npm - @node9/proxy - Versions diffs - 1.18.3 → 1.19.1 - Mend

@node9/proxy 1.18.3 → 1.19.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/cli.mjs CHANGED Viewed

@@ -580,6 +580,9 @@ function detectDangerousShellExec(command) {
     return null;
   }
 }
+function isBashTool(toolName) {
+  return BASH_TOOL_NAMES.has(toolName.toLowerCase());
+}
 function isProtectedHomePath(rawPath) {
   let p = rawPath.replace(/^\$HOME[\\/]?|^\$\{HOME\}[\\/]?/, "~/");
   let underHome = false;
@@ -1052,6 +1055,43 @@ function isSqlTool(toolName, toolInspection) {
   const fieldName = toolInspection[matchingPattern];
   return fieldName === "sql" || fieldName === "query";
 }
+function pipeChainVerdict(command, isTrustedHost2) {
+  const pipeAnalysis = analyzePipeChain(command);
+  if (!pipeAnalysis.isPipeline) return null;
+  if (pipeAnalysis.risk !== "critical" && pipeAnalysis.risk !== "high") return null;
+  const sinks = pipeAnalysis.sinkTargets;
+  const allTrusted = sinks.length > 0 && sinks.every((host) => isTrustedHost2 ? isTrustedHost2(host) : false);
+  if (pipeAnalysis.risk === "critical") {
+    if (allTrusted) {
+      return {
+        decision: "review",
+        blockedByLabel: "Node9: Pipe-Chain to Trusted Host (obfuscated)",
+        reason: `Obfuscated pipe to trusted host(s): ${sinks.join(", ")} \u2014 requires approval`,
+        tier: 3
+      };
+    }
+    return {
+      decision: "block",
+      blockedByLabel: "Node9: Pipe-Chain Exfiltration (critical)",
+      reason: `Sensitive file piped through obfuscator to network sink: ${pipeAnalysis.sourceFiles.join(", ")} \u2192 ${sinks.join(", ")}`,
+      tier: 3
+    };
+  }
+  if (allTrusted) {
+    return {
+      decision: "allow",
+      blockedByLabel: "Node9: Pipe-Chain to Trusted Host",
+      reason: `Sensitive file piped to trusted host(s): ${sinks.join(", ")}`,
+      tier: 3
+    };
+  }
+  return {
+    decision: "review",
+    blockedByLabel: "Node9: Pipe-Chain Exfiltration (high)",
+    reason: `Sensitive file piped to network sink: ${pipeAnalysis.sourceFiles.join(", ")} \u2192 ${sinks.join(", ")}`,
+    tier: 3
+  };
+}
 async function evaluatePolicy(config, toolName, args, context = {}, hooks = {}) {
   const { agent, cwd, activeEnvironment } = context;
   const { checkProvenance: checkProvenance2, isTrustedHost: isTrustedHost2 } = hooks;
@@ -1067,9 +1107,27 @@ async function evaluatePolicy(config, toolName, args, context = {}, hooks = {})
     }
   }
   if (wouldBeIgnored) return { decision: "allow" };
+  const bashCommand = agent !== "Terminal" && isBashTool(toolName) && args && typeof args === "object" ? typeof args.command === "string" ? args.command : null : null;
+  if (bashCommand !== null) {
+    const pipeVerdict = pipeChainVerdict(bashCommand, isTrustedHost2);
+    if (pipeVerdict) return pipeVerdict;
+    const fsVerdict = analyzeFsOperation(bashCommand);
+    if (fsVerdict) {
+      const isShieldRule = fsVerdict.ruleName.startsWith("shield:");
+      const labelPrefix = isShieldRule ? "project-jail (AST)" : "Node9 (AST)";
+      return {
+        decision: fsVerdict.verdict,
+        blockedByLabel: `${labelPrefix}: ${fsVerdict.ruleName}`,
+        reason: fsVerdict.reason,
+        tier: 2,
+        ruleName: fsVerdict.ruleName,
+        ruleDescription: fsVerdict.reason
+      };
+    }
+  }
   if (config.policy.smartRules.length > 0) {
     const matchedRule = config.policy.smartRules.find(
-      (rule) => matchesPattern(toolName, rule.tool) && evaluateSmartConditions(args, rule)
+      (rule) => matchesPattern(toolName, rule.tool) && !(bashCommand !== null && rule.name && AST_FS_REGEX_RULES.has(rule.name)) && evaluateSmartConditions(args, rule)
     );
     if (matchedRule) {
       if (matchedRule.verdict === "allow")
@@ -1127,41 +1185,8 @@ async function evaluatePolicy(config, toolName, args, context = {}, hooks = {})
         tier: 3
       };
     }
-    const pipeAnalysis = analyzePipeChain(shellCommand);
-    if (pipeAnalysis.isPipeline && (pipeAnalysis.risk === "critical" || pipeAnalysis.risk === "high")) {
-      const sinks = pipeAnalysis.sinkTargets;
-      const allTrusted = sinks.length > 0 && sinks.every((host) => isTrustedHost2 ? isTrustedHost2(host) : false);
-      if (pipeAnalysis.risk === "critical") {
-        if (allTrusted) {
-          return {
-            decision: "review",
-            blockedByLabel: "Node9: Pipe-Chain to Trusted Host (obfuscated)",
-            reason: `Obfuscated pipe to trusted host(s): ${sinks.join(", ")} \u2014 requires approval`,
-            tier: 3
-          };
-        }
-        return {
-          decision: "block",
-          blockedByLabel: "Node9: Pipe-Chain Exfiltration (critical)",
-          reason: `Sensitive file piped through obfuscator to network sink: ${pipeAnalysis.sourceFiles.join(", ")} \u2192 ${sinks.join(", ")}`,
-          tier: 3
-        };
-      }
-      if (allTrusted) {
-        return {
-          decision: "allow",
-          blockedByLabel: "Node9: Pipe-Chain to Trusted Host",
-          reason: `Sensitive file piped to trusted host(s): ${sinks.join(", ")}`,
-          tier: 3
-        };
-      }
-      return {
-        decision: "review",
-        blockedByLabel: "Node9: Pipe-Chain Exfiltration (high)",
-        reason: `Sensitive file piped to network sink: ${pipeAnalysis.sourceFiles.join(", ")} \u2192 ${sinks.join(", ")}`,
-        tier: 3
-      };
-    }
+    const ptVerdict = pipeChainVerdict(shellCommand, isTrustedHost2);
+    if (ptVerdict) return ptVerdict;
     const firstToken = analyzed.actions[0] ?? "";
     if (["ssh", "scp", "rsync"].includes(firstToken)) {
       const rawTokens = shellCommand.trim().split(/\s+/);
@@ -1483,7 +1508,323 @@ function summarizeBlast(result, opts = {}) {
     }))
   };
 }
-var ASSIGNMENT_CONTEXT_RE, DLP_STOPWORDS, DLP_PATTERNS, DLP_PATTERNS_GLOBAL, SENSITIVE_PATH_PATTERNS, MAX_DEPTH, MAX_STRING_BYTES, MAX_JSON_PARSE_BYTES, syntax, sharedParser, MESSAGE_FLAGS, SHELL_INTERPRETERS, DOWNLOAD_CMDS, NORMALIZE_CACHE_MAX, normalizeCache, AST_CACHE_MAX, astCache, PARSE_FAIL, FS_READ_TOOLS, FS_OP_PRESCREEN_RE, HOME_CACHE_ALLOWLIST, SENSITIVE_PATH_RULES, FS_OP_CACHE_MAX, fsOpCache, SOURCE_COMMANDS, SINK_COMMANDS, OBFUSCATORS, SENSITIVE_PATTERNS, FLAGS_WITH_VALUES, MAX_REGEX_LENGTH, REGEX_CACHE_MAX, regexCache, FORBIDDEN_PATH_SEGMENTS, SQL_DML_KEYWORDS, aws_default, bash_safe_default, docker_default, filesystem_default, github_default, k8s_default, mongodb_default, postgres_default, project_jail_default, redis_default, BUILTIN_SHIELDS, LOOP_MAX_RECORDS, FINDING_TO_SIGNAL, SCAN_SIGNAL_WEIGHTS, LOOP_THRESHOLD_FOR_WASTE, COST_PER_LOOP_ITER_USD;
+function detectPii(text) {
+  const found = /* @__PURE__ */ new Set();
+  if (/@/.test(text) && PII_EMAIL_RE.test(text)) found.add("Email");
+  if (/-/.test(text) && PII_SSN_RE.test(text)) found.add("SSN");
+  if (PII_PHONE_RE.test(text)) found.add("Phone");
+  if (PII_CC_RE.test(text)) found.add("Credit Card");
+  return [...found];
+}
+function extractCanonicalFindings(call, ctx) {
+  const out = [];
+  const ts = call.timestamp;
+  const toolNameLower = call.toolName.toLowerCase();
+  const command = typeof call.args.command === "string" ? call.args.command : null;
+  const isBash = isBashTool(call.toolName) && command !== null;
+  if (call.outputBytes !== void 0 && call.outputBytes > LONG_OUTPUT_THRESHOLD_BYTES) {
+    out.push(
+      makeFinding({
+        type: "long-output-redacted",
+        ruleName: "long-output-redacted",
+        verdict: "review",
+        severity: "medium",
+        reason: `Tool output exceeded ${LONG_OUTPUT_THRESHOLD_BYTES} bytes and was redacted`,
+        toolName: call.toolName,
+        ctx,
+        ts,
+        sourceType: "engine"
+      })
+    );
+  }
+  if (ctx.dlpEnabled) {
+    const dlp = scanArgs(call.args);
+    if (dlp) {
+      out.push(
+        makeFinding({
+          type: "dlp",
+          ruleName: `dlp:${dlp.patternName}`,
+          patternName: dlp.patternName,
+          verdict: dlp.severity === "block" ? "block" : "review",
+          severity: dlp.severity === "block" ? "critical" : "medium",
+          reason: `${dlp.patternName} detected in ${dlp.fieldPath}`,
+          toolName: call.toolName,
+          ctx,
+          ts,
+          sourceType: "engine",
+          input: call.args,
+          redactedSample: dlp.redactedSample
+        })
+      );
+    }
+  }
+  for (const value of stringValues(call.args)) {
+    const piiHits = detectPii(value);
+    for (const pattern of piiHits) {
+      out.push(
+        makeFinding({
+          type: "pii",
+          ruleName: `pii:${pattern.toLowerCase().replace(/\s+/g, "-")}`,
+          patternName: pattern,
+          verdict: "review",
+          severity: "medium",
+          reason: `${pattern} pattern detected in tool input`,
+          toolName: call.toolName,
+          ctx,
+          ts,
+          sourceType: "engine"
+        })
+      );
+    }
+  }
+  if (FILE_TOOLS.has(toolNameLower)) {
+    const filePath = typeof call.args.file_path === "string" && call.args.file_path || typeof call.args.path === "string" && call.args.path || typeof call.args.pattern === "string" && call.args.pattern || "";
+    if (filePath && SENSITIVE_PATH_RE.test(filePath)) {
+      out.push(
+        makeFinding({
+          type: "sensitive-file-read",
+          ruleName: "sensitive-file-read",
+          verdict: "review",
+          severity: "critical",
+          reason: `Sensitive file path read via ${call.toolName}`,
+          toolName: call.toolName,
+          ctx,
+          ts,
+          sourceType: "engine",
+          subjectPath: filePath
+        })
+      );
+    }
+  }
+  if (!isBash || command === null) {
+    return out;
+  }
+  const fsVerdict = analyzeFsOperation(command);
+  if (fsVerdict) {
+    const isShield = fsVerdict.ruleName.startsWith("shield:");
+    out.push(
+      makeFinding({
+        type: "ast-fs-op",
+        ruleName: fsVerdict.ruleName,
+        verdict: fsVerdict.verdict,
+        severity: classifyRuleSeverity(fsVerdict.ruleName, fsVerdict.verdict),
+        reason: fsVerdict.reason,
+        toolName: call.toolName,
+        ctx,
+        ts,
+        sourceType: isShield ? "shield" : "engine",
+        shieldLabel: isShield ? "project-jail (AST)" : "Node9 (AST)",
+        subjectPath: fsVerdict.path,
+        input: call.args
+      })
+    );
+  }
+  for (const source of ctx.rules) {
+    const r = source.rule;
+    if (r.verdict === "allow") continue;
+    if (r.tool && !matchesPattern(toolNameLower, r.tool)) continue;
+    if (r.name && AST_FS_REGEX_RULES.has(r.name)) continue;
+    if (!evaluateSmartConditions(call.args, r)) continue;
+    out.push(
+      makeFinding({
+        type: "smart-rule",
+        ruleName: r.name ?? r.tool,
+        verdict: r.verdict === "block" ? "block" : "review",
+        severity: classifyRuleSeverity(r.name ?? r.tool, r.verdict),
+        reason: r.reason ?? `Smart rule ${r.name ?? r.tool} fired`,
+        toolName: call.toolName,
+        ctx,
+        ts,
+        sourceType: source.sourceType,
+        shieldLabel: source.shieldLabel,
+        input: call.args
+      })
+    );
+    break;
+  }
+  const evalVerdict = detectDangerousShellExec(command);
+  if (evalVerdict) {
+    out.push(
+      makeFinding({
+        type: "eval-of-remote",
+        ruleName: "eval-of-remote",
+        verdict: evalVerdict,
+        severity: classifyRuleSeverity("eval-remote", evalVerdict),
+        reason: evalVerdict === "block" ? "Eval of remote download is a near-certain supply-chain attack" : "Eval of dynamic content (variable / subshell) requires approval",
+        toolName: call.toolName,
+        ctx,
+        ts,
+        sourceType: "engine",
+        input: call.args
+      })
+    );
+  }
+  const pipe = analyzePipeChain(command);
+  if (pipe.isPipeline && pipe.risk === "critical") {
+    out.push(
+      makeFinding({
+        type: "pipe-to-shell",
+        ruleName: "pipe-to-shell",
+        verdict: "block",
+        severity: "critical",
+        reason: `Sensitive file piped through obfuscator to network sink: ${pipe.sourceFiles.join(", ")} \u2192 ${pipe.sinkTargets.join(", ")}`,
+        toolName: call.toolName,
+        ctx,
+        ts,
+        sourceType: "engine",
+        input: call.args
+      })
+    );
+  }
+  if (DESTRUCTIVE_OP_RE.test(command)) {
+    out.push(
+      makeFinding({
+        type: "destructive-op",
+        ruleName: "destructive-op",
+        verdict: "review",
+        severity: "high",
+        reason: "Destructive operation pattern detected",
+        toolName: call.toolName,
+        ctx,
+        ts,
+        sourceType: "engine",
+        input: call.args
+      })
+    );
+  }
+  if (PRIVILEGE_ESCALATION_RE.test(command)) {
+    out.push(
+      makeFinding({
+        type: "privilege-escalation",
+        ruleName: "privilege-escalation",
+        verdict: "review",
+        severity: "high",
+        reason: "Privilege-escalation pattern detected",
+        toolName: call.toolName,
+        ctx,
+        ts,
+        sourceType: "engine",
+        input: call.args
+      })
+    );
+  }
+  return out;
+}
+function extractSessionLevelFindings(calls, ctx) {
+  if (!ctx.loopDetection.enabled || calls.length === 0) return [];
+  const out = [];
+  const seenLoopKeys = /* @__PURE__ */ new Set();
+  const ONE_YEAR_MS = 365 * 24 * 60 * 60 * 1e3;
+  const windowMs = ctx.loopDetection.windowSeconds <= 0 ? ONE_YEAR_MS : ctx.loopDetection.windowSeconds * 1e3;
+  let records = [];
+  let syntheticTs = 0;
+  for (let i = 0; i < calls.length; i++) {
+    const call = calls[i];
+    const parsed = new Date(call.timestamp).getTime();
+    const now = Number.isFinite(parsed) ? parsed : ++syntheticTs;
+    const verdict = evaluateLoopWindow(
+      records,
+      call.toolName,
+      call.args,
+      ctx.loopDetection.threshold,
+      windowMs,
+      now
+    );
+    records = verdict.nextRecords;
+    if (!verdict.looping) continue;
+    const last = records[records.length - 1];
+    const key = `${last.t}|${last.h}`;
+    if (seenLoopKeys.has(key)) continue;
+    seenLoopKeys.add(key);
+    out.push({
+      type: "loop",
+      ruleName: "loop",
+      verdict: "review",
+      severity: "medium",
+      reason: `Tool called ${verdict.count} times with identical args within window`,
+      toolName: call.toolName,
+      agent: ctx.agent,
+      sessionId: ctx.sessionId,
+      project: ctx.project,
+      lineIndex: call.lineIndex,
+      sourceType: "engine",
+      firstSeenAt: call.timestamp,
+      lastSeenAt: call.timestamp,
+      occurrenceCount: 1,
+      loopCount: verdict.count,
+      loopKind: "loop",
+      commandPreview: previewArgs(call.args, DEDUPE_PREVIEW_LEN),
+      costUsd: verdict.count * COST_PER_LOOP_ITER_USD
+    });
+  }
+  return out;
+}
+function toScanFinding(c) {
+  const typeMap = {
+    "smart-rule": null,
+    "ast-fs-op": null,
+    dlp: "dlp",
+    pii: "pii",
+    "sensitive-file-read": "sensitive-file-read",
+    "privilege-escalation": "privilege-escalation",
+    "destructive-op": "destructive-op",
+    "pipe-to-shell": "pipe-to-shell",
+    "eval-of-remote": "eval-of-remote",
+    loop: "loop",
+    "long-output-redacted": "long-output-redacted"
+  };
+  const sfType = typeMap[c.type];
+  if (sfType === null) return null;
+  return {
+    sessionId: c.sessionId,
+    type: sfType,
+    ...c.patternName && { patternName: c.patternName },
+    lineIndex: c.lineIndex
+  };
+}
+function previewArgs(input, max) {
+  const cmd = input.command ?? input.query ?? input.file_path ?? JSON.stringify(input);
+  const s = String(cmd).replace(TERMINAL_ESCAPE_RE, "").replace(/\s+/g, " ").trim();
+  return s.length > max ? s.slice(0, max - 1) + "\u2026" : s;
+}
+function makeFinding(args) {
+  const f = {
+    type: args.type,
+    ruleName: args.ruleName,
+    verdict: args.verdict,
+    severity: args.severity,
+    reason: args.reason,
+    toolName: args.toolName,
+    agent: args.ctx.agent,
+    sessionId: args.ctx.sessionId,
+    project: args.ctx.project,
+    lineIndex: args.ctx.lineIndex,
+    sourceType: args.sourceType,
+    firstSeenAt: args.ts,
+    lastSeenAt: args.ts,
+    occurrenceCount: 1
+  };
+  if (args.shieldLabel) f.shieldLabel = args.shieldLabel;
+  if (args.subjectPath) f.subjectPath = args.subjectPath;
+  if (args.input) f.input = args.input;
+  if (args.patternName) f.patternName = args.patternName;
+  if (args.redactedSample) f.redactedSample = args.redactedSample;
+  return f;
+}
+function* stringValues(obj, depth = 0) {
+  if (depth > 6) return;
+  if (typeof obj === "string") {
+    if (obj.length > 0) yield obj;
+    return;
+  }
+  if (!obj || typeof obj !== "object") return;
+  if (Array.isArray(obj)) {
+    for (const v of obj) yield* stringValues(v, depth + 1);
+    return;
+  }
+  for (const v of Object.values(obj)) yield* stringValues(v, depth + 1);
+}
+var ASSIGNMENT_CONTEXT_RE, DLP_STOPWORDS, DLP_PATTERNS, DLP_PATTERNS_GLOBAL, SENSITIVE_PATH_PATTERNS, MAX_DEPTH, MAX_STRING_BYTES, MAX_JSON_PARSE_BYTES, syntax, sharedParser, MESSAGE_FLAGS, SHELL_INTERPRETERS, DOWNLOAD_CMDS, NORMALIZE_CACHE_MAX, normalizeCache, AST_CACHE_MAX, astCache, PARSE_FAIL, FS_READ_TOOLS, FS_OP_PRESCREEN_RE, HOME_CACHE_ALLOWLIST, SENSITIVE_PATH_RULES, BASH_TOOL_NAMES, AST_FS_REGEX_RULES, FS_OP_CACHE_MAX, fsOpCache, SOURCE_COMMANDS, SINK_COMMANDS, OBFUSCATORS, SENSITIVE_PATTERNS, FLAGS_WITH_VALUES, MAX_REGEX_LENGTH, REGEX_CACHE_MAX, regexCache, FORBIDDEN_PATH_SEGMENTS, SQL_DML_KEYWORDS, aws_default, bash_safe_default, docker_default, filesystem_default, github_default, k8s_default, mongodb_default, postgres_default, project_jail_default, redis_default, BUILTIN_SHIELDS, LOOP_MAX_RECORDS, FINDING_TO_SIGNAL, SCAN_SIGNAL_WEIGHTS, LOOP_THRESHOLD_FOR_WASTE, COST_PER_LOOP_ITER_USD, DESTRUCTIVE_OP_RE, PRIVILEGE_ESCALATION_RE, SENSITIVE_PATH_RE, FILE_TOOLS, PII_EMAIL_RE, PII_SSN_RE, PII_PHONE_RE, PII_CC_RE, LONG_OUTPUT_THRESHOLD_BYTES, CANONICAL_EXTRACTOR_VERSION, DEDUPE_PREVIEW_LEN, TERMINAL_ESCAPE_RE;
 var init_dist = __esm({
   "packages/policy-engine/dist/index.mjs"() {
     "use strict";
@@ -2012,6 +2353,20 @@ var init_dist = __esm({
         )
       }
     ];
+    BASH_TOOL_NAMES = /* @__PURE__ */ new Set([
+      "bash",
+      "execute_bash",
+      "run_shell_command",
+      "shell",
+      "exec_command"
+    ]);
+    AST_FS_REGEX_RULES = /* @__PURE__ */ new Set([
+      "block-rm-rf-home",
+      "shield:project-jail:block-read-ssh",
+      "shield:project-jail:block-read-aws",
+      "shield:project-jail:block-read-env",
+      "shield:project-jail:block-read-credentials"
+    ]);
     FS_OP_CACHE_MAX = 5e3;
     fsOpCache = /* @__PURE__ */ new Map();
     SOURCE_COMMANDS = /* @__PURE__ */ new Set([
@@ -2868,6 +3223,31 @@ var init_dist = __esm({
     };
     LOOP_THRESHOLD_FOR_WASTE = 3;
     COST_PER_LOOP_ITER_USD = 6e-3;
+    DESTRUCTIVE_OP_RE = /\brm\s+-[rRf]+\b|\bDROP\s+(TABLE|DATABASE|COLLECTION|SCHEMA)\b|\bTRUNCATE\s+TABLE\b|\bgit\s+push\s+(--force|-f)\b|\bFLUSHALL\b|\bFLUSHDB\b|\bkubectl\s+delete\b|\bhelm\s+uninstall\b/i;
+    PRIVILEGE_ESCALATION_RE = /\b(sudo|su)\b\s+[a-z]|\bchmod\s+(0?777|\+x)\b|\bchown\s+root\b/i;
+    SENSITIVE_PATH_RE = /\.aws\/(credentials|config)\b|\.ssh\/(id_rsa|id_ed25519|id_ecdsa|id_dsa)\b|\.env(\.|$|\b)|\.config\/gcloud\/credentials\.db\b|\.docker\/config\.json\b|\.netrc\b|\.npmrc\b|\.node9\/credentials\.json\b/i;
+    FILE_TOOLS = /* @__PURE__ */ new Set([
+      "read",
+      "read_file",
+      "edit",
+      "edit_file",
+      "write",
+      "write_file",
+      "multiedit",
+      "grep",
+      "grep_search",
+      "glob",
+      "list_files"
+    ]);
+    PII_EMAIL_RE = /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/;
+    PII_SSN_RE = /\b\d{3}-\d{2}-\d{4}\b/;
+    PII_PHONE_RE = /\b(?:\+?1[-.\s]?)?\(?\d{3}\)?[-.\s]\d{3}[-.\s]\d{4}\b/;
+    PII_CC_RE = /\b(?:4\d{3}|5[1-5]\d{2}|3[47]\d{2}|6\d{3})[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b/;
+    LONG_OUTPUT_THRESHOLD_BYTES = 100 * 1024;
+    CANONICAL_EXTRACTOR_VERSION = "canonical-v1";
+    DEDUPE_PREVIEW_LEN = 120;
+    TERMINAL_ESCAPE_RE = // eslint-disable-next-line no-control-regex
+    /\x1b\[[0-9;?]*[A-Za-z]|\x1b\][^\x07\x1b]*(?:\x07|\x1b\\)|\x1b[@-_]|[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]/g;
   }
 });
@@ -7511,8 +7891,10 @@ var init_costSync = __esm({
 // src/daemon/scan-watermark.ts
 var scan_watermark_exports = {};
 __export(scan_watermark_exports, {
+  WATERMARK_SCHEMA_VERSION: () => WATERMARK_SCHEMA_VERSION,
   extractFindingsFromLine: () => extractFindingsFromLine,
   loadWatermark: () => loadWatermark,
+  markUploadComplete: () => markUploadComplete,
   saveWatermark: () => saveWatermark,
   scanDelta: () => scanDelta,
   tickScanWatcher: () => tickScanWatcher
@@ -7521,18 +7903,68 @@ import fs16 from "fs";
 import os15 from "os";
 import path18 from "path";
 import readline from "readline";
+function freshWatermark() {
+  return {
+    schemaVersion: WATERMARK_SCHEMA_VERSION,
+    extractorVersion: CANONICAL_EXTRACTOR_VERSION,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    files: {}
+  };
+}
 function loadWatermark() {
+  let raw;
   try {
-    const raw = fs16.readFileSync(WATERMARK_FILE(), "utf-8");
-    const parsed = JSON.parse(raw);
-    if (typeof parsed.createdAt === "string" && parsed.files && typeof parsed.files === "object") {
-      return parsed;
-    }
+    raw = fs16.readFileSync(WATERMARK_FILE(), "utf-8");
   } catch {
+    return { status: "fresh", wm: freshWatermark() };
   }
-  return { createdAt: (/* @__PURE__ */ new Date()).toISOString(), files: {} };
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    return { status: "fresh", wm: freshWatermark() };
+  }
+  if (typeof parsed.createdAt !== "string" || !parsed.files || typeof parsed.files !== "object") {
+    return { status: "fresh", wm: freshWatermark() };
+  }
+  const fileSchemaVersion = typeof parsed.schemaVersion === "number" ? parsed.schemaVersion : 1;
+  if (fileSchemaVersion > WATERMARK_SCHEMA_VERSION) {
+    const wm2 = {
+      schemaVersion: fileSchemaVersion,
+      extractorVersion: typeof parsed.extractorVersion === "string" ? parsed.extractorVersion : CANONICAL_EXTRACTOR_VERSION,
+      createdAt: parsed.createdAt,
+      files: parsed.files
+    };
+    return { status: "schema-future", wm: wm2 };
+  }
+  const fileExtractorVersion = typeof parsed.extractorVersion === "string" ? parsed.extractorVersion : "";
+  if (fileExtractorVersion !== CANONICAL_EXTRACTOR_VERSION) {
+    const filesIn = parsed.files;
+    const filesOut = {};
+    for (const [k, v] of Object.entries(filesIn)) {
+      filesOut[k] = { scannedTo: 0 };
+      void v;
+    }
+    const wm2 = {
+      schemaVersion: WATERMARK_SCHEMA_VERSION,
+      extractorVersion: CANONICAL_EXTRACTOR_VERSION,
+      pendingResetUploadAs: "totals",
+      createdAt: parsed.createdAt,
+      files: filesOut
+    };
+    return { status: "extractor-stale", wm: wm2 };
+  }
+  const wm = {
+    schemaVersion: WATERMARK_SCHEMA_VERSION,
+    extractorVersion: CANONICAL_EXTRACTOR_VERSION,
+    ...parsed.pendingResetUploadAs === "totals" && { pendingResetUploadAs: "totals" },
+    createdAt: parsed.createdAt,
+    files: parsed.files
+  };
+  return { status: "current", wm };
 }
 function saveWatermark(wm) {
+  if (wm.schemaVersion > WATERMARK_SCHEMA_VERSION) return;
   const target = WATERMARK_FILE();
   const dir = path18.dirname(target);
   if (!fs16.existsSync(dir)) fs16.mkdirSync(dir, { recursive: true });
@@ -7625,6 +8057,16 @@ function extractFindingsFromLine(line, sessionId, lineIndex) {
       }
     }
   }
+  const ctx = {
+    sessionId,
+    lineIndex,
+    project: "",
+    agent: "claude",
+    rules: [],
+    toolInspection: { bash: "command", execute_bash: "command" },
+    dlpEnabled: false
+    // line-level DLP runs above already
+  };
   const message = line.message;
   if (message && typeof message === "object") {
     const content = message.content;
@@ -7635,73 +8077,105 @@ function extractFindingsFromLine(line, sessionId, lineIndex) {
         if (b.type === "tool_result") {
           const c = b.content;
           const len = typeof c === "string" ? c.length : Array.isArray(c) ? JSON.stringify(c).length : 0;
-          if (len > LONG_OUTPUT_THRESHOLD_BYTES) {
+          if (len > LONG_OUTPUT_THRESHOLD_BYTES2) {
             findings.push({
               type: "long-output-redacted",
               sessionId,
               lineIndex
             });
           }
+          continue;
         }
         if (b.type !== "tool_use") continue;
-        const toolName = typeof b.name === "string" ? b.name.toLowerCase() : "";
-        const input = b.input;
-        if (FILE_TOOLS.has(toolName)) {
-          const filePath = typeof input?.file_path === "string" && input.file_path || typeof input?.path === "string" && input.path || typeof input?.pattern === "string" && input.pattern || "";
-          if (filePath && SENSITIVE_PATH_RE.test(filePath)) {
-            findings.push({
-              type: "sensitive-file-read",
-              sessionId,
-              lineIndex
-            });
-          }
-        }
-        if (toolName !== "bash" && toolName !== "execute_bash") continue;
-        const command = input && typeof input.command === "string" ? input.command : "";
-        if (!command) continue;
-        const verdict = detectDangerousShellExec(command);
-        if (verdict) {
-          findings.push({ type: "eval-of-remote", sessionId, lineIndex });
-        }
-        const pipe = analyzePipeChain(command);
-        if (pipe.isPipeline && pipe.risk === "critical") {
-          findings.push({ type: "pipe-to-shell", sessionId, lineIndex });
-        }
-        if (DESTRUCTIVE_OP_RE.test(command)) {
-          findings.push({ type: "destructive-op", sessionId, lineIndex });
-        }
-        if (PRIVILEGE_ESCALATION_RE.test(command)) {
-          findings.push({
-            type: "privilege-escalation",
-            sessionId,
-            lineIndex
-          });
+        const toolName = typeof b.name === "string" ? b.name : "";
+        const input = b.input ?? {};
+        const call = {
+          toolName,
+          args: input,
+          timestamp: typeof obj.timestamp === "string" ? obj.timestamp : ""
+        };
+        const canonical = extractCanonicalFindings(call, ctx);
+        for (const cf of canonical) {
+          const sf = toScanFinding(cf);
+          if (sf) findings.push(sf);
         }
       }
     }
   }
   return findings;
 }
-function detectPii(text) {
-  const found = /* @__PURE__ */ new Set();
-  if (/@/.test(text) && PII_EMAIL_RE.test(text)) found.add("Email");
-  if (/-/.test(text) && PII_SSN_RE.test(text)) found.add("SSN");
-  if (PII_PHONE_RE.test(text)) found.add("Phone");
-  if (PII_CC_RE.test(text)) found.add("Credit Card");
-  return [...found];
+function markUploadComplete() {
+  const state = loadWatermark();
+  if (state.status === "schema-future") return;
+  if (state.status === "extractor-stale") return;
+  if (!state.wm.pendingResetUploadAs) return;
+  delete state.wm.pendingResetUploadAs;
+  saveWatermark(state.wm);
 }
 async function tickScanWatcher() {
   if (process.env.NODE9_SCAN_DISABLE === "1") {
-    return {
-      findings: [],
-      totalToolCalls: 0,
-      toolCallsBySession: {},
-      filesScanned: 0,
-      filesNew: 0,
-      filesSkipped: 0
-    };
+    return emptyTick("deltas");
+  }
+  const state = loadWatermark();
+  if (state.status === "schema-future") {
+    if (process.env.NODE9_DEBUG === "1") {
+      process.stderr.write("[node9] watermark schema is from a newer daemon \u2014 skipping tick.\n");
+    }
+    return { ...emptyTick("deltas"), schemaFuture: true };
+  }
+  if (state.status === "extractor-stale") {
+    if (process.env.NODE9_SKIP_WATERMARK_RESET === "1") {
+      const acknowledged = readRawWatermarkPreservingOffsets();
+      if (acknowledged) {
+        saveWatermark(acknowledged);
+      }
+      process.stderr.write(
+        "[node9] Extractor upgrade acknowledged via NODE9_SKIP_WATERMARK_RESET.\n       Existing verdicts not refreshed \u2014 run `node9 scan --upload-history`\n       to backfill them through the new pipeline.\n"
+      );
+      return runActualTick(loadWatermark().wm);
+    }
+    process.stderr.write(
+      "[node9] Detector upgrade detected \u2014 re-scanning history through the new\n        pipeline. Expect a one-time SaaS payload spike on this tick.\n        Set NODE9_SKIP_WATERMARK_RESET=1 to skip.\n"
+    );
+  }
+  return runActualTick(state.wm);
+}
+function emptyTick(uploadAs) {
+  return {
+    findings: [],
+    totalToolCalls: 0,
+    toolCallsBySession: {},
+    filesScanned: 0,
+    filesNew: 0,
+    filesSkipped: 0,
+    uploadAs,
+    schemaFuture: false
+  };
+}
+function readRawWatermarkPreservingOffsets() {
+  let raw;
+  try {
+    raw = fs16.readFileSync(WATERMARK_FILE(), "utf-8");
+  } catch {
+    return null;
   }
-  const wm = loadWatermark();
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    return null;
+  }
+  if (typeof parsed.createdAt !== "string" || !parsed.files || typeof parsed.files !== "object") {
+    return null;
+  }
+  return {
+    schemaVersion: WATERMARK_SCHEMA_VERSION,
+    extractorVersion: CANONICAL_EXTRACTOR_VERSION,
+    createdAt: parsed.createdAt,
+    files: parsed.files
+  };
+}
+async function runActualTick(wm) {
   const watermarkCreatedAt = new Date(wm.createdAt).getTime();
   const findings = [];
   let totalToolCalls = 0;
@@ -7748,10 +8222,20 @@ async function tickScanWatcher() {
     wm.files[filePath] = { scannedTo: newScannedTo };
     filesScanned++;
   }
+  const uploadAs = wm.pendingResetUploadAs === "totals" ? "totals" : "deltas";
   saveWatermark(wm);
-  return { findings, totalToolCalls, toolCallsBySession, filesScanned, filesNew, filesSkipped };
+  return {
+    findings,
+    totalToolCalls,
+    toolCallsBySession,
+    filesScanned,
+    filesNew,
+    filesSkipped,
+    uploadAs,
+    schemaFuture: false
+  };
 }
-var PROJECTS_DIR, WATERMARK_FILE, MAX_LINE_BYTES, DESTRUCTIVE_OP_RE, LONG_OUTPUT_THRESHOLD_BYTES, FILE_TOOLS, SENSITIVE_PATH_RE, PII_EMAIL_RE, PII_SSN_RE, PII_PHONE_RE, PII_CC_RE, PRIVILEGE_ESCALATION_RE;
+var PROJECTS_DIR, WATERMARK_FILE, MAX_LINE_BYTES, WATERMARK_SCHEMA_VERSION, LONG_OUTPUT_THRESHOLD_BYTES2;
 var init_scan_watermark = __esm({
   "src/daemon/scan-watermark.ts"() {
     "use strict";
@@ -7760,27 +8244,8 @@ var init_scan_watermark = __esm({
     PROJECTS_DIR = () => path18.join(os15.homedir(), ".claude", "projects");
     WATERMARK_FILE = () => path18.join(os15.homedir(), ".node9", "scan-watermark.json");
     MAX_LINE_BYTES = 2 * 1024 * 1024;
-    DESTRUCTIVE_OP_RE = /\brm\s+-[rRf]+\b|\bDROP\s+(TABLE|DATABASE|COLLECTION|SCHEMA)\b|\bTRUNCATE\s+TABLE\b|\bgit\s+push\s+(--force|-f)\b|\bFLUSHALL\b|\bFLUSHDB\b|\bkubectl\s+delete\b|\bhelm\s+uninstall\b/i;
-    LONG_OUTPUT_THRESHOLD_BYTES = 100 * 1024;
-    FILE_TOOLS = /* @__PURE__ */ new Set([
-      "read",
-      "read_file",
-      "edit",
-      "edit_file",
-      "write",
-      "write_file",
-      "multiedit",
-      "grep",
-      "grep_search",
-      "glob",
-      "list_files"
-    ]);
-    SENSITIVE_PATH_RE = /\.aws\/(credentials|config)\b|\.ssh\/(id_rsa|id_ed25519|id_ecdsa|id_dsa)\b|\.env(\.|$|\b)|\.config\/gcloud\/credentials\.db\b|\.docker\/config\.json\b|\.netrc\b|\.npmrc\b|\.node9\/credentials\.json\b/i;
-    PII_EMAIL_RE = /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/;
-    PII_SSN_RE = /\b\d{3}-\d{2}-\d{4}\b/;
-    PII_PHONE_RE = /\b(?:\+?1[-.\s]?)?\(?\d{3}\)?[-.\s]\d{3}[-.\s]\d{4}\b/;
-    PII_CC_RE = /\b(?:4\d{3}|5[1-5]\d{2}|3[47]\d{2}|6\d{3})[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b/;
-    PRIVILEGE_ESCALATION_RE = /\b(sudo|su)\b\s+[a-z]|\bchmod\s+(0?777|\+x)\b|\bchown\s+root\b/i;
+    WATERMARK_SCHEMA_VERSION = 2;
+    LONG_OUTPUT_THRESHOLD_BYTES2 = LONG_OUTPUT_THRESHOLD_BYTES;
   }
 });
@@ -7905,6 +8370,13 @@ async function runUploadHistory(opts) {
   let linesParsed = 0;
   let linesSkipped = 0;
   const dailyEntries = [];
+  const liveLoopCfg = getConfig().policy.loopDetection;
+  const loopCfg = {
+    enabled: liveLoopCfg.enabled,
+    threshold: 3,
+    windowSeconds: 0
+    // "no window" — engine treats this as session-wide
+  };
   for (const { filePath, sessionId, projectDir } of iterateJsonlFiles(cutoffMs)) {
     filesScanned++;
     let content;
@@ -7914,6 +8386,7 @@ async function runUploadHistory(opts) {
       continue;
     }
     let lineIndex = 0;
+    const sessionCalls = [];
     for (const line of content.split("\n")) {
       if (!line.trim()) continue;
       let obj;
@@ -7930,10 +8403,38 @@ async function runUploadHistory(opts) {
       if (obj["type"] === "assistant" && Array.isArray(msg?.content) && msg.content.some((b) => b.type === "tool_use")) {
         totalToolCalls++;
         toolCallsBySession[sessionId] = (toolCallsBySession[sessionId] ?? 0) + 1;
+        const ts = typeof obj.timestamp === "string" ? obj.timestamp : "";
+        for (const block of msg.content) {
+          if (!block || typeof block !== "object") continue;
+          const b = block;
+          if (b.type !== "tool_use") continue;
+          sessionCalls.push({
+            toolName: typeof b.name === "string" ? b.name : "",
+            args: b.input ?? {},
+            timestamp: ts,
+            lineIndex
+          });
+        }
       }
       linesParsed++;
       lineIndex++;
     }
+    if (loopCfg.enabled && sessionCalls.length > 0) {
+      const loops = extractSessionLevelFindings(sessionCalls, {
+        sessionId,
+        project: decodeProjectDirName(projectDir),
+        agent: "claude",
+        loopDetection: {
+          enabled: loopCfg.enabled,
+          threshold: loopCfg.threshold,
+          windowSeconds: loopCfg.windowSeconds
+        }
+      });
+      for (const cf of loops) {
+        const sf = toScanFinding(cf);
+        if (sf) findings.push(sf);
+      }
+    }
     const fallbackWorkingDir = decodeProjectDirName(projectDir);
     const dailyMap = parseJSONLFile(filePath, fallbackWorkingDir);
     for (const entry of dailyMap.values()) {
@@ -7958,7 +8459,8 @@ async function runUploadHistory(opts) {
   const scanUrl = creds.apiUrl.endsWith("/policies/sync") ? creds.apiUrl.replace(/\/policies\/sync$/, "/scan/report") : `${creds.apiUrl.replace(/\/$/, "")}/scan/report`;
   await postJson(scanUrl, creds.apiKey, {
     ...summary,
-    sessionTotals
+    sessionTotals,
+    extractorVersion: CANONICAL_EXTRACTOR_VERSION
   });
   console.log(chalk3.green(`   \u2713 Uploaded scanner findings`));
   if (dailyEntries.length > 0) {
@@ -8094,7 +8596,7 @@ function fmtTs(ts) {
   }
 }
 function stripTerminalEscapes(s) {
-  return s.replace(TERMINAL_ESCAPE_RE, "");
+  return s.replace(TERMINAL_ESCAPE_RE2, "");
 }
 function preview(input, max) {
   const cmd = input.command ?? input.query ?? input.file_path ?? JSON.stringify(input);
@@ -9368,7 +9870,7 @@ function renderNarrativeScorecard(input) {
   console.log("");
 }
 function registerScanCommand(program2) {
-  program2.command("scan").description("Forecast: scan agent history and show what node9 would catch if installed").option("--all", "Scan all history (default: last 30 days)").option("--days <n>", "Scan last N days of history", "30").option("--top <n>", "Max findings to show per rule (default: 5)", "5").option("--drill-down", "Show all findings with full commands and session IDs").option("--compact", "Compact one-screen scorecard \u2014 for screenshots and sharing").option("--narrative", "Severity-grouped report \u2014 for video / dramatic sharing").option(
+  program2.command("scan").description("Forecast: scan agent history and show what node9 would catch if installed").option("--all", "Scan all history (default: last 90 days)").option("--days <n>", "Scan last N days of history", "90").option("--top <n>", "Max findings to show per rule (default: 5)", "5").option("--drill-down", "Show all findings with full commands and session IDs").option("--compact", "Compact one-screen scorecard \u2014 for screenshots and sharing").option("--narrative", "Severity-grouped report \u2014 for video / dramatic sharing").option(
     "--upload-history",
     "Upload aggregate counts from existing JSONL sessions to the SaaS dashboard. Defaults to last 3 months; override with --since. Idempotent (safe to re-run)."
   ).option(
@@ -9387,7 +9889,7 @@ function registerScanCommand(program2) {
       const previewWidth = 70;
       const startDate = options.all ? null : (() => {
         const d = /* @__PURE__ */ new Date();
-        d.setDate(d.getDate() - (parseInt(options.days, 10) || 30));
+        d.setDate(d.getDate() - (parseInt(options.days, 10) || 90));
         d.setHours(0, 0, 0, 0);
         return d;
       })();
@@ -9461,7 +9963,7 @@ function registerScanCommand(program2) {
         );
         return;
       }
-      const rangeLabel = options.all ? chalk4.dim("all time") : chalk4.dim(`last ${options.days ?? 30} days`);
+      const rangeLabel = options.all ? chalk4.dim("all time") : chalk4.dim(`last ${options.days ?? 90} days`);
       const dateRange = scan.firstDate && scan.lastDate ? chalk4.dim(`  ${fmtTs(scan.firstDate)} \u2013 ${fmtTs(scan.lastDate)}`) : "";
       const breakdownParts = [];
       if (claudeScan.sessions > 0)
@@ -9747,7 +10249,7 @@ function registerScanCommand(program2) {
     }
   );
 }
-var CLAUDE_PRICING, GEMINI_PRICING, CODE_EXTENSIONS, SELF_OUTPUT_MARKERS, FIXTURE_TOKEN_PATTERNS, TERMINAL_ESCAPE_RE, LOOP_TOOLS, LOOP_THRESHOLD, LOOP_TIMESPAN_THRESHOLD_MS, STUCK_TOOLS_MIN_WASTE, STUCK_TOOLS_LIMIT, RECURRING_SESSION_THRESHOLD, STALE_AGE_DAYS, AST_FS_REGEX_RULES, DEFAULT_RULE_NAMES, classifyRuleSeverity2, narrativeRuleLabel2;
+var CLAUDE_PRICING, GEMINI_PRICING, CODE_EXTENSIONS, SELF_OUTPUT_MARKERS, FIXTURE_TOKEN_PATTERNS, TERMINAL_ESCAPE_RE2, LOOP_TOOLS, LOOP_THRESHOLD, LOOP_TIMESPAN_THRESHOLD_MS, STUCK_TOOLS_MIN_WASTE, STUCK_TOOLS_LIMIT, RECURRING_SESSION_THRESHOLD, STALE_AGE_DAYS, DEFAULT_RULE_NAMES, classifyRuleSeverity2, narrativeRuleLabel2;
 var init_scan = __esm({
   "src/cli/commands/scan.ts"() {
     "use strict";
@@ -9823,7 +10325,7 @@ var init_scan = __esm({
       // long digit sequence — fixture, not entropy
       /qwerty/i
     ];
-    TERMINAL_ESCAPE_RE = /\x1b\[[0-9;?]*[A-Za-z]|\x1b\][^\x07\x1b]*(?:\x07|\x1b\\)|\x1b[@-_]|[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]/g;
+    TERMINAL_ESCAPE_RE2 = /\x1b\[[0-9;?]*[A-Za-z]|\x1b\][^\x07\x1b]*(?:\x07|\x1b\\)|\x1b[@-_]|[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]/g;
     LOOP_TOOLS = /* @__PURE__ */ new Set([
       "bash",
       "execute_bash",
@@ -9840,13 +10342,6 @@ var init_scan = __esm({
     STUCK_TOOLS_LIMIT = 3;
     RECURRING_SESSION_THRESHOLD = 3;
     STALE_AGE_DAYS = 30;
-    AST_FS_REGEX_RULES = /* @__PURE__ */ new Set([
-      "block-rm-rf-home",
-      "shield:project-jail:block-read-ssh",
-      "shield:project-jail:block-read-aws",
-      "shield:project-jail:block-read-env",
-      "shield:project-jail:block-read-credentials"
-    ]);
     DEFAULT_RULE_NAMES = new Set(
       DEFAULT_CONFIG.policy.smartRules.map((r) => r.name).filter(Boolean)
     );
@@ -10398,33 +10893,11 @@ function shouldRebind(now = Date.now()) {
 }
 function startActivitySocket() {
   bindActivitySocket();
-  if (process.platform !== "win32") {
-    try {
-      activitySocketWatcher = fs20.watch(os18.tmpdir(), (eventType, filename) => {
-        if (filename !== path22.basename(ACTIVITY_SOCKET_PATH2)) return;
-        if (eventType !== "rename") return;
-        if (fs20.existsSync(ACTIVITY_SOCKET_PATH2)) return;
-        attemptRebind("watch-unlink");
-      });
-      activitySocketWatcher.on("error", (err2) => {
-        logActivitySocket(`watcher error: ${err2.message}`);
-      });
-      activitySocketWatcher.unref();
-    } catch (err2) {
-      logActivitySocket(`failed to start watcher: ${err2.message}`);
-    }
-  }
   activityHealthInterval = setInterval(() => {
     if (!fs20.existsSync(ACTIVITY_SOCKET_PATH2)) attemptRebind("health-probe");
   }, ACTIVITY_HEALTH_PROBE_MS);
   activityHealthInterval.unref();
   process.on("exit", () => {
-    if (activitySocketWatcher) {
-      try {
-        activitySocketWatcher.close();
-      } catch {
-      }
-    }
     if (activityHealthInterval) clearInterval(activityHealthInterval);
     try {
       fs20.unlinkSync(ACTIVITY_SOCKET_PATH2);
@@ -10559,7 +11032,7 @@ function bindActivitySocket() {
   });
   activitySocketServer = unixServer;
 }
-var homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, LARGE_RESPONSE_RING_SIZE, largeResponseRing, cachedScanResult, cachedScanTs, SCAN_CACHE_TTL_MS, SECRET_KEY_RE, INPUT_PRICE_PER_1M, OUTPUT_PRICE_PER_1M, BYTES_PER_TOKEN, WRITE_TOOL_NAMES, ACTIVITY_REBIND_MAX_ATTEMPTS, ACTIVITY_REBIND_WINDOW_MS, ACTIVITY_HEALTH_PROBE_MS, activitySocketServer, activitySocketWatcher, activityHealthInterval, activityRebindAttempts, activityCircuitTripped;
+var homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, LARGE_RESPONSE_RING_SIZE, largeResponseRing, cachedScanResult, cachedScanTs, SCAN_CACHE_TTL_MS, SECRET_KEY_RE, INPUT_PRICE_PER_1M, OUTPUT_PRICE_PER_1M, BYTES_PER_TOKEN, WRITE_TOOL_NAMES, ACTIVITY_REBIND_MAX_ATTEMPTS, ACTIVITY_REBIND_WINDOW_MS, ACTIVITY_HEALTH_PROBE_MS, activitySocketServer, activityHealthInterval, activityRebindAttempts, activityCircuitTripped;
 var init_state2 = __esm({
   "src/daemon/state.ts"() {
     "use strict";
@@ -10617,9 +11090,8 @@ var init_state2 = __esm({
     ]);
     ACTIVITY_REBIND_MAX_ATTEMPTS = 5;
     ACTIVITY_REBIND_WINDOW_MS = 6e4;
-    ACTIVITY_HEALTH_PROBE_MS = 3e4;
+    ACTIVITY_HEALTH_PROBE_MS = 2e3;
     activitySocketServer = null;
-    activitySocketWatcher = null;
     activityHealthInterval = null;
     activityRebindAttempts = [];
     activityCircuitTripped = false;
@@ -10829,16 +11301,19 @@ async function pushBlastSnapshot(creds) {
 async function pushScanSnapshot(creds) {
   try {
     const tick = await tickScanWatcher();
+    if (tick.schemaFuture) return;
     if (tick.findings.length === 0 && tick.totalToolCalls === 0) {
       return;
     }
     const summary = summarizeScan(tick.findings, {
       totalToolCalls: tick.totalToolCalls
     });
-    const sessionDeltas = buildSessionDeltas(tick.findings, tick.toolCallsBySession);
+    const perSession = buildSessionDeltas(tick.findings, tick.toolCallsBySession);
     const scanUrl = creds.apiUrl.endsWith("/policies/sync") ? creds.apiUrl.replace(/\/policies\/sync$/, "/scan/report") : null;
     if (!scanUrl) return;
+    const body = tick.uploadAs === "totals" ? { ...summary, sessionTotals: perSession, extractorVersion: CANONICAL_EXTRACTOR_VERSION } : { ...summary, sessionDeltas: perSession, extractorVersion: CANONICAL_EXTRACTOR_VERSION };
     const parsed = new URL(scanUrl);
+    let posted = false;
     await new Promise((resolve) => {
       const req = https2.request(
         {
@@ -10853,6 +11328,9 @@ async function pushScanSnapshot(creds) {
           timeout: 1e4
         },
         (res) => {
+          if (res.statusCode && res.statusCode >= 200 && res.statusCode < 300) {
+            posted = true;
+          }
           res.resume();
           res.on("end", resolve);
           res.on("error", () => resolve());
@@ -10863,9 +11341,12 @@ async function pushScanSnapshot(creds) {
         req.destroy();
         resolve();
       });
-      req.write(JSON.stringify({ ...summary, sessionDeltas }));
+      req.write(JSON.stringify(body));
       req.end();
     });
+    if (posted && tick.uploadAs === "totals") {
+      markUploadComplete();
+    }
   } catch {
   }
 }