chalk5.default.dim(`\u2192 localhost:${port}`));
+  if (options.history) {
+    console.log(import_chalk5.default.dim("Showing history + live events. Press Ctrl+C to exit.\n"));
+  } else {
+    console.log(
+      import_chalk5.default.dim("Showing live events only. Use --history to include past. Press Ctrl+C to exit.\n")
+    );
+  }
+  process.on("SIGINT", () => {
+    if (process.stdout.isTTY) {
+      import_readline.default.clearLine(process.stdout, 0);
+      import_readline.default.cursorTo(process.stdout, 0);
+    }
+    console.log(import_chalk5.default.dim("\n\u{1F6F0}\uFE0F  Disconnected."));
+    process.exit(0);
+  });
+  const req = import_http2.default.get(`http://127.0.0.1:${port}/events`, (res) => {
+    if (res.statusCode !== 200) {
+      console.error(import_chalk5.default.red(`Failed to connect: HTTP ${res.statusCode}`));
+      process.exit(1);
+    }
+    let currentEvent = "";
+    let currentData = "";
+    res.on("error", () => {
+    });
+    const rl = import_readline.default.createInterface({ input: res, crlfDelay: Infinity });
+    rl.on("error", () => {
+    });
+    rl.on("line", (line) => {
+      if (line.startsWith("event:")) {
+        currentEvent = line.slice(6).trim();
+      } else if (line.startsWith("data:")) {
+        currentData = line.slice(5).trim();
+      } else if (line === "") {
+        if (currentEvent && currentData) {
+          handleMessage(currentEvent, currentData);
+        }
+        currentEvent = "";
+        currentData = "";
+      }
+    });
+    rl.on("close", () => {
+      if (process.stdout.isTTY) {
+        import_readline.default.clearLine(process.stdout, 0);
+        import_readline.default.cursorTo(process.stdout, 0);
+      }
+      console.log(import_chalk5.default.red("\n\u274C Daemon disconnected."));
+      process.exit(1);
+    });
+  });
+  function handleMessage(event, rawData) {
+    let data;
+    try {
+      data = JSON.parse(rawData);
+    } catch {
+      return;
+    }
+    if (event === "activity") {
+      if (!options.history && data.ts > 0 && data.ts < connectionTime) return;
+      if (data.status && data.status !== "pending") {
+        renderResult(data, data);
+        return;
+      }
+      pending2.set(data.id, data);
+      const slowTool = /bash|shell|query|sql|agent/i.test(data.tool);
+      if (slowTool) renderPending(data);
+    }
+    if (event === "activity-result") {
+      const original = pending2.get(data.id);
+      if (original) {
+        renderResult(original, data);
+        pending2.delete(data.id);
+      }
+    }
+  }
+  req.on("error", (err) => {
+    const msg = err.code === "ECONNREFUSED" ? "Daemon is not running. Start it with: node9 daemon start" : err.message;
+    console.error(import_chalk5.default.red(`
+\u274C ${msg}`));
+    process.exit(1);
+  });
+}
+var import_http2, import_chalk5, import_fs6, import_os6, import_path8, import_readline, import_child_process4, PID_FILE, ICONS;
+var init_tail = __esm({
+  "src/tui/tail.ts"() {
+    "use strict";
+    import_http2 = __toESM(require("http"));
+    import_chalk5 = __toESM(require("chalk"));
+    import_fs6 = __toESM(require("fs"));
+    import_os6 = __toESM(require("os"));
+    import_path8 = __toESM(require("path"));
+    import_readline = __toESM(require("readline"));
+    import_child_process4 = require("child_process");
+    init_daemon();
+    PID_FILE = import_path8.default.join(import_os6.default.homedir(), ".node9", "daemon.pid");
+    ICONS = {
+      bash: "\u{1F4BB}",
+      shell: "\u{1F4BB}",
+      terminal: "\u{1F4BB}",
+      read: "\u{1F4D6}",
+      edit: "\u270F\uFE0F",
+      write: "\u270F\uFE0F",
+      glob: "\u{1F4C2}",
+      grep: "\u{1F50D}",
+      agent: "\u{1F916}",
+      search: "\u{1F50D}",
+      sql: "\u{1F5C4}\uFE0F",
+      query: "\u{1F5C4}\uFE0F",
+      list: "\u{1F4C2}",
+      delete: "\u{1F5D1}\uFE0F",
+      web: "\u{1F310}"
+    };
+  }
+});
+
+// src/cli.ts
+var import_commander = require("commander");
+init_core();
+
+// src/setup.ts
+var import_fs3 = __toESM(require("fs"));
+var import_path5 = __toESM(require("path"));
+var import_os3 = __toESM(require("os"));
+var import_chalk3 = __toESM(require("chalk"));
+var import_prompts2 = require("@inquirer/prompts");
+function printDaemonTip() {
+  console.log(
+    import_chalk3.default.cyan("\n   \u{1F4A1} Node9 will protect you automatically using Native OS popups.") + import_chalk3.default.white("\n      To view your history or manage persistent rules, run:") + import_chalk3.default.green("\n      node9 daemon --openui")
+  );
+}
+function fullPathCommand(subcommand) {
+  if (process.env.NODE9_TESTING === "1") return `node9 ${subcommand}`;
+  const nodeExec = process.execPath;
+  const cliScript = process.argv[1];
+  return `${nodeExec} ${cliScript} ${subcommand}`;
+}
+function readJson(filePath) {
+  try {
+    if (import_fs3.default.existsSync(filePath)) {
+      return JSON.parse(import_fs3.default.readFileSync(filePath, "utf-8"));
+    }
+  } catch {
+  }
+  return null;
+}
+function writeJson(filePath, data) {
+  const dir = import_path5.default.dirname(filePath);
+  if (!import_fs3.default.existsSync(dir)) import_fs3.default.mkdirSync(dir, { recursive: true });
+  import_fs3.default.writeFileSync(filePath, JSON.stringify(data, null, 2) + "\n");
+}
+async function setupClaude() {
+  const homeDir2 = import_os3.default.homedir();
+  const mcpPath = import_path5.default.join(homeDir2, ".claude.json");
+  const hooksPath = import_path5.default.join(homeDir2, ".claude", "settings.json");
+  const claudeConfig = readJson(mcpPath) ?? {};
+  const settings = readJson(hooksPath) ?? {};
+  const servers = claudeConfig.mcpServers ?? {};
+  let anythingChanged = false;
+  if (!settings.hooks) settings.hooks = {};
+  const hasPreHook = settings.hooks.PreToolUse?.some(
+    (m) => m.hooks.some((h) => h.command?.includes("node9 check") || h.command?.includes("cli.js check"))
+  );
+  if (!hasPreHook) {
+    if (!settings.hooks.PreToolUse) settings.hooks.PreToolUse = [];
+    settings.hooks.PreToolUse.push({
+      matcher: ".*",
+      hooks: [{ type: "command", command: fullPathCommand("check"), timeout: 60 }]
+    });
+    console.log(import_chalk3.default.green("  \u2705 PreToolUse hook added  \u2192 node9 check"));
+    anythingChanged = true;
+  }
+  const hasPostHook = settings.hooks.PostToolUse?.some(
+    (m) => m.hooks.some((h) => h.command?.includes("node9 log") || h.command?.includes("cli.js log"))
+  );
+  if (!hasPostHook) {
+    if (!settings.hooks.PostToolUse) settings.hooks.PostToolUse = [];
+    settings.hooks.PostToolUse.push({
+      matcher: ".*",
+      hooks: [{ type: "command", command: fullPathCommand("log"), timeout: 600 }]
+    });
+    console.log(import_chalk3.default.green("  \u2705 PostToolUse hook added \u2192 node9 log"));
+    anythingChanged = true;
+  }
+  if (anythingChanged) {
+    writeJson(hooksPath, settings);
+    console.log("");
+  }
+  const serversToWrap = [];
+  for (const [name, server] of Object.entries(servers)) {
+    if (!server.command || server.command === "node9") continue;
+    const parts = [server.command, ...server.args ?? []];
+    serversToWrap.push({ name, originalCmd: parts.join(" "), parts });
+  }
+  if (serversToWrap.length > 0) {
+    console.log(import_chalk3.default.bold("The following existing entries will be modified:\n"));
+    console.log(import_chalk3.default.white(`  ${mcpPath}`));
+    for (const { name, originalCmd } of serversToWrap) {
+      console.log(import_chalk3.default.gray(`    \u2022 ${name}: "${originalCmd}" \u2192 node9 ${originalCmd}`));
+    }
+    console.log("");
+    const proceed = await (0, import_prompts2.confirm)({ message: "Wrap these MCP servers?", default: true });
+    if (proceed) {
+      for (const { name, parts } of serversToWrap) {
+        servers[name] = { ...servers[name], command: "node9", args: parts };
+      }
+      claudeConfig.mcpServers = servers;
+      writeJson(mcpPath, claudeConfig);
+      console.log(import_chalk3.default.green(`
+  \u2705 ${serversToWrap.length} MCP server(s) wrapped`));
+      anythingChanged = true;
+    } else {
+      console.log(import_chalk3.default.yellow("  Skipped MCP server wrapping."));
     }
-    res.writeHead(404).end();
-  });
-  daemonServer = server;
-  server.on("error", (e) => {
-    if (e.code === "EADDRINUSE") {
-      try {
-        if (import_fs3.default.existsSync(DAEMON_PID_FILE)) {
-          const { pid } = JSON.parse(import_fs3.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
-          process.kill(pid, 0);
-          return process.exit(0);
-        }
-      } catch {
-        try {
-          import_fs3.default.unlinkSync(DAEMON_PID_FILE);
-        } catch {
+    console.log("");
+  }
+  if (!anythingChanged && serversToWrap.length === 0) {
+    console.log(import_chalk3.default.blue("\u2139\uFE0F  Node9 is already fully configured for Claude Code."));
+    printDaemonTip();
+    return;
+  }
+  if (anythingChanged) {
+    console.log(import_chalk3.default.green.bold("\u{1F6E1}\uFE0F  Node9 is now protecting Claude Code!"));
+    console.log(import_chalk3.default.gray("    Restart Claude Code for changes to take effect."));
+    printDaemonTip();
+  }
+}
+async function setupGemini() {
+  const homeDir2 = import_os3.default.homedir();
+  const settingsPath = import_path5.default.join(homeDir2, ".gemini", "settings.json");
+  const settings = readJson(settingsPath) ?? {};
+  const servers = settings.mcpServers ?? {};
+  let anythingChanged = false;
+  if (!settings.hooks) settings.hooks = {};
+  const hasBeforeHook = Array.isArray(settings.hooks.BeforeTool) && settings.hooks.BeforeTool.some(
+    (m) => m.hooks.some((h) => h.command?.includes("node9 check") || h.command?.includes("cli.js check"))
+  );
+  if (!hasBeforeHook) {
+    if (!settings.hooks.BeforeTool) settings.hooks.BeforeTool = [];
+    if (!Array.isArray(settings.hooks.BeforeTool)) settings.hooks.BeforeTool = [];
+    settings.hooks.BeforeTool.push({
+      matcher: ".*",
+      hooks: [
+        {
+          name: "node9-check",
+          type: "command",
+          command: fullPathCommand("check"),
+          timeout: 6e5
         }
-        server.listen(DAEMON_PORT2, DAEMON_HOST2);
-        return;
+      ]
+    });
+    console.log(import_chalk3.default.green("  \u2705 BeforeTool hook added \u2192 node9 check"));
+    anythingChanged = true;
+  }
+  const hasAfterHook = Array.isArray(settings.hooks.AfterTool) && settings.hooks.AfterTool.some(
+    (m) => m.hooks.some((h) => h.command?.includes("node9 log") || h.command?.includes("cli.js log"))
+  );
+  if (!hasAfterHook) {
+    if (!settings.hooks.AfterTool) settings.hooks.AfterTool = [];
+    if (!Array.isArray(settings.hooks.AfterTool)) settings.hooks.AfterTool = [];
+    settings.hooks.AfterTool.push({
+      matcher: ".*",
+      hooks: [{ name: "node9-log", type: "command", command: fullPathCommand("log") }]
+    });
+    console.log(import_chalk3.default.green("  \u2705 AfterTool hook added  \u2192 node9 log"));
+    anythingChanged = true;
+  }
+  if (anythingChanged) {
+    writeJson(settingsPath, settings);
+    console.log("");
+  }
+  const serversToWrap = [];
+  for (const [name, server] of Object.entries(servers)) {
+    if (!server.command || server.command === "node9") continue;
+    const parts = [server.command, ...server.args ?? []];
+    serversToWrap.push({ name, originalCmd: parts.join(" "), parts });
+  }
+  if (serversToWrap.length > 0) {
+    console.log(import_chalk3.default.bold("The following existing entries will be modified:\n"));
+    console.log(import_chalk3.default.white(`  ${settingsPath}  (mcpServers)`));
+    for (const { name, originalCmd } of serversToWrap) {
+      console.log(import_chalk3.default.gray(`    \u2022 ${name}: "${originalCmd}" \u2192 node9 ${originalCmd}`));
+    }
+    console.log("");
+    const proceed = await (0, import_prompts2.confirm)({ message: "Wrap these MCP servers?", default: true });
+    if (proceed) {
+      for (const { name, parts } of serversToWrap) {
+        servers[name] = { ...servers[name], command: "node9", args: parts };
       }
+      settings.mcpServers = servers;
+      writeJson(settingsPath, settings);
+      console.log(import_chalk3.default.green(`
+  \u2705 ${serversToWrap.length} MCP server(s) wrapped`));
+      anythingChanged = true;
+    } else {
+      console.log(import_chalk3.default.yellow("  Skipped MCP server wrapping."));
     }
-    console.error(import_chalk4.default.red("\n\u{1F6D1} Node9 Daemon Error:"), e.message);
-    process.exit(1);
-  });
-  server.listen(DAEMON_PORT2, DAEMON_HOST2, () => {
-    atomicWriteSync2(
-      DAEMON_PID_FILE,
-      JSON.stringify({ pid: process.pid, port: DAEMON_PORT2, internalToken, autoStarted }),
-      { mode: 384 }
-    );
-    console.log(import_chalk4.default.green(`\u{1F6E1}\uFE0F  Node9 Guard LIVE: http://127.0.0.1:${DAEMON_PORT2}`));
-  });
+    console.log("");
+  }
+  if (!anythingChanged && serversToWrap.length === 0) {
+    console.log(import_chalk3.default.blue("\u2139\uFE0F  Node9 is already fully configured for Gemini CLI."));
+    printDaemonTip();
+    return;
+  }
+  if (anythingChanged) {
+    console.log(import_chalk3.default.green.bold("\u{1F6E1}\uFE0F  Node9 is now protecting Gemini CLI!"));
+    console.log(import_chalk3.default.gray("    Restart Gemini CLI for changes to take effect."));
+    printDaemonTip();
+  }
 }
-function stopDaemon() {
-  if (!import_fs3.default.existsSync(DAEMON_PID_FILE)) return console.log(import_chalk4.default.yellow("Not running."));
-  try {
-    const { pid } = JSON.parse(import_fs3.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
-    process.kill(pid, "SIGTERM");
-    console.log(import_chalk4.default.green("\u2705 Stopped."));
-  } catch {
-    console.log(import_chalk4.default.gray("Cleaned up stale PID file."));
-  } finally {
-    try {
-      import_fs3.default.unlinkSync(DAEMON_PID_FILE);
-    } catch {
+async function setupCursor() {
+  const homeDir2 = import_os3.default.homedir();
+  const mcpPath = import_path5.default.join(homeDir2, ".cursor", "mcp.json");
+  const mcpConfig = readJson(mcpPath) ?? {};
+  const servers = mcpConfig.mcpServers ?? {};
+  let anythingChanged = false;
+  const serversToWrap = [];
+  for (const [name, server] of Object.entries(servers)) {
+    if (!server.command || server.command === "node9") continue;
+    const parts = [server.command, ...server.args ?? []];
+    serversToWrap.push({ name, originalCmd: parts.join(" "), parts });
+  }
+  if (serversToWrap.length > 0) {
+    console.log(import_chalk3.default.bold("The following existing entries will be modified:\n"));
+    console.log(import_chalk3.default.white(`  ${mcpPath}`));
+    for (const { name, originalCmd } of serversToWrap) {
+      console.log(import_chalk3.default.gray(`    \u2022 ${name}: "${originalCmd}" \u2192 node9 ${originalCmd}`));
+    }
+    console.log("");
+    const proceed = await (0, import_prompts2.confirm)({ message: "Wrap these MCP servers?", default: true });
+    if (proceed) {
+      for (const { name, parts } of serversToWrap) {
+        servers[name] = { ...servers[name], command: "node9", args: parts };
+      }
+      mcpConfig.mcpServers = servers;
+      writeJson(mcpPath, mcpConfig);
+      console.log(import_chalk3.default.green(`
+  \u2705 ${serversToWrap.length} MCP server(s) wrapped`));
+      anythingChanged = true;
+    } else {
+      console.log(import_chalk3.default.yellow("  Skipped MCP server wrapping."));
     }
+    console.log("");
   }
-}
-function daemonStatus() {
-  if (!import_fs3.default.existsSync(DAEMON_PID_FILE))
-    return console.log(import_chalk4.default.yellow("Node9 daemon: not running"));
-  try {
-    const { pid } = JSON.parse(import_fs3.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
-    process.kill(pid, 0);
-    console.log(import_chalk4.default.green("Node9 daemon: running"));
-  } catch {
-    console.log(import_chalk4.default.yellow("Node9 daemon: not running (stale PID)"));
+  console.log(
+    import_chalk3.default.yellow(
+      "  \u26A0\uFE0F  Note: Cursor does not yet support native pre-execution hooks.\n     MCP proxy wrapping is the only supported protection mode for Cursor."
+    )
+  );
+  console.log("");
+  if (!anythingChanged && serversToWrap.length === 0) {
+    console.log(
+      import_chalk3.default.blue(
+        "\u2139\uFE0F  No MCP servers found to wrap. Add MCP servers to ~/.cursor/mcp.json and re-run."
+      )
+    );
+    printDaemonTip();
+    return;
+  }
+  if (anythingChanged) {
+    console.log(import_chalk3.default.green.bold("\u{1F6E1}\uFE0F  Node9 is now protecting Cursor via MCP proxy!"));
+    console.log(import_chalk3.default.gray("    Restart Cursor for changes to take effect."));
+    printDaemonTip();
   }
 }
 
 // src/cli.ts
-var import_child_process4 = require("child_process");
+init_daemon();
+var import_child_process5 = require("child_process");
 var import_execa = require("execa");
 var import_execa2 = require("execa");
-var import_chalk5 = __toESM(require("chalk"));
-var import_readline = __toESM(require("readline"));
-var import_fs5 = __toESM(require("fs"));
-var import_path7 = __toESM(require("path"));
-var import_os5 = __toESM(require("os"));
+var import_chalk6 = __toESM(require("chalk"));
+var import_readline2 = __toESM(require("readline"));
+var import_fs7 = __toESM(require("fs"));
+var import_path9 = __toESM(require("path"));
+var import_os7 = __toESM(require("os"));
 
 // src/undo.ts
 var import_child_process3 = require("child_process");
-var import_fs4 = __toESM(require("fs"));
-var import_path6 = __toESM(require("path"));
-var import_os4 = __toESM(require("os"));
-var SNAPSHOT_STACK_PATH = import_path6.default.join(import_os4.default.homedir(), ".node9", "snapshots.json");
-var UNDO_LATEST_PATH = import_path6.default.join(import_os4.default.homedir(), ".node9", "undo_latest.txt");
+var import_fs5 = __toESM(require("fs"));
+var import_path7 = __toESM(require("path"));
+var import_os5 = __toESM(require("os"));
+var SNAPSHOT_STACK_PATH = import_path7.default.join(import_os5.default.homedir(), ".node9", "snapshots.json");
+var UNDO_LATEST_PATH = import_path7.default.join(import_os5.default.homedir(), ".node9", "undo_latest.txt");
 var MAX_SNAPSHOTS = 10;
 function readStack() {
   try {
-    if (import_fs4.default.existsSync(SNAPSHOT_STACK_PATH))
-      return JSON.parse(import_fs4.default.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
+    if (import_fs5.default.existsSync(SNAPSHOT_STACK_PATH))
+      return JSON.parse(import_fs5.default.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
   } catch {
   }
   return [];
 }
 function writeStack(stack) {
-  const dir = import_path6.default.dirname(SNAPSHOT_STACK_PATH);
-  if (!import_fs4.default.existsSync(dir)) import_fs4.default.mkdirSync(dir, { recursive: true });
-  import_fs4.default.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
+  const dir = import_path7.default.dirname(SNAPSHOT_STACK_PATH);
+  if (!import_fs5.default.existsSync(dir)) import_fs5.default.mkdirSync(dir, { recursive: true });
+  import_fs5.default.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
 }
 function buildArgsSummary(tool, args) {
   if (!args || typeof args !== "object") return "";
@@ -3996,13 +5112,13 @@ function buildArgsSummary(tool, args) {
 async function createShadowSnapshot(tool = "unknown", args = {}) {
   try {
     const cwd = process.cwd();
-    if (!import_fs4.default.existsSync(import_path6.default.join(cwd, ".git"))) return null;
-    const tempIndex = import_path6.default.join(cwd, ".git", `node9_index_${Date.now()}`);
+    if (!import_fs5.default.existsSync(import_path7.default.join(cwd, ".git"))) return null;
+    const tempIndex = import_path7.default.join(cwd, ".git", `node9_index_${Date.now()}`);
     const env = { ...process.env, GIT_INDEX_FILE: tempIndex };
     (0, import_child_process3.spawnSync)("git", ["add", "-A"], { env });
     const treeRes = (0, import_child_process3.spawnSync)("git", ["write-tree"], { env });
     const treeHash = treeRes.stdout.toString().trim();
-    if (import_fs4.default.existsSync(tempIndex)) import_fs4.default.unlinkSync(tempIndex);
+    if (import_fs5.default.existsSync(tempIndex)) import_fs5.default.unlinkSync(tempIndex);
     if (!treeHash || treeRes.status !== 0) return null;
     const commitRes = (0, import_child_process3.spawnSync)("git", [
       "commit-tree",
@@ -4023,7 +5139,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}) {
     stack.push(entry);
     if (stack.length > MAX_SNAPSHOTS) stack.splice(0, stack.length - MAX_SNAPSHOTS);
     writeStack(stack);
-    import_fs4.default.writeFileSync(UNDO_LATEST_PATH, commitHash);
+    import_fs5.default.writeFileSync(UNDO_LATEST_PATH, commitHash);
     return commitHash;
   } catch (err) {
     if (process.env.NODE9_DEBUG === "1") console.error("[Node9 Undo Engine Error]:", err);
@@ -4061,9 +5177,9 @@ function applyUndo(hash, cwd) {
     const tracked = (0, import_child_process3.spawnSync)("git", ["ls-files"], { cwd: dir }).stdout.toString().trim().split("\n").filter(Boolean);
     const untracked = (0, import_child_process3.spawnSync)("git", ["ls-files", "--others", "--exclude-standard"], { cwd: dir }).stdout.toString().trim().split("\n").filter(Boolean);
     for (const file of [...tracked, ...untracked]) {
-      const fullPath = import_path6.default.join(dir, file);
-      if (!snapshotFiles.has(file) && import_fs4.default.existsSync(fullPath)) {
-        import_fs4.default.unlinkSync(fullPath);
+      const fullPath = import_path7.default.join(dir, file);
+      if (!snapshotFiles.has(file) && import_fs5.default.existsSync(fullPath)) {
+        import_fs5.default.unlinkSync(fullPath);
       }
     }
     return true;
@@ -4073,9 +5189,10 @@ function applyUndo(hash, cwd) {
 }
 
 // src/cli.ts
+init_shields();
 var import_prompts3 = require("@inquirer/prompts");
 var { version } = JSON.parse(
-  import_fs5.default.readFileSync(import_path7.default.join(__dirname, "../package.json"), "utf-8")
+  import_fs7.default.readFileSync(import_path9.default.join(__dirname, "../package.json"), "utf-8")
 );
 function parseDuration(str) {
   const m = str.trim().match(/^(\d+(?:\.\d+)?)\s*(s|m|h|d)?$/i);
@@ -4107,6 +5224,15 @@ INSTRUCTIONS:
 - If you believe this action is critical, explain your reasoning and ask them to run "node9 pause 15m" to proceed.`;
   }
   const label = blockedByLabel.toLowerCase();
+  if (label.includes("dlp") || label.includes("secret detected") || label.includes("credential review")) {
+    return `NODE9 SECURITY ALERT: A sensitive credential (API key, token, or private key) was found in your tool call arguments.
+CRITICAL INSTRUCTION: Do NOT retry this action.
+REQUIRED ACTIONS:
+1. Remove the hardcoded credential from your command or code.
+2. Use an environment variable or a dedicated secrets manager instead.
+3. Treat the leaked credential as compromised and rotate it immediately.
+Do NOT attempt to bypass this check or pass the credential through another tool.`;
+  }
   if (label.includes("sql safety") && label.includes("delete without where")) {
     return `NODE9: Blocked \u2014 DELETE without WHERE clause would wipe the entire table.
 INSTRUCTION: Add a WHERE clause to scope the deletion (e.g. WHERE id = <value>).
@@ -4154,15 +5280,15 @@ function openBrowserLocal() {
   const url = `http://${DAEMON_HOST2}:${DAEMON_PORT2}/`;
   try {
     const opts = { stdio: "ignore" };
-    if (process.platform === "darwin") (0, import_child_process4.execSync)(`open "${url}"`, opts);
-    else if (process.platform === "win32") (0, import_child_process4.execSync)(`cmd /c start "" "${url}"`, opts);
-    else (0, import_child_process4.execSync)(`xdg-open "${url}"`, opts);
+    if (process.platform === "darwin") (0, import_child_process5.execSync)(`open "${url}"`, opts);
+    else if (process.platform === "win32") (0, import_child_process5.execSync)(`cmd /c start "" "${url}"`, opts);
+    else (0, import_child_process5.execSync)(`xdg-open "${url}"`, opts);
   } catch {
   }
 }
 async function autoStartDaemonAndWait() {
   try {
-    const child = (0, import_child_process4.spawn)("node9", ["daemon"], {
+    const child = (0, import_child_process5.spawn)("node9", ["daemon"], {
       detached: true,
       stdio: "ignore",
       env: { ...process.env, NODE9_AUTO_STARTED: "1" }
@@ -4198,14 +5324,14 @@ async function runProxy(targetCommand) {
     if (stdout) executable = stdout.trim();
   } catch {
   }
-  console.log(import_chalk5.default.green(`\u{1F680} Node9 Proxy Active: Monitoring [${targetCommand}]`));
-  const child = (0, import_child_process4.spawn)(executable, args, {
+  console.log(import_chalk6.default.green(`\u{1F680} Node9 Proxy Active: Monitoring [${targetCommand}]`));
+  const child = (0, import_child_process5.spawn)(executable, args, {
     stdio: ["pipe", "pipe", "inherit"],
     // We control STDIN and STDOUT
     shell: false,
     env: { ...process.env, FORCE_COLOR: "1" }
   });
-  const agentIn = import_readline.default.createInterface({ input: process.stdin, terminal: false });
+  const agentIn = import_readline2.default.createInterface({ input: process.stdin, terminal: false });
   agentIn.on("line", async (line) => {
     let message;
     try {
@@ -4223,10 +5349,10 @@ async function runProxy(targetCommand) {
           agent: "Proxy/MCP"
         });
         if (!result.approved) {
-          console.error(import_chalk5.default.red(`
+          console.error(import_chalk6.default.red(`
 \u{1F6D1} Node9 Sudo: Action Blocked`));
-          console.error(import_chalk5.default.gray(`   Tool: ${name}`));
-          console.error(import_chalk5.default.gray(`   Reason: ${result.reason || "Security Policy"}
+          console.error(import_chalk6.default.gray(`   Tool: ${name}`));
+          console.error(import_chalk6.default.gray(`   Reason: ${result.reason || "Security Policy"}
 `));
           const blockedByLabel = result.blockedByLabel ?? result.reason ?? "Security Policy";
           const isHuman = blockedByLabel.toLowerCase().includes("user") || blockedByLabel.toLowerCase().includes("daemon") || blockedByLabel.toLowerCase().includes("decision");
@@ -4268,14 +5394,14 @@ async function runProxy(targetCommand) {
 }
 program.command("login").argument("<apiKey>").option("--local", "Save key for audit/logging only \u2014 local config still controls all decisions").option("--profile <name>", 'Save as a named profile (default: "default")').action((apiKey, options) => {
   const DEFAULT_API_URL = "https://api.node9.ai/api/v1/intercept";
-  const credPath = import_path7.default.join(import_os5.default.homedir(), ".node9", "credentials.json");
-  if (!import_fs5.default.existsSync(import_path7.default.dirname(credPath)))
-    import_fs5.default.mkdirSync(import_path7.default.dirname(credPath), { recursive: true });
+  const credPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "credentials.json");
+  if (!import_fs7.default.existsSync(import_path9.default.dirname(credPath)))
+    import_fs7.default.mkdirSync(import_path9.default.dirname(credPath), { recursive: true });
   const profileName = options.profile || "default";
   let existingCreds = {};
   try {
-    if (import_fs5.default.existsSync(credPath)) {
-      const raw = JSON.parse(import_fs5.default.readFileSync(credPath, "utf-8"));
+    if (import_fs7.default.existsSync(credPath)) {
+      const raw = JSON.parse(import_fs7.default.readFileSync(credPath, "utf-8"));
       if (raw.apiKey) {
         existingCreds = {
           default: { apiKey: raw.apiKey, apiUrl: raw.apiUrl || DEFAULT_API_URL }
@@ -4287,13 +5413,13 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
   } catch {
   }
   existingCreds[profileName] = { apiKey, apiUrl: DEFAULT_API_URL };
-  import_fs5.default.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
+  import_fs7.default.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
   if (profileName === "default") {
-    const configPath = import_path7.default.join(import_os5.default.homedir(), ".node9", "config.json");
+    const configPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "config.json");
     let config = {};
     try {
-      if (import_fs5.default.existsSync(configPath))
-        config = JSON.parse(import_fs5.default.readFileSync(configPath, "utf-8"));
+      if (import_fs7.default.existsSync(configPath))
+        config = JSON.parse(import_fs7.default.readFileSync(configPath, "utf-8"));
     } catch {
     }
     if (!config.settings || typeof config.settings !== "object") config.settings = {};
@@ -4308,36 +5434,36 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
       approvers.cloud = false;
     }
     s.approvers = approvers;
-    if (!import_fs5.default.existsSync(import_path7.default.dirname(configPath)))
-      import_fs5.default.mkdirSync(import_path7.default.dirname(configPath), { recursive: true });
-    import_fs5.default.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
+    if (!import_fs7.default.existsSync(import_path9.default.dirname(configPath)))
+      import_fs7.default.mkdirSync(import_path9.default.dirname(configPath), { recursive: true });
+    import_fs7.default.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
   }
   if (options.profile && profileName !== "default") {
-    console.log(import_chalk5.default.green(`\u2705 Profile "${profileName}" saved`));
-    console.log(import_chalk5.default.gray(`   Switch to it per-session:  NODE9_PROFILE=${profileName} claude`));
+    console.log(import_chalk6.default.green(`\u2705 Profile "${profileName}" saved`));
+    console.log(import_chalk6.default.gray(`   Switch to it per-session:  NODE9_PROFILE=${profileName} claude`));
   } else if (options.local) {
-    console.log(import_chalk5.default.green(`\u2705 Privacy mode \u{1F6E1}\uFE0F`));
-    console.log(import_chalk5.default.gray(`   All decisions stay on this machine.`));
+    console.log(import_chalk6.default.green(`\u2705 Privacy mode \u{1F6E1}\uFE0F`));
+    console.log(import_chalk6.default.gray(`   All decisions stay on this machine.`));
   } else {
-    console.log(import_chalk5.default.green(`\u2705 Logged in \u2014 agent mode`));
-    console.log(import_chalk5.default.gray(`   Team policy enforced for all calls via Node9 cloud.`));
+    console.log(import_chalk6.default.green(`\u2705 Logged in \u2014 agent mode`));
+    console.log(import_chalk6.default.gray(`   Team policy enforced for all calls via Node9 cloud.`));
   }
 });
 program.command("addto").description("Integrate Node9 with an AI agent").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor").argument("<target>", "The agent to protect: claude | gemini | cursor").action(async (target) => {
   if (target === "gemini") return await setupGemini();
   if (target === "claude") return await setupClaude();
   if (target === "cursor") return await setupCursor();
-  console.error(import_chalk5.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor`));
+  console.error(import_chalk6.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor`));
   process.exit(1);
 });
 program.command("setup").description('Alias for "addto" \u2014 integrate Node9 with an AI agent').addHelpText("after", "\n  Supported targets:  claude  gemini  cursor").argument("[target]", "The agent to protect: claude | gemini | cursor").action(async (target) => {
   if (!target) {
-    console.log(import_chalk5.default.cyan("\n\u{1F6E1}\uFE0F  Node9 Setup \u2014 integrate with your AI agent\n"));
-    console.log("  Usage:  " + import_chalk5.default.white("node9 setup <target>") + "\n");
+    console.log(import_chalk6.default.cyan("\n\u{1F6E1}\uFE0F  Node9 Setup \u2014 integrate with your AI agent\n"));
+    console.log("  Usage:  " + import_chalk6.default.white("node9 setup <target>") + "\n");
     console.log("  Targets:");
-    console.log("    " + import_chalk5.default.green("claude") + "   \u2014 Claude Code (hook mode)");
-    console.log("    " + import_chalk5.default.green("gemini") + "   \u2014 Gemini CLI (hook mode)");
-    console.log("    " + import_chalk5.default.green("cursor") + "   \u2014 Cursor (hook mode)");
+    console.log("    " + import_chalk6.default.green("claude") + "   \u2014 Claude Code (hook mode)");
+    console.log("    " + import_chalk6.default.green("gemini") + "   \u2014 Gemini CLI (hook mode)");
+    console.log("    " + import_chalk6.default.green("cursor") + "   \u2014 Cursor (hook mode)");
     console.log("");
     return;
   }
@@ -4345,33 +5471,33 @@ program.command("setup").description('Alias for "addto" \u2014 integrate Node9 w
   if (t === "gemini") return await setupGemini();
   if (t === "claude") return await setupClaude();
   if (t === "cursor") return await setupCursor();
-  console.error(import_chalk5.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor`));
+  console.error(import_chalk6.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor`));
   process.exit(1);
 });
 program.command("doctor").description("Check that Node9 is installed and configured correctly").action(() => {
-  const homeDir2 = import_os5.default.homedir();
+  const homeDir2 = import_os7.default.homedir();
   let failures = 0;
   function pass(msg) {
-    console.log(import_chalk5.default.green("  \u2705 ") + msg);
+    console.log(import_chalk6.default.green("  \u2705 ") + msg);
   }
   function fail(msg, hint) {
-    console.log(import_chalk5.default.red("  \u274C ") + msg);
-    if (hint) console.log(import_chalk5.default.gray("       " + hint));
+    console.log(import_chalk6.default.red("  \u274C ") + msg);
+    if (hint) console.log(import_chalk6.default.gray("       " + hint));
     failures++;
   }
   function warn(msg, hint) {
-    console.log(import_chalk5.default.yellow("  \u26A0\uFE0F  ") + msg);
-    if (hint) console.log(import_chalk5.default.gray("       " + hint));
+    console.log(import_chalk6.default.yellow("  \u26A0\uFE0F  ") + msg);
+    if (hint) console.log(import_chalk6.default.gray("       " + hint));
   }
   function section(title) {
-    console.log("\n" + import_chalk5.default.bold(title));
+    console.log("\n" + import_chalk6.default.bold(title));
   }
-  console.log(import_chalk5.default.cyan.bold(`
+  console.log(import_chalk6.default.cyan.bold(`
 \u{1F6E1}\uFE0F  Node9 Doctor  v${version}
 `));
   section("Binary");
   try {
-    const which = (0, import_child_process4.execSync)("which node9", { encoding: "utf-8" }).trim();
+    const which = (0, import_child_process5.execSync)("which node9", { encoding: "utf-8" }).trim();
     pass(`node9 found at ${which}`);
   } catch {
     warn("node9 not found in $PATH \u2014 hooks may not find it", "Run: npm install -g @node9/proxy");
@@ -4386,7 +5512,7 @@ program.command("doctor").description("Check that Node9 is installed and configu
     );
   }
   try {
-    const gitVersion = (0, import_child_process4.execSync)("git --version", { encoding: "utf-8" }).trim();
+    const gitVersion = (0, import_child_process5.execSync)("git --version", { encoding: "utf-8" }).trim();
     pass(gitVersion);
   } catch {
     warn(
@@ -4395,10 +5521,10 @@ program.command("doctor").description("Check that Node9 is installed and configu
     );
   }
   section("Configuration");
-  const globalConfigPath = import_path7.default.join(homeDir2, ".node9", "config.json");
-  if (import_fs5.default.existsSync(globalConfigPath)) {
+  const globalConfigPath = import_path9.default.join(homeDir2, ".node9", "config.json");
+  if (import_fs7.default.existsSync(globalConfigPath)) {
     try {
-      JSON.parse(import_fs5.default.readFileSync(globalConfigPath, "utf-8"));
+      JSON.parse(import_fs7.default.readFileSync(globalConfigPath, "utf-8"));
       pass("~/.node9/config.json found and valid");
     } catch {
       fail("~/.node9/config.json is invalid JSON", "Run: node9 init --force");
@@ -4406,17 +5532,17 @@ program.command("doctor").description("Check that Node9 is installed and configu
   } else {
     warn("~/.node9/config.json not found (using defaults)", "Run: node9 init");
   }
-  const projectConfigPath = import_path7.default.join(process.cwd(), "node9.config.json");
-  if (import_fs5.default.existsSync(projectConfigPath)) {
+  const projectConfigPath = import_path9.default.join(process.cwd(), "node9.config.json");
+  if (import_fs7.default.existsSync(projectConfigPath)) {
     try {
-      JSON.parse(import_fs5.default.readFileSync(projectConfigPath, "utf-8"));
+      JSON.parse(import_fs7.default.readFileSync(projectConfigPath, "utf-8"));
       pass("node9.config.json found and valid (project)");
     } catch {
       fail("node9.config.json is invalid JSON", "Fix the JSON or delete it and run: node9 init");
     }
   }
-  const credsPath = import_path7.default.join(homeDir2, ".node9", "credentials.json");
-  if (import_fs5.default.existsSync(credsPath)) {
+  const credsPath = import_path9.default.join(homeDir2, ".node9", "credentials.json");
+  if (import_fs7.default.existsSync(credsPath)) {
     pass("Cloud credentials found (~/.node9/credentials.json)");
   } else {
     warn(
@@ -4425,10 +5551,10 @@ program.command("doctor").description("Check that Node9 is installed and configu
     );
   }
   section("Agent Hooks");
-  const claudeSettingsPath = import_path7.default.join(homeDir2, ".claude", "settings.json");
-  if (import_fs5.default.existsSync(claudeSettingsPath)) {
+  const claudeSettingsPath = import_path9.default.join(homeDir2, ".claude", "settings.json");
+  if (import_fs7.default.existsSync(claudeSettingsPath)) {
     try {
-      const cs = JSON.parse(import_fs5.default.readFileSync(claudeSettingsPath, "utf-8"));
+      const cs = JSON.parse(import_fs7.default.readFileSync(claudeSettingsPath, "utf-8"));
       const hasHook = cs.hooks?.PreToolUse?.some(
         (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
       );
@@ -4441,10 +5567,10 @@ program.command("doctor").description("Check that Node9 is installed and configu
   } else {
     warn("Claude Code \u2014 not configured", "Run: node9 setup claude");
   }
-  const geminiSettingsPath = import_path7.default.join(homeDir2, ".gemini", "settings.json");
-  if (import_fs5.default.existsSync(geminiSettingsPath)) {
+  const geminiSettingsPath = import_path9.default.join(homeDir2, ".gemini", "settings.json");
+  if (import_fs7.default.existsSync(geminiSettingsPath)) {
     try {
-      const gs = JSON.parse(import_fs5.default.readFileSync(geminiSettingsPath, "utf-8"));
+      const gs = JSON.parse(import_fs7.default.readFileSync(geminiSettingsPath, "utf-8"));
       const hasHook = gs.hooks?.BeforeTool?.some(
         (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
       );
@@ -4457,10 +5583,10 @@ program.command("doctor").description("Check that Node9 is installed and configu
   } else {
     warn("Gemini CLI  \u2014 not configured", "Run: node9 setup gemini  (skip if not using Gemini)");
   }
-  const cursorHooksPath = import_path7.default.join(homeDir2, ".cursor", "hooks.json");
-  if (import_fs5.default.existsSync(cursorHooksPath)) {
+  const cursorHooksPath = import_path9.default.join(homeDir2, ".cursor", "hooks.json");
+  if (import_fs7.default.existsSync(cursorHooksPath)) {
     try {
-      const cur = JSON.parse(import_fs5.default.readFileSync(cursorHooksPath, "utf-8"));
+      const cur = JSON.parse(import_fs7.default.readFileSync(cursorHooksPath, "utf-8"));
       const hasHook = cur.hooks?.preToolUse?.some(
         (h) => h.command?.includes("node9") || h.command?.includes("cli.js")
       );
@@ -4481,9 +5607,9 @@ program.command("doctor").description("Check that Node9 is installed and configu
   }
   console.log("");
   if (failures === 0) {
-    console.log(import_chalk5.default.green.bold("  All checks passed. Node9 is ready.\n"));
+    console.log(import_chalk6.default.green.bold("  All checks passed. Node9 is ready.\n"));
   } else {
-    console.log(import_chalk5.default.red.bold(`  ${failures} check(s) failed. See hints above.
+    console.log(import_chalk6.default.red.bold(`  ${failures} check(s) failed. See hints above.
 `));
     process.exit(1);
   }
@@ -4498,7 +5624,7 @@ program.command("explain").description(
       try {
         args = JSON.parse(trimmed);
       } catch {
-        console.error(import_chalk5.default.red(`
+        console.error(import_chalk6.default.red(`
 \u274C Invalid JSON: ${trimmed}
 `));
         process.exit(1);
@@ -4509,63 +5635,63 @@ program.command("explain").description(
   }
   const result = await explainPolicy(tool, args);
   console.log("");
-  console.log(import_chalk5.default.cyan.bold("\u{1F6E1}\uFE0F  Node9 Explain"));
+  console.log(import_chalk6.default.cyan.bold("\u{1F6E1}\uFE0F  Node9 Explain"));
   console.log("");
-  console.log(`   ${import_chalk5.default.bold("Tool:")}    ${import_chalk5.default.white(result.tool)}`);
+  console.log(`   ${import_chalk6.default.bold("Tool:")}    ${import_chalk6.default.white(result.tool)}`);
   if (argsRaw) {
     const preview = argsRaw.length > 80 ? argsRaw.slice(0, 77) + "\u2026" : argsRaw;
-    console.log(`   ${import_chalk5.default.bold("Input:")}   ${import_chalk5.default.gray(preview)}`);
+    console.log(`   ${import_chalk6.default.bold("Input:")}   ${import_chalk6.default.gray(preview)}`);
   }
   console.log("");
-  console.log(import_chalk5.default.bold("Config Sources (Waterfall):"));
+  console.log(import_chalk6.default.bold("Config Sources (Waterfall):"));
   for (const tier of result.waterfall) {
-    const num = import_chalk5.default.gray(`  ${tier.tier}.`);
+    const num = import_chalk6.default.gray(`  ${tier.tier}.`);
     const label = tier.label.padEnd(16);
     let statusStr;
     if (tier.tier === 1) {
-      statusStr = import_chalk5.default.gray(tier.note ?? "");
+      statusStr = import_chalk6.default.gray(tier.note ?? "");
     } else if (tier.status === "active") {
-      const loc = tier.path ? import_chalk5.default.gray(tier.path) : "";
-      const note = tier.note ? import_chalk5.default.gray(`(${tier.note})`) : "";
-      statusStr = import_chalk5.default.green("\u2713 active") + (loc ? "  " + loc : "") + (note ? "  " + note : "");
+      const loc = tier.path ? import_chalk6.default.gray(tier.path) : "";
+      const note = tier.note ? import_chalk6.default.gray(`(${tier.note})`) : "";
+      statusStr = import_chalk6.default.green("\u2713 active") + (loc ? "  " + loc : "") + (note ? "  " + note : "");
     } else {
-      statusStr = import_chalk5.default.gray("\u25CB " + (tier.note ?? "not found"));
+      statusStr = import_chalk6.default.gray("\u25CB " + (tier.note ?? "not found"));
     }
-    console.log(`${num} ${import_chalk5.default.white(label)} ${statusStr}`);
+    console.log(`${num} ${import_chalk6.default.white(label)} ${statusStr}`);
   }
   console.log("");
-  console.log(import_chalk5.default.bold("Policy Evaluation:"));
+  console.log(import_chalk6.default.bold("Policy Evaluation:"));
   for (const step of result.steps) {
     const isFinal = step.isFinal;
     let icon;
-    if (step.outcome === "allow") icon = import_chalk5.default.green("  \u2705");
-    else if (step.outcome === "review") icon = import_chalk5.default.red("  \u{1F534}");
-    else if (step.outcome === "skip") icon = import_chalk5.default.gray("  \u2500 ");
-    else icon = import_chalk5.default.gray("  \u25CB ");
+    if (step.outcome === "allow") icon = import_chalk6.default.green("  \u2705");
+    else if (step.outcome === "review") icon = import_chalk6.default.red("  \u{1F534}");
+    else if (step.outcome === "skip") icon = import_chalk6.default.gray("  \u2500 ");
+    else icon = import_chalk6.default.gray("  \u25CB ");
     const name = step.name.padEnd(18);
-    const nameStr = isFinal ? import_chalk5.default.white.bold(name) : import_chalk5.default.white(name);
-    const detail = isFinal ? import_chalk5.default.white(step.detail) : import_chalk5.default.gray(step.detail);
-    const arrow = isFinal ? import_chalk5.default.yellow("  \u2190 STOP") : "";
+    const nameStr = isFinal ? import_chalk6.default.white.bold(name) : import_chalk6.default.white(name);
+    const detail = isFinal ? import_chalk6.default.white(step.detail) : import_chalk6.default.gray(step.detail);
+    const arrow = isFinal ? import_chalk6.default.yellow("  \u2190 STOP") : "";
     console.log(`${icon} ${nameStr} ${detail}${arrow}`);
   }
   console.log("");
   if (result.decision === "allow") {
-    console.log(import_chalk5.default.green.bold("  Decision: \u2705 ALLOW") + import_chalk5.default.gray("  \u2014 no approval needed"));
+    console.log(import_chalk6.default.green.bold("  Decision: \u2705 ALLOW") + import_chalk6.default.gray("  \u2014 no approval needed"));
   } else {
     console.log(
-      import_chalk5.default.red.bold("  Decision: \u{1F534} REVIEW") + import_chalk5.default.gray("  \u2014 human approval required")
+      import_chalk6.default.red.bold("  Decision: \u{1F534} REVIEW") + import_chalk6.default.gray("  \u2014 human approval required")
     );
     if (result.blockedByLabel) {
-      console.log(import_chalk5.default.gray(`  Reason:   ${result.blockedByLabel}`));
+      console.log(import_chalk6.default.gray(`  Reason:   ${result.blockedByLabel}`));
     }
   }
   console.log("");
 });
 program.command("init").description("Create ~/.node9/config.json with default policy (safe to run multiple times)").option("--force", "Overwrite existing config").option("-m, --mode <mode>", "Set initial security mode (standard, strict, audit)", "standard").action((options) => {
-  const configPath = import_path7.default.join(import_os5.default.homedir(), ".node9", "config.json");
-  if (import_fs5.default.existsSync(configPath) && !options.force) {
-    console.log(import_chalk5.default.yellow(`\u2139\uFE0F  Global config already exists: ${configPath}`));
-    console.log(import_chalk5.default.gray(`   Run with --force to overwrite.`));
+  const configPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "config.json");
+  if (import_fs7.default.existsSync(configPath) && !options.force) {
+    console.log(import_chalk6.default.yellow(`\u2139\uFE0F  Global config already exists: ${configPath}`));
+    console.log(import_chalk6.default.gray(`   Run with --force to overwrite.`));
     return;
   }
   const requestedMode = options.mode.toLowerCase();
@@ -4577,13 +5703,13 @@ program.command("init").description("Create ~/.node9/config.json with default po
       mode: safeMode
     }
   };
-  const dir = import_path7.default.dirname(configPath);
-  if (!import_fs5.default.existsSync(dir)) import_fs5.default.mkdirSync(dir, { recursive: true });
-  import_fs5.default.writeFileSync(configPath, JSON.stringify(configToSave, null, 2));
-  console.log(import_chalk5.default.green(`\u2705 Global config created: ${configPath}`));
-  console.log(import_chalk5.default.cyan(`   Mode set to: ${safeMode}`));
+  const dir = import_path9.default.dirname(configPath);
+  if (!import_fs7.default.existsSync(dir)) import_fs7.default.mkdirSync(dir, { recursive: true });
+  import_fs7.default.writeFileSync(configPath, JSON.stringify(configToSave, null, 2));
+  console.log(import_chalk6.default.green(`\u2705 Global config created: ${configPath}`));
+  console.log(import_chalk6.default.cyan(`   Mode set to: ${safeMode}`));
   console.log(
-    import_chalk5.default.gray(`   Undo Engine is ENABLED by default. Use 'node9 undo' to revert AI changes.`)
+    import_chalk6.default.gray(`   Undo Engine is ENABLED by default. Use 'node9 undo' to revert AI changes.`)
   );
 });
 function formatRelativeTime(timestamp) {
@@ -4597,14 +5723,14 @@ function formatRelativeTime(timestamp) {
   return new Date(timestamp).toLocaleDateString();
 }
 program.command("audit").description("View local execution audit log").option("--tail <n>", "Number of entries to show", "20").option("--tool <pattern>", "Filter by tool name (substring match)").option("--deny", "Show only denied actions").option("--json", "Output raw JSON").action((options) => {
-  const logPath = import_path7.default.join(import_os5.default.homedir(), ".node9", "audit.log");
-  if (!import_fs5.default.existsSync(logPath)) {
+  const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "audit.log");
+  if (!import_fs7.default.existsSync(logPath)) {
     console.log(
-      import_chalk5.default.yellow("No audit logs found. Run node9 with an agent to generate entries.")
+      import_chalk6.default.yellow("No audit logs found. Run node9 with an agent to generate entries.")
     );
     return;
   }
-  const raw = import_fs5.default.readFileSync(logPath, "utf-8");
+  const raw = import_fs7.default.readFileSync(logPath, "utf-8");
   const lines = raw.split("\n").filter((l) => l.trim() !== "");
   let entries = lines.flatMap((line) => {
     try {
@@ -4626,31 +5752,31 @@ program.command("audit").description("View local execution audit log").option("-
     return;
   }
   if (entries.length === 0) {
-    console.log(import_chalk5.default.yellow("No matching audit entries."));
+    console.log(import_chalk6.default.yellow("No matching audit entries."));
     return;
   }
   console.log(
     `
-  ${import_chalk5.default.bold("Node9 Audit Log")}  ${import_chalk5.default.dim(`(${entries.length} entries)`)}`
+  ${import_chalk6.default.bold("Node9 Audit Log")}  ${import_chalk6.default.dim(`(${entries.length} entries)`)}`
   );
-  console.log(import_chalk5.default.dim("  " + "\u2500".repeat(65)));
+  console.log(import_chalk6.default.dim("  " + "\u2500".repeat(65)));
   console.log(
     `  ${"Time".padEnd(12)} ${"Tool".padEnd(18)} ${"Result".padEnd(10)} ${"By".padEnd(15)} Agent`
   );
-  console.log(import_chalk5.default.dim("  " + "\u2500".repeat(65)));
+  console.log(import_chalk6.default.dim("  " + "\u2500".repeat(65)));
   for (const e of entries) {
     const time = formatRelativeTime(String(e.ts)).padEnd(12);
     const tool = String(e.tool).slice(0, 17).padEnd(18);
-    const result = e.decision === "allow" ? import_chalk5.default.green("ALLOW".padEnd(10)) : import_chalk5.default.red("DENY".padEnd(10));
+    const result = e.decision === "allow" ? import_chalk6.default.green("ALLOW".padEnd(10)) : import_chalk6.default.red("DENY".padEnd(10));
     const checker = String(e.checkedBy || "unknown").slice(0, 14).padEnd(15);
     const agent = String(e.agent || "unknown");
     console.log(`  ${time} ${tool} ${result} ${checker} ${agent}`);
   }
   const allowed = entries.filter((e) => e.decision === "allow").length;
   const denied = entries.filter((e) => e.decision === "deny").length;
-  console.log(import_chalk5.default.dim("  " + "\u2500".repeat(65)));
+  console.log(import_chalk6.default.dim("  " + "\u2500".repeat(65)));
   console.log(
-    `  ${entries.length} entries  |  ${import_chalk5.default.green(allowed + " allowed")}  |  ${import_chalk5.default.red(denied + " denied")}
+    `  ${entries.length} entries  |  ${import_chalk6.default.green(allowed + " allowed")}  |  ${import_chalk6.default.red(denied + " denied")}
 `
   );
 });
@@ -4661,43 +5787,43 @@ program.command("status").description("Show current Node9 mode, policy source, a
   const settings = mergedConfig.settings;
   console.log("");
   if (creds && settings.approvers.cloud) {
-    console.log(import_chalk5.default.green("  \u25CF Agent mode") + import_chalk5.default.gray(" \u2014 cloud team policy enforced"));
+    console.log(import_chalk6.default.green("  \u25CF Agent mode") + import_chalk6.default.gray(" \u2014 cloud team policy enforced"));
   } else if (creds && !settings.approvers.cloud) {
     console.log(
-      import_chalk5.default.blue("  \u25CF Privacy mode \u{1F6E1}\uFE0F") + import_chalk5.default.gray(" \u2014 all decisions stay on this machine")
+      import_chalk6.default.blue("  \u25CF Privacy mode \u{1F6E1}\uFE0F") + import_chalk6.default.gray(" \u2014 all decisions stay on this machine")
     );
   } else {
     console.log(
-      import_chalk5.default.yellow("  \u25CB Privacy mode \u{1F6E1}\uFE0F") + import_chalk5.default.gray(" \u2014 no API key (Local rules only)")
+      import_chalk6.default.yellow("  \u25CB Privacy mode \u{1F6E1}\uFE0F") + import_chalk6.default.gray(" \u2014 no API key (Local rules only)")
     );
   }
   console.log("");
   if (daemonRunning) {
     console.log(
-      import_chalk5.default.green("  \u25CF Daemon running") + import_chalk5.default.gray(` \u2192 http://127.0.0.1:${DAEMON_PORT2}/`)
+      import_chalk6.default.green("  \u25CF Daemon running") + import_chalk6.default.gray(` \u2192 http://127.0.0.1:${DAEMON_PORT2}/`)
     );
   } else {
-    console.log(import_chalk5.default.gray("  \u25CB Daemon stopped"));
+    console.log(import_chalk6.default.gray("  \u25CB Daemon stopped"));
   }
   if (settings.enableUndo) {
     console.log(
-      import_chalk5.default.magenta("  \u25CF Undo Engine") + import_chalk5.default.gray(`    \u2192 Auto-snapshotting Git repos on AI change`)
+      import_chalk6.default.magenta("  \u25CF Undo Engine") + import_chalk6.default.gray(`    \u2192 Auto-snapshotting Git repos on AI change`)
     );
   }
   console.log("");
-  const modeLabel = settings.mode === "audit" ? import_chalk5.default.blue("audit") : settings.mode === "strict" ? import_chalk5.default.red("strict") : import_chalk5.default.white("standard");
+  const modeLabel = settings.mode === "audit" ? import_chalk6.default.blue("audit") : settings.mode === "strict" ? import_chalk6.default.red("strict") : import_chalk6.default.white("standard");
   console.log(`  Mode:    ${modeLabel}`);
-  const projectConfig = import_path7.default.join(process.cwd(), "node9.config.json");
-  const globalConfig = import_path7.default.join(import_os5.default.homedir(), ".node9", "config.json");
+  const projectConfig = import_path9.default.join(process.cwd(), "node9.config.json");
+  const globalConfig = import_path9.default.join(import_os7.default.homedir(), ".node9", "config.json");
   console.log(
-    `  Local:   ${import_fs5.default.existsSync(projectConfig) ? import_chalk5.default.green("Active (node9.config.json)") : import_chalk5.default.gray("Not present")}`
+    `  Local:   ${import_fs7.default.existsSync(projectConfig) ? import_chalk6.default.green("Active (node9.config.json)") : import_chalk6.default.gray("Not present")}`
   );
   console.log(
-    `  Global:  ${import_fs5.default.existsSync(globalConfig) ? import_chalk5.default.green("Active (~/.node9/config.json)") : import_chalk5.default.gray("Not present")}`
+    `  Global:  ${import_fs7.default.existsSync(globalConfig) ? import_chalk6.default.green("Active (~/.node9/config.json)") : import_chalk6.default.gray("Not present")}`
   );
   if (mergedConfig.policy.sandboxPaths.length > 0) {
     console.log(
-      `  Sandbox: ${import_chalk5.default.green(`${mergedConfig.policy.sandboxPaths.length} safe zones active`)}`
+      `  Sandbox: ${import_chalk6.default.green(`${mergedConfig.policy.sandboxPaths.length} safe zones active`)}`
     );
   }
   const pauseState = checkPause();
@@ -4705,47 +5831,63 @@ program.command("status").description("Show current Node9 mode, policy source, a
     const expiresAt = pauseState.expiresAt ? new Date(pauseState.expiresAt).toLocaleTimeString() : "indefinitely";
     console.log("");
     console.log(
-      import_chalk5.default.yellow(`  \u23F8  PAUSED until ${expiresAt}`) + import_chalk5.default.gray(" \u2014 all tool calls allowed")
+      import_chalk6.default.yellow(`  \u23F8  PAUSED until ${expiresAt}`) + import_chalk6.default.gray(" \u2014 all tool calls allowed")
     );
   }
   console.log("");
 });
-program.command("daemon").description("Run the local approval server").argument("[action]", "start | stop | status (default: start)").option("-b, --background", "Start the daemon in the background (detached)").option("-o, --openui", "Start in background and open browser").action(
+program.command("daemon").description("Run the local approval server").argument("[action]", "start | stop | status (default: start)").option("-b, --background", "Start the daemon in the background (detached)").option("-o, --openui", "Start in background and open browser").option(
+  "-w, --watch",
+  "Start daemon + open browser, stay alive permanently (Flight Recorder mode)"
+).action(
   async (action, options) => {
     const cmd = (action ?? "start").toLowerCase();
     if (cmd === "stop") return stopDaemon();
     if (cmd === "status") return daemonStatus();
     if (cmd !== "start" && action !== void 0) {
-      console.error(import_chalk5.default.red(`Unknown daemon action: "${action}". Use: start | stop | status`));
+      console.error(import_chalk6.default.red(`Unknown daemon action: "${action}". Use: start | stop | status`));
       process.exit(1);
     }
+    if (options.watch) {
+      process.env.NODE9_WATCH_MODE = "1";
+      setTimeout(() => {
+        openBrowserLocal();
+        console.log(import_chalk6.default.cyan(`\u{1F6F0}\uFE0F  Flight Recorder: http://${DAEMON_HOST2}:${DAEMON_PORT2}/`));
+      }, 600);
+      startDaemon();
+      return;
+    }
     if (options.openui) {
       if (isDaemonRunning()) {
         openBrowserLocal();
-        console.log(import_chalk5.default.green(`\u{1F310}  Opened browser: http://${DAEMON_HOST2}:${DAEMON_PORT2}/`));
+        console.log(import_chalk6.default.green(`\u{1F310}  Opened browser: http://${DAEMON_HOST2}:${DAEMON_PORT2}/`));
         process.exit(0);
       }
-      const child = (0, import_child_process4.spawn)("node9", ["daemon"], { detached: true, stdio: "ignore" });
+      const child = (0, import_child_process5.spawn)("node9", ["daemon"], { detached: true, stdio: "ignore" });
       child.unref();
       for (let i = 0; i < 12; i++) {
         await new Promise((r) => setTimeout(r, 250));
         if (isDaemonRunning()) break;
       }
       openBrowserLocal();
-      console.log(import_chalk5.default.green(`
+      console.log(import_chalk6.default.green(`
 \u{1F6E1}\uFE0F  Node9 daemon started + browser opened`));
       process.exit(0);
     }
     if (options.background) {
-      const child = (0, import_child_process4.spawn)("node9", ["daemon"], { detached: true, stdio: "ignore" });
+      const child = (0, import_child_process5.spawn)("node9", ["daemon"], { detached: true, stdio: "ignore" });
       child.unref();
-      console.log(import_chalk5.default.green(`
+      console.log(import_chalk6.default.green(`
 \u{1F6E1}\uFE0F  Node9 daemon started in background  (PID ${child.pid})`));
       process.exit(0);
     }
     startDaemon();
   }
 );
+program.command("tail").description("Stream live agent activity to the terminal").option("--history", "Include recent history on connect", false).action(async (options) => {
+  const { startTail: startTail2 } = await Promise.resolve().then(() => (init_tail(), tail_exports));
+  await startTail2(options);
+});
 program.command("check").description("Hook handler \u2014 evaluates a tool call before execution").argument("[data]", "JSON string of the tool call").action(async (data) => {
   const processPayload = async (raw) => {
     try {
@@ -4756,9 +5898,9 @@ program.command("check").description("Hook handler \u2014 evaluates a tool call
       } catch (err) {
         const tempConfig = getConfig();
         if (process.env.NODE9_DEBUG === "1" || tempConfig.settings.enableHookLogDebug) {
-          const logPath = import_path7.default.join(import_os5.default.homedir(), ".node9", "hook-debug.log");
+          const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
           const errMsg = err instanceof Error ? err.message : String(err);
-          import_fs5.default.appendFileSync(
+          import_fs7.default.appendFileSync(
             logPath,
             `[${(/* @__PURE__ */ new Date()).toISOString()}] JSON_PARSE_ERROR: ${errMsg}
 RAW: ${raw}
@@ -4776,10 +5918,10 @@ RAW: ${raw}
       }
       const config = getConfig();
       if (process.env.NODE9_DEBUG === "1" || config.settings.enableHookLogDebug) {
-        const logPath = import_path7.default.join(import_os5.default.homedir(), ".node9", "hook-debug.log");
-        if (!import_fs5.default.existsSync(import_path7.default.dirname(logPath)))
-          import_fs5.default.mkdirSync(import_path7.default.dirname(logPath), { recursive: true });
-        import_fs5.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
+        const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
+        if (!import_fs7.default.existsSync(import_path9.default.dirname(logPath)))
+          import_fs7.default.mkdirSync(import_path9.default.dirname(logPath), { recursive: true });
+        import_fs7.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
 `);
       }
       const toolName = sanitize(payload.tool_name ?? payload.name ?? "");
@@ -4790,13 +5932,19 @@ RAW: ${raw}
       const sendBlock = (msg, result2) => {
         const blockedByContext = result2?.blockedByLabel || result2?.blockedBy || "Local Security Policy";
         const isHumanDecision = blockedByContext.toLowerCase().includes("user") || blockedByContext.toLowerCase().includes("daemon") || blockedByContext.toLowerCase().includes("decision");
-        console.error(import_chalk5.default.red(`
+        if (blockedByContext.includes("DLP") || blockedByContext.includes("Secret Detected") || blockedByContext.includes("Credential Review")) {
+          console.error(import_chalk6.default.bgRed.white.bold(`
+ \u{1F6A8} NODE9 DLP ALERT \u2014 CREDENTIAL DETECTED `));
+          console.error(import_chalk6.default.red.bold(`   A sensitive secret was found in the tool arguments!`));
+        } else {
+          console.error(import_chalk6.default.red(`
 \u{1F6D1} Node9 blocked "${toolName}"`));
-        console.error(import_chalk5.default.gray(`   Triggered by: ${blockedByContext}`));
-        if (result2?.changeHint) console.error(import_chalk5.default.cyan(`   To change:  ${result2.changeHint}`));
+        }
+        console.error(import_chalk6.default.gray(`   Triggered by: ${blockedByContext}`));
+        if (result2?.changeHint) console.error(import_chalk6.default.cyan(`   To change:  ${result2.changeHint}`));
         console.error("");
         const aiFeedbackMessage = buildNegotiationMessage(blockedByContext, isHumanDecision, msg);
-        console.error(import_chalk5.default.dim(`   (Detailed instructions sent to AI agent)`));
+        console.error(import_chalk6.default.dim(`   (Detailed instructions sent to AI agent)`));
         process.stdout.write(
           JSON.stringify({
             decision: "block",
@@ -4827,7 +5975,7 @@ RAW: ${raw}
         process.exit(0);
       }
       if (result.noApprovalMechanism && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON && !process.stdout.isTTY && config.settings.autoStartDaemon) {
-        console.error(import_chalk5.default.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically..."));
+        console.error(import_chalk6.default.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically..."));
         const daemonReady = await autoStartDaemonAndWait();
         if (daemonReady) {
           const retry = await authorizeHeadless(toolName, toolInput, false, meta);
@@ -4850,9 +5998,9 @@ RAW: ${raw}
       });
     } catch (err) {
       if (process.env.NODE9_DEBUG === "1") {
-        const logPath = import_path7.default.join(import_os5.default.homedir(), ".node9", "hook-debug.log");
+        const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
         const errMsg = err instanceof Error ? err.message : String(err);
-        import_fs5.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
+        import_fs7.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
 `);
       }
       process.exit(0);
@@ -4897,10 +6045,10 @@ program.command("log").description("PostToolUse hook \u2014 records executed too
         decision: "allowed",
         source: "post-hook"
       };
-      const logPath = import_path7.default.join(import_os5.default.homedir(), ".node9", "audit.log");
-      if (!import_fs5.default.existsSync(import_path7.default.dirname(logPath)))
-        import_fs5.default.mkdirSync(import_path7.default.dirname(logPath), { recursive: true });
-      import_fs5.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
+      const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "audit.log");
+      if (!import_fs7.default.existsSync(import_path9.default.dirname(logPath)))
+        import_fs7.default.mkdirSync(import_path9.default.dirname(logPath), { recursive: true });
+      import_fs7.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
       const config = getConfig();
       if (shouldSnapshot(tool, {}, config)) {
         await createShadowSnapshot();
@@ -4927,7 +6075,7 @@ program.command("pause").description("Temporarily disable Node9 protection for a
   const ms = parseDuration(options.duration);
   if (ms === null) {
     console.error(
-      import_chalk5.default.red(`
+      import_chalk6.default.red(`
 \u274C  Invalid duration: "${options.duration}". Use format like 15m, 1h, 30s.
 `)
     );
@@ -4935,20 +6083,20 @@ program.command("pause").description("Temporarily disable Node9 protection for a
   }
   pauseNode9(ms, options.duration);
   const expiresAt = new Date(Date.now() + ms).toLocaleTimeString();
-  console.log(import_chalk5.default.yellow(`
+  console.log(import_chalk6.default.yellow(`
 \u23F8  Node9 paused until ${expiresAt}`));
-  console.log(import_chalk5.default.gray(`   All tool calls will be allowed without review.`));
-  console.log(import_chalk5.default.gray(`   Run "node9 resume" to re-enable early.
+  console.log(import_chalk6.default.gray(`   All tool calls will be allowed without review.`));
+  console.log(import_chalk6.default.gray(`   Run "node9 resume" to re-enable early.
 `));
 });
 program.command("resume").description("Re-enable Node9 protection immediately").action(() => {
   const { paused } = checkPause();
   if (!paused) {
-    console.log(import_chalk5.default.gray("\nNode9 is already active \u2014 nothing to resume.\n"));
+    console.log(import_chalk6.default.gray("\nNode9 is already active \u2014 nothing to resume.\n"));
     return;
   }
   resumeNode9();
-  console.log(import_chalk5.default.green("\n\u25B6  Node9 resumed \u2014 protection is active.\n"));
+  console.log(import_chalk6.default.green("\n\u25B6  Node9 resumed \u2014 protection is active.\n"));
 });
 var HOOK_BASED_AGENTS = {
   claude: "claude",
@@ -4961,15 +6109,15 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
     if (HOOK_BASED_AGENTS[firstArg] !== void 0) {
       const target = HOOK_BASED_AGENTS[firstArg];
       console.error(
-        import_chalk5.default.yellow(`
+        import_chalk6.default.yellow(`
 \u26A0\uFE0F  Node9 proxy mode does not support "${target}" directly.`)
       );
-      console.error(import_chalk5.default.white(`
+      console.error(import_chalk6.default.white(`
    "${target}" uses its own hook system. Use:`));
       console.error(
-        import_chalk5.default.green(`     node9 addto ${target}   `) + import_chalk5.default.gray("# one-time setup")
+        import_chalk6.default.green(`     node9 addto ${target}   `) + import_chalk6.default.gray("# one-time setup")
       );
-      console.error(import_chalk5.default.green(`     ${target}              `) + import_chalk5.default.gray("# run normally"));
+      console.error(import_chalk6.default.green(`     ${target}              `) + import_chalk6.default.gray("# run normally"));
       process.exit(1);
     }
     const fullCommand = commandArgs.join(" ");
@@ -4977,7 +6125,7 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
       agent: "Terminal"
     });
     if (result.noApprovalMechanism && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON && getConfig().settings.autoStartDaemon) {
-      console.error(import_chalk5.default.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically..."));
+      console.error(import_chalk6.default.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically..."));
       const daemonReady = await autoStartDaemonAndWait();
       if (daemonReady) result = await authorizeHeadless("shell", { command: fullCommand });
     }
@@ -4986,12 +6134,12 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
     }
     if (!result.approved) {
       console.error(
-        import_chalk5.default.red(`
+        import_chalk6.default.red(`
 \u274C Node9 Blocked: ${result.reason || "Dangerous command detected."}`)
       );
       process.exit(1);
     }
-    console.error(import_chalk5.default.green("\n\u2705 Approved \u2014 running command...\n"));
+    console.error(import_chalk6.default.green("\n\u2705 Approved \u2014 running command...\n"));
     await runProxy(fullCommand);
   } else {
     program.help();
@@ -5006,22 +6154,22 @@ program.command("undo").description(
   if (history.length === 0) {
     if (!options.all && allHistory.length > 0) {
       console.log(
-        import_chalk5.default.yellow(
+        import_chalk6.default.yellow(
           `
 \u2139\uFE0F  No snapshots found for the current directory (${process.cwd()}).
-    Run ${import_chalk5.default.cyan("node9 undo --all")} to see snapshots from all projects.
+    Run ${import_chalk6.default.cyan("node9 undo --all")} to see snapshots from all projects.
 `
         )
       );
     } else {
-      console.log(import_chalk5.default.yellow("\n\u2139\uFE0F  No undo snapshots found.\n"));
+      console.log(import_chalk6.default.yellow("\n\u2139\uFE0F  No undo snapshots found.\n"));
     }
     return;
   }
   const idx = history.length - steps;
   if (idx < 0) {
     console.log(
-      import_chalk5.default.yellow(
+      import_chalk6.default.yellow(
         `
 \u2139\uFE0F  Only ${history.length} snapshot(s) available, cannot go back ${steps}.
 `
@@ -5032,18 +6180,18 @@ program.command("undo").description(
   const snapshot = history[idx];
   const age = Math.round((Date.now() - snapshot.timestamp) / 1e3);
   const ageStr = age < 60 ? `${age}s ago` : age < 3600 ? `${Math.round(age / 60)}m ago` : `${Math.round(age / 3600)}h ago`;
-  console.log(import_chalk5.default.magenta.bold(`
+  console.log(import_chalk6.default.magenta.bold(`
 \u23EA  Node9 Undo${steps > 1 ? ` (${steps} steps back)` : ""}`));
   console.log(
-    import_chalk5.default.white(
-      `    Tool:  ${import_chalk5.default.cyan(snapshot.tool)}${snapshot.argsSummary ? import_chalk5.default.gray(" \u2192 " + snapshot.argsSummary) : ""}`
+    import_chalk6.default.white(
+      `    Tool:  ${import_chalk6.default.cyan(snapshot.tool)}${snapshot.argsSummary ? import_chalk6.default.gray(" \u2192 " + snapshot.argsSummary) : ""}`
     )
   );
-  console.log(import_chalk5.default.white(`    When:  ${import_chalk5.default.gray(ageStr)}`));
-  console.log(import_chalk5.default.white(`    Dir:   ${import_chalk5.default.gray(snapshot.cwd)}`));
+  console.log(import_chalk6.default.white(`    When:  ${import_chalk6.default.gray(ageStr)}`));
+  console.log(import_chalk6.default.white(`    Dir:   ${import_chalk6.default.gray(snapshot.cwd)}`));
   if (steps > 1)
     console.log(
-      import_chalk5.default.yellow(`    Note:  This will also undo the ${steps - 1} action(s) after it.`)
+      import_chalk6.default.yellow(`    Note:  This will also undo the ${steps - 1} action(s) after it.`)
     );
   console.log("");
   const diff = computeUndoDiff(snapshot.hash, snapshot.cwd);
@@ -5051,21 +6199,21 @@ program.command("undo").description(
     const lines = diff.split("\n");
     for (const line of lines) {
       if (line.startsWith("+++") || line.startsWith("---")) {
-        console.log(import_chalk5.default.bold(line));
+        console.log(import_chalk6.default.bold(line));
       } else if (line.startsWith("+")) {
-        console.log(import_chalk5.default.green(line));
+        console.log(import_chalk6.default.green(line));
       } else if (line.startsWith("-")) {
-        console.log(import_chalk5.default.red(line));
+        console.log(import_chalk6.default.red(line));
       } else if (line.startsWith("@@")) {
-        console.log(import_chalk5.default.cyan(line));
+        console.log(import_chalk6.default.cyan(line));
       } else {
-        console.log(import_chalk5.default.gray(line));
+        console.log(import_chalk6.default.gray(line));
       }
     }
     console.log("");
   } else {
     console.log(
-      import_chalk5.default.gray("    (no diff available \u2014 working tree may already match snapshot)\n")
+      import_chalk6.default.gray("    (no diff available \u2014 working tree may already match snapshot)\n")
     );
   }
   const proceed = await (0, import_prompts3.confirm)({
@@ -5074,21 +6222,111 @@ program.command("undo").description(
   });
   if (proceed) {
     if (applyUndo(snapshot.hash, snapshot.cwd)) {
-      console.log(import_chalk5.default.green("\n\u2705 Reverted successfully.\n"));
+      console.log(import_chalk6.default.green("\n\u2705 Reverted successfully.\n"));
     } else {
-      console.error(import_chalk5.default.red("\n\u274C Undo failed. Ensure you are in a Git repository.\n"));
+      console.error(import_chalk6.default.red("\n\u274C Undo failed. Ensure you are in a Git repository.\n"));
     }
   } else {
-    console.log(import_chalk5.default.gray("\nCancelled.\n"));
+    console.log(import_chalk6.default.gray("\nCancelled.\n"));
+  }
+});
+var shieldCmd = program.command("shield").description("Manage pre-packaged security shield templates");
+shieldCmd.command("enable <service>").description("Enable a security shield for a specific service").action((service) => {
+  const name = resolveShieldName(service);
+  if (!name) {
+    console.error(import_chalk6.default.red(`
+\u274C Unknown shield: "${service}"
+`));
+    console.log(`Run ${import_chalk6.default.cyan("node9 shield list")} to see available shields.
+`);
+    process.exit(1);
+  }
+  const shield = getShield(name);
+  const active = readActiveShields();
+  if (active.includes(name)) {
+    console.log(import_chalk6.default.yellow(`
+\u2139\uFE0F  Shield "${name}" is already active.
+`));
+    return;
+  }
+  writeActiveShields([...active, name]);
+  console.log(import_chalk6.default.green(`
+\u{1F6E1}\uFE0F  Shield "${name}" enabled.`));
+  console.log(import_chalk6.default.gray(`   ${shield.smartRules.length} smart rules now active.`));
+  if (shield.dangerousWords.length > 0)
+    console.log(import_chalk6.default.gray(`   ${shield.dangerousWords.length} dangerous words now active.`));
+  if (name === "filesystem") {
+    console.log(
+      import_chalk6.default.yellow(
+        `
+   \u26A0\uFE0F  Note: filesystem rules cover common rm -rf patterns but not all variants.
+      Tools like unlink, find -delete, or language-level file ops are not intercepted.`
+      )
+    );
+  }
+  console.log("");
+});
+shieldCmd.command("disable <service>").description("Disable a security shield").action((service) => {
+  const name = resolveShieldName(service);
+  if (!name) {
+    console.error(import_chalk6.default.red(`
+\u274C Unknown shield: "${service}"
+`));
+    console.log(`Run ${import_chalk6.default.cyan("node9 shield list")} to see available shields.
+`);
+    process.exit(1);
   }
+  const active = readActiveShields();
+  if (!active.includes(name)) {
+    console.log(import_chalk6.default.yellow(`
+\u2139\uFE0F  Shield "${name}" is not active.
+`));
+    return;
+  }
+  writeActiveShields(active.filter((s) => s !== name));
+  console.log(import_chalk6.default.green(`
+\u{1F6E1}\uFE0F  Shield "${name}" disabled.
+`));
+});
+shieldCmd.command("list").description("Show all available shields").action(() => {
+  const active = new Set(readActiveShields());
+  console.log(import_chalk6.default.bold("\n\u{1F6E1}\uFE0F  Available Shields\n"));
+  for (const shield of listShields()) {
+    const status = active.has(shield.name) ? import_chalk6.default.green("\u25CF enabled") : import_chalk6.default.gray("\u25CB disabled");
+    console.log(`  ${status}  ${import_chalk6.default.cyan(shield.name.padEnd(12))} ${shield.description}`);
+    if (shield.aliases.length > 0)
+      console.log(import_chalk6.default.gray(`              aliases: ${shield.aliases.join(", ")}`));
+  }
+  console.log("");
+});
+shieldCmd.command("status").description("Show which shields are currently active").action(() => {
+  const active = readActiveShields();
+  if (active.length === 0) {
+    console.log(import_chalk6.default.yellow("\n\u2139\uFE0F  No shields are active.\n"));
+    console.log(`Run ${import_chalk6.default.cyan("node9 shield list")} to see available shields.
+`);
+    return;
+  }
+  console.log(import_chalk6.default.bold("\n\u{1F6E1}\uFE0F  Active Shields\n"));
+  for (const name of active) {
+    const shield = getShield(name);
+    if (!shield) continue;
+    console.log(`  ${import_chalk6.default.green("\u25CF")} ${import_chalk6.default.cyan(name)}`);
+    console.log(
+      import_chalk6.default.gray(
+        `    ${shield.smartRules.length} smart rules \xB7 ${shield.dangerousWords.length} dangerous words`
+      )
+    );
+  }
+  console.log("");
 });
 process.on("unhandledRejection", (reason) => {
   const isCheckHook = process.argv[2] === "check";
   if (isCheckHook) {
     if (process.env.NODE9_DEBUG === "1" || getConfig().settings.enableHookLogDebug) {
-      const logPath = import_path7.default.join(import_os5.default.homedir(), ".node9", "hook-debug.log");
+      const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
       const msg = reason instanceof Error ? reason.message : String(reason);
-      import_fs5.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
+      import_fs7.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
 `);
     }
     process.exit(0);