npm - @node9/proxy - Versions diffs - 1.0.19 → 1.1.0 - Mend

@node9/proxy 1.0.19 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/cli.js CHANGED Viewed

@@ -380,8 +380,8 @@ function sanitizeConfig(raw) {
     }
   }
   const lines = result.error.issues.map((issue) => {
-    const path10 = issue.path.length > 0 ? issue.path.join(".") : "root";
-    return `  \u2022 ${path10}: ${issue.message}`;
+    const path11 = issue.path.length > 0 ? issue.path.join(".") : "root";
+    return `  \u2022 ${path11}: ${issue.message}`;
   });
   return {
     sanitized,
@@ -696,6 +696,39 @@ var init_shields = __esm({
 });
 // src/dlp.ts
+function scanFilePath(filePath, cwd = process.cwd()) {
+  if (!filePath) return null;
+  let resolved;
+  try {
+    const absolute = import_path4.default.resolve(cwd, filePath);
+    resolved = import_fs2.default.realpathSync.native(absolute);
+  } catch (err) {
+    const code = err.code;
+    if (code === "ENOENT" || code === "ENOTDIR") {
+      resolved = import_path4.default.resolve(cwd, filePath);
+    } else {
+      return {
+        patternName: "Sensitive File Path",
+        fieldPath: "file_path",
+        redactedSample: filePath,
+        severity: "block"
+      };
+    }
+  }
+  const normalised = resolved.replace(/\\/g, "/");
+  for (const pattern of SENSITIVE_PATH_PATTERNS) {
+    if (pattern.test(normalised)) {
+      return {
+        patternName: "Sensitive File Path",
+        fieldPath: "file_path",
+        redactedSample: filePath,
+        // show original path in alert, not resolved
+        severity: "block"
+      };
+    }
+  }
+  return null;
+}
 function maskSecret(raw, pattern) {
   const match = raw.match(pattern);
   if (!match) return "****";
@@ -748,10 +781,12 @@ function scanArgs(args, depth = 0, fieldPath = "args") {
   }
   return null;
 }
-var DLP_PATTERNS, MAX_DEPTH, MAX_STRING_BYTES, MAX_JSON_PARSE_BYTES;
+var import_fs2, import_path4, DLP_PATTERNS, SENSITIVE_PATH_PATTERNS, MAX_DEPTH, MAX_STRING_BYTES, MAX_JSON_PARSE_BYTES;
 var init_dlp = __esm({
   "src/dlp.ts"() {
     "use strict";
+    import_fs2 = __toESM(require("fs"));
+    import_path4 = __toESM(require("path"));
     DLP_PATTERNS = [
       { name: "AWS Access Key ID", regex: /\bAKIA[0-9A-Z]{16}\b/, severity: "block" },
       { name: "GitHub Token", regex: /\bgh[pous]_[A-Za-z0-9]{36}\b/, severity: "block" },
@@ -763,8 +798,43 @@ var init_dlp = __esm({
         regex: /-----BEGIN (?:RSA |EC |OPENSSH )?PRIVATE KEY-----/,
         severity: "block"
       },
+      // GCP service account JSON (detects the type field that uniquely identifies it)
+      {
+        name: "GCP Service Account",
+        regex: /"type"\s*:\s*"service_account"/,
+        severity: "block"
+      },
+      // NPM auth token in .npmrc format
+      {
+        name: "NPM Auth Token",
+        regex: /_authToken\s*=\s*[A-Za-z0-9_\-]{20,}/,
+        severity: "block"
+      },
       { name: "Bearer Token", regex: /Bearer\s+[a-zA-Z0-9\-._~+/]+=*/i, severity: "review" }
     ];
+    SENSITIVE_PATH_PATTERNS = [
+      /[/\\]\.ssh[/\\]/i,
+      /[/\\]\.aws[/\\]/i,
+      /[/\\]\.config[/\\]gcloud[/\\]/i,
+      /[/\\]\.azure[/\\]/i,
+      /[/\\]\.kube[/\\]config$/i,
+      /[/\\]\.env($|\.)/i,
+      // .env, .env.local, .env.production — not .envoy
+      /[/\\]\.git-credentials$/i,
+      /[/\\]\.npmrc$/i,
+      /[/\\]\.docker[/\\]config\.json$/i,
+      /[/\\][^/\\]+\.pem$/i,
+      /[/\\][^/\\]+\.key$/i,
+      /[/\\][^/\\]+\.p12$/i,
+      /[/\\][^/\\]+\.pfx$/i,
+      /^\/etc\/passwd$/,
+      /^\/etc\/shadow$/,
+      /^\/etc\/sudoers$/,
+      /[/\\]credentials\.json$/i,
+      /[/\\]id_rsa$/i,
+      /[/\\]id_ed25519$/i,
+      /[/\\]id_ecdsa$/i
+    ];
     MAX_DEPTH = 5;
     MAX_STRING_BYTES = 1e5;
     MAX_JSON_PARSE_BYTES = 1e4;
@@ -774,11 +844,11 @@ var init_dlp = __esm({
 // src/core.ts
 function checkPause() {
   try {
-    if (!import_fs2.default.existsSync(PAUSED_FILE)) return { paused: false };
-    const state = JSON.parse(import_fs2.default.readFileSync(PAUSED_FILE, "utf-8"));
+    if (!import_fs3.default.existsSync(PAUSED_FILE)) return { paused: false };
+    const state = JSON.parse(import_fs3.default.readFileSync(PAUSED_FILE, "utf-8"));
     if (state.expiry > 0 && Date.now() >= state.expiry) {
       try {
-        import_fs2.default.unlinkSync(PAUSED_FILE);
+        import_fs3.default.unlinkSync(PAUSED_FILE);
       } catch {
       }
       return { paused: false };
@@ -789,11 +859,11 @@ function checkPause() {
   }
 }
 function atomicWriteSync(filePath, data, options) {
-  const dir = import_path4.default.dirname(filePath);
-  if (!import_fs2.default.existsSync(dir)) import_fs2.default.mkdirSync(dir, { recursive: true });
+  const dir = import_path5.default.dirname(filePath);
+  if (!import_fs3.default.existsSync(dir)) import_fs3.default.mkdirSync(dir, { recursive: true });
   const tmpPath = `${filePath}.${import_os2.default.hostname()}.${process.pid}.tmp`;
-  import_fs2.default.writeFileSync(tmpPath, data, options);
-  import_fs2.default.renameSync(tmpPath, filePath);
+  import_fs3.default.writeFileSync(tmpPath, data, options);
+  import_fs3.default.renameSync(tmpPath, filePath);
 }
 function pauseNode9(durationMs, durationStr) {
   const state = { expiry: Date.now() + durationMs, duration: durationStr };
@@ -801,18 +871,88 @@ function pauseNode9(durationMs, durationStr) {
 }
 function resumeNode9() {
   try {
-    if (import_fs2.default.existsSync(PAUSED_FILE)) import_fs2.default.unlinkSync(PAUSED_FILE);
+    if (import_fs3.default.existsSync(PAUSED_FILE)) import_fs3.default.unlinkSync(PAUSED_FILE);
   } catch {
   }
 }
+function validateRegex(pattern) {
+  if (!pattern) return "Pattern is required";
+  if (pattern.length > MAX_REGEX_LENGTH) return `Pattern exceeds max length of ${MAX_REGEX_LENGTH}`;
+  let parens = 0, brackets = 0, isEscaped = false, inCharClass = false;
+  for (let i = 0; i < pattern.length; i++) {
+    const char = pattern[i];
+    if (isEscaped) {
+      isEscaped = false;
+      continue;
+    }
+    if (char === "\\") {
+      isEscaped = true;
+      continue;
+    }
+    if (char === "[" && !inCharClass) {
+      inCharClass = true;
+      brackets++;
+      continue;
+    }
+    if (char === "]" && inCharClass) {
+      inCharClass = false;
+      brackets--;
+      continue;
+    }
+    if (inCharClass) continue;
+    if (char === "(") parens++;
+    else if (char === ")") parens--;
+  }
+  if (parens !== 0) return "Unbalanced parentheses";
+  if (brackets !== 0) return "Unbalanced brackets";
+  if (/\\\d+[*+{]/.test(pattern)) return "Quantified backreferences are forbidden (ReDoS risk)";
+  if (!(0, import_safe_regex2.default)(pattern)) return "Pattern rejected: potential ReDoS vulnerability detected";
+  try {
+    new RegExp(pattern);
+  } catch (e) {
+    return `Invalid regex syntax: ${e.message}`;
+  }
+  return null;
+}
+function getCompiledRegex(pattern, flags = "") {
+  if (flags && !/^[gimsuy]+$/.test(flags)) {
+    if (process.env.NODE9_DEBUG === "1") console.error(`[Node9] Invalid regex flags: "${flags}"`);
+    return null;
+  }
+  const key = `${pattern}\0${flags}`;
+  if (regexCache.has(key)) {
+    const cached = regexCache.get(key);
+    regexCache.delete(key);
+    regexCache.set(key, cached);
+    return cached;
+  }
+  const err = validateRegex(pattern);
+  if (err) {
+    if (process.env.NODE9_DEBUG === "1")
+      console.error(`[Node9] Regex blocked: ${err} \u2014 pattern: "${pattern}"`);
+    return null;
+  }
+  try {
+    const re = new RegExp(pattern, flags);
+    if (regexCache.size >= REGEX_CACHE_MAX) {
+      const oldest = regexCache.keys().next().value;
+      if (oldest) regexCache.delete(oldest);
+    }
+    regexCache.set(key, re);
+    return re;
+  } catch (e) {
+    if (process.env.NODE9_DEBUG === "1") console.error(`[Node9] Regex compile failed:`, e);
+    return null;
+  }
+}
 function getActiveTrustSession(toolName) {
   try {
-    if (!import_fs2.default.existsSync(TRUST_FILE)) return false;
-    const trust = JSON.parse(import_fs2.default.readFileSync(TRUST_FILE, "utf-8"));
+    if (!import_fs3.default.existsSync(TRUST_FILE)) return false;
+    const trust = JSON.parse(import_fs3.default.readFileSync(TRUST_FILE, "utf-8"));
     const now = Date.now();
     const active = trust.entries.filter((e) => e.expiry > now);
     if (active.length !== trust.entries.length) {
-      import_fs2.default.writeFileSync(TRUST_FILE, JSON.stringify({ entries: active }, null, 2));
+      import_fs3.default.writeFileSync(TRUST_FILE, JSON.stringify({ entries: active }, null, 2));
     }
     return active.some((e) => e.tool === toolName || matchesPattern(toolName, e.tool));
   } catch {
@@ -823,8 +963,8 @@ function writeTrustSession(toolName, durationMs) {
   try {
     let trust = { entries: [] };
     try {
-      if (import_fs2.default.existsSync(TRUST_FILE)) {
-        trust = JSON.parse(import_fs2.default.readFileSync(TRUST_FILE, "utf-8"));
+      if (import_fs3.default.existsSync(TRUST_FILE)) {
+        trust = JSON.parse(import_fs3.default.readFileSync(TRUST_FILE, "utf-8"));
       }
     } catch {
     }
@@ -840,9 +980,9 @@ function writeTrustSession(toolName, durationMs) {
 }
 function appendToLog(logPath, entry) {
   try {
-    const dir = import_path4.default.dirname(logPath);
-    if (!import_fs2.default.existsSync(dir)) import_fs2.default.mkdirSync(dir, { recursive: true });
-    import_fs2.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
+    const dir = import_path5.default.dirname(logPath);
+    if (!import_fs3.default.existsSync(dir)) import_fs3.default.mkdirSync(dir, { recursive: true });
+    import_fs3.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
   } catch {
   }
 }
@@ -884,9 +1024,9 @@ function matchesPattern(text, patterns) {
   const withoutDotSlash = text.replace(/^\.\//, "");
   return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
 }
-function getNestedValue(obj, path10) {
+function getNestedValue(obj, path11) {
   if (!obj || typeof obj !== "object") return null;
-  return path10.split(".").reduce((prev, curr) => prev?.[curr], obj);
+  return path11.split(".").reduce((prev, curr) => prev?.[curr], obj);
 }
 function shouldSnapshot(toolName, args, config) {
   if (!config.settings.enableUndo) return false;
@@ -917,19 +1057,16 @@ function evaluateSmartConditions(args, rule) {
         return val !== null && cond.value ? !val.includes(cond.value) : true;
       case "matches": {
         if (val === null || !cond.value) return false;
-        try {
-          return new RegExp(cond.value, cond.flags ?? "").test(val);
-        } catch {
-          return false;
-        }
+        const reM = getCompiledRegex(cond.value, cond.flags ?? "");
+        if (!reM) return false;
+        return reM.test(val);
       }
       case "notMatches": {
-        if (val === null || !cond.value) return true;
-        try {
-          return !new RegExp(cond.value, cond.flags ?? "").test(val);
-        } catch {
-          return true;
-        }
+        if (!cond.value) return false;
+        if (val === null) return true;
+        const reN = getCompiledRegex(cond.value, cond.flags ?? "");
+        if (!reN) return false;
+        return !reN.test(val);
       }
       case "matchesGlob":
         return val !== null && cond.value ? import_picomatch.default.isMatch(val, cond.value) : false;
@@ -1042,9 +1179,9 @@ function _resetConfigCache() {
 }
 function getGlobalSettings() {
   try {
-    const globalConfigPath = import_path4.default.join(import_os2.default.homedir(), ".node9", "config.json");
-    if (import_fs2.default.existsSync(globalConfigPath)) {
-      const parsed = JSON.parse(import_fs2.default.readFileSync(globalConfigPath, "utf-8"));
+    const globalConfigPath = import_path5.default.join(import_os2.default.homedir(), ".node9", "config.json");
+    if (import_fs3.default.existsSync(globalConfigPath)) {
+      const parsed = JSON.parse(import_fs3.default.readFileSync(globalConfigPath, "utf-8"));
       const settings = parsed.settings || {};
       return {
         mode: settings.mode || "audit",
@@ -1066,9 +1203,9 @@ function getGlobalSettings() {
 }
 function getInternalToken() {
   try {
-    const pidFile = import_path4.default.join(import_os2.default.homedir(), ".node9", "daemon.pid");
-    if (!import_fs2.default.existsSync(pidFile)) return null;
-    const data = JSON.parse(import_fs2.default.readFileSync(pidFile, "utf-8"));
+    const pidFile = import_path5.default.join(import_os2.default.homedir(), ".node9", "daemon.pid");
+    if (!import_fs3.default.existsSync(pidFile)) return null;
+    const data = JSON.parse(import_fs3.default.readFileSync(pidFile, "utf-8"));
     process.kill(data.pid, 0);
     return data.internalToken ?? null;
   } catch {
@@ -1183,9 +1320,9 @@ async function evaluatePolicy(toolName, args, agent) {
 }
 async function explainPolicy(toolName, args) {
   const steps = [];
-  const globalPath = import_path4.default.join(import_os2.default.homedir(), ".node9", "config.json");
-  const projectPath = import_path4.default.join(process.cwd(), "node9.config.json");
-  const credsPath = import_path4.default.join(import_os2.default.homedir(), ".node9", "credentials.json");
+  const globalPath = import_path5.default.join(import_os2.default.homedir(), ".node9", "config.json");
+  const projectPath = import_path5.default.join(process.cwd(), "node9.config.json");
+  const credsPath = import_path5.default.join(import_os2.default.homedir(), ".node9", "credentials.json");
   const waterfall = [
     {
       tier: 1,
@@ -1196,19 +1333,19 @@ async function explainPolicy(toolName, args) {
     {
       tier: 2,
       label: "Cloud policy",
-      status: import_fs2.default.existsSync(credsPath) ? "active" : "missing",
-      note: import_fs2.default.existsSync(credsPath) ? "credentials found (not evaluated in explain mode)" : "not connected \u2014 run: node9 login"
+      status: import_fs3.default.existsSync(credsPath) ? "active" : "missing",
+      note: import_fs3.default.existsSync(credsPath) ? "credentials found (not evaluated in explain mode)" : "not connected \u2014 run: node9 login"
     },
     {
       tier: 3,
       label: "Project config",
-      status: import_fs2.default.existsSync(projectPath) ? "active" : "missing",
+      status: import_fs3.default.existsSync(projectPath) ? "active" : "missing",
       path: projectPath
     },
     {
       tier: 4,
       label: "Global config",
-      status: import_fs2.default.existsSync(globalPath) ? "active" : "missing",
+      status: import_fs3.default.existsSync(globalPath) ? "active" : "missing",
       path: globalPath
     },
     {
@@ -1221,7 +1358,9 @@ async function explainPolicy(toolName, args) {
   const config = getConfig();
   const wouldBeIgnored = matchesPattern(toolName, config.policy.ignoredTools);
   if (config.policy.dlp.enabled && (!wouldBeIgnored || config.policy.dlp.scanIgnoredTools)) {
-    const dlpMatch = args !== void 0 ? scanArgs(args) : null;
+    const argsObjE = args && typeof args === "object" && !Array.isArray(args) ? args : {};
+    const filePathE = String(argsObjE.file_path ?? argsObjE.path ?? argsObjE.filename ?? "");
+    const dlpMatch = (filePathE ? scanFilePath(filePathE) : null) ?? (args !== void 0 ? scanArgs(args) : null);
     if (dlpMatch) {
       steps.push({
         name: "DLP Content Scanner",
@@ -1444,10 +1583,10 @@ function isIgnoredTool(toolName) {
   return matchesPattern(toolName, config.policy.ignoredTools);
 }
 function isDaemonRunning() {
-  const pidFile = import_path4.default.join(import_os2.default.homedir(), ".node9", "daemon.pid");
-  if (import_fs2.default.existsSync(pidFile)) {
+  const pidFile = import_path5.default.join(import_os2.default.homedir(), ".node9", "daemon.pid");
+  if (import_fs3.default.existsSync(pidFile)) {
     try {
-      const { pid, port } = JSON.parse(import_fs2.default.readFileSync(pidFile, "utf-8"));
+      const { pid, port } = JSON.parse(import_fs3.default.readFileSync(pidFile, "utf-8"));
       if (port !== DAEMON_PORT) return false;
       process.kill(pid, 0);
       return true;
@@ -1467,9 +1606,9 @@ function isDaemonRunning() {
 }
 function getPersistentDecision(toolName) {
   try {
-    const file = import_path4.default.join(import_os2.default.homedir(), ".node9", "decisions.json");
-    if (!import_fs2.default.existsSync(file)) return null;
-    const decisions = JSON.parse(import_fs2.default.readFileSync(file, "utf-8"));
+    const file = import_path5.default.join(import_os2.default.homedir(), ".node9", "decisions.json");
+    if (!import_fs3.default.existsSync(file)) return null;
+    const decisions = JSON.parse(import_fs3.default.readFileSync(file, "utf-8"));
     const d = decisions[toolName];
     if (d === "allow" || d === "deny") return d;
   } catch {
@@ -1612,7 +1751,9 @@ async function _authorizeHeadlessCore(toolName, args, allowTerminalFallback = fa
   let policyMatchedWord;
   let riskMetadata;
   if (config.policy.dlp.enabled && (!isIgnoredTool(toolName) || config.policy.dlp.scanIgnoredTools)) {
-    const dlpMatch = scanArgs(args);
+    const argsObj = args && typeof args === "object" && !Array.isArray(args) ? args : {};
+    const filePath = String(argsObj.file_path ?? argsObj.path ?? argsObj.filename ?? "");
+    const dlpMatch = (filePath ? scanFilePath(filePath) : null) ?? scanArgs(args);
     if (dlpMatch) {
       const dlpReason = `\u{1F6A8} DATA LOSS PREVENTION: ${dlpMatch.patternName} detected in field "${dlpMatch.fieldPath}" (${dlpMatch.redactedSample})`;
       if (dlpMatch.severity === "block") {
@@ -1986,8 +2127,8 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
 }
 function getConfig() {
   if (cachedConfig) return cachedConfig;
-  const globalPath = import_path4.default.join(import_os2.default.homedir(), ".node9", "config.json");
-  const projectPath = import_path4.default.join(process.cwd(), "node9.config.json");
+  const globalPath = import_path5.default.join(import_os2.default.homedir(), ".node9", "config.json");
+  const projectPath = import_path5.default.join(process.cwd(), "node9.config.json");
   const globalConfig = tryLoadConfig(globalPath);
   const projectConfig = tryLoadConfig(projectPath);
   const mergedSettings = {
@@ -2082,10 +2223,10 @@ function getConfig() {
   return cachedConfig;
 }
 function tryLoadConfig(filePath) {
-  if (!import_fs2.default.existsSync(filePath)) return null;
+  if (!import_fs3.default.existsSync(filePath)) return null;
   let raw;
   try {
-    raw = JSON.parse(import_fs2.default.readFileSync(filePath, "utf-8"));
+    raw = JSON.parse(import_fs3.default.readFileSync(filePath, "utf-8"));
   } catch (err) {
     const msg = err instanceof Error ? err.message : String(err);
     process.stderr.write(
@@ -2147,9 +2288,9 @@ function getCredentials() {
     };
   }
   try {
-    const credPath = import_path4.default.join(import_os2.default.homedir(), ".node9", "credentials.json");
-    if (import_fs2.default.existsSync(credPath)) {
-      const creds = JSON.parse(import_fs2.default.readFileSync(credPath, "utf-8"));
+    const credPath = import_path5.default.join(import_os2.default.homedir(), ".node9", "credentials.json");
+    if (import_fs3.default.existsSync(credPath)) {
+      const creds = JSON.parse(import_fs3.default.readFileSync(credPath, "utf-8"));
       const profileName = process.env.NODE9_PROFILE || "default";
       const profile = creds[profileName];
       if (profile?.apiKey) {
@@ -2262,29 +2403,33 @@ async function resolveNode9SaaS(requestId, creds, approved) {
   } catch {
   }
 }
-var import_chalk2, import_prompts, import_fs2, import_path4, import_os2, import_net, import_crypto2, import_child_process2, import_picomatch, import_sh_syntax, PAUSED_FILE, TRUST_FILE, LOCAL_AUDIT_LOG, HOOK_DEBUG_LOG, SQL_DML_KEYWORDS, DANGEROUS_WORDS, DEFAULT_CONFIG, ADVISORY_SMART_RULES, cachedConfig, DAEMON_PORT, DAEMON_HOST, ACTIVITY_SOCKET_PATH;
+var import_chalk2, import_prompts, import_fs3, import_path5, import_os2, import_net, import_crypto2, import_child_process2, import_picomatch, import_safe_regex2, import_sh_syntax, PAUSED_FILE, TRUST_FILE, LOCAL_AUDIT_LOG, HOOK_DEBUG_LOG, MAX_REGEX_LENGTH, REGEX_CACHE_MAX, regexCache, SQL_DML_KEYWORDS, DANGEROUS_WORDS, DEFAULT_CONFIG, ADVISORY_SMART_RULES, cachedConfig, DAEMON_PORT, DAEMON_HOST, ACTIVITY_SOCKET_PATH;
 var init_core = __esm({
   "src/core.ts"() {
     "use strict";
     import_chalk2 = __toESM(require("chalk"));
     import_prompts = require("@inquirer/prompts");
-    import_fs2 = __toESM(require("fs"));
-    import_path4 = __toESM(require("path"));
+    import_fs3 = __toESM(require("fs"));
+    import_path5 = __toESM(require("path"));
     import_os2 = __toESM(require("os"));
     import_net = __toESM(require("net"));
     import_crypto2 = require("crypto");
     import_child_process2 = require("child_process");
     import_picomatch = __toESM(require("picomatch"));
+    import_safe_regex2 = __toESM(require("safe-regex2"));
     import_sh_syntax = require("sh-syntax");
     init_native();
     init_context_sniper();
     init_config_schema();
     init_shields();
     init_dlp();
-    PAUSED_FILE = import_path4.default.join(import_os2.default.homedir(), ".node9", "PAUSED");
-    TRUST_FILE = import_path4.default.join(import_os2.default.homedir(), ".node9", "trust.json");
-    LOCAL_AUDIT_LOG = import_path4.default.join(import_os2.default.homedir(), ".node9", "audit.log");
-    HOOK_DEBUG_LOG = import_path4.default.join(import_os2.default.homedir(), ".node9", "hook-debug.log");
+    PAUSED_FILE = import_path5.default.join(import_os2.default.homedir(), ".node9", "PAUSED");
+    TRUST_FILE = import_path5.default.join(import_os2.default.homedir(), ".node9", "trust.json");
+    LOCAL_AUDIT_LOG = import_path5.default.join(import_os2.default.homedir(), ".node9", "audit.log");
+    HOOK_DEBUG_LOG = import_path5.default.join(import_os2.default.homedir(), ".node9", "hook-debug.log");
+    MAX_REGEX_LENGTH = 100;
+    REGEX_CACHE_MAX = 500;
+    regexCache = /* @__PURE__ */ new Map();
     SQL_DML_KEYWORDS = /* @__PURE__ */ new Set(["select", "insert", "update", "delete", "merge", "upsert"]);
     DANGEROUS_WORDS = [
       "mkfs",
@@ -2499,7 +2644,7 @@ var init_core = __esm({
     cachedConfig = null;
     DAEMON_PORT = 7391;
     DAEMON_HOST = "127.0.0.1";
-    ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path4.default.join(import_os2.default.tmpdir(), "node9-activity.sock");
+    ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path5.default.join(import_os2.default.tmpdir(), "node9-activity.sock");
   }
 });
@@ -3957,18 +4102,18 @@ var init_ui2 = __esm({
 // src/daemon/index.ts
 function atomicWriteSync2(filePath, data, options) {
-  const dir = import_path6.default.dirname(filePath);
-  if (!import_fs4.default.existsSync(dir)) import_fs4.default.mkdirSync(dir, { recursive: true });
+  const dir = import_path7.default.dirname(filePath);
+  if (!import_fs5.default.existsSync(dir)) import_fs5.default.mkdirSync(dir, { recursive: true });
   const tmpPath = `${filePath}.${(0, import_crypto3.randomUUID)()}.tmp`;
-  import_fs4.default.writeFileSync(tmpPath, data, options);
-  import_fs4.default.renameSync(tmpPath, filePath);
+  import_fs5.default.writeFileSync(tmpPath, data, options);
+  import_fs5.default.renameSync(tmpPath, filePath);
 }
 function writeTrustEntry(toolName, durationMs) {
   try {
     let trust = { entries: [] };
     try {
-      if (import_fs4.default.existsSync(TRUST_FILE2))
-        trust = JSON.parse(import_fs4.default.readFileSync(TRUST_FILE2, "utf-8"));
+      if (import_fs5.default.existsSync(TRUST_FILE2))
+        trust = JSON.parse(import_fs5.default.readFileSync(TRUST_FILE2, "utf-8"));
     } catch {
     }
     trust.entries = trust.entries.filter((e) => e.tool !== toolName && e.expiry > Date.now());
@@ -3995,16 +4140,16 @@ function appendAuditLog(data) {
       decision: data.decision,
       source: "daemon"
     };
-    const dir = import_path6.default.dirname(AUDIT_LOG_FILE);
-    if (!import_fs4.default.existsSync(dir)) import_fs4.default.mkdirSync(dir, { recursive: true });
-    import_fs4.default.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
+    const dir = import_path7.default.dirname(AUDIT_LOG_FILE);
+    if (!import_fs5.default.existsSync(dir)) import_fs5.default.mkdirSync(dir, { recursive: true });
+    import_fs5.default.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
   } catch {
   }
 }
 function getAuditHistory(limit = 20) {
   try {
-    if (!import_fs4.default.existsSync(AUDIT_LOG_FILE)) return [];
-    const lines = import_fs4.default.readFileSync(AUDIT_LOG_FILE, "utf-8").trim().split("\n");
+    if (!import_fs5.default.existsSync(AUDIT_LOG_FILE)) return [];
+    const lines = import_fs5.default.readFileSync(AUDIT_LOG_FILE, "utf-8").trim().split("\n");
     if (lines.length === 1 && lines[0] === "") return [];
     return lines.slice(-limit).map((l) => JSON.parse(l)).reverse();
   } catch {
@@ -4013,7 +4158,7 @@ function getAuditHistory(limit = 20) {
 }
 function getOrgName() {
   try {
-    if (import_fs4.default.existsSync(CREDENTIALS_FILE)) {
+    if (import_fs5.default.existsSync(CREDENTIALS_FILE)) {
       return "Node9 Cloud";
     }
   } catch {
@@ -4021,13 +4166,13 @@ function getOrgName() {
   return null;
 }
 function hasStoredSlackKey() {
-  return import_fs4.default.existsSync(CREDENTIALS_FILE);
+  return import_fs5.default.existsSync(CREDENTIALS_FILE);
 }
 function writeGlobalSetting(key, value) {
   let config = {};
   try {
-    if (import_fs4.default.existsSync(GLOBAL_CONFIG_FILE)) {
-      config = JSON.parse(import_fs4.default.readFileSync(GLOBAL_CONFIG_FILE, "utf-8"));
+    if (import_fs5.default.existsSync(GLOBAL_CONFIG_FILE)) {
+      config = JSON.parse(import_fs5.default.readFileSync(GLOBAL_CONFIG_FILE, "utf-8"));
     }
   } catch {
   }
@@ -4046,7 +4191,7 @@ function abandonPending() {
   });
   if (autoStarted) {
     try {
-      import_fs4.default.unlinkSync(DAEMON_PID_FILE);
+      import_fs5.default.unlinkSync(DAEMON_PID_FILE);
     } catch {
     }
     setTimeout(() => {
@@ -4096,8 +4241,8 @@ function readBody(req) {
 }
 function readPersistentDecisions() {
   try {
-    if (import_fs4.default.existsSync(DECISIONS_FILE)) {
-      return JSON.parse(import_fs4.default.readFileSync(DECISIONS_FILE, "utf-8"));
+    if (import_fs5.default.existsSync(DECISIONS_FILE)) {
+      return JSON.parse(import_fs5.default.readFileSync(DECISIONS_FILE, "utf-8"));
     }
   } catch {
   }
@@ -4126,7 +4271,7 @@ function startDaemon() {
     idleTimer = setTimeout(() => {
       if (autoStarted) {
         try {
-          import_fs4.default.unlinkSync(DAEMON_PID_FILE);
+          import_fs5.default.unlinkSync(DAEMON_PID_FILE);
         } catch {
         }
       }
@@ -4511,14 +4656,14 @@ data: ${JSON.stringify(item.data)}
   server.on("error", (e) => {
     if (e.code === "EADDRINUSE") {
       try {
-        if (import_fs4.default.existsSync(DAEMON_PID_FILE)) {
-          const { pid } = JSON.parse(import_fs4.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
+        if (import_fs5.default.existsSync(DAEMON_PID_FILE)) {
+          const { pid } = JSON.parse(import_fs5.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
           process.kill(pid, 0);
           return process.exit(0);
         }
       } catch {
         try {
-          import_fs4.default.unlinkSync(DAEMON_PID_FILE);
+          import_fs5.default.unlinkSync(DAEMON_PID_FILE);
         } catch {
         }
         server.listen(DAEMON_PORT2, DAEMON_HOST2);
@@ -4569,7 +4714,7 @@ data: ${JSON.stringify(item.data)}
     console.log(import_chalk4.default.cyan("\u{1F6F0}\uFE0F  Flight Recorder active \u2014 daemon will not idle-timeout"));
   }
   try {
-    import_fs4.default.unlinkSync(ACTIVITY_SOCKET_PATH2);
+    import_fs5.default.unlinkSync(ACTIVITY_SOCKET_PATH2);
   } catch {
   }
   const ACTIVITY_MAX_BYTES = 1024 * 1024;
@@ -4611,30 +4756,30 @@ data: ${JSON.stringify(item.data)}
   unixServer.listen(ACTIVITY_SOCKET_PATH2);
   process.on("exit", () => {
     try {
-      import_fs4.default.unlinkSync(ACTIVITY_SOCKET_PATH2);
+      import_fs5.default.unlinkSync(ACTIVITY_SOCKET_PATH2);
     } catch {
     }
   });
 }
 function stopDaemon() {
-  if (!import_fs4.default.existsSync(DAEMON_PID_FILE)) return console.log(import_chalk4.default.yellow("Not running."));
+  if (!import_fs5.default.existsSync(DAEMON_PID_FILE)) return console.log(import_chalk4.default.yellow("Not running."));
   try {
-    const { pid } = JSON.parse(import_fs4.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
+    const { pid } = JSON.parse(import_fs5.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
     process.kill(pid, "SIGTERM");
     console.log(import_chalk4.default.green("\u2705 Stopped."));
   } catch {
     console.log(import_chalk4.default.gray("Cleaned up stale PID file."));
   } finally {
     try {
-      import_fs4.default.unlinkSync(DAEMON_PID_FILE);
+      import_fs5.default.unlinkSync(DAEMON_PID_FILE);
     } catch {
     }
   }
 }
 function daemonStatus() {
-  if (import_fs4.default.existsSync(DAEMON_PID_FILE)) {
+  if (import_fs5.default.existsSync(DAEMON_PID_FILE)) {
     try {
-      const { pid } = JSON.parse(import_fs4.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
+      const { pid } = JSON.parse(import_fs5.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
       process.kill(pid, 0);
       console.log(import_chalk4.default.green("Node9 daemon: running"));
       return;
@@ -4653,31 +4798,31 @@ function daemonStatus() {
     console.log(import_chalk4.default.yellow("Node9 daemon: not running"));
   }
 }
-var import_http, import_net2, import_fs4, import_path6, import_os4, import_child_process3, import_crypto3, import_chalk4, ACTIVITY_SOCKET_PATH2, DAEMON_PORT2, DAEMON_HOST2, homeDir, DAEMON_PID_FILE, DECISIONS_FILE, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, TRUST_DURATIONS, SECRET_KEY_RE, AUTO_DENY_MS, autoStarted, pending, sseClients, abandonTimer, daemonServer, hadBrowserClient, ACTIVITY_RING_SIZE, activityRing;
+var import_http, import_net2, import_fs5, import_path7, import_os4, import_child_process3, import_crypto3, import_chalk4, ACTIVITY_SOCKET_PATH2, DAEMON_PORT2, DAEMON_HOST2, homeDir, DAEMON_PID_FILE, DECISIONS_FILE, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, TRUST_DURATIONS, SECRET_KEY_RE, AUTO_DENY_MS, autoStarted, pending, sseClients, abandonTimer, daemonServer, hadBrowserClient, ACTIVITY_RING_SIZE, activityRing;
 var init_daemon = __esm({
   "src/daemon/index.ts"() {
     "use strict";
     init_ui2();
     import_http = __toESM(require("http"));
     import_net2 = __toESM(require("net"));
-    import_fs4 = __toESM(require("fs"));
-    import_path6 = __toESM(require("path"));
+    import_fs5 = __toESM(require("fs"));
+    import_path7 = __toESM(require("path"));
     import_os4 = __toESM(require("os"));
     import_child_process3 = require("child_process");
     import_crypto3 = require("crypto");
     import_chalk4 = __toESM(require("chalk"));
     init_core();
     init_shields();
-    ACTIVITY_SOCKET_PATH2 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path6.default.join(import_os4.default.tmpdir(), "node9-activity.sock");
+    ACTIVITY_SOCKET_PATH2 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path7.default.join(import_os4.default.tmpdir(), "node9-activity.sock");
     DAEMON_PORT2 = 7391;
     DAEMON_HOST2 = "127.0.0.1";
     homeDir = import_os4.default.homedir();
-    DAEMON_PID_FILE = import_path6.default.join(homeDir, ".node9", "daemon.pid");
-    DECISIONS_FILE = import_path6.default.join(homeDir, ".node9", "decisions.json");
-    GLOBAL_CONFIG_FILE = import_path6.default.join(homeDir, ".node9", "config.json");
-    CREDENTIALS_FILE = import_path6.default.join(homeDir, ".node9", "credentials.json");
-    AUDIT_LOG_FILE = import_path6.default.join(homeDir, ".node9", "audit.log");
-    TRUST_FILE2 = import_path6.default.join(homeDir, ".node9", "trust.json");
+    DAEMON_PID_FILE = import_path7.default.join(homeDir, ".node9", "daemon.pid");
+    DECISIONS_FILE = import_path7.default.join(homeDir, ".node9", "decisions.json");
+    GLOBAL_CONFIG_FILE = import_path7.default.join(homeDir, ".node9", "config.json");
+    CREDENTIALS_FILE = import_path7.default.join(homeDir, ".node9", "credentials.json");
+    AUDIT_LOG_FILE = import_path7.default.join(homeDir, ".node9", "audit.log");
+    TRUST_FILE2 = import_path7.default.join(homeDir, ".node9", "trust.json");
     TRUST_DURATIONS = {
       "30m": 30 * 6e4,
       "1h": 60 * 6e4,
@@ -4738,9 +4883,9 @@ function renderPending(activity) {
 }
 async function ensureDaemon() {
   let pidPort = null;
-  if (import_fs6.default.existsSync(PID_FILE)) {
+  if (import_fs7.default.existsSync(PID_FILE)) {
     try {
-      const { port } = JSON.parse(import_fs6.default.readFileSync(PID_FILE, "utf-8"));
+      const { port } = JSON.parse(import_fs7.default.readFileSync(PID_FILE, "utf-8"));
       pidPort = port;
     } catch {
       console.error(import_chalk5.default.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
@@ -4895,19 +5040,19 @@ async function startTail(options = {}) {
     process.exit(1);
   });
 }
-var import_http2, import_chalk5, import_fs6, import_os6, import_path8, import_readline, import_child_process5, PID_FILE, ICONS;
+var import_http2, import_chalk5, import_fs7, import_os6, import_path9, import_readline, import_child_process5, PID_FILE, ICONS;
 var init_tail = __esm({
   "src/tui/tail.ts"() {
     "use strict";
     import_http2 = __toESM(require("http"));
     import_chalk5 = __toESM(require("chalk"));
-    import_fs6 = __toESM(require("fs"));
+    import_fs7 = __toESM(require("fs"));
     import_os6 = __toESM(require("os"));
-    import_path8 = __toESM(require("path"));
+    import_path9 = __toESM(require("path"));
     import_readline = __toESM(require("readline"));
     import_child_process5 = require("child_process");
     init_daemon();
-    PID_FILE = import_path8.default.join(import_os6.default.homedir(), ".node9", "daemon.pid");
+    PID_FILE = import_path9.default.join(import_os6.default.homedir(), ".node9", "daemon.pid");
     ICONS = {
       bash: "\u{1F4BB}",
       shell: "\u{1F4BB}",
@@ -4933,8 +5078,8 @@ var import_commander = require("commander");
 init_core();
 // src/setup.ts
-var import_fs3 = __toESM(require("fs"));
-var import_path5 = __toESM(require("path"));
+var import_fs4 = __toESM(require("fs"));
+var import_path6 = __toESM(require("path"));
 var import_os3 = __toESM(require("os"));
 var import_chalk3 = __toESM(require("chalk"));
 var import_prompts2 = require("@inquirer/prompts");
@@ -4952,17 +5097,17 @@ function fullPathCommand(subcommand) {
 }
 function readJson(filePath) {
   try {
-    if (import_fs3.default.existsSync(filePath)) {
-      return JSON.parse(import_fs3.default.readFileSync(filePath, "utf-8"));
+    if (import_fs4.default.existsSync(filePath)) {
+      return JSON.parse(import_fs4.default.readFileSync(filePath, "utf-8"));
     }
   } catch {
   }
   return null;
 }
 function writeJson(filePath, data) {
-  const dir = import_path5.default.dirname(filePath);
-  if (!import_fs3.default.existsSync(dir)) import_fs3.default.mkdirSync(dir, { recursive: true });
-  import_fs3.default.writeFileSync(filePath, JSON.stringify(data, null, 2) + "\n");
+  const dir = import_path6.default.dirname(filePath);
+  if (!import_fs4.default.existsSync(dir)) import_fs4.default.mkdirSync(dir, { recursive: true });
+  import_fs4.default.writeFileSync(filePath, JSON.stringify(data, null, 2) + "\n");
 }
 function isNode9Hook(cmd) {
   if (!cmd) return false;
@@ -4970,8 +5115,8 @@ function isNode9Hook(cmd) {
 }
 function teardownClaude() {
   const homeDir2 = import_os3.default.homedir();
-  const hooksPath = import_path5.default.join(homeDir2, ".claude", "settings.json");
-  const mcpPath = import_path5.default.join(homeDir2, ".claude.json");
+  const hooksPath = import_path6.default.join(homeDir2, ".claude", "settings.json");
+  const mcpPath = import_path6.default.join(homeDir2, ".claude.json");
   let changed = false;
   const settings = readJson(hooksPath);
   if (settings?.hooks) {
@@ -5020,7 +5165,7 @@ function teardownClaude() {
 }
 function teardownGemini() {
   const homeDir2 = import_os3.default.homedir();
-  const settingsPath = import_path5.default.join(homeDir2, ".gemini", "settings.json");
+  const settingsPath = import_path6.default.join(homeDir2, ".gemini", "settings.json");
   const settings = readJson(settingsPath);
   if (!settings) {
     console.log(import_chalk3.default.blue("  \u2139\uFE0F  ~/.gemini/settings.json not found \u2014 nothing to remove"));
@@ -5059,7 +5204,7 @@ function teardownGemini() {
 }
 function teardownCursor() {
   const homeDir2 = import_os3.default.homedir();
-  const mcpPath = import_path5.default.join(homeDir2, ".cursor", "mcp.json");
+  const mcpPath = import_path6.default.join(homeDir2, ".cursor", "mcp.json");
   const mcpConfig = readJson(mcpPath);
   if (!mcpConfig?.mcpServers) {
     console.log(import_chalk3.default.blue("  \u2139\uFE0F  ~/.cursor/mcp.json not found \u2014 nothing to remove"));
@@ -5086,8 +5231,8 @@ function teardownCursor() {
 }
 async function setupClaude() {
   const homeDir2 = import_os3.default.homedir();
-  const mcpPath = import_path5.default.join(homeDir2, ".claude.json");
-  const hooksPath = import_path5.default.join(homeDir2, ".claude", "settings.json");
+  const mcpPath = import_path6.default.join(homeDir2, ".claude.json");
+  const hooksPath = import_path6.default.join(homeDir2, ".claude", "settings.json");
   const claudeConfig = readJson(mcpPath) ?? {};
   const settings = readJson(hooksPath) ?? {};
   const servers = claudeConfig.mcpServers ?? {};
@@ -5162,7 +5307,7 @@ async function setupClaude() {
 }
 async function setupGemini() {
   const homeDir2 = import_os3.default.homedir();
-  const settingsPath = import_path5.default.join(homeDir2, ".gemini", "settings.json");
+  const settingsPath = import_path6.default.join(homeDir2, ".gemini", "settings.json");
   const settings = readJson(settingsPath) ?? {};
   const servers = settings.mcpServers ?? {};
   let anythingChanged = false;
@@ -5245,7 +5390,7 @@ async function setupGemini() {
 }
 async function setupCursor() {
   const homeDir2 = import_os3.default.homedir();
-  const mcpPath = import_path5.default.join(homeDir2, ".cursor", "mcp.json");
+  const mcpPath = import_path6.default.join(homeDir2, ".cursor", "mcp.json");
   const mcpConfig = readJson(mcpPath) ?? {};
   const servers = mcpConfig.mcpServers ?? {};
   let anythingChanged = false;
@@ -5306,30 +5451,32 @@ var import_execa = require("execa");
 var import_execa2 = require("execa");
 var import_chalk6 = __toESM(require("chalk"));
 var import_readline2 = __toESM(require("readline"));
-var import_fs7 = __toESM(require("fs"));
-var import_path9 = __toESM(require("path"));
+var import_fs8 = __toESM(require("fs"));
+var import_path10 = __toESM(require("path"));
 var import_os7 = __toESM(require("os"));
 // src/undo.ts
 var import_child_process4 = require("child_process");
-var import_fs5 = __toESM(require("fs"));
-var import_path7 = __toESM(require("path"));
+var import_crypto4 = __toESM(require("crypto"));
+var import_fs6 = __toESM(require("fs"));
+var import_path8 = __toESM(require("path"));
 var import_os5 = __toESM(require("os"));
-var SNAPSHOT_STACK_PATH = import_path7.default.join(import_os5.default.homedir(), ".node9", "snapshots.json");
-var UNDO_LATEST_PATH = import_path7.default.join(import_os5.default.homedir(), ".node9", "undo_latest.txt");
+var SNAPSHOT_STACK_PATH = import_path8.default.join(import_os5.default.homedir(), ".node9", "snapshots.json");
+var UNDO_LATEST_PATH = import_path8.default.join(import_os5.default.homedir(), ".node9", "undo_latest.txt");
 var MAX_SNAPSHOTS = 10;
+var GIT_TIMEOUT = 15e3;
 function readStack() {
   try {
-    if (import_fs5.default.existsSync(SNAPSHOT_STACK_PATH))
-      return JSON.parse(import_fs5.default.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
+    if (import_fs6.default.existsSync(SNAPSHOT_STACK_PATH))
+      return JSON.parse(import_fs6.default.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
   } catch {
   }
   return [];
 }
 function writeStack(stack) {
-  const dir = import_path7.default.dirname(SNAPSHOT_STACK_PATH);
-  if (!import_fs5.default.existsSync(dir)) import_fs5.default.mkdirSync(dir, { recursive: true });
-  import_fs5.default.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
+  const dir = import_path8.default.dirname(SNAPSHOT_STACK_PATH);
+  if (!import_fs6.default.existsSync(dir)) import_fs6.default.mkdirSync(dir, { recursive: true });
+  import_fs6.default.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
 }
 function buildArgsSummary(tool, args) {
   if (!args || typeof args !== "object") return "";
@@ -5342,54 +5489,177 @@ function buildArgsSummary(tool, args) {
   if (typeof sql === "string") return sql.slice(0, 80);
   return tool;
 }
-async function createShadowSnapshot(tool = "unknown", args = {}) {
+function normalizeCwdForHash(cwd) {
+  let normalized;
+  try {
+    normalized = import_fs6.default.realpathSync(cwd);
+  } catch {
+    normalized = cwd;
+  }
+  normalized = normalized.replace(/\\/g, "/");
+  if (process.platform === "win32") normalized = normalized.toLowerCase();
+  return normalized;
+}
+function getShadowRepoDir(cwd) {
+  const hash = import_crypto4.default.createHash("sha256").update(normalizeCwdForHash(cwd)).digest("hex").slice(0, 16);
+  return import_path8.default.join(import_os5.default.homedir(), ".node9", "snapshots", hash);
+}
+function cleanOrphanedIndexFiles(shadowDir) {
+  try {
+    const cutoff = Date.now() - 6e4;
+    for (const f of import_fs6.default.readdirSync(shadowDir)) {
+      if (f.startsWith("index_")) {
+        const fp = import_path8.default.join(shadowDir, f);
+        try {
+          if (import_fs6.default.statSync(fp).mtimeMs < cutoff) import_fs6.default.unlinkSync(fp);
+        } catch {
+        }
+      }
+    }
+  } catch {
+  }
+}
+function writeShadowExcludes(shadowDir, ignorePaths) {
+  const hardcoded = [".git", ".node9"];
+  const lines = [...hardcoded, ...ignorePaths].join("\n");
+  try {
+    import_fs6.default.writeFileSync(import_path8.default.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
+  } catch {
+  }
+}
+function ensureShadowRepo(shadowDir, cwd) {
+  cleanOrphanedIndexFiles(shadowDir);
+  const normalizedCwd = normalizeCwdForHash(cwd);
+  const shadowEnvBase = { ...process.env, GIT_DIR: shadowDir, GIT_WORK_TREE: cwd };
+  const check = (0, import_child_process4.spawnSync)("git", ["rev-parse", "--git-dir"], {
+    env: shadowEnvBase,
+    timeout: 3e3
+  });
+  if (check.status === 0) {
+    const ptPath = import_path8.default.join(shadowDir, "project-path.txt");
+    try {
+      const stored = import_fs6.default.readFileSync(ptPath, "utf8").trim();
+      if (stored === normalizedCwd) return true;
+      if (process.env.NODE9_DEBUG === "1")
+        console.error(
+          `[Node9] Shadow repo path mismatch: stored="${stored}" expected="${normalizedCwd}" \u2014 reinitializing`
+        );
+      import_fs6.default.rmSync(shadowDir, { recursive: true, force: true });
+    } catch {
+      try {
+        import_fs6.default.writeFileSync(ptPath, normalizedCwd, "utf8");
+      } catch {
+      }
+      return true;
+    }
+  }
+  try {
+    import_fs6.default.mkdirSync(shadowDir, { recursive: true });
+  } catch {
+  }
+  const init = (0, import_child_process4.spawnSync)("git", ["init", "--bare", shadowDir], { timeout: 5e3 });
+  if (init.status !== 0) {
+    if (process.env.NODE9_DEBUG === "1")
+      console.error("[Node9] git init --bare failed:", init.stderr?.toString());
+    return false;
+  }
+  const configFile = import_path8.default.join(shadowDir, "config");
+  (0, import_child_process4.spawnSync)("git", ["config", "--file", configFile, "core.untrackedCache", "true"], {
+    timeout: 3e3
+  });
+  (0, import_child_process4.spawnSync)("git", ["config", "--file", configFile, "core.fsmonitor", "true"], {
+    timeout: 3e3
+  });
+  try {
+    import_fs6.default.writeFileSync(import_path8.default.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
+  } catch {
+  }
+  return true;
+}
+function buildGitEnv(cwd) {
+  const shadowDir = getShadowRepoDir(cwd);
+  const check = (0, import_child_process4.spawnSync)("git", ["rev-parse", "--git-dir"], {
+    env: { ...process.env, GIT_DIR: shadowDir, GIT_WORK_TREE: cwd },
+    timeout: 2e3
+  });
+  if (check.status === 0) {
+    return { ...process.env, GIT_DIR: shadowDir, GIT_WORK_TREE: cwd };
+  }
+  return { ...process.env };
+}
+async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = []) {
+  let indexFile = null;
   try {
     const cwd = process.cwd();
-    if (!import_fs5.default.existsSync(import_path7.default.join(cwd, ".git"))) return null;
-    const tempIndex = import_path7.default.join(cwd, ".git", `node9_index_${Date.now()}`);
-    const env = { ...process.env, GIT_INDEX_FILE: tempIndex };
-    (0, import_child_process4.spawnSync)("git", ["add", "-A"], { env });
-    const treeRes = (0, import_child_process4.spawnSync)("git", ["write-tree"], { env });
-    const treeHash = treeRes.stdout.toString().trim();
-    if (import_fs5.default.existsSync(tempIndex)) import_fs5.default.unlinkSync(tempIndex);
+    const shadowDir = getShadowRepoDir(cwd);
+    if (!ensureShadowRepo(shadowDir, cwd)) return null;
+    writeShadowExcludes(shadowDir, ignorePaths);
+    indexFile = import_path8.default.join(shadowDir, `index_${process.pid}_${Date.now()}`);
+    const shadowEnv = {
+      ...process.env,
+      GIT_DIR: shadowDir,
+      GIT_WORK_TREE: cwd,
+      GIT_INDEX_FILE: indexFile
+    };
+    (0, import_child_process4.spawnSync)("git", ["add", "-A"], { env: shadowEnv, timeout: GIT_TIMEOUT });
+    const treeRes = (0, import_child_process4.spawnSync)("git", ["write-tree"], { env: shadowEnv, timeout: GIT_TIMEOUT });
+    const treeHash = treeRes.stdout?.toString().trim();
     if (!treeHash || treeRes.status !== 0) return null;
-    const commitRes = (0, import_child_process4.spawnSync)("git", [
-      "commit-tree",
-      treeHash,
-      "-m",
-      `Node9 AI Snapshot: ${(/* @__PURE__ */ new Date()).toISOString()}`
-    ]);
-    const commitHash = commitRes.stdout.toString().trim();
+    const commitRes = (0, import_child_process4.spawnSync)(
+      "git",
+      ["commit-tree", treeHash, "-m", `Node9 AI Snapshot: ${(/* @__PURE__ */ new Date()).toISOString()}`],
+      { env: shadowEnv, timeout: GIT_TIMEOUT }
+    );
+    const commitHash = commitRes.stdout?.toString().trim();
     if (!commitHash || commitRes.status !== 0) return null;
     const stack = readStack();
-    const entry = {
+    stack.push({
       hash: commitHash,
       tool,
       argsSummary: buildArgsSummary(tool, args),
       cwd,
       timestamp: Date.now()
-    };
-    stack.push(entry);
+    });
+    const shouldGc = stack.length % 5 === 0;
     if (stack.length > MAX_SNAPSHOTS) stack.splice(0, stack.length - MAX_SNAPSHOTS);
     writeStack(stack);
-    import_fs5.default.writeFileSync(UNDO_LATEST_PATH, commitHash);
+    import_fs6.default.writeFileSync(UNDO_LATEST_PATH, commitHash);
+    if (shouldGc) {
+      (0, import_child_process4.spawn)("git", ["gc", "--auto"], { env: shadowEnv, detached: true, stdio: "ignore" }).unref();
+    }
     return commitHash;
   } catch (err) {
     if (process.env.NODE9_DEBUG === "1") console.error("[Node9 Undo Engine Error]:", err);
+    return null;
+  } finally {
+    if (indexFile) {
+      try {
+        import_fs6.default.unlinkSync(indexFile);
+      } catch {
+      }
+    }
   }
-  return null;
 }
 function getSnapshotHistory() {
   return readStack();
 }
 function computeUndoDiff(hash, cwd) {
   try {
-    const result = (0, import_child_process4.spawnSync)("git", ["diff", hash, "--stat", "--", "."], { cwd });
-    const stat = result.stdout.toString().trim();
-    if (!stat) return null;
-    const diff = (0, import_child_process4.spawnSync)("git", ["diff", hash, "--", "."], { cwd });
-    const raw = diff.stdout.toString();
-    if (!raw) return null;
+    const env = buildGitEnv(cwd);
+    const statRes = (0, import_child_process4.spawnSync)("git", ["diff", hash, "--stat", "--", "."], {
+      cwd,
+      env,
+      timeout: GIT_TIMEOUT
+    });
+    const stat = statRes.stdout?.toString().trim();
+    if (!stat || statRes.status !== 0) return null;
+    const diffRes = (0, import_child_process4.spawnSync)("git", ["diff", hash, "--", "."], {
+      cwd,
+      env,
+      timeout: GIT_TIMEOUT
+    });
+    const raw = diffRes.stdout?.toString();
+    if (!raw || diffRes.status !== 0) return null;
     const lines = raw.split("\n").filter(
       (l) => !l.startsWith("diff --git") && !l.startsWith("index ") && !l.startsWith("Binary")
     );
@@ -5401,18 +5671,31 @@ function computeUndoDiff(hash, cwd) {
 function applyUndo(hash, cwd) {
   try {
     const dir = cwd ?? process.cwd();
+    const env = buildGitEnv(dir);
     const restore = (0, import_child_process4.spawnSync)("git", ["restore", "--source", hash, "--staged", "--worktree", "."], {
-      cwd: dir
+      cwd: dir,
+      env,
+      timeout: GIT_TIMEOUT
     });
     if (restore.status !== 0) return false;
-    const lsTree = (0, import_child_process4.spawnSync)("git", ["ls-tree", "-r", "--name-only", hash], { cwd: dir });
-    const snapshotFiles = new Set(lsTree.stdout.toString().trim().split("\n").filter(Boolean));
-    const tracked = (0, import_child_process4.spawnSync)("git", ["ls-files"], { cwd: dir }).stdout.toString().trim().split("\n").filter(Boolean);
-    const untracked = (0, import_child_process4.spawnSync)("git", ["ls-files", "--others", "--exclude-standard"], { cwd: dir }).stdout.toString().trim().split("\n").filter(Boolean);
+    const lsTree = (0, import_child_process4.spawnSync)("git", ["ls-tree", "-r", "--name-only", hash], {
+      cwd: dir,
+      env,
+      timeout: GIT_TIMEOUT
+    });
+    const snapshotFiles = new Set(
+      lsTree.stdout?.toString().trim().split("\n").filter(Boolean) ?? []
+    );
+    const tracked = (0, import_child_process4.spawnSync)("git", ["ls-files"], { cwd: dir, env, timeout: GIT_TIMEOUT }).stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
+    const untracked = (0, import_child_process4.spawnSync)("git", ["ls-files", "--others", "--exclude-standard"], {
+      cwd: dir,
+      env,
+      timeout: GIT_TIMEOUT
+    }).stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
     for (const file of [...tracked, ...untracked]) {
-      const fullPath = import_path7.default.join(dir, file);
-      if (!snapshotFiles.has(file) && import_fs5.default.existsSync(fullPath)) {
-        import_fs5.default.unlinkSync(fullPath);
+      const fullPath = import_path8.default.join(dir, file);
+      if (!snapshotFiles.has(file) && import_fs6.default.existsSync(fullPath)) {
+        import_fs6.default.unlinkSync(fullPath);
       }
     }
     return true;
@@ -5425,7 +5708,7 @@ function applyUndo(hash, cwd) {
 init_shields();
 var import_prompts3 = require("@inquirer/prompts");
 var { version } = JSON.parse(
-  import_fs7.default.readFileSync(import_path9.default.join(__dirname, "../package.json"), "utf-8")
+  import_fs8.default.readFileSync(import_path10.default.join(__dirname, "../package.json"), "utf-8")
 );
 function parseDuration(str) {
   const m = str.trim().match(/^(\d+(?:\.\d+)?)\s*(s|m|h|d)?$/i);
@@ -5627,14 +5910,14 @@ async function runProxy(targetCommand) {
 }
 program.command("login").argument("<apiKey>").option("--local", "Save key for audit/logging only \u2014 local config still controls all decisions").option("--profile <name>", 'Save as a named profile (default: "default")').action((apiKey, options) => {
   const DEFAULT_API_URL = "https://api.node9.ai/api/v1/intercept";
-  const credPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "credentials.json");
-  if (!import_fs7.default.existsSync(import_path9.default.dirname(credPath)))
-    import_fs7.default.mkdirSync(import_path9.default.dirname(credPath), { recursive: true });
+  const credPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "credentials.json");
+  if (!import_fs8.default.existsSync(import_path10.default.dirname(credPath)))
+    import_fs8.default.mkdirSync(import_path10.default.dirname(credPath), { recursive: true });
   const profileName = options.profile || "default";
   let existingCreds = {};
   try {
-    if (import_fs7.default.existsSync(credPath)) {
-      const raw = JSON.parse(import_fs7.default.readFileSync(credPath, "utf-8"));
+    if (import_fs8.default.existsSync(credPath)) {
+      const raw = JSON.parse(import_fs8.default.readFileSync(credPath, "utf-8"));
       if (raw.apiKey) {
         existingCreds = {
           default: { apiKey: raw.apiKey, apiUrl: raw.apiUrl || DEFAULT_API_URL }
@@ -5646,13 +5929,13 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
   } catch {
   }
   existingCreds[profileName] = { apiKey, apiUrl: DEFAULT_API_URL };
-  import_fs7.default.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
+  import_fs8.default.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
   if (profileName === "default") {
-    const configPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "config.json");
+    const configPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "config.json");
     let config = {};
     try {
-      if (import_fs7.default.existsSync(configPath))
-        config = JSON.parse(import_fs7.default.readFileSync(configPath, "utf-8"));
+      if (import_fs8.default.existsSync(configPath))
+        config = JSON.parse(import_fs8.default.readFileSync(configPath, "utf-8"));
     } catch {
     }
     if (!config.settings || typeof config.settings !== "object") config.settings = {};
@@ -5667,9 +5950,9 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
       approvers.cloud = false;
     }
     s.approvers = approvers;
-    if (!import_fs7.default.existsSync(import_path9.default.dirname(configPath)))
-      import_fs7.default.mkdirSync(import_path9.default.dirname(configPath), { recursive: true });
-    import_fs7.default.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
+    if (!import_fs8.default.existsSync(import_path10.default.dirname(configPath)))
+      import_fs8.default.mkdirSync(import_path10.default.dirname(configPath), { recursive: true });
+    import_fs8.default.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
   }
   if (options.profile && profileName !== "default") {
     console.log(import_chalk6.default.green(`\u2705 Profile "${profileName}" saved`));
@@ -5755,15 +6038,15 @@ program.command("uninstall").description("Remove all Node9 hooks and optionally
     }
   }
   if (options.purge) {
-    const node9Dir = import_path9.default.join(import_os7.default.homedir(), ".node9");
-    if (import_fs7.default.existsSync(node9Dir)) {
+    const node9Dir = import_path10.default.join(import_os7.default.homedir(), ".node9");
+    if (import_fs8.default.existsSync(node9Dir)) {
       const confirmed = await (0, import_prompts3.confirm)({
         message: `Permanently delete ${node9Dir} (config, audit log, credentials)?`,
         default: false
       });
       if (confirmed) {
-        import_fs7.default.rmSync(node9Dir, { recursive: true });
-        if (import_fs7.default.existsSync(node9Dir)) {
+        import_fs8.default.rmSync(node9Dir, { recursive: true });
+        if (import_fs8.default.existsSync(node9Dir)) {
           console.error(
             import_chalk6.default.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
           );
@@ -5835,10 +6118,10 @@ program.command("doctor").description("Check that Node9 is installed and configu
     );
   }
   section("Configuration");
-  const globalConfigPath = import_path9.default.join(homeDir2, ".node9", "config.json");
-  if (import_fs7.default.existsSync(globalConfigPath)) {
+  const globalConfigPath = import_path10.default.join(homeDir2, ".node9", "config.json");
+  if (import_fs8.default.existsSync(globalConfigPath)) {
     try {
-      JSON.parse(import_fs7.default.readFileSync(globalConfigPath, "utf-8"));
+      JSON.parse(import_fs8.default.readFileSync(globalConfigPath, "utf-8"));
       pass("~/.node9/config.json found and valid");
     } catch {
       fail("~/.node9/config.json is invalid JSON", "Run: node9 init --force");
@@ -5846,17 +6129,17 @@ program.command("doctor").description("Check that Node9 is installed and configu
   } else {
     warn("~/.node9/config.json not found (using defaults)", "Run: node9 init");
   }
-  const projectConfigPath = import_path9.default.join(process.cwd(), "node9.config.json");
-  if (import_fs7.default.existsSync(projectConfigPath)) {
+  const projectConfigPath = import_path10.default.join(process.cwd(), "node9.config.json");
+  if (import_fs8.default.existsSync(projectConfigPath)) {
     try {
-      JSON.parse(import_fs7.default.readFileSync(projectConfigPath, "utf-8"));
+      JSON.parse(import_fs8.default.readFileSync(projectConfigPath, "utf-8"));
       pass("node9.config.json found and valid (project)");
     } catch {
       fail("node9.config.json is invalid JSON", "Fix the JSON or delete it and run: node9 init");
     }
   }
-  const credsPath = import_path9.default.join(homeDir2, ".node9", "credentials.json");
-  if (import_fs7.default.existsSync(credsPath)) {
+  const credsPath = import_path10.default.join(homeDir2, ".node9", "credentials.json");
+  if (import_fs8.default.existsSync(credsPath)) {
     pass("Cloud credentials found (~/.node9/credentials.json)");
   } else {
     warn(
@@ -5865,10 +6148,10 @@ program.command("doctor").description("Check that Node9 is installed and configu
     );
   }
   section("Agent Hooks");
-  const claudeSettingsPath = import_path9.default.join(homeDir2, ".claude", "settings.json");
-  if (import_fs7.default.existsSync(claudeSettingsPath)) {
+  const claudeSettingsPath = import_path10.default.join(homeDir2, ".claude", "settings.json");
+  if (import_fs8.default.existsSync(claudeSettingsPath)) {
     try {
-      const cs = JSON.parse(import_fs7.default.readFileSync(claudeSettingsPath, "utf-8"));
+      const cs = JSON.parse(import_fs8.default.readFileSync(claudeSettingsPath, "utf-8"));
       const hasHook = cs.hooks?.PreToolUse?.some(
         (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
       );
@@ -5881,10 +6164,10 @@ program.command("doctor").description("Check that Node9 is installed and configu
   } else {
     warn("Claude Code \u2014 not configured", "Run: node9 setup claude");
   }
-  const geminiSettingsPath = import_path9.default.join(homeDir2, ".gemini", "settings.json");
-  if (import_fs7.default.existsSync(geminiSettingsPath)) {
+  const geminiSettingsPath = import_path10.default.join(homeDir2, ".gemini", "settings.json");
+  if (import_fs8.default.existsSync(geminiSettingsPath)) {
     try {
-      const gs = JSON.parse(import_fs7.default.readFileSync(geminiSettingsPath, "utf-8"));
+      const gs = JSON.parse(import_fs8.default.readFileSync(geminiSettingsPath, "utf-8"));
       const hasHook = gs.hooks?.BeforeTool?.some(
         (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
       );
@@ -5897,10 +6180,10 @@ program.command("doctor").description("Check that Node9 is installed and configu
   } else {
     warn("Gemini CLI  \u2014 not configured", "Run: node9 setup gemini  (skip if not using Gemini)");
   }
-  const cursorHooksPath = import_path9.default.join(homeDir2, ".cursor", "hooks.json");
-  if (import_fs7.default.existsSync(cursorHooksPath)) {
+  const cursorHooksPath = import_path10.default.join(homeDir2, ".cursor", "hooks.json");
+  if (import_fs8.default.existsSync(cursorHooksPath)) {
     try {
-      const cur = JSON.parse(import_fs7.default.readFileSync(cursorHooksPath, "utf-8"));
+      const cur = JSON.parse(import_fs8.default.readFileSync(cursorHooksPath, "utf-8"));
       const hasHook = cur.hooks?.preToolUse?.some(
         (h) => h.command?.includes("node9") || h.command?.includes("cli.js")
       );
@@ -6002,8 +6285,8 @@ program.command("explain").description(
   console.log("");
 });
 program.command("init").description("Create ~/.node9/config.json with default policy (safe to run multiple times)").option("--force", "Overwrite existing config").option("-m, --mode <mode>", "Set initial security mode (standard, strict, audit)", "standard").action((options) => {
-  const configPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "config.json");
-  if (import_fs7.default.existsSync(configPath) && !options.force) {
+  const configPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "config.json");
+  if (import_fs8.default.existsSync(configPath) && !options.force) {
     console.log(import_chalk6.default.yellow(`\u2139\uFE0F  Global config already exists: ${configPath}`));
     console.log(import_chalk6.default.gray(`   Run with --force to overwrite.`));
     return;
@@ -6017,9 +6300,9 @@ program.command("init").description("Create ~/.node9/config.json with default po
       mode: safeMode
     }
   };
-  const dir = import_path9.default.dirname(configPath);
-  if (!import_fs7.default.existsSync(dir)) import_fs7.default.mkdirSync(dir, { recursive: true });
-  import_fs7.default.writeFileSync(configPath, JSON.stringify(configToSave, null, 2));
+  const dir = import_path10.default.dirname(configPath);
+  if (!import_fs8.default.existsSync(dir)) import_fs8.default.mkdirSync(dir, { recursive: true });
+  import_fs8.default.writeFileSync(configPath, JSON.stringify(configToSave, null, 2));
   console.log(import_chalk6.default.green(`\u2705 Global config created: ${configPath}`));
   console.log(import_chalk6.default.cyan(`   Mode set to: ${safeMode}`));
   console.log(
@@ -6037,14 +6320,14 @@ function formatRelativeTime(timestamp) {
   return new Date(timestamp).toLocaleDateString();
 }
 program.command("audit").description("View local execution audit log").option("--tail <n>", "Number of entries to show", "20").option("--tool <pattern>", "Filter by tool name (substring match)").option("--deny", "Show only denied actions").option("--json", "Output raw JSON").action((options) => {
-  const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "audit.log");
-  if (!import_fs7.default.existsSync(logPath)) {
+  const logPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "audit.log");
+  if (!import_fs8.default.existsSync(logPath)) {
     console.log(
       import_chalk6.default.yellow("No audit logs found. Run node9 with an agent to generate entries.")
     );
     return;
   }
-  const raw = import_fs7.default.readFileSync(logPath, "utf-8");
+  const raw = import_fs8.default.readFileSync(logPath, "utf-8");
   const lines = raw.split("\n").filter((l) => l.trim() !== "");
   let entries = lines.flatMap((line) => {
     try {
@@ -6127,13 +6410,13 @@ program.command("status").description("Show current Node9 mode, policy source, a
   console.log("");
   const modeLabel = settings.mode === "audit" ? import_chalk6.default.blue("audit") : settings.mode === "strict" ? import_chalk6.default.red("strict") : import_chalk6.default.white("standard");
   console.log(`  Mode:    ${modeLabel}`);
-  const projectConfig = import_path9.default.join(process.cwd(), "node9.config.json");
-  const globalConfig = import_path9.default.join(import_os7.default.homedir(), ".node9", "config.json");
+  const projectConfig = import_path10.default.join(process.cwd(), "node9.config.json");
+  const globalConfig = import_path10.default.join(import_os7.default.homedir(), ".node9", "config.json");
   console.log(
-    `  Local:   ${import_fs7.default.existsSync(projectConfig) ? import_chalk6.default.green("Active (node9.config.json)") : import_chalk6.default.gray("Not present")}`
+    `  Local:   ${import_fs8.default.existsSync(projectConfig) ? import_chalk6.default.green("Active (node9.config.json)") : import_chalk6.default.gray("Not present")}`
   );
   console.log(
-    `  Global:  ${import_fs7.default.existsSync(globalConfig) ? import_chalk6.default.green("Active (~/.node9/config.json)") : import_chalk6.default.gray("Not present")}`
+    `  Global:  ${import_fs8.default.existsSync(globalConfig) ? import_chalk6.default.green("Active (~/.node9/config.json)") : import_chalk6.default.gray("Not present")}`
   );
   if (mergedConfig.policy.sandboxPaths.length > 0) {
     console.log(
@@ -6217,9 +6500,9 @@ program.command("check").description("Hook handler \u2014 evaluates a tool call
       } catch (err) {
         const tempConfig = getConfig();
         if (process.env.NODE9_DEBUG === "1" || tempConfig.settings.enableHookLogDebug) {
-          const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
+          const logPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
           const errMsg = err instanceof Error ? err.message : String(err);
-          import_fs7.default.appendFileSync(
+          import_fs8.default.appendFileSync(
             logPath,
             `[${(/* @__PURE__ */ new Date()).toISOString()}] JSON_PARSE_ERROR: ${errMsg}
 RAW: ${raw}
@@ -6237,10 +6520,10 @@ RAW: ${raw}
       }
       const config = getConfig();
       if (process.env.NODE9_DEBUG === "1" || config.settings.enableHookLogDebug) {
-        const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
-        if (!import_fs7.default.existsSync(import_path9.default.dirname(logPath)))
-          import_fs7.default.mkdirSync(import_path9.default.dirname(logPath), { recursive: true });
-        import_fs7.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
+        const logPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
+        if (!import_fs8.default.existsSync(import_path10.default.dirname(logPath)))
+          import_fs8.default.mkdirSync(import_path10.default.dirname(logPath), { recursive: true });
+        import_fs8.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
 `);
       }
       const toolName = sanitize(payload.tool_name ?? payload.name ?? "");
@@ -6284,7 +6567,7 @@ RAW: ${raw}
       }
       const meta = { agent, mcpServer };
       if (shouldSnapshot(toolName, toolInput, config)) {
-        await createShadowSnapshot(toolName, toolInput);
+        await createShadowSnapshot(toolName, toolInput, config.policy.snapshot.ignorePaths);
       }
       const result = await authorizeHeadless(toolName, toolInput, false, meta);
       if (result.approved) {
@@ -6317,9 +6600,9 @@ RAW: ${raw}
       });
     } catch (err) {
       if (process.env.NODE9_DEBUG === "1") {
-        const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
+        const logPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
         const errMsg = err instanceof Error ? err.message : String(err);
-        import_fs7.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
+        import_fs8.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
 `);
       }
       process.exit(0);
@@ -6364,13 +6647,13 @@ program.command("log").description("PostToolUse hook \u2014 records executed too
         decision: "allowed",
         source: "post-hook"
       };
-      const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "audit.log");
-      if (!import_fs7.default.existsSync(import_path9.default.dirname(logPath)))
-        import_fs7.default.mkdirSync(import_path9.default.dirname(logPath), { recursive: true });
-      import_fs7.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
+      const logPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "audit.log");
+      if (!import_fs8.default.existsSync(import_path10.default.dirname(logPath)))
+        import_fs8.default.mkdirSync(import_path10.default.dirname(logPath), { recursive: true });
+      import_fs8.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
       const config = getConfig();
       if (shouldSnapshot(tool, {}, config)) {
-        await createShadowSnapshot();
+        await createShadowSnapshot("unknown", {}, config.policy.snapshot.ignorePaths);
       }
     } catch {
     }
@@ -6643,9 +6926,9 @@ process.on("unhandledRejection", (reason) => {
   const isCheckHook = process.argv[2] === "check";
   if (isCheckHook) {
     if (process.env.NODE9_DEBUG === "1" || getConfig().settings.enableHookLogDebug) {
-      const logPath = import_path9.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
+      const logPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
       const msg = reason instanceof Error ? reason.message : String(reason);
-      import_fs7.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
+      import_fs8.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
 `);
     }
     process.exit(0);