@node9/proxy 1.10.2 → 1.11.0

package/dist/cli.mjs

@@ -147,8 +147,8 @@ function sanitizeConfig(raw) {
     }
   }
   const lines = result.error.issues.map((issue) => {
-    const path35 = issue.path.length > 0 ? issue.path.join(".") : "root";
-    return `  \u2022 ${path35}: ${issue.message}`;
+    const path41 = issue.path.length > 0 ? issue.path.join(".") : "root";
+    return `  \u2022 ${path41}: ${issue.message}`;
   });
   return {
     sanitized,
@@ -232,7 +232,8 @@ var init_config_schema = __esm({
         enableTrustSessions: z.boolean().optional(),
         allowGlobalPause: z.boolean().optional(),
         auditHashArgs: z.boolean().optional(),
-        agentPolicy: z.enum(["require_approval", "block_on_rules"]).optional()
+        agentPolicy: z.enum(["require_approval", "block_on_rules"]).optional(),
+        cloudSyncIntervalHours: z.number().positive().optional()
       }).optional(),
       policy: z.object({
         sandboxPaths: z.array(z.string()).optional(),
@@ -253,6 +254,11 @@ var init_config_schema = __esm({
           enabled: z.boolean().optional(),
           threshold: z.number().min(2).optional(),
           windowSeconds: z.number().min(10).optional()
+        }).optional(),
+        skillPinning: z.object({
+          enabled: z.boolean().optional(),
+          mode: z.enum(["warn", "block"]).optional(),
+          roots: z.array(z.string()).optional()
         }).optional()
       }).optional(),
       environments: z.record(z.object({ requireApproval: z.boolean().optional() })).optional()
@@ -495,11 +501,11 @@ function getGlobalSettings() {
   };
 }
 function getCredentials() {
-  const DEFAULT_API_URL = "https://api.node9.ai/api/v1/intercept";
+  const DEFAULT_API_URL2 = "https://api.node9.ai/api/v1/intercept";
   if (process.env.NODE9_API_KEY) {
     return {
       apiKey: process.env.NODE9_API_KEY,
-      apiUrl: process.env.NODE9_API_URL || DEFAULT_API_URL
+      apiUrl: process.env.NODE9_API_URL || DEFAULT_API_URL2
     };
   }
   try {
@@ -511,13 +517,13 @@ function getCredentials() {
       if (profile?.apiKey) {
         return {
           apiKey: profile.apiKey,
-          apiUrl: profile.apiUrl || DEFAULT_API_URL
+          apiUrl: profile.apiUrl || DEFAULT_API_URL2
         };
       }
       if (creds.apiKey) {
         return {
           apiKey: creds.apiKey,
-          apiUrl: creds.apiUrl || DEFAULT_API_URL
+          apiUrl: creds.apiUrl || DEFAULT_API_URL2
         };
       }
     }
@@ -551,7 +557,11 @@ function getConfig(cwd) {
       ignorePaths: [...DEFAULT_CONFIG.policy.snapshot.ignorePaths]
     },
     dlp: { ...DEFAULT_CONFIG.policy.dlp },
-    loopDetection: { ...DEFAULT_CONFIG.policy.loopDetection }
+    loopDetection: { ...DEFAULT_CONFIG.policy.loopDetection },
+    skillPinning: {
+      ...DEFAULT_CONFIG.policy.skillPinning,
+      roots: [...DEFAULT_CONFIG.policy.skillPinning.roots]
+    }
   };
   const mergedEnvironments = { ...DEFAULT_CONFIG.environments };
   const applyLayer = (source) => {
@@ -568,6 +578,8 @@ function getConfig(cwd) {
     if (s.approvalTimeoutSeconds !== void 0 && s.approvalTimeoutMs === void 0)
       mergedSettings.approvalTimeoutMs = s.approvalTimeoutSeconds * 1e3;
     if (s.environment !== void 0) mergedSettings.environment = s.environment;
+    if (s.cloudSyncIntervalHours !== void 0)
+      mergedSettings.cloudSyncIntervalHours = s.cloudSyncIntervalHours;
     if (s.hud !== void 0) mergedSettings.hud = { ...mergedSettings.hud, ...s.hud };
     if (p.sandboxPaths) mergedPolicy.sandboxPaths.push(...p.sandboxPaths);
     if (p.ignoredTools) mergedPolicy.ignoredTools.push(...p.ignoredTools);
@@ -577,7 +589,12 @@ function getConfig(cwd) {
     if (p.smartRules) {
       const defaultBlocks = mergedPolicy.smartRules.filter((r) => r.verdict === "block");
       const defaultNonBlocks = mergedPolicy.smartRules.filter((r) => r.verdict !== "block");
-      mergedPolicy.smartRules = [...defaultBlocks, ...p.smartRules, ...defaultNonBlocks];
+      const userRuleNames = new Set(p.smartRules.filter((r) => r.name).map((r) => r.name));
+      const filteredBlocks = defaultBlocks.filter((r) => !r.name || !userRuleNames.has(r.name));
+      const filteredNonBlocks = defaultNonBlocks.filter(
+        (r) => !r.name || !userRuleNames.has(r.name)
+      );
+      mergedPolicy.smartRules = [...filteredBlocks, ...p.smartRules, ...filteredNonBlocks];
     }
     if (p.snapshot) {
       const s2 = p.snapshot;
@@ -597,6 +614,16 @@ function getConfig(cwd) {
       if (ld.windowSeconds !== void 0)
         mergedPolicy.loopDetection.windowSeconds = ld.windowSeconds;
     }
+    if (p.skillPinning && typeof p.skillPinning === "object") {
+      const sp = p.skillPinning;
+      if (sp.enabled !== void 0) mergedPolicy.skillPinning.enabled = sp.enabled;
+      if (sp.mode !== void 0) mergedPolicy.skillPinning.mode = sp.mode;
+      if (Array.isArray(sp.roots)) {
+        for (const r of sp.roots) {
+          if (typeof r === "string" && r.length > 0) mergedPolicy.skillPinning.roots.push(r);
+        }
+      }
+    }
     const envs = source.environments || {};
     for (const [envName, envConfig] of Object.entries(envs)) {
       if (envConfig && typeof envConfig === "object") {
@@ -611,6 +638,16 @@ function getConfig(cwd) {
   };
   applyLayer(globalConfig);
   applyLayer(projectConfig);
+  {
+    const cacheFile = path3.join(os3.homedir(), ".node9", "rules-cache.json");
+    try {
+      const raw = JSON.parse(fs3.readFileSync(cacheFile, "utf-8"));
+      if (Array.isArray(raw.rules) && raw.rules.length > 0) {
+        applyLayer({ policy: { smartRules: raw.rules } });
+      }
+    } catch {
+    }
+  }
   const shieldOverrides = readShieldOverrides();
   for (const shieldName of readActiveShields()) {
     const shield = getShield(shieldName);
@@ -638,6 +675,7 @@ function getConfig(cwd) {
   mergedPolicy.sandboxPaths = [...new Set(mergedPolicy.sandboxPaths)];
   mergedPolicy.dangerousWords = [...new Set(mergedPolicy.dangerousWords)];
   mergedPolicy.ignoredTools = [...new Set(mergedPolicy.ignoredTools)];
+  mergedPolicy.skillPinning.roots = [...new Set(mergedPolicy.skillPinning.roots)];
   mergedPolicy.snapshot.tools = [...new Set(mergedPolicy.snapshot.tools)];
   mergedPolicy.snapshot.onlyPaths = [...new Set(mergedPolicy.snapshot.onlyPaths)];
   mergedPolicy.snapshot.ignorePaths = [...new Set(mergedPolicy.snapshot.ignorePaths)];
@@ -726,7 +764,8 @@ var init_config = __esm({
         // 120-second auto-deny timeout
         flightRecorder: true,
         auditHashArgs: true,
-        approvers: { native: true, browser: true, cloud: false, terminal: true }
+        approvers: { native: true, browser: true, cloud: false, terminal: true },
+        cloudSyncIntervalHours: 5
       },
       policy: {
         sandboxPaths: ["/tmp/**", "**/sandbox/**", "**/test-results/**"],
@@ -901,7 +940,8 @@ var init_config = __esm({
           }
         ],
         dlp: { enabled: true, scanIgnoredTools: true },
-        loopDetection: { enabled: true, threshold: 5, windowSeconds: 120 }
+        loopDetection: { enabled: true, threshold: 5, windowSeconds: 120 },
+        skillPinning: { enabled: false, mode: "warn", roots: [] }
       },
       environments: {}
     };
@@ -1710,9 +1750,9 @@ function matchesPattern(text, patterns) {
   const withoutDotSlash = text.replace(/^\.\//, "");
   return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
 }
-function getNestedValue(obj, path35) {
+function getNestedValue(obj, path41) {
   if (!obj || typeof obj !== "object") return null;
-  return path35.split(".").reduce((prev, curr) => prev?.[curr], obj);
+  return path41.split(".").reduce((prev, curr) => prev?.[curr], obj);
 }
 function shouldSnapshot(toolName, args, config) {
   if (!config.settings.enableUndo) return false;
@@ -2187,8 +2227,8 @@ async function explainPolicy(toolName, args) {
       const flattenedArgs = JSON.stringify(args).toLowerCase();
       const extraTokens = flattenedArgs.split(/[^a-zA-Z0-9]+/).filter((t) => t.length > 1);
       allTokens.push(...extraTokens);
-      const preview = extraTokens.slice(0, 8).join(", ") + (extraTokens.length > 8 ? "\u2026" : "");
-      detail += ` + deep scan of args: [${preview}]`;
+      const preview2 = extraTokens.slice(0, 8).join(", ") + (extraTokens.length > 8 ? "\u2026" : "");
+      detail += ` + deep scan of args: [${preview2}]`;
     }
     steps.push({ name: "Input parsing", outcome: "checked", detail });
   }
@@ -2305,6 +2345,15 @@ var init_policy = __esm({
 import fs8 from "fs";
 import path9 from "path";
 import os7 from "os";
+function extractCommandPattern(toolName, args) {
+  const lower = toolName.toLowerCase();
+  if (lower !== "bash" && lower !== "execute_bash" && lower !== "shell") return void 0;
+  const a = args;
+  const cmd = typeof a?.["command"] === "string" ? a["command"].trim() : "";
+  if (!cmd) return void 0;
+  const words = cmd.split(/\s+/);
+  return words.slice(0, 2).join(" ");
+}
 function checkPause() {
   try {
     if (!fs8.existsSync(PAUSED_FILE)) return { paused: false };
@@ -2338,7 +2387,7 @@ function resumeNode9() {
   } catch {
   }
 }
-function getActiveTrustSession(toolName) {
+function getActiveTrustSession(toolName, args) {
   try {
     if (!fs8.existsSync(TRUST_FILE)) return false;
     const trust = JSON.parse(fs8.readFileSync(TRUST_FILE, "utf-8"));
@@ -2347,12 +2396,20 @@ function getActiveTrustSession(toolName) {
     if (active.length !== trust.entries.length) {
       fs8.writeFileSync(TRUST_FILE, JSON.stringify({ entries: active }, null, 2));
     }
-    return active.some((e) => e.tool === toolName || matchesPattern(toolName, e.tool));
+    return active.some((e) => {
+      if (!(e.tool === toolName || matchesPattern(toolName, e.tool))) return false;
+      if (e.commandPattern) {
+        const actual = extractCommandPattern(toolName, args) ?? "";
+        return actual === e.commandPattern || actual.startsWith(e.commandPattern + " ");
+      }
+      return true;
+    });
   } catch {
     return false;
   }
 }
-function writeTrustSession(toolName, durationMs) {
+function writeTrustSession(toolName, durationMs, args) {
+  const commandPattern = extractCommandPattern(toolName, args);
   try {
     let trust = { entries: [] };
     try {
@@ -2362,8 +2419,14 @@ function writeTrustSession(toolName, durationMs) {
     } catch {
     }
     const now = Date.now();
-    trust.entries = trust.entries.filter((e) => e.tool !== toolName && e.expiry > now);
-    trust.entries.push({ tool: toolName, expiry: now + durationMs });
+    trust.entries = trust.entries.filter(
+      (e) => !(e.tool === toolName && e.commandPattern === commandPattern) && e.expiry > now
+    );
+    trust.entries.push({
+      tool: toolName,
+      ...commandPattern && { commandPattern },
+      expiry: now + durationMs
+    });
     atomicWriteSync(TRUST_FILE, JSON.stringify(trust, null, 2));
   } catch (err2) {
     if (process.env.NODE9_DEBUG === "1") {
@@ -2452,8 +2515,8 @@ function isDaemonRunning() {
     if (port !== DAEMON_PORT) {
       return false;
     }
-    const MAX_PID = 4194304;
-    if (typeof pid !== "number" || !Number.isInteger(pid) || pid <= 0 || pid > MAX_PID) {
+    const MAX_PID2 = 4194304;
+    if (typeof pid !== "number" || !Number.isInteger(pid) || pid <= 0 || pid > MAX_PID2) {
       return false;
     }
     try {
@@ -3359,12 +3422,6 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
         };
       }
     }
-    if (getActiveTrustSession(toolName)) {
-      if (approvers.cloud && creds?.apiKey)
-        await auditLocalAllow(toolName, args, "trust", creds, meta);
-      if (!isManual) appendLocalAudit(toolName, args, "allow", "trust", meta, hashAuditArgs);
-      return { approved: true, checkedBy: "trust" };
-    }
     const policyResult = await evaluatePolicy(toolName, args, meta?.agent);
     if (policyResult.decision === "allow") {
       if (approvers.cloud && creds?.apiKey)
@@ -3446,6 +3503,12 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
     if (!isManual) appendLocalAudit(toolName, args, "allow", "ignored", meta, hashAuditArgs);
     return { approved: true };
   }
+  if (!taintWarning && getActiveTrustSession(toolName, args)) {
+    if (approvers.cloud && creds?.apiKey)
+      await auditLocalAllow(toolName, args, "trust", creds, meta);
+    if (!isManual) appendLocalAudit(toolName, args, "allow", "trust", meta, hashAuditArgs);
+    return { approved: true, checkedBy: "trust" };
+  }
   if (taintWarning) {
     explainableLabel = "\u{1F534} Node9 Taint (Exfiltration Prevention)";
     riskMetadata = computeRiskMetadata(
@@ -3578,7 +3641,7 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
           riskMetadata?.ruleDescription
         );
         if (decision === "always_allow") {
-          writeTrustSession(toolName, 36e5);
+          writeTrustSession(toolName, 36e5, args);
           return { approved: true, checkedBy: "trust" };
         }
         const isApproved = decision === "allow";
@@ -5756,7 +5819,7 @@ function writeGlobalSetting(key, value) {
   config.settings[key] = value;
   atomicWriteSync2(GLOBAL_CONFIG_FILE, JSON.stringify(config, null, 2), { mode: 384 });
 }
-function writeTrustEntry(toolName, durationMs) {
+function writeTrustEntry(toolName, durationMs, commandPattern) {
   try {
     let trust = { entries: [] };
     try {
@@ -5764,8 +5827,14 @@ function writeTrustEntry(toolName, durationMs) {
         trust = JSON.parse(fs14.readFileSync(TRUST_FILE2, "utf-8"));
     } catch {
     }
-    trust.entries = trust.entries.filter((e) => e.tool !== toolName && e.expiry > Date.now());
-    trust.entries.push({ tool: toolName, expiry: Date.now() + durationMs });
+    trust.entries = trust.entries.filter(
+      (e) => !(e.tool === toolName && e.commandPattern === commandPattern) && e.expiry > Date.now()
+    );
+    trust.entries.push({
+      tool: toolName,
+      ...commandPattern && { commandPattern },
+      expiry: Date.now() + durationMs
+    });
     atomicWriteSync2(TRUST_FILE2, JSON.stringify(trust, null, 2));
   } catch {
   }
@@ -6243,15 +6312,152 @@ var init_costSync = __esm({
   }
 });
 
-// src/daemon/server.ts
-import http from "http";
+// src/daemon/sync.ts
 import fs17 from "fs";
+import https from "https";
+import os15 from "os";
 import path20 from "path";
+function readCredentials() {
+  if (process.env.NODE9_API_KEY) {
+    return {
+      apiKey: process.env.NODE9_API_KEY,
+      apiUrl: process.env.NODE9_API_URL ?? DEFAULT_API_URL
+    };
+  }
+  try {
+    const credPath = path20.join(os15.homedir(), ".node9", "credentials.json");
+    const creds = JSON.parse(fs17.readFileSync(credPath, "utf-8"));
+    const profileName = process.env.NODE9_PROFILE ?? "default";
+    const profile = creds[profileName];
+    if (typeof profile?.apiKey === "string" && profile.apiKey.length > 0) {
+      return {
+        apiKey: profile.apiKey,
+        apiUrl: typeof profile.apiUrl === "string" ? profile.apiUrl.replace(/\/intercept$/, "/policy") : DEFAULT_API_URL
+      };
+    }
+    if (typeof creds.apiKey === "string" && creds.apiKey.length > 0) {
+      return { apiKey: creds.apiKey, apiUrl: DEFAULT_API_URL };
+    }
+  } catch {
+  }
+  return null;
+}
+function fetchCloudRules(apiKey, apiUrl) {
+  const parsed = new URL(apiUrl);
+  return new Promise((resolve, reject) => {
+    const req = https.request(
+      {
+        hostname: parsed.hostname,
+        port: parsed.port ? parseInt(parsed.port, 10) : void 0,
+        path: parsed.pathname + parsed.search,
+        method: "GET",
+        headers: {
+          Authorization: `Bearer ${apiKey}`,
+          "Content-Type": "application/json"
+        },
+        timeout: 1e4
+      },
+      (res) => {
+        const chunks = [];
+        res.on("data", (chunk) => chunks.push(chunk));
+        res.on("end", () => {
+          if (res.statusCode !== 200) {
+            reject(new Error(`API returned ${res.statusCode ?? "unknown"}`));
+            return;
+          }
+          try {
+            const body = JSON.parse(Buffer.concat(chunks).toString("utf-8"));
+            const rules = Array.isArray(body) ? body : Array.isArray(body.rules) ? body.rules : [];
+            resolve(rules);
+          } catch (e) {
+            reject(e);
+          }
+        });
+      }
+    );
+    req.on("error", reject);
+    req.on("timeout", () => {
+      req.destroy(new Error("Cloud policy fetch timed out"));
+    });
+    req.end();
+  });
+}
+async function syncOnce() {
+  const creds = readCredentials();
+  if (!creds) return;
+  try {
+    const rules = await fetchCloudRules(creds.apiKey, creds.apiUrl);
+    const cache = { fetchedAt: (/* @__PURE__ */ new Date()).toISOString(), rules };
+    const dir = path20.dirname(rulesCacheFile());
+    if (!fs17.existsSync(dir)) fs17.mkdirSync(dir, { recursive: true });
+    fs17.writeFileSync(rulesCacheFile(), JSON.stringify(cache, null, 2) + "\n", "utf-8");
+  } catch {
+  }
+}
+async function runCloudSync() {
+  const creds = readCredentials();
+  if (!creds) {
+    return { ok: false, reason: "No API key configured. Add credentials with: node9 login" };
+  }
+  try {
+    const rules = await fetchCloudRules(creds.apiKey, creds.apiUrl);
+    const cache = { fetchedAt: (/* @__PURE__ */ new Date()).toISOString(), rules };
+    const dir = path20.dirname(rulesCacheFile());
+    if (!fs17.existsSync(dir)) fs17.mkdirSync(dir, { recursive: true });
+    fs17.writeFileSync(rulesCacheFile(), JSON.stringify(cache, null, 2) + "\n", "utf-8");
+    return { ok: true, rules: rules.length, fetchedAt: cache.fetchedAt };
+  } catch (err2) {
+    return { ok: false, reason: err2 instanceof Error ? err2.message : String(err2) };
+  }
+}
+function getCloudSyncStatus() {
+  try {
+    const raw = JSON.parse(fs17.readFileSync(rulesCacheFile(), "utf-8"));
+    if (!Array.isArray(raw.rules) || typeof raw.fetchedAt !== "string") return { cached: false };
+    return { cached: true, rules: raw.rules.length, fetchedAt: raw.fetchedAt };
+  } catch {
+    return { cached: false };
+  }
+}
+function getCloudRules() {
+  try {
+    const raw = JSON.parse(fs17.readFileSync(rulesCacheFile(), "utf-8"));
+    return Array.isArray(raw.rules) ? raw.rules : null;
+  } catch {
+    return null;
+  }
+}
+function startCloudSync() {
+  const rawHours = getConfig().settings.cloudSyncIntervalHours ?? DEFAULT_INTERVAL_HOURS;
+  const intervalHours = Math.max(rawHours, MIN_INTERVAL_HOURS);
+  const intervalMs = intervalHours * 60 * 60 * 1e3;
+  const initial = setTimeout(() => void syncOnce(), 3e4);
+  initial.unref();
+  const recurring = setInterval(() => void syncOnce(), intervalMs);
+  recurring.unref();
+}
+var rulesCacheFile, DEFAULT_API_URL, DEFAULT_INTERVAL_HOURS, MIN_INTERVAL_HOURS;
+var init_sync = __esm({
+  "src/daemon/sync.ts"() {
+    "use strict";
+    init_config();
+    rulesCacheFile = () => path20.join(os15.homedir(), ".node9", "rules-cache.json");
+    DEFAULT_API_URL = "https://api.node9.ai/api/v1/policy";
+    DEFAULT_INTERVAL_HOURS = 5;
+    MIN_INTERVAL_HOURS = 1;
+  }
+});
+
+// src/daemon/server.ts
+import http from "http";
+import fs18 from "fs";
+import path21 from "path";
 import { randomUUID as randomUUID4 } from "crypto";
 import { spawnSync as spawnSync2 } from "child_process";
 import chalk2 from "chalk";
 function startDaemon() {
   startCostSync();
+  startCloudSync();
   loadInsightCounts();
   const csrfToken = randomUUID4();
   const internalToken = randomUUID4();
@@ -6267,7 +6473,7 @@ function startDaemon() {
     idleTimer = setTimeout(() => {
       if (autoStarted) {
         try {
-          fs17.unlinkSync(DAEMON_PID_FILE);
+          fs18.unlinkSync(DAEMON_PID_FILE);
         } catch {
         }
       }
@@ -6430,7 +6636,7 @@ data: ${JSON.stringify(item.data)}
             status: "pending"
           });
         }
-        const projectCwd = typeof cwd === "string" && path20.isAbsolute(cwd) ? cwd : void 0;
+        const projectCwd = typeof cwd === "string" && path21.isAbsolute(cwd) ? cwd : void 0;
         const projectConfig = getConfig(projectCwd);
         const browserEnabled = projectConfig.settings.approvers?.browser !== false;
         const terminalEnabled = projectConfig.settings.approvers?.terminal !== false;
@@ -6557,7 +6763,8 @@ data: ${JSON.stringify(item.data)}
         );
         if (decision === "trust" && trustDuration) {
           const ms = TRUST_DURATIONS[trustDuration] ?? 60 * 6e4;
-          writeTrustEntry(entry.toolName, ms);
+          const commandPattern = extractCommandPattern(entry.toolName, entry.args);
+          writeTrustEntry(entry.toolName, ms, commandPattern);
           appendAuditLog({
             toolName: entry.toolName,
             args: entry.args,
@@ -6820,8 +7027,8 @@ data: ${JSON.stringify(item.data)}
         const body = await readBody(req);
         const data = body ? JSON.parse(body) : {};
         const configPath = data.configPath ?? GLOBAL_CONFIG_PATH;
-        const node9Dir = path20.dirname(GLOBAL_CONFIG_PATH);
-        if (!path20.resolve(configPath).startsWith(node9Dir + path20.sep)) {
+        const node9Dir = path21.dirname(GLOBAL_CONFIG_PATH);
+        if (!path21.resolve(configPath).startsWith(node9Dir + path21.sep)) {
           res.writeHead(400, { "Content-Type": "application/json" });
           return res.end(
             JSON.stringify({ error: "configPath must be within the node9 config directory" })
@@ -6932,14 +7139,14 @@ data: ${JSON.stringify(item.data)}
   server.on("error", (e) => {
     if (e.code === "EADDRINUSE") {
       try {
-        if (fs17.existsSync(DAEMON_PID_FILE)) {
-          const { pid } = JSON.parse(fs17.readFileSync(DAEMON_PID_FILE, "utf-8"));
+        if (fs18.existsSync(DAEMON_PID_FILE)) {
+          const { pid } = JSON.parse(fs18.readFileSync(DAEMON_PID_FILE, "utf-8"));
           process.kill(pid, 0);
           return process.exit(0);
         }
       } catch {
         try {
-          fs17.unlinkSync(DAEMON_PID_FILE);
+          fs18.unlinkSync(DAEMON_PID_FILE);
         } catch {
         }
         server.listen(DAEMON_PORT, DAEMON_HOST);
@@ -7005,59 +7212,331 @@ var init_server = __esm({
     init_shields();
     init_ui2();
     init_state2();
+    init_state();
     init_patch();
     init_config_schema();
     init_costSync();
+    init_sync();
+  }
+});
+
+// src/daemon/service.ts
+import fs19 from "fs";
+import path22 from "path";
+import os16 from "os";
+import { spawnSync as spawnSync3, execFileSync } from "child_process";
+function resolveNode9Binary() {
+  try {
+    const script = process.argv[1];
+    if (typeof script === "string" && path22.isAbsolute(script) && fs19.existsSync(script)) {
+      return fs19.realpathSync(script);
+    }
+  } catch {
+  }
+  try {
+    const cmd = process.platform === "win32" ? "where" : "which";
+    const r = spawnSync3(cmd, ["node9"], { encoding: "utf8", timeout: 3e3 });
+    if (r.status === 0 && r.stdout.trim()) {
+      return r.stdout.trim().split("\n")[0].trim();
+    }
+  } catch {
+  }
+  return null;
+}
+function xmlEscape(s) {
+  return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+function launchdPlist(binaryPath) {
+  const logDir = path22.join(os16.homedir(), ".node9");
+  const nodePath = xmlEscape(process.execPath);
+  const scriptPath = xmlEscape(binaryPath);
+  const outLog = xmlEscape(path22.join(logDir, "daemon.log"));
+  const errLog = xmlEscape(path22.join(logDir, "daemon-error.log"));
+  return `<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>Label</key>
+    <string>${LAUNCHD_LABEL}</string>
+    <key>ProgramArguments</key>
+    <array>
+        <string>${nodePath}</string>
+        <string>${scriptPath}</string>
+        <string>daemon</string>
+    </array>
+    <key>RunAtLoad</key>
+    <true/>
+    <key>KeepAlive</key>
+    <true/>
+    <key>ThrottleInterval</key>
+    <integer>10</integer>
+    <key>StandardOutPath</key>
+    <string>${outLog}</string>
+    <key>StandardErrorPath</key>
+    <string>${errLog}</string>
+    <key>EnvironmentVariables</key>
+    <dict>
+        <key>NODE9_AUTO_STARTED</key>
+        <string>1</string>
+        <key>NODE9_BROWSER_OPENED</key>
+        <string>1</string>
+    </dict>
+</dict>
+</plist>
+`;
+}
+function installLaunchd(binaryPath) {
+  const dir = path22.dirname(LAUNCHD_PLIST);
+  if (!fs19.existsSync(dir)) fs19.mkdirSync(dir, { recursive: true });
+  fs19.writeFileSync(LAUNCHD_PLIST, launchdPlist(binaryPath), "utf-8");
+  spawnSync3("launchctl", ["unload", LAUNCHD_PLIST], { encoding: "utf8" });
+  const r = spawnSync3("launchctl", ["load", "-w", LAUNCHD_PLIST], {
+    encoding: "utf8",
+    timeout: 5e3
+  });
+  if (r.status !== 0) {
+    throw new Error(`launchctl load failed: ${r.stderr || r.stdout || "unknown error"}`);
+  }
+}
+function uninstallLaunchd() {
+  if (fs19.existsSync(LAUNCHD_PLIST)) {
+    spawnSync3("launchctl", ["unload", "-w", LAUNCHD_PLIST], { encoding: "utf8", timeout: 5e3 });
+    fs19.unlinkSync(LAUNCHD_PLIST);
+  }
+}
+function isLaunchdInstalled() {
+  return fs19.existsSync(LAUNCHD_PLIST);
+}
+function systemdUnit(binaryPath) {
+  return `[Unit]
+Description=node9 approval daemon
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=${process.execPath} ${binaryPath} daemon
+Restart=on-failure
+RestartSec=10s
+Environment=NODE9_AUTO_STARTED=1
+Environment=NODE9_BROWSER_OPENED=1
+
+[Install]
+WantedBy=default.target
+`;
+}
+function installSystemd(binaryPath) {
+  if (!fs19.existsSync(SYSTEMD_UNIT_DIR)) {
+    fs19.mkdirSync(SYSTEMD_UNIT_DIR, { recursive: true });
+  }
+  fs19.writeFileSync(SYSTEMD_UNIT, systemdUnit(binaryPath), "utf-8");
+  try {
+    execFileSync("loginctl", ["enable-linger", os16.userInfo().username], { timeout: 3e3 });
+  } catch {
+  }
+  const reload = spawnSync3("systemctl", ["--user", "daemon-reload"], {
+    encoding: "utf8",
+    timeout: 5e3
+  });
+  if (reload.status !== 0) {
+    throw new Error(`systemctl daemon-reload failed: ${reload.stderr}`);
+  }
+  spawnSync3("systemctl", ["--user", "stop", "node9-daemon"], { encoding: "utf8", timeout: 3e3 });
+  const enable = spawnSync3("systemctl", ["--user", "enable", "--now", "node9-daemon"], {
+    encoding: "utf8",
+    timeout: 5e3
+  });
+  if (enable.status !== 0) {
+    throw new Error(`systemctl enable failed: ${enable.stderr}`);
+  }
+}
+function uninstallSystemd() {
+  if (fs19.existsSync(SYSTEMD_UNIT)) {
+    spawnSync3("systemctl", ["--user", "disable", "--now", "node9-daemon"], {
+      encoding: "utf8",
+      timeout: 5e3
+    });
+    spawnSync3("systemctl", ["--user", "daemon-reload"], { encoding: "utf8", timeout: 5e3 });
+    fs19.unlinkSync(SYSTEMD_UNIT);
+  }
+}
+function isSystemdInstalled() {
+  return fs19.existsSync(SYSTEMD_UNIT);
+}
+function stopRunningDaemon() {
+  const pidFile = path22.join(os16.homedir(), ".node9", "daemon.pid");
+  if (!fs19.existsSync(pidFile)) return;
+  try {
+    const data = JSON.parse(fs19.readFileSync(pidFile, "utf-8"));
+    const pid = data.pid;
+    const MAX_PID2 = 4194304;
+    if (typeof pid === "number" && Number.isInteger(pid) && pid > 0 && pid <= MAX_PID2) {
+      try {
+        process.kill(pid, "SIGTERM");
+        const deadline = Date.now() + 3e3;
+        const pollStop = spawnSync3(
+          "sh",
+          ["-c", `while kill -0 ${pid} 2>/dev/null; do sleep 0.1; done`],
+          {
+            timeout: 3100
+          }
+        );
+        void pollStop;
+        void deadline;
+      } catch {
+      }
+    }
+    try {
+      fs19.unlinkSync(pidFile);
+    } catch {
+    }
+  } catch {
+  }
+}
+function installDaemonService() {
+  const binary = resolveNode9Binary();
+  if (!binary) {
+    return { ok: false, reason: "Could not locate the node9 binary. Is it in your PATH?" };
+  }
+  stopRunningDaemon();
+  try {
+    if (process.platform === "darwin") {
+      const alreadyInstalled = isLaunchdInstalled();
+      installLaunchd(binary);
+      return { ok: true, platform: "launchd", alreadyInstalled };
+    }
+    if (process.platform === "linux") {
+      const check = spawnSync3("systemctl", ["--user", "--version"], {
+        encoding: "utf8",
+        timeout: 2e3
+      });
+      if (check.status !== 0) {
+        return {
+          ok: false,
+          reason: "systemd not available. Start the daemon manually with: node9 daemon start"
+        };
+      }
+      const alreadyInstalled = isSystemdInstalled();
+      installSystemd(binary);
+      return { ok: true, platform: "systemd", alreadyInstalled };
+    }
+    return {
+      ok: false,
+      reason: `Automatic service install is not supported on ${process.platform}. Start the daemon manually with: node9 daemon start`
+    };
+  } catch (err2) {
+    return {
+      ok: false,
+      reason: err2 instanceof Error ? err2.message : String(err2)
+    };
+  }
+}
+function uninstallDaemonService() {
+  try {
+    if (process.platform === "darwin") {
+      uninstallLaunchd();
+      return { ok: true, platform: "launchd", alreadyInstalled: false };
+    }
+    if (process.platform === "linux") {
+      uninstallSystemd();
+      return { ok: true, platform: "systemd", alreadyInstalled: false };
+    }
+    return {
+      ok: false,
+      reason: `Service management not supported on ${process.platform}.`
+    };
+  } catch (err2) {
+    return {
+      ok: false,
+      reason: err2 instanceof Error ? err2.message : String(err2)
+    };
+  }
+}
+function isDaemonServiceInstalled() {
+  if (process.platform === "darwin") return isLaunchdInstalled();
+  if (process.platform === "linux") return isSystemdInstalled();
+  return false;
+}
+var LAUNCHD_LABEL, LAUNCHD_PLIST, SYSTEMD_UNIT_DIR, SYSTEMD_UNIT;
+var init_service = __esm({
+  "src/daemon/service.ts"() {
+    "use strict";
+    LAUNCHD_LABEL = "ai.node9.daemon";
+    LAUNCHD_PLIST = path22.join(os16.homedir(), "Library", "LaunchAgents", `${LAUNCHD_LABEL}.plist`);
+    SYSTEMD_UNIT_DIR = path22.join(os16.homedir(), ".config", "systemd", "user");
+    SYSTEMD_UNIT = path22.join(SYSTEMD_UNIT_DIR, "node9-daemon.service");
   }
 });
 
 // src/daemon/index.ts
-import fs18 from "fs";
+import fs20 from "fs";
 import chalk3 from "chalk";
-import { spawnSync as spawnSync3 } from "child_process";
+import { spawnSync as spawnSync4 } from "child_process";
 function stopDaemon() {
-  if (!fs18.existsSync(DAEMON_PID_FILE)) return console.log(chalk3.yellow("Not running."));
+  if (!fs20.existsSync(DAEMON_PID_FILE)) return console.log(chalk3.yellow("Not running."));
   try {
-    const { pid } = JSON.parse(fs18.readFileSync(DAEMON_PID_FILE, "utf-8"));
+    const data = JSON.parse(fs20.readFileSync(DAEMON_PID_FILE, "utf-8"));
+    const pid = data.pid;
+    if (typeof pid !== "number" || !Number.isInteger(pid) || pid <= 0 || pid > MAX_PID) {
+      console.log(chalk3.gray("Cleaned up invalid PID file."));
+      return;
+    }
     process.kill(pid, "SIGTERM");
     console.log(chalk3.green("\u2705 Stopped."));
   } catch {
     console.log(chalk3.gray("Cleaned up stale PID file."));
   } finally {
     try {
-      fs18.unlinkSync(DAEMON_PID_FILE);
+      fs20.unlinkSync(DAEMON_PID_FILE);
     } catch {
     }
   }
 }
 function daemonStatus() {
-  if (fs18.existsSync(DAEMON_PID_FILE)) {
+  const serviceInstalled = isDaemonServiceInstalled();
+  const serviceLabel = serviceInstalled ? chalk3.green("installed (starts on login)") : chalk3.yellow("not installed \u2014 run: node9 daemon install");
+  let processStatus;
+  if (fs20.existsSync(DAEMON_PID_FILE)) {
     try {
-      const { pid } = JSON.parse(fs18.readFileSync(DAEMON_PID_FILE, "utf-8"));
-      process.kill(pid, 0);
-      console.log(chalk3.green("Node9 daemon: running"));
-      return;
+      const data = JSON.parse(fs20.readFileSync(DAEMON_PID_FILE, "utf-8"));
+      const pid = data.pid;
+      const port = data.port;
+      if (typeof pid !== "number" || !Number.isInteger(pid) || pid <= 0 || pid > MAX_PID) {
+        processStatus = chalk3.yellow("not running (invalid PID file)");
+      } else {
+        process.kill(pid, 0);
+        processStatus = chalk3.green(
+          `running  (PID ${pid}, port ${typeof port === "number" ? port : DAEMON_PORT})`
+        );
+      }
     } catch {
-      console.log(chalk3.yellow("Node9 daemon: not running (stale PID)"));
-      return;
+      processStatus = chalk3.yellow("not running (stale PID file)");
     }
-  }
-  const r = spawnSync3("ss", ["-Htnp", `sport = :${DAEMON_PORT}`], {
-    encoding: "utf8",
-    timeout: 500
-  });
-  if (r.status === 0 && (r.stdout ?? "").includes(`:${DAEMON_PORT}`)) {
-    console.log(chalk3.yellow("Node9 daemon: running (no PID file \u2014 orphaned)"));
   } else {
-    console.log(chalk3.yellow("Node9 daemon: not running"));
+    const r = spawnSync4("ss", ["-Htnp", `sport = :${DAEMON_PORT}`], {
+      encoding: "utf8",
+      timeout: 500
+    });
+    if (r.status === 0 && (r.stdout ?? "").includes(`:${DAEMON_PORT}`)) {
+      processStatus = chalk3.yellow(`running (orphaned \u2014 no PID file)`);
+    } else {
+      processStatus = chalk3.yellow("not running");
+    }
   }
+  console.log(`
+  Process : ${processStatus}`);
+  console.log(`  Service : ${serviceLabel}
+`);
 }
+var MAX_PID;
 var init_daemon2 = __esm({
   "src/daemon/index.ts"() {
     "use strict";
     init_server();
     init_state2();
+    init_service();
     init_state2();
+    init_service();
+    MAX_PID = 4194304;
   }
 });
 
@@ -7067,10 +7546,10 @@ __export(tail_exports, {
   startTail: () => startTail
 });
 import http2 from "http";
-import chalk19 from "chalk";
-import fs29 from "fs";
-import os25 from "os";
-import path32 from "path";
+import chalk24 from "chalk";
+import fs35 from "fs";
+import os31 from "os";
+import path38 from "path";
 import readline5 from "readline";
 import { spawn as spawn10, execSync as execSync3 } from "child_process";
 function getIcon(tool) {
@@ -7093,22 +7572,22 @@ function formatBase(activity) {
   const time = new Date(activity.ts).toLocaleTimeString([], { hour12: false });
   const icon = getIcon(activity.tool);
   const toolName = activity.tool.slice(0, 16).padEnd(16);
-  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ").replaceAll(os25.homedir(), "~");
+  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ").replaceAll(os31.homedir(), "~");
   const argsPreview = argsStr.length > 70 ? argsStr.slice(0, 70) + "\u2026" : argsStr;
-  return `${chalk19.gray(time)} ${icon} ${chalk19.white.bold(toolName)} ${chalk19.dim(argsPreview)}`;
+  return `${chalk24.gray(time)} ${icon} ${chalk24.white.bold(toolName)} ${chalk24.dim(argsPreview)}`;
 }
 function renderResult(activity, result) {
   const base = formatBase(activity);
   let status;
   if (result.status === "allow") {
-    status = chalk19.green("\u2713 ALLOW");
+    status = chalk24.green("\u2713 ALLOW");
   } else if (result.status === "dlp") {
-    status = chalk19.bgRed.white.bold(" \u{1F6E1}\uFE0F  DLP ");
+    status = chalk24.bgRed.white.bold(" \u{1F6E1}\uFE0F  DLP ");
   } else {
-    status = chalk19.red("\u2717 BLOCK");
+    status = chalk24.red("\u2717 BLOCK");
   }
   const cost = result.costEstimate ?? activity.costEstimate;
-  const costSuffix = cost == null ? "" : chalk19.dim(`  ~$${cost >= 1e-3 ? cost.toFixed(3) : "0.000"}`);
+  const costSuffix = cost == null ? "" : chalk24.dim(`  ~$${cost >= 1e-3 ? cost.toFixed(3) : "0.000"}`);
   if (process.stdout.isTTY) {
     if (pendingShownForId === activity.id && pendingWrappedLines > 1) {
       readline5.moveCursor(process.stdout, 0, -(pendingWrappedLines - 1));
@@ -7125,19 +7604,19 @@ function renderResult(activity, result) {
 }
 function renderPending(activity) {
   if (!process.stdout.isTTY) return;
-  const line = `${formatBase(activity)}  ${chalk19.yellow("\u25CF \u2026")}`;
+  const line = `${formatBase(activity)}  ${chalk24.yellow("\u25CF \u2026")}`;
   pendingShownForId = activity.id;
   pendingWrappedLines = wrappedLineCount(line);
   process.stdout.write(`${line}\r`);
 }
 async function ensureDaemon() {
   let pidPort = null;
-  if (fs29.existsSync(PID_FILE)) {
+  if (fs35.existsSync(PID_FILE)) {
     try {
-      const { port } = JSON.parse(fs29.readFileSync(PID_FILE, "utf-8"));
+      const { port } = JSON.parse(fs35.readFileSync(PID_FILE, "utf-8"));
       pidPort = port;
     } catch {
-      console.error(chalk19.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
+      console.error(chalk24.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
     }
   }
   const checkPort = pidPort ?? DAEMON_PORT;
@@ -7148,7 +7627,7 @@ async function ensureDaemon() {
     if (res.ok) return checkPort;
   } catch {
   }
-  console.log(chalk19.dim("\u{1F6E1}\uFE0F  Starting Node9 daemon..."));
+  console.log(chalk24.dim("\u{1F6E1}\uFE0F  Starting Node9 daemon..."));
   const child = spawn10(process.execPath, [process.argv[1], "daemon"], {
     detached: true,
     stdio: "ignore",
@@ -7165,7 +7644,7 @@ async function ensureDaemon() {
     } catch {
     }
   }
-  console.error(chalk19.red("\u274C Daemon failed to start. Try: node9 daemon start"));
+  console.error(chalk24.red("\u274C Daemon failed to start. Try: node9 daemon start"));
   process.exit(1);
 }
 function postDecisionHttp(id, decision, csrfToken, port, opts) {
@@ -7197,27 +7676,56 @@ function postDecisionHttp(id, decision, csrfToken, port, opts) {
     req.end(body);
   });
 }
+function extractArgsSummary(toolName, args) {
+  const a = args;
+  if (!a) return "";
+  const cmd = a["command"] ?? a["cmd"];
+  if (typeof cmd === "string") return cmd.replace(/\s+/g, " ").trim();
+  const fp = a["file_path"] ?? a["path"] ?? a["filepath"];
+  if (typeof fp === "string") return fp;
+  const q = a["query"] ?? a["sql"];
+  if (typeof q === "string") return q.replace(/\s+/g, " ").trim();
+  const s = JSON.stringify(a).replace(/\s+/g, " ");
+  return s.length > 80 ? s.slice(0, 80) + "\u2026" : s;
+}
+function cleanReason(raw) {
+  return raw.replace(/\s*[—–-]+\s*(blocked by|requires human approval)[^)]*(\([^)]*\))?\.?\s*$/i, "").trim();
+}
+function cleanBlockedBy(raw) {
+  const shieldMatch = raw.match(/shield:([^:]+):/i);
+  if (shieldMatch) return shieldMatch[1];
+  const smartMatch = raw.match(/^Smart Rule:\s*(.+)$/i);
+  if (smartMatch) return smartMatch[1];
+  return raw;
+}
 function buildCardLines(req, localCount = 0) {
   if (req.recoveryCommand) {
     return buildRecoveryCardLines(req);
   }
-  const argsStr = JSON.stringify(req.args ?? {}).replace(/\s+/g, " ");
-  const argsPreview = argsStr.length > 60 ? argsStr.slice(0, 60) + "\u2026" : argsStr;
-  const tierLabel = req.riskMetadata?.tier != null ? req.riskMetadata.tier <= 2 ? `${YELLOW}\u26A0  Tier ${req.riskMetadata.tier}` : `${RED}\u{1F6D1} Tier ${req.riskMetadata.tier}` : `${YELLOW}\u26A0  Review`;
-  const blockedBy = req.riskMetadata?.blockedByLabel ?? "Policy rule";
+  const argsSummary = extractArgsSummary(req.toolName, req.args);
+  const argsPreview = argsSummary.length > 72 ? argsSummary.slice(0, 72) + "\u2026" : argsSummary;
+  const rawBlockedBy = req.riskMetadata?.blockedByLabel ?? "Policy rule";
+  const blockedBy = cleanBlockedBy(rawBlockedBy);
+  const isBlock = req.riskMetadata?.tier != null && req.riskMetadata.tier <= 2;
+  const severityIcon = isBlock ? `${RED}\u{1F6D1}` : `${YELLOW}\u26A0 `;
+  const rawDesc = req.riskMetadata?.ruleDescription ?? "";
+  const description = rawDesc ? cleanReason(rawDesc) : "";
   const lines = [
     ``,
     `${BOLD2}${CYAN}\u2554\u2550\u2550 Node9 Approval Required \u2550\u2550\u2557${RESET2}`,
     `${CYAN}\u2551${RESET2} Tool:    ${BOLD2}${req.toolName}${RESET2}`,
-    `${CYAN}\u2551${RESET2} Reason:  ${tierLabel} \u2014 ${blockedBy}${RESET2}`
+    `${CYAN}\u2551${RESET2} Policy:  ${severityIcon} ${blockedBy}${RESET2}`
   ];
-  if (req.riskMetadata?.ruleDescription) {
-    lines.push(`${CYAN}\u2551${RESET2} ${YELLOW}\u2139  ${req.riskMetadata.ruleDescription}${RESET2}`);
+  if (description) {
+    lines.push(`${CYAN}\u2551${RESET2} Why:     ${YELLOW}${description}${RESET2}`);
   }
-  if (req.riskMetadata?.ruleName && blockedBy.includes("Taint")) {
+  if (req.riskMetadata?.ruleName && rawBlockedBy.includes("Taint")) {
     lines.push(`${CYAN}\u2551${RESET2} ${YELLOW}\u26A0  ${req.riskMetadata.ruleName}${RESET2}`);
   }
-  lines.push(`${CYAN}\u2551${RESET2} Args:    ${GRAY}${argsPreview}${RESET2}`);
+  if (argsPreview) {
+    const argLabel = req.toolName.toLowerCase().includes("bash") ? "Command" : "Args   ";
+    lines.push(`${CYAN}\u2551${RESET2} ${argLabel}:  ${GRAY}${argsPreview}${RESET2}`);
+  }
   if (localCount >= 2) {
     lines.push(
       `${CYAN}\u2551${RESET2} ${YELLOW}\u{1F4A1}${RESET2} Approved ${localCount}\xD7 before \u2014 ${BOLD2}[a]${RESET2}${YELLOW} creates a permanent rule${RESET2}`
@@ -7257,9 +7765,9 @@ function buildRecoveryCardLines(req) {
   ];
 }
 function readApproversFromDisk() {
-  const configPath = path32.join(os25.homedir(), ".node9", "config.json");
+  const configPath = path38.join(os31.homedir(), ".node9", "config.json");
   try {
-    const raw = JSON.parse(fs29.readFileSync(configPath, "utf-8"));
+    const raw = JSON.parse(fs35.readFileSync(configPath, "utf-8"));
     const settings = raw.settings ?? {};
     return settings.approvers ?? {};
   } catch {
@@ -7270,20 +7778,20 @@ function approverStatusLine() {
   const a = readApproversFromDisk();
   const fmt = (label, key) => {
     const on = a[key] !== false;
-    return `[${key[0]}]${label.slice(1)} ${on ? chalk19.green("\u2713") : chalk19.dim("\u2717")}`;
+    return `[${key[0]}]${label.slice(1)} ${on ? chalk24.green("\u2713") : chalk24.dim("\u2717")}`;
   };
   return `${fmt("native", "native")}  ${fmt("browser", "browser")}  ${fmt("cloud", "cloud")}  ${fmt("terminal", "terminal")}`;
 }
 function toggleApprover(channel) {
-  const configPath = path32.join(os25.homedir(), ".node9", "config.json");
+  const configPath = path38.join(os31.homedir(), ".node9", "config.json");
   try {
-    const raw = JSON.parse(fs29.readFileSync(configPath, "utf-8"));
+    const raw = JSON.parse(fs35.readFileSync(configPath, "utf-8"));
     const settings = raw.settings ?? {};
     const approvers = settings.approvers ?? {};
     approvers[channel] = approvers[channel] === false;
     settings.approvers = approvers;
     raw.settings = settings;
-    fs29.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
+    fs35.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
   } catch (err2) {
     process.stderr.write(`[node9] toggleApprover failed: ${String(err2)}
 `);
@@ -7315,7 +7823,7 @@ async function startTail(options = {}) {
       req2.end();
     });
     if (result.ok) {
-      console.log(chalk19.green("\u2713 Flight Recorder buffer cleared."));
+      console.log(chalk24.green("\u2713 Flight Recorder buffer cleared."));
     } else if (result.code === "ECONNREFUSED") {
       throw new Error("Daemon is not running. Start it with: node9 daemon start");
     } else if (result.code === "ETIMEDOUT") {
@@ -7359,7 +7867,7 @@ async function startTail(options = {}) {
       const channel = name === "n" ? "native" : name === "b" ? "browser" : name === "c" ? "cloud" : name === "t" ? "terminal" : null;
       if (channel) {
         toggleApprover(channel);
-        console.log(chalk19.dim(`  Approvers: ${approverStatusLine()}`));
+        console.log(chalk24.dim(`  Approvers: ${approverStatusLine()}`));
       }
     };
     process.stdin.on("keypress", idleKeypressHandler);
@@ -7425,7 +7933,7 @@ async function startTail(options = {}) {
           localAllowCounts.get(req2.toolName) ?? 0
         )
       );
-      const decisionStamp = action === "always-allow" ? chalk19.yellow("\u2605 ALWAYS ALLOW") : action === "trust" ? chalk19.cyan("\u23F1 TRUST 30m") : action === "allow" ? chalk19.green("\u2713 ALLOWED") : action === "redirect" ? chalk19.yellow("\u21A9 REDIRECT AI") : chalk19.red("\u2717 DENIED");
+      const decisionStamp = action === "always-allow" ? chalk24.yellow("\u2605 ALWAYS ALLOW") : action === "trust" ? chalk24.cyan("\u23F1 TRUST 30m") : action === "allow" ? chalk24.green("\u2713 ALLOWED") : action === "redirect" ? chalk24.yellow("\u21A9 REDIRECT AI") : chalk24.red("\u2717 DENIED");
       stampedLines.push(`  ${BOLD2}\u2192${RESET2} ${decisionStamp} ${GRAY}(terminal)${RESET2}`, ``);
       for (const line of stampedLines) process.stdout.write(line + "\n");
       process.stdout.write(SHOW_CURSOR);
@@ -7453,8 +7961,8 @@ async function startTail(options = {}) {
       }
       postDecisionHttp(req2.id, httpDecision, csrfToken, port, httpOpts).catch((err2) => {
         try {
-          fs29.appendFileSync(
-            path32.join(os25.homedir(), ".node9", "hook-debug.log"),
+          fs35.appendFileSync(
+            path38.join(os31.homedir(), ".node9", "hook-debug.log"),
             `[tail] POST /decision failed: ${String(err2)}
 `
           );
@@ -7476,7 +7984,7 @@ async function startTail(options = {}) {
       );
       const stampedLines = buildCardLines(req2, priorCount);
       if (externalDecision) {
-        const source = externalDecision === "allow" ? chalk19.green("\u2713 ALLOWED") : chalk19.red("\u2717 DENIED");
+        const source = externalDecision === "allow" ? chalk24.green("\u2713 ALLOWED") : chalk24.red("\u2717 DENIED");
         stampedLines.push(`  ${BOLD2}\u2192${RESET2} ${source} ${GRAY}(external)${RESET2}`, ``);
       }
       for (const line of stampedLines) process.stdout.write(line + "\n");
@@ -7535,16 +8043,16 @@ async function startTail(options = {}) {
     }
   } catch {
   }
-  console.log(chalk19.cyan.bold(`
-\u{1F6F0}\uFE0F  Node9 tail  `) + chalk19.dim(`\u2192 ${dashboardUrl}`));
+  console.log(chalk24.cyan.bold(`
+\u{1F6F0}\uFE0F  Node9 tail  `) + chalk24.dim(`\u2192 ${dashboardUrl}`));
   if (canApprove) {
-    console.log(chalk19.dim("Card: [\u21B5/y] Allow  [n] Deny  [a] Always  [t] Trust 30m"));
-    console.log(chalk19.dim(`Approvers (toggle): ${approverStatusLine()}  [q] quit`));
+    console.log(chalk24.dim("Card: [\u21B5/y] Allow  [n] Deny  [a] Always  [t] Trust 30m"));
+    console.log(chalk24.dim(`Approvers (toggle): ${approverStatusLine()}  [q] quit`));
   }
   if (options.history) {
-    console.log(chalk19.dim("Showing history + live events.\n"));
+    console.log(chalk24.dim("Showing history + live events.\n"));
   } else {
-    console.log(chalk19.dim("Showing live events only. Use --history to include past.\n"));
+    console.log(chalk24.dim("Showing live events only. Use --history to include past.\n"));
   }
   process.on("SIGINT", () => {
     exitIdleMode();
@@ -7554,13 +8062,13 @@ async function startTail(options = {}) {
       readline5.clearLine(process.stdout, 0);
       readline5.cursorTo(process.stdout, 0);
     }
-    console.log(chalk19.dim("\n\u{1F6F0}\uFE0F  Disconnected."));
+    console.log(chalk24.dim("\n\u{1F6F0}\uFE0F  Disconnected."));
     process.exit(0);
   });
   const sseUrl = `http://127.0.0.1:${port}/events?capabilities=input`;
   const req = http2.get(sseUrl, (res) => {
     if (res.statusCode !== 200) {
-      console.error(chalk19.red(`Failed to connect: HTTP ${res.statusCode}`));
+      console.error(chalk24.red(`Failed to connect: HTTP ${res.statusCode}`));
       process.exit(1);
     }
     if (canApprove) enterIdleMode();
@@ -7591,7 +8099,7 @@ async function startTail(options = {}) {
         readline5.clearLine(process.stdout, 0);
         readline5.cursorTo(process.stdout, 0);
       }
-      console.log(chalk19.red("\n\u274C Daemon disconnected."));
+      console.log(chalk24.red("\n\u274C Daemon disconnected."));
       process.exit(1);
     });
   });
@@ -7683,9 +8191,9 @@ async function startTail(options = {}) {
       const hash = data.hash ?? "";
       const summary = data.argsSummary ?? data.tool;
       const fileCount = data.fileCount ?? 0;
-      const files = fileCount > 0 ? chalk19.dim(` \xB7 ${fileCount} file${fileCount === 1 ? "" : "s"}`) : "";
+      const files = fileCount > 0 ? chalk24.dim(` \xB7 ${fileCount} file${fileCount === 1 ? "" : "s"}`) : "";
       process.stdout.write(
-        `${chalk19.dim(time)}  ${chalk19.cyan("\u{1F4F8} snapshot")}  ${chalk19.dim(hash)}  ${summary}${files}
+        `${chalk24.dim(time)}  ${chalk24.cyan("\u{1F4F8} snapshot")}  ${chalk24.dim(hash)}  ${summary}${files}
 `
       );
       return;
@@ -7702,7 +8210,7 @@ async function startTail(options = {}) {
   }
   req.on("error", (err2) => {
     const msg = err2.code === "ECONNREFUSED" ? "Daemon is not running. Start it with: node9 daemon start" : err2.message;
-    console.error(chalk19.red(`
+    console.error(chalk24.red(`
 \u274C ${msg}`));
     process.exit(1);
   });
@@ -7714,7 +8222,7 @@ var init_tail = __esm({
     init_daemon2();
     init_daemon();
     init_core();
-    PID_FILE = path32.join(os25.homedir(), ".node9", "daemon.pid");
+    PID_FILE = path38.join(os31.homedir(), ".node9", "daemon.pid");
     ICONS = {
       bash: "\u{1F4BB}",
       shell: "\u{1F4BB}",
@@ -7755,9 +8263,9 @@ __export(hud_exports, {
   main: () => main,
   renderEnvironmentLine: () => renderEnvironmentLine
 });
-import fs30 from "fs";
-import path33 from "path";
-import os26 from "os";
+import fs36 from "fs";
+import path39 from "path";
+import os32 from "os";
 import http3 from "http";
 async function readStdin() {
   const chunks = [];
@@ -7833,9 +8341,9 @@ function formatTimeLeft(resetsAt) {
   return ` (${m}m left)`;
 }
 function safeReadJson(filePath) {
-  if (!fs30.existsSync(filePath)) return null;
+  if (!fs36.existsSync(filePath)) return null;
   try {
-    return JSON.parse(fs30.readFileSync(filePath, "utf-8"));
+    return JSON.parse(fs36.readFileSync(filePath, "utf-8"));
   } catch {
     return null;
   }
@@ -7856,12 +8364,12 @@ function countHooksInFile(filePath) {
   return Object.keys(cfg.hooks).length;
 }
 function countRulesInDir(rulesDir) {
-  if (!fs30.existsSync(rulesDir)) return 0;
+  if (!fs36.existsSync(rulesDir)) return 0;
   let count = 0;
   try {
-    for (const entry of fs30.readdirSync(rulesDir, { withFileTypes: true })) {
+    for (const entry of fs36.readdirSync(rulesDir, { withFileTypes: true })) {
       if (entry.isDirectory()) {
-        count += countRulesInDir(path33.join(rulesDir, entry.name));
+        count += countRulesInDir(path39.join(rulesDir, entry.name));
       } else if (entry.isFile() && entry.name.endsWith(".md")) {
         count++;
       }
@@ -7872,46 +8380,46 @@ function countRulesInDir(rulesDir) {
 }
 function isSamePath(a, b) {
   try {
-    return path33.resolve(a) === path33.resolve(b);
+    return path39.resolve(a) === path39.resolve(b);
   } catch {
     return false;
   }
 }
 function countConfigs(cwd) {
-  const homeDir2 = os26.homedir();
-  const claudeDir = path33.join(homeDir2, ".claude");
+  const homeDir2 = os32.homedir();
+  const claudeDir = path39.join(homeDir2, ".claude");
   let claudeMdCount = 0;
   let rulesCount = 0;
   let hooksCount = 0;
   const userMcpServers = /* @__PURE__ */ new Set();
   const projectMcpServers = /* @__PURE__ */ new Set();
-  if (fs30.existsSync(path33.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
-  rulesCount += countRulesInDir(path33.join(claudeDir, "rules"));
-  const userSettings = path33.join(claudeDir, "settings.json");
+  if (fs36.existsSync(path39.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
+  rulesCount += countRulesInDir(path39.join(claudeDir, "rules"));
+  const userSettings = path39.join(claudeDir, "settings.json");
   for (const name of getMcpServerNames(userSettings)) userMcpServers.add(name);
   hooksCount += countHooksInFile(userSettings);
-  const userClaudeJson = path33.join(homeDir2, ".claude.json");
+  const userClaudeJson = path39.join(homeDir2, ".claude.json");
   for (const name of getMcpServerNames(userClaudeJson)) userMcpServers.add(name);
   for (const name of getDisabledMcpServers(userClaudeJson, "disabledMcpServers")) {
     userMcpServers.delete(name);
   }
   if (cwd) {
-    if (fs30.existsSync(path33.join(cwd, "CLAUDE.md"))) claudeMdCount++;
-    if (fs30.existsSync(path33.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
-    const projectClaudeDir = path33.join(cwd, ".claude");
+    if (fs36.existsSync(path39.join(cwd, "CLAUDE.md"))) claudeMdCount++;
+    if (fs36.existsSync(path39.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
+    const projectClaudeDir = path39.join(cwd, ".claude");
     const overlapsUserScope = isSamePath(projectClaudeDir, claudeDir);
     if (!overlapsUserScope) {
-      if (fs30.existsSync(path33.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
-      rulesCount += countRulesInDir(path33.join(projectClaudeDir, "rules"));
-      const projSettings = path33.join(projectClaudeDir, "settings.json");
+      if (fs36.existsSync(path39.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
+      rulesCount += countRulesInDir(path39.join(projectClaudeDir, "rules"));
+      const projSettings = path39.join(projectClaudeDir, "settings.json");
       for (const name of getMcpServerNames(projSettings)) projectMcpServers.add(name);
       hooksCount += countHooksInFile(projSettings);
     }
-    if (fs30.existsSync(path33.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
-    const localSettings = path33.join(projectClaudeDir, "settings.local.json");
+    if (fs36.existsSync(path39.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
+    const localSettings = path39.join(projectClaudeDir, "settings.local.json");
     for (const name of getMcpServerNames(localSettings)) projectMcpServers.add(name);
     hooksCount += countHooksInFile(localSettings);
-    const mcpJsonServers = getMcpServerNames(path33.join(cwd, ".mcp.json"));
+    const mcpJsonServers = getMcpServerNames(path39.join(cwd, ".mcp.json"));
     const disabledMcpJson = getDisabledMcpServers(localSettings, "disabledMcpjsonServers");
     for (const name of disabledMcpJson) mcpJsonServers.delete(name);
     for (const name of mcpJsonServers) projectMcpServers.add(name);
@@ -7944,12 +8452,12 @@ function readActiveShieldsHud() {
     return shieldsCache.value;
   }
   try {
-    const shieldsPath = path33.join(os26.homedir(), ".node9", "shields.json");
-    if (!fs30.existsSync(shieldsPath)) {
+    const shieldsPath = path39.join(os32.homedir(), ".node9", "shields.json");
+    if (!fs36.existsSync(shieldsPath)) {
       shieldsCache = { value: [], ts: now };
       return [];
     }
-    const parsed = JSON.parse(fs30.readFileSync(shieldsPath, "utf-8"));
+    const parsed = JSON.parse(fs36.readFileSync(shieldsPath, "utf-8"));
     if (!Array.isArray(parsed.active)) {
       shieldsCache = { value: [], ts: now };
       return [];
@@ -8051,17 +8559,17 @@ function renderContextLine(stdin) {
 async function main() {
   try {
     const [stdin, daemonStatus2] = await Promise.all([readStdin(), queryDaemon()]);
-    if (fs30.existsSync(path33.join(os26.homedir(), ".node9", "hud-debug"))) {
+    if (fs36.existsSync(path39.join(os32.homedir(), ".node9", "hud-debug"))) {
       try {
-        const logPath = path33.join(os26.homedir(), ".node9", "hud-debug.log");
+        const logPath = path39.join(os32.homedir(), ".node9", "hud-debug.log");
         const MAX_LOG_SIZE = 10 * 1024 * 1024;
         let size = 0;
         try {
-          size = fs30.statSync(logPath).size;
+          size = fs36.statSync(logPath).size;
         } catch {
         }
         if (size < MAX_LOG_SIZE) {
-          fs30.appendFileSync(
+          fs36.appendFileSync(
             logPath,
             JSON.stringify({ ts: (/* @__PURE__ */ new Date()).toISOString(), stdin }) + "\n"
           );
@@ -8082,11 +8590,11 @@ async function main() {
       try {
         const cwd = stdin.cwd ?? process.cwd();
         for (const configPath of [
-          path33.join(cwd, "node9.config.json"),
-          path33.join(os26.homedir(), ".node9", "config.json")
+          path39.join(cwd, "node9.config.json"),
+          path39.join(os32.homedir(), ".node9", "config.json")
         ]) {
-          if (!fs30.existsSync(configPath)) continue;
-          const cfg = JSON.parse(fs30.readFileSync(configPath, "utf-8"));
+          if (!fs36.existsSync(configPath)) continue;
+          const cfg = JSON.parse(fs36.readFileSync(configPath, "utf-8"));
           const hud = cfg.settings?.hud;
           if (hud && "showEnvironmentCounts" in hud) return hud.showEnvironmentCounts !== false;
         }
@@ -8517,7 +9025,9 @@ function detectAgents(homeDir2 = os11.homedir()) {
     claude: exists(path15.join(homeDir2, ".claude")) || exists(path15.join(homeDir2, ".claude.json")),
     gemini: exists(path15.join(homeDir2, ".gemini")),
     cursor: exists(path15.join(homeDir2, ".cursor")),
-    codex: exists(path15.join(homeDir2, ".codex"))
+    codex: exists(path15.join(homeDir2, ".codex")),
+    windsurf: exists(path15.join(homeDir2, ".codeium", "windsurf")),
+    vscode: exists(path15.join(homeDir2, ".vscode"))
   };
 }
 async function setupCursor() {
@@ -8666,6 +9176,38 @@ async function setupCodex() {
     printDaemonTip();
   }
 }
+function teardownCodex() {
+  const homeDir2 = os11.homedir();
+  const configPath = path15.join(homeDir2, ".codex", "config.toml");
+  const config = readToml(configPath);
+  if (!config?.mcp_servers) {
+    console.log(chalk.blue("  \u2139\uFE0F  ~/.codex/config.toml not found \u2014 nothing to remove"));
+    return;
+  }
+  let changed = false;
+  if (removeNode9McpServer(config.mcp_servers)) {
+    changed = true;
+    console.log(chalk.green("  \u2705 Removed node9 MCP server entry from ~/.codex/config.toml"));
+  }
+  for (const [name, server] of Object.entries(config.mcp_servers)) {
+    const args = server.args;
+    if (server.command === "node9" && Array.isArray(args) && args[0] === "mcp" && args[1] === "--upstream" && typeof args[2] === "string") {
+      const [originalCmd, ...originalArgs] = args[2].split(" ");
+      config.mcp_servers[name] = {
+        ...server,
+        command: originalCmd,
+        args: originalArgs.length ? originalArgs : void 0
+      };
+      changed = true;
+    }
+  }
+  if (changed) {
+    writeToml(configPath, config);
+    console.log(chalk.green("  \u2705 Unwrapped MCP servers in ~/.codex/config.toml"));
+  } else {
+    console.log(chalk.blue("  \u2139\uFE0F  No Node9-wrapped MCP servers found in ~/.codex/config.toml"));
+  }
+}
 function setupHud() {
   const homeDir2 = os11.homedir();
   const hooksPath = path15.join(homeDir2, ".claude", "settings.json");
@@ -8712,31 +9254,303 @@ function teardownHud() {
   console.log(chalk.green("  \u2705 node9 HUD removed from ~/.claude/settings.json"));
   console.log(chalk.gray("   Restart Claude Code for changes to take effect."));
 }
-
-// src/cli.ts
-init_daemon2();
-import chalk20 from "chalk";
-import fs31 from "fs";
-import path34 from "path";
-import os27 from "os";
-import { confirm as confirm2 } from "@inquirer/prompts";
-
-// src/utils/duration.ts
-function parseDuration(str) {
-  const m = str.trim().match(/^(\d+(?:\.\d+)?)\s*(s|m|h|d)?$/i);
-  if (!m) return null;
-  const n = parseFloat(m[1]);
-  switch ((m[2] ?? "m").toLowerCase()) {
-    case "s":
-      return Math.round(n * 1e3);
-    case "m":
-      return Math.round(n * 6e4);
-    case "h":
-      return Math.round(n * 36e5);
-    case "d":
-      return Math.round(n * 864e5);
-    default:
-      return null;
+async function setupWindsurf() {
+  const homeDir2 = os11.homedir();
+  const mcpPath = path15.join(homeDir2, ".codeium", "windsurf", "mcp_config.json");
+  const mcpConfig = readJson(mcpPath) ?? {};
+  const servers = mcpConfig.mcpServers ?? {};
+  let anythingChanged = false;
+  if (!hasNode9McpServer(servers)) {
+    servers["node9"] = NODE9_MCP_SERVER_ENTRY;
+    mcpConfig.mcpServers = servers;
+    writeJson(mcpPath, mcpConfig);
+    console.log(chalk.green("  \u2705 node9 MCP server added   \u2192 node9 mcp-server"));
+    anythingChanged = true;
+  }
+  const serversToWrap = [];
+  for (const [name, server] of Object.entries(servers)) {
+    if (!server.command || server.command === "node9") continue;
+    serversToWrap.push({ name, upstream: [server.command, ...server.args ?? []].join(" ") });
+  }
+  if (serversToWrap.length > 0) {
+    console.log(chalk.bold("The following existing entries will be modified:\n"));
+    console.log(chalk.white(`  ${mcpPath}`));
+    for (const { name, upstream } of serversToWrap) {
+      console.log(chalk.gray(`    \u2022 ${name}: "${upstream}" \u2192 node9 mcp --upstream "${upstream}"`));
+    }
+    console.log("");
+    const proceed = await confirm({ message: "Wrap these MCP servers?", default: true });
+    if (proceed) {
+      for (const { name, upstream } of serversToWrap) {
+        servers[name] = {
+          ...servers[name],
+          command: "node9",
+          args: ["mcp", "--upstream", upstream]
+        };
+      }
+      mcpConfig.mcpServers = servers;
+      writeJson(mcpPath, mcpConfig);
+      console.log(chalk.green(`
+  \u2705 ${serversToWrap.length} MCP server(s) wrapped`));
+      anythingChanged = true;
+    } else {
+      console.log(chalk.yellow("  Skipped MCP server wrapping."));
+    }
+    console.log("");
+  }
+  console.log(
+    chalk.yellow(
+      "  \u26A0\uFE0F  Note: Windsurf does not yet support native pre-execution hooks.\n     MCP proxy wrapping is the only supported protection mode for Windsurf."
+    )
+  );
+  console.log("");
+  if (!anythingChanged && serversToWrap.length === 0) {
+    console.log(chalk.blue("\u2139\uFE0F  Node9 is already fully configured for Windsurf."));
+    printDaemonTip();
+    return;
+  }
+  if (anythingChanged) {
+    console.log(chalk.green.bold("\u{1F6E1}\uFE0F  Node9 is now protecting Windsurf via MCP proxy!"));
+    console.log(chalk.gray("    Restart Windsurf for changes to take effect."));
+    printDaemonTip();
+  }
+}
+function teardownWindsurf() {
+  const homeDir2 = os11.homedir();
+  const mcpPath = path15.join(homeDir2, ".codeium", "windsurf", "mcp_config.json");
+  const mcpConfig = readJson(mcpPath);
+  if (!mcpConfig?.mcpServers) {
+    console.log(
+      chalk.blue("  \u2139\uFE0F  ~/.codeium/windsurf/mcp_config.json not found \u2014 nothing to remove")
+    );
+    return;
+  }
+  let changed = false;
+  if (removeNode9McpServer(mcpConfig.mcpServers)) {
+    changed = true;
+    console.log(
+      chalk.green("  \u2705 Removed node9 MCP server entry from ~/.codeium/windsurf/mcp_config.json")
+    );
+  }
+  for (const [name, server] of Object.entries(mcpConfig.mcpServers)) {
+    const args = server.args;
+    if (server.command === "node9" && Array.isArray(args) && args[0] === "mcp" && args[1] === "--upstream" && typeof args[2] === "string") {
+      const [originalCmd, ...originalArgs] = args[2].split(" ");
+      mcpConfig.mcpServers[name] = {
+        ...server,
+        command: originalCmd,
+        args: originalArgs.length ? originalArgs : void 0
+      };
+      changed = true;
+    }
+  }
+  if (changed) {
+    writeJson(mcpPath, mcpConfig);
+    console.log(chalk.green("  \u2705 Unwrapped MCP servers in ~/.codeium/windsurf/mcp_config.json"));
+  } else {
+    console.log(
+      chalk.blue("  \u2139\uFE0F  No Node9-wrapped MCP servers found in ~/.codeium/windsurf/mcp_config.json")
+    );
+  }
+}
+function hasNode9McpServerVSCode(servers) {
+  const entry = servers["node9"];
+  return !!entry && entry.command === "node9" && Array.isArray(entry.args) && entry.args[0] === "mcp-server";
+}
+async function setupVSCode() {
+  const homeDir2 = os11.homedir();
+  const mcpPath = path15.join(homeDir2, ".vscode", "mcp.json");
+  const mcpConfig = readJson(mcpPath) ?? {};
+  const servers = mcpConfig.servers ?? {};
+  let anythingChanged = false;
+  if (!hasNode9McpServerVSCode(servers)) {
+    servers["node9"] = { type: "stdio", command: "node9", args: ["mcp-server"] };
+    mcpConfig.servers = servers;
+    writeJson(mcpPath, mcpConfig);
+    console.log(chalk.green("  \u2705 node9 MCP server added   \u2192 node9 mcp-server"));
+    anythingChanged = true;
+  }
+  const serversToWrap = [];
+  for (const [name, server] of Object.entries(servers)) {
+    if (!server.command || server.command === "node9") continue;
+    serversToWrap.push({ name, upstream: [server.command, ...server.args ?? []].join(" ") });
+  }
+  if (serversToWrap.length > 0) {
+    console.log(chalk.bold("The following existing entries will be modified:\n"));
+    console.log(chalk.white(`  ${mcpPath}`));
+    for (const { name, upstream } of serversToWrap) {
+      console.log(chalk.gray(`    \u2022 ${name}: "${upstream}" \u2192 node9 mcp --upstream "${upstream}"`));
+    }
+    console.log("");
+    const proceed = await confirm({ message: "Wrap these MCP servers?", default: true });
+    if (proceed) {
+      for (const { name, upstream } of serversToWrap) {
+        servers[name] = {
+          ...servers[name],
+          type: "stdio",
+          command: "node9",
+          args: ["mcp", "--upstream", upstream]
+        };
+      }
+      mcpConfig.servers = servers;
+      writeJson(mcpPath, mcpConfig);
+      console.log(chalk.green(`
+  \u2705 ${serversToWrap.length} MCP server(s) wrapped`));
+      anythingChanged = true;
+    } else {
+      console.log(chalk.yellow("  Skipped MCP server wrapping."));
+    }
+    console.log("");
+  }
+  console.log(
+    chalk.yellow(
+      "  \u26A0\uFE0F  Note: VSCode MCP support requires the GitHub Copilot extension (v1.99+).\n     Pre-execution hooks are not supported \u2014 MCP proxy wrapping only."
+    )
+  );
+  console.log("");
+  if (!anythingChanged && serversToWrap.length === 0) {
+    console.log(chalk.blue("\u2139\uFE0F  Node9 is already fully configured for VSCode."));
+    printDaemonTip();
+    return;
+  }
+  if (anythingChanged) {
+    console.log(chalk.green.bold("\u{1F6E1}\uFE0F  Node9 is now protecting VSCode via MCP proxy!"));
+    console.log(chalk.gray("    Restart VSCode for changes to take effect."));
+    printDaemonTip();
+  }
+}
+function teardownVSCode() {
+  const homeDir2 = os11.homedir();
+  const mcpPath = path15.join(homeDir2, ".vscode", "mcp.json");
+  const mcpConfig = readJson(mcpPath);
+  if (!mcpConfig?.servers) {
+    console.log(chalk.blue("  \u2139\uFE0F  ~/.vscode/mcp.json not found \u2014 nothing to remove"));
+    return;
+  }
+  let changed = false;
+  if (hasNode9McpServerVSCode(mcpConfig.servers)) {
+    delete mcpConfig.servers["node9"];
+    changed = true;
+    console.log(chalk.green("  \u2705 Removed node9 MCP server entry from ~/.vscode/mcp.json"));
+  }
+  for (const [name, server] of Object.entries(mcpConfig.servers)) {
+    const args = server.args;
+    if (server.command === "node9" && Array.isArray(args) && args[0] === "mcp" && args[1] === "--upstream" && typeof args[2] === "string") {
+      const [originalCmd, ...originalArgs] = args[2].split(" ");
+      mcpConfig.servers[name] = {
+        ...server,
+        type: "stdio",
+        command: originalCmd,
+        args: originalArgs.length ? originalArgs : void 0
+      };
+      changed = true;
+    }
+  }
+  if (changed) {
+    writeJson(mcpPath, mcpConfig);
+    console.log(chalk.green("  \u2705 Unwrapped MCP servers in ~/.vscode/mcp.json"));
+  } else {
+    console.log(chalk.blue("  \u2139\uFE0F  No Node9-wrapped MCP servers found in ~/.vscode/mcp.json"));
+  }
+}
+function getAgentsStatus(homeDir2 = os11.homedir()) {
+  const detected = detectAgents(homeDir2);
+  const claudeWired = (() => {
+    const settings = readJson(path15.join(homeDir2, ".claude", "settings.json"));
+    return !!settings?.hooks?.PreToolUse?.some((m) => m.hooks.some((h) => isNode9Hook(h.command)));
+  })();
+  const geminiWired = (() => {
+    const settings = readJson(path15.join(homeDir2, ".gemini", "settings.json"));
+    return !!settings?.hooks?.BeforeTool?.some((m) => m.hooks.some((h) => isNode9Hook(h.command)));
+  })();
+  const cursorWired = (() => {
+    const cfg = readJson(path15.join(homeDir2, ".cursor", "mcp.json"));
+    return !!(cfg?.mcpServers && hasNode9McpServer(cfg.mcpServers));
+  })();
+  const codexWired = (() => {
+    const cfg = readToml(path15.join(homeDir2, ".codex", "config.toml"));
+    return !!(cfg?.mcp_servers && hasNode9McpServer(cfg.mcp_servers));
+  })();
+  const windsurfWired = (() => {
+    const cfg = readJson(
+      path15.join(homeDir2, ".codeium", "windsurf", "mcp_config.json")
+    );
+    return !!(cfg?.mcpServers && hasNode9McpServer(cfg.mcpServers));
+  })();
+  const vscodeWired = (() => {
+    const cfg = readJson(path15.join(homeDir2, ".vscode", "mcp.json"));
+    return !!(cfg?.servers && hasNode9McpServerVSCode(cfg.servers));
+  })();
+  return [
+    {
+      name: "claude",
+      label: "Claude Code",
+      installed: detected.claude,
+      wired: claudeWired,
+      mode: detected.claude ? "hooks" : null
+    },
+    {
+      name: "gemini",
+      label: "Gemini CLI",
+      installed: detected.gemini,
+      wired: geminiWired,
+      mode: detected.gemini ? "hooks" : null
+    },
+    {
+      name: "cursor",
+      label: "Cursor",
+      installed: detected.cursor,
+      wired: cursorWired,
+      mode: detected.cursor ? "mcp" : null
+    },
+    {
+      name: "windsurf",
+      label: "Windsurf",
+      installed: detected.windsurf,
+      wired: windsurfWired,
+      mode: detected.windsurf ? "mcp" : null
+    },
+    {
+      name: "vscode",
+      label: "VSCode",
+      installed: detected.vscode,
+      wired: vscodeWired,
+      mode: detected.vscode ? "mcp" : null
+    },
+    {
+      name: "codex",
+      label: "Codex",
+      installed: detected.codex,
+      wired: codexWired,
+      mode: detected.codex ? "mcp" : null
+    }
+  ];
+}
+
+// src/cli.ts
+init_daemon2();
+import chalk25 from "chalk";
+import fs37 from "fs";
+import path40 from "path";
+import os33 from "os";
+import { confirm as confirm2 } from "@inquirer/prompts";
+
+// src/utils/duration.ts
+function parseDuration(str) {
+  const m = str.trim().match(/^(\d+(?:\.\d+)?)\s*(s|m|h|d)?$/i);
+  if (!m) return null;
+  const n = parseFloat(m[1]);
+  switch ((m[2] ?? "m").toLowerCase()) {
+    case "s":
+      return Math.round(n * 1e3);
+    case "m":
+      return Math.round(n * 6e4);
+    case "h":
+      return Math.round(n * 36e5);
+    case "d":
+      return Math.round(n * 864e5);
+    default:
+      return null;
   }
 }
 
@@ -8947,19 +9761,19 @@ init_daemon();
 init_config();
 init_policy();
 import chalk5 from "chalk";
-import fs20 from "fs";
+import fs23 from "fs";
 import { spawn as spawn6 } from "child_process";
-import path22 from "path";
-import os16 from "os";
+import path25 from "path";
+import os19 from "os";
 
 // src/undo.ts
-import { spawnSync as spawnSync4, spawn as spawn5 } from "child_process";
+import { spawnSync as spawnSync5, spawn as spawn5 } from "child_process";
 import crypto3 from "crypto";
-import fs19 from "fs";
+import fs21 from "fs";
 import net3 from "net";
-import path21 from "path";
-import os15 from "os";
-var ACTIVITY_SOCKET_PATH3 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path21.join(os15.tmpdir(), "node9-activity.sock");
+import path23 from "path";
+import os17 from "os";
+var ACTIVITY_SOCKET_PATH3 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path23.join(os17.tmpdir(), "node9-activity.sock");
 function notifySnapshotTaken(hash, tool, argsSummary, fileCount) {
   try {
     const payload = JSON.stringify({
@@ -8979,22 +9793,22 @@ function notifySnapshotTaken(hash, tool, argsSummary, fileCount) {
   } catch {
   }
 }
-var SNAPSHOT_STACK_PATH = path21.join(os15.homedir(), ".node9", "snapshots.json");
-var UNDO_LATEST_PATH = path21.join(os15.homedir(), ".node9", "undo_latest.txt");
+var SNAPSHOT_STACK_PATH = path23.join(os17.homedir(), ".node9", "snapshots.json");
+var UNDO_LATEST_PATH = path23.join(os17.homedir(), ".node9", "undo_latest.txt");
 var MAX_SNAPSHOTS = 10;
 var GIT_TIMEOUT = 15e3;
 function readStack() {
   try {
-    if (fs19.existsSync(SNAPSHOT_STACK_PATH))
-      return JSON.parse(fs19.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
+    if (fs21.existsSync(SNAPSHOT_STACK_PATH))
+      return JSON.parse(fs21.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
   } catch {
   }
   return [];
 }
 function writeStack(stack) {
-  const dir = path21.dirname(SNAPSHOT_STACK_PATH);
-  if (!fs19.existsSync(dir)) fs19.mkdirSync(dir, { recursive: true });
-  fs19.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
+  const dir = path23.dirname(SNAPSHOT_STACK_PATH);
+  if (!fs21.existsSync(dir)) fs21.mkdirSync(dir, { recursive: true });
+  fs21.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
 }
 function extractFilePath(args) {
   if (!args || typeof args !== "object") return null;
@@ -9014,12 +9828,12 @@ function buildArgsSummary(tool, args) {
   return "";
 }
 function findProjectRoot(filePath) {
-  let dir = path21.dirname(filePath);
+  let dir = path23.dirname(filePath);
   while (true) {
-    if (fs19.existsSync(path21.join(dir, ".git")) || fs19.existsSync(path21.join(dir, "package.json"))) {
+    if (fs21.existsSync(path23.join(dir, ".git")) || fs21.existsSync(path23.join(dir, "package.json"))) {
       return dir;
     }
-    const parent = path21.dirname(dir);
+    const parent = path23.dirname(dir);
     if (parent === dir) return process.cwd();
     dir = parent;
   }
@@ -9027,7 +9841,7 @@ function findProjectRoot(filePath) {
 function normalizeCwdForHash(cwd) {
   let normalized;
   try {
-    normalized = fs19.realpathSync(cwd);
+    normalized = fs21.realpathSync(cwd);
   } catch {
     normalized = cwd;
   }
@@ -9037,16 +9851,16 @@ function normalizeCwdForHash(cwd) {
 }
 function getShadowRepoDir(cwd) {
   const hash = crypto3.createHash("sha256").update(normalizeCwdForHash(cwd)).digest("hex").slice(0, 16);
-  return path21.join(os15.homedir(), ".node9", "snapshots", hash);
+  return path23.join(os17.homedir(), ".node9", "snapshots", hash);
 }
 function cleanOrphanedIndexFiles(shadowDir) {
   try {
     const cutoff = Date.now() - 6e4;
-    for (const f of fs19.readdirSync(shadowDir)) {
+    for (const f of fs21.readdirSync(shadowDir)) {
       if (f.startsWith("index_")) {
-        const fp = path21.join(shadowDir, f);
+        const fp = path23.join(shadowDir, f);
         try {
-          if (fs19.statSync(fp).mtimeMs < cutoff) fs19.unlinkSync(fp);
+          if (fs21.statSync(fp).mtimeMs < cutoff) fs21.unlinkSync(fp);
         } catch {
         }
       }
@@ -9058,7 +9872,7 @@ function writeShadowExcludes(shadowDir, ignorePaths) {
   const hardcoded = [".git", ".node9"];
   const lines = [...hardcoded, ...ignorePaths].join("\n");
   try {
-    fs19.writeFileSync(path21.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
+    fs21.writeFileSync(path23.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
   } catch {
   }
 }
@@ -9066,54 +9880,54 @@ function ensureShadowRepo(shadowDir, cwd) {
   cleanOrphanedIndexFiles(shadowDir);
   const normalizedCwd = normalizeCwdForHash(cwd);
   const shadowEnvBase = { ...process.env, GIT_DIR: shadowDir, GIT_WORK_TREE: cwd };
-  const check = spawnSync4("git", ["rev-parse", "--git-dir"], {
+  const check = spawnSync5("git", ["rev-parse", "--git-dir"], {
     env: shadowEnvBase,
     timeout: 3e3
   });
   if (check.status === 0) {
-    const ptPath = path21.join(shadowDir, "project-path.txt");
+    const ptPath = path23.join(shadowDir, "project-path.txt");
     try {
-      const stored = fs19.readFileSync(ptPath, "utf8").trim();
+      const stored = fs21.readFileSync(ptPath, "utf8").trim();
       if (stored === normalizedCwd) return true;
       if (process.env.NODE9_DEBUG === "1")
         console.error(
           `[Node9] Shadow repo path mismatch: stored="${stored}" expected="${normalizedCwd}" \u2014 reinitializing`
         );
-      fs19.rmSync(shadowDir, { recursive: true, force: true });
+      fs21.rmSync(shadowDir, { recursive: true, force: true });
     } catch {
       try {
-        fs19.writeFileSync(ptPath, normalizedCwd, "utf8");
+        fs21.writeFileSync(ptPath, normalizedCwd, "utf8");
       } catch {
       }
       return true;
     }
   }
   try {
-    fs19.mkdirSync(shadowDir, { recursive: true });
+    fs21.mkdirSync(shadowDir, { recursive: true });
   } catch {
   }
-  const init = spawnSync4("git", ["init", "--bare", shadowDir], { timeout: 5e3 });
+  const init = spawnSync5("git", ["init", "--bare", shadowDir], { timeout: 5e3 });
   if (init.status !== 0 || init.error) {
     const reason = init.error ? init.error.message : init.stderr?.toString();
     if (process.env.NODE9_DEBUG === "1") console.error("[Node9] git init --bare failed:", reason);
     return false;
   }
-  const configFile = path21.join(shadowDir, "config");
-  spawnSync4("git", ["config", "--file", configFile, "core.untrackedCache", "true"], {
+  const configFile = path23.join(shadowDir, "config");
+  spawnSync5("git", ["config", "--file", configFile, "core.untrackedCache", "true"], {
     timeout: 3e3
   });
-  spawnSync4("git", ["config", "--file", configFile, "core.fsmonitor", "true"], {
+  spawnSync5("git", ["config", "--file", configFile, "core.fsmonitor", "true"], {
     timeout: 3e3
   });
   try {
-    fs19.writeFileSync(path21.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
+    fs21.writeFileSync(path23.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
   } catch {
   }
   return true;
 }
 function buildGitEnv(cwd) {
   const shadowDir = getShadowRepoDir(cwd);
-  const check = spawnSync4("git", ["rev-parse", "--git-dir"], {
+  const check = spawnSync5("git", ["rev-parse", "--git-dir"], {
     env: { ...process.env, GIT_DIR: shadowDir, GIT_WORK_TREE: cwd },
     timeout: 2e3
   });
@@ -9126,23 +9940,23 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
   let indexFile = null;
   try {
     const rawFilePath = extractFilePath(args);
-    const absFilePath = rawFilePath && path21.isAbsolute(rawFilePath) ? rawFilePath : null;
+    const absFilePath = rawFilePath && path23.isAbsolute(rawFilePath) ? rawFilePath : null;
     const cwd = absFilePath ? findProjectRoot(absFilePath) : process.cwd();
     const shadowDir = getShadowRepoDir(cwd);
     if (!ensureShadowRepo(shadowDir, cwd)) return null;
     writeShadowExcludes(shadowDir, ignorePaths);
-    indexFile = path21.join(shadowDir, `index_${process.pid}_${Date.now()}`);
+    indexFile = path23.join(shadowDir, `index_${process.pid}_${Date.now()}`);
     const shadowEnv = {
       ...process.env,
       GIT_DIR: shadowDir,
       GIT_WORK_TREE: cwd,
       GIT_INDEX_FILE: indexFile
     };
-    spawnSync4("git", ["add", "-A"], { env: shadowEnv, timeout: GIT_TIMEOUT });
-    const treeRes = spawnSync4("git", ["write-tree"], { env: shadowEnv, timeout: GIT_TIMEOUT });
+    spawnSync5("git", ["add", "-A"], { env: shadowEnv, timeout: GIT_TIMEOUT });
+    const treeRes = spawnSync5("git", ["write-tree"], { env: shadowEnv, timeout: GIT_TIMEOUT });
     const treeHash = treeRes.stdout?.toString().trim();
     if (!treeHash || treeRes.status !== 0) return null;
-    const commitRes = spawnSync4(
+    const commitRes = spawnSync5(
       "git",
       ["commit-tree", treeHash, "-m", `Node9 AI Snapshot: ${(/* @__PURE__ */ new Date()).toISOString()}`],
       { env: shadowEnv, timeout: GIT_TIMEOUT }
@@ -9154,7 +9968,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
     let capturedFiles = [];
     let capturedDiff = null;
     if (prevEntry) {
-      const filesRes = spawnSync4("git", ["diff", "--name-only", prevEntry.hash, commitHash], {
+      const filesRes = spawnSync5("git", ["diff", "--name-only", prevEntry.hash, commitHash], {
         env: shadowEnv,
         timeout: GIT_TIMEOUT
       });
@@ -9164,7 +9978,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
       if (capturedFiles.length === 0) {
         return prevEntry.hash;
       }
-      const diffRes = spawnSync4("git", ["diff", prevEntry.hash, commitHash], {
+      const diffRes = spawnSync5("git", ["diff", prevEntry.hash, commitHash], {
         env: shadowEnv,
         timeout: GIT_TIMEOUT
       });
@@ -9172,7 +9986,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
         capturedDiff = diffRes.stdout?.toString() || null;
       }
     } else {
-      const filesRes = spawnSync4("git", ["ls-tree", "-r", "--name-only", commitHash], {
+      const filesRes = spawnSync5("git", ["ls-tree", "-r", "--name-only", commitHash], {
         env: shadowEnv,
         timeout: GIT_TIMEOUT
       });
@@ -9203,7 +10017,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
     writeStack(stack);
     const entry = stack[stack.length - 1];
     notifySnapshotTaken(commitHash.slice(0, 7), tool, entry.argsSummary, capturedFiles.length);
-    fs19.writeFileSync(UNDO_LATEST_PATH, commitHash);
+    fs21.writeFileSync(UNDO_LATEST_PATH, commitHash);
     if (shouldGc) {
       spawn5("git", ["gc", "--auto"], { env: shadowEnv, detached: true, stdio: "ignore" }).unref();
     }
@@ -9214,7 +10028,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
   } finally {
     if (indexFile) {
       try {
-        fs19.unlinkSync(indexFile);
+        fs21.unlinkSync(indexFile);
       } catch {
       }
     }
@@ -9226,14 +10040,14 @@ function getSnapshotHistory() {
 function computeUndoDiff(hash, cwd) {
   try {
     const env = buildGitEnv(cwd);
-    const statRes = spawnSync4("git", ["diff", hash, "--stat", "--", "."], {
+    const statRes = spawnSync5("git", ["diff", hash, "--stat", "--", "."], {
       cwd,
       env,
       timeout: GIT_TIMEOUT
     });
     const stat = statRes.stdout?.toString().trim();
     if (!stat || statRes.status !== 0) return null;
-    const diffRes = spawnSync4("git", ["diff", hash, "--", "."], {
+    const diffRes = spawnSync5("git", ["diff", hash, "--", "."], {
       cwd,
       env,
       timeout: GIT_TIMEOUT
@@ -9252,7 +10066,7 @@ function applyUndo(hash, cwd) {
   try {
     const dir = cwd ?? process.cwd();
     const env = buildGitEnv(dir);
-    const restore = spawnSync4("git", ["restore", "--source", hash, "--staged", "--worktree", "."], {
+    const restore = spawnSync5("git", ["restore", "--source", hash, "--staged", "--worktree", "."], {
       cwd: dir,
       env,
       timeout: GIT_TIMEOUT
@@ -9264,7 +10078,7 @@ function applyUndo(hash, cwd) {
       }
       return false;
     }
-    const lsTree = spawnSync4("git", ["ls-tree", "-r", "--name-only", hash], {
+    const lsTree = spawnSync5("git", ["ls-tree", "-r", "--name-only", hash], {
       cwd: dir,
       env,
       timeout: GIT_TIMEOUT
@@ -9283,16 +10097,16 @@ function applyUndo(hash, cwd) {
 `);
       return false;
     }
-    const tracked = spawnSync4("git", ["ls-files"], { cwd: dir, env, timeout: GIT_TIMEOUT }).stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
-    const untracked = spawnSync4("git", ["ls-files", "--others", "--exclude-standard"], {
+    const tracked = spawnSync5("git", ["ls-files"], { cwd: dir, env, timeout: GIT_TIMEOUT }).stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
+    const untracked = spawnSync5("git", ["ls-files", "--others", "--exclude-standard"], {
       cwd: dir,
       env,
       timeout: GIT_TIMEOUT
     }).stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
     for (const file of [...tracked, ...untracked]) {
-      const fullPath = path21.join(dir, file);
-      if (!snapshotFiles.has(file) && fs19.existsSync(fullPath)) {
-        fs19.unlinkSync(fullPath);
+      const fullPath = path23.join(dir, file);
+      if (!snapshotFiles.has(file) && fs21.existsSync(fullPath)) {
+        fs21.unlinkSync(fullPath);
       }
     }
     return true;
@@ -9301,52 +10115,233 @@ function applyUndo(hash, cwd) {
   }
 }
 
-// src/cli/commands/check.ts
-function sanitize2(value) {
-  return value.replace(/[\x00-\x1F\x7F]/g, "");
-}
-function registerCheckCommand(program2) {
-  program2.command("check").description("Hook handler \u2014 evaluates a tool call before execution").argument("[data]", "JSON string of the tool call").action(async (data) => {
-    const processPayload = async (raw) => {
+// src/skill-pin.ts
+import fs22 from "fs";
+import path24 from "path";
+import os18 from "os";
+import crypto4 from "crypto";
+function getPinsFilePath() {
+  return path24.join(os18.homedir(), ".node9", "skill-pins.json");
+}
+var MAX_FILES = 5e3;
+var MAX_TOTAL_BYTES = 50 * 1024 * 1024;
+function sha256Bytes(buf) {
+  return crypto4.createHash("sha256").update(buf).digest("hex");
+}
+function walkDir(root) {
+  const out = [];
+  let totalBytes = 0;
+  const visit = (dir, relDir) => {
+    if (out.length >= MAX_FILES) return;
+    let entries;
+    try {
+      entries = fs22.readdirSync(dir, { withFileTypes: true });
+    } catch {
+      return;
+    }
+    entries.sort((a, b) => a.name.localeCompare(b.name));
+    for (const entry of entries) {
+      if (out.length >= MAX_FILES) return;
+      const full = path24.join(dir, entry.name);
+      const rel = relDir ? path24.posix.join(relDir, entry.name) : entry.name;
+      let lst;
       try {
-        if (!raw || raw.trim() === "") process.exit(0);
-        let payload = JSON.parse(raw);
-        try {
-          payload = JSON.parse(raw);
-        } catch (err2) {
-          const tempConfig = getConfig();
-          if (process.env.NODE9_DEBUG === "1" || tempConfig.settings.enableHookLogDebug) {
-            const logPath = path22.join(os16.homedir(), ".node9", "hook-debug.log");
-            const errMsg = err2 instanceof Error ? err2.message : String(err2);
-            fs20.appendFileSync(
-              logPath,
-              `[${(/* @__PURE__ */ new Date()).toISOString()}] JSON_PARSE_ERROR: ${errMsg}
-RAW: ${raw}
-`
-            );
-          }
-          process.exit(0);
-        }
-        const config = getConfig(payload.cwd || void 0);
-        if (config.settings.autoStartDaemon && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON) {
-          try {
-            const scriptPath = process.argv[1];
-            if (typeof scriptPath !== "string" || !path22.isAbsolute(scriptPath))
-              throw new Error("node9: argv[1] is not an absolute path");
-            const resolvedScript = fs20.realpathSync(scriptPath);
-            const packageDist = fs20.realpathSync(path22.resolve(__dirname, "../.."));
-            if (!resolvedScript.startsWith(packageDist + path22.sep) && resolvedScript !== packageDist)
-              throw new Error(
-                `node9: daemon spawn aborted \u2014 argv[1] (${resolvedScript}) is outside package dist (${packageDist})`
-              );
-            const safeEnv = { ...process.env };
-            for (const key of [
-              "NODE_OPTIONS",
-              "LD_PRELOAD",
-              "LD_LIBRARY_PATH",
-              "DYLD_INSERT_LIBRARIES",
-              "NODE_PATH",
-              "ELECTRON_RUN_AS_NODE"
+        lst = fs22.lstatSync(full);
+      } catch {
+        continue;
+      }
+      if (lst.isSymbolicLink()) continue;
+      if (lst.isDirectory()) {
+        visit(full, rel);
+        continue;
+      }
+      if (!lst.isFile()) continue;
+      if (totalBytes + lst.size > MAX_TOTAL_BYTES) continue;
+      try {
+        const buf = fs22.readFileSync(full);
+        totalBytes += buf.length;
+        out.push({ rel, hash: sha256Bytes(buf) });
+      } catch {
+      }
+    }
+  };
+  visit(root, "");
+  out.sort((a, b) => a.rel.localeCompare(b.rel));
+  return out.map((e) => `${e.rel}\0${e.hash}`);
+}
+function hashSkillRoot(absPath) {
+  let lst;
+  try {
+    lst = fs22.lstatSync(absPath);
+  } catch {
+    return { exists: false, contentHash: "", fileCount: 0 };
+  }
+  if (lst.isSymbolicLink()) return { exists: false, contentHash: "", fileCount: 0 };
+  if (lst.isFile()) {
+    try {
+      return { exists: true, contentHash: sha256Bytes(fs22.readFileSync(absPath)), fileCount: 1 };
+    } catch {
+      return { exists: false, contentHash: "", fileCount: 0 };
+    }
+  }
+  if (lst.isDirectory()) {
+    const entries = walkDir(absPath);
+    const contentHash = crypto4.createHash("sha256").update(entries.join("\n")).digest("hex");
+    return { exists: true, contentHash, fileCount: entries.length };
+  }
+  return { exists: false, contentHash: "", fileCount: 0 };
+}
+function getRootKey(absPath) {
+  return crypto4.createHash("sha256").update(absPath).digest("hex").slice(0, 16);
+}
+function readSkillPinsSafe() {
+  const filePath = getPinsFilePath();
+  try {
+    const raw = fs22.readFileSync(filePath, "utf-8");
+    if (!raw.trim()) return { ok: false, reason: "corrupt", detail: "empty file" };
+    const parsed = JSON.parse(raw);
+    if (!parsed.roots || typeof parsed.roots !== "object" || Array.isArray(parsed.roots)) {
+      return { ok: false, reason: "corrupt", detail: "invalid structure: missing roots object" };
+    }
+    return { ok: true, pins: { roots: parsed.roots } };
+  } catch (err2) {
+    if (err2.code === "ENOENT") return { ok: false, reason: "missing" };
+    return { ok: false, reason: "corrupt", detail: String(err2) };
+  }
+}
+function readSkillPins() {
+  const result = readSkillPinsSafe();
+  if (result.ok) return result.pins;
+  if (result.reason === "missing") return { roots: {} };
+  throw new Error(`[node9] skill pin file is corrupt: ${result.detail}`);
+}
+function writeSkillPins(data) {
+  const filePath = getPinsFilePath();
+  fs22.mkdirSync(path24.dirname(filePath), { recursive: true });
+  const tmp = `${filePath}.${crypto4.randomBytes(6).toString("hex")}.tmp`;
+  fs22.writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 384 });
+  fs22.renameSync(tmp, filePath);
+}
+function removePin(rootKey) {
+  const pins = readSkillPins();
+  delete pins.roots[rootKey];
+  writeSkillPins(pins);
+}
+function clearAllPins() {
+  writeSkillPins({ roots: {} });
+}
+function verifyAndPinRoots(roots) {
+  const pinsRead = readSkillPinsSafe();
+  if (!pinsRead.ok && pinsRead.reason === "corrupt") {
+    return { kind: "corrupt", detail: pinsRead.detail };
+  }
+  const pins = pinsRead.ok ? pinsRead.pins : { roots: {} };
+  let mutated = false;
+  for (const rootPath of new Set(roots)) {
+    const rootKey = getRootKey(rootPath);
+    const current = hashSkillRoot(rootPath);
+    const existing = pins.roots[rootKey];
+    if (!existing) {
+      pins.roots[rootKey] = {
+        rootPath,
+        exists: current.exists,
+        contentHash: current.contentHash,
+        fileCount: current.fileCount,
+        pinnedAt: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      mutated = true;
+      continue;
+    }
+    if (existing.exists !== current.exists || existing.contentHash !== current.contentHash) {
+      let summary;
+      if (existing.exists && !current.exists) summary = `vanished: ${rootPath}`;
+      else if (!existing.exists && current.exists) summary = `appeared: ${rootPath}`;
+      else summary = `changed: ${rootPath}`;
+      return { kind: "drift", changedRootKey: rootKey, changedRootPath: rootPath, summary };
+    }
+  }
+  if (mutated) writeSkillPins(pins);
+  return { kind: "verified" };
+}
+function defaultSkillRoots(_cwd) {
+  const marketplaces = path24.join(os18.homedir(), ".claude", "plugins", "marketplaces");
+  const roots = [];
+  let registries;
+  try {
+    registries = fs22.readdirSync(marketplaces, { withFileTypes: true });
+  } catch {
+    return [];
+  }
+  for (const registry of registries) {
+    if (!registry.isDirectory()) continue;
+    const pluginsDir = path24.join(marketplaces, registry.name, "plugins");
+    let plugins;
+    try {
+      plugins = fs22.readdirSync(pluginsDir, { withFileTypes: true });
+    } catch {
+      continue;
+    }
+    for (const plugin of plugins) {
+      if (!plugin.isDirectory()) continue;
+      roots.push(path24.join(pluginsDir, plugin.name));
+    }
+  }
+  return roots;
+}
+function resolveUserSkillRoot(entry, cwd) {
+  if (!entry) return null;
+  if (entry.startsWith("~/") || entry === "~") return path24.join(os18.homedir(), entry.slice(1));
+  if (path24.isAbsolute(entry)) return entry;
+  if (!cwd || !path24.isAbsolute(cwd)) return null;
+  return path24.join(cwd, entry);
+}
+
+// src/cli/commands/check.ts
+function sanitize2(value) {
+  return value.replace(/[\x00-\x1F\x7F]/g, "");
+}
+function registerCheckCommand(program2) {
+  program2.command("check").description("Hook handler \u2014 evaluates a tool call before execution").argument("[data]", "JSON string of the tool call").action(async (data) => {
+    const processPayload = async (raw) => {
+      try {
+        if (!raw || raw.trim() === "") process.exit(0);
+        let payload = JSON.parse(raw);
+        try {
+          payload = JSON.parse(raw);
+        } catch (err2) {
+          const tempConfig = getConfig();
+          if (process.env.NODE9_DEBUG === "1" || tempConfig.settings.enableHookLogDebug) {
+            const logPath = path25.join(os19.homedir(), ".node9", "hook-debug.log");
+            const errMsg = err2 instanceof Error ? err2.message : String(err2);
+            fs23.appendFileSync(
+              logPath,
+              `[${(/* @__PURE__ */ new Date()).toISOString()}] JSON_PARSE_ERROR: ${errMsg}
+RAW: ${raw}
+`
+            );
+          }
+          process.exit(0);
+        }
+        const config = getConfig(payload.cwd || void 0);
+        if (config.settings.autoStartDaemon && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON) {
+          try {
+            const scriptPath = process.argv[1];
+            if (typeof scriptPath !== "string" || !path25.isAbsolute(scriptPath))
+              throw new Error("node9: argv[1] is not an absolute path");
+            const resolvedScript = fs23.realpathSync(scriptPath);
+            const packageDist = fs23.realpathSync(path25.resolve(__dirname, "../.."));
+            if (!resolvedScript.startsWith(packageDist + path25.sep) && resolvedScript !== packageDist)
+              throw new Error(
+                `node9: daemon spawn aborted \u2014 argv[1] (${resolvedScript}) is outside package dist (${packageDist})`
+              );
+            const safeEnv = { ...process.env };
+            for (const key of [
+              "NODE_OPTIONS",
+              "LD_PRELOAD",
+              "LD_LIBRARY_PATH",
+              "DYLD_INSERT_LIBRARIES",
+              "NODE_PATH",
+              "ELECTRON_RUN_AS_NODE"
             ]) {
               delete safeEnv[key];
             }
@@ -9357,10 +10352,10 @@ RAW: ${raw}
             });
             d.unref();
           } catch (spawnErr) {
-            const logPath = path22.join(os16.homedir(), ".node9", "hook-debug.log");
+            const logPath = path25.join(os19.homedir(), ".node9", "hook-debug.log");
             const msg = spawnErr instanceof Error ? spawnErr.message : String(spawnErr);
             try {
-              fs20.appendFileSync(
+              fs23.appendFileSync(
                 logPath,
                 `[${(/* @__PURE__ */ new Date()).toISOString()}] daemon-autostart-failed: ${msg}
 `
@@ -9370,10 +10365,10 @@ RAW: ${raw}
           }
         }
         if (process.env.NODE9_DEBUG === "1" || config.settings.enableHookLogDebug) {
-          const logPath = path22.join(os16.homedir(), ".node9", "hook-debug.log");
-          if (!fs20.existsSync(path22.dirname(logPath)))
-            fs20.mkdirSync(path22.dirname(logPath), { recursive: true });
-          fs20.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
+          const logPath = path25.join(os19.homedir(), ".node9", "hook-debug.log");
+          if (!fs23.existsSync(path25.dirname(logPath)))
+            fs23.mkdirSync(path25.dirname(logPath), { recursive: true });
+          fs23.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
 `);
         }
         const toolName = sanitize2(payload.tool_name ?? payload.name ?? "");
@@ -9386,8 +10381,8 @@ RAW: ${raw}
           const isHumanDecision = blockedByContext.toLowerCase().includes("user") || blockedByContext.toLowerCase().includes("daemon") || blockedByContext.toLowerCase().includes("decision");
           let ttyFd = null;
           try {
-            ttyFd = fs20.openSync("/dev/tty", "w");
-            const writeTty = (line) => fs20.writeSync(ttyFd, line + "\n");
+            ttyFd = fs23.openSync("/dev/tty", "w");
+            const writeTty = (line) => fs23.writeSync(ttyFd, line + "\n");
             if (blockedByContext.includes("DLP") || blockedByContext.includes("Secret Detected") || blockedByContext.includes("Credential Review")) {
               writeTty(chalk5.bgRed.white.bold(`
  \u{1F6A8} NODE9 DLP ALERT \u2014 CREDENTIAL DETECTED `));
@@ -9406,7 +10401,7 @@ RAW: ${raw}
           } finally {
             if (ttyFd !== null)
               try {
-                fs20.closeSync(ttyFd);
+                fs23.closeSync(ttyFd);
               } catch {
               }
           }
@@ -9435,10 +10430,131 @@ RAW: ${raw}
           return;
         }
         const meta = { agent, mcpServer };
+        const skillPinCfg = config.policy.skillPinning;
+        const rawSessionId = typeof payload.session_id === "string" ? payload.session_id : "";
+        const safeSessionId = /^[A-Za-z0-9_\-]{1,128}$/.test(rawSessionId) ? rawSessionId : "";
+        if (skillPinCfg.enabled && safeSessionId) {
+          try {
+            const sessionsDir = path25.join(os19.homedir(), ".node9", "skill-sessions");
+            const flagPath = path25.join(sessionsDir, `${safeSessionId}.json`);
+            let flag = null;
+            try {
+              flag = JSON.parse(fs23.readFileSync(flagPath, "utf-8"));
+            } catch {
+            }
+            const writeFlag = (data2) => {
+              try {
+                fs23.mkdirSync(sessionsDir, { recursive: true });
+                fs23.writeFileSync(
+                  flagPath,
+                  JSON.stringify({ ...data2, timestamp: (/* @__PURE__ */ new Date()).toISOString() }, null, 2),
+                  { mode: 384 }
+                );
+              } catch {
+              }
+            };
+            const sendSkillWarn = (detail, recoveryCmd) => {
+              let ttyFd = null;
+              try {
+                ttyFd = fs23.openSync("/dev/tty", "w");
+                const w = (line) => fs23.writeSync(ttyFd, line + "\n");
+                w(chalk5.yellow(`
+\u26A0\uFE0F  Node9: installed skill drift detected`));
+                w(chalk5.gray(`   ${detail}`));
+                w(
+                  chalk5.gray(
+                    `   If you updated a plugin, acknowledge the change to clear this warning.`
+                  )
+                );
+                if (recoveryCmd) w(chalk5.green(`   \u{1F4A1} Run:  ${recoveryCmd}`));
+                w("");
+              } catch {
+              } finally {
+                if (ttyFd !== null)
+                  try {
+                    fs23.closeSync(ttyFd);
+                  } catch {
+                  }
+              }
+            };
+            if (flag && flag.state === "quarantined" && skillPinCfg.mode === "block") {
+              sendBlock(
+                `Node9: session quarantined \u2014 installed skill changed. Open a separate terminal and run: node9 skill pin list (to see what changed) then: node9 skill pin update <rootKey> (to acknowledge). If you updated a plugin intentionally, this is expected.`,
+                {
+                  blockedByLabel: "Skill Pin Quarantine",
+                  recoveryCommand: "node9 skill pin list"
+                }
+              );
+              return;
+            }
+            if (!flag || flag.state !== "verified" && flag.state !== "warned") {
+              const absoluteCwd = typeof payload.cwd === "string" && path25.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+              const extraRoots = skillPinCfg.roots;
+              const resolvedExtra = extraRoots.map((r) => resolveUserSkillRoot(r, absoluteCwd)).filter((r) => typeof r === "string");
+              const roots = [...defaultSkillRoots(absoluteCwd), ...resolvedExtra];
+              const result2 = verifyAndPinRoots(roots);
+              if (result2.kind === "corrupt") {
+                if (skillPinCfg.mode === "block") {
+                  writeFlag({
+                    state: "quarantined",
+                    detail: `pin file corrupt: ${result2.detail}`
+                  });
+                  sendBlock("Node9: skill pin file is corrupt \u2014 fail-closed.", {
+                    blockedByLabel: "Skill Pin Quarantine",
+                    recoveryCommand: "node9 skill pin reset"
+                  });
+                  return;
+                }
+                writeFlag({ state: "warned", detail: `pin file corrupt: ${result2.detail}` });
+                sendSkillWarn(
+                  `Skill pin file is corrupt: ${result2.detail}`,
+                  "node9 skill pin reset"
+                );
+              } else if (result2.kind === "drift") {
+                if (skillPinCfg.mode === "block") {
+                  writeFlag({ state: "quarantined", detail: result2.summary });
+                  sendBlock(
+                    `Node9: installed skill changed \u2014 ${result2.summary}. If you updated a plugin, open a separate terminal and run: node9 skill pin update ${result2.changedRootKey}`,
+                    {
+                      blockedByLabel: "Skill Pin Quarantine",
+                      recoveryCommand: `node9 skill pin update ${result2.changedRootKey}`
+                    }
+                  );
+                  return;
+                }
+                writeFlag({ state: "warned", detail: result2.summary });
+                sendSkillWarn(result2.summary, `node9 skill pin update ${result2.changedRootKey}`);
+              } else {
+                writeFlag({ state: "verified" });
+              }
+              try {
+                const cutoff = Date.now() - 7 * 24 * 60 * 60 * 1e3;
+                for (const name of fs23.readdirSync(sessionsDir)) {
+                  const p = path25.join(sessionsDir, name);
+                  try {
+                    if (fs23.statSync(p).mtimeMs < cutoff) fs23.unlinkSync(p);
+                  } catch {
+                  }
+                }
+              } catch {
+              }
+            }
+          } catch (err2) {
+            if (process.env.NODE9_DEBUG === "1") {
+              try {
+                const dbg = path25.join(os19.homedir(), ".node9", "hook-debug.log");
+                const msg = err2 instanceof Error ? err2.message : String(err2);
+                fs23.appendFileSync(dbg, `[${(/* @__PURE__ */ new Date()).toISOString()}] SKILL_PIN_ERROR: ${msg}
+`);
+              } catch {
+              }
+            }
+          }
+        }
         if (shouldSnapshot(toolName, toolInput, config)) {
           await createShadowSnapshot(toolName, toolInput, config.policy.snapshot.ignorePaths);
         }
-        const safeCwdForAuth = typeof payload.cwd === "string" && path22.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+        const safeCwdForAuth = typeof payload.cwd === "string" && path25.isAbsolute(payload.cwd) ? payload.cwd : void 0;
         const result = await authorizeHeadless(toolName, toolInput, meta, {
           cwd: safeCwdForAuth
         });
@@ -9450,12 +10566,12 @@ RAW: ${raw}
         }
         if (result.noApprovalMechanism && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON && !process.stdout.isTTY && config.settings.autoStartDaemon) {
           try {
-            const tty = fs20.openSync("/dev/tty", "w");
-            fs20.writeSync(
+            const tty = fs23.openSync("/dev/tty", "w");
+            fs23.writeSync(
               tty,
               chalk5.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically...\n")
             );
-            fs20.closeSync(tty);
+            fs23.closeSync(tty);
           } catch {
           }
           const daemonReady = await autoStartDaemonAndWait();
@@ -9482,9 +10598,9 @@ RAW: ${raw}
         });
       } catch (err2) {
         if (process.env.NODE9_DEBUG === "1") {
-          const logPath = path22.join(os16.homedir(), ".node9", "hook-debug.log");
+          const logPath = path25.join(os19.homedir(), ".node9", "hook-debug.log");
           const errMsg = err2 instanceof Error ? err2.message : String(err2);
-          fs20.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
+          fs23.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
 `);
         }
         process.exit(0);
@@ -9521,9 +10637,9 @@ RAW: ${raw}
 init_audit();
 init_config();
 init_policy();
-import fs21 from "fs";
-import path23 from "path";
-import os17 from "os";
+import fs24 from "fs";
+import path26 from "path";
+import os20 from "os";
 init_daemon();
 
 // src/utils/cp-mv-parser.ts
@@ -9596,10 +10712,10 @@ function registerLogCommand(program2) {
           decision: "allowed",
           source: "post-hook"
         };
-        const logPath = path23.join(os17.homedir(), ".node9", "audit.log");
-        if (!fs21.existsSync(path23.dirname(logPath)))
-          fs21.mkdirSync(path23.dirname(logPath), { recursive: true });
-        fs21.appendFileSync(logPath, JSON.stringify(entry) + "\n");
+        const logPath = path26.join(os20.homedir(), ".node9", "audit.log");
+        if (!fs24.existsSync(path26.dirname(logPath)))
+          fs24.mkdirSync(path26.dirname(logPath), { recursive: true });
+        fs24.appendFileSync(logPath, JSON.stringify(entry) + "\n");
         if ((tool === "Bash" || tool === "bash") && isDaemonRunning()) {
           const command = typeof rawInput === "object" && rawInput !== null && "command" in rawInput && typeof rawInput.command === "string" ? rawInput.command : null;
           if (command) {
@@ -9632,7 +10748,7 @@ function registerLogCommand(program2) {
             }
           }
         }
-        const safeCwd = typeof payload.cwd === "string" && path23.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+        const safeCwd = typeof payload.cwd === "string" && path26.isAbsolute(payload.cwd) ? payload.cwd : void 0;
         const config = getConfig(safeCwd);
         if (shouldSnapshot(tool, {}, config)) {
           await createShadowSnapshot("unknown", {}, config.policy.snapshot.ignorePaths);
@@ -9641,9 +10757,9 @@ function registerLogCommand(program2) {
         const msg = err2 instanceof Error ? err2.message : String(err2);
         process.stderr.write(`[Node9] audit log error: ${msg}
 `);
-        const debugPath = path23.join(os17.homedir(), ".node9", "hook-debug.log");
+        const debugPath = path26.join(os20.homedir(), ".node9", "hook-debug.log");
         try {
-          fs21.appendFileSync(debugPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] LOG_ERROR: ${msg}
+          fs24.appendFileSync(debugPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] LOG_ERROR: ${msg}
 `);
         } catch {
         }
@@ -9673,10 +10789,10 @@ init_config();
 import chalk6 from "chalk";
 
 // src/utils/https-fetch.ts
-import https from "https";
+import https2 from "https";
 function httpsFetch(url) {
   return new Promise((resolve, reject) => {
-    https.get(url, (res) => {
+    https2.get(url, (res) => {
       if (res.statusCode !== 200) {
         reject(new Error(`HTTP ${String(res.statusCode)} for ${url}`));
         res.resume();
@@ -10044,13 +11160,13 @@ function registerConfigShowCommand(program2) {
 // src/cli/commands/doctor.ts
 init_daemon();
 import chalk7 from "chalk";
-import fs22 from "fs";
-import path24 from "path";
-import os18 from "os";
+import fs25 from "fs";
+import path27 from "path";
+import os21 from "os";
 import { execSync as execSync2 } from "child_process";
 function registerDoctorCommand(program2, version2) {
   program2.command("doctor").description("Check that Node9 is installed and configured correctly").action(() => {
-    const homeDir2 = os18.homedir();
+    const homeDir2 = os21.homedir();
     let failures = 0;
     function pass(msg) {
       console.log(chalk7.green("  \u2705 ") + msg);
@@ -10099,10 +11215,10 @@ function registerDoctorCommand(program2, version2) {
       );
     }
     section("Configuration");
-    const globalConfigPath = path24.join(homeDir2, ".node9", "config.json");
-    if (fs22.existsSync(globalConfigPath)) {
+    const globalConfigPath = path27.join(homeDir2, ".node9", "config.json");
+    if (fs25.existsSync(globalConfigPath)) {
       try {
-        JSON.parse(fs22.readFileSync(globalConfigPath, "utf-8"));
+        JSON.parse(fs25.readFileSync(globalConfigPath, "utf-8"));
         pass("~/.node9/config.json found and valid");
       } catch {
         fail("~/.node9/config.json is invalid JSON", "Run: node9 init --force");
@@ -10110,10 +11226,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("~/.node9/config.json not found (using defaults)", "Run: node9 init");
     }
-    const projectConfigPath = path24.join(process.cwd(), "node9.config.json");
-    if (fs22.existsSync(projectConfigPath)) {
+    const projectConfigPath = path27.join(process.cwd(), "node9.config.json");
+    if (fs25.existsSync(projectConfigPath)) {
       try {
-        JSON.parse(fs22.readFileSync(projectConfigPath, "utf-8"));
+        JSON.parse(fs25.readFileSync(projectConfigPath, "utf-8"));
         pass("node9.config.json found and valid (project)");
       } catch {
         fail(
@@ -10122,8 +11238,8 @@ function registerDoctorCommand(program2, version2) {
         );
       }
     }
-    const credsPath = path24.join(homeDir2, ".node9", "credentials.json");
-    if (fs22.existsSync(credsPath)) {
+    const credsPath = path27.join(homeDir2, ".node9", "credentials.json");
+    if (fs25.existsSync(credsPath)) {
       pass("Cloud credentials found (~/.node9/credentials.json)");
     } else {
       warn(
@@ -10132,10 +11248,10 @@ function registerDoctorCommand(program2, version2) {
       );
     }
     section("Agent Hooks");
-    const claudeSettingsPath = path24.join(homeDir2, ".claude", "settings.json");
-    if (fs22.existsSync(claudeSettingsPath)) {
+    const claudeSettingsPath = path27.join(homeDir2, ".claude", "settings.json");
+    if (fs25.existsSync(claudeSettingsPath)) {
       try {
-        const cs = JSON.parse(fs22.readFileSync(claudeSettingsPath, "utf-8"));
+        const cs = JSON.parse(fs25.readFileSync(claudeSettingsPath, "utf-8"));
         const hasHook = cs.hooks?.PreToolUse?.some(
           (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
         );
@@ -10151,10 +11267,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("Claude Code \u2014 not configured", "Run: node9 setup claude");
     }
-    const geminiSettingsPath = path24.join(homeDir2, ".gemini", "settings.json");
-    if (fs22.existsSync(geminiSettingsPath)) {
+    const geminiSettingsPath = path27.join(homeDir2, ".gemini", "settings.json");
+    if (fs25.existsSync(geminiSettingsPath)) {
       try {
-        const gs = JSON.parse(fs22.readFileSync(geminiSettingsPath, "utf-8"));
+        const gs = JSON.parse(fs25.readFileSync(geminiSettingsPath, "utf-8"));
         const hasHook = gs.hooks?.BeforeTool?.some(
           (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
         );
@@ -10170,10 +11286,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("Gemini CLI  \u2014 not configured", "Run: node9 setup gemini  (skip if not using Gemini)");
     }
-    const cursorHooksPath = path24.join(homeDir2, ".cursor", "hooks.json");
-    if (fs22.existsSync(cursorHooksPath)) {
+    const cursorHooksPath = path27.join(homeDir2, ".cursor", "hooks.json");
+    if (fs25.existsSync(cursorHooksPath)) {
       try {
-        const cur = JSON.parse(fs22.readFileSync(cursorHooksPath, "utf-8"));
+        const cur = JSON.parse(fs25.readFileSync(cursorHooksPath, "utf-8"));
         const hasHook = cur.hooks?.preToolUse?.some(
           (h) => h.command?.includes("node9") || h.command?.includes("cli.js")
         );
@@ -10211,9 +11327,9 @@ function registerDoctorCommand(program2, version2) {
 
 // src/cli/commands/audit.ts
 import chalk8 from "chalk";
-import fs23 from "fs";
-import path25 from "path";
-import os19 from "os";
+import fs26 from "fs";
+import path28 from "path";
+import os22 from "os";
 function formatRelativeTime(timestamp) {
   const diff = Date.now() - new Date(timestamp).getTime();
   const sec = Math.floor(diff / 1e3);
@@ -10226,14 +11342,14 @@ function formatRelativeTime(timestamp) {
 }
 function registerAuditCommand(program2) {
   program2.command("audit").description("View local execution audit log").option("--tail <n>", "Number of entries to show", "20").option("--tool <pattern>", "Filter by tool name (substring match)").option("--deny", "Show only denied actions").option("--json", "Output raw JSON").action((options) => {
-    const logPath = path25.join(os19.homedir(), ".node9", "audit.log");
-    if (!fs23.existsSync(logPath)) {
+    const logPath = path28.join(os22.homedir(), ".node9", "audit.log");
+    if (!fs26.existsSync(logPath)) {
       console.log(
         chalk8.yellow("No audit logs found. Run node9 with an agent to generate entries.")
       );
       return;
     }
-    const raw = fs23.readFileSync(logPath, "utf-8");
+    const raw = fs26.readFileSync(logPath, "utf-8");
     const lines = raw.split("\n").filter((l) => l.trim() !== "");
     let entries = lines.flatMap((line) => {
       try {
@@ -10287,9 +11403,9 @@ function registerAuditCommand(program2) {
 
 // src/cli/commands/report.ts
 import chalk9 from "chalk";
-import fs24 from "fs";
-import path26 from "path";
-import os20 from "os";
+import fs27 from "fs";
+import path29 from "path";
+import os23 from "os";
 var TEST_COMMAND_RE3 = /(?:^|\s)(npm\s+(?:run\s+)?test|npx\s+(?:vitest|jest|mocha)|yarn\s+(?:run\s+)?test|pnpm\s+(?:run\s+)?test|vitest|jest|mocha|pytest|py\.test|cargo\s+test|go\s+test|bundle\s+exec\s+rspec|rspec|phpunit|dotnet\s+test)\b/i;
 function buildTestTimestamps(allEntries) {
   const testTs = /* @__PURE__ */ new Set();
@@ -10336,8 +11452,8 @@ function getDateRange(period) {
   }
 }
 function parseAuditLog(logPath) {
-  if (!fs24.existsSync(logPath)) return [];
-  const raw = fs24.readFileSync(logPath, "utf-8");
+  if (!fs27.existsSync(logPath)) return [];
+  const raw = fs27.readFileSync(logPath, "utf-8");
   return raw.split("\n").flatMap((line) => {
     if (!line.trim()) return [];
     try {
@@ -10363,9 +11479,9 @@ function colorBar(value, max, width) {
   const filled = Math.max(1, Math.round(max > 0 ? value / max * width : 0));
   return chalk9.cyan(s.slice(0, filled)) + chalk9.dim(s.slice(filled));
 }
-function pct(num2, total) {
+function pct(num3, total) {
   if (total === 0) return "\u2013";
-  return Math.round(num2 / total * 100) + "%";
+  return Math.round(num3 / total * 100) + "%";
 }
 function fmtDate(d) {
   const date = typeof d === "string" ? /* @__PURE__ */ new Date(d + "T12:00:00") : d;
@@ -10406,11 +11522,11 @@ function loadClaudeCost(start, end) {
     inputTokens: 0,
     cacheReadTokens: 0
   };
-  const projectsDir = path26.join(os20.homedir(), ".claude", "projects");
-  if (!fs24.existsSync(projectsDir)) return empty;
+  const projectsDir = path29.join(os23.homedir(), ".claude", "projects");
+  if (!fs27.existsSync(projectsDir)) return empty;
   let dirs;
   try {
-    dirs = fs24.readdirSync(projectsDir);
+    dirs = fs27.readdirSync(projectsDir);
   } catch {
     return empty;
   }
@@ -10420,18 +11536,18 @@ function loadClaudeCost(start, end) {
   const byDay = /* @__PURE__ */ new Map();
   const byModel = /* @__PURE__ */ new Map();
   for (const proj of dirs) {
-    const projPath = path26.join(projectsDir, proj);
+    const projPath = path29.join(projectsDir, proj);
     let files;
     try {
-      const stat = fs24.statSync(projPath);
+      const stat = fs27.statSync(projPath);
       if (!stat.isDirectory()) continue;
-      files = fs24.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
+      files = fs27.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
     } catch {
       continue;
     }
     for (const file of files) {
       try {
-        const raw = fs24.readFileSync(path26.join(projPath, file), "utf-8");
+        const raw = fs27.readFileSync(path29.join(projPath, file), "utf-8");
         for (const line of raw.split("\n")) {
           if (!line.trim()) continue;
           let entry;
@@ -10474,7 +11590,7 @@ function registerReportCommand(program2) {
     const period = ["today", "7d", "30d", "month"].includes(
       options.period
     ) ? options.period : "7d";
-    const logPath = path26.join(os20.homedir(), ".node9", "audit.log");
+    const logPath = path29.join(os23.homedir(), ".node9", "audit.log");
     const allEntries = parseAuditLog(logPath);
     if (allEntries.length === 0) {
       console.log(
@@ -10725,19 +11841,60 @@ init_daemon2();
 init_daemon();
 import chalk10 from "chalk";
 import { spawn as spawn7 } from "child_process";
+var VALID_ACTIONS = "start | stop | restart | status | install | uninstall";
 function registerDaemonCommand(program2) {
-  program2.command("daemon").description("Run the local approval server").argument("[action]", "start | stop | status (default: start)").option("-b, --background", "Start the daemon in the background (detached)").option("-o, --openui", "Start in background and open browser").option(
+  program2.command("daemon").description("Manage the local approval daemon").argument("[action]", `${VALID_ACTIONS} (default: start)`).option("-b, --background", "Start the daemon in the background (detached)").option("-o, --openui", "Start in background and open browser").option(
     "-w, --watch",
     "Start daemon + open browser, stay alive permanently (Flight Recorder mode)"
   ).action(
     async (action, options) => {
       const cmd = (action ?? "start").toLowerCase();
+      if (cmd === "install") {
+        const result = installDaemonService();
+        if (!result.ok) {
+          console.error(chalk10.red(`\u2717 ${result.reason}`));
+          process.exit(1);
+        }
+        if (result.alreadyInstalled) {
+          console.log(chalk10.green(`\u2713 Daemon service reinstalled (${result.platform})`));
+        } else {
+          console.log(chalk10.green(`\u2713 Daemon installed as login service (${result.platform})`));
+          console.log(chalk10.gray("  The daemon will now start automatically on login."));
+        }
+        process.exit(0);
+      }
+      if (cmd === "uninstall") {
+        const result = uninstallDaemonService();
+        if (!result.ok) {
+          console.error(chalk10.red(`\u2717 ${result.reason}`));
+          process.exit(1);
+        }
+        console.log(chalk10.green(`\u2713 Daemon service removed (${result.platform})`));
+        console.log(chalk10.gray("  The daemon will no longer start automatically on login."));
+        console.log(chalk10.gray("  To stop the running daemon: node9 daemon stop"));
+        process.exit(0);
+      }
       if (cmd === "stop") return stopDaemon();
+      if (cmd === "restart") {
+        stopDaemon();
+        await new Promise((r) => setTimeout(r, 500));
+        const child = spawn7(process.execPath, [process.argv[1], "daemon"], {
+          detached: true,
+          stdio: "ignore",
+          env: { ...process.env, NODE9_AUTO_STARTED: "1", NODE9_BROWSER_OPENED: "1" }
+        });
+        child.unref();
+        if (child.pid) {
+          console.log(chalk10.green(`\u2713 Daemon restarted (PID ${child.pid})`));
+        } else {
+          console.error(chalk10.red("\u2717 Failed to restart daemon \u2014 spawn returned no PID"));
+          process.exit(1);
+        }
+        process.exit(0);
+      }
       if (cmd === "status") return daemonStatus();
       if (cmd !== "start" && action !== void 0) {
-        console.error(
-          chalk10.red(`Unknown daemon action: "${action}". Use: start | stop | status`)
-        );
+        console.error(chalk10.red(`Unknown daemon action: "${action}". Use: ${VALID_ACTIONS}`));
         process.exit(1);
       }
       if (options.watch) {
@@ -10788,12 +11945,12 @@ function registerDaemonCommand(program2) {
 init_core();
 init_daemon();
 import chalk11 from "chalk";
-import fs25 from "fs";
-import path27 from "path";
-import os21 from "os";
+import fs28 from "fs";
+import path30 from "path";
+import os24 from "os";
 function readJson2(filePath) {
   try {
-    if (fs25.existsSync(filePath)) return JSON.parse(fs25.readFileSync(filePath, "utf-8"));
+    if (fs28.existsSync(filePath)) return JSON.parse(fs28.readFileSync(filePath, "utf-8"));
   } catch {
   }
   return null;
@@ -10858,28 +12015,28 @@ function registerStatusCommand(program2) {
     console.log("");
     const modeLabel = settings.mode === "audit" ? chalk11.blue("audit") : settings.mode === "strict" ? chalk11.red("strict") : chalk11.white("standard");
     console.log(`  Mode:    ${modeLabel}`);
-    const projectConfig = path27.join(process.cwd(), "node9.config.json");
-    const globalConfig = path27.join(os21.homedir(), ".node9", "config.json");
+    const projectConfig = path30.join(process.cwd(), "node9.config.json");
+    const globalConfig = path30.join(os24.homedir(), ".node9", "config.json");
     console.log(
-      `  Local:   ${fs25.existsSync(projectConfig) ? chalk11.green("Active (node9.config.json)") : chalk11.gray("Not present")}`
+      `  Local:   ${fs28.existsSync(projectConfig) ? chalk11.green("Active (node9.config.json)") : chalk11.gray("Not present")}`
     );
     console.log(
-      `  Global:  ${fs25.existsSync(globalConfig) ? chalk11.green("Active (~/.node9/config.json)") : chalk11.gray("Not present")}`
+      `  Global:  ${fs28.existsSync(globalConfig) ? chalk11.green("Active (~/.node9/config.json)") : chalk11.gray("Not present")}`
     );
     if (mergedConfig.policy.sandboxPaths.length > 0) {
       console.log(
         `  Sandbox: ${chalk11.green(`${mergedConfig.policy.sandboxPaths.length} safe zones active`)}`
       );
     }
-    const homeDir2 = os21.homedir();
+    const homeDir2 = os24.homedir();
     const claudeSettings = readJson2(
-      path27.join(homeDir2, ".claude", "settings.json")
+      path30.join(homeDir2, ".claude", "settings.json")
     );
-    const claudeConfig = readJson2(path27.join(homeDir2, ".claude.json"));
+    const claudeConfig = readJson2(path30.join(homeDir2, ".claude.json"));
     const geminiSettings = readJson2(
-      path27.join(homeDir2, ".gemini", "settings.json")
+      path30.join(homeDir2, ".gemini", "settings.json")
     );
-    const cursorConfig = readJson2(path27.join(homeDir2, ".cursor", "mcp.json"));
+    const cursorConfig = readJson2(path30.join(homeDir2, ".cursor", "mcp.json"));
     const agentFound = claudeSettings || claudeConfig || geminiSettings || cursorConfig;
     if (agentFound) {
       console.log("");
@@ -10939,11 +12096,12 @@ function registerStatusCommand(program2) {
 // src/cli/commands/init.ts
 init_core();
 import chalk12 from "chalk";
-import fs26 from "fs";
-import path28 from "path";
-import os22 from "os";
-import https2 from "https";
+import fs29 from "fs";
+import path31 from "path";
+import os25 from "os";
+import https3 from "https";
 init_shields();
+init_service();
 var DEFAULT_SHIELDS = ["bash-safe", "filesystem", "postgres"];
 function fireTelemetryPing(agents) {
   try {
@@ -10953,7 +12111,7 @@ function fireTelemetryPing(agents) {
       os: process.platform,
       node9_version: process.env.npm_package_version ?? "unknown"
     });
-    const req = https2.request(
+    const req = https3.request(
       {
         hostname: "api.node9.ai",
         path: "/api/v1/telemetry",
@@ -11000,15 +12158,15 @@ function registerInitCommand(program2) {
       }
       console.log("");
     }
-    const configPath = path28.join(os22.homedir(), ".node9", "config.json");
-    if (fs26.existsSync(configPath) && !options.force) {
+    const configPath = path31.join(os25.homedir(), ".node9", "config.json");
+    if (fs29.existsSync(configPath) && !options.force) {
       try {
-        const existing = JSON.parse(fs26.readFileSync(configPath, "utf-8"));
+        const existing = JSON.parse(fs29.readFileSync(configPath, "utf-8"));
         const settings = existing.settings ?? {};
         if (settings.mode !== chosenMode) {
           settings.mode = chosenMode;
           existing.settings = settings;
-          fs26.writeFileSync(configPath, JSON.stringify(existing, null, 2) + "\n");
+          fs29.writeFileSync(configPath, JSON.stringify(existing, null, 2) + "\n");
           console.log(chalk12.green(`\u2705 Mode updated: ${chosenMode}`));
         } else {
           console.log(chalk12.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
@@ -11021,9 +12179,9 @@ function registerInitCommand(program2) {
         ...DEFAULT_CONFIG,
         settings: { ...DEFAULT_CONFIG.settings, mode: chosenMode }
       };
-      const dir = path28.dirname(configPath);
-      if (!fs26.existsSync(dir)) fs26.mkdirSync(dir, { recursive: true });
-      fs26.writeFileSync(configPath, JSON.stringify(configToSave, null, 2) + "\n");
+      const dir = path31.dirname(configPath);
+      if (!fs29.existsSync(dir)) fs29.mkdirSync(dir, { recursive: true });
+      fs29.writeFileSync(configPath, JSON.stringify(configToSave, null, 2) + "\n");
       console.log(chalk12.green(`\u2705 Config created: ${configPath}`));
       console.log(chalk12.gray(`   Mode: ${chosenMode}`));
     }
@@ -11035,9 +12193,13 @@ function registerInitCommand(program2) {
     );
     if (found.length === 0) {
       console.log(
-        chalk12.gray("No AI agents detected. Install Claude Code, Gemini CLI, Cursor, or Codex")
+        chalk12.gray(
+          "No AI agents detected. Install Claude Code, Gemini CLI, Cursor, Windsurf, VSCode, or Codex"
+        )
+      );
+      console.log(
+        chalk12.gray("then run: node9 agents add <claude|gemini|cursor|windsurf|vscode|codex>")
       );
-      console.log(chalk12.gray("then run: node9 addto <claude|gemini|cursor|codex>"));
       return;
     }
     console.log(chalk12.bold("Detected agents:"));
@@ -11051,6 +12213,32 @@ function registerInitCommand(program2) {
       else if (agent === "gemini") await setupGemini();
       else if (agent === "cursor") await setupCursor();
       else if (agent === "codex") await setupCodex();
+      else if (agent === "windsurf") await setupWindsurf();
+      else if (agent === "vscode") await setupVSCode();
+      console.log("");
+    }
+    if ((process.platform === "darwin" || process.platform === "linux") && process.stdout.isTTY) {
+      const alreadyInstalled = isDaemonServiceInstalled();
+      if (!alreadyInstalled) {
+        const { confirm: confirm3 } = await import("@inquirer/prompts");
+        const installService = await confirm3({
+          message: "Install daemon as a login service? (starts automatically on login)",
+          default: true
+        });
+        if (installService) {
+          const result = installDaemonService();
+          if (result.ok) {
+            console.log(
+              chalk12.green(`  \u2713 Daemon installed as login service (${result.platform})`)
+            );
+          } else {
+            console.log(chalk12.yellow(`  \u26A0\uFE0F  Could not install service: ${result.reason}`));
+            console.log(chalk12.gray("     You can try again later with: node9 daemon install"));
+          }
+        }
+      } else {
+        console.log(chalk12.green("  \u2713 Daemon login service already installed"));
+      }
       console.log("");
     }
     {
@@ -11077,7 +12265,7 @@ function registerInitCommand(program2) {
 }
 
 // src/cli/commands/undo.ts
-import path29 from "path";
+import path32 from "path";
 import chalk14 from "chalk";
 
 // src/tui/undo-navigator.ts
@@ -11236,7 +12424,7 @@ function findMatchingCwd(startDir, history) {
   let dir = startDir;
   while (true) {
     if (cwds.has(dir)) return dir;
-    const parent = path29.dirname(dir);
+    const parent = path32.dirname(dir);
     if (parent === dir) return null;
     dir = parent;
   }
@@ -11365,7 +12553,7 @@ function registerUndoCommand(program2) {
 // src/cli/commands/watch.ts
 init_daemon();
 import chalk15 from "chalk";
-import { spawn as spawn8, spawnSync as spawnSync5 } from "child_process";
+import { spawn as spawn8, spawnSync as spawnSync6 } from "child_process";
 function registerWatchCommand(program2) {
   program2.command("watch").description("Run a command under Node9 watch mode (daemon stays alive for the session)").argument("<command>", "Command to run").argument("[args...]", "Arguments for the command").action(async (cmd, args) => {
     let port = DAEMON_PORT;
@@ -11411,7 +12599,7 @@ function registerWatchCommand(program2) {
         "\n   Tip: run `node9 tail` in another terminal to review and approve AI actions.\n"
       )
     );
-    const result = spawnSync5(cmd, args, {
+    const result = spawnSync6(cmd, args, {
       stdio: "inherit",
       env: { ...process.env, NODE9_WATCH_MODE: "1" }
     });
@@ -11432,12 +12620,12 @@ import { execa as execa2 } from "execa";
 init_provenance();
 
 // src/mcp-pin.ts
-import fs27 from "fs";
-import path30 from "path";
-import os23 from "os";
-import crypto4 from "crypto";
-function getPinsFilePath() {
-  return path30.join(os23.homedir(), ".node9", "mcp-pins.json");
+import fs30 from "fs";
+import path33 from "path";
+import os26 from "os";
+import crypto5 from "crypto";
+function getPinsFilePath2() {
+  return path33.join(os26.homedir(), ".node9", "mcp-pins.json");
 }
 function hashToolDefinitions(tools) {
   const sorted = [...tools].sort((a, b) => {
@@ -11446,15 +12634,15 @@ function hashToolDefinitions(tools) {
     return nameA.localeCompare(nameB);
   });
   const canonical = JSON.stringify(sorted);
-  return crypto4.createHash("sha256").update(canonical).digest("hex");
+  return crypto5.createHash("sha256").update(canonical).digest("hex");
 }
 function getServerKey(upstreamCommand) {
-  return crypto4.createHash("sha256").update(upstreamCommand).digest("hex").slice(0, 16);
+  return crypto5.createHash("sha256").update(upstreamCommand).digest("hex").slice(0, 16);
 }
 function readMcpPinsSafe() {
-  const filePath = getPinsFilePath();
+  const filePath = getPinsFilePath2();
   try {
-    const raw = fs27.readFileSync(filePath, "utf-8");
+    const raw = fs30.readFileSync(filePath, "utf-8");
     if (!raw.trim()) {
       return { ok: false, reason: "corrupt", detail: "empty file" };
     }
@@ -11477,11 +12665,11 @@ function readMcpPins() {
   throw new Error(`[node9] MCP pin file is corrupt: ${result.detail}`);
 }
 function writeMcpPins(data) {
-  const filePath = getPinsFilePath();
-  fs27.mkdirSync(path30.dirname(filePath), { recursive: true });
-  const tmp = `${filePath}.${crypto4.randomBytes(6).toString("hex")}.tmp`;
-  fs27.writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 384 });
-  fs27.renameSync(tmp, filePath);
+  const filePath = getPinsFilePath2();
+  fs30.mkdirSync(path33.dirname(filePath), { recursive: true });
+  const tmp = `${filePath}.${crypto5.randomBytes(6).toString("hex")}.tmp`;
+  fs30.writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 384 });
+  fs30.renameSync(tmp, filePath);
 }
 function checkPin(serverKey, currentHash) {
   const result = readMcpPinsSafe();
@@ -11504,12 +12692,12 @@ function updatePin(serverKey, label, toolsHash, toolNames) {
   };
   writeMcpPins(pins);
 }
-function removePin(serverKey) {
+function removePin2(serverKey) {
   const pins = readMcpPins();
   delete pins.servers[serverKey];
   writeMcpPins(pins);
 }
-function clearAllPins() {
+function clearAllPins2() {
   writeMcpPins({ servers: {} });
 }
 
@@ -11853,9 +13041,9 @@ function registerMcpGatewayCommand(program2) {
 
 // src/mcp-server/index.ts
 import readline4 from "readline";
-import fs28 from "fs";
-import os24 from "os";
-import path31 from "path";
+import fs31 from "fs";
+import os27 from "os";
+import path34 from "path";
 init_core();
 init_daemon();
 init_shields();
@@ -12030,13 +13218,13 @@ function handleStatus() {
   lines.push(`Active shields: ${activeShields.length > 0 ? activeShields.join(", ") : "none"}`);
   lines.push(`Smart rules: ${config.policy.smartRules.length} loaded`);
   lines.push(`DLP: ${config.policy.dlp?.enabled !== false ? "enabled" : "disabled"}`);
-  const projectConfig = path31.join(process.cwd(), "node9.config.json");
-  const globalConfig = path31.join(os24.homedir(), ".node9", "config.json");
+  const projectConfig = path34.join(process.cwd(), "node9.config.json");
+  const globalConfig = path34.join(os27.homedir(), ".node9", "config.json");
   lines.push(
-    `Project config (node9.config.json): ${fs28.existsSync(projectConfig) ? "present" : "not found"}`
+    `Project config (node9.config.json): ${fs31.existsSync(projectConfig) ? "present" : "not found"}`
   );
   lines.push(
-    `Global config (~/.node9/config.json): ${fs28.existsSync(globalConfig) ? "present" : "not found"}`
+    `Global config (~/.node9/config.json): ${fs31.existsSync(globalConfig) ? "present" : "not found"}`
   );
   return lines.join("\n");
 }
@@ -12110,21 +13298,21 @@ function handleShieldDisable(args) {
   writeActiveShields(active.filter((s) => s !== name));
   return `Shield "${name}" disabled.`;
 }
-var GLOBAL_CONFIG_PATH2 = path31.join(os24.homedir(), ".node9", "config.json");
+var GLOBAL_CONFIG_PATH2 = path34.join(os27.homedir(), ".node9", "config.json");
 var APPROVER_CHANNELS = ["native", "browser", "cloud", "terminal"];
 function readGlobalConfigRaw() {
   try {
-    if (fs28.existsSync(GLOBAL_CONFIG_PATH2)) {
-      return JSON.parse(fs28.readFileSync(GLOBAL_CONFIG_PATH2, "utf-8"));
+    if (fs31.existsSync(GLOBAL_CONFIG_PATH2)) {
+      return JSON.parse(fs31.readFileSync(GLOBAL_CONFIG_PATH2, "utf-8"));
     }
   } catch {
   }
   return {};
 }
 function writeGlobalConfigRaw(data) {
-  const dir = path31.dirname(GLOBAL_CONFIG_PATH2);
-  if (!fs28.existsSync(dir)) fs28.mkdirSync(dir, { recursive: true });
-  fs28.writeFileSync(GLOBAL_CONFIG_PATH2, JSON.stringify(data, null, 2) + "\n");
+  const dir = path34.dirname(GLOBAL_CONFIG_PATH2);
+  if (!fs31.existsSync(dir)) fs31.mkdirSync(dir, { recursive: true });
+  fs31.writeFileSync(GLOBAL_CONFIG_PATH2, JSON.stringify(data, null, 2) + "\n");
 }
 function handleApproverList() {
   const config = getConfig();
@@ -12167,9 +13355,9 @@ function handleApproverSet(args) {
 }
 function handleAuditGet(args) {
   const limit = Math.min(typeof args.limit === "number" ? args.limit : 20, 100);
-  const auditPath = path31.join(os24.homedir(), ".node9", "audit.log");
-  if (!fs28.existsSync(auditPath)) return "No audit log found.";
-  const lines = fs28.readFileSync(auditPath, "utf-8").trim().split("\n").filter(Boolean);
+  const auditPath = path34.join(os27.homedir(), ".node9", "audit.log");
+  if (!fs31.existsSync(auditPath)) return "No audit log found.";
+  const lines = fs31.readFileSync(auditPath, "utf-8").trim().split("\n").filter(Boolean);
   const recent = lines.slice(-limit);
   const entries = recent.map((line) => {
     try {
@@ -12467,7 +13655,7 @@ function registerMcpPinCommand(program2) {
       process.exit(1);
     }
     const label = pins.servers[serverKey].label;
-    removePin(serverKey);
+    removePin2(serverKey);
     console.log(chalk18.green(`
 \u{1F513} Pin removed for ${chalk18.cyan(serverKey)}`));
     console.log(chalk18.gray(`   Server: ${label}`));
@@ -12480,94 +13668,1115 @@ function registerMcpPinCommand(program2) {
       return;
     }
     const count = result.ok ? Object.keys(result.pins.servers).length : "?";
-    clearAllPins();
+    clearAllPins2();
     console.log(chalk18.green(`
 \u{1F513} Cleared ${count} MCP pin(s).`));
     console.log(chalk18.gray("   Next connection to each server will re-pin.\n"));
   });
 }
 
-// src/cli.ts
-var { version } = JSON.parse(
-  fs31.readFileSync(path34.join(__dirname, "../package.json"), "utf-8")
-);
-var program = new Command();
-program.name("node9").description("The Sudo Command for AI Agents").version(version);
-program.command("login").argument("<apiKey>").option("--local", "Save key for audit/logging only \u2014 local config still controls all decisions").option("--profile <name>", 'Save as a named profile (default: "default")').action((apiKey, options) => {
-  const DEFAULT_API_URL = "https://api.node9.ai/api/v1/intercept";
-  const credPath = path34.join(os27.homedir(), ".node9", "credentials.json");
-  if (!fs31.existsSync(path34.dirname(credPath)))
-    fs31.mkdirSync(path34.dirname(credPath), { recursive: true });
-  const profileName = options.profile || "default";
-  let existingCreds = {};
-  try {
-    if (fs31.existsSync(credPath)) {
-      const raw = JSON.parse(fs31.readFileSync(credPath, "utf-8"));
-      if (raw.apiKey) {
-        existingCreds = {
-          default: { apiKey: raw.apiKey, apiUrl: raw.apiUrl || DEFAULT_API_URL }
-        };
-      } else {
-        existingCreds = raw;
-      }
+// src/cli/commands/sync.ts
+init_sync();
+import chalk19 from "chalk";
+function registerSyncCommand(program2) {
+  const policy = program2.command("policy").description("Manage cloud policy rules");
+  policy.command("sync").description("Sync cloud policy rules to local cache (~/.node9/rules-cache.json)").action(async () => {
+    process.stdout.write(chalk19.cyan("Syncing cloud policy rules\u2026"));
+    const result = await runCloudSync();
+    process.stdout.write("\n");
+    if (!result.ok) {
+      console.error(chalk19.red(`\u2717 ${result.reason}`));
+      process.exit(1);
     }
-  } catch {
-  }
-  existingCreds[profileName] = { apiKey, apiUrl: DEFAULT_API_URL };
-  fs31.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
-  if (profileName === "default") {
-    const configPath = path34.join(os27.homedir(), ".node9", "config.json");
-    let config = {};
-    try {
-      if (fs31.existsSync(configPath))
-        config = JSON.parse(fs31.readFileSync(configPath, "utf-8"));
-    } catch {
+    console.log(
+      chalk19.green(`\u2713 Synced ${result.rules} rule${result.rules === 1 ? "" : "s"} from cloud`)
+    );
+    console.log(chalk19.gray(`  Cached at: ${result.fetchedAt}`));
+    console.log(chalk19.gray(`  File: ~/.node9/rules-cache.json`));
+  });
+  policy.command("show").description("List all cloud policy rules in the local cache").action(() => {
+    const status = getCloudSyncStatus();
+    if (!status.cached) {
+      console.log(chalk19.yellow("\n  No cloud rules cached \u2014 run: node9 policy sync\n"));
+      return;
     }
-    if (!config.settings || typeof config.settings !== "object") config.settings = {};
-    const s = config.settings;
-    const approvers = s.approvers || {
-      native: true,
-      browser: true,
-      cloud: true,
-      terminal: true
-    };
-    if (options.local) {
-      approvers.cloud = false;
+    const rules = getCloudRules() ?? [];
+    const age = Math.round((Date.now() - new Date(status.fetchedAt).getTime()) / 6e4);
+    console.log(
+      chalk19.bold(`
+  Cloud policy rules`) + chalk19.gray(
+        ` (${rules.length} rule${rules.length === 1 ? "" : "s"}, synced ${age}m ago)
+`
+      )
+    );
+    if (rules.length === 0) {
+      console.log(chalk19.gray("  No rules defined in cloud policy.\n"));
+      return;
     }
-    s.approvers = approvers;
-    if (!fs31.existsSync(path34.dirname(configPath)))
-      fs31.mkdirSync(path34.dirname(configPath), { recursive: true });
-    fs31.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
-  }
-  if (options.profile && profileName !== "default") {
-    console.log(chalk20.green(`\u2705 Profile "${profileName}" saved`));
-    console.log(chalk20.gray(`   Switch to it per-session:  NODE9_PROFILE=${profileName} claude`));
+    for (const rule of rules) {
+      const r = rule;
+      const verdictColor = r.verdict === "block" ? chalk19.red : r.verdict === "allow" ? chalk19.green : chalk19.yellow;
+      console.log(
+        `  ${verdictColor(
+          String(r.verdict ?? "unknown").toUpperCase().padEnd(6)
+        )}  ${chalk19.white(String(r.name ?? "(unnamed)"))}`
+      );
+      if (r.reason) console.log(chalk19.gray(`           ${String(r.reason)}`));
+    }
+    console.log("");
+  });
+  policy.command("status").description("Show current cloud policy cache status").action(() => {
+    const s = getCloudSyncStatus();
+    if (!s.cached) {
+      console.log(chalk19.yellow("\n  No cache yet \u2014 run: node9 policy sync\n"));
+    } else {
+      const age = Math.round((Date.now() - new Date(s.fetchedAt).getTime()) / 6e4);
+      console.log(`
+  Rules   : ${chalk19.green(String(s.rules))} cloud rules loaded`);
+      console.log(
+        `  Synced  : ${chalk19.gray(`${age} minute${age === 1 ? "" : "s"} ago`)} (${s.fetchedAt})
+`
+      );
+    }
+  });
+}
+
+// src/cli/commands/agents.ts
+import chalk20 from "chalk";
+var SETUP_FN = {
+  claude: setupClaude,
+  gemini: setupGemini,
+  cursor: setupCursor,
+  codex: setupCodex,
+  windsurf: setupWindsurf,
+  vscode: setupVSCode
+};
+var TEARDOWN_FN = {
+  claude: teardownClaude,
+  gemini: teardownGemini,
+  cursor: teardownCursor,
+  codex: teardownCodex,
+  windsurf: teardownWindsurf,
+  vscode: teardownVSCode
+};
+var AGENT_NAMES = Object.keys(SETUP_FN);
+function registerAgentsCommand(program2) {
+  const agents = program2.command("agents").description("List and manage AI agent integrations");
+  agents.command("list").description("Show all supported agents and their Node9 status").action(() => {
+    const statuses = getAgentsStatus();
+    const anyInstalled = statuses.some((s) => s.installed);
+    console.log("");
+    console.log(`  ${"Agent".padEnd(14)}${"Installed".padEnd(11)}${"Wired".padEnd(8)}Mode`);
+    console.log("  " + "\u2500".repeat(44));
+    for (const s of statuses) {
+      const installed = s.installed ? chalk20.green("\u2713") : chalk20.gray("\u2717");
+      const wired = !s.installed ? chalk20.gray("\u2014") : s.wired ? chalk20.green("\u2713") : chalk20.yellow("\u2717");
+      const mode = s.mode ? chalk20.gray(s.mode) : chalk20.gray("\u2014");
+      const hint = s.installed && !s.wired ? chalk20.gray(`  \u2190 node9 agents add ${s.name}`) : "";
+      console.log(`  ${s.label.padEnd(14)}${installed}          ${wired}       ${mode}${hint}`);
+    }
+    console.log("");
+    if (!anyInstalled) {
+      console.log(
+        chalk20.gray("  No AI agents detected. Install Claude Code, Gemini CLI, Cursor,\n") + chalk20.gray("  Windsurf, VSCode, or Codex then run: node9 agents list\n")
+      );
+      return;
+    }
+    const unwired = statuses.filter((s) => s.installed && !s.wired);
+    if (unwired.length > 0) {
+      console.log(
+        chalk20.yellow(`  ${unwired.length} agent(s) not yet wired. Run: `) + chalk20.white(`node9 agents add ${unwired[0].name}`) + "\n"
+      );
+    }
+  });
+  agents.command("add").description("Wire Node9 into an agent").argument("<agent>", `Agent to wire: ${AGENT_NAMES.join(" | ")}`).action(async (agent) => {
+    const name = agent.toLowerCase();
+    const fn = SETUP_FN[name];
+    if (!fn) {
+      console.error(chalk20.red(`Unknown agent: "${agent}". Supported: ${AGENT_NAMES.join(", ")}`));
+      process.exit(1);
+    }
+    await fn();
+  });
+  agents.command("remove").description("Remove Node9 from an agent").argument("<agent>", `Agent to unwire: ${AGENT_NAMES.join(" | ")}`).action((agent) => {
+    const name = agent.toLowerCase();
+    const fn = TEARDOWN_FN[name];
+    if (!fn) {
+      console.error(chalk20.red(`Unknown agent: "${agent}". Supported: ${AGENT_NAMES.join(", ")}`));
+      process.exit(1);
+    }
+    console.log(chalk20.cyan(`
+\u{1F6E1}\uFE0F  Node9: removing from ${name}...
+`));
+    fn();
+    console.log(chalk20.gray("\n  Restart the agent for changes to take effect."));
+  });
+}
+
+// src/cli/commands/scan.ts
+init_shields();
+init_config();
+init_policy();
+init_dlp();
+import chalk21 from "chalk";
+import fs32 from "fs";
+import path35 from "path";
+import os28 from "os";
+var CLAUDE_PRICING2 = {
+  "claude-opus-4-6": { i: 5e-6, o: 25e-6, cw: 625e-8, cr: 5e-7 },
+  "claude-opus-4-5": { i: 5e-6, o: 25e-6, cw: 625e-8, cr: 5e-7 },
+  "claude-opus-4": { i: 15e-6, o: 75e-6, cw: 1875e-8, cr: 15e-7 },
+  "claude-sonnet-4-6": { i: 3e-6, o: 15e-6, cw: 375e-8, cr: 3e-7 },
+  "claude-sonnet-4-5": { i: 3e-6, o: 15e-6, cw: 375e-8, cr: 3e-7 },
+  "claude-sonnet-4": { i: 3e-6, o: 15e-6, cw: 375e-8, cr: 3e-7 },
+  "claude-3-7-sonnet": { i: 3e-6, o: 15e-6, cw: 375e-8, cr: 3e-7 },
+  "claude-3-5-sonnet": { i: 3e-6, o: 15e-6, cw: 375e-8, cr: 3e-7 },
+  "claude-haiku-4-5": { i: 1e-6, o: 5e-6, cw: 125e-8, cr: 1e-7 },
+  "claude-3-5-haiku": { i: 8e-7, o: 4e-6, cw: 1e-6, cr: 8e-8 }
+};
+function claudeModelPrice2(model) {
+  const base = model.replace(/@.*$/, "").replace(/-\d{8}$/, "");
+  for (const [key, p] of Object.entries(CLAUDE_PRICING2)) {
+    if (base === key || base.startsWith(key)) return p;
+  }
+  return null;
+}
+function num2(n) {
+  return n.toLocaleString();
+}
+function fmtCost2(usd) {
+  if (usd < 1e-3) return "< $0.001";
+  if (usd < 1) return "$" + usd.toFixed(4);
+  return "$" + usd.toFixed(2);
+}
+function fmtTs(ts) {
+  try {
+    return new Date(ts).toLocaleDateString("en-US", {
+      month: "short",
+      day: "numeric",
+      year: "numeric"
+    });
+  } catch {
+    return ts.slice(0, 10);
+  }
+}
+function preview(input, max) {
+  const cmd = input.command ?? input.query ?? input.file_path ?? JSON.stringify(input);
+  const s = String(cmd).replace(/\s+/g, " ").trim();
+  return s.length > max ? s.slice(0, max - 1) + "\u2026" : s;
+}
+function buildRuleSources() {
+  const sources = [];
+  for (const [shieldName, shield] of Object.entries(SHIELDS)) {
+    for (const rule of shield.smartRules) {
+      sources.push({ shieldName, shieldLabel: shieldName, rule });
+    }
+  }
+  try {
+    const config = getConfig();
+    for (const rule of config.policy.smartRules) {
+      if (!rule.name) continue;
+      if (rule.name.startsWith("shield:")) continue;
+      const isCloud = rule.name.startsWith("cloud:");
+      sources.push({
+        shieldName: isCloud ? "cloud" : "custom",
+        shieldLabel: isCloud ? "Cloud Policy" : "Your Rules",
+        rule
+      });
+    }
+  } catch {
+  }
+  return sources;
+}
+function scanClaudeHistory(startDate) {
+  const projectsDir = path35.join(os28.homedir(), ".claude", "projects");
+  const result = {
+    filesScanned: 0,
+    sessions: 0,
+    totalToolCalls: 0,
+    bashCalls: 0,
+    findings: [],
+    dlpFindings: [],
+    totalCostUSD: 0,
+    firstDate: null,
+    lastDate: null
+  };
+  if (!fs32.existsSync(projectsDir)) return result;
+  let projDirs;
+  try {
+    projDirs = fs32.readdirSync(projectsDir);
+  } catch {
+    return result;
+  }
+  const ruleSources = buildRuleSources();
+  for (const proj of projDirs) {
+    const projPath = path35.join(projectsDir, proj);
+    try {
+      if (!fs32.statSync(projPath).isDirectory()) continue;
+    } catch {
+      continue;
+    }
+    const projLabel = decodeURIComponent(proj).replace(os28.homedir(), "~").slice(0, 40);
+    let files;
+    try {
+      files = fs32.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
+    } catch {
+      continue;
+    }
+    for (const file of files) {
+      result.filesScanned++;
+      result.sessions++;
+      let raw;
+      try {
+        raw = fs32.readFileSync(path35.join(projPath, file), "utf-8");
+      } catch {
+        continue;
+      }
+      for (const line of raw.split("\n")) {
+        if (!line.trim()) continue;
+        let entry;
+        try {
+          entry = JSON.parse(line);
+        } catch {
+          continue;
+        }
+        if (entry.type !== "assistant") continue;
+        if (startDate && entry.timestamp) {
+          if (new Date(entry.timestamp) < startDate) continue;
+        }
+        if (entry.timestamp) {
+          if (!result.firstDate || entry.timestamp < result.firstDate)
+            result.firstDate = entry.timestamp;
+          if (!result.lastDate || entry.timestamp > result.lastDate)
+            result.lastDate = entry.timestamp;
+        }
+        const usage = entry.message?.usage;
+        const model = entry.message?.model;
+        if (usage && model) {
+          const p = claudeModelPrice2(model);
+          if (p) {
+            result.totalCostUSD += (usage.input_tokens ?? 0) * p.i + (usage.output_tokens ?? 0) * p.o + (usage.cache_creation_input_tokens ?? 0) * p.cw + (usage.cache_read_input_tokens ?? 0) * p.cr;
+          }
+        }
+        const content = entry.message?.content;
+        if (!Array.isArray(content)) continue;
+        for (const block of content) {
+          if (block.type !== "tool_use") continue;
+          result.totalToolCalls++;
+          const toolName = block.name ?? "";
+          const toolNameLower = toolName.toLowerCase();
+          const input = block.input ?? {};
+          if (toolNameLower === "bash" || toolNameLower === "execute_bash") {
+            result.bashCalls++;
+          }
+          const dlpMatch = scanArgs(input);
+          if (dlpMatch) {
+            const isDupe = result.dlpFindings.some(
+              (f) => f.patternName === dlpMatch.patternName && f.redactedSample === dlpMatch.redactedSample && f.project === projLabel
+            );
+            if (!isDupe) {
+              result.dlpFindings.push({
+                patternName: dlpMatch.patternName,
+                redactedSample: dlpMatch.redactedSample,
+                toolName,
+                timestamp: entry.timestamp ?? "",
+                project: projLabel
+              });
+            }
+          }
+          for (const source of ruleSources) {
+            const { rule } = source;
+            if (rule.tool && !matchesPattern(toolNameLower, rule.tool)) continue;
+            if (!evaluateSmartConditions(input, rule)) continue;
+            const inputPreview = preview(input, 120);
+            const isDupe = result.findings.some(
+              (f) => f.source.rule.name === rule.name && preview(f.input, 120) === inputPreview && f.project === projLabel
+            );
+            if (!isDupe) {
+              result.findings.push({
+                source,
+                toolName,
+                input,
+                timestamp: entry.timestamp ?? "",
+                project: projLabel
+              });
+            }
+            break;
+          }
+        }
+      }
+    }
+  }
+  return result;
+}
+function registerScanCommand(program2) {
+  program2.command("scan").description("Forecast: scan agent history and show what node9 would catch if installed").option("--all", "Scan all history (default: last 90 days)").option("--days <n>", "Scan last N days of history", "90").option("--top <n>", "Max findings to show per shield", "5").action((options) => {
+    const topN = Math.max(1, parseInt(options.top, 10) || 5);
+    const startDate = options.all ? null : (() => {
+      const d = /* @__PURE__ */ new Date();
+      d.setDate(d.getDate() - (parseInt(options.days, 10) || 90));
+      d.setHours(0, 0, 0, 0);
+      return d;
+    })();
+    console.log("");
+    console.log(chalk21.cyan.bold("\u{1F50D}  node9 scan") + chalk21.dim("  \u2014 what would node9 catch?"));
+    console.log("");
+    const projectsDir = path35.join(os28.homedir(), ".claude", "projects");
+    if (!fs32.existsSync(projectsDir)) {
+      console.log(chalk21.yellow("  No Claude history found at ~/.claude/projects/"));
+      console.log(chalk21.gray("  Install Claude Code, run a few sessions, then try again.\n"));
+      return;
+    }
+    process.stdout.write(chalk21.dim("  Scanning\u2026"));
+    const scan = scanClaudeHistory(startDate);
+    process.stdout.write("\r" + " ".repeat(20) + "\r");
+    if (scan.filesScanned === 0) {
+      console.log(chalk21.yellow("  No JSONL session files found.\n"));
+      return;
+    }
+    const rangeLabel = options.all ? chalk21.dim("all time") : chalk21.dim(`last ${options.days ?? 90} days`);
+    const dateRange = scan.firstDate && scan.lastDate ? chalk21.dim(`  ${fmtTs(scan.firstDate)} \u2013 ${fmtTs(scan.lastDate)}`) : "";
+    console.log(
+      "  " + chalk21.white(num2(scan.sessions)) + chalk21.dim(" sessions  ") + chalk21.white(num2(scan.totalToolCalls)) + chalk21.dim(" tool calls  ") + chalk21.white(num2(scan.bashCalls)) + chalk21.dim(" bash commands  ") + rangeLabel + dateRange
+    );
+    console.log("");
+    const byShield = /* @__PURE__ */ new Map();
+    for (const f of scan.findings) {
+      const key = f.source.shieldName;
+      const entry = byShield.get(key) ?? { label: f.source.shieldLabel, findings: [] };
+      entry.findings.push(f);
+      byShield.set(key, entry);
+    }
+    const totalFindings = scan.findings.length;
+    if (totalFindings === 0 && scan.dlpFindings.length === 0) {
+      console.log(chalk21.green("  \u2705 No findings across all shields and rules."));
+      console.log(chalk21.dim("  node9 is still worth running \u2014 it monitors in real time.\n"));
+    } else {
+      if (totalFindings > 0) {
+        console.log(
+          "  " + chalk21.bold("If node9 had been installed:") + "  " + chalk21.yellow.bold(
+            `${num2(totalFindings)} command${totalFindings !== 1 ? "s" : ""} flagged for review`
+          )
+        );
+        console.log("");
+        const sorted = [...byShield.entries()].sort(
+          (a, b) => b[1].findings.length - a[1].findings.length
+        );
+        for (const [shieldName, { label, findings }] of sorted) {
+          const count = findings.length;
+          const isUserRule = shieldName === "custom" || shieldName === "cloud";
+          const shieldBadge = isUserRule ? chalk21.magenta(label) : chalk21.cyan(label);
+          console.log("  " + chalk21.dim("\u2500".repeat(70)));
+          console.log(
+            "  " + shieldBadge + chalk21.dim("  \xB7  ") + chalk21.yellow(`${num2(count)} finding${count !== 1 ? "s" : ""}`) + (isUserRule ? "" : chalk21.dim(`  \u2192  node9 shield enable ${shieldName}`))
+          );
+          const byRule = /* @__PURE__ */ new Map();
+          for (const f of findings) {
+            const ruleKey = f.source.rule.name ?? "unnamed";
+            const arr = byRule.get(ruleKey) ?? [];
+            arr.push(f);
+            byRule.set(ruleKey, arr);
+          }
+          for (const [, ruleFindings] of byRule) {
+            const rule = ruleFindings[0].source.rule;
+            const ruleCount = ruleFindings.length;
+            const countBadge = ruleCount > 1 ? chalk21.white(` \xD7${ruleCount}`) : "";
+            const shortName = (rule.name ?? "unnamed").replace(/^shield:[^:]+:/, "");
+            console.log(
+              "    " + chalk21.white(shortName) + countBadge + (rule.reason ? chalk21.dim(`  \u2014 ${rule.reason}`) : "")
+            );
+            const shown = ruleFindings.slice(0, topN);
+            for (const f of shown) {
+              const ts = f.timestamp ? chalk21.dim(fmtTs(f.timestamp) + "  ") : "";
+              const proj = chalk21.dim(f.project.slice(0, 22).padEnd(22) + "  ");
+              const cmd = chalk21.gray(preview(f.input, 55));
+              console.log(`      ${ts}${proj}${cmd}`);
+            }
+            if (ruleFindings.length > topN) {
+              console.log(
+                chalk21.dim(
+                  `      \u2026 and ${ruleFindings.length - topN} more (--top ${ruleFindings.length})`
+                )
+              );
+            }
+          }
+          console.log("");
+        }
+      }
+      if (scan.dlpFindings.length > 0) {
+        console.log("  " + chalk21.dim("\u2500".repeat(70)));
+        console.log(
+          "  " + chalk21.red.bold("Secrets / DLP") + chalk21.dim("  \xB7  ") + chalk21.red(
+            `${num2(scan.dlpFindings.length)} potential secret leak${scan.dlpFindings.length !== 1 ? "s" : ""}`
+          )
+        );
+        const shownDlp = scan.dlpFindings.slice(0, topN);
+        for (const f of shownDlp) {
+          const ts = f.timestamp ? chalk21.dim(fmtTs(f.timestamp) + "  ") : "";
+          const proj = chalk21.dim(f.project.slice(0, 22).padEnd(22) + "  ");
+          console.log(
+            `    ${ts}${proj}` + chalk21.yellow(f.patternName) + chalk21.dim("  ") + chalk21.gray(f.redactedSample)
+          );
+        }
+        if (scan.dlpFindings.length > topN) {
+          console.log(
+            chalk21.dim(
+              `    \u2026 and ${scan.dlpFindings.length - topN} more (--top ${scan.dlpFindings.length})`
+            )
+          );
+        }
+        console.log("");
+      }
+    }
+    if (scan.totalCostUSD > 0) {
+      console.log(
+        "  " + chalk21.bold("Claude spend:") + "  " + chalk21.yellow(fmtCost2(scan.totalCostUSD)) + chalk21.dim("  (for per-period breakdown: node9 report)")
+      );
+      console.log("");
+    }
+    const auditLog = path35.join(os28.homedir(), ".node9", "audit.log");
+    if (fs32.existsSync(auditLog)) {
+      console.log(chalk21.green("  \u2705 node9 is active \u2014 future sessions are protected."));
+      console.log(
+        chalk21.dim("  Run ") + chalk21.cyan("node9 report") + chalk21.dim(" to see live stats.")
+      );
+    } else {
+      console.log(chalk21.yellow.bold("  \u26A1 node9 was not running during these sessions."));
+      console.log(
+        "  " + chalk21.white("Run ") + chalk21.cyan("node9 init") + chalk21.white(" to start protecting your AI agents.")
+      );
+    }
+    console.log("");
+  });
+}
+
+// src/cli/commands/sessions.ts
+import chalk22 from "chalk";
+import fs33 from "fs";
+import path36 from "path";
+import os29 from "os";
+var CLAUDE_PRICING3 = {
+  "claude-opus-4-6": { i: 5e-6, o: 25e-6, cw: 625e-8, cr: 5e-7 },
+  "claude-opus-4-5": { i: 5e-6, o: 25e-6, cw: 625e-8, cr: 5e-7 },
+  "claude-opus-4": { i: 15e-6, o: 75e-6, cw: 1875e-8, cr: 15e-7 },
+  "claude-sonnet-4-6": { i: 3e-6, o: 15e-6, cw: 375e-8, cr: 3e-7 },
+  "claude-sonnet-4-5": { i: 3e-6, o: 15e-6, cw: 375e-8, cr: 3e-7 },
+  "claude-sonnet-4": { i: 3e-6, o: 15e-6, cw: 375e-8, cr: 3e-7 },
+  "claude-3-7-sonnet": { i: 3e-6, o: 15e-6, cw: 375e-8, cr: 3e-7 },
+  "claude-3-5-sonnet": { i: 3e-6, o: 15e-6, cw: 375e-8, cr: 3e-7 },
+  "claude-haiku-4-5": { i: 1e-6, o: 5e-6, cw: 125e-8, cr: 1e-7 },
+  "claude-3-5-haiku": { i: 8e-7, o: 4e-6, cw: 1e-6, cr: 8e-8 }
+};
+function modelPrice(model) {
+  const base = model.replace(/@.*$/, "").replace(/-\d{8}$/, "");
+  for (const [key, p] of Object.entries(CLAUDE_PRICING3)) {
+    if (base === key || base.startsWith(key)) return p;
+  }
+  return null;
+}
+function encodeProjectPath(projectPath) {
+  return projectPath.replace(/\//g, "-");
+}
+function sessionJsonlPath(projectPath, sessionId) {
+  const encoded = encodeProjectPath(projectPath);
+  return path36.join(os29.homedir(), ".claude", "projects", encoded, `${sessionId}.jsonl`);
+}
+function projectLabel(projectPath) {
+  return projectPath.replace(os29.homedir(), "~");
+}
+function parseHistoryLines(lines) {
+  const entries = [];
+  for (const line of lines) {
+    if (!line.trim()) continue;
+    try {
+      const obj = JSON.parse(line);
+      if (typeof obj["display"] === "string" && (typeof obj["timestamp"] === "string" || typeof obj["timestamp"] === "number") && typeof obj["project"] === "string" && typeof obj["sessionId"] === "string") {
+        const ts = typeof obj["timestamp"] === "number" ? new Date(obj["timestamp"]).toISOString() : obj["timestamp"];
+        entries.push({
+          display: obj["display"],
+          timestamp: ts,
+          project: obj["project"],
+          sessionId: obj["sessionId"]
+        });
+      }
+    } catch {
+    }
+  }
+  return entries;
+}
+function parseSessionLines(lines) {
+  const toolCalls = [];
+  let costUSD = 0;
+  let hasSnapshot = false;
+  const modifiedFiles = [];
+  const seenFiles = /* @__PURE__ */ new Set();
+  for (const line of lines) {
+    if (!line.trim()) continue;
+    let entry;
+    try {
+      entry = JSON.parse(line);
+    } catch {
+      continue;
+    }
+    if (entry.type === "file-history-snapshot") {
+      hasSnapshot = true;
+      continue;
+    }
+    if (entry.type !== "assistant") continue;
+    const usage = entry.message?.usage;
+    const model = entry.message?.model;
+    if (usage && model) {
+      const p = modelPrice(model);
+      if (p) {
+        costUSD += (usage.input_tokens ?? 0) * p.i + (usage.output_tokens ?? 0) * p.o + (usage.cache_creation_input_tokens ?? 0) * p.cw + (usage.cache_read_input_tokens ?? 0) * p.cr;
+      }
+    }
+    const content = entry.message?.content;
+    if (!Array.isArray(content)) continue;
+    for (const block of content) {
+      if (block.type !== "tool_use") continue;
+      const tool = block.name ?? "";
+      const input = block.input ?? {};
+      toolCalls.push({ tool, input, timestamp: entry.timestamp ?? "" });
+      const toolLower = tool.toLowerCase();
+      if (toolLower === "write" || toolLower === "edit" || toolLower === "notebookedit") {
+        const fp = input.file_path ?? input.path;
+        if (typeof fp === "string" && !seenFiles.has(fp)) {
+          seenFiles.add(fp);
+          modifiedFiles.push(fp);
+        }
+      }
+    }
+  }
+  return { toolCalls, costUSD, hasSnapshot, modifiedFiles };
+}
+function loadAuditEntries(auditPath) {
+  const aPath = auditPath ?? path36.join(os29.homedir(), ".node9", "audit.log");
+  let raw;
+  try {
+    raw = fs33.readFileSync(aPath, "utf-8");
+  } catch {
+    return [];
+  }
+  const entries = [];
+  for (const line of raw.split("\n")) {
+    if (!line.trim()) continue;
+    try {
+      const e = JSON.parse(line);
+      if (!e.ts || !e.tool || !e.decision) continue;
+      if (e.decision === "allow" || e.decision === "allowed") continue;
+      entries.push(e);
+    } catch {
+    }
+  }
+  return entries;
+}
+function auditEntriesInWindow(entries, windowStart, windowEnd) {
+  const start = new Date(windowStart).getTime();
+  const end = new Date(windowEnd).getTime();
+  const result = [];
+  for (const e of entries) {
+    const t = new Date(e.ts).getTime();
+    if (t < start || t > end) continue;
+    result.push({
+      tool: e.tool,
+      args: e.args,
+      argsHash: e.argsHash,
+      timestamp: e.ts,
+      decision: e.decision,
+      checkedBy: e.checkedBy
+    });
+  }
+  return result;
+}
+function buildSessions(days, historyPath) {
+  const hPath = historyPath ?? path36.join(os29.homedir(), ".claude", "history.jsonl");
+  let historyRaw;
+  try {
+    historyRaw = fs33.readFileSync(hPath, "utf-8");
+  } catch {
+    return [];
+  }
+  const cutoff = days !== null ? (() => {
+    const d = /* @__PURE__ */ new Date();
+    d.setDate(d.getDate() - days);
+    d.setHours(0, 0, 0, 0);
+    return d;
+  })() : null;
+  const entries = parseHistoryLines(historyRaw.split("\n"));
+  const bySession = /* @__PURE__ */ new Map();
+  for (const e of entries) {
+    if (cutoff && new Date(e.timestamp) < cutoff) continue;
+    const existing = bySession.get(e.sessionId);
+    if (!existing || e.timestamp < existing.timestamp) {
+      bySession.set(e.sessionId, e);
+    }
+  }
+  const allAuditEntries = loadAuditEntries();
+  const summaries = [];
+  for (const entry of bySession.values()) {
+    const jsonlFile = sessionJsonlPath(entry.project, entry.sessionId);
+    let sessionLines = [];
+    try {
+      sessionLines = fs33.readFileSync(jsonlFile, "utf-8").split("\n");
+    } catch {
+    }
+    const { toolCalls, costUSD, hasSnapshot, modifiedFiles } = parseSessionLines(sessionLines);
+    const windowStart = entry.timestamp;
+    const lastToolTs = toolCalls.length > 0 ? toolCalls[toolCalls.length - 1].timestamp : "";
+    const windowEnd = new Date(
+      Math.max(new Date(windowStart).getTime(), lastToolTs ? new Date(lastToolTs).getTime() : 0) + 5 * 60 * 1e3
+      // 5 min buffer
+    ).toISOString();
+    const blockedCalls = auditEntriesInWindow(allAuditEntries, windowStart, windowEnd);
+    summaries.push({
+      sessionId: entry.sessionId,
+      project: entry.project,
+      projectLabel: projectLabel(entry.project),
+      firstPrompt: entry.display,
+      startTime: entry.timestamp,
+      toolCalls,
+      blockedCalls,
+      costUSD,
+      hasSnapshot,
+      modifiedFiles
+    });
+  }
+  summaries.sort((a, b) => a.startTime > b.startTime ? -1 : 1);
+  return summaries;
+}
+function fmtCost3(usd) {
+  if (usd === 0) return "";
+  if (usd < 1e-3) return "< $0.001";
+  if (usd < 1) return "$" + usd.toFixed(3);
+  return "$" + usd.toFixed(2);
+}
+function fmtDate2(iso) {
+  try {
+    return new Date(iso).toLocaleDateString("en-US", { month: "short", day: "numeric" });
+  } catch {
+    return iso.slice(0, 10);
+  }
+}
+function fmtTime(iso) {
+  try {
+    return new Date(iso).toLocaleTimeString("en-US", {
+      hour: "2-digit",
+      minute: "2-digit",
+      hour12: false
+    });
+  } catch {
+    return iso.slice(11, 16);
+  }
+}
+function fmtDateTime(iso) {
+  try {
+    return new Date(iso).toLocaleString("en-US", {
+      month: "short",
+      day: "numeric",
+      year: "numeric",
+      hour: "2-digit",
+      minute: "2-digit",
+      hour12: false
+    });
+  } catch {
+    return iso;
+  }
+}
+function truncate(s, max) {
+  return s.length > max ? s.slice(0, max - 1) + "\u2026" : s;
+}
+function toolInputSummary(tool, input) {
+  const fp = input.file_path ?? input.path;
+  if (typeof fp === "string") return fp;
+  const cmd = input.command;
+  if (typeof cmd === "string") return truncate(cmd.replace(/\s+/g, " "), 60);
+  const q = input.query ?? input.url;
+  if (typeof q === "string") return truncate(String(q), 60);
+  return "";
+}
+function toolColor(tool) {
+  const t = tool.toLowerCase();
+  if (t === "bash" || t === "execute_bash") return chalk22.red;
+  if (t === "write") return chalk22.green;
+  if (t === "edit" || t === "notebookedit") return chalk22.yellow;
+  if (t === "read") return chalk22.cyan;
+  return chalk22.gray;
+}
+function barStr2(value, max, width) {
+  if (max === 0 || width <= 0) return "\u2591".repeat(width);
+  const filled = Math.max(1, Math.round(value / max * width));
+  return "\u2588".repeat(filled) + "\u2591".repeat(width - filled);
+}
+function colorBar2(value, max, width) {
+  const s = barStr2(value, max, width);
+  const filled = Math.max(1, Math.round(max > 0 ? value / max * width : 0));
+  return chalk22.cyan(s.slice(0, filled)) + chalk22.dim(s.slice(filled));
+}
+function renderSummary(summaries) {
+  const totalTools = summaries.reduce((n, s) => n + s.toolCalls.length, 0);
+  const totalCost = summaries.reduce((n, s) => n + s.costUSD, 0);
+  const totalFiles = summaries.reduce((n, s) => n + s.modifiedFiles.length, 0);
+  const totalBlocked = summaries.reduce((n, s) => n + s.blockedCalls.length, 0);
+  const snapshots = summaries.filter((s) => s.hasSnapshot).length;
+  const avgCost = summaries.length > 0 ? totalCost / summaries.length : 0;
+  const toolCounts = /* @__PURE__ */ new Map();
+  for (const s of summaries) {
+    for (const tc of s.toolCalls) {
+      const key = tc.tool.toLowerCase();
+      toolCounts.set(key, (toolCounts.get(key) ?? 0) + 1);
+    }
+  }
+  const groups = { Bash: 0, Read: 0, Write: 0, Edit: 0, Other: 0 };
+  for (const [tool, count] of toolCounts) {
+    if (tool === "bash" || tool === "execute_bash") groups["Bash"] += count;
+    else if (tool === "read") groups["Read"] += count;
+    else if (tool === "write") groups["Write"] += count;
+    else if (tool === "edit" || tool === "notebookedit") groups["Edit"] += count;
+    else groups["Other"] += count;
+  }
+  const projCosts = /* @__PURE__ */ new Map();
+  for (const s of summaries) {
+    projCosts.set(s.projectLabel, (projCosts.get(s.projectLabel) ?? 0) + s.costUSD);
+  }
+  const topProjects = [...projCosts.entries()].sort((a, b) => b[1] - a[1]).slice(0, 3);
+  const W = 20;
+  console.log(chalk22.dim("  " + "\u2500".repeat(70)));
+  console.log(
+    "  " + chalk22.bold.white(String(summaries.length).padEnd(4)) + chalk22.dim("sessions    ") + chalk22.bold.yellow(fmtCost3(totalCost).padEnd(10)) + chalk22.dim("total    ") + chalk22.bold.white(String(totalTools).padEnd(6)) + chalk22.dim("tool calls    ") + chalk22.bold.white(String(totalFiles)) + chalk22.dim(" files modified") + (totalBlocked > 0 ? chalk22.dim("    ") + chalk22.red.bold(String(totalBlocked)) + chalk22.dim(" blocked by node9") : "")
+  );
+  console.log(
+    "  " + chalk22.dim("avg ") + chalk22.white(fmtCost3(avgCost).padEnd(10)) + chalk22.dim("/session    ") + chalk22.green(String(snapshots)) + chalk22.dim(` of ${summaries.length} sessions had snapshots`)
+  );
+  console.log("");
+  console.log("  " + chalk22.dim("Tool breakdown:"));
+  const maxGroup = Math.max(...Object.values(groups));
+  for (const [label, count] of Object.entries(groups)) {
+    if (count === 0) continue;
+    const pct2 = totalTools > 0 ? Math.round(count / totalTools * 100) : 0;
+    console.log(
+      "    " + label.padEnd(6) + "  " + colorBar2(count, maxGroup, W) + "  " + chalk22.white(String(count).padStart(4)) + chalk22.dim(` (${String(pct2)}%)`)
+    );
+  }
+  console.log("");
+  if (topProjects.length > 1) {
+    console.log("  " + chalk22.dim("Cost by project:"));
+    const maxProjCost = topProjects[0][1];
+    for (const [proj, cost] of topProjects) {
+      console.log(
+        "    " + proj.slice(0, 28).padEnd(28) + "  " + colorBar2(cost, maxProjCost, W) + "  " + chalk22.yellow(fmtCost3(cost))
+      );
+    }
+    console.log("");
+  }
+  console.log(chalk22.dim("  " + "\u2500".repeat(70)));
+  console.log("");
+}
+function renderList(summaries, totalCost) {
+  if (summaries.length === 0) {
+    console.log(chalk22.yellow("  No sessions found in the requested range.\n"));
+    return;
+  }
+  const totalLabel = totalCost > 0 ? chalk22.dim("  ~" + fmtCost3(totalCost) + " total") : "";
+  console.log(
+    "  " + chalk22.white(String(summaries.length)) + chalk22.dim(` session${summaries.length !== 1 ? "s" : ""}`) + totalLabel
+  );
+  console.log("");
+  let lastGroup = "";
+  for (const s of summaries) {
+    const group = fmtDate2(s.startTime) + "  " + s.projectLabel;
+    if (group !== lastGroup) {
+      console.log(
+        chalk22.dim("  \u2500\u2500\u2500 ") + chalk22.bold(fmtDate2(s.startTime)) + chalk22.dim("  " + s.projectLabel)
+      );
+      lastGroup = group;
+    }
+    const timeStr = chalk22.dim(fmtTime(s.startTime));
+    const prompt = chalk22.white(truncate(s.firstPrompt.replace(/\n/g, " "), 50).padEnd(50));
+    const tools = s.toolCalls.length > 0 ? chalk22.dim(String(s.toolCalls.length).padStart(3) + " tools") : chalk22.dim("  0 tools");
+    const cost = s.costUSD > 0 ? chalk22.dim("  " + fmtCost3(s.costUSD).padEnd(8)) : "          ";
+    const blocked = s.blockedCalls.length > 0 ? chalk22.red("  \u{1F6D1} " + String(s.blockedCalls.length)) : "";
+    const snap = s.hasSnapshot ? chalk22.green("  \u{1F4F8}") : "";
+    const sid = chalk22.dim("  " + s.sessionId.slice(0, 8));
+    console.log(`  ${timeStr}  ${prompt}  ${tools}${cost}${blocked}${snap}${sid}`);
+  }
+  console.log("");
+  console.log(
+    chalk22.dim("  Run") + " " + chalk22.cyan("node9 sessions --detail <session-id>") + chalk22.dim(" for full tool trace.")
+  );
+  console.log("");
+}
+function renderDetail(s) {
+  console.log("");
+  console.log(chalk22.bold("  Session  ") + chalk22.dim(s.sessionId));
+  console.log(
+    chalk22.bold("  Prompt   ") + chalk22.white(s.firstPrompt.replace(/\n/g, " ").slice(0, 120))
+  );
+  console.log(chalk22.bold("  Project  ") + chalk22.white(s.projectLabel));
+  console.log(chalk22.bold("  When     ") + chalk22.white(fmtDateTime(s.startTime)));
+  if (s.costUSD > 0)
+    console.log(chalk22.bold("  Cost     ") + chalk22.yellow("~" + fmtCost3(s.costUSD)));
+  console.log(
+    chalk22.bold("  Snapshot ") + (s.hasSnapshot ? chalk22.green("\u2713 taken") : chalk22.dim("none"))
+  );
+  console.log("");
+  if (s.toolCalls.length === 0 && s.blockedCalls.length === 0) {
+    console.log(chalk22.dim("  No tool calls recorded.\n"));
+    return;
+  }
+  const timeline = [
+    ...s.toolCalls.map((tc) => ({ kind: "tool", tc })),
+    ...s.blockedCalls.map((bc) => ({ kind: "blocked", bc }))
+  ].sort((a, b) => {
+    const ta = a.kind === "tool" ? a.tc.timestamp : a.bc.timestamp;
+    const tb = b.kind === "tool" ? b.tc.timestamp : b.bc.timestamp;
+    return ta < tb ? -1 : ta > tb ? 1 : 0;
+  });
+  const headerParts = [`Tool calls (${s.toolCalls.length})`];
+  if (s.blockedCalls.length > 0)
+    headerParts.push(chalk22.red(`${s.blockedCalls.length} blocked by node9`));
+  console.log(chalk22.bold("  " + headerParts.join("  \xB7  ")));
+  console.log("");
+  for (const entry of timeline) {
+    if (entry.kind === "tool") {
+      const tc = entry.tc;
+      const colorFn = toolColor(tc.tool);
+      const toolPad = colorFn(tc.tool.padEnd(16));
+      const detail = chalk22.gray(truncate(toolInputSummary(tc.tool, tc.input), 70));
+      const ts = tc.timestamp ? chalk22.dim(fmtTime(tc.timestamp) + "  ") : "       ";
+      console.log(`    ${ts}${toolPad}  ${detail}`);
+    } else {
+      const bc = entry.bc;
+      const ts = bc.timestamp ? chalk22.dim(fmtTime(bc.timestamp) + "  ") : "       ";
+      const label = chalk22.red("\u{1F6D1} BLOCKED".padEnd(16));
+      const toolName = chalk22.red(bc.tool.padEnd(10));
+      const argsSummary = bc.args ? chalk22.gray(truncate(toolInputSummary(bc.tool, bc.args), 40)) : chalk22.dim("[args not logged]");
+      const reason = bc.checkedBy ? chalk22.dim("  \u2190 " + bc.checkedBy) : "";
+      console.log(`    ${ts}${label}  ${toolName}  ${argsSummary}${reason}`);
+    }
+  }
+  console.log("");
+  if (s.modifiedFiles.length > 0) {
+    console.log(chalk22.bold(`  Files modified (${s.modifiedFiles.length}):`));
+    for (const f of s.modifiedFiles) {
+      console.log("    " + chalk22.yellow(f));
+    }
+    console.log("");
+  }
+}
+function registerSessionsCommand(program2) {
+  program2.command("sessions").description("Show what your AI agent did \u2014 sessions, tool calls, cost, and file changes").option("--all", "Show all sessions (default: last 7 days)").option("--days <n>", "Show last N days of sessions", "7").option("--detail <sessionId>", "Show full tool trace for a session").action((options) => {
+    console.log("");
+    console.log(chalk22.cyan.bold("\u{1F4CB}  node9 sessions") + chalk22.dim("  \u2014 what your AI agent did"));
+    console.log("");
+    const historyPath = path36.join(os29.homedir(), ".claude", "history.jsonl");
+    if (!fs33.existsSync(historyPath)) {
+      console.log(chalk22.yellow("  No Claude session history found at ~/.claude/history.jsonl"));
+      console.log(chalk22.gray("  Install Claude Code, run a few sessions, then try again.\n"));
+      return;
+    }
+    const days = options.detail || options.all ? null : Math.max(1, parseInt(options.days, 10) || 7);
+    const rangeLabel = options.detail ? "all time" : options.all ? "all time" : `last ${String(days)} days`;
+    console.log(chalk22.dim("  " + rangeLabel));
+    console.log("");
+    process.stdout.write(chalk22.dim("  Loading\u2026"));
+    const summaries = buildSessions(days);
+    process.stdout.write("\r" + " ".repeat(20) + "\r");
+    if (options.detail) {
+      const target = summaries.find(
+        (s) => s.sessionId === options.detail || s.sessionId.startsWith(options.detail)
+      );
+      if (!target) {
+        console.log(chalk22.red(`  Session not found: ${options.detail}`));
+        console.log(chalk22.dim("  Run `node9 sessions` to list recent sessions.\n"));
+        return;
+      }
+      renderDetail(target);
+      return;
+    }
+    const totalCost = summaries.reduce((sum, s) => sum + s.costUSD, 0);
+    if (summaries.length > 0) renderSummary(summaries);
+    renderList(summaries, totalCost);
+  });
+}
+
+// src/cli/commands/skill-pin.ts
+import chalk23 from "chalk";
+import fs34 from "fs";
+import os30 from "os";
+import path37 from "path";
+function wipeSkillSessions() {
+  try {
+    fs34.rmSync(path37.join(os30.homedir(), ".node9", "skill-sessions"), {
+      recursive: true,
+      force: true
+    });
+  } catch {
+  }
+}
+function registerSkillPinCommand(program2) {
+  const skillCmd = program2.command("skill").description("Manage skill pinning (supply chain & update drift defense, AST 02 + AST 07)");
+  const pinSubCmd = skillCmd.command("pin").description("Manage pinned skill roots");
+  pinSubCmd.command("list").description("Show all pinned skill roots and their content hashes").action(() => {
+    const result = readSkillPinsSafe();
+    if (!result.ok) {
+      if (result.reason === "missing") {
+        console.log(chalk23.gray("\nNo skill roots are pinned yet."));
+        console.log(
+          chalk23.gray("Pins are created automatically on the first tool call of each session.\n")
+        );
+        return;
+      }
+      console.error(chalk23.red(`
+\u274C Pin file is corrupt: ${result.detail}`));
+      console.error(chalk23.yellow("   Run: node9 skill pin reset\n"));
+      process.exit(1);
+    }
+    const entries = Object.entries(result.pins.roots);
+    if (entries.length === 0) {
+      console.log(chalk23.gray("\nNo skill roots are pinned yet.\n"));
+      return;
+    }
+    console.log(chalk23.bold("\n\u{1F512} Pinned Skill Roots\n"));
+    for (const [key, entry] of entries) {
+      const missing = entry.exists ? "" : chalk23.yellow(" (not present at pin time)");
+      console.log(`  ${chalk23.cyan(key)}  ${chalk23.gray(entry.rootPath)}${missing}`);
+      console.log(`    Files (${entry.fileCount})`);
+      console.log(`    Hash:  ${chalk23.gray(entry.contentHash.slice(0, 16))}...`);
+      console.log(`    Pinned: ${chalk23.gray(entry.pinnedAt)}
+`);
+    }
+  });
+  pinSubCmd.command("update <rootKey>").description("Remove a pin so the next session re-pins with current state").action((rootKey) => {
+    let pins;
+    try {
+      pins = readSkillPins();
+    } catch {
+      console.error(chalk23.red("\n\u274C Pin file is corrupt."));
+      console.error(chalk23.yellow("   Run: node9 skill pin reset\n"));
+      process.exit(1);
+    }
+    if (!pins.roots[rootKey]) {
+      console.error(chalk23.red(`
+\u274C No pin found for root key "${rootKey}"
+`));
+      console.error(`Run ${chalk23.cyan("node9 skill pin list")} to see pinned roots.
+`);
+      process.exit(1);
+    }
+    const rootPath = pins.roots[rootKey].rootPath;
+    removePin(rootKey);
+    wipeSkillSessions();
+    console.log(chalk23.green(`
+\u{1F513} Pin removed for ${chalk23.cyan(rootKey)}`));
+    console.log(chalk23.gray(`   ${rootPath}`));
+    console.log(chalk23.gray("   Next session will re-pin with current state.\n"));
+  });
+  pinSubCmd.command("reset").description("Clear all skill pins and wipe session verification flags").action(() => {
+    const result = readSkillPinsSafe();
+    if (!result.ok && result.reason === "missing") {
+      wipeSkillSessions();
+      console.log(chalk23.gray("\nNo pins to clear.\n"));
+      return;
+    }
+    const count = result.ok ? Object.keys(result.pins.roots).length : "?";
+    clearAllPins();
+    wipeSkillSessions();
+    console.log(chalk23.green(`
+\u{1F513} Cleared ${count} skill pin(s).`));
+    console.log(chalk23.gray("   Next session will re-pin with current state.\n"));
+  });
+}
+
+// src/cli.ts
+var { version } = JSON.parse(
+  fs37.readFileSync(path40.join(__dirname, "../package.json"), "utf-8")
+);
+var program = new Command();
+program.name("node9").description("The Sudo Command for AI Agents").version(version);
+program.command("login").argument("<apiKey>").option("--local", "Save key for audit/logging only \u2014 local config still controls all decisions").option("--profile <name>", 'Save as a named profile (default: "default")').action((apiKey, options) => {
+  const DEFAULT_API_URL2 = "https://api.node9.ai/api/v1/intercept";
+  const credPath = path40.join(os33.homedir(), ".node9", "credentials.json");
+  if (!fs37.existsSync(path40.dirname(credPath)))
+    fs37.mkdirSync(path40.dirname(credPath), { recursive: true });
+  const profileName = options.profile || "default";
+  let existingCreds = {};
+  try {
+    if (fs37.existsSync(credPath)) {
+      const raw = JSON.parse(fs37.readFileSync(credPath, "utf-8"));
+      if (raw.apiKey) {
+        existingCreds = {
+          default: { apiKey: raw.apiKey, apiUrl: raw.apiUrl || DEFAULT_API_URL2 }
+        };
+      } else {
+        existingCreds = raw;
+      }
+    }
+  } catch {
+  }
+  existingCreds[profileName] = { apiKey, apiUrl: DEFAULT_API_URL2 };
+  fs37.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
+  if (profileName === "default") {
+    const configPath = path40.join(os33.homedir(), ".node9", "config.json");
+    let config = {};
+    try {
+      if (fs37.existsSync(configPath))
+        config = JSON.parse(fs37.readFileSync(configPath, "utf-8"));
+    } catch {
+    }
+    if (!config.settings || typeof config.settings !== "object") config.settings = {};
+    const s = config.settings;
+    const approvers = s.approvers || {
+      native: true,
+      browser: true,
+      cloud: true,
+      terminal: true
+    };
+    if (options.local) {
+      approvers.cloud = false;
+    }
+    s.approvers = approvers;
+    if (!fs37.existsSync(path40.dirname(configPath)))
+      fs37.mkdirSync(path40.dirname(configPath), { recursive: true });
+    fs37.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
+  }
+  if (options.profile && profileName !== "default") {
+    console.log(chalk25.green(`\u2705 Profile "${profileName}" saved`));
+    console.log(chalk25.gray(`   Switch to it per-session:  NODE9_PROFILE=${profileName} claude`));
   } else if (options.local) {
-    console.log(chalk20.green(`\u2705 Privacy mode \u{1F6E1}\uFE0F`));
-    console.log(chalk20.gray(`   All decisions stay on this machine.`));
+    console.log(chalk25.green(`\u2705 Privacy mode \u{1F6E1}\uFE0F`));
+    console.log(chalk25.gray(`   All decisions stay on this machine.`));
   } else {
-    console.log(chalk20.green(`\u2705 Logged in \u2014 agent mode`));
-    console.log(chalk20.gray(`   Team policy enforced for all calls via Node9 cloud.`));
+    console.log(chalk25.green(`\u2705 Logged in \u2014 agent mode`));
+    console.log(chalk25.gray(`   Team policy enforced for all calls via Node9 cloud.`));
   }
 });
-program.command("addto").description("Integrate Node9 with an AI agent").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  hud").argument("<target>", "The agent to protect: claude | gemini | cursor | hud").action(async (target) => {
+program.command("addto").description("Integrate Node9 with an AI agent").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  windsurf  vscode  hud").argument("<target>", "The agent to protect: claude | gemini | cursor | windsurf | vscode | hud").action(async (target) => {
   if (target === "gemini") return await setupGemini();
   if (target === "claude") return await setupClaude();
   if (target === "cursor") return await setupCursor();
+  if (target === "windsurf") return await setupWindsurf();
+  if (target === "vscode") return await setupVSCode();
   if (target === "hud") return setupHud();
-  console.error(chalk20.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`));
+  console.error(
+    chalk25.red(
+      `Unknown target: "${target}". Supported: claude, gemini, cursor, windsurf, vscode, hud`
+    )
+  );
   process.exit(1);
 });
-program.command("setup").description('Alias for "addto" \u2014 integrate Node9 with an AI agent').addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  hud").argument("[target]", "The agent to protect: claude | gemini | cursor | hud").action(async (target) => {
+program.command("setup").description('Alias for "addto" \u2014 integrate Node9 with an AI agent').addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  windsurf  vscode  hud").argument("[target]", "The agent to protect: claude | gemini | cursor | windsurf | vscode | hud").action(async (target) => {
   if (!target) {
-    console.log(chalk20.cyan("\n\u{1F6E1}\uFE0F  Node9 Setup \u2014 integrate with your AI agent\n"));
-    console.log("  Usage:  " + chalk20.white("node9 setup <target>") + "\n");
+    console.log(chalk25.cyan("\n\u{1F6E1}\uFE0F  Node9 Setup \u2014 integrate with your AI agent\n"));
+    console.log("  Usage:  " + chalk25.white("node9 setup <target>") + "\n");
     console.log("  Targets:");
-    console.log("    " + chalk20.green("claude") + "   \u2014 Claude Code (hook mode)");
-    console.log("    " + chalk20.green("gemini") + "   \u2014 Gemini CLI (hook mode)");
-    console.log("    " + chalk20.green("cursor") + "   \u2014 Cursor (hook mode)");
+    console.log("    " + chalk25.green("claude") + "    \u2014 Claude Code (hook mode)");
+    console.log("    " + chalk25.green("gemini") + "    \u2014 Gemini CLI (hook mode)");
+    console.log("    " + chalk25.green("cursor") + "    \u2014 Cursor (MCP proxy)");
+    console.log("    " + chalk25.green("windsurf") + "  \u2014 Windsurf (MCP proxy)");
+    console.log("    " + chalk25.green("vscode") + "    \u2014 VSCode / Copilot (MCP proxy)");
     process.stdout.write(
-      "    " + chalk20.green("hud") + "     \u2014 Claude Code security statusline\n"
+      "    " + chalk25.green("hud") + "       \u2014 Claude Code security statusline\n"
     );
     console.log("");
     return;
@@ -12576,93 +14785,108 @@ program.command("setup").description('Alias for "addto" \u2014 integrate Node9 w
   if (t === "gemini") return await setupGemini();
   if (t === "claude") return await setupClaude();
   if (t === "cursor") return await setupCursor();
+  if (t === "windsurf") return await setupWindsurf();
+  if (t === "vscode") return await setupVSCode();
   if (t === "hud") return setupHud();
-  console.error(chalk20.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`));
+  console.error(
+    chalk25.red(
+      `Unknown target: "${target}". Supported: claude, gemini, cursor, windsurf, vscode, hud`
+    )
+  );
   process.exit(1);
 });
-program.command("removefrom").description("Remove Node9 hooks from an AI agent configuration").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor").argument("<target>", "The agent to remove from: claude | gemini | cursor").action((target) => {
+program.command("removefrom").description("Remove Node9 hooks from an AI agent configuration").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  windsurf  vscode  hud").argument(
+  "<target>",
+  "The agent to remove from: claude | gemini | cursor | windsurf | vscode | hud"
+).action((target) => {
   let fn;
   if (target === "claude") fn = teardownClaude;
   else if (target === "gemini") fn = teardownGemini;
   else if (target === "cursor") fn = teardownCursor;
+  else if (target === "windsurf") fn = teardownWindsurf;
+  else if (target === "vscode") fn = teardownVSCode;
   else if (target === "hud") fn = teardownHud;
   else {
     console.error(
-      chalk20.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`)
+      chalk25.red(
+        `Unknown target: "${target}". Supported: claude, gemini, cursor, windsurf, vscode, hud`
+      )
     );
     process.exit(1);
   }
-  console.log(chalk20.cyan(`
+  console.log(chalk25.cyan(`
 \u{1F6E1}\uFE0F  Node9: removing hooks from ${target}...
 `));
   try {
     fn();
   } catch (err2) {
-    console.error(chalk20.red(`  \u26A0\uFE0F  Failed: ${err2 instanceof Error ? err2.message : String(err2)}`));
+    console.error(chalk25.red(`  \u26A0\uFE0F  Failed: ${err2 instanceof Error ? err2.message : String(err2)}`));
     process.exit(1);
   }
-  console.log(chalk20.gray("\n  Restart the agent for changes to take effect."));
+  console.log(chalk25.gray("\n  Restart the agent for changes to take effect."));
 });
 program.command("uninstall").description("Remove all Node9 hooks and optionally delete config files").option("--purge", "Also delete ~/.node9/ directory (config, audit log, credentials)").action(async (options) => {
-  console.log(chalk20.cyan("\n\u{1F6E1}\uFE0F  Node9 Uninstall\n"));
-  console.log(chalk20.bold("Stopping daemon..."));
+  console.log(chalk25.cyan("\n\u{1F6E1}\uFE0F  Node9 Uninstall\n"));
+  console.log(chalk25.bold("Stopping daemon..."));
   try {
     stopDaemon();
-    console.log(chalk20.green("  \u2705 Daemon stopped"));
+    console.log(chalk25.green("  \u2705 Daemon stopped"));
   } catch {
-    console.log(chalk20.blue("  \u2139\uFE0F  Daemon was not running"));
+    console.log(chalk25.blue("  \u2139\uFE0F  Daemon was not running"));
   }
-  console.log(chalk20.bold("\nRemoving hooks..."));
+  console.log(chalk25.bold("\nRemoving hooks..."));
   let teardownFailed = false;
   for (const [label, fn] of [
     ["Claude", teardownClaude],
     ["Gemini", teardownGemini],
-    ["Cursor", teardownCursor]
+    ["Cursor", teardownCursor],
+    ["Windsurf", teardownWindsurf],
+    ["VSCode", teardownVSCode]
   ]) {
     try {
       fn();
     } catch (err2) {
       teardownFailed = true;
       console.error(
-        chalk20.red(
+        chalk25.red(
           `  \u26A0\uFE0F  Failed to remove ${label} hooks: ${err2 instanceof Error ? err2.message : String(err2)}`
         )
       );
     }
   }
   if (options.purge) {
-    const node9Dir = path34.join(os27.homedir(), ".node9");
-    if (fs31.existsSync(node9Dir)) {
+    const node9Dir = path40.join(os33.homedir(), ".node9");
+    if (fs37.existsSync(node9Dir)) {
       const confirmed = await confirm2({
         message: `Permanently delete ${node9Dir} (config, audit log, credentials)?`,
         default: false
       });
       if (confirmed) {
-        fs31.rmSync(node9Dir, { recursive: true });
-        if (fs31.existsSync(node9Dir)) {
+        fs37.rmSync(node9Dir, { recursive: true });
+        if (fs37.existsSync(node9Dir)) {
           console.error(
-            chalk20.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
+            chalk25.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
           );
         } else {
-          console.log(chalk20.green("\n  \u2705 Deleted ~/.node9/ (config, audit log, credentials)"));
+          console.log(chalk25.green("\n  \u2705 Deleted ~/.node9/ (config, audit log, credentials)"));
         }
       } else {
-        console.log(chalk20.yellow("\n  Skipped \u2014 ~/.node9/ was not deleted."));
+        console.log(chalk25.yellow("\n  Skipped \u2014 ~/.node9/ was not deleted."));
       }
     } else {
-      console.log(chalk20.blue("\n  \u2139\uFE0F  ~/.node9/ not found \u2014 nothing to delete"));
+      console.log(chalk25.blue("\n  \u2139\uFE0F  ~/.node9/ not found \u2014 nothing to delete"));
     }
   } else {
     console.log(
-      chalk20.gray("\n  ~/.node9/ kept \u2014 run with --purge to delete config and audit log")
+      chalk25.gray("\n  ~/.node9/ kept \u2014 run with --purge to delete config and audit log")
     );
   }
   if (teardownFailed) {
-    console.error(chalk20.red("\n  \u26A0\uFE0F  Some hooks could not be removed \u2014 see errors above."));
+    console.error(chalk25.red("\n  \u26A0\uFE0F  Some hooks could not be removed \u2014 see errors above."));
     process.exit(1);
   }
-  console.log(chalk20.green.bold("\n\u{1F6E1}\uFE0F  Node9 removed. Run: npm uninstall -g @node9/proxy"));
-  console.log(chalk20.gray("   Restart any open AI agent sessions for changes to take effect.\n"));
+  console.log(chalk25.green.bold("\n\u{1F6E1}\uFE0F  Node9 removed. Run: npm uninstall -g @node9/proxy"));
+  console.log(chalk25.gray("   Restart any open AI agent sessions for changes to take effect.\n"));
 });
 registerDoctorCommand(program, version);
 program.command("explain").description(
@@ -12675,7 +14899,7 @@ program.command("explain").description(
       try {
         args = JSON.parse(trimmed);
       } catch {
-        console.error(chalk20.red(`
+        console.error(chalk25.red(`
 \u274C Invalid JSON: ${trimmed}
 `));
         process.exit(1);
@@ -12686,54 +14910,54 @@ program.command("explain").description(
   }
   const result = await explainPolicy(tool, args);
   console.log("");
-  console.log(chalk20.cyan.bold("\u{1F6E1}\uFE0F  Node9 Explain"));
+  console.log(chalk25.cyan.bold("\u{1F6E1}\uFE0F  Node9 Explain"));
   console.log("");
-  console.log(`   ${chalk20.bold("Tool:")}    ${chalk20.white(result.tool)}`);
+  console.log(`   ${chalk25.bold("Tool:")}    ${chalk25.white(result.tool)}`);
   if (argsRaw) {
-    const preview = argsRaw.length > 80 ? argsRaw.slice(0, 77) + "\u2026" : argsRaw;
-    console.log(`   ${chalk20.bold("Input:")}   ${chalk20.gray(preview)}`);
+    const preview2 = argsRaw.length > 80 ? argsRaw.slice(0, 77) + "\u2026" : argsRaw;
+    console.log(`   ${chalk25.bold("Input:")}   ${chalk25.gray(preview2)}`);
   }
   console.log("");
-  console.log(chalk20.bold("Config Sources (Waterfall):"));
+  console.log(chalk25.bold("Config Sources (Waterfall):"));
   for (const tier of result.waterfall) {
-    const num2 = chalk20.gray(`  ${tier.tier}.`);
+    const num3 = chalk25.gray(`  ${tier.tier}.`);
     const label = tier.label.padEnd(16);
     let statusStr;
     if (tier.tier === 1) {
-      statusStr = chalk20.gray(tier.note ?? "");
+      statusStr = chalk25.gray(tier.note ?? "");
     } else if (tier.status === "active") {
-      const loc = tier.path ? chalk20.gray(tier.path) : "";
-      const note = tier.note ? chalk20.gray(`(${tier.note})`) : "";
-      statusStr = chalk20.green("\u2713 active") + (loc ? "  " + loc : "") + (note ? "  " + note : "");
+      const loc = tier.path ? chalk25.gray(tier.path) : "";
+      const note = tier.note ? chalk25.gray(`(${tier.note})`) : "";
+      statusStr = chalk25.green("\u2713 active") + (loc ? "  " + loc : "") + (note ? "  " + note : "");
     } else {
-      statusStr = chalk20.gray("\u25CB " + (tier.note ?? "not found"));
+      statusStr = chalk25.gray("\u25CB " + (tier.note ?? "not found"));
     }
-    console.log(`${num2} ${chalk20.white(label)} ${statusStr}`);
+    console.log(`${num3} ${chalk25.white(label)} ${statusStr}`);
   }
   console.log("");
-  console.log(chalk20.bold("Policy Evaluation:"));
+  console.log(chalk25.bold("Policy Evaluation:"));
   for (const step of result.steps) {
     const isFinal = step.isFinal;
     let icon;
-    if (step.outcome === "allow") icon = chalk20.green("  \u2705");
-    else if (step.outcome === "review") icon = chalk20.red("  \u{1F534}");
-    else if (step.outcome === "skip") icon = chalk20.gray("  \u2500 ");
-    else icon = chalk20.gray("  \u25CB ");
+    if (step.outcome === "allow") icon = chalk25.green("  \u2705");
+    else if (step.outcome === "review") icon = chalk25.red("  \u{1F534}");
+    else if (step.outcome === "skip") icon = chalk25.gray("  \u2500 ");
+    else icon = chalk25.gray("  \u25CB ");
     const name = step.name.padEnd(18);
-    const nameStr = isFinal ? chalk20.white.bold(name) : chalk20.white(name);
-    const detail = isFinal ? chalk20.white(step.detail) : chalk20.gray(step.detail);
-    const arrow = isFinal ? chalk20.yellow("  \u2190 STOP") : "";
+    const nameStr = isFinal ? chalk25.white.bold(name) : chalk25.white(name);
+    const detail = isFinal ? chalk25.white(step.detail) : chalk25.gray(step.detail);
+    const arrow = isFinal ? chalk25.yellow("  \u2190 STOP") : "";
     console.log(`${icon} ${nameStr} ${detail}${arrow}`);
   }
   console.log("");
   if (result.decision === "allow") {
-    console.log(chalk20.green.bold("  Decision: \u2705 ALLOW") + chalk20.gray("  \u2014 no approval needed"));
+    console.log(chalk25.green.bold("  Decision: \u2705 ALLOW") + chalk25.gray("  \u2014 no approval needed"));
   } else {
     console.log(
-      chalk20.red.bold("  Decision: \u{1F534} REVIEW") + chalk20.gray("  \u2014 human approval required")
+      chalk25.red.bold("  Decision: \u{1F534} REVIEW") + chalk25.gray("  \u2014 human approval required")
     );
     if (result.blockedByLabel) {
-      console.log(chalk20.gray(`  Reason:   ${result.blockedByLabel}`));
+      console.log(chalk25.gray(`  Reason:   ${result.blockedByLabel}`));
     }
   }
   console.log("");
@@ -12748,7 +14972,7 @@ program.command("tail").description("Stream live agent activity to the terminal"
   try {
     await startTail2(options);
   } catch (err2) {
-    console.error(chalk20.red(`\u274C ${err2 instanceof Error ? err2.message : String(err2)}`));
+    console.error(chalk25.red(`\u274C ${err2 instanceof Error ? err2.message : String(err2)}`));
     process.exit(1);
   }
 });
@@ -12756,6 +14980,7 @@ registerWatchCommand(program);
 registerMcpGatewayCommand(program);
 registerMcpServerCommand(program);
 registerMcpPinCommand(program);
+registerSkillPinCommand(program);
 registerCheckCommand(program);
 registerLogCommand(program);
 program.command("hud").description("Render node9 security statusline (spawned by Claude Code statusLine)").addHelpText(
@@ -12780,14 +15005,14 @@ Claude Code spawns this command every ~300ms and writes a JSON payload to stdin.
 Run "node9 addto claude" to register it as the statusLine.`
 ).argument("[subcommand]", 'Optional: "debug on" / "debug off" to toggle stdin logging').argument("[state]", 'on|off \u2014 used with "debug" subcommand').action(async (subcommand, state) => {
   if (subcommand === "debug") {
-    const flagFile = path34.join(os27.homedir(), ".node9", "hud-debug");
+    const flagFile = path40.join(os33.homedir(), ".node9", "hud-debug");
     if (state === "on") {
-      fs31.mkdirSync(path34.dirname(flagFile), { recursive: true });
-      fs31.writeFileSync(flagFile, "");
+      fs37.mkdirSync(path40.dirname(flagFile), { recursive: true });
+      fs37.writeFileSync(flagFile, "");
       console.log("HUD debug logging enabled \u2192 ~/.node9/hud-debug.log");
       console.log("Tail it with: tail -f ~/.node9/hud-debug.log");
     } else if (state === "off") {
-      if (fs31.existsSync(flagFile)) fs31.unlinkSync(flagFile);
+      if (fs37.existsSync(flagFile)) fs37.unlinkSync(flagFile);
       console.log("HUD debug logging disabled.");
     } else {
       console.error("Usage: node9 hud debug on|off");
@@ -12802,7 +15027,7 @@ program.command("pause").description("Temporarily disable Node9 protection for a
   const ms = parseDuration(options.duration);
   if (ms === null) {
     console.error(
-      chalk20.red(`
+      chalk25.red(`
 \u274C  Invalid duration: "${options.duration}". Use format like 15m, 1h, 30s.
 `)
     );
@@ -12810,20 +15035,20 @@ program.command("pause").description("Temporarily disable Node9 protection for a
   }
   pauseNode9(ms, options.duration);
   const expiresAt = new Date(Date.now() + ms).toLocaleTimeString();
-  console.log(chalk20.yellow(`
+  console.log(chalk25.yellow(`
 \u23F8  Node9 paused until ${expiresAt}`));
-  console.log(chalk20.gray(`   All tool calls will be allowed without review.`));
-  console.log(chalk20.gray(`   Run "node9 resume" to re-enable early.
+  console.log(chalk25.gray(`   All tool calls will be allowed without review.`));
+  console.log(chalk25.gray(`   Run "node9 resume" to re-enable early.
 `));
 });
 program.command("resume").description("Re-enable Node9 protection immediately").action(() => {
   const { paused } = checkPause();
   if (!paused) {
-    console.log(chalk20.gray("\nNode9 is already active \u2014 nothing to resume.\n"));
+    console.log(chalk25.gray("\nNode9 is already active \u2014 nothing to resume.\n"));
     return;
   }
   resumeNode9();
-  console.log(chalk20.green("\n\u25B6  Node9 resumed \u2014 protection is active.\n"));
+  console.log(chalk25.green("\n\u25B6  Node9 resumed \u2014 protection is active.\n"));
 });
 var HOOK_BASED_AGENTS = {
   claude: "claude",
@@ -12836,15 +15061,15 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
     if (HOOK_BASED_AGENTS[firstArg2] !== void 0) {
       const target = HOOK_BASED_AGENTS[firstArg2];
       console.error(
-        chalk20.yellow(`
+        chalk25.yellow(`
 \u26A0\uFE0F  Node9 proxy mode does not support "${target}" directly.`)
       );
-      console.error(chalk20.white(`
+      console.error(chalk25.white(`
    "${target}" uses its own hook system. Use:`));
       console.error(
-        chalk20.green(`     node9 addto ${target}   `) + chalk20.gray("# one-time setup")
+        chalk25.green(`     node9 addto ${target}   `) + chalk25.gray("# one-time setup")
       );
-      console.error(chalk20.green(`     ${target}              `) + chalk20.gray("# run normally"));
+      console.error(chalk25.green(`     ${target}              `) + chalk25.gray("# run normally"));
       process.exit(1);
     }
     const runArgs = firstArg2 === "shell" ? commandArgs.slice(1) : commandArgs;
@@ -12861,7 +15086,7 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
       }
     );
     if (result.noApprovalMechanism && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON && getConfig().settings.autoStartDaemon) {
-      console.error(chalk20.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically..."));
+      console.error(chalk25.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically..."));
       const daemonReady = await autoStartDaemonAndWait();
       if (daemonReady) result = await authorizeHeadless("shell", { command: fullCommand });
     }
@@ -12874,12 +15099,12 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
     }
     if (!result.approved) {
       console.error(
-        chalk20.red(`
+        chalk25.red(`
 \u274C Node9 Blocked: ${result.reason || "Dangerous command detected."}`)
       );
       process.exit(1);
     }
-    console.error(chalk20.green("\n\u2705 Approved \u2014 running command...\n"));
+    console.error(chalk25.green("\n\u2705 Approved \u2014 running command...\n"));
     await runProxy(fullCommand);
   } else {
     program.help();
@@ -12889,14 +15114,18 @@ registerUndoCommand(program);
 registerShieldCommand(program);
 registerConfigShowCommand(program);
 registerTrustCommand(program);
+registerSyncCommand(program);
+registerAgentsCommand(program);
+registerScanCommand(program);
+registerSessionsCommand(program);
 if (process.argv[2] !== "daemon") {
   process.on("unhandledRejection", (reason) => {
     const isCheckHook = process.argv[2] === "check";
     if (isCheckHook) {
       if (process.env.NODE9_DEBUG === "1" || getConfig().settings.enableHookLogDebug) {
-        const logPath = path34.join(os27.homedir(), ".node9", "hook-debug.log");
+        const logPath = path40.join(os33.homedir(), ".node9", "hook-debug.log");
         const msg = reason instanceof Error ? reason.message : String(reason);
-        fs31.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
+        fs37.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
 `);
       }
       process.exit(0);