@node9/proxy 1.0.18 → 1.1.0

package/dist/cli.js

@@ -380,8 +380,8 @@ function sanitizeConfig(raw) {
     }
   }
   const lines = result.error.issues.map((issue) => {
-    const path10 = issue.path.length > 0 ? issue.path.join(".") : "root";
-    return `  \u2022 ${path10}: ${issue.message}`;
+    const path11 = issue.path.length > 0 ? issue.path.join(".") : "root";
+    return `  \u2022 ${path11}: ${issue.message}`;
   });
   return {
     sanitized,
@@ -696,6 +696,39 @@ var init_shields = __esm({
 });
 
 // src/dlp.ts
+function scanFilePath(filePath, cwd = process.cwd()) {
+  if (!filePath) return null;
+  let resolved;
+  try {
+    const absolute = import_path4.default.resolve(cwd, filePath);
+    resolved = import_fs2.default.realpathSync.native(absolute);
+  } catch (err) {
+    const code = err.code;
+    if (code === "ENOENT" || code === "ENOTDIR") {
+      resolved = import_path4.default.resolve(cwd, filePath);
+    } else {
+      return {
+        patternName: "Sensitive File Path",
+        fieldPath: "file_path",
+        redactedSample: filePath,
+        severity: "block"
+      };
+    }
+  }
+  const normalised = resolved.replace(/\\/g, "/");
+  for (const pattern of SENSITIVE_PATH_PATTERNS) {
+    if (pattern.test(normalised)) {
+      return {
+        patternName: "Sensitive File Path",
+        fieldPath: "file_path",
+        redactedSample: filePath,
+        // show original path in alert, not resolved
+        severity: "block"
+      };
+    }
+  }
+  return null;
+}
 function maskSecret(raw, pattern) {
   const match = raw.match(pattern);
   if (!match) return "****";
@@ -748,10 +781,12 @@ function scanArgs(args, depth = 0, fieldPath = "args") {
   }
   return null;
 }
-var DLP_PATTERNS, MAX_DEPTH, MAX_STRING_BYTES, MAX_JSON_PARSE_BYTES;
+var import_fs2, import_path4, DLP_PATTERNS, SENSITIVE_PATH_PATTERNS, MAX_DEPTH, MAX_STRING_BYTES, MAX_JSON_PARSE_BYTES;
 var init_dlp = __esm({
   "src/dlp.ts"() {
     "use strict";
+    import_fs2 = __toESM(require("fs"));
+    import_path4 = __toESM(require("path"));
     DLP_PATTERNS = [
       { name: "AWS Access Key ID", regex: /\bAKIA[0-9A-Z]{16}\b/, severity: "block" },
       { name: "GitHub Token", regex: /\bgh[pous]_[A-Za-z0-9]{36}\b/, severity: "block" },
@@ -763,8 +798,43 @@ var init_dlp = __esm({
         regex: /-----BEGIN (?:RSA |EC |OPENSSH )?PRIVATE KEY-----/,
         severity: "block"
       },
+      // GCP service account JSON (detects the type field that uniquely identifies it)
+      {
+        name: "GCP Service Account",
+        regex: /"type"\s*:\s*"service_account"/,
+        severity: "block"
+      },
+      // NPM auth token in .npmrc format
+      {
+        name: "NPM Auth Token",
+        regex: /_authToken\s*=\s*[A-Za-z0-9_\-]{20,}/,
+        severity: "block"
+      },
       { name: "Bearer Token", regex: /Bearer\s+[a-zA-Z0-9\-._~+/]+=*/i, severity: "review" }
     ];
+    SENSITIVE_PATH_PATTERNS = [
+      /[/\\]\.ssh[/\\]/i,
+      /[/\\]\.aws[/\\]/i,
+      /[/\\]\.config[/\\]gcloud[/\\]/i,
+      /[/\\]\.azure[/\\]/i,
+      /[/\\]\.kube[/\\]config$/i,
+      /[/\\]\.env($|\.)/i,
+      // .env, .env.local, .env.production — not .envoy
+      /[/\\]\.git-credentials$/i,
+      /[/\\]\.npmrc$/i,
+      /[/\\]\.docker[/\\]config\.json$/i,
+      /[/\\][^/\\]+\.pem$/i,
+      /[/\\][^/\\]+\.key$/i,
+      /[/\\][^/\\]+\.p12$/i,
+      /[/\\][^/\\]+\.pfx$/i,
+      /^\/etc\/passwd$/,
+      /^\/etc\/shadow$/,
+      /^\/etc\/sudoers$/,
+      /[/\\]credentials\.json$/i,
+      /[/\\]id_rsa$/i,
+      /[/\\]id_ed25519$/i,
+      /[/\\]id_ecdsa$/i
+    ];
     MAX_DEPTH = 5;
     MAX_STRING_BYTES = 1e5;
     MAX_JSON_PARSE_BYTES = 1e4;
@@ -774,11 +844,11 @@ var init_dlp = __esm({
 // src/core.ts
 function checkPause() {
   try {
-    if (!import_fs2.default.existsSync(PAUSED_FILE)) return { paused: false };
-    const state = JSON.parse(import_fs2.default.readFileSync(PAUSED_FILE, "utf-8"));
+    if (!import_fs3.default.existsSync(PAUSED_FILE)) return { paused: false };
+    const state = JSON.parse(import_fs3.default.readFileSync(PAUSED_FILE, "utf-8"));
     if (state.expiry > 0 && Date.now() >= state.expiry) {
       try {
-        import_fs2.default.unlinkSync(PAUSED_FILE);
+        import_fs3.default.unlinkSync(PAUSED_FILE);
       } catch {
       }
       return { paused: false };
@@ -789,11 +859,11 @@ function checkPause() {
   }
 }
 function atomicWriteSync(filePath, data, options) {
-  const dir = import_path4.default.dirname(filePath);
-  if (!import_fs2.default.existsSync(dir)) import_fs2.default.mkdirSync(dir, { recursive: true });
+  const dir = import_path5.default.dirname(filePath);
+  if (!import_fs3.default.existsSync(dir)) import_fs3.default.mkdirSync(dir, { recursive: true });
   const tmpPath = `${filePath}.${import_os2.default.hostname()}.${process.pid}.tmp`;
-  import_fs2.default.writeFileSync(tmpPath, data, options);
-  import_fs2.default.renameSync(tmpPath, filePath);
+  import_fs3.default.writeFileSync(tmpPath, data, options);
+  import_fs3.default.renameSync(tmpPath, filePath);
 }
 function pauseNode9(durationMs, durationStr) {
   const state = { expiry: Date.now() + durationMs, duration: durationStr };
@@ -801,18 +871,88 @@ function pauseNode9(durationMs, durationStr) {
 }
 function resumeNode9() {
   try {
-    if (import_fs2.default.existsSync(PAUSED_FILE)) import_fs2.default.unlinkSync(PAUSED_FILE);
+    if (import_fs3.default.existsSync(PAUSED_FILE)) import_fs3.default.unlinkSync(PAUSED_FILE);
   } catch {
   }
 }
+function validateRegex(pattern) {
+  if (!pattern) return "Pattern is required";
+  if (pattern.length > MAX_REGEX_LENGTH) return `Pattern exceeds max length of ${MAX_REGEX_LENGTH}`;
+  let parens = 0, brackets = 0, isEscaped = false, inCharClass = false;
+  for (let i = 0; i < pattern.length; i++) {
+    const char = pattern[i];
+    if (isEscaped) {
+      isEscaped = false;
+      continue;
+    }
+    if (char === "\\") {
+      isEscaped = true;
+      continue;
+    }
+    if (char === "[" && !inCharClass) {
+      inCharClass = true;
+      brackets++;
+      continue;
+    }
+    if (char === "]" && inCharClass) {
+      inCharClass = false;
+      brackets--;
+      continue;
+    }
+    if (inCharClass) continue;
+    if (char === "(") parens++;
+    else if (char === ")") parens--;
+  }
+  if (parens !== 0) return "Unbalanced parentheses";
+  if (brackets !== 0) return "Unbalanced brackets";
+  if (/\\\d+[*+{]/.test(pattern)) return "Quantified backreferences are forbidden (ReDoS risk)";
+  if (!(0, import_safe_regex2.default)(pattern)) return "Pattern rejected: potential ReDoS vulnerability detected";
+  try {
+    new RegExp(pattern);
+  } catch (e) {
+    return `Invalid regex syntax: ${e.message}`;
+  }
+  return null;
+}
+function getCompiledRegex(pattern, flags = "") {
+  if (flags && !/^[gimsuy]+$/.test(flags)) {
+    if (process.env.NODE9_DEBUG === "1") console.error(`[Node9] Invalid regex flags: "${flags}"`);
+    return null;
+  }
+  const key = `${pattern}\0${flags}`;
+  if (regexCache.has(key)) {
+    const cached = regexCache.get(key);
+    regexCache.delete(key);
+    regexCache.set(key, cached);
+    return cached;
+  }
+  const err = validateRegex(pattern);
+  if (err) {
+    if (process.env.NODE9_DEBUG === "1")
+      console.error(`[Node9] Regex blocked: ${err} \u2014 pattern: "${pattern}"`);
+    return null;
+  }
+  try {
+    const re = new RegExp(pattern, flags);
+    if (regexCache.size >= REGEX_CACHE_MAX) {
+      const oldest = regexCache.keys().next().value;
+      if (oldest) regexCache.delete(oldest);
+    }
+    regexCache.set(key, re);
+    return re;
+  } catch (e) {
+    if (process.env.NODE9_DEBUG === "1") console.error(`[Node9] Regex compile failed:`, e);
+    return null;
+  }
+}
 function getActiveTrustSession(toolName) {
   try {
-    if (!import_fs2.default.existsSync(TRUST_FILE)) return false;
-    const trust = JSON.parse(import_fs2.default.readFileSync(TRUST_FILE, "utf-8"));
+    if (!import_fs3.default.existsSync(TRUST_FILE)) return false;
+    const trust = JSON.parse(import_fs3.default.readFileSync(TRUST_FILE, "utf-8"));
     const now = Date.now();
     const active = trust.entries.filter((e) => e.expiry > now);
     if (active.length !== trust.entries.length) {
-      import_fs2.default.writeFileSync(TRUST_FILE, JSON.stringify({ entries: active }, null, 2));
+      import_fs3.default.writeFileSync(TRUST_FILE, JSON.stringify({ entries: active }, null, 2));
     }
     return active.some((e) => e.tool === toolName || matchesPattern(toolName, e.tool));
   } catch {
@@ -823,8 +963,8 @@ function writeTrustSession(toolName, durationMs) {
   try {
     let trust = { entries: [] };
     try {
-      if (import_fs2.default.existsSync(TRUST_FILE)) {
-        trust = JSON.parse(import_fs2.default.readFileSync(TRUST_FILE, "utf-8"));
+      if (import_fs3.default.existsSync(TRUST_FILE)) {
+        trust = JSON.parse(import_fs3.default.readFileSync(TRUST_FILE, "utf-8"));
       }
     } catch {
     }
@@ -840,9 +980,9 @@ function writeTrustSession(toolName, durationMs) {
 }
 function appendToLog(logPath, entry) {
   try {
-    const dir = import_path4.default.dirname(logPath);
-    if (!import_fs2.default.existsSync(dir)) import_fs2.default.mkdirSync(dir, { recursive: true });
-    import_fs2.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
+    const dir = import_path5.default.dirname(logPath);
+    if (!import_fs3.default.existsSync(dir)) import_fs3.default.mkdirSync(dir, { recursive: true });
+    import_fs3.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
   } catch {
   }
 }
@@ -884,9 +1024,9 @@ function matchesPattern(text, patterns) {
   const withoutDotSlash = text.replace(/^\.\//, "");
   return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
 }
-function getNestedValue(obj, path10) {
+function getNestedValue(obj, path11) {
   if (!obj || typeof obj !== "object") return null;
-  return path10.split(".").reduce((prev, curr) => prev?.[curr], obj);
+  return path11.split(".").reduce((prev, curr) => prev?.[curr], obj);
 }
 function shouldSnapshot(toolName, args, config) {
   if (!config.settings.enableUndo) return false;
@@ -917,19 +1057,16 @@ function evaluateSmartConditions(args, rule) {
         return val !== null && cond.value ? !val.includes(cond.value) : true;
       case "matches": {
         if (val === null || !cond.value) return false;
-        try {
-          return new RegExp(cond.value, cond.flags ?? "").test(val);
-        } catch {
-          return false;
-        }
+        const reM = getCompiledRegex(cond.value, cond.flags ?? "");
+        if (!reM) return false;
+        return reM.test(val);
       }
       case "notMatches": {
-        if (val === null || !cond.value) return true;
-        try {
-          return !new RegExp(cond.value, cond.flags ?? "").test(val);
-        } catch {
-          return true;
-        }
+        if (!cond.value) return false;
+        if (val === null) return true;
+        const reN = getCompiledRegex(cond.value, cond.flags ?? "");
+        if (!reN) return false;
+        return !reN.test(val);
       }
       case "matchesGlob":
         return val !== null && cond.value ? import_picomatch.default.isMatch(val, cond.value) : false;
@@ -1042,9 +1179,9 @@ function _resetConfigCache() {
 }
 function getGlobalSettings() {
   try {
-    const globalConfigPath = import_path4.default.join(import_os2.default.homedir(), ".node9", "config.json");
-    if (import_fs2.default.existsSync(globalConfigPath)) {
-      const parsed = JSON.parse(import_fs2.default.readFileSync(globalConfigPath, "utf-8"));
+    const globalConfigPath = import_path5.default.join(import_os2.default.homedir(), ".node9", "config.json");
+    if (import_fs3.default.existsSync(globalConfigPath)) {
+      const parsed = JSON.parse(import_fs3.default.readFileSync(globalConfigPath, "utf-8"));
       const settings = parsed.settings || {};
       return {
         mode: settings.mode || "audit",
@@ -1066,9 +1203,9 @@ function getGlobalSettings() {
 }
 function getInternalToken() {
   try {
-    const pidFile = import_path4.default.join(import_os2.default.homedir(), ".node9", "daemon.pid");
-    if (!import_fs2.default.existsSync(pidFile)) return null;
-    const data = JSON.parse(import_fs2.default.readFileSync(pidFile, "utf-8"));
+    const pidFile = import_path5.default.join(import_os2.default.homedir(), ".node9", "daemon.pid");
+    if (!import_fs3.default.existsSync(pidFile)) return null;
+    const data = JSON.parse(import_fs3.default.readFileSync(pidFile, "utf-8"));
     process.kill(data.pid, 0);
     return data.internalToken ?? null;
   } catch {
@@ -1183,9 +1320,9 @@ async function evaluatePolicy(toolName, args, agent) {
 }
 async function explainPolicy(toolName, args) {
   const steps = [];
-  const globalPath = import_path4.default.join(import_os2.default.homedir(), ".node9", "config.json");
-  const projectPath = import_path4.default.join(process.cwd(), "node9.config.json");
-  const credsPath = import_path4.default.join(import_os2.default.homedir(), ".node9", "credentials.json");
+  const globalPath = import_path5.default.join(import_os2.default.homedir(), ".node9", "config.json");
+  const projectPath = import_path5.default.join(process.cwd(), "node9.config.json");
+  const credsPath = import_path5.default.join(import_os2.default.homedir(), ".node9", "credentials.json");
   const waterfall = [
     {
       tier: 1,
@@ -1196,19 +1333,19 @@ async function explainPolicy(toolName, args) {
     {
       tier: 2,
       label: "Cloud policy",
-      status: import_fs2.default.existsSync(credsPath) ? "active" : "missing",
-      note: import_fs2.default.existsSync(credsPath) ? "credentials found (not evaluated in explain mode)" : "not connected \u2014 run: node9 login"
+      status: import_fs3.default.existsSync(credsPath) ? "active" : "missing",
+      note: import_fs3.default.existsSync(credsPath) ? "credentials found (not evaluated in explain mode)" : "not connected \u2014 run: node9 login"
     },
     {
       tier: 3,
       label: "Project config",
-      status: import_fs2.default.existsSync(projectPath) ? "active" : "missing",
+      status: import_fs3.default.existsSync(projectPath) ? "active" : "missing",
       path: projectPath
     },
     {
       tier: 4,
       label: "Global config",
-      status: import_fs2.default.existsSync(globalPath) ? "active" : "missing",
+      status: import_fs3.default.existsSync(globalPath) ? "active" : "missing",
       path: globalPath
     },
     {
@@ -1221,7 +1358,9 @@ async function explainPolicy(toolName, args) {
   const config = getConfig();
   const wouldBeIgnored = matchesPattern(toolName, config.policy.ignoredTools);
   if (config.policy.dlp.enabled && (!wouldBeIgnored || config.policy.dlp.scanIgnoredTools)) {
-    const dlpMatch = args !== void 0 ? scanArgs(args) : null;
+    const argsObjE = args && typeof args === "object" && !Array.isArray(args) ? args : {};
+    const filePathE = String(argsObjE.file_path ?? argsObjE.path ?? argsObjE.filename ?? "");
+    const dlpMatch = (filePathE ? scanFilePath(filePathE) : null) ?? (args !== void 0 ? scanArgs(args) : null);
     if (dlpMatch) {
       steps.push({
         name: "DLP Content Scanner",
@@ -1444,10 +1583,10 @@ function isIgnoredTool(toolName) {
   return matchesPattern(toolName, config.policy.ignoredTools);
 }
 function isDaemonRunning() {
-  const pidFile = import_path4.default.join(import_os2.default.homedir(), ".node9", "daemon.pid");
-  if (import_fs2.default.existsSync(pidFile)) {
+  const pidFile = import_path5.default.join(import_os2.default.homedir(), ".node9", "daemon.pid");
+  if (import_fs3.default.existsSync(pidFile)) {
     try {
-      const { pid, port } = JSON.parse(import_fs2.default.readFileSync(pidFile, "utf-8"));
+      const { pid, port } = JSON.parse(import_fs3.default.readFileSync(pidFile, "utf-8"));
       if (port !== DAEMON_PORT) return false;
       process.kill(pid, 0);
       return true;
@@ -1467,9 +1606,9 @@ function isDaemonRunning() {
 }
 function getPersistentDecision(toolName) {
   try {
-    const file = import_path4.default.join(import_os2.default.homedir(), ".node9", "decisions.json");
-    if (!import_fs2.default.existsSync(file)) return null;
-    const decisions = JSON.parse(import_fs2.default.readFileSync(file, "utf-8"));
+    const file = import_path5.default.join(import_os2.default.homedir(), ".node9", "decisions.json");
+    if (!import_fs3.default.existsSync(file)) return null;
+    const decisions = JSON.parse(import_fs3.default.readFileSync(file, "utf-8"));
     const d = decisions[toolName];
     if (d === "allow" || d === "deny") return d;
   } catch {
@@ -1612,7 +1751,9 @@ async function _authorizeHeadlessCore(toolName, args, allowTerminalFallback = fa
   let policyMatchedWord;
   let riskMetadata;
   if (config.policy.dlp.enabled && (!isIgnoredTool(toolName) || config.policy.dlp.scanIgnoredTools)) {
-    const dlpMatch = scanArgs(args);
+    const argsObj = args && typeof args === "object" && !Array.isArray(args) ? args : {};
+    const filePath = String(argsObj.file_path ?? argsObj.path ?? argsObj.filename ?? "");
+    const dlpMatch = (filePath ? scanFilePath(filePath) : null) ?? scanArgs(args);
     if (dlpMatch) {
       const dlpReason = `\u{1F6A8} DATA LOSS PREVENTION: ${dlpMatch.patternName} detected in field "${dlpMatch.fieldPath}" (${dlpMatch.redactedSample})`;
       if (dlpMatch.severity === "block") {
@@ -1986,8 +2127,8 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
 }
 function getConfig() {
   if (cachedConfig) return cachedConfig;
-  const globalPath = import_path4.default.join(import_os2.default.homedir(), ".node9", "config.json");
-  const projectPath = import_path4.default.join(process.cwd(), "node9.config.json");
+  const globalPath = import_path5.default.join(import_os2.default.homedir(), ".node9", "config.json");
+  const projectPath = import_path5.default.join(process.cwd(), "node9.config.json");
   const globalConfig = tryLoadConfig(globalPath);
   const projectConfig = tryLoadConfig(projectPath);
   const mergedSettings = {
@@ -2082,10 +2223,10 @@ function getConfig() {
   return cachedConfig;
 }
 function tryLoadConfig(filePath) {
-  if (!import_fs2.default.existsSync(filePath)) return null;
+  if (!import_fs3.default.existsSync(filePath)) return null;
   let raw;
   try {
-    raw = JSON.parse(import_fs2.default.readFileSync(filePath, "utf-8"));
+    raw = JSON.parse(import_fs3.default.readFileSync(filePath, "utf-8"));
   } catch (err) {
     const msg = err instanceof Error ? err.message : String(err);
     process.stderr.write(
@@ -2147,9 +2288,9 @@ function getCredentials() {
     };
   }
   try {
-    const credPath = import_path4.default.join(import_os2.default.homedir(), ".node9", "credentials.json");
-    if (import_fs2.default.existsSync(credPath)) {
-      const creds = JSON.parse(import_fs2.default.readFileSync(credPath, "utf-8"));
+    const credPath = import_path5.default.join(import_os2.default.homedir(), ".node9", "credentials.json");
+    if (import_fs3.default.existsSync(credPath)) {
+      const creds = JSON.parse(import_fs3.default.readFileSync(credPath, "utf-8"));
       const profileName = process.env.NODE9_PROFILE || "default";
       const profile = creds[profileName];
       if (profile?.apiKey) {
@@ -2262,29 +2403,33 @@ async function resolveNode9SaaS(requestId, creds, approved) {
   } catch {
   }
 }
-var import_chalk2, import_prompts, import_fs2, import_path4, import_os2, import_net, import_crypto2, import_child_process2, import_picomatch, import_sh_syntax, PAUSED_FILE, TRUST_FILE, LOCAL_AUDIT_LOG, HOOK_DEBUG_LOG, SQL_DML_KEYWORDS, DANGEROUS_WORDS, DEFAULT_CONFIG, ADVISORY_SMART_RULES, cachedConfig, DAEMON_PORT, DAEMON_HOST, ACTIVITY_SOCKET_PATH;
+var import_chalk2, import_prompts, import_fs3, import_path5, import_os2, import_net, import_crypto2, import_child_process2, import_picomatch, import_safe_regex2, import_sh_syntax, PAUSED_FILE, TRUST_FILE, LOCAL_AUDIT_LOG, HOOK_DEBUG_LOG, MAX_REGEX_LENGTH, REGEX_CACHE_MAX, regexCache, SQL_DML_KEYWORDS, DANGEROUS_WORDS, DEFAULT_CONFIG, ADVISORY_SMART_RULES, cachedConfig, DAEMON_PORT, DAEMON_HOST, ACTIVITY_SOCKET_PATH;
 var init_core = __esm({
   "src/core.ts"() {
     "use strict";
     import_chalk2 = __toESM(require("chalk"));
     import_prompts = require("@inquirer/prompts");
-    import_fs2 = __toESM(require("fs"));
-    import_path4 = __toESM(require("path"));
+    import_fs3 = __toESM(require("fs"));
+    import_path5 = __toESM(require("path"));
     import_os2 = __toESM(require("os"));
     import_net = __toESM(require("net"));
     import_crypto2 = require("crypto");
     import_child_process2 = require("child_process");
     import_picomatch = __toESM(require("picomatch"));
+    import_safe_regex2 = __toESM(require("safe-regex2"));
     import_sh_syntax = require("sh-syntax");
     init_native();
     init_context_sniper();
     init_config_schema();
     init_shields();
     init_dlp();
-    PAUSED_FILE = import_path4.default.join(import_os2.default.homedir(), ".node9", "PAUSED");
-    TRUST_FILE = import_path4.default.join(import_os2.default.homedir(), ".node9", "trust.json");
-    LOCAL_AUDIT_LOG = import_path4.default.join(import_os2.default.homedir(), ".node9", "audit.log");
-    HOOK_DEBUG_LOG = import_path4.default.join(import_os2.default.homedir(), ".node9", "hook-debug.log");
+    PAUSED_FILE = import_path5.default.join(import_os2.default.homedir(), ".node9", "PAUSED");
+    TRUST_FILE = import_path5.default.join(import_os2.default.homedir(), ".node9", "trust.json");
+    LOCAL_AUDIT_LOG = import_path5.default.join(import_os2.default.homedir(), ".node9", "audit.log");
+    HOOK_DEBUG_LOG = import_path5.default.join(import_os2.default.homedir(), ".node9", "hook-debug.log");
+    MAX_REGEX_LENGTH = 100;
+    REGEX_CACHE_MAX = 500;
+    regexCache = /* @__PURE__ */ new Map();
     SQL_DML_KEYWORDS = /* @__PURE__ */ new Set(["select", "insert", "update", "delete", "merge", "upsert"]);
     DANGEROUS_WORDS = [
       "mkfs",
@@ -2404,7 +2549,7 @@ var init_core = __esm({
               {
                 field: "command",
                 op: "matches",
-                value: "git push.*(--force|--force-with-lease|-f\\b)",
+                value: "^\\s*git\\b.*\\bpush\\b.*(--force|--force-with-lease|-f\\b)",
                 flags: "i"
               }
             ],
@@ -2415,7 +2560,14 @@ var init_core = __esm({
           {
             name: "review-git-push",
             tool: "bash",
-            conditions: [{ field: "command", op: "matches", value: "^\\s*git\\s+push\\b", flags: "i" }],
+            conditions: [
+              {
+                field: "command",
+                op: "matches",
+                value: "^\\s*git\\b.*\\bpush\\b(?!.*(-f\\b|--force|--force-with-lease))",
+                flags: "i"
+              }
+            ],
             conditionMode: "all",
             verdict: "review",
             reason: "git push sends changes to a shared remote"
@@ -2427,7 +2579,7 @@ var init_core = __esm({
               {
                 field: "command",
                 op: "matches",
-                value: "git\\s+(reset\\s+--hard|clean\\s+-[fdxX]|rebase|tag\\s+-d|branch\\s+-[dD])",
+                value: "^\\s*git\\b.*(reset\\s+--hard|clean\\s+-[fdxX]|\\brebase\\b|tag\\s+-d|branch\\s+-[dD])",
                 flags: "i"
               }
             ],
@@ -2492,7 +2644,7 @@ var init_core = __esm({
     cachedConfig = null;
     DAEMON_PORT = 7391;
     DAEMON_HOST = "127.0.0.1";
-    ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path4.default.join(import_os2.default.tmpdir(), "node9-activity.sock");
+    ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path5.default.join(import_os2.default.tmpdir(), "node9-activity.sock");
   }
 });
 
@@ -3950,18 +4102,18 @@ var init_ui2 = __esm({
 
 // src/daemon/index.ts
 function atomicWriteSync2(filePath, data, options) {
-  const dir = import_path6.default.dirname(filePath);
-  if (!import_fs4.default.existsSync(dir)) import_fs4.default.mkdirSync(dir, { recursive: true });
+  const dir = import_path7.default.dirname(filePath);
+  if (!import_fs5.default.existsSync(dir)) import_fs5.default.mkdirSync(dir, { recursive: true });
   const tmpPath = `${filePath}.${(0, import_crypto3.randomUUID)()}.tmp`;
-  import_fs4.default.writeFileSync(tmpPath, data, options);
-  import_fs4.default.renameSync(tmpPath, filePath);
+  import_fs5.default.writeFileSync(tmpPath, data, options);
+  import_fs5.default.renameSync(tmpPath, filePath);
 }
 function writeTrustEntry(toolName, durationMs) {
   try {
     let trust = { entries: [] };
     try {
-      if (import_fs4.default.existsSync(TRUST_FILE2))
-        trust = JSON.parse(import_fs4.default.readFileSync(TRUST_FILE2, "utf-8"));
+      if (import_fs5.default.existsSync(TRUST_FILE2))
+        trust = JSON.parse(import_fs5.default.readFileSync(TRUST_FILE2, "utf-8"));
     } catch {
     }
     trust.entries = trust.entries.filter((e) => e.tool !== toolName && e.expiry > Date.now());
@@ -3988,16 +4140,16 @@ function appendAuditLog(data) {
       decision: data.decision,
       source: "daemon"
     };
-    const dir = import_path6.default.dirname(AUDIT_LOG_FILE);
-    if (!import_fs4.default.existsSync(dir)) import_fs4.default.mkdirSync(dir, { recursive: true });
-    import_fs4.default.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
+    const dir = import_path7.default.dirname(AUDIT_LOG_FILE);
+    if (!import_fs5.default.existsSync(dir)) import_fs5.default.mkdirSync(dir, { recursive: true });
+    import_fs5.default.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
   } catch {
   }
 }
 function getAuditHistory(limit = 20) {
   try {
-    if (!import_fs4.default.existsSync(AUDIT_LOG_FILE)) return [];
-    const lines = import_fs4.default.readFileSync(AUDIT_LOG_FILE, "utf-8").trim().split("\n");
+    if (!import_fs5.default.existsSync(AUDIT_LOG_FILE)) return [];
+    const lines = import_fs5.default.readFileSync(AUDIT_LOG_FILE, "utf-8").trim().split("\n");
     if (lines.length === 1 && lines[0] === "") return [];
     return lines.slice(-limit).map((l) => JSON.parse(l)).reverse();
   } catch {
@@ -4006,7 +4158,7 @@ function getAuditHistory(limit = 20) {
 }
 function getOrgName() {
   try {
-    if (import_fs4.default.existsSync(CREDENTIALS_FILE)) {
+    if (import_fs5.default.existsSync(CREDENTIALS_FILE)) {
       return "Node9 Cloud";
     }
   } catch {
@@ -4014,13 +4166,13 @@ function getOrgName() {
   return null;
 }
 function hasStoredSlackKey() {
-  return import_fs4.default.existsSync(CREDENTIALS_FILE);
+  return import_fs5.default.existsSync(CREDENTIALS_FILE);
 }
 function writeGlobalSetting(key, value) {
   let config = {};
   try {
-    if (import_fs4.default.existsSync(GLOBAL_CONFIG_FILE)) {
-      config = JSON.parse(import_fs4.default.readFileSync(GLOBAL_CONFIG_FILE, "utf-8"));
+    if (import_fs5.default.existsSync(GLOBAL_CONFIG_FILE)) {
+      config = JSON.parse(import_fs5.default.readFileSync(GLOBAL_CONFIG_FILE, "utf-8"));
     }
   } catch {
   }
@@ -4039,7 +4191,7 @@ function abandonPending() {
   });
   if (autoStarted) {
     try {
-      import_fs4.default.unlinkSync(DAEMON_PID_FILE);
+      import_fs5.default.unlinkSync(DAEMON_PID_FILE);
     } catch {
     }
     setTimeout(() => {
@@ -4089,8 +4241,8 @@ function readBody(req) {
 }
 function readPersistentDecisions() {
   try {
-    if (import_fs4.default.existsSync(DECISIONS_FILE)) {
-      return JSON.parse(import_fs4.default.readFileSync(DECISIONS_FILE, "utf-8"));
+    if (import_fs5.default.existsSync(DECISIONS_FILE)) {
+      return JSON.parse(import_fs5.default.readFileSync(DECISIONS_FILE, "utf-8"));
     }
   } catch {
   }
@@ -4119,7 +4271,7 @@ function startDaemon() {
     idleTimer = setTimeout(() => {
       if (autoStarted) {
         try {
-          import_fs4.default.unlinkSync(DAEMON_PID_FILE);
+          import_fs5.default.unlinkSync(DAEMON_PID_FILE);
         } catch {
         }
       }
@@ -4504,14 +4656,14 @@ data: ${JSON.stringify(item.data)}
   server.on("error", (e) => {
     if (e.code === "EADDRINUSE") {
       try {
-        if (import_fs4.default.existsSync(DAEMON_PID_FILE)) {
-          const { pid } = JSON.parse(import_fs4.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
+        if (import_fs5.default.existsSync(DAEMON_PID_FILE)) {
+          const { pid } = JSON.parse(import_fs5.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
           process.kill(pid, 0);
           return process.exit(0);
         }
       } catch {
         try {
-          import_fs4.default.unlinkSync(DAEMON_PID_FILE);
+          import_fs5.default.unlinkSync(DAEMON_PID_FILE);
         } catch {
         }
         server.listen(DAEMON_PORT2, DAEMON_HOST2);
@@ -4562,7 +4714,7 @@ data: ${JSON.stringify(item.data)}
     console.log(import_chalk4.default.cyan("\u{1F6F0}\uFE0F  Flight Recorder active \u2014 daemon will not idle-timeout"));
   }
   try {
-    import_fs4.default.unlinkSync(ACTIVITY_SOCKET_PATH2);
+    import_fs5.default.unlinkSync(ACTIVITY_SOCKET_PATH2);
   } catch {
   }
   const ACTIVITY_MAX_BYTES = 1024 * 1024;
@@ -4604,30 +4756,30 @@ data: ${JSON.stringify(item.data)}
   unixServer.listen(ACTIVITY_SOCKET_PATH2);
   process.on("exit", () => {
     try {
-      import_fs4.default.unlinkSync(ACTIVITY_SOCKET_PATH2);
+      import_fs5.default.unlinkSync(ACTIVITY_SOCKET_PATH2);
     } catch {
     }
   });
 }
 function stopDaemon() {
-  if (!import_fs4.default.existsSync(DAEMON_PID_FILE)) return console.log(import_chalk4.default.yellow("Not running."));
+  if (!import_fs5.default.existsSync(DAEMON_PID_FILE)) return console.log(import_chalk4.default.yellow("Not running."));
   try {
-    const { pid } = JSON.parse(import_fs4.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
+    const { pid } = JSON.parse(import_fs5.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
     process.kill(pid, "SIGTERM");
     console.log(import_chalk4.default.green("\u2705 Stopped."));
   } catch {
     console.log(import_chalk4.default.gray("Cleaned up stale PID file."));
   } finally {
     try {
-      import_fs4.default.unlinkSync(DAEMON_PID_FILE);
+      import_fs5.default.unlinkSync(DAEMON_PID_FILE);
     } catch {
     }
   }
 }
 function daemonStatus() {
-  if (import_fs4.default.existsSync(DAEMON_PID_FILE)) {
+  if (import_fs5.default.existsSync(DAEMON_PID_FILE)) {
     try {
-      const { pid } = JSON.parse(import_fs4.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
+      const { pid } = JSON.parse(import_fs5.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
       process.kill(pid, 0);
       console.log(import_chalk4.default.green("Node9 daemon: running"));
       return;
@@ -4646,31 +4798,31 @@ function daemonStatus() {
     console.log(import_chalk4.default.yellow("Node9 daemon: not running"));
   }
 }
-var import_http, import_net2, import_fs4, import_path6, import_os4, import_child_process3, import_crypto3, import_chalk4, ACTIVITY_SOCKET_PATH2, DAEMON_PORT2, DAEMON_HOST2, homeDir, DAEMON_PID_FILE, DECISIONS_FILE, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, TRUST_DURATIONS, SECRET_KEY_RE, AUTO_DENY_MS, autoStarted, pending, sseClients, abandonTimer, daemonServer, hadBrowserClient, ACTIVITY_RING_SIZE, activityRing;
+var import_http, import_net2, import_fs5, import_path7, import_os4, import_child_process3, import_crypto3, import_chalk4, ACTIVITY_SOCKET_PATH2, DAEMON_PORT2, DAEMON_HOST2, homeDir, DAEMON_PID_FILE, DECISIONS_FILE, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, TRUST_DURATIONS, SECRET_KEY_RE, AUTO_DENY_MS, autoStarted, pending, sseClients, abandonTimer, daemonServer, hadBrowserClient, ACTIVITY_RING_SIZE, activityRing;
 var init_daemon = __esm({
   "src/daemon/index.ts"() {
     "use strict";
     init_ui2();
     import_http = __toESM(require("http"));
     import_net2 = __toESM(require("net"));
-    import_fs4 = __toESM(require("fs"));
-    import_path6 = __toESM(require("path"));
+    import_fs5 = __toESM(require("fs"));
+    import_path7 = __toESM(require("path"));
     import_os4 = __toESM(require("os"));
     import_child_process3 = require("child_process");
     import_crypto3 = require("crypto");
     import_chalk4 = __toESM(require("chalk"));
     init_core();
     init_shields();
-    ACTIVITY_SOCKET_PATH2 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path6.default.join(import_os4.default.tmpdir(), "node9-activity.sock");
+    ACTIVITY_SOCKET_PATH2 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path7.default.join(import_os4.default.tmpdir(), "node9-activity.sock");
     DAEMON_PORT2 = 7391;
     DAEMON_HOST2 = "127.0.0.1";
     homeDir = import_os4.default.homedir();
-    DAEMON_PID_FILE = import_path6.default.join(homeDir, ".node9", "daemon.pid");
-    DECISIONS_FILE = import_path6.default.join(homeDir, ".node9", "decisions.json");
-    GLOBAL_CONFIG_FILE = import_path6.default.join(homeDir, ".node9", "config.json");
-    CREDENTIALS_FILE = import_path6.default.join(homeDir, ".node9", "credentials.json");
-    AUDIT_LOG_FILE = import_path6.default.join(homeDir, ".node9", "audit.log");
-    TRUST_FILE2 = import_path6.default.join(homeDir, ".node9", "trust.json");
+    DAEMON_PID_FILE = import_path7.default.join(homeDir, ".node9", "daemon.pid");
+    DECISIONS_FILE = import_path7.default.join(homeDir, ".node9", "decisions.json");
+    GLOBAL_CONFIG_FILE = import_path7.default.join(homeDir, ".node9", "config.json");
+    CREDENTIALS_FILE = import_path7.default.join(homeDir, ".node9", "credentials.json");
+    AUDIT_LOG_FILE = import_path7.default.join(homeDir, ".node9", "audit.log");
+    TRUST_FILE2 = import_path7.default.join(homeDir, ".node9", "trust.json");
     TRUST_DURATIONS = {
       "30m": 30 * 6e4,
       "1h": 60 * 6e4,
@@ -4731,9 +4883,9 @@ function renderPending(activity) {
 }
 async function ensureDaemon() {
   let pidPort = null;
-  if (import_fs6.default.existsSync(PID_FILE)) {
+  if (import_fs7.default.existsSync(PID_FILE)) {
     try {
-      const { port } = JSON.parse(import_fs6.default.readFileSync(PID_FILE, "utf-8"));
+      const { port } = JSON.parse(import_fs7.default.readFileSync(PID_FILE, "utf-8"));
       pidPort = port;
     } catch {
       console.error(import_chalk5.default.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
@@ -4888,19 +5040,19 @@ async function startTail(options = {}) {
     process.exit(1);
   });
 }
-var import_http2, import_chalk5, import_fs6, import_os6, import_path8, import_readline, import_child_process5, PID_FILE, ICONS;
+var import_http2, import_chalk5, import_fs7, import_os6, import_path9, import_readline, import_child_process5, PID_FILE, ICONS;
 var init_tail = __esm({
   "src/tui/tail.ts"() {
     "use strict";
     import_http2 = __toESM(require("http"));
     import_chalk5 = __toESM(require("chalk"));
-    import_fs6 = __toESM(require("fs"));
+    import_fs7 = __toESM(require("fs"));
     import_os6 = __toESM(require("os"));
-    import_path8 = __toESM(require("path"));
+    import_path9 = __toESM(require("path"));
     import_readline = __toESM(require("readline"));
     import_child_process5 = require("child_process");
     init_daemon();
-    PID_FILE = import_path8.default.join(import_os6.default.homedir(), ".node9", "daemon.pid");
+    PID_FILE = import_path9.default.join(import_os6.default.homedir(), ".node9", "daemon.pid");
     ICONS = {
       bash: "\u{1F4BB}",
       shell: "\u{1F4BB}",
@@ -4926,8 +5078,8 @@ var import_commander = require("commander");
 init_core();
 
 // src/setup.ts
-var import_fs3 = __toESM(require("fs"));
-var import_path5 = __toESM(require("path"));
+var import_fs4 = __toESM(require("fs"));
+var import_path6 = __toESM(require("path"));
 var import_os3 = __toESM(require("os"));
 var import_chalk3 = __toESM(require("chalk"));
 var import_prompts2 = require("@inquirer/prompts");
@@ -4945,17 +5097,17 @@ function fullPathCommand(subcommand) {
 }
 function readJson(filePath) {
   try {
-    if (import_fs3.default.existsSync(filePath)) {
-      return JSON.parse(import_fs3.default.readFileSync(filePath, "utf-8"));
+    if (import_fs4.default.existsSync(filePath)) {
+      return JSON.parse(import_fs4.default.readFileSync(filePath, "utf-8"));
     }
   } catch {
   }
   return null;
 }
 function writeJson(filePath, data) {
-  const dir = import_path5.default.dirname(filePath);
-  if (!import_fs3.default.existsSync(dir)) import_fs3.default.mkdirSync(dir, { recursive: true });
-  import_fs3.default.writeFileSync(filePath, JSON.stringify(data, null, 2) + "\n");
+  const dir = import_path6.default.dirname(filePath);
+  if (!import_fs4.default.existsSync(dir)) import_fs4.default.mkdirSync(dir, { recursive: true });
+  import_fs4.default.writeFileSync(filePath, JSON.stringify(data, null, 2) + "\n");
 }
 function isNode9Hook(cmd) {
   if (!cmd) return false;
@@ -4963,8 +5115,8 @@ function isNode9Hook(cmd) {
 }
 function teardownClaude() {
   const homeDir2 = import_os3.default.homedir();
-  const hooksPath = import_path5.default.join(homeDir2, ".claude", "settings.json");
-  const mcpPath = import_path5.default.join(homeDir2, ".claude.json");
+  const hooksPath = import_path6.default.join(homeDir2, ".claude", "settings.json");
+  const mcpPath = import_path6.default.join(homeDir2, ".claude.json");
   let changed = false;
   const settings = readJson(hooksPath);
   if (settings?.hooks) {
@@ -5013,7 +5165,7 @@ function teardownClaude() {
 }
 function teardownGemini() {
   const homeDir2 = import_os3.default.homedir();
-  const settingsPath = import_path5.default.join(homeDir2, ".gemini", "settings.json");
+  const settingsPath = import_path6.default.join(homeDir2, ".gemini", "settings.json");
   const settings = readJson(settingsPath);
   if (!settings) {
     console.log(import_chalk3.default.blue("  \u2139\uFE0F  ~/.gemini/settings.json not found \u2014 nothing to remove"));
@@ -5052,7 +5204,7 @@ function teardownGemini() {
 }
 function teardownCursor() {
   const homeDir2 = import_os3.default.homedir();
-  const mcpPath = import_path5.default.join(homeDir2, ".cursor", "mcp.json");
+  const mcpPath = import_path6.default.join(homeDir2, ".cursor", "mcp.json");
   const mcpConfig = readJson(mcpPath);
   if (!mcpConfig?.mcpServers) {
     console.log(import_chalk3.default.blue("  \u2139\uFE0F  ~/.cursor/mcp.json not found \u2014 nothing to remove"));
@@ -5079,8 +5231,8 @@ function teardownCursor() {
 }
 async function setupClaude() {
   const homeDir2 = import_os3.default.homedir();
-  const mcpPath = import_path5.default.join(homeDir2, ".claude.json");
-  const hooksPath = import_path5.default.join(homeDir2, ".claude", "settings.json");
+  const mcpPath = import_path6.default.join(homeDir2, ".claude.json");
+  const hooksPath = import_path6.default.join(homeDir2, ".claude", "settings.json");
   const claudeConfig = readJson(mcpPath) ?? {};
   const settings = readJson(hooksPath) ?? {};
   const servers = claudeConfig.mcpServers ?? {};
@@ -5155,7 +5307,7 @@ async function setupClaude() {
 }
 async function setupGemini() {
   const homeDir2 = import_os3.default.homedir();
-  const settingsPath = import_path5.default.join(homeDir2, ".gemini", "settings.json");
+  const settingsPath = import_path6.default.join(homeDir2, ".gemini", "settings.json");
   const settings = readJson(settingsPath) ?? {};
   const servers = settings.mcpServers ?? {};
   let anythingChanged = false;
@@ -5238,7 +5390,7 @@ async function setupGemini() {
 }
 async function setupCursor() {
   const homeDir2 = import_os3.default.homedir();
-  const mcpPath = import_path5.default.join(homeDir2, ".cursor", "mcp.json");
+  const mcpPath = import_path6.default.join(homeDir2, ".cursor", "mcp.json");
   const mcpConfig = readJson(mcpPath) ?? {};
   const servers = mcpConfig.mcpServers ?? {};
   let anythingChanged = false;
@@ -5299,30 +5451,32 @@ var import_execa = require("execa");
 var import_execa2 = require("execa");
 var import_chalk6 = __toESM(require("chalk"));
 var import_readline2 = __toESM(require("readline"));
-var import_fs7 = __toESM(require("fs"));
-var import_path9 = __toESM(require("path"));
+var import_fs8 = __toESM(require("fs"));
+var import_path10 = __toESM(require("path"));
 var import_os7 = __toESM(require("os"));
 
 // src/undo.ts
 var import_child_process4 = require("child_process");
-var import_fs5 = __toESM(require("fs"));
-var import_path7 = __toESM(require("path"));
+var import_crypto4 = __toESM(require("crypto"));
+var import_fs6 = __toESM(require("fs"));
+var import_path8 = __toESM(require("path"));
 var import_os5 = __toESM(require("os"));
-var SNAPSHOT_STACK_PATH = import_path7.default.join(import_os5.default.homedir(), ".node9", "snapshots.json");
-var UNDO_LATEST_PATH = import_path7.default.join(import_os5.default.homedir(), ".node9", "undo_latest.txt");
+var SNAPSHOT_STACK_PATH = import_path8.default.join(import_os5.default.homedir(), ".node9", "snapshots.json");
+var UNDO_LATEST_PATH = import_path8.default.join(import_os5.default.homedir(), ".node9", "undo_latest.txt");
 var MAX_SNAPSHOTS = 10;
+var GIT_TIMEOUT = 15e3;
 function readStack() {
   try {
-    if (import_fs5.default.existsSync(SNAPSHOT_STACK_PATH))
-      return JSON.parse(import_fs5.default.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
+    if (import_fs6.default.existsSync(SNAPSHOT_STACK_PATH))
+      return JSON.parse(import_fs6.default.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
   } catch {
   }
   return [];
 }
 function writeStack(stack) {
-  const dir = import_path7.default.dirname(SNAPSHOT_STACK_PATH);
-  if (!import_fs5.default.existsSync(dir)) import_fs5.default.mkdirSync(dir, { recursive: true });
-  import_fs5.default.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
+  const dir = import_path8.default.dirname(SNAPSHOT_STACK_PATH);
+  if (!import_fs6.default.existsSync(dir)) import_fs6.default.mkdirSync(dir, { recursive: true });
+  import_fs6.default.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
 }
 function buildArgsSummary(tool, args) {
   if (!args || typeof args !== "object") return "";
@@ -5335,54 +5489,177 @@ function buildArgsSummary(tool, args) {
   if (typeof sql === "string") return sql.slice(0, 80);
   return tool;
 }
-async function createShadowSnapshot(tool = "unknown", args = {}) {
+function normalizeCwdForHash(cwd) {
+  let normalized;
+  try {
+    normalized = import_fs6.default.realpathSync(cwd);
+  } catch {
+    normalized = cwd;
+  }
+  normalized = normalized.replace(/\\/g, "/");
+  if (process.platform === "win32") normalized = normalized.toLowerCase();
+  return normalized;
+}
+function getShadowRepoDir(cwd) {
+  const hash = import_crypto4.default.createHash("sha256").update(normalizeCwdForHash(cwd)).digest("hex").slice(0, 16);
+  return import_path8.default.join(import_os5.default.homedir(), ".node9", "snapshots", hash);
+}
+function cleanOrphanedIndexFiles(shadowDir) {
+  try {
+    const cutoff = Date.now() - 6e4;
+    for (const f of import_fs6.default.readdirSync(shadowDir)) {
+      if (f.startsWith("index_")) {
+        const fp = import_path8.default.join(shadowDir, f);
+        try {
+          if (import_fs6.default.statSync(fp).mtimeMs < cutoff) import_fs6.default.unlinkSync(fp);
+        } catch {
+        }
+      }
+    }
+  } catch {
+  }
+}
+function writeShadowExcludes(shadowDir, ignorePaths) {
+  const hardcoded = [".git", ".node9"];
+  const lines = [...hardcoded, ...ignorePaths].join("\n");
+  try {
+    import_fs6.default.writeFileSync(import_path8.default.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
+  } catch {
+  }
+}
+function ensureShadowRepo(shadowDir, cwd) {
+  cleanOrphanedIndexFiles(shadowDir);
+  const normalizedCwd = normalizeCwdForHash(cwd);
+  const shadowEnvBase = { ...process.env, GIT_DIR: shadowDir, GIT_WORK_TREE: cwd };
+  const check = (0, import_child_process4.spawnSync)("git", ["rev-parse", "--git-dir"], {
+    env: shadowEnvBase,
+    timeout: 3e3
+  });
+  if (check.status === 0) {
+    const ptPath = import_path8.default.join(shadowDir, "project-path.txt");
+    try {
+      const stored = import_fs6.default.readFileSync(ptPath, "utf8").trim();
+      if (stored === normalizedCwd) return true;
+      if (process.env.NODE9_DEBUG === "1")
+        console.error(
+          `[Node9] Shadow repo path mismatch: stored="${stored}" expected="${normalizedCwd}" \u2014 reinitializing`
+        );
+      import_fs6.default.rmSync(shadowDir, { recursive: true, force: true });
+    } catch {
+      try {
+        import_fs6.default.writeFileSync(ptPath, normalizedCwd, "utf8");
+      } catch {
+      }
+      return true;
+    }
+  }
+  try {
+    import_fs6.default.mkdirSync(shadowDir, { recursive: true });
+  } catch {
+  }
+  const init = (0, import_child_process4.spawnSync)("git", ["init", "--bare", shadowDir], { timeout: 5e3 });
+  if (init.status !== 0) {
+    if (process.env.NODE9_DEBUG === "1")
+      console.error("[Node9] git init --bare failed:", init.stderr?.toString());
+    return false;
+  }
+  const configFile = import_path8.default.join(shadowDir, "config");
+  (0, import_child_process4.spawnSync)("git", ["config", "--file", configFile, "core.untrackedCache", "true"], {
+    timeout: 3e3
+  });
+  (0, import_child_process4.spawnSync)("git", ["config", "--file", configFile, "core.fsmonitor", "true"], {
+    timeout: 3e3
+  });
+  try {
+    import_fs6.default.writeFileSync(import_path8.default.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
+  } catch {
+  }
+  return true;
+}
+function buildGitEnv(cwd) {
+  const shadowDir = getShadowRepoDir(cwd);
+  const check = (0, import_child_process4.spawnSync)("git", ["rev-parse", "--git-dir"], {
+    env: { ...process.env, GIT_DIR: shadowDir, GIT_WORK_TREE: cwd },
+    timeout: 2e3
+  });
+  if (check.status === 0) {
+    return { ...process.env, GIT_DIR: shadowDir, GIT_WORK_TREE: cwd };
+  }
+  return { ...process.env };
+}
+async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = []) {
+  let indexFile = null;
   try {
     const cwd = process.cwd();
-    if (!import_fs5.default.existsSync(import_path7.default.join(cwd, ".git"))) return null;
-    const tempIndex = import_path7.default.join(cwd, ".git", `node9_index_${Date.now()}`);
-    const env = { ...process.env, GIT_INDEX_FILE: tempIndex };
-    (0, import_child_process4.spawnSync)("git", ["add", "-A"], { env });
-    const treeRes = (0, import_child_process4.spawnSync)("git", ["write-tree"], { env });
-    const treeHash = treeRes.stdout.toString().trim();
-    if (import_fs5.default.existsSync(tempIndex)) import_fs5.default.unlinkSync(tempIndex);
+    const shadowDir = getShadowRepoDir(cwd);
+    if (!ensureShadowRepo(shadowDir, cwd)) return null;
+    writeShadowExcludes(shadowDir, ignorePaths);
+    indexFile = import_path8.default.join(shadowDir, `index_${process.pid}_${Date.now()}`);
+    const shadowEnv = {
+      ...process.env,
+      GIT_DIR: shadowDir,
+      GIT_WORK_TREE: cwd,
+      GIT_INDEX_FILE: indexFile
+    };
+    (0, import_child_process4.spawnSync)("git", ["add", "-A"], { env: shadowEnv, timeout: GIT_TIMEOUT });
+    const treeRes = (0, import_child_process4.spawnSync)("git", ["write-tree"], { env: shadowEnv, timeout: GIT_TIMEOUT });
+    const treeHash = treeRes.stdout?.toString().trim();
     if (!treeHash || treeRes.status !== 0) return null;
-    const commitRes = (0, import_child_process4.spawnSync)("git", [
-      "commit-tree",
-      treeHash,
-      "-m",
-      `Node9 AI Snapshot: ${(/* @__PURE__ */ new Date()).toISOString()}`
-    ]);
-    const commitHash = commitRes.stdout.toString().trim();
+    const commitRes = (0, import_child_process4.spawnSync)(
+      "git",
+      ["commit-tree", treeHash, "-m", `Node9 AI Snapshot: ${(/* @__PURE__ */ new Date()).toISOString()}`],
+      { env: shadowEnv, timeout: GIT_TIMEOUT }
+    );
+    const commitHash = commitRes.stdout?.toString().trim();
     if (!commitHash || commitRes.status !== 0) return null;
     const stack = readStack();
-    const entry = {
+    stack.push({
       hash: commitHash,
       tool,
       argsSummary: buildArgsSummary(tool, args),
       cwd,
       timestamp: Date.now()
-    };
-    stack.push(entry);
+    });
+    const shouldGc = stack.length % 5 === 0;
     if (stack.length > MAX_SNAPSHOTS) stack.splice(0, stack.length - MAX_SNAPSHOTS);
     writeStack(stack);
-    import_fs5.default.writeFileSync(UNDO_LATEST_PATH, commitHash);
+    import_fs6.default.writeFileSync(UNDO_LATEST_PATH, commitHash);
+    if (shouldGc) {
+      (0, import_child_process4.spawn)("git", ["gc", "--auto"], { env: shadowEnv, detached: true, stdio: "ignore" }).unref();
+    }
     return commitHash;
   } catch (err) {
     if (process.env.NODE9_DEBUG === "1") console.error("[Node9 Undo Engine Error]:", err);
+    return null;
+  } finally {
+    if (indexFile) {
+      try {
+        import_fs6.default.unlinkSync(indexFile);
+      } catch {
+      }
+    }
   }
-  return null;
 }
 function getSnapshotHistory() {
   return readStack();
 }
 function computeUndoDiff(hash, cwd) {
   try {
-    const result = (0, import_child_process4.spawnSync)("git", ["diff", hash, "--stat", "--", "."], { cwd });
-    const stat = result.stdout.toString().trim();
-    if (!stat) return null;
-    const diff = (0, import_child_process4.spawnSync)("git", ["diff", hash, "--", "."], { cwd });
-    const raw = diff.stdout.toString();
-    if (!raw) return null;
+    const env = buildGitEnv(cwd);
+    const statRes = (0, import_child_process4.spawnSync)("git", ["diff", hash, "--stat", "--", "."], {
+      cwd,
+      env,
+      timeout: GIT_TIMEOUT
+    });
+    const stat = statRes.stdout?.toString().trim();
+    if (!stat || statRes.status !== 0) return null;
+    const diffRes = (0, import_child_process4.spawnSync)("git", ["diff", hash, "--", "."], {
+      cwd,
+      env,
+      timeout: GIT_TIMEOUT
+    });
+    const raw = diffRes.stdout?.toString();
+    if (!raw || diffRes.status !== 0) return null;
     const lines = raw.split("\n").filter(
       (l) => !l.startsWith("diff --git") && !l.startsWith("index ") && !l.startsWith("Binary")
     );
@@ -5394,18 +5671,31 @@ function computeUndoDiff(hash, cwd) {
 function applyUndo(hash, cwd) {
   try {
     const dir = cwd ?? process.cwd();
+    const env = buildGitEnv(dir);
     const restore = (0, import_child_process4.spawnSync)("git", ["restore", "--source", hash, "--staged", "--worktree", "."], {
-      cwd: dir
+      cwd: dir,
+      env,
+      timeout: GIT_TIMEOUT
     });
     if (restore.status !== 0) return false;
-    const lsTree = (0, import_child_process4.spawnSync)("git", ["ls-tree", "-r", "--name-only", hash], { cwd: dir });
-    const snapshotFiles = new Set(lsTree.stdout.toString().trim().split("\n").filter(Boolean));
-    const tracked = (0, import_child_process4.spawnSync)("git", ["ls-files"], { cwd: dir }).stdout.toString().trim().split("\n").filter(Boolean);
-    const untracked = (0, import_child_process4.spawnSync)("git", ["ls-files", "--others", "--exclude-standard"], { cwd: dir }).stdout.toString().trim().split("\n").filter(Boolean);
+    const lsTree = (0, import_child_process4.spawnSync)("git", ["ls-tree", "-r", "--name-only", hash], {
+      cwd: dir,
+      env,
+      timeout: GIT_TIMEOUT
+    });
+    const snapshotFiles = new Set(
+      lsTree.stdout?.toString().trim().split("\n").filter(Boolean) ?? []
+    );
+    const tracked = (0, import_child_process4.spawnSync)("git", ["ls-files"], { cwd: dir, env, timeout: GIT_TIMEOUT }).stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
+    const untracked = (0, import_child_process4.spawnSync)("git", ["ls-files", "--others", "--exclude-standard"], {
+      cwd: dir,
+      env,
+      timeout: GIT_TIMEOUT
+    }).stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
     for (const file of [...tracked, ...untracked]) {
-      const fullPath = import_path7.default.join(dir, file);
-      if (!snapshotFiles.has(file) && import_fs5.default.existsSync(fullPath)) {
-        import_fs5.default.unlinkSync(fullPath);
+      const fullPath = import_path8.default.join(dir, file);
+      if (!snapshotFiles.has(file) && import_fs6.default.existsSync(fullPath)) {
+        import_fs6.default.unlinkSync(fullPath);
       }
     }
     return true;
@@ -5418,7 +5708,7 @@ function applyUndo(hash, cwd) {
 init_shields();
 var import_prompts3 = require("@inquirer/prompts");
 var { version } = JSON.parse(
-  import_fs7.default.readFileSync(import_path9.default.join(__dirname, "../package.json"), "utf-8")
+  import_fs8.default.readFileSync(import_path10.default.join(__dirname, "../package.json"), "utf-8")
 );
 function parseDuration(str) {
   const m = str.trim().match(/^(\d+(?:\.\d+)?)\s*(s|m|h|d)?$/i);
@@ -5620,14 +5910,14 @@ async function runProxy(targetCommand) {
 }
 program.command("login").argument("<apiKey>").option("--local", "Save key for audit/logging only \u2014 local config still controls all decisions").option("--profile <name>", 'Save as a named profile (default: "default")').action((apiKey, options) => {
   const DEFAULT_API_URL = "https://api.node9.ai/api/v1/intercept";
-  const credPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "credentials.json");
-  if (!import_fs7.default.existsSync(import_path9.default.dirname(credPath)))
-    import_fs7.default.mkdirSync(import_path9.default.dirname(credPath), { recursive: true });
+  const credPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "credentials.json");
+  if (!import_fs8.default.existsSync(import_path10.default.dirname(credPath)))
+    import_fs8.default.mkdirSync(import_path10.default.dirname(credPath), { recursive: true });
   const profileName = options.profile || "default";
   let existingCreds = {};
   try {
-    if (import_fs7.default.existsSync(credPath)) {
-      const raw = JSON.parse(import_fs7.default.readFileSync(credPath, "utf-8"));
+    if (import_fs8.default.existsSync(credPath)) {
+      const raw = JSON.parse(import_fs8.default.readFileSync(credPath, "utf-8"));
       if (raw.apiKey) {
         existingCreds = {
           default: { apiKey: raw.apiKey, apiUrl: raw.apiUrl || DEFAULT_API_URL }
@@ -5639,13 +5929,13 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
   } catch {
   }
   existingCreds[profileName] = { apiKey, apiUrl: DEFAULT_API_URL };
-  import_fs7.default.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
+  import_fs8.default.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
   if (profileName === "default") {
-    const configPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "config.json");
+    const configPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "config.json");
     let config = {};
     try {
-      if (import_fs7.default.existsSync(configPath))
-        config = JSON.parse(import_fs7.default.readFileSync(configPath, "utf-8"));
+      if (import_fs8.default.existsSync(configPath))
+        config = JSON.parse(import_fs8.default.readFileSync(configPath, "utf-8"));
     } catch {
     }
     if (!config.settings || typeof config.settings !== "object") config.settings = {};
@@ -5660,9 +5950,9 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
       approvers.cloud = false;
     }
     s.approvers = approvers;
-    if (!import_fs7.default.existsSync(import_path9.default.dirname(configPath)))
-      import_fs7.default.mkdirSync(import_path9.default.dirname(configPath), { recursive: true });
-    import_fs7.default.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
+    if (!import_fs8.default.existsSync(import_path10.default.dirname(configPath)))
+      import_fs8.default.mkdirSync(import_path10.default.dirname(configPath), { recursive: true });
+    import_fs8.default.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
   }
   if (options.profile && profileName !== "default") {
     console.log(import_chalk6.default.green(`\u2705 Profile "${profileName}" saved`));
@@ -5748,15 +6038,15 @@ program.command("uninstall").description("Remove all Node9 hooks and optionally
     }
   }
   if (options.purge) {
-    const node9Dir = import_path9.default.join(import_os7.default.homedir(), ".node9");
-    if (import_fs7.default.existsSync(node9Dir)) {
+    const node9Dir = import_path10.default.join(import_os7.default.homedir(), ".node9");
+    if (import_fs8.default.existsSync(node9Dir)) {
       const confirmed = await (0, import_prompts3.confirm)({
         message: `Permanently delete ${node9Dir} (config, audit log, credentials)?`,
         default: false
       });
       if (confirmed) {
-        import_fs7.default.rmSync(node9Dir, { recursive: true });
-        if (import_fs7.default.existsSync(node9Dir)) {
+        import_fs8.default.rmSync(node9Dir, { recursive: true });
+        if (import_fs8.default.existsSync(node9Dir)) {
           console.error(
             import_chalk6.default.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
           );
@@ -5828,10 +6118,10 @@ program.command("doctor").description("Check that Node9 is installed and configu
     );
   }
   section("Configuration");
-  const globalConfigPath = import_path9.default.join(homeDir2, ".node9", "config.json");
-  if (import_fs7.default.existsSync(globalConfigPath)) {
+  const globalConfigPath = import_path10.default.join(homeDir2, ".node9", "config.json");
+  if (import_fs8.default.existsSync(globalConfigPath)) {
     try {
-      JSON.parse(import_fs7.default.readFileSync(globalConfigPath, "utf-8"));
+      JSON.parse(import_fs8.default.readFileSync(globalConfigPath, "utf-8"));
       pass("~/.node9/config.json found and valid");
     } catch {
       fail("~/.node9/config.json is invalid JSON", "Run: node9 init --force");
@@ -5839,17 +6129,17 @@ program.command("doctor").description("Check that Node9 is installed and configu
   } else {
     warn("~/.node9/config.json not found (using defaults)", "Run: node9 init");
   }
-  const projectConfigPath = import_path9.default.join(process.cwd(), "node9.config.json");
-  if (import_fs7.default.existsSync(projectConfigPath)) {
+  const projectConfigPath = import_path10.default.join(process.cwd(), "node9.config.json");
+  if (import_fs8.default.existsSync(projectConfigPath)) {
     try {
-      JSON.parse(import_fs7.default.readFileSync(projectConfigPath, "utf-8"));
+      JSON.parse(import_fs8.default.readFileSync(projectConfigPath, "utf-8"));
       pass("node9.config.json found and valid (project)");
     } catch {
       fail("node9.config.json is invalid JSON", "Fix the JSON or delete it and run: node9 init");
     }
   }
-  const credsPath = import_path9.default.join(homeDir2, ".node9", "credentials.json");
-  if (import_fs7.default.existsSync(credsPath)) {
+  const credsPath = import_path10.default.join(homeDir2, ".node9", "credentials.json");
+  if (import_fs8.default.existsSync(credsPath)) {
     pass("Cloud credentials found (~/.node9/credentials.json)");
   } else {
     warn(
@@ -5858,10 +6148,10 @@ program.command("doctor").description("Check that Node9 is installed and configu
     );
   }
   section("Agent Hooks");
-  const claudeSettingsPath = import_path9.default.join(homeDir2, ".claude", "settings.json");
-  if (import_fs7.default.existsSync(claudeSettingsPath)) {
+  const claudeSettingsPath = import_path10.default.join(homeDir2, ".claude", "settings.json");
+  if (import_fs8.default.existsSync(claudeSettingsPath)) {
     try {
-      const cs = JSON.parse(import_fs7.default.readFileSync(claudeSettingsPath, "utf-8"));
+      const cs = JSON.parse(import_fs8.default.readFileSync(claudeSettingsPath, "utf-8"));
       const hasHook = cs.hooks?.PreToolUse?.some(
         (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
       );
@@ -5874,10 +6164,10 @@ program.command("doctor").description("Check that Node9 is installed and configu
   } else {
     warn("Claude Code \u2014 not configured", "Run: node9 setup claude");
   }
-  const geminiSettingsPath = import_path9.default.join(homeDir2, ".gemini", "settings.json");
-  if (import_fs7.default.existsSync(geminiSettingsPath)) {
+  const geminiSettingsPath = import_path10.default.join(homeDir2, ".gemini", "settings.json");
+  if (import_fs8.default.existsSync(geminiSettingsPath)) {
     try {
-      const gs = JSON.parse(import_fs7.default.readFileSync(geminiSettingsPath, "utf-8"));
+      const gs = JSON.parse(import_fs8.default.readFileSync(geminiSettingsPath, "utf-8"));
       const hasHook = gs.hooks?.BeforeTool?.some(
         (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
       );
@@ -5890,10 +6180,10 @@ program.command("doctor").description("Check that Node9 is installed and configu
   } else {
     warn("Gemini CLI  \u2014 not configured", "Run: node9 setup gemini  (skip if not using Gemini)");
   }
-  const cursorHooksPath = import_path9.default.join(homeDir2, ".cursor", "hooks.json");
-  if (import_fs7.default.existsSync(cursorHooksPath)) {
+  const cursorHooksPath = import_path10.default.join(homeDir2, ".cursor", "hooks.json");
+  if (import_fs8.default.existsSync(cursorHooksPath)) {
     try {
-      const cur = JSON.parse(import_fs7.default.readFileSync(cursorHooksPath, "utf-8"));
+      const cur = JSON.parse(import_fs8.default.readFileSync(cursorHooksPath, "utf-8"));
       const hasHook = cur.hooks?.preToolUse?.some(
         (h) => h.command?.includes("node9") || h.command?.includes("cli.js")
       );
@@ -5995,8 +6285,8 @@ program.command("explain").description(
   console.log("");
 });
 program.command("init").description("Create ~/.node9/config.json with default policy (safe to run multiple times)").option("--force", "Overwrite existing config").option("-m, --mode <mode>", "Set initial security mode (standard, strict, audit)", "standard").action((options) => {
-  const configPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "config.json");
-  if (import_fs7.default.existsSync(configPath) && !options.force) {
+  const configPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "config.json");
+  if (import_fs8.default.existsSync(configPath) && !options.force) {
     console.log(import_chalk6.default.yellow(`\u2139\uFE0F  Global config already exists: ${configPath}`));
     console.log(import_chalk6.default.gray(`   Run with --force to overwrite.`));
     return;
@@ -6010,9 +6300,9 @@ program.command("init").description("Create ~/.node9/config.json with default po
       mode: safeMode
     }
   };
-  const dir = import_path9.default.dirname(configPath);
-  if (!import_fs7.default.existsSync(dir)) import_fs7.default.mkdirSync(dir, { recursive: true });
-  import_fs7.default.writeFileSync(configPath, JSON.stringify(configToSave, null, 2));
+  const dir = import_path10.default.dirname(configPath);
+  if (!import_fs8.default.existsSync(dir)) import_fs8.default.mkdirSync(dir, { recursive: true });
+  import_fs8.default.writeFileSync(configPath, JSON.stringify(configToSave, null, 2));
   console.log(import_chalk6.default.green(`\u2705 Global config created: ${configPath}`));
   console.log(import_chalk6.default.cyan(`   Mode set to: ${safeMode}`));
   console.log(
@@ -6030,14 +6320,14 @@ function formatRelativeTime(timestamp) {
   return new Date(timestamp).toLocaleDateString();
 }
 program.command("audit").description("View local execution audit log").option("--tail <n>", "Number of entries to show", "20").option("--tool <pattern>", "Filter by tool name (substring match)").option("--deny", "Show only denied actions").option("--json", "Output raw JSON").action((options) => {
-  const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "audit.log");
-  if (!import_fs7.default.existsSync(logPath)) {
+  const logPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "audit.log");
+  if (!import_fs8.default.existsSync(logPath)) {
     console.log(
       import_chalk6.default.yellow("No audit logs found. Run node9 with an agent to generate entries.")
     );
     return;
   }
-  const raw = import_fs7.default.readFileSync(logPath, "utf-8");
+  const raw = import_fs8.default.readFileSync(logPath, "utf-8");
   const lines = raw.split("\n").filter((l) => l.trim() !== "");
   let entries = lines.flatMap((line) => {
     try {
@@ -6120,13 +6410,13 @@ program.command("status").description("Show current Node9 mode, policy source, a
   console.log("");
   const modeLabel = settings.mode === "audit" ? import_chalk6.default.blue("audit") : settings.mode === "strict" ? import_chalk6.default.red("strict") : import_chalk6.default.white("standard");
   console.log(`  Mode:    ${modeLabel}`);
-  const projectConfig = import_path9.default.join(process.cwd(), "node9.config.json");
-  const globalConfig = import_path9.default.join(import_os7.default.homedir(), ".node9", "config.json");
+  const projectConfig = import_path10.default.join(process.cwd(), "node9.config.json");
+  const globalConfig = import_path10.default.join(import_os7.default.homedir(), ".node9", "config.json");
   console.log(
-    `  Local:   ${import_fs7.default.existsSync(projectConfig) ? import_chalk6.default.green("Active (node9.config.json)") : import_chalk6.default.gray("Not present")}`
+    `  Local:   ${import_fs8.default.existsSync(projectConfig) ? import_chalk6.default.green("Active (node9.config.json)") : import_chalk6.default.gray("Not present")}`
   );
   console.log(
-    `  Global:  ${import_fs7.default.existsSync(globalConfig) ? import_chalk6.default.green("Active (~/.node9/config.json)") : import_chalk6.default.gray("Not present")}`
+    `  Global:  ${import_fs8.default.existsSync(globalConfig) ? import_chalk6.default.green("Active (~/.node9/config.json)") : import_chalk6.default.gray("Not present")}`
   );
   if (mergedConfig.policy.sandboxPaths.length > 0) {
     console.log(
@@ -6210,9 +6500,9 @@ program.command("check").description("Hook handler \u2014 evaluates a tool call
       } catch (err) {
         const tempConfig = getConfig();
         if (process.env.NODE9_DEBUG === "1" || tempConfig.settings.enableHookLogDebug) {
-          const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
+          const logPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
           const errMsg = err instanceof Error ? err.message : String(err);
-          import_fs7.default.appendFileSync(
+          import_fs8.default.appendFileSync(
             logPath,
             `[${(/* @__PURE__ */ new Date()).toISOString()}] JSON_PARSE_ERROR: ${errMsg}
 RAW: ${raw}
@@ -6230,10 +6520,10 @@ RAW: ${raw}
       }
       const config = getConfig();
       if (process.env.NODE9_DEBUG === "1" || config.settings.enableHookLogDebug) {
-        const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
-        if (!import_fs7.default.existsSync(import_path9.default.dirname(logPath)))
-          import_fs7.default.mkdirSync(import_path9.default.dirname(logPath), { recursive: true });
-        import_fs7.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
+        const logPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
+        if (!import_fs8.default.existsSync(import_path10.default.dirname(logPath)))
+          import_fs8.default.mkdirSync(import_path10.default.dirname(logPath), { recursive: true });
+        import_fs8.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
 `);
       }
       const toolName = sanitize(payload.tool_name ?? payload.name ?? "");
@@ -6277,7 +6567,7 @@ RAW: ${raw}
       }
       const meta = { agent, mcpServer };
       if (shouldSnapshot(toolName, toolInput, config)) {
-        await createShadowSnapshot(toolName, toolInput);
+        await createShadowSnapshot(toolName, toolInput, config.policy.snapshot.ignorePaths);
       }
       const result = await authorizeHeadless(toolName, toolInput, false, meta);
       if (result.approved) {
@@ -6310,9 +6600,9 @@ RAW: ${raw}
       });
     } catch (err) {
       if (process.env.NODE9_DEBUG === "1") {
-        const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
+        const logPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
         const errMsg = err instanceof Error ? err.message : String(err);
-        import_fs7.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
+        import_fs8.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
 `);
       }
       process.exit(0);
@@ -6357,13 +6647,13 @@ program.command("log").description("PostToolUse hook \u2014 records executed too
         decision: "allowed",
         source: "post-hook"
       };
-      const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "audit.log");
-      if (!import_fs7.default.existsSync(import_path9.default.dirname(logPath)))
-        import_fs7.default.mkdirSync(import_path9.default.dirname(logPath), { recursive: true });
-      import_fs7.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
+      const logPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "audit.log");
+      if (!import_fs8.default.existsSync(import_path10.default.dirname(logPath)))
+        import_fs8.default.mkdirSync(import_path10.default.dirname(logPath), { recursive: true });
+      import_fs8.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
       const config = getConfig();
       if (shouldSnapshot(tool, {}, config)) {
-        await createShadowSnapshot();
+        await createShadowSnapshot("unknown", {}, config.policy.snapshot.ignorePaths);
       }
     } catch {
     }
@@ -6636,9 +6926,9 @@ process.on("unhandledRejection", (reason) => {
   const isCheckHook = process.argv[2] === "check";
   if (isCheckHook) {
     if (process.env.NODE9_DEBUG === "1" || getConfig().settings.enableHookLogDebug) {
-      const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
+      const logPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
       const msg = reason instanceof Error ? reason.message : String(reason);
-      import_fs7.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
+      import_fs8.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
 `);
     }
     process.exit(0);