npm - @node9/proxy - Versions diffs - 1.18.2 → 1.18.3 - Mend

@node9/proxy 1.18.2 → 1.18.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/cli.js CHANGED Viewed

@@ -444,9 +444,65 @@ function redactText(text) {
   }
   return { result, found };
 }
+function isCatHeredocOrLit(part) {
+  if (!part) return false;
+  const t = syntax.NodeType(part);
+  if (t === "Lit") return true;
+  if (t !== "CmdSubst") return false;
+  const stmts = part.Stmts || [];
+  if (stmts.length !== 1) return false;
+  const stmt = stmts[0];
+  const redirs = stmt.Redirs || stmt.Cmd?.Redirs || [];
+  const hasHeredoc = redirs.some((r) => r && r.Hdoc);
+  if (!hasHeredoc) return false;
+  const cmd = stmt.Cmd;
+  if (!cmd || syntax.NodeType(cmd) !== "CallExpr") return false;
+  const firstArg2 = cmd.Args?.[0]?.Parts || [];
+  if (firstArg2.length !== 1 || syntax.NodeType(firstArg2[0]) !== "Lit") return false;
+  return (firstArg2[0].Value || "").toLowerCase() === "cat";
+}
+function parseShared(command) {
+  const cached = astCache.get(command);
+  if (cached !== void 0) {
+    astCache.delete(command);
+    astCache.set(command, cached);
+    return cached;
+  }
+  let parsed;
+  try {
+    parsed = sharedParser.Parse(command, "cmd");
+  } catch {
+    parsed = PARSE_FAIL;
+  }
+  if (astCache.size >= AST_CACHE_MAX) {
+    const oldest = astCache.keys().next().value;
+    if (oldest !== void 0) astCache.delete(oldest);
+  }
+  astCache.set(command, parsed);
+  return parsed;
+}
+function cachedNormalize(command, compute) {
+  const hit = normalizeCache.get(command);
+  if (hit !== void 0) {
+    normalizeCache.delete(command);
+    normalizeCache.set(command, hit);
+    return hit;
+  }
+  const result = compute();
+  if (normalizeCache.size >= NORMALIZE_CACHE_MAX) {
+    const oldest = normalizeCache.keys().next().value;
+    if (oldest !== void 0) normalizeCache.delete(oldest);
+  }
+  normalizeCache.set(command, result);
+  return result;
+}
 function normalizeCommandForPolicy(command) {
+  return cachedNormalize(command, () => normalizeCommandForPolicyImpl(command));
+}
+function normalizeCommandForPolicyImpl(command) {
+  const f = parseShared(command);
+  if (f === PARSE_FAIL) return command;
   try {
-    const f = sharedParser.Parse(command, "cmd");
     const strips = [];
     syntax.Walk(f, (node) => {
       if (!node) return false;
@@ -468,7 +524,11 @@ function normalizeCommandForPolicy(command) {
         } else if (nt === "DblQuoted") {
           const innerParts = quotedNode.Parts || [];
           const allLit = innerParts.length === 0 || innerParts.every((p) => syntax.NodeType(p) === "Lit");
-          if (allLit) strips.push([next.Pos().Offset(), next.End().Offset()]);
+          if (allLit) {
+            strips.push([next.Pos().Offset(), next.End().Offset()]);
+          } else if (innerParts.every((p) => isCatHeredocOrLit(p))) {
+            strips.push([next.Pos().Offset(), next.End().Offset()]);
+          }
         }
       }
       return true;
@@ -536,6 +596,127 @@ function detectDangerousShellExec(command) {
     return null;
   }
 }
+function isProtectedHomePath(rawPath) {
+  let p = rawPath.replace(/^\$HOME[\\/]?|^\$\{HOME\}[\\/]?/, "~/");
+  let underHome = false;
+  if (p === "~" || p.startsWith("~/") || p.startsWith("~\\")) {
+    p = p.replace(/^~[\\/]?/, "");
+    underHome = true;
+  } else if (/^\/home\/[^/]+/.test(p) || /^\/root(\/|$)/.test(p)) {
+    p = p.replace(/^\/home\/[^/]+[\\/]?|^\/root[\\/]?/, "");
+    underHome = true;
+  }
+  if (!underHome) return false;
+  if (p === "" || p === "." || p === "./") return true;
+  for (const safe of HOME_CACHE_ALLOWLIST) {
+    if (p === safe || p.startsWith(safe + "/") || p.startsWith(safe + "\\")) {
+      return false;
+    }
+  }
+  return true;
+}
+function extractLiteralArgs(callExpr) {
+  const args = callExpr.Args || [];
+  if (args.length === 0) return { name: "", flags: [], paths: [] };
+  const litFromWord = (w) => {
+    const parts = w?.Parts || [];
+    let s = "";
+    for (const p of parts) {
+      const t = syntax.NodeType(p);
+      if (t === "Lit") s += (p.Value ?? "").replace(/\\(.)/g, "$1");
+      else if (t === "SglQuoted") s += p.Value ?? "";
+      else if (t === "DblQuoted") {
+        const inner = p.Parts || [];
+        if (!inner.every((ip) => syntax.NodeType(ip) === "Lit")) return null;
+        s += inner.map((ip) => ip.Value ?? "").join("");
+      } else {
+        return null;
+      }
+    }
+    return s;
+  };
+  const name = (litFromWord(args[0]) || "").toLowerCase();
+  const flags = [];
+  const paths = [];
+  for (let i = 1; i < args.length; i++) {
+    const v = litFromWord(args[i]);
+    if (v === null) continue;
+    if (v.startsWith("-")) flags.push(v);
+    else paths.push(v);
+  }
+  return { name, flags, paths };
+}
+function analyzeFsOperation(command) {
+  if (!FS_OP_PRESCREEN_RE.test(command)) return null;
+  if (fsOpCache.has(command)) {
+    const hit = fsOpCache.get(command) ?? null;
+    fsOpCache.delete(command);
+    fsOpCache.set(command, hit);
+    return hit;
+  }
+  const computed = analyzeFsOperationImpl(command);
+  if (fsOpCache.size >= FS_OP_CACHE_MAX) {
+    const oldest = fsOpCache.keys().next().value;
+    if (oldest !== void 0) fsOpCache.delete(oldest);
+  }
+  fsOpCache.set(command, computed);
+  return computed;
+}
+function analyzeFsOperationImpl(command) {
+  const f = parseShared(command);
+  if (f === PARSE_FAIL) return null;
+  let result = null;
+  try {
+    syntax.Walk(f, (node) => {
+      if (!node || result) return false;
+      const n = node;
+      if (syntax.NodeType(n) !== "CallExpr") return true;
+      const { name, flags, paths } = extractLiteralArgs(n);
+      if (!name) return true;
+      if (name === "rm") {
+        const flagStr = flags.join("").toLowerCase();
+        const hasR = /[r]/.test(flagStr) || flags.includes("--recursive");
+        const hasF = /[f]/.test(flagStr) || flags.includes("--force");
+        if (hasR && hasF) {
+          for (const p of paths) {
+            if (isProtectedHomePath(p)) {
+              result = {
+                ruleName: "block-rm-rf-home",
+                verdict: "block",
+                reason: "Recursive delete of home directory is irreversible",
+                path: p
+              };
+              return false;
+            }
+            if (p === "/" || /^\/+$/.test(p)) {
+              result = {
+                ruleName: "block-rm-rf-home",
+                verdict: "block",
+                reason: "Recursive delete of root is catastrophic",
+                path: p
+              };
+              return false;
+            }
+          }
+        }
+      }
+      if (FS_READ_TOOLS.has(name)) {
+        for (const p of paths) {
+          for (const sp of SENSITIVE_PATH_RULES) {
+            if (sp.match(p)) {
+              result = { ruleName: sp.rule, verdict: "block", reason: sp.reason, path: p };
+              return false;
+            }
+          }
+        }
+      }
+      return true;
+    });
+    return result;
+  } catch {
+    return null;
+  }
+}
 function analyzeShellCommand(command) {
   const actions = [];
   const paths = [];
@@ -825,10 +1006,18 @@ function getNestedValue(obj, path49) {
 function evaluateSmartConditions(args, rule) {
   if (!rule.conditions || rule.conditions.length === 0) return true;
   const mode = rule.conditionMode ?? "all";
+  const fieldCache = /* @__PURE__ */ new Map();
+  const resolveField = (field) => {
+    if (fieldCache.has(field)) return fieldCache.get(field) ?? null;
+    const rawVal = getNestedValue(args, field);
+    const rawStr = rawVal !== null && rawVal !== void 0 ? String(rawVal) : null;
+    const stripped = field === "command" && rawStr !== null ? normalizeCommandForPolicy(rawStr) : rawStr;
+    const val = stripped !== null ? stripped.replace(/\s+/g, " ").trim() : null;
+    fieldCache.set(field, val);
+    return val;
+  };
   const results = rule.conditions.map((cond) => {
-    const rawVal = getNestedValue(args, cond.field);
-    const normalized = rawVal !== null && rawVal !== void 0 ? String(rawVal).replace(/\s+/g, " ").trim() : null;
-    const val = cond.field === "command" && normalized !== null ? normalizeCommandForPolicy(normalized) : normalized;
+    const val = resolveField(cond.field);
     switch (cond.op) {
       case "exists":
         return val !== null && val !== "";
@@ -1310,7 +1499,7 @@ function summarizeBlast(result, opts = {}) {
     }))
   };
 }
-var import_safe_regex2, import_mvdan_sh, import_picomatch, import_safe_regex22, import_safe_regex23, import_crypto2, ASSIGNMENT_CONTEXT_RE, DLP_STOPWORDS, DLP_PATTERNS, DLP_PATTERNS_GLOBAL, SENSITIVE_PATH_PATTERNS, MAX_DEPTH, MAX_STRING_BYTES, MAX_JSON_PARSE_BYTES, syntax, sharedParser, MESSAGE_FLAGS, SHELL_INTERPRETERS, DOWNLOAD_CMDS, SOURCE_COMMANDS, SINK_COMMANDS, OBFUSCATORS, SENSITIVE_PATTERNS, FLAGS_WITH_VALUES, MAX_REGEX_LENGTH, REGEX_CACHE_MAX, regexCache, FORBIDDEN_PATH_SEGMENTS, SQL_DML_KEYWORDS, aws_default, bash_safe_default, docker_default, filesystem_default, github_default, k8s_default, mongodb_default, postgres_default, project_jail_default, redis_default, BUILTIN_SHIELDS, LOOP_MAX_RECORDS, FINDING_TO_SIGNAL, SCAN_SIGNAL_WEIGHTS, LOOP_THRESHOLD_FOR_WASTE, COST_PER_LOOP_ITER_USD;
+var import_safe_regex2, import_mvdan_sh, import_picomatch, import_safe_regex22, import_safe_regex23, import_crypto2, ASSIGNMENT_CONTEXT_RE, DLP_STOPWORDS, DLP_PATTERNS, DLP_PATTERNS_GLOBAL, SENSITIVE_PATH_PATTERNS, MAX_DEPTH, MAX_STRING_BYTES, MAX_JSON_PARSE_BYTES, syntax, sharedParser, MESSAGE_FLAGS, SHELL_INTERPRETERS, DOWNLOAD_CMDS, NORMALIZE_CACHE_MAX, normalizeCache, AST_CACHE_MAX, astCache, PARSE_FAIL, FS_READ_TOOLS, FS_OP_PRESCREEN_RE, HOME_CACHE_ALLOWLIST, SENSITIVE_PATH_RULES, FS_OP_CACHE_MAX, fsOpCache, SOURCE_COMMANDS, SINK_COMMANDS, OBFUSCATORS, SENSITIVE_PATTERNS, FLAGS_WITH_VALUES, MAX_REGEX_LENGTH, REGEX_CACHE_MAX, regexCache, FORBIDDEN_PATH_SEGMENTS, SQL_DML_KEYWORDS, aws_default, bash_safe_default, docker_default, filesystem_default, github_default, k8s_default, mongodb_default, postgres_default, project_jail_default, redis_default, BUILTIN_SHIELDS, LOOP_MAX_RECORDS, FINDING_TO_SIGNAL, SCAN_SIGNAL_WEIGHTS, LOOP_THRESHOLD_FOR_WASTE, COST_PER_LOOP_ITER_USD;
 var init_dist = __esm({
   "packages/policy-engine/dist/index.mjs"() {
     "use strict";
@@ -1784,6 +1973,69 @@ var init_dist = __esm({
     ]);
     SHELL_INTERPRETERS = /* @__PURE__ */ new Set(["bash", "sh", "zsh", "fish", "dash", "ksh"]);
     DOWNLOAD_CMDS = /* @__PURE__ */ new Set(["curl", "wget"]);
+    NORMALIZE_CACHE_MAX = 5e3;
+    normalizeCache = /* @__PURE__ */ new Map();
+    AST_CACHE_MAX = 5e3;
+    astCache = /* @__PURE__ */ new Map();
+    PARSE_FAIL = /* @__PURE__ */ Symbol("parse-fail");
+    FS_READ_TOOLS = /* @__PURE__ */ new Set([
+      "cat",
+      "less",
+      "head",
+      "tail",
+      "bat",
+      "more",
+      "open",
+      "print",
+      "nano",
+      "vim",
+      "vi",
+      "emacs",
+      "code",
+      "type"
+    ]);
+    FS_OP_PRESCREEN_RE = /(?:^|[\s|;&(`\n])(?:rm|cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\b/;
+    HOME_CACHE_ALLOWLIST = [
+      ".cache",
+      ".npm/_npx",
+      ".npm/_cacache",
+      ".cargo/registry",
+      ".gradle/caches",
+      ".gradle/.tmp",
+      ".m2/repository",
+      ".pnpm-store",
+      ".yarn/cache",
+      ".yarn/.cache",
+      ".cache/pip",
+      ".local/share/Trash",
+      ".rustup/downloads"
+    ];
+    SENSITIVE_PATH_RULES = [
+      {
+        rule: "shield:project-jail:block-read-ssh",
+        reason: "Reading SSH private keys is blocked by project-jail shield",
+        match: (p) => /(^|[\\/])\.ssh[\\/]/i.test(p)
+      },
+      {
+        rule: "shield:project-jail:block-read-aws",
+        reason: "Reading AWS credentials is blocked by project-jail shield",
+        match: (p) => /(^|[\\/])\.aws[\\/]/i.test(p)
+      },
+      {
+        rule: "shield:project-jail:block-read-env",
+        reason: "Reading .env files is blocked by project-jail shield",
+        match: (p) => /(?:^|[\\/])\.env(?:\.local|\.production|\.staging)?$/i.test(p)
+      },
+      {
+        rule: "shield:project-jail:block-read-credentials",
+        reason: "Reading credential files is blocked by project-jail shield",
+        match: (p) => /(?:credentials\.json|\.netrc|\.npmrc|\.docker[\\/]config\.json|gcloud[\\/]credentials)$/i.test(
+          p
+        )
+      }
+    ];
+    FS_OP_CACHE_MAX = 5e3;
+    fsOpCache = /* @__PURE__ */ new Map();
     SOURCE_COMMANDS = /* @__PURE__ */ new Set([
       "cat",
       "head",
@@ -5559,9 +5811,7 @@ function removeNode9McpServer(servers) {
   return true;
 }
 function printDaemonTip() {
-  console.log(
-    import_chalk.default.cyan("\n   \u{1F4A1} Node9 will protect you automatically using Native OS popups.") + import_chalk.default.white("\n      To view your history or manage persistent rules, run:") + import_chalk.default.green("\n      node9 daemon --openui")
-  );
+  console.log(import_chalk.default.cyan("\n   \u{1F4A1} Node9 will protect you automatically using Native OS popups."));
 }
 function fullPathCommand(subcommand) {
   if (process.env.NODE9_TESTING === "1") return `node9 ${subcommand}`;
@@ -6651,7 +6901,8 @@ function buildScanSummary(agents) {
       timestamp: f.timestamp,
       project: f.project,
       sessionId: f.sessionId,
-      agent: f.agent
+      agent: f.agent,
+      kind: f.kind
     }))
   );
   const byVerdict = {
@@ -6669,10 +6920,7 @@ function buildScanSummary(agents) {
     costUSD: a.scan.totalCostUSD
   })).filter((s) => s.sessions > 0 || s.findings > 0);
   const sections = buildSections(allFindings);
-  const wastedIters = allLoops.reduce(
-    (sum, l) => sum + Math.max(0, l.count - LOOP_THRESHOLD_FOR_WASTE),
-    0
-  );
+  const wastedIters = allLoops.filter((l) => l.kind !== "long-iteration").reduce((sum, l) => sum + Math.max(0, l.count - LOOP_THRESHOLD_FOR_WASTE), 0);
   const loopWastedUSD = wastedIters * COST_PER_LOOP_ITER_USD;
   return {
     stats,
@@ -7833,6 +8081,20 @@ function geminiModelPrice(model) {
   if (base.includes("flash")) return GEMINI_PRICING["gemini-2.0-flash"];
   return null;
 }
+function isNode9SelfOutput(text) {
+  let hits = 0;
+  for (const re of SELF_OUTPUT_MARKERS) {
+    if (re.test(text)) hits++;
+    if (hits >= 2) return true;
+  }
+  return false;
+}
+function looksLikeFixtureToken(sample) {
+  for (const re of FIXTURE_TOKEN_PATTERNS) {
+    if (re.test(sample)) return true;
+  }
+  return false;
+}
 function num(n) {
   return n.toLocaleString();
 }
@@ -7896,6 +8158,45 @@ function buildRecurringPatternSet(findings) {
   }
   return recurring;
 }
+function pushFsOpAstFinding(command, toolName, input, timestamp, projLabel, sessionId, agent, result) {
+  const fsVerdict = analyzeFsOperation(command);
+  if (!fsVerdict) return false;
+  const synthRule = {
+    name: fsVerdict.ruleName,
+    tool: "bash",
+    conditions: [],
+    verdict: fsVerdict.verdict,
+    reason: fsVerdict.reason
+  };
+  const isShieldRule = fsVerdict.ruleName.startsWith("shield:");
+  const synthSource = isShieldRule ? {
+    shieldName: "project-jail",
+    shieldLabel: "project-jail (AST)",
+    sourceType: "shield",
+    rule: synthRule
+  } : {
+    shieldName: "",
+    shieldLabel: "default (AST)",
+    sourceType: "default",
+    rule: synthRule
+  };
+  const inputPreview = preview(input, 120);
+  const isDupe = result.findings.some(
+    (f) => f.source.rule.name === synthRule.name && preview(f.input, 120) === inputPreview && f.project === projLabel
+  );
+  if (!isDupe) {
+    result.findings.push({
+      source: synthSource,
+      toolName,
+      input,
+      timestamp,
+      project: projLabel,
+      sessionId,
+      agent
+    });
+  }
+  return true;
+}
 function isStaleFinding(timestamp, now = Date.now()) {
   if (!timestamp) return false;
   const t = Date.parse(timestamp);
@@ -7929,15 +8230,24 @@ function detectLoops(calls, project, sessionId, agent) {
     const entry = counts.get(key) ?? {
       count: 0,
       timestamp: call.timestamp,
+      firstTs: null,
+      lastTs: null,
       input: call.input,
       toolName: call.toolName
     };
     entry.count++;
+    const t = call.timestamp ? Date.parse(call.timestamp) : NaN;
+    if (!Number.isNaN(t)) {
+      if (entry.firstTs === null || t < entry.firstTs) entry.firstTs = t;
+      if (entry.lastTs === null || t > entry.lastTs) entry.lastTs = t;
+    }
     counts.set(key, entry);
   }
   const findings = [];
   for (const [, entry] of counts) {
     if (entry.count >= LOOP_THRESHOLD) {
+      const span = entry.firstTs !== null && entry.lastTs !== null ? entry.lastTs - entry.firstTs : 0;
+      const kind = span >= LOOP_TIMESPAN_THRESHOLD_MS ? "long-iteration" : "loop";
       findings.push({
         toolName: entry.toolName,
         commandPreview: preview(entry.input, 80),
@@ -7945,7 +8255,8 @@ function detectLoops(calls, project, sessionId, agent) {
         timestamp: entry.timestamp,
         project,
         sessionId,
-        agent
+        agent,
+        kind
       });
     }
   }
@@ -8164,8 +8475,10 @@ function scanClaudeHistory(startDate, onProgress, onLine) {
               }
               const resultText = typeof block.content === "string" ? block.content : Array.isArray(block.content) ? block.content.map((c) => c.text ?? "").join("\n") : null;
               if (!resultText) continue;
+              if (isNode9SelfOutput(resultText)) continue;
               const dlpMatch = scanArgs({ text: resultText });
               if (dlpMatch) {
+                if (looksLikeFixtureToken(dlpMatch.redactedSample)) continue;
                 if (firstDlpTs === null) firstDlpTs = entry.timestamp ?? null;
                 const isDupe = result.dlpFindings.some(
                   (f) => f.patternName === dlpMatch.patternName && f.redactedSample === dlpMatch.redactedSample && f.project === projLabel
@@ -8236,11 +8549,26 @@ function scanClaudeHistory(startDate, onProgress, onLine) {
               });
             }
           }
-          let ruleMatched = false;
+          let astFsMatched = false;
+          const astRanForBash = toolNameLower === "bash" || toolNameLower === "execute_bash";
+          if (astRanForBash) {
+            astFsMatched = pushFsOpAstFinding(
+              String(input.command ?? ""),
+              toolName,
+              input,
+              entry.timestamp ?? "",
+              projLabel,
+              sessionId,
+              "claude",
+              result
+            );
+          }
+          let ruleMatched = astFsMatched;
           for (const source of ruleSources) {
             const { rule } = source;
             if (rule.verdict === "allow") continue;
             if (rule.tool && !matchesPattern(toolNameLower, rule.tool)) continue;
+            if (astRanForBash && rule.name && AST_FS_REGEX_RULES.has(rule.name)) continue;
             if (!evaluateSmartConditions(input, rule)) continue;
             const inputPreview = preview(input, 120);
             const isDupe = result.findings.some(
@@ -8436,11 +8764,26 @@ function scanGeminiHistory(startDate, onProgress, onLine) {
               });
             }
           }
-          let ruleMatched = false;
+          let astFsMatched = false;
+          const astRanForBash = toolNameLower === "run_shell_command" || toolNameLower === "shell";
+          if (astRanForBash) {
+            astFsMatched = pushFsOpAstFinding(
+              String(input.command ?? ""),
+              toolName,
+              input,
+              msg.timestamp ?? "",
+              projLabel,
+              sessionId,
+              "gemini",
+              result
+            );
+          }
+          let ruleMatched = astFsMatched;
           for (const source of ruleSources) {
             const { rule } = source;
             if (rule.verdict === "allow") continue;
             if (rule.tool && !matchesPattern(toolNameLower, rule.tool)) continue;
+            if (astRanForBash && rule.name && AST_FS_REGEX_RULES.has(rule.name)) continue;
             if (!evaluateSmartConditions(input, rule)) continue;
             const inputPreview = preview(input, 120);
             const isDupe = result.findings.some(
@@ -8658,12 +9001,27 @@ function scanCodexHistory(startDate, onProgress, onLine) {
           });
         }
       }
-      let ruleMatched = false;
+      let astFsMatched = false;
+      const astRanForBash = toolNameLower === "exec_command" || toolNameLower === "bash";
+      if (astRanForBash) {
+        astFsMatched = pushFsOpAstFinding(
+          String(input["command"] ?? ""),
+          toolName,
+          input,
+          ts,
+          projLabel,
+          sessionId,
+          "codex",
+          result
+        );
+      }
+      let ruleMatched = astFsMatched;
       for (const source of ruleSources) {
         const { rule } = source;
         if (rule.verdict === "allow") continue;
         if (rule.tool && !matchesPattern(toolNameLower === "exec_command" ? "bash" : toolNameLower, rule.tool))
           continue;
+        if (astRanForBash && rule.name && AST_FS_REGEX_RULES.has(rule.name)) continue;
         if (!evaluateSmartConditions(input, rule)) continue;
         const inputPreview = preview(input, 120);
         const isDupe = result.findings.some(
@@ -8863,15 +9221,22 @@ function renderCompactScorecard(input) {
       import_chalk4.default.red("\u{1F6D1}  ") + import_chalk4.default.red.bold(String(blockedCount).padEnd(4)) + import_chalk4.default.dim("would have blocked".padEnd(20)) + import_chalk4.default.dim(`(${topBlocked})`)
     );
   }
-  if (scan.loopFindings.length > 0) {
-    const wastedCalls = scan.loopFindings.reduce((s, l) => s + Math.max(0, l.count - 1), 0);
+  const realLoops = scan.loopFindings.filter((l) => l.kind !== "long-iteration");
+  const longIterations = scan.loopFindings.filter((l) => l.kind === "long-iteration");
+  if (realLoops.length > 0) {
+    const wastedCalls = realLoops.reduce((s, l) => s + Math.max(0, l.count - 1), 0);
     const wastePct = scan.totalToolCalls > 0 ? Math.round(wastedCalls / scan.totalToolCalls * 100) : 0;
     const wasteParts = [];
     if (wastePct > 0) wasteParts.push(`${wastePct}% wasted`);
     if (summary.loopWastedUSD > 0) wasteParts.push("~" + fmtCost(summary.loopWastedUSD));
     const wasteSummary = wasteParts.length ? `(${wasteParts.join("  \xB7  ")})` : "";
     console.log(
-      import_chalk4.default.yellow("\u{1F501}  ") + import_chalk4.default.yellow.bold(String(scan.loopFindings.length).padEnd(4)) + import_chalk4.default.dim("agent loops".padEnd(20)) + import_chalk4.default.dim(wasteSummary)
+      import_chalk4.default.yellow("\u{1F501}  ") + import_chalk4.default.yellow.bold(String(realLoops.length).padEnd(4)) + import_chalk4.default.dim("agent loops".padEnd(20)) + import_chalk4.default.dim(wasteSummary)
+    );
+  }
+  if (longIterations.length > 0) {
+    console.log(
+      import_chalk4.default.dim("\u{1F4C2}  ") + import_chalk4.default.dim.bold(String(longIterations.length).padEnd(4)) + import_chalk4.default.dim("long iterations".padEnd(20)) + import_chalk4.default.dim("(deep work \u2014 not waste)")
     );
   }
   if (reviewCount > 0) {
@@ -9403,7 +9768,7 @@ function registerScanCommand(program2) {
     }
   );
 }
-var import_chalk4, import_fs18, import_path20, import_os17, CLAUDE_PRICING, GEMINI_PRICING, CODE_EXTENSIONS, TERMINAL_ESCAPE_RE, LOOP_TOOLS, LOOP_THRESHOLD, STUCK_TOOLS_MIN_WASTE, STUCK_TOOLS_LIMIT, RECURRING_SESSION_THRESHOLD, STALE_AGE_DAYS, DEFAULT_RULE_NAMES, classifyRuleSeverity2, narrativeRuleLabel2;
+var import_chalk4, import_fs18, import_path20, import_os17, CLAUDE_PRICING, GEMINI_PRICING, CODE_EXTENSIONS, SELF_OUTPUT_MARKERS, FIXTURE_TOKEN_PATTERNS, TERMINAL_ESCAPE_RE, LOOP_TOOLS, LOOP_THRESHOLD, LOOP_TIMESPAN_THRESHOLD_MS, STUCK_TOOLS_MIN_WASTE, STUCK_TOOLS_LIMIT, RECURRING_SESSION_THRESHOLD, STALE_AGE_DAYS, AST_FS_REGEX_RULES, DEFAULT_RULE_NAMES, classifyRuleSeverity2, narrativeRuleLabel2;
 var init_scan = __esm({
   "src/cli/commands/scan.ts"() {
     "use strict";
@@ -9414,6 +9779,7 @@ var init_scan = __esm({
     init_shields();
     init_config();
     init_policy();
+    init_dist();
     init_dlp();
     init_dist();
     init_scan_summary();
@@ -9466,6 +9832,22 @@ var init_scan = __esm({
       ".vue",
       ".svelte"
     ]);
+    SELF_OUTPUT_MARKERS = [
+      /redactedSample:\s*['"]/,
+      /patternName:\s*['"]/,
+      /\bseverity:\s*['"](?:block|review|allow)['"]/,
+      /NODE9 SECURITY ALERT/
+    ];
+    FIXTURE_TOKEN_PATTERNS = [
+      /(.)\1{5,}/,
+      // 6+ repeated characters (aaaaaa, 000000)
+      /(?:EXAMPLE|FAKE|DUMMY|PLACEHOLDER|XXXXX)/i,
+      /abcdefghijklmn/i,
+      // long alpha sequence — fixture, not entropy
+      /1234567890/,
+      // long digit sequence — fixture, not entropy
+      /qwerty/i
+    ];
     TERMINAL_ESCAPE_RE = /\x1b\[[0-9;?]*[A-Za-z]|\x1b\][^\x07\x1b]*(?:\x07|\x1b\\)|\x1b[@-_]|[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]/g;
     LOOP_TOOLS = /* @__PURE__ */ new Set([
       "bash",
@@ -9478,10 +9860,18 @@ var init_scan = __esm({
       "multiedit"
     ]);
     LOOP_THRESHOLD = 3;
+    LOOP_TIMESPAN_THRESHOLD_MS = 10 * 60 * 1e3;
     STUCK_TOOLS_MIN_WASTE = 5;
     STUCK_TOOLS_LIMIT = 3;
     RECURRING_SESSION_THRESHOLD = 3;
     STALE_AGE_DAYS = 30;
+    AST_FS_REGEX_RULES = /* @__PURE__ */ new Set([
+      "block-rm-rf-home",
+      "shield:project-jail:block-read-ssh",
+      "shield:project-jail:block-read-aws",
+      "shield:project-jail:block-read-env",
+      "shield:project-jail:block-read-credentials"
+    ]);
     DEFAULT_RULE_NAMES = new Set(
       DEFAULT_CONFIG.policy.smartRules.map((r) => r.name).filter(Boolean)
     );
@@ -10004,7 +10394,86 @@ function abandonPending() {
     }, 200);
   }
 }
+function logActivitySocket(msg) {
+  try {
+    import_fs20.default.appendFileSync(
+      import_path22.default.join(homeDir, ".node9", "hook-debug.log"),
+      `[${(/* @__PURE__ */ new Date()).toISOString()}] [activity-socket] ${msg}
+`
+    );
+  } catch {
+  }
+}
+function shouldRebind(now = Date.now()) {
+  if (activityCircuitTripped) return false;
+  activityRebindAttempts = activityRebindAttempts.filter(
+    (t) => now - t < ACTIVITY_REBIND_WINDOW_MS
+  );
+  activityRebindAttempts.push(now);
+  if (activityRebindAttempts.length > ACTIVITY_REBIND_MAX_ATTEMPTS) {
+    activityCircuitTripped = true;
+    return false;
+  }
+  return true;
+}
 function startActivitySocket() {
+  bindActivitySocket();
+  if (process.platform !== "win32") {
+    try {
+      activitySocketWatcher = import_fs20.default.watch(import_os18.default.tmpdir(), (eventType, filename) => {
+        if (filename !== import_path22.default.basename(ACTIVITY_SOCKET_PATH2)) return;
+        if (eventType !== "rename") return;
+        if (import_fs20.default.existsSync(ACTIVITY_SOCKET_PATH2)) return;
+        attemptRebind("watch-unlink");
+      });
+      activitySocketWatcher.on("error", (err2) => {
+        logActivitySocket(`watcher error: ${err2.message}`);
+      });
+      activitySocketWatcher.unref();
+    } catch (err2) {
+      logActivitySocket(`failed to start watcher: ${err2.message}`);
+    }
+  }
+  activityHealthInterval = setInterval(() => {
+    if (!import_fs20.default.existsSync(ACTIVITY_SOCKET_PATH2)) attemptRebind("health-probe");
+  }, ACTIVITY_HEALTH_PROBE_MS);
+  activityHealthInterval.unref();
+  process.on("exit", () => {
+    if (activitySocketWatcher) {
+      try {
+        activitySocketWatcher.close();
+      } catch {
+      }
+    }
+    if (activityHealthInterval) clearInterval(activityHealthInterval);
+    try {
+      import_fs20.default.unlinkSync(ACTIVITY_SOCKET_PATH2);
+    } catch {
+    }
+  });
+}
+function attemptRebind(reason) {
+  if (!shouldRebind()) {
+    logActivitySocket(
+      `circuit breaker tripped after ${ACTIVITY_REBIND_MAX_ATTEMPTS} attempts in ${ACTIVITY_REBIND_WINDOW_MS}ms \u2014 flight recorder down`
+    );
+    broadcast("flight-recorder-down", {
+      reason: "rebind-loop",
+      message: "Activity socket repeatedly disappearing \u2014 run: node9 daemon restart"
+    });
+    return;
+  }
+  logActivitySocket(`rebinding (reason: ${reason}, attempt ${activityRebindAttempts.length})`);
+  if (activitySocketServer) {
+    try {
+      activitySocketServer.close();
+    } catch {
+    }
+    activitySocketServer = null;
+  }
+  bindActivitySocket();
+}
+function bindActivitySocket() {
   try {
     import_fs20.default.unlinkSync(ACTIVITY_SOCKET_PATH2);
   } catch {
@@ -10102,15 +10571,15 @@ function startActivitySocket() {
     socket.on("error", () => {
     });
   });
-  unixServer.listen(ACTIVITY_SOCKET_PATH2);
-  process.on("exit", () => {
-    try {
-      import_fs20.default.unlinkSync(ACTIVITY_SOCKET_PATH2);
-    } catch {
-    }
+  unixServer.on("error", (err2) => {
+    logActivitySocket(`server error: ${err2.message}`);
   });
+  unixServer.listen(ACTIVITY_SOCKET_PATH2, () => {
+    logActivitySocket(`bound to ${ACTIVITY_SOCKET_PATH2}`);
+  });
+  activitySocketServer = unixServer;
 }
-var import_net2, import_fs20, import_path22, import_os18, import_crypto6, homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, LARGE_RESPONSE_RING_SIZE, largeResponseRing, cachedScanResult, cachedScanTs, SCAN_CACHE_TTL_MS, SECRET_KEY_RE, INPUT_PRICE_PER_1M, OUTPUT_PRICE_PER_1M, BYTES_PER_TOKEN, WRITE_TOOL_NAMES;
+var import_net2, import_fs20, import_path22, import_os18, import_crypto6, homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, LARGE_RESPONSE_RING_SIZE, largeResponseRing, cachedScanResult, cachedScanTs, SCAN_CACHE_TTL_MS, SECRET_KEY_RE, INPUT_PRICE_PER_1M, OUTPUT_PRICE_PER_1M, BYTES_PER_TOKEN, WRITE_TOOL_NAMES, ACTIVITY_REBIND_MAX_ATTEMPTS, ACTIVITY_REBIND_WINDOW_MS, ACTIVITY_HEALTH_PROBE_MS, activitySocketServer, activitySocketWatcher, activityHealthInterval, activityRebindAttempts, activityCircuitTripped;
 var init_state2 = __esm({
   "src/daemon/state.ts"() {
     "use strict";
@@ -10171,6 +10640,14 @@ var init_state2 = __esm({
       "notebook_edit",
       "notebookedit"
     ]);
+    ACTIVITY_REBIND_MAX_ATTEMPTS = 5;
+    ACTIVITY_REBIND_WINDOW_MS = 6e4;
+    ACTIVITY_HEALTH_PROBE_MS = 3e4;
+    activitySocketServer = null;
+    activitySocketWatcher = null;
+    activityHealthInterval = null;
+    activityRebindAttempts = [];
+    activityCircuitTripped = false;
   }
 });
@@ -12312,6 +12789,8 @@ async function startTail(options = {}) {
   let initialReplayDone = false;
   const activityPending = /* @__PURE__ */ new Map();
   const orphanedResults = /* @__PURE__ */ new Map();
+  let lastActivityFromDaemon = Date.now();
+  let stallWarned = false;
   const authToken = getInternalToken() ?? "";
   const approvalQueue = [];
   let cardActive = false;
@@ -12538,6 +13017,24 @@ async function startTail(options = {}) {
     console.log(import_chalk29.default.dim("\n\u{1F6F0}\uFE0F  Disconnected."));
     process.exit(0);
   });
+  const STALL_THRESHOLD_MS = 6e4;
+  const stallWatchdog = setInterval(() => {
+    if (stallWarned) return;
+    if (Date.now() - lastActivityFromDaemon < STALL_THRESHOLD_MS) return;
+    try {
+      const auditMtime = import_fs44.default.statSync(auditLog).mtimeMs;
+      if (Date.now() - auditMtime >= STALL_THRESHOLD_MS) return;
+      console.log("");
+      console.log(
+        import_chalk29.default.yellow(
+          "\u26A0\uFE0F  Tail appears stalled \u2014 hooks are firing but no events are arriving. Try: node9 daemon restart"
+        )
+      );
+      stallWarned = true;
+    } catch {
+    }
+  }, STALL_THRESHOLD_MS / 2);
+  stallWatchdog.unref();
   const sseUrl = `http://127.0.0.1:${port}/events?capabilities=input`;
   const req = import_http2.default.get(
     sseUrl,
@@ -12583,7 +13080,18 @@ async function startTail(options = {}) {
     }
   );
   function handleMessage(event, rawData) {
+    lastActivityFromDaemon = Date.now();
     if (event === "csrf") return;
+    if (event === "flight-recorder-down") {
+      try {
+        const parsed = JSON.parse(rawData);
+        const msg = parsed.message ?? "Flight recorder is down \u2014 run: node9 daemon restart";
+        console.log("");
+        console.log(import_chalk29.default.bgRed.white.bold(` \u26A0\uFE0F  ${msg} `));
+      } catch {
+      }
+      return;
+    }
     if (event === "init") {
       try {
         const parsed = JSON.parse(rawData);
@@ -16166,7 +16674,6 @@ function registerInitCommand(program2) {
       console.log(import_chalk15.default.green.bold(`\u{1F6E1}\uFE0F  Node9 is protecting ${agentList}!`));
       console.log("");
       console.log(import_chalk15.default.white("  Watch live:  ") + import_chalk15.default.cyan("node9 tail"));
-      console.log(import_chalk15.default.white("  Local UI:    ") + import_chalk15.default.cyan("node9 daemon --openui"));
       console.log("");
       console.log(import_chalk15.default.gray("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
       console.log(