npm - @node9/proxy - Versions diffs - 1.19.2 → 1.19.4 - Mend

@node9/proxy 1.19.2 → 1.19.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/dashboard.mjs ADDED Viewed

@@ -0,0 +1,4651 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+// src/tui/dashboard/types.ts
+function windowStartMs(window, openedAt) {
+  if (window === "now") return openedAt;
+  const day = 864e5;
+  switch (window) {
+    case "1d":
+      return Date.now() - day;
+    case "7d":
+      return Date.now() - 7 * day;
+    case "30d":
+      return Date.now() - 30 * day;
+    case "60d":
+      return Date.now() - 60 * day;
+  }
+}
+var EMPTY_SESSION_FORENSIC;
+var init_types = __esm({
+  "src/tui/dashboard/types.ts"() {
+    "use strict";
+    EMPTY_SESSION_FORENSIC = {
+      pii: 0,
+      sensitiveFileRead: 0,
+      privilegeEscalation: 0,
+      destructiveOp: 0,
+      pipeToShell: 0,
+      evalOfRemote: 0,
+      longOutputRedacted: 0
+    };
+  }
+});
+// packages/policy-engine/dist/index.mjs
+import safeRegex from "safe-regex2";
+import mvdanSh from "mvdan-sh";
+import pm from "picomatch";
+import safeRegex2 from "safe-regex2";
+import safeRegex3 from "safe-regex2";
+function isAssignmentContext(text) {
+  return ASSIGNMENT_CONTEXT_RE.test(text);
+}
+function shannonEntropy(s) {
+  if (s.length === 0) return 0;
+  const freq = /* @__PURE__ */ new Map();
+  for (const ch of s) freq.set(ch, (freq.get(ch) ?? 0) + 1);
+  let h = 0;
+  for (const count of freq.values()) {
+    const p = count / s.length;
+    h -= p * Math.log2(p);
+  }
+  return h;
+}
+function assertBuiltinPatternsAreSafe() {
+  for (const p of DLP_PATTERNS) {
+    if (!safeRegex(p.regex.source)) {
+      throw new Error(
+        `[node9 engine] Builtin DLP pattern '${p.name}' is vulnerable to ReDoS: ${p.regex.source}`
+      );
+    }
+  }
+  for (const re of SENSITIVE_PATH_PATTERNS) {
+    if (!safeRegex(re.source)) {
+      throw new Error(
+        `[node9 engine] Builtin sensitive-path pattern is vulnerable to ReDoS: ${re.source}`
+      );
+    }
+  }
+}
+function maskSecret(raw, pattern) {
+  const match = raw.match(pattern);
+  if (!match) return "****";
+  const secret = match[0];
+  if (secret.length < 8) return "****";
+  const prefix = secret.slice(0, 4);
+  const suffix = secret.slice(-4);
+  const stars = "*".repeat(Math.min(secret.length - 8, 12));
+  return `${prefix}${stars}${suffix}`;
+}
+function scanArgs(args, depth = 0, fieldPath = "args") {
+  if (depth > MAX_DEPTH || args === null || args === void 0) return null;
+  if (Array.isArray(args)) {
+    for (let i = 0; i < args.length; i++) {
+      const match = scanArgs(args[i], depth + 1, `${fieldPath}[${i}]`);
+      if (match) return match;
+    }
+    return null;
+  }
+  if (typeof args === "object") {
+    for (const [key, value] of Object.entries(args)) {
+      const match = scanArgs(value, depth + 1, `${fieldPath}.${key}`);
+      if (match) return match;
+    }
+    return null;
+  }
+  if (typeof args === "string") {
+    const text = args.length > MAX_STRING_BYTES ? args.slice(0, MAX_STRING_BYTES) : args;
+    const textLower = text.toLowerCase();
+    const assignmentCtx = isAssignmentContext(text);
+    for (const pattern of DLP_PATTERNS) {
+      if (pattern.keywords && !pattern.keywords.some((kw) => textLower.includes(kw.toLowerCase()))) {
+        continue;
+      }
+      if (pattern.regex.test(text)) {
+        const raw = text.match(pattern.regex)?.[0] ?? "";
+        if (DLP_STOPWORDS.some((sw) => raw.toLowerCase().includes(sw))) continue;
+        if (pattern.minEntropy !== void 0 && shannonEntropy(raw) < pattern.minEntropy) continue;
+        const severity = pattern.contextBoost && assignmentCtx ? "block" : pattern.severity;
+        return {
+          patternName: pattern.name,
+          fieldPath,
+          redactedSample: maskSecret(text, pattern.regex),
+          severity
+        };
+      }
+    }
+    if (text.length < MAX_JSON_PARSE_BYTES) {
+      const trimmed = text.trim();
+      if (trimmed.startsWith("{") || trimmed.startsWith("[")) {
+        try {
+          const parsed = JSON.parse(text);
+          const inner = scanArgs(parsed, depth + 1, fieldPath);
+          if (inner) return inner;
+        } catch {
+        }
+      }
+    }
+  }
+  return null;
+}
+function isCatHeredocOrLit(part) {
+  if (!part) return false;
+  const t = syntax.NodeType(part);
+  if (t === "Lit") return true;
+  if (t !== "CmdSubst") return false;
+  const stmts = part.Stmts || [];
+  if (stmts.length !== 1) return false;
+  const stmt = stmts[0];
+  const redirs = stmt.Redirs || stmt.Cmd?.Redirs || [];
+  const hasHeredoc = redirs.some((r) => r && r.Hdoc);
+  if (!hasHeredoc) return false;
+  const cmd = stmt.Cmd;
+  if (!cmd || syntax.NodeType(cmd) !== "CallExpr") return false;
+  const firstArg = cmd.Args?.[0]?.Parts || [];
+  if (firstArg.length !== 1 || syntax.NodeType(firstArg[0]) !== "Lit") return false;
+  return (firstArg[0].Value || "").toLowerCase() === "cat";
+}
+function parseShared(command) {
+  const cached = astCache.get(command);
+  if (cached !== void 0) {
+    astCache.delete(command);
+    astCache.set(command, cached);
+    return cached;
+  }
+  let parsed;
+  try {
+    parsed = sharedParser.Parse(command, "cmd");
+  } catch {
+    parsed = PARSE_FAIL;
+  }
+  if (astCache.size >= AST_CACHE_MAX) {
+    const oldest = astCache.keys().next().value;
+    if (oldest !== void 0) astCache.delete(oldest);
+  }
+  astCache.set(command, parsed);
+  return parsed;
+}
+function cachedNormalize(command, compute) {
+  const hit = normalizeCache.get(command);
+  if (hit !== void 0) {
+    normalizeCache.delete(command);
+    normalizeCache.set(command, hit);
+    return hit;
+  }
+  const result = compute();
+  if (normalizeCache.size >= NORMALIZE_CACHE_MAX) {
+    const oldest = normalizeCache.keys().next().value;
+    if (oldest !== void 0) normalizeCache.delete(oldest);
+  }
+  normalizeCache.set(command, result);
+  return result;
+}
+function normalizeCommandForPolicy(command) {
+  return cachedNormalize(command, () => normalizeCommandForPolicyImpl(command));
+}
+function normalizeCommandForPolicyImpl(command) {
+  const f = parseShared(command);
+  if (f === PARSE_FAIL) return command;
+  try {
+    const strips = [];
+    syntax.Walk(f, (node) => {
+      if (!node) return false;
+      const n = node;
+      if (syntax.NodeType(n) !== "CallExpr") return true;
+      const args = n.Args || [];
+      for (let i = 0; i < args.length - 1; i++) {
+        const argParts = args[i].Parts || [];
+        if (argParts.length !== 1 || syntax.NodeType(argParts[0]) !== "Lit") continue;
+        const flagVal = argParts[0].Value || "";
+        if (!MESSAGE_FLAGS.has(flagVal.toLowerCase())) continue;
+        const next = args[i + 1];
+        const nextParts = next.Parts || [];
+        if (nextParts.length !== 1) continue;
+        const quotedNode = nextParts[0];
+        const nt = syntax.NodeType(quotedNode);
+        if (nt === "SglQuoted") {
+          strips.push([next.Pos().Offset(), next.End().Offset()]);
+        } else if (nt === "DblQuoted") {
+          const innerParts = quotedNode.Parts || [];
+          const allLit = innerParts.length === 0 || innerParts.every((p) => syntax.NodeType(p) === "Lit");
+          if (allLit) {
+            strips.push([next.Pos().Offset(), next.End().Offset()]);
+          } else if (innerParts.every((p) => isCatHeredocOrLit(p))) {
+            strips.push([next.Pos().Offset(), next.End().Offset()]);
+          }
+        }
+      }
+      return true;
+    });
+    if (strips.length === 0) return command;
+    strips.sort((a, b) => b[0] - a[0]);
+    let result = command;
+    for (const [start, end] of strips) {
+      result = result.slice(0, start) + '""' + result.slice(end);
+    }
+    return result;
+  } catch {
+    return command;
+  }
+}
+function scanArgsForDynamicExec(args, startIdx) {
+  let hasCmdSubst = false;
+  let hasParamExp = false;
+  let hasCurl = false;
+  for (let i = startIdx; i < args.length; i++) {
+    syntax.Walk(args[i], (inner) => {
+      if (!inner) return false;
+      const inn = inner;
+      const it = syntax.NodeType(inn);
+      if (it === "CmdSubst") hasCmdSubst = true;
+      if (it === "ParamExp") hasParamExp = true;
+      if (it === "Lit" && DOWNLOAD_CMDS.has(inn.Value?.toLowerCase())) hasCurl = true;
+      return true;
+    });
+  }
+  if (hasCmdSubst && hasCurl) return "block";
+  if (hasCmdSubst || hasParamExp) return "review";
+  return null;
+}
+function detectDangerousShellExec(command) {
+  try {
+    const f = sharedParser.Parse(command, "cmd");
+    let result = null;
+    syntax.Walk(f, (node) => {
+      if (!node || result === "block") return false;
+      const n = node;
+      if (syntax.NodeType(n) !== "CallExpr") return true;
+      const args = n.Args || [];
+      if (args.length === 0) return true;
+      const firstParts = args[0].Parts || [];
+      if (firstParts.length !== 1 || syntax.NodeType(firstParts[0]) !== "Lit") return true;
+      const cmdName = firstParts[0].Value?.toLowerCase() ?? "";
+      if (cmdName === "eval") {
+        const v = scanArgsForDynamicExec(args, 1);
+        if (v === "block" || v === "review" && result === null) result = v;
+      } else if (SHELL_INTERPRETERS.has(cmdName)) {
+        for (let i = 1; i < args.length - 1; i++) {
+          const flagParts = args[i].Parts || [];
+          if (flagParts.length !== 1 || syntax.NodeType(flagParts[0]) !== "Lit" || flagParts[0].Value !== "-c")
+            continue;
+          const v = scanArgsForDynamicExec(args, i + 1);
+          if (v === "block" || v === "review" && result === null) result = v;
+          break;
+        }
+      }
+      return true;
+    });
+    return result;
+  } catch {
+    return null;
+  }
+}
+function isBashTool(toolName) {
+  return BASH_TOOL_NAMES.has(toolName.toLowerCase());
+}
+function isProtectedHomePath(rawPath) {
+  let p = rawPath.replace(/^\$HOME[\\/]?|^\$\{HOME\}[\\/]?/, "~/");
+  let underHome = false;
+  if (p === "~" || p.startsWith("~/") || p.startsWith("~\\")) {
+    p = p.replace(/^~[\\/]?/, "");
+    underHome = true;
+  } else if (/^\/home\/[^/]+/.test(p) || /^\/root(\/|$)/.test(p)) {
+    p = p.replace(/^\/home\/[^/]+[\\/]?|^\/root[\\/]?/, "");
+    underHome = true;
+  }
+  if (!underHome) return false;
+  if (p === "" || p === "." || p === "./") return true;
+  for (const safe of HOME_CACHE_ALLOWLIST) {
+    if (p === safe || p.startsWith(safe + "/") || p.startsWith(safe + "\\")) {
+      return false;
+    }
+  }
+  return true;
+}
+function extractLiteralArgs(callExpr) {
+  const args = callExpr.Args || [];
+  if (args.length === 0) return { name: "", flags: [], paths: [] };
+  const litFromWord = (w) => {
+    const parts = w?.Parts || [];
+    let s = "";
+    for (const p of parts) {
+      const t = syntax.NodeType(p);
+      if (t === "Lit") s += (p.Value ?? "").replace(/\\(.)/g, "$1");
+      else if (t === "SglQuoted") s += p.Value ?? "";
+      else if (t === "DblQuoted") {
+        const inner = p.Parts || [];
+        if (!inner.every((ip) => syntax.NodeType(ip) === "Lit")) return null;
+        s += inner.map((ip) => ip.Value ?? "").join("");
+      } else {
+        return null;
+      }
+    }
+    return s;
+  };
+  const name = (litFromWord(args[0]) || "").toLowerCase();
+  const flags = [];
+  const paths = [];
+  for (let i = 1; i < args.length; i++) {
+    const v = litFromWord(args[i]);
+    if (v === null) continue;
+    if (v.startsWith("-")) flags.push(v);
+    else paths.push(v);
+  }
+  return { name, flags, paths };
+}
+function analyzeFsOperation(command) {
+  if (!FS_OP_PRESCREEN_RE.test(command)) return null;
+  if (fsOpCache.has(command)) {
+    const hit = fsOpCache.get(command) ?? null;
+    fsOpCache.delete(command);
+    fsOpCache.set(command, hit);
+    return hit;
+  }
+  const computed = analyzeFsOperationImpl(command);
+  if (fsOpCache.size >= FS_OP_CACHE_MAX) {
+    const oldest = fsOpCache.keys().next().value;
+    if (oldest !== void 0) fsOpCache.delete(oldest);
+  }
+  fsOpCache.set(command, computed);
+  return computed;
+}
+function analyzeFsOperationImpl(command) {
+  const f = parseShared(command);
+  if (f === PARSE_FAIL) return null;
+  let result = null;
+  try {
+    syntax.Walk(f, (node) => {
+      if (!node || result) return false;
+      const n = node;
+      if (syntax.NodeType(n) !== "CallExpr") return true;
+      const { name, flags, paths } = extractLiteralArgs(n);
+      if (!name) return true;
+      if (name === "rm") {
+        const flagStr = flags.join("").toLowerCase();
+        const hasR = /[r]/.test(flagStr) || flags.includes("--recursive");
+        const hasF = /[f]/.test(flagStr) || flags.includes("--force");
+        if (hasR && hasF) {
+          for (const p of paths) {
+            if (isProtectedHomePath(p)) {
+              result = {
+                ruleName: "block-rm-rf-home",
+                verdict: "block",
+                reason: "Recursive delete of home directory is irreversible",
+                path: p
+              };
+              return false;
+            }
+            if (p === "/" || /^\/+$/.test(p)) {
+              result = {
+                ruleName: "block-rm-rf-home",
+                verdict: "block",
+                reason: "Recursive delete of root is catastrophic",
+                path: p
+              };
+              return false;
+            }
+          }
+        }
+      }
+      if (FS_READ_TOOLS.has(name)) {
+        for (const p of paths) {
+          for (const sp of SENSITIVE_PATH_RULES) {
+            if (sp.match(p)) {
+              result = { ruleName: sp.rule, verdict: "block", reason: sp.reason, path: p };
+              return false;
+            }
+          }
+        }
+      }
+      return true;
+    });
+    return result;
+  } catch {
+    return null;
+  }
+}
+function analyzeShellCommand(command) {
+  const actions = [];
+  const paths = [];
+  const allTokens = [];
+  const addToken = (token) => {
+    const lower = token.toLowerCase();
+    allTokens.push(lower);
+    if (lower.includes("/")) allTokens.push(...lower.split("/").filter(Boolean));
+    if (lower.startsWith("-")) allTokens.push(lower.replace(/^-+/, ""));
+  };
+  try {
+    const f = sharedParser.Parse(command, "cmd");
+    syntax.Walk(f, (node) => {
+      if (!node) return false;
+      const n = node;
+      if (syntax.NodeType(n) !== "CallExpr") return true;
+      const wordValues = (n.Args || []).map((arg) => {
+        return (arg.Parts || []).map((p) => (p.Value ?? "").replace(/\\(.)/g, "$1")).join("");
+      }).filter((s) => s.length > 0);
+      if (wordValues.length > 0) {
+        const cmd = wordValues[0].toLowerCase();
+        if (!actions.includes(cmd)) actions.push(cmd);
+        wordValues.forEach((w) => addToken(w));
+        wordValues.slice(1).forEach((w) => {
+          if (!w.startsWith("-")) paths.push(w);
+        });
+      }
+      return true;
+    });
+  } catch {
+  }
+  if (allTokens.length === 0) {
+    const normalized = command.replace(/\\(.)/g, "$1");
+    const sanitized = normalized.replace(/["'<>]/g, " ");
+    const segments = sanitized.split(/[|;&]|\$\(|\)|`/);
+    segments.forEach((segment) => {
+      const tokens = segment.trim().split(/\s+/).filter(Boolean);
+      if (tokens.length > 0) {
+        const action = tokens[0].toLowerCase();
+        if (!actions.includes(action)) actions.push(action);
+        tokens.forEach((t) => {
+          addToken(t);
+          if (t !== tokens[0] && !t.startsWith("-")) {
+            if (!paths.includes(t)) paths.push(t);
+          }
+        });
+      }
+    });
+  }
+  return { actions, paths, allTokens };
+}
+function isSensitivePath(p) {
+  return SENSITIVE_PATTERNS.some((re) => re.test(p));
+}
+function splitOnPipe(cmd) {
+  const segments = [];
+  let current = "";
+  let inSingle = false;
+  let inDouble = false;
+  for (let i = 0; i < cmd.length; i++) {
+    const ch = cmd[i];
+    if (ch === "'" && !inDouble) {
+      inSingle = !inSingle;
+      current += ch;
+    } else if (ch === '"' && !inSingle) {
+      inDouble = !inDouble;
+      current += ch;
+    } else if (ch === "|" && !inSingle && !inDouble && cmd[i + 1] !== "|" && (i === 0 || cmd[i - 1] !== "|")) {
+      segments.push(current.trim());
+      current = "";
+    } else {
+      current += ch;
+    }
+  }
+  if (current.trim()) segments.push(current.trim());
+  return segments.filter(Boolean);
+}
+function positionalTokens(segment) {
+  return segment.split(/\s+/).slice(1).filter((t) => !t.startsWith("-") && !t.startsWith("@") && t.length > 0);
+}
+function analyzePipeChain(command) {
+  const segments = splitOnPipe(command);
+  if (segments.length < 2) {
+    return {
+      isPipeline: false,
+      hasSensitiveSource: false,
+      hasExternalSink: false,
+      hasObfuscation: false,
+      sourceFiles: [],
+      sinkTargets: [],
+      risk: "none"
+    };
+  }
+  const sourceFiles = [];
+  const sinkTargets = [];
+  let hasSensitiveSource = false;
+  let hasExternalSink = false;
+  let hasObfuscation = false;
+  for (const segment of segments) {
+    const tokens = segment.split(/\s+/).filter(Boolean);
+    if (tokens.length === 0) continue;
+    const binary = tokens[0].toLowerCase();
+    const args = positionalTokens(segment);
+    if (SOURCE_COMMANDS.has(binary)) {
+      sourceFiles.push(...args);
+      if (args.some(isSensitivePath)) hasSensitiveSource = true;
+    }
+    if (OBFUSCATORS.has(binary)) hasObfuscation = true;
+    if (SINK_COMMANDS.has(binary)) {
+      const targets = args.filter(
+        (a) => a.includes(".") || a.includes("://") || /^\d+\.\d+/.test(a)
+      );
+      sinkTargets.push(...targets);
+      if (targets.length > 0) hasExternalSink = true;
+    }
+  }
+  const fullCmd = command.toLowerCase();
+  if (!hasSensitiveSource) {
+    const redirMatch = fullCmd.match(/<\s*(\S+)/);
+    if (redirMatch && isSensitivePath(redirMatch[1])) {
+      hasSensitiveSource = true;
+      sourceFiles.push(redirMatch[1]);
+    }
+  }
+  const risk = hasSensitiveSource && hasExternalSink && hasObfuscation ? "critical" : hasSensitiveSource && hasExternalSink ? "high" : hasExternalSink ? "medium" : "none";
+  return {
+    isPipeline: true,
+    hasSensitiveSource,
+    hasExternalSink,
+    hasObfuscation,
+    sourceFiles,
+    sinkTargets,
+    risk
+  };
+}
+function validateRegex(pattern) {
+  if (!pattern) return "Pattern is required";
+  if (pattern.length > MAX_REGEX_LENGTH) return `Pattern exceeds max length of ${MAX_REGEX_LENGTH}`;
+  try {
+    new RegExp(pattern);
+  } catch (e) {
+    return `Invalid regex syntax: ${e.message}`;
+  }
+  if (/\\\d+[*+{]/.test(pattern)) return "Quantified backreferences are forbidden (ReDoS risk)";
+  if (!safeRegex2(pattern)) return "Pattern rejected: potential ReDoS vulnerability detected";
+  return null;
+}
+function getCompiledRegex(pattern, flags = "") {
+  if (flags && !/^[gimsuy]+$/.test(flags)) return null;
+  const key = `${pattern}\0${flags}`;
+  if (regexCache.has(key)) {
+    const cached = regexCache.get(key);
+    regexCache.delete(key);
+    regexCache.set(key, cached);
+    return cached;
+  }
+  if (validateRegex(pattern) !== null) return null;
+  try {
+    const re = new RegExp(pattern, flags);
+    if (regexCache.size >= REGEX_CACHE_MAX) {
+      const oldest = regexCache.keys().next().value;
+      if (oldest) regexCache.delete(oldest);
+    }
+    regexCache.set(key, re);
+    return re;
+  } catch {
+    return null;
+  }
+}
+function matchesPattern(text, patterns) {
+  const p = Array.isArray(patterns) ? patterns : [patterns];
+  if (p.length === 0) return false;
+  const isMatch = pm(p, { nocase: true, dot: true });
+  const target = text.toLowerCase();
+  const directMatch = isMatch(target);
+  if (directMatch) return true;
+  const withoutDotSlash = text.replace(/^\.\//, "");
+  return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
+}
+function getNestedValue(obj, path8) {
+  if (!obj || typeof obj !== "object") return null;
+  const segments = path8.split(".");
+  for (const seg of segments) {
+    if (FORBIDDEN_PATH_SEGMENTS.has(seg)) return null;
+  }
+  return segments.reduce((prev, curr) => prev?.[curr], obj);
+}
+function evaluateSmartConditions(args, rule) {
+  if (!rule.conditions || rule.conditions.length === 0) return true;
+  const mode = rule.conditionMode ?? "all";
+  const fieldCache = /* @__PURE__ */ new Map();
+  const resolveField = (field) => {
+    if (fieldCache.has(field)) return fieldCache.get(field) ?? null;
+    const rawVal = getNestedValue(args, field);
+    const rawStr = rawVal !== null && rawVal !== void 0 ? String(rawVal) : null;
+    const stripped = field === "command" && rawStr !== null ? normalizeCommandForPolicy(rawStr) : rawStr;
+    const val = stripped !== null ? stripped.replace(/\s+/g, " ").trim() : null;
+    fieldCache.set(field, val);
+    return val;
+  };
+  const results = rule.conditions.map((cond) => {
+    const val = resolveField(cond.field);
+    switch (cond.op) {
+      case "exists":
+        return val !== null && val !== "";
+      case "notExists":
+        return val === null || val === "";
+      case "contains":
+        return val !== null && cond.value ? val.includes(cond.value) : false;
+      case "notContains":
+        return val !== null && cond.value ? !val.includes(cond.value) : true;
+      case "matches": {
+        if (val === null || !cond.value) return false;
+        const reM = getCompiledRegex(cond.value, cond.flags ?? "");
+        if (!reM) return false;
+        return reM.test(val);
+      }
+      case "notMatches": {
+        if (!cond.value) return false;
+        if (val === null) return true;
+        const reN = getCompiledRegex(cond.value, cond.flags ?? "");
+        if (!reN) return false;
+        return !reN.test(val);
+      }
+      case "matchesGlob":
+        return val !== null && cond.value ? pm.isMatch(val, cond.value) : false;
+      case "notMatchesGlob":
+        return val !== null && cond.value ? !pm.isMatch(val, cond.value) : false;
+      default:
+        return false;
+    }
+  });
+  return mode === "any" ? results.some((r) => r) : results.every((r) => r);
+}
+function isShieldVerdict(v) {
+  return v === "allow" || v === "review" || v === "block";
+}
+function validateShieldDefinition(raw) {
+  if (!raw || typeof raw !== "object" || Array.isArray(raw)) {
+    return { error: "Shield file is not an object" };
+  }
+  const r = raw;
+  if (typeof r.name !== "string" || !r.name) return { error: "Shield file missing 'name'" };
+  if (typeof r.description !== "string") return { error: "Shield file missing 'description'" };
+  if (!Array.isArray(r.aliases)) return { error: "Shield file missing 'aliases' array" };
+  if (!Array.isArray(r.smartRules)) return { error: "Shield file missing 'smartRules' array" };
+  if (!Array.isArray(r.dangerousWords))
+    return { error: "Shield file missing 'dangerousWords' array" };
+  return { ok: r };
+}
+function validateOverrides(raw) {
+  const warnings = [];
+  if (!raw || typeof raw !== "object" || Array.isArray(raw)) return { overrides: {}, warnings };
+  const result = {};
+  for (const [shieldName, rules] of Object.entries(raw)) {
+    if (!rules || typeof rules !== "object" || Array.isArray(rules)) continue;
+    const validRules = {};
+    for (const [ruleName, verdict] of Object.entries(rules)) {
+      if (isShieldVerdict(verdict)) {
+        validRules[ruleName] = verdict;
+      } else {
+        warnings.push(
+          `shields.json contains invalid verdict "${String(verdict)}" for ${shieldName}/${ruleName} \u2014 entry ignored. File may be corrupted or tampered with.`
+        );
+      }
+    }
+    if (Object.keys(validRules).length > 0) result[shieldName] = validRules;
+  }
+  return { overrides: result, warnings };
+}
+function assertBuiltinShieldRegexesAreSafe() {
+  for (const shield of Object.values(BUILTIN_SHIELDS)) {
+    for (const rule of shield.smartRules) {
+      const conditions = rule.conditions ?? [];
+      for (const cond of conditions) {
+        if (cond.op !== "matches" && cond.op !== "notMatches") continue;
+        const pattern = cond.value;
+        if (!pattern) continue;
+        if (!safeRegex3(pattern)) {
+          throw new Error(
+            `[node9 engine] Shield '${shield.name}' rule '${rule.name ?? rule.tool}' has unsafe regex: ${pattern}`
+          );
+        }
+      }
+    }
+  }
+}
+function classifyRuleSeverity(name, verdict) {
+  const n = name.toLowerCase();
+  const criticalPatterns = [
+    "rm-rf",
+    "eval-remote",
+    "eval-curl",
+    "read-aws",
+    "read-ssh",
+    "read-gcp",
+    "read-cred",
+    "delete-repo",
+    "helm-uninstall",
+    "drop-table",
+    "drop-database",
+    "drop-collection",
+    "truncate",
+    "flushall",
+    "flushdb",
+    "pipe-shell"
+  ];
+  if (criticalPatterns.some((p) => n.includes(p))) return "critical";
+  const highPatterns = [
+    "force-push",
+    "force_push",
+    "git-destructive",
+    "reset-hard",
+    "rebase",
+    "delete-branch",
+    "delete-remote"
+  ];
+  if (highPatterns.some((p) => n.includes(p))) return "high";
+  if (verdict === "block") return "high";
+  return "medium";
+}
+function detectPii(text) {
+  const found = /* @__PURE__ */ new Set();
+  if (/@/.test(text) && PII_EMAIL_RE.test(text)) found.add("Email");
+  if (/-/.test(text) && PII_SSN_RE.test(text)) found.add("SSN");
+  if (PII_PHONE_RE.test(text)) found.add("Phone");
+  if (PII_CC_RE.test(text)) found.add("Credit Card");
+  return [...found];
+}
+function extractCanonicalFindings(call, ctx) {
+  const out = [];
+  const ts = call.timestamp;
+  const toolNameLower = call.toolName.toLowerCase();
+  const command = typeof call.args.command === "string" ? call.args.command : null;
+  const isBash = isBashTool(call.toolName) && command !== null;
+  if (call.outputBytes !== void 0 && call.outputBytes > LONG_OUTPUT_THRESHOLD_BYTES) {
+    out.push(
+      makeFinding({
+        type: "long-output-redacted",
+        ruleName: "long-output-redacted",
+        verdict: "review",
+        severity: "medium",
+        reason: `Tool output exceeded ${LONG_OUTPUT_THRESHOLD_BYTES} bytes and was redacted`,
+        toolName: call.toolName,
+        ctx,
+        ts,
+        sourceType: "engine"
+      })
+    );
+  }
+  if (ctx.dlpEnabled) {
+    const dlp = scanArgs(call.args);
+    if (dlp) {
+      out.push(
+        makeFinding({
+          type: "dlp",
+          ruleName: `dlp:${dlp.patternName}`,
+          patternName: dlp.patternName,
+          verdict: dlp.severity === "block" ? "block" : "review",
+          severity: dlp.severity === "block" ? "critical" : "medium",
+          reason: `${dlp.patternName} detected in ${dlp.fieldPath}`,
+          toolName: call.toolName,
+          ctx,
+          ts,
+          sourceType: "engine",
+          input: call.args,
+          redactedSample: dlp.redactedSample
+        })
+      );
+    }
+  }
+  for (const value of stringValues(call.args)) {
+    const piiHits = detectPii(value);
+    for (const pattern of piiHits) {
+      out.push(
+        makeFinding({
+          type: "pii",
+          ruleName: `pii:${pattern.toLowerCase().replace(/\s+/g, "-")}`,
+          patternName: pattern,
+          verdict: "review",
+          severity: "medium",
+          reason: `${pattern} pattern detected in tool input`,
+          toolName: call.toolName,
+          ctx,
+          ts,
+          sourceType: "engine"
+        })
+      );
+    }
+  }
+  if (FILE_TOOLS.has(toolNameLower)) {
+    const filePath = typeof call.args.file_path === "string" && call.args.file_path || typeof call.args.path === "string" && call.args.path || typeof call.args.pattern === "string" && call.args.pattern || "";
+    if (filePath && SENSITIVE_PATH_RE.test(filePath)) {
+      out.push(
+        makeFinding({
+          type: "sensitive-file-read",
+          ruleName: "sensitive-file-read",
+          verdict: "review",
+          severity: "critical",
+          reason: `Sensitive file path read via ${call.toolName}`,
+          toolName: call.toolName,
+          ctx,
+          ts,
+          sourceType: "engine",
+          subjectPath: filePath
+        })
+      );
+    }
+  }
+  if (!isBash || command === null) {
+    return out;
+  }
+  const fsVerdict = analyzeFsOperation(command);
+  if (fsVerdict) {
+    const isShield = fsVerdict.ruleName.startsWith("shield:");
+    out.push(
+      makeFinding({
+        type: "ast-fs-op",
+        ruleName: fsVerdict.ruleName,
+        verdict: fsVerdict.verdict,
+        severity: classifyRuleSeverity(fsVerdict.ruleName, fsVerdict.verdict),
+        reason: fsVerdict.reason,
+        toolName: call.toolName,
+        ctx,
+        ts,
+        sourceType: isShield ? "shield" : "engine",
+        shieldLabel: isShield ? "project-jail (AST)" : "Node9 (AST)",
+        subjectPath: fsVerdict.path,
+        input: call.args
+      })
+    );
+  }
+  for (const source of ctx.rules) {
+    const r = source.rule;
+    if (r.verdict === "allow") continue;
+    if (r.tool && !matchesPattern(toolNameLower, r.tool)) continue;
+    if (r.name && AST_FS_REGEX_RULES.has(r.name)) continue;
+    if (!evaluateSmartConditions(call.args, r)) continue;
+    out.push(
+      makeFinding({
+        type: "smart-rule",
+        ruleName: r.name ?? r.tool,
+        verdict: r.verdict === "block" ? "block" : "review",
+        severity: classifyRuleSeverity(r.name ?? r.tool, r.verdict),
+        reason: r.reason ?? `Smart rule ${r.name ?? r.tool} fired`,
+        toolName: call.toolName,
+        ctx,
+        ts,
+        sourceType: source.sourceType,
+        shieldLabel: source.shieldLabel,
+        input: call.args
+      })
+    );
+    break;
+  }
+  const evalVerdict = detectDangerousShellExec(command);
+  if (evalVerdict) {
+    out.push(
+      makeFinding({
+        type: "eval-of-remote",
+        ruleName: "eval-of-remote",
+        verdict: evalVerdict,
+        severity: classifyRuleSeverity("eval-remote", evalVerdict),
+        reason: evalVerdict === "block" ? "Eval of remote download is a near-certain supply-chain attack" : "Eval of dynamic content (variable / subshell) requires approval",
+        toolName: call.toolName,
+        ctx,
+        ts,
+        sourceType: "engine",
+        input: call.args
+      })
+    );
+  }
+  const pipe = analyzePipeChain(command);
+  if (pipe.isPipeline && pipe.risk === "critical") {
+    out.push(
+      makeFinding({
+        type: "pipe-to-shell",
+        ruleName: "pipe-to-shell",
+        verdict: "block",
+        severity: "critical",
+        reason: `Sensitive file piped through obfuscator to network sink: ${pipe.sourceFiles.join(", ")} \u2192 ${pipe.sinkTargets.join(", ")}`,
+        toolName: call.toolName,
+        ctx,
+        ts,
+        sourceType: "engine",
+        input: call.args
+      })
+    );
+  }
+  if (DESTRUCTIVE_OP_RE.test(command)) {
+    out.push(
+      makeFinding({
+        type: "destructive-op",
+        ruleName: "destructive-op",
+        verdict: "review",
+        severity: "high",
+        reason: "Destructive operation pattern detected",
+        toolName: call.toolName,
+        ctx,
+        ts,
+        sourceType: "engine",
+        input: call.args
+      })
+    );
+  }
+  const ast = analyzeShellCommand(command);
+  const sudoVariant = ast.actions.includes("sudo") || ast.actions.includes("su");
+  const chmodVariant = ast.actions.includes("chmod") && (ast.allTokens.includes("777") || ast.allTokens.includes("0777") || ast.allTokens.includes("+x"));
+  const chownVariant = ast.actions.includes("chown") && ast.allTokens.includes("root");
+  if (sudoVariant || chmodVariant || chownVariant) {
+    out.push(
+      makeFinding({
+        type: "privilege-escalation",
+        ruleName: "privilege-escalation",
+        verdict: "review",
+        severity: "high",
+        reason: "Privilege-escalation pattern detected",
+        toolName: call.toolName,
+        ctx,
+        ts,
+        sourceType: "engine",
+        input: call.args
+      })
+    );
+  }
+  return out;
+}
+function toScanFinding(c) {
+  const typeMap = {
+    "smart-rule": null,
+    "ast-fs-op": null,
+    dlp: "dlp",
+    pii: "pii",
+    "sensitive-file-read": "sensitive-file-read",
+    "privilege-escalation": "privilege-escalation",
+    "destructive-op": "destructive-op",
+    "pipe-to-shell": "pipe-to-shell",
+    "eval-of-remote": "eval-of-remote",
+    loop: "loop",
+    "long-output-redacted": "long-output-redacted"
+  };
+  const sfType = typeMap[c.type];
+  if (sfType === null) return null;
+  return {
+    sessionId: c.sessionId,
+    type: sfType,
+    ...c.patternName && { patternName: c.patternName },
+    lineIndex: c.lineIndex
+  };
+}
+function makeFinding(args) {
+  const f = {
+    type: args.type,
+    ruleName: args.ruleName,
+    verdict: args.verdict,
+    severity: args.severity,
+    reason: args.reason,
+    toolName: args.toolName,
+    agent: args.ctx.agent,
+    sessionId: args.ctx.sessionId,
+    project: args.ctx.project,
+    lineIndex: args.ctx.lineIndex,
+    sourceType: args.sourceType,
+    firstSeenAt: args.ts,
+    lastSeenAt: args.ts,
+    occurrenceCount: 1
+  };
+  if (args.shieldLabel) f.shieldLabel = args.shieldLabel;
+  if (args.subjectPath) f.subjectPath = args.subjectPath;
+  if (args.input) f.input = args.input;
+  if (args.patternName) f.patternName = args.patternName;
+  if (args.redactedSample) f.redactedSample = args.redactedSample;
+  return f;
+}
+function* stringValues(obj, depth = 0) {
+  if (depth > 6) return;
+  if (typeof obj === "string") {
+    if (obj.length > 0) yield obj;
+    return;
+  }
+  if (!obj || typeof obj !== "object") return;
+  if (Array.isArray(obj)) {
+    for (const v of obj) yield* stringValues(v, depth + 1);
+    return;
+  }
+  for (const v of Object.values(obj)) yield* stringValues(v, depth + 1);
+}
+var ASSIGNMENT_CONTEXT_RE, DLP_STOPWORDS, DLP_PATTERNS, DLP_PATTERNS_GLOBAL, SENSITIVE_PATH_PATTERNS, MAX_DEPTH, MAX_STRING_BYTES, MAX_JSON_PARSE_BYTES, syntax, sharedParser, MESSAGE_FLAGS, SHELL_INTERPRETERS, DOWNLOAD_CMDS, NORMALIZE_CACHE_MAX, normalizeCache, AST_CACHE_MAX, astCache, PARSE_FAIL, FS_READ_TOOLS, FS_OP_PRESCREEN_RE, HOME_CACHE_ALLOWLIST, SENSITIVE_PATH_RULES, BASH_TOOL_NAMES, AST_FS_REGEX_RULES, FS_OP_CACHE_MAX, fsOpCache, SOURCE_COMMANDS, SINK_COMMANDS, OBFUSCATORS, SENSITIVE_PATTERNS, MAX_REGEX_LENGTH, REGEX_CACHE_MAX, regexCache, FORBIDDEN_PATH_SEGMENTS, aws_default, bash_safe_default, docker_default, filesystem_default, github_default, k8s_default, mongodb_default, postgres_default, project_jail_default, redis_default, BUILTIN_SHIELDS, DESTRUCTIVE_OP_RE, SENSITIVE_PATH_RE, FILE_TOOLS, PII_EMAIL_RE, PII_SSN_RE, PII_PHONE_RE, PII_CC_RE, LONG_OUTPUT_THRESHOLD_BYTES;
+var init_dist = __esm({
+  "packages/policy-engine/dist/index.mjs"() {
+    "use strict";
+    ASSIGNMENT_CONTEXT_RE = /\b(?:password|passwd|secret|token|api[_-]?key|auth(?:_key|_token)?|credential|private[_-]?key|access[_-]?key|client[_-]?secret)\s*[=:]\s*/i;
+    DLP_STOPWORDS = [
+      "example",
+      "placeholder",
+      "changeme",
+      "your_key",
+      "your_token",
+      "your_secret",
+      "replace_me",
+      "insert_key",
+      "put_your",
+      "fake",
+      "dummy",
+      "sample",
+      "xxxxxxxx",
+      "aaaaaa",
+      "bbbbbb",
+      "00000000",
+      "${",
+      "{{",
+      "%{",
+      "<your",
+      "test_key",
+      "test_token",
+      "your",
+      "here"
+    ];
+    DLP_PATTERNS = [
+      // ── AWS ───────────────────────────────────────────────────────────────────
+      {
+        name: "AWS Access Key ID",
+        regex: /\b(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z2-7]{16}\b/,
+        severity: "block",
+        keywords: ["akia", "asia", "abia", "acca", "a3t"]
+      },
+      // ── GitHub ────────────────────────────────────────────────────────────────
+      {
+        name: "GitHub Token",
+        regex: /\bgh[pous]_[A-Za-z0-9]{36}\b/,
+        severity: "block",
+        keywords: ["ghp_", "gho_", "ghu_", "ghs_"],
+        minEntropy: 3
+      },
+      {
+        name: "GitHub Fine-Grained PAT",
+        regex: /\bgithub_pat_\w{82}\b/,
+        severity: "block",
+        keywords: ["github_pat_"]
+      },
+      // ── Slack ─────────────────────────────────────────────────────────────────
+      {
+        name: "Slack Bot Token",
+        // Real tokens are ~50–80 chars; lower bound 20 avoids false negatives on partial tokens
+        regex: /\bxoxb-[0-9A-Za-z-]{20,100}\b/,
+        severity: "block",
+        keywords: ["xoxb-"]
+      },
+      // ── Anthropic ─────────────────────────────────────────────────────────────
+      // Listed before OpenAI — Anthropic keys start with sk-ant- which would also
+      // match the broader OpenAI sk- pattern; more specific rules must come first.
+      {
+        name: "Anthropic API Key",
+        regex: /\bsk-ant-api03-[a-zA-Z0-9_-]{93}AA\b/,
+        severity: "block",
+        keywords: ["sk-ant-api03"]
+      },
+      {
+        name: "Anthropic Admin Key",
+        regex: /\bsk-ant-admin01-[a-zA-Z0-9_-]{93}AA\b/,
+        severity: "block",
+        keywords: ["sk-ant-admin01"]
+      },
+      // ── OpenAI ────────────────────────────────────────────────────────────────
+      {
+        name: "OpenAI API Key",
+        regex: /\bsk-[a-zA-Z0-9_-]{20,}\b/,
+        severity: "block",
+        keywords: ["sk-"],
+        minEntropy: 3.5
+      },
+      // ── Stripe ────────────────────────────────────────────────────────────────
+      {
+        name: "Stripe Secret Key",
+        regex: /\bsk_(?:live|test)_[0-9a-zA-Z]{24}\b/,
+        severity: "block",
+        keywords: ["sk_live_", "sk_test_"]
+      },
+      // ── GCP ───────────────────────────────────────────────────────────────────
+      {
+        name: "GCP API Key",
+        regex: /\bAIza[0-9A-Za-z_-]{35}\b/,
+        severity: "block",
+        keywords: ["aiza"],
+        minEntropy: 3
+      },
+      {
+        name: "GCP Service Account",
+        regex: /"type"\s*:\s*"service_account"/,
+        severity: "block",
+        keywords: ["service_account"]
+      },
+      // ── Azure ─────────────────────────────────────────────────────────────────
+      // Pattern: 3 alphanum chars + digit + Q~ + 31-34 alphanum chars
+      {
+        name: "Azure AD Client Secret",
+        regex: /(?:^|[\s>=:(,])([a-zA-Z0-9_~.]{3}\dQ~[a-zA-Z0-9_~.-]{31,34})(?:$|[\s<),])/,
+        severity: "block",
+        keywords: ["q~"]
+      },
+      // ── Databricks ────────────────────────────────────────────────────────────
+      {
+        name: "Databricks API Token",
+        regex: /\bdapi[a-f0-9]{32}(?:-\d)?\b/,
+        severity: "block",
+        keywords: ["dapi"]
+      },
+      // ── DigitalOcean ──────────────────────────────────────────────────────────
+      {
+        name: "DigitalOcean PAT",
+        regex: /\bdop_v1_[a-f0-9]{64}\b/,
+        severity: "block",
+        keywords: ["dop_v1_"]
+      },
+      {
+        name: "DigitalOcean Access Token",
+        regex: /\bdoo_v1_[a-f0-9]{64}\b/,
+        severity: "block",
+        keywords: ["doo_v1_"]
+      },
+      // ── Doppler ───────────────────────────────────────────────────────────────
+      {
+        name: "Doppler Token",
+        regex: /\bdp\.pt\.[a-z0-9]{43}\b/i,
+        severity: "block",
+        keywords: ["dp.pt."]
+      },
+      // ── HashiCorp Vault ───────────────────────────────────────────────────────
+      {
+        name: "HashiCorp Vault Service Token",
+        regex: /\bhvs\.[\w-]{90,120}\b/,
+        severity: "block",
+        keywords: ["hvs."]
+      },
+      {
+        name: "HashiCorp Vault Batch Token",
+        regex: /\bhvb\.[\w-]{138,300}\b/,
+        severity: "block",
+        keywords: ["hvb."]
+      },
+      // ── Hugging Face ──────────────────────────────────────────────────────────
+      {
+        name: "HuggingFace Token",
+        regex: /\bhf_[A-Za-z]{34}\b/,
+        severity: "block",
+        keywords: ["hf_"],
+        minEntropy: 3
+      },
+      // ── Postman ───────────────────────────────────────────────────────────────
+      {
+        name: "Postman API Token",
+        regex: /\bPMAK-[a-f0-9]{24}-[a-f0-9]{34}\b/i,
+        severity: "block",
+        keywords: ["pmak-"]
+      },
+      // ── Pulumi ────────────────────────────────────────────────────────────────
+      {
+        name: "Pulumi Access Token",
+        regex: /\bpul-[a-f0-9]{40}\b/,
+        severity: "block",
+        keywords: ["pul-"]
+      },
+      // ── SendGrid ──────────────────────────────────────────────────────────────
+      {
+        name: "SendGrid API Key",
+        regex: /\bSG\.[a-zA-Z0-9=_.-]{66}\b/,
+        severity: "block",
+        keywords: ["sg."]
+      },
+      // ── Private keys (PEM) ────────────────────────────────────────────────────
+      {
+        name: "Private Key (PEM)",
+        regex: /-----BEGIN (?:RSA |EC |OPENSSH )?PRIVATE KEY-----/,
+        severity: "block",
+        keywords: ["-----begin"]
+      },
+      // ── NPM ───────────────────────────────────────────────────────────────────
+      {
+        name: "NPM Auth Token",
+        regex: /_authToken\s*=\s*[A-Za-z0-9_-]{20,}/,
+        severity: "block",
+        keywords: ["_authtoken"]
+      },
+      // ── JWT ───────────────────────────────────────────────────────────────────
+      // review (not block): JWTs appear legitimately in API calls; flag for human approval
+      // contextBoost: promoted to block when assigned (e.g. TOKEN=eyJ...)
+      {
+        name: "JWT",
+        regex: /\bey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/_-]{17,}\.[a-zA-Z0-9\/_-]{10,}={0,2}\b/,
+        severity: "review",
+        keywords: ["eyj"],
+        contextBoost: true
+      },
+      // ── Stripe (extended — adds restricted key rk_ prefix) ──────────────────
+      {
+        name: "Stripe Restricted Key",
+        regex: /\brk_(?:live|test|prod)_[0-9a-zA-Z]{10,99}\b/,
+        severity: "block",
+        keywords: ["rk_live_", "rk_test_", "rk_prod_"]
+      },
+      // ── Slack (app token) ─────────────────────────────────────────────────────
+      {
+        name: "Slack App Token",
+        regex: /\bxapp-\d-[A-Z0-9]+-\d+-[a-f0-9]+\b/,
+        severity: "block",
+        keywords: ["xapp-"]
+      },
+      // ── GitLab ────────────────────────────────────────────────────────────────
+      { name: "GitLab PAT", regex: /\bglpat-[\w-]{20}\b/, severity: "block", keywords: ["glpat-"] },
+      {
+        name: "GitLab Deploy Token",
+        regex: /\bgldt-[0-9a-zA-Z_-]{20}\b/,
+        severity: "block",
+        keywords: ["gldt-"]
+      },
+      {
+        name: "GitLab CI Job Token",
+        regex: /\bglcbt-[0-9a-zA-Z]{1,5}_[0-9a-zA-Z_-]{20}\b/,
+        severity: "block",
+        keywords: ["glcbt-"]
+      },
+      // ── npm (publish token) ───────────────────────────────────────────────────
+      {
+        name: "npm Access Token",
+        regex: /\bnpm_[a-zA-Z0-9]{36}\b/,
+        severity: "block",
+        keywords: ["npm_"]
+      },
+      // ── Shopify ───────────────────────────────────────────────────────────────
+      {
+        name: "Shopify Access Token",
+        regex: /\bshpat_[a-fA-F0-9]{32}\b/,
+        severity: "block",
+        keywords: ["shpat_"]
+      },
+      {
+        name: "Shopify Custom Access Token",
+        regex: /\bshpca_[a-fA-F0-9]{32}\b/,
+        severity: "block",
+        keywords: ["shpca_"]
+      },
+      {
+        name: "Shopify Private App Token",
+        regex: /\bshppa_[a-fA-F0-9]{32}\b/,
+        severity: "block",
+        keywords: ["shppa_"]
+      },
+      {
+        name: "Shopify Shared Secret",
+        regex: /\bshpss_[a-fA-F0-9]{32}\b/,
+        severity: "block",
+        keywords: ["shpss_"]
+      },
+      // ── Linear ────────────────────────────────────────────────────────────────
+      {
+        name: "Linear API Key",
+        regex: /\blin_api_[a-zA-Z0-9]{40}\b/,
+        severity: "block",
+        keywords: ["lin_api_"]
+      },
+      // ── PlanetScale ───────────────────────────────────────────────────────────
+      {
+        name: "PlanetScale API Token",
+        regex: /\bpscale_tkn_[\w.-]{32,64}\b/,
+        severity: "block",
+        keywords: ["pscale_tkn_"]
+      },
+      {
+        name: "PlanetScale Password",
+        regex: /\bpscale_pw_[\w.-]{32,64}\b/,
+        severity: "block",
+        keywords: ["pscale_pw_"]
+      },
+      // ── Sentry ────────────────────────────────────────────────────────────────
+      {
+        name: "Sentry User Token",
+        regex: /\bsntryu_[a-f0-9]{64}\b/,
+        severity: "block",
+        keywords: ["sntryu_"]
+      },
+      // ── Grafana ───────────────────────────────────────────────────────────────
+      {
+        name: "Grafana Service Account Token",
+        regex: /\bglsa_[a-zA-Z0-9]{32}_[a-f0-9]{8}\b/,
+        severity: "block",
+        keywords: ["glsa_"]
+      },
+      // ── Heroku ────────────────────────────────────────────────────────────────
+      {
+        name: "Heroku API Key",
+        regex: /\bHRKU-AA[0-9a-zA-Z_-]{58}\b/,
+        severity: "block",
+        keywords: ["hrku-aa"]
+      },
+      // ── PyPI ──────────────────────────────────────────────────────────────────
+      {
+        name: "PyPI Upload Token",
+        regex: /\bpypi-[A-Za-z0-9_-]{50,}\b/,
+        severity: "block",
+        keywords: ["pypi-"],
+        minEntropy: 3
+      },
+      // ── Bearer Token ─────────────────────────────────────────────────────────
+      // contextBoost: promoted to block when assigned (e.g. AUTH_TOKEN=Bearer eyJ...)
+      {
+        name: "Bearer Token",
+        regex: /Bearer\s+[a-zA-Z0-9\-._~+/]{20,}=*/i,
+        severity: "review",
+        keywords: ["bearer"],
+        contextBoost: true,
+        minEntropy: 3
+      },
+      // ── Resend ────────────────────────────────────────────────────────────────
+      {
+        name: "Resend API Key",
+        regex: /\bre_[a-zA-Z0-9]{24}\b/,
+        severity: "block",
+        keywords: ["re_"]
+      },
+      // ── Telegram ──────────────────────────────────────────────────────────────
+      {
+        name: "Telegram Bot Token",
+        regex: /\b[0-9]{7,10}:AA[a-zA-Z0-9_-]{33}\b/,
+        severity: "block",
+        keywords: [":aa"]
+      },
+      // ── Mapbox ────────────────────────────────────────────────────────────────
+      {
+        name: "Mapbox Access Token",
+        regex: /\bpk\.eyJ1[a-zA-Z0-9._-]{20,}\b/,
+        severity: "block",
+        keywords: ["pk.eyj1"],
+        minEntropy: 3
+      },
+      // ── Notion ────────────────────────────────────────────────────────────────
+      {
+        name: "Notion Integration Token",
+        regex: /\bsecret_[a-zA-Z0-9]{43}\b/,
+        severity: "block",
+        keywords: ["secret_"]
+      },
+      // ── Square ────────────────────────────────────────────────────────────────
+      {
+        name: "Square Access Token",
+        regex: /\bsq0atp-[0-9A-Za-z_-]{22}\b/,
+        severity: "block",
+        keywords: ["sq0atp-"]
+      },
+      {
+        name: "Square OAuth Secret",
+        regex: /\bsq0csp-[0-9A-Za-z_-]{43}\b/,
+        severity: "block",
+        keywords: ["sq0csp-"]
+      },
+      // ── Typeform ──────────────────────────────────────────────────────────────
+      {
+        name: "Typeform Token",
+        regex: /\btfp_[a-zA-Z0-9_]{59}\b/,
+        severity: "block",
+        keywords: ["tfp_"]
+      },
+      // ── Cloudinary ────────────────────────────────────────────────────────────
+      {
+        name: "Cloudinary URL",
+        regex: /\bcloudinary:\/\/[0-9]+:[a-zA-Z0-9_-]+@[a-zA-Z0-9_-]+/,
+        severity: "block",
+        keywords: ["cloudinary://"]
+      },
+      // ── Airtable ──────────────────────────────────────────────────────────────
+      // New PAT format: pat + 14 alphanum + . + 64 alphanum
+      {
+        name: "Airtable PAT",
+        regex: /\bpat[a-zA-Z0-9]{14}\.[a-zA-Z0-9]{64}\b/,
+        severity: "block",
+        keywords: ["pat"]
+      },
+      // ── RubyGems ──────────────────────────────────────────────────────────────
+      {
+        name: "RubyGems API Key",
+        regex: /\brubygems_[a-f0-9]{48}\b/,
+        severity: "block",
+        keywords: ["rubygems_"]
+      },
+      // ── Shippo ────────────────────────────────────────────────────────────────
+      {
+        name: "Shippo Token",
+        regex: /\bshippo_(?:live|test)_[a-f0-9]{40}\b/,
+        severity: "block",
+        keywords: ["shippo_"]
+      },
+      // ── Plaid ─────────────────────────────────────────────────────────────────
+      {
+        name: "Plaid Access Token",
+        regex: /\baccess-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\b/,
+        severity: "block",
+        keywords: ["access-sandbox", "access-development", "access-production"]
+      },
+      // ── Age ───────────────────────────────────────────────────────────────────
+      {
+        name: "Age Identity Key",
+        regex: /\bAGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JNLH]{58}\b/,
+        severity: "block",
+        keywords: ["age-secret-key-"]
+      }
+    ];
+    DLP_PATTERNS_GLOBAL = DLP_PATTERNS.map(
+      (p) => ({
+        pattern: p,
+        globalRegex: new RegExp(
+          p.regex.source,
+          p.regex.flags.includes("g") ? p.regex.flags : p.regex.flags + "g"
+        )
+      })
+    );
+    SENSITIVE_PATH_PATTERNS = [
+      /[/\\]\.ssh[/\\]/i,
+      /[/\\]\.aws[/\\]/i,
+      /[/\\]\.config[/\\]gcloud[/\\]/i,
+      /[/\\]\.azure[/\\]/i,
+      /[/\\]\.kube[/\\]config$/i,
+      /[/\\]\.env($|\.)/i,
+      // .env, .env.local, .env.production — not .envoy
+      /[/\\]\.git-credentials$/i,
+      /[/\\]\.npmrc$/i,
+      /[/\\]\.docker[/\\]config\.json$/i,
+      /[/\\][^/\\]+\.pem$/i,
+      /[/\\][^/\\]+\.key$/i,
+      /[/\\][^/\\]+\.p12$/i,
+      /[/\\][^/\\]+\.pfx$/i,
+      /^(?:[a-zA-Z]:)?\/etc\/passwd$/,
+      /^(?:[a-zA-Z]:)?\/etc\/shadow$/,
+      /^(?:[a-zA-Z]:)?\/etc\/sudoers$/,
+      /[/\\]credentials\.json$/i,
+      /[/\\]id_rsa$/i,
+      /[/\\]id_ed25519$/i,
+      /[/\\]id_ecdsa$/i
+    ];
+    assertBuiltinPatternsAreSafe();
+    MAX_DEPTH = 5;
+    MAX_STRING_BYTES = 1e5;
+    MAX_JSON_PARSE_BYTES = 1e4;
+    ({ syntax } = mvdanSh);
+    sharedParser = syntax.NewParser();
+    MESSAGE_FLAGS = /* @__PURE__ */ new Set([
+      "-m",
+      "--message",
+      "--body",
+      "--title",
+      "--description",
+      "--comment",
+      "--subject",
+      "--summary"
+    ]);
+    SHELL_INTERPRETERS = /* @__PURE__ */ new Set(["bash", "sh", "zsh", "fish", "dash", "ksh"]);
+    DOWNLOAD_CMDS = /* @__PURE__ */ new Set(["curl", "wget"]);
+    NORMALIZE_CACHE_MAX = 5e3;
+    normalizeCache = /* @__PURE__ */ new Map();
+    AST_CACHE_MAX = 5e3;
+    astCache = /* @__PURE__ */ new Map();
+    PARSE_FAIL = /* @__PURE__ */ Symbol("parse-fail");
+    FS_READ_TOOLS = /* @__PURE__ */ new Set([
+      "cat",
+      "less",
+      "head",
+      "tail",
+      "bat",
+      "more",
+      "open",
+      "print",
+      "nano",
+      "vim",
+      "vi",
+      "emacs",
+      "code",
+      "type"
+    ]);
+    FS_OP_PRESCREEN_RE = /(?:^|[\s|;&(`\n])(?:rm|cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\b/;
+    HOME_CACHE_ALLOWLIST = [
+      ".cache",
+      ".npm/_npx",
+      ".npm/_cacache",
+      ".cargo/registry",
+      ".gradle/caches",
+      ".gradle/.tmp",
+      ".m2/repository",
+      ".pnpm-store",
+      ".yarn/cache",
+      ".yarn/.cache",
+      ".cache/pip",
+      ".local/share/Trash",
+      ".rustup/downloads"
+    ];
+    SENSITIVE_PATH_RULES = [
+      {
+        rule: "shield:project-jail:block-read-ssh",
+        reason: "Reading SSH private keys is blocked by project-jail shield",
+        match: (p) => /(^|[\\/])\.ssh[\\/]/i.test(p)
+      },
+      {
+        rule: "shield:project-jail:block-read-aws",
+        reason: "Reading AWS credentials is blocked by project-jail shield",
+        match: (p) => /(^|[\\/])\.aws[\\/]/i.test(p)
+      },
+      {
+        rule: "shield:project-jail:block-read-env",
+        reason: "Reading .env files is blocked by project-jail shield",
+        match: (p) => /(?:^|[\\/])\.env(?:\.local|\.production|\.staging)?$/i.test(p)
+      },
+      {
+        rule: "shield:project-jail:block-read-credentials",
+        reason: "Reading credential files is blocked by project-jail shield",
+        match: (p) => /(?:credentials\.json|\.netrc|\.npmrc|\.docker[\\/]config\.json|gcloud[\\/]credentials)$/i.test(
+          p
+        )
+      }
+    ];
+    BASH_TOOL_NAMES = /* @__PURE__ */ new Set([
+      "bash",
+      "execute_bash",
+      "run_shell_command",
+      "shell",
+      "exec_command"
+    ]);
+    AST_FS_REGEX_RULES = /* @__PURE__ */ new Set([
+      "block-rm-rf-home",
+      "shield:project-jail:block-read-ssh",
+      "shield:project-jail:block-read-aws",
+      "shield:project-jail:block-read-env",
+      "shield:project-jail:block-read-credentials"
+    ]);
+    FS_OP_CACHE_MAX = 5e3;
+    fsOpCache = /* @__PURE__ */ new Map();
+    SOURCE_COMMANDS = /* @__PURE__ */ new Set([
+      "cat",
+      "head",
+      "tail",
+      "grep",
+      "awk",
+      "sed",
+      "cut",
+      "sort",
+      "tee",
+      "less",
+      "more",
+      "strings",
+      "xxd"
+    ]);
+    SINK_COMMANDS = /* @__PURE__ */ new Set([
+      "curl",
+      "wget",
+      "nc",
+      "ncat",
+      "netcat",
+      "ssh",
+      "scp",
+      "rsync",
+      "socat",
+      "ftp",
+      "sftp",
+      "telnet"
+    ]);
+    OBFUSCATORS = /* @__PURE__ */ new Set([
+      "base64",
+      "gzip",
+      "gunzip",
+      "bzip2",
+      "xz",
+      "zstd",
+      "openssl",
+      "gpg",
+      "python",
+      "python3",
+      "perl",
+      "ruby",
+      "node"
+    ]);
+    SENSITIVE_PATTERNS = [
+      /(?:^|\/)\.env(?:\.|$)/i,
+      // .env, .env.local, .env.production
+      /id_rsa|id_ed25519|id_ecdsa|id_dsa/i,
+      // SSH private keys
+      /\.pem$|\.key$|\.p12$|\.pfx$/i,
+      // certificate files
+      /(?:^|\/)\.ssh\//i,
+      // ~/.ssh/ directory
+      /(?:^|\/)\.aws\/credentials/i,
+      // AWS credentials
+      /(?:^|\/)\.netrc$/i,
+      // netrc (stores HTTP credentials)
+      /(?:^|\/)(passwd|shadow|sudoers)$/i,
+      // /etc/passwd, /etc/shadow
+      /(?:^|\/)credentials(?:\.json)?$/i
+      // generic credentials files
+    ];
+    MAX_REGEX_LENGTH = 100;
+    REGEX_CACHE_MAX = 500;
+    regexCache = /* @__PURE__ */ new Map();
+    FORBIDDEN_PATH_SEGMENTS = /* @__PURE__ */ new Set(["__proto__", "constructor", "prototype"]);
+    aws_default = {
+      name: "aws",
+      description: "Protects AWS infrastructure from destructive AI operations",
+      aliases: ["amazon"],
+      smartRules: [
+        {
+          name: "shield:aws:block-delete-s3-bucket",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "aws\\s+s3.*rb\\s|aws\\s+s3api\\s+delete-bucket",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "S3 bucket deletion is irreversible \u2014 blocked by AWS shield"
+        },
+        {
+          name: "shield:aws:review-iam-changes",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "aws\\s+iam\\s+(create|delete|attach|detach|put|remove)",
+              flags: "i"
+            }
+          ],
+          verdict: "review",
+          reason: "IAM changes require human approval (AWS shield)"
+        },
+        {
+          name: "shield:aws:block-ec2-terminate",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "aws\\s+ec2\\s+terminate-instances",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "EC2 instance termination is irreversible \u2014 blocked by AWS shield"
+        },
+        {
+          name: "shield:aws:review-rds-delete",
+          tool: "*",
+          conditions: [
+            { field: "command", op: "matches", value: "aws\\s+rds\\s+delete-", flags: "i" }
+          ],
+          verdict: "review",
+          reason: "RDS deletion requires human approval (AWS shield)"
+        }
+      ],
+      dangerousWords: []
+    };
+    bash_safe_default = {
+      name: "bash-safe",
+      description: "Blocks high-risk bash patterns: pipe-to-shell, rm -rf /, disk overwrites, eval",
+      aliases: ["bash", "shell"],
+      smartRules: [
+        {
+          name: "shield:bash-safe:block-pipe-to-shell",
+          tool: "bash",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "(^|&&|\\|\\||;)\\s*(curl|wget)\\s+[^|]*\\|\\s*(?:(bash|sh|zsh|fish)|(python3?|ruby|perl|node)\\b(?!\\s+-[cem]\\b))",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "Pipe-to-shell is a common supply-chain attack vector \u2014 blocked by bash-safe shield"
+        },
+        {
+          name: "shield:bash-safe:block-obfuscated-exec",
+          tool: "bash",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "\\bbase64\\s+(-d|--decode)[^|;&]*\\|\\s*(bash|sh|zsh)",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "Obfuscated execution via base64 decode \u2014 blocked by bash-safe shield"
+        },
+        {
+          name: "shield:bash-safe:block-rm-root",
+          tool: "bash",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "rm\\s+(-[a-zA-Z]*r[a-zA-Z]*f|-[a-zA-Z]*f[a-zA-Z]*r)[a-zA-Z]*\\s+(\\/|~|\\$HOME|\\$\\{HOME\\})\\s*$",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "rm -rf of root or home directory is catastrophic \u2014 blocked by bash-safe shield"
+        },
+        {
+          name: "shield:bash-safe:block-disk-overwrite",
+          tool: "bash",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "(^|&&|\\|\\||;)\\s*dd\\s+.*of=\\/dev\\/(sd|nvme|hd|vd|xvd)",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "Writing directly to a block device is irreversible \u2014 blocked by bash-safe shield"
+        },
+        {
+          name: "shield:bash-safe:block-eval-remote",
+          tool: "bash",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "(^|&&|\\|\\||;)\\s*eval\\s+.*\\$\\((curl|wget)\\b",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "eval of remote download is a near-certain supply-chain attack \u2014 blocked by bash-safe shield"
+        },
+        {
+          name: "shield:bash-safe:review-eval-dynamic",
+          tool: "bash",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: '(^|&&|\\|\\||[;|\\n{(`])\\s*eval\\s+([\\$`(]|"[^"]*\\$)',
+              flags: "i"
+            }
+          ],
+          verdict: "review",
+          reason: "eval of dynamic content \u2014 backup regex rule for scan path (real-time uses AST detection)"
+        }
+      ],
+      dangerousWords: []
+    };
+    docker_default = {
+      name: "docker",
+      description: "Protects Docker environments from destructive AI operations",
+      aliases: [],
+      smartRules: [
+        {
+          name: "shield:docker:block-system-prune",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "docker\\s+system\\s+prune",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "docker system prune removes all unused containers, images, and volumes \u2014 blocked by Docker shield"
+        },
+        {
+          name: "shield:docker:block-volume-prune",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "docker\\s+volume\\s+prune",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "docker volume prune destroys all unused volumes and their data \u2014 blocked by Docker shield"
+        },
+        {
+          name: "shield:docker:block-rm-force",
+          tool: "*",
+          conditionMode: "all",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "docker\\s+rm\\b",
+              flags: "i"
+            },
+            {
+              field: "command",
+              op: "matches",
+              value: "(^|\\s)(-f|--force)(\\s|$)",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "Force-removing running containers is destructive \u2014 blocked by Docker shield"
+        },
+        {
+          name: "shield:docker:review-volume-rm",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "docker\\s+volume\\s+rm\\s+",
+              flags: "i"
+            }
+          ],
+          verdict: "review",
+          reason: "Volume removal deletes persistent data and requires human approval (Docker shield)"
+        },
+        {
+          name: "shield:docker:review-stop-kill",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "docker\\s+(stop|kill)\\s+",
+              flags: "i"
+            }
+          ],
+          verdict: "review",
+          reason: "Stopping or killing containers requires human approval (Docker shield)"
+        },
+        {
+          name: "shield:docker:review-image-rm",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "docker\\s+image\\s+rm\\b",
+              flags: "i"
+            }
+          ],
+          verdict: "review",
+          reason: "Image removal requires human approval (Docker shield)"
+        },
+        {
+          name: "shield:docker:review-rmi-force",
+          tool: "*",
+          conditionMode: "all",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "docker\\s+rmi\\b",
+              flags: "i"
+            },
+            {
+              field: "command",
+              op: "matches",
+              value: "(^|\\s)(-f|--force)(\\s|$)",
+              flags: "i"
+            }
+          ],
+          verdict: "review",
+          reason: "Force image removal requires human approval (Docker shield)"
+        }
+      ],
+      dangerousWords: []
+    };
+    filesystem_default = {
+      name: "filesystem",
+      description: "Protects the local filesystem from dangerous AI operations",
+      aliases: ["fs"],
+      smartRules: [
+        {
+          name: "shield:filesystem:review-chmod-777",
+          tool: "bash",
+          conditions: [
+            { field: "command", op: "matches", value: "chmod\\s+(777|a\\+rwx)", flags: "i" }
+          ],
+          verdict: "review",
+          reason: "chmod 777 requires human approval (filesystem shield)"
+        },
+        {
+          name: "shield:filesystem:review-write-etc",
+          tool: "bash",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "(tee|\\bcp\\b|\\bmv\\b|install|>+)\\s+.*\\/etc\\/"
+            }
+          ],
+          verdict: "review",
+          reason: "Writing to /etc requires human approval (filesystem shield)"
+        }
+      ],
+      dangerousWords: ["wipefs"]
+    };
+    github_default = {
+      name: "github",
+      description: "Protects GitHub repositories from destructive AI operations",
+      aliases: ["git"],
+      smartRules: [
+        {
+          name: "shield:github:review-delete-branch-remote",
+          tool: "bash",
+          conditions: [
+            { field: "command", op: "matches", value: "git\\s+push\\s+.*--delete", flags: "i" }
+          ],
+          verdict: "review",
+          reason: "Remote branch deletion requires human approval (GitHub shield)"
+        },
+        {
+          name: "shield:github:block-delete-repo",
+          tool: "*",
+          conditions: [
+            { field: "command", op: "matches", value: "gh\\s+repo\\s+delete", flags: "i" }
+          ],
+          verdict: "block",
+          reason: "Repository deletion is irreversible \u2014 blocked by GitHub shield"
+        }
+      ],
+      dangerousWords: []
+    };
+    k8s_default = {
+      name: "k8s",
+      description: "Protects Kubernetes clusters from destructive AI operations",
+      aliases: ["kubernetes", "kubectl"],
+      smartRules: [
+        {
+          name: "shield:k8s:block-delete-namespace",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "kubectl\\s+delete\\s+(ns|namespace)\\s+",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "Deleting a namespace destroys all resources inside it \u2014 blocked by k8s shield"
+        },
+        {
+          name: "shield:k8s:block-delete-all",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "kubectl\\s+delete\\s+.*--all\\b",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "kubectl delete --all is irreversible \u2014 blocked by k8s shield"
+        },
+        {
+          name: "shield:k8s:block-helm-uninstall",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "helm\\s+(uninstall|delete|del)\\s+",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "helm uninstall removes a release and its resources \u2014 blocked by k8s shield"
+        },
+        {
+          name: "shield:k8s:review-scale-zero",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "kubectl\\s+scale\\s+.*--replicas=0",
+              flags: "i"
+            }
+          ],
+          verdict: "review",
+          reason: "Scaling to zero takes down a workload and requires human approval (k8s shield)"
+        },
+        {
+          name: "shield:k8s:review-delete-deployment",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "kubectl\\s+delete\\s+(deployment|deploy|statefulset|sts|daemonset|ds)\\s+",
+              flags: "i"
+            }
+          ],
+          verdict: "review",
+          reason: "Deleting a workload requires human approval (k8s shield)"
+        },
+        {
+          name: "shield:k8s:review-apply-force",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "kubectl\\s+(apply|replace)\\s+.*--force",
+              flags: "i"
+            }
+          ],
+          verdict: "review",
+          reason: "Force-apply overwrites live resources and requires human approval (k8s shield)"
+        }
+      ],
+      dangerousWords: []
+    };
+    mongodb_default = {
+      name: "mongodb",
+      description: "Protects MongoDB databases from destructive AI operations",
+      aliases: ["mongo"],
+      smartRules: [
+        {
+          name: "shield:mongodb:block-drop-database",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "\\.dropDatabase\\s*\\(",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "dropDatabase is irreversible \u2014 blocked by MongoDB shield"
+        },
+        {
+          name: "shield:mongodb:block-drop-collection",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "\\.drop\\s*\\(|db\\.getCollection\\([^)]+\\)\\.drop\\s*\\(",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "Collection drop is irreversible \u2014 blocked by MongoDB shield"
+        },
+        {
+          name: "shield:mongodb:block-delete-many-empty-filter",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "\\.deleteMany\\s*\\(\\s*\\{\\s*\\}\\s*\\)",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "deleteMany({}) with empty filter wipes the entire collection \u2014 blocked by MongoDB shield"
+        },
+        {
+          name: "shield:mongodb:review-delete-many",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "\\.deleteMany\\s*\\(",
+              flags: "i"
+            }
+          ],
+          verdict: "review",
+          reason: "deleteMany requires human approval (MongoDB shield)"
+        },
+        {
+          name: "shield:mongodb:review-drop-index",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "\\.dropIndex\\s*\\(|\\.dropIndexes\\s*\\(",
+              flags: "i"
+            }
+          ],
+          verdict: "review",
+          reason: "Index drops affect query performance and require human approval (MongoDB shield)"
+        }
+      ],
+      dangerousWords: ["dropDatabase", "dropCollection", "mongodrop"]
+    };
+    postgres_default = {
+      name: "postgres",
+      description: "Protects PostgreSQL databases from destructive AI operations",
+      aliases: ["pg", "postgresql"],
+      smartRules: [
+        {
+          name: "shield:postgres:block-drop-table",
+          tool: "*",
+          conditions: [{ field: "sql", op: "matches", value: "DROP\\s+TABLE", flags: "i" }],
+          verdict: "block",
+          reason: "DROP TABLE is irreversible \u2014 blocked by Postgres shield"
+        },
+        {
+          name: "shield:postgres:block-truncate",
+          tool: "*",
+          conditions: [
+            { field: "sql", op: "matches", value: "TRUNCATE\\s+TABLE", flags: "i" }
+          ],
+          verdict: "block",
+          reason: "TRUNCATE is irreversible \u2014 blocked by Postgres shield"
+        },
+        {
+          name: "shield:postgres:block-drop-column",
+          tool: "*",
+          conditions: [
+            { field: "sql", op: "matches", value: "ALTER\\s+TABLE.*DROP\\s+COLUMN", flags: "i" }
+          ],
+          verdict: "block",
+          reason: "DROP COLUMN is irreversible \u2014 blocked by Postgres shield"
+        },
+        {
+          name: "shield:postgres:review-grant-revoke",
+          tool: "*",
+          conditions: [
+            { field: "sql", op: "matches", value: "\\b(GRANT|REVOKE)\\b", flags: "i" }
+          ],
+          verdict: "review",
+          reason: "Permission changes require human approval (Postgres shield)"
+        }
+      ],
+      dangerousWords: ["dropdb", "pg_dropcluster"]
+    };
+    project_jail_default = {
+      name: "project-jail",
+      description: "Restricts AI agents from reading sensitive credential files outside the current project",
+      aliases: ["jail"],
+      smartRules: [
+        {
+          name: "shield:project-jail:block-read-ssh",
+          tool: "bash",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*[\\/\\\\]\\.ssh[\\/\\\\]",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "Reading SSH private keys is blocked by project-jail shield"
+        },
+        {
+          name: "shield:project-jail:block-read-aws",
+          tool: "bash",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*[\\/\\\\]\\.aws[\\/\\\\]",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "Reading AWS credentials is blocked by project-jail shield"
+        },
+        {
+          name: "shield:project-jail:block-read-env",
+          tool: "bash",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*\\.env(\\.local|\\.production|\\.staging)?\\b",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "Reading .env files is blocked by project-jail shield"
+        },
+        {
+          name: "shield:project-jail:block-read-credentials",
+          tool: "bash",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*(credentials\\.json|\\.netrc|\\.npmrc|\\.docker[\\/\\\\]config\\.json|gcloud[\\/\\\\]credentials)",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "Reading credential files is blocked by project-jail shield"
+        }
+      ],
+      dangerousWords: []
+    };
+    redis_default = {
+      name: "redis",
+      description: "Protects Redis instances from destructive AI operations",
+      aliases: [],
+      smartRules: [
+        {
+          name: "shield:redis:block-flushall",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "\\bFLUSHALL\\b",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "FLUSHALL deletes every key in every database \u2014 blocked by Redis shield"
+        },
+        {
+          name: "shield:redis:block-flushdb",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "\\bFLUSHDB\\b",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "FLUSHDB deletes all keys in the current database \u2014 blocked by Redis shield"
+        },
+        {
+          name: "shield:redis:block-config-resetstat",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "\\bCONFIG\\s+RESETSTAT\\b",
+              flags: "i"
+            }
+          ],
+          verdict: "block",
+          reason: "CONFIG RESETSTAT resets server statistics irreversibly \u2014 blocked by Redis shield"
+        },
+        {
+          name: "shield:redis:review-config-set",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "\\bCONFIG\\s+SET\\b",
+              flags: "i"
+            }
+          ],
+          verdict: "review",
+          reason: "CONFIG SET changes live server configuration and requires human approval (Redis shield)"
+        },
+        {
+          name: "shield:redis:review-del-wildcard",
+          tool: "*",
+          conditions: [
+            {
+              field: "command",
+              op: "matches",
+              value: "\\bDEL\\b.*[*?\\[]|redis-cli.*--scan.*\\|.*xargs.*del",
+              flags: "i"
+            }
+          ],
+          verdict: "review",
+          reason: "Wildcard key deletion requires human approval (Redis shield)"
+        }
+      ],
+      dangerousWords: ["FLUSHALL", "FLUSHDB"]
+    };
+    BUILTIN_SHIELDS = {
+      [aws_default.name]: aws_default,
+      [bash_safe_default.name]: bash_safe_default,
+      [docker_default.name]: docker_default,
+      [filesystem_default.name]: filesystem_default,
+      [github_default.name]: github_default,
+      [k8s_default.name]: k8s_default,
+      [mongodb_default.name]: mongodb_default,
+      [postgres_default.name]: postgres_default,
+      [project_jail_default.name]: project_jail_default,
+      [redis_default.name]: redis_default
+    };
+    assertBuiltinShieldRegexesAreSafe();
+    DESTRUCTIVE_OP_RE = /\brm\s+-[rRf]+\b|\bDROP\s+(TABLE|DATABASE|COLLECTION|SCHEMA)\b|\bTRUNCATE\s+TABLE\b|\bgit\s+push\s+(--force|-f)\b|\bFLUSHALL\b|\bFLUSHDB\b|\bkubectl\s+delete\b|\bhelm\s+uninstall\b/i;
+    SENSITIVE_PATH_RE = /\.aws\/(credentials|config)\b|\.ssh\/(id_rsa|id_ed25519|id_ecdsa|id_dsa)\b|\.env(\.|$|\b)|\.config\/gcloud\/credentials\.db\b|\.docker\/config\.json\b|\.netrc\b|\.npmrc\b|\.node9\/credentials\.json\b/i;
+    FILE_TOOLS = /* @__PURE__ */ new Set([
+      "read",
+      "read_file",
+      "edit",
+      "edit_file",
+      "write",
+      "write_file",
+      "multiedit",
+      "grep",
+      "grep_search",
+      "glob",
+      "list_files"
+    ]);
+    PII_EMAIL_RE = /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/;
+    PII_SSN_RE = /\b\d{3}-\d{2}-\d{4}\b/;
+    PII_PHONE_RE = /\b(?:\+?1[-.\s]?)?\(?\d{3}\)?[-.\s]\d{3}[-.\s]\d{4}\b/;
+    PII_CC_RE = /\b(?:4\d{3}|5[1-5]\d{2}|3[47]\d{2}|6\d{3})[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b/;
+    LONG_OUTPUT_THRESHOLD_BYTES = 100 * 1024;
+  }
+});
+// src/dlp.ts
+var init_dlp = __esm({
+  "src/dlp.ts"() {
+    "use strict";
+    init_dist();
+    init_dist();
+  }
+});
+// src/cli/commands/blast.ts
+import chalk from "chalk";
+import fs from "fs";
+import path from "path";
+import os from "os";
+function buildSensitivePaths(home, cwd) {
+  return [
+    {
+      full: path.join(home, ".ssh", "id_rsa"),
+      label: "~/.ssh/id_rsa",
+      description: "RSA private key \u2014 grants SSH access to your servers",
+      score: 20
+    },
+    {
+      full: path.join(home, ".ssh", "id_ed25519"),
+      label: "~/.ssh/id_ed25519",
+      description: "Ed25519 private key \u2014 grants SSH access to your servers",
+      score: 20
+    },
+    {
+      full: path.join(home, ".ssh", "id_ecdsa"),
+      label: "~/.ssh/id_ecdsa",
+      description: "ECDSA private key \u2014 grants SSH access to your servers",
+      score: 20
+    },
+    {
+      full: path.join(home, ".aws", "credentials"),
+      label: "~/.aws/credentials",
+      description: "AWS access keys \u2014 full cloud account access",
+      score: 20
+    },
+    {
+      full: path.join(home, ".aws", "config"),
+      label: "~/.aws/config",
+      description: "AWS configuration \u2014 account and region settings",
+      score: 5
+    },
+    {
+      full: path.join(home, ".config", "gcloud", "credentials.db"),
+      label: "~/.config/gcloud/credentials.db",
+      description: "Google Cloud credentials",
+      score: 15
+    },
+    {
+      full: path.join(home, ".docker", "config.json"),
+      label: "~/.docker/config.json",
+      description: "Docker registry auth tokens",
+      score: 10
+    },
+    {
+      full: path.join(home, ".netrc"),
+      label: "~/.netrc",
+      description: "FTP/HTTP credentials in plain text",
+      score: 15
+    },
+    {
+      full: path.join(home, ".npmrc"),
+      label: "~/.npmrc",
+      description: "npm auth token \u2014 can publish packages as you",
+      score: 10
+    },
+    {
+      full: path.join(home, ".node9", "credentials.json"),
+      label: "~/.node9/credentials.json",
+      description: "Node9 cloud API key",
+      score: 10
+    },
+    {
+      full: path.join(cwd, ".env"),
+      label: ".env  (current folder)",
+      description: "App secrets \u2014 database passwords, API keys",
+      score: 20
+    },
+    {
+      full: path.join(cwd, ".env.local"),
+      label: ".env.local  (current folder)",
+      description: "Local overrides \u2014 often contains real credentials",
+      score: 15
+    },
+    {
+      full: path.join(cwd, ".env.production"),
+      label: ".env.production  (current folder)",
+      description: "Production secrets",
+      score: 20
+    }
+  ];
+}
+function isReadable(filePath) {
+  try {
+    fs.accessSync(filePath, fs.constants.R_OK);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function runBlast() {
+  const home = os.homedir();
+  const cwd = process.cwd();
+  const paths = buildSensitivePaths(home, cwd);
+  let scoreDeduction = 0;
+  const reachable = [];
+  for (const p of paths) {
+    if (fs.existsSync(p.full) && isReadable(p.full)) {
+      reachable.push(p);
+      scoreDeduction += p.score;
+    }
+  }
+  const envFindings = [];
+  for (const [key, value] of Object.entries(process.env)) {
+    if (!value) continue;
+    const match = scanArgs({ [key]: value });
+    if (match) {
+      envFindings.push({ key, patternName: match.patternName });
+      scoreDeduction += 10;
+    }
+  }
+  return { reachable, envFindings, score: Math.max(0, 100 - scoreDeduction) };
+}
+var init_blast = __esm({
+  "src/cli/commands/blast.ts"() {
+    "use strict";
+    init_dlp();
+  }
+});
+// src/auth/daemon.ts
+import fs2 from "fs";
+import path2 from "path";
+import os2 from "os";
+function getInternalToken() {
+  try {
+    const pidFile = path2.join(os2.homedir(), ".node9", "daemon.pid");
+    if (!fs2.existsSync(pidFile)) return null;
+    const data = JSON.parse(fs2.readFileSync(pidFile, "utf-8"));
+    process.kill(data.pid, 0);
+    return data.internalToken ?? null;
+  } catch {
+    return null;
+  }
+}
+var ACTIVITY_SOCKET_PATH, DAEMON_PORT, DAEMON_HOST;
+var init_daemon = __esm({
+  "src/auth/daemon.ts"() {
+    "use strict";
+    ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path2.join(os2.tmpdir(), "node9-activity.sock");
+    DAEMON_PORT = 7391;
+    DAEMON_HOST = "127.0.0.1";
+  }
+});
+// src/config-schema.ts
+import { z } from "zod";
+var noNewlines, SmartConditionSchema, SmartRuleSchema, ConfigFileSchema;
+var init_config_schema = __esm({
+  "src/config-schema.ts"() {
+    "use strict";
+    noNewlines = z.string().refine((s) => !s.includes("\n") && !s.includes("\r"), {
+      message: "Value must not contain literal newline characters (use \\n instead)"
+    });
+    SmartConditionSchema = z.object({
+      field: z.string().min(1, "Condition field must not be empty"),
+      op: z.enum(
+        [
+          "matches",
+          "notMatches",
+          "contains",
+          "notContains",
+          "exists",
+          "notExists",
+          "matchesGlob",
+          "notMatchesGlob"
+        ],
+        {
+          errorMap: () => ({
+            message: "op must be one of: matches, notMatches, contains, notContains, exists, notExists, matchesGlob, notMatchesGlob"
+          })
+        }
+      ),
+      value: z.string().optional(),
+      flags: z.string().optional()
+    }).refine(
+      (c) => {
+        if (c.op === "matchesGlob" || c.op === "notMatchesGlob") return c.value !== void 0;
+        return true;
+      },
+      { message: "matchesGlob and notMatchesGlob conditions require a value field" }
+    );
+    SmartRuleSchema = z.object({
+      name: z.string().optional(),
+      tool: z.string().min(1, "Smart rule tool must not be empty"),
+      conditions: z.array(SmartConditionSchema).min(1, "Smart rule must have at least one condition"),
+      conditionMode: z.enum(["all", "any"]).optional(),
+      verdict: z.enum(["allow", "review", "block"], {
+        errorMap: () => ({ message: "verdict must be one of: allow, review, block" })
+      }),
+      reason: z.string().optional(),
+      description: z.string().optional(),
+      // Unknown predicate names are filtered out rather than failing the whole rule.
+      // Failing the whole z.array() would cause sanitizeConfig to drop the entire
+      // `policy` top-level key, silently disabling ALL smart rules in the config.
+      dependsOnState: z.array(z.string()).transform(
+        (arr) => arr.filter(
+          (p) => p === "no_test_passed_since_last_edit"
+        )
+      ).optional(),
+      recoveryCommand: z.string().optional()
+    });
+    ConfigFileSchema = z.object({
+      version: z.string().optional(),
+      settings: z.object({
+        mode: z.enum(["standard", "strict", "audit", "observe"]).optional(),
+        autoStartDaemon: z.boolean().optional(),
+        enableUndo: z.boolean().optional(),
+        enableHookLogDebug: z.boolean().optional(),
+        approvalTimeoutMs: z.number().nonnegative().optional(),
+        approvalTimeoutSeconds: z.number().nonnegative().optional(),
+        flightRecorder: z.boolean().optional(),
+        approvers: z.object({
+          native: z.boolean().optional(),
+          browser: z.boolean().optional(),
+          cloud: z.boolean().optional(),
+          terminal: z.boolean().optional()
+        }).optional(),
+        environment: z.string().optional(),
+        slackEnabled: z.boolean().optional(),
+        enableTrustSessions: z.boolean().optional(),
+        allowGlobalPause: z.boolean().optional(),
+        auditHashArgs: z.boolean().optional(),
+        agentPolicy: z.enum(["require_approval", "block_on_rules"]).optional(),
+        cloudSyncIntervalHours: z.number().positive().optional()
+      }).optional(),
+      policy: z.object({
+        sandboxPaths: z.array(z.string()).optional(),
+        dangerousWords: z.array(noNewlines).optional(),
+        ignoredTools: z.array(z.string()).optional(),
+        toolInspection: z.record(z.string()).optional(),
+        smartRules: z.array(SmartRuleSchema).optional(),
+        snapshot: z.object({
+          tools: z.array(z.string()).optional(),
+          onlyPaths: z.array(z.string()).optional(),
+          ignorePaths: z.array(z.string()).optional()
+        }).optional(),
+        dlp: z.object({
+          enabled: z.boolean().optional(),
+          scanIgnoredTools: z.boolean().optional()
+        }).optional(),
+        loopDetection: z.object({
+          enabled: z.boolean().optional(),
+          threshold: z.number().min(2).optional(),
+          windowSeconds: z.number().min(10).optional()
+        }).optional(),
+        skillPinning: z.object({
+          enabled: z.boolean().optional(),
+          mode: z.enum(["warn", "block"]).optional(),
+          roots: z.array(z.string()).optional()
+        }).optional()
+      }).optional(),
+      environments: z.record(z.object({ requireApproval: z.boolean().optional() })).optional()
+    }).strict({ message: "Config contains unknown top-level keys" });
+  }
+});
+// src/shields.ts
+import fs3 from "fs";
+import path3 from "path";
+import os3 from "os";
+function loadUserShields() {
+  const result = {};
+  let entries;
+  try {
+    entries = fs3.readdirSync(USER_SHIELDS_DIR).filter((f) => f.endsWith(".json"));
+  } catch (err) {
+    if (err.code !== "ENOENT") {
+      process.stderr.write(
+        `[node9] Could not read user shields dir ${USER_SHIELDS_DIR}: ${String(err)}
+`
+      );
+    }
+    return result;
+  }
+  for (const file of entries) {
+    const filePath = path3.join(USER_SHIELDS_DIR, file);
+    try {
+      const raw = JSON.parse(fs3.readFileSync(filePath, "utf-8"));
+      const v = validateShieldDefinition(raw);
+      if ("error" in v) {
+        process.stderr.write(`[node9] ${v.error}: ${filePath}
+`);
+        continue;
+      }
+      result[v.ok.name] = v.ok;
+    } catch (err) {
+      process.stderr.write(`[node9] Failed to load user shield ${file}: ${String(err)}
+`);
+    }
+  }
+  return result;
+}
+function buildSHIELDS() {
+  return { ...BUILTIN_SHIELDS, ...loadUserShields() };
+}
+function readShieldsFile() {
+  try {
+    const raw = fs3.readFileSync(SHIELDS_STATE_FILE, "utf-8");
+    if (!raw.trim()) return { active: [] };
+    const parsed = JSON.parse(raw);
+    const active = Array.isArray(parsed.active) ? parsed.active.filter(
+      (e) => typeof e === "string" && e.length > 0 && e in SHIELDS
+    ) : [];
+    const { overrides, warnings } = validateOverrides(parsed.overrides);
+    for (const w of warnings) {
+      process.stderr.write(`[node9] Warning: ${w}
+`);
+    }
+    return { active, overrides };
+  } catch (err) {
+    if (err.code !== "ENOENT") {
+      process.stderr.write(`[node9] Warning: could not read shields state: ${String(err)}
+`);
+    }
+    return { active: [] };
+  }
+}
+function readActiveShields() {
+  return readShieldsFile().active;
+}
+var USER_SHIELDS_DIR, SHIELDS, SHIELDS_STATE_FILE;
+var init_shields = __esm({
+  "src/shields.ts"() {
+    "use strict";
+    init_dist();
+    init_dist();
+    USER_SHIELDS_DIR = path3.join(os3.homedir(), ".node9", "shields");
+    SHIELDS = buildSHIELDS();
+    SHIELDS_STATE_FILE = path3.join(os3.homedir(), ".node9", "shields.json");
+  }
+});
+// src/config/index.ts
+var init_config = __esm({
+  "src/config/index.ts"() {
+    "use strict";
+    init_config_schema();
+    init_shields();
+  }
+});
+// src/audit/hasher.ts
+var init_hasher = __esm({
+  "src/audit/hasher.ts"() {
+    "use strict";
+  }
+});
+// src/audit/index.ts
+import path4 from "path";
+import os4 from "os";
+var LOCAL_AUDIT_LOG, HOOK_DEBUG_LOG;
+var init_audit = __esm({
+  "src/audit/index.ts"() {
+    "use strict";
+    init_hasher();
+    LOCAL_AUDIT_LOG = path4.join(os4.homedir(), ".node9", "audit.log");
+    HOOK_DEBUG_LOG = path4.join(os4.homedir(), ".node9", "hook-debug.log");
+  }
+});
+// src/pricing/litellm.ts
+function normalizeModel(raw) {
+  return raw.replace(/-\d{8}$/, "").toLowerCase();
+}
+function pricingFor(model) {
+  const norm = normalizeModel(model);
+  const sources = [];
+  if (memCache) sources.push(memCache);
+  sources.push(BUNDLED_PRICING);
+  for (const source of sources) {
+    const exact = source[norm];
+    if (exact) return exact;
+    let best = null;
+    for (const key of Object.keys(source)) {
+      if (norm.startsWith(key.toLowerCase()) && (best === null || key.length > best.length)) {
+        best = key;
+      }
+    }
+    if (best) return source[best];
+  }
+  return null;
+}
+var BUNDLED_PRICING, TTL_MS, memCache;
+var init_litellm = __esm({
+  "src/pricing/litellm.ts"() {
+    "use strict";
+    init_audit();
+    BUNDLED_PRICING = {
+      // Anthropic
+      "claude-opus-4": [5e-6, 25e-6, 625e-8, 5e-7],
+      "claude-opus-4-1": [5e-6, 25e-6, 625e-8, 5e-7],
+      "claude-opus-4-5": [5e-6, 25e-6, 625e-8, 5e-7],
+      "claude-opus-4-6": [5e-6, 25e-6, 625e-8, 5e-7],
+      "claude-opus-4-7": [5e-6, 25e-6, 625e-8, 5e-7],
+      "claude-sonnet-4": [3e-6, 15e-6, 375e-8, 3e-7],
+      "claude-sonnet-4-5": [3e-6, 15e-6, 375e-8, 3e-7],
+      "claude-sonnet-4-6": [3e-6, 15e-6, 375e-8, 3e-7],
+      "claude-haiku-4": [8e-7, 4e-6, 1e-6, 8e-8],
+      "claude-haiku-4-5": [8e-7, 4e-6, 1e-6, 8e-8],
+      "claude-3-7-sonnet": [3e-6, 15e-6, 375e-8, 3e-7],
+      "claude-3-5-sonnet": [3e-6, 15e-6, 375e-8, 3e-7],
+      "claude-3-5-haiku": [8e-7, 4e-6, 1e-6, 8e-8],
+      "claude-3-haiku": [25e-8, 125e-8, 3e-7, 3e-8],
+      // OpenAI
+      "gpt-4o": [5e-6, 15e-6, 0, 25e-7],
+      "gpt-4o-mini": [15e-8, 6e-7, 0, 75e-9],
+      "gpt-5": [1e-5, 3e-5, 0, 5e-6],
+      // Google
+      "gemini-2.0-flash": [75e-9, 3e-7, 0, 0],
+      "gemini-1.5-pro": [125e-8, 5e-6, 0, 0]
+    };
+    TTL_MS = 24 * 60 * 60 * 1e3;
+    memCache = null;
+  }
+});
+// src/costSync.ts
+import fs4 from "fs";
+import path5 from "path";
+import os5 from "os";
+function decodeProjectDirName(dirName) {
+  return dirName.replace(/-/g, "/");
+}
+function parseJSONLFile(filePath, fallbackWorkingDir) {
+  const runId = path5.basename(filePath, ".jsonl");
+  let content;
+  try {
+    content = fs4.readFileSync(filePath, "utf8");
+  } catch {
+    return /* @__PURE__ */ new Map();
+  }
+  const daily = /* @__PURE__ */ new Map();
+  for (const line of content.split("\n")) {
+    if (!line.trim()) continue;
+    let row;
+    try {
+      row = JSON.parse(line);
+    } catch {
+      continue;
+    }
+    if (row["type"] !== "assistant") continue;
+    const msg = row["message"];
+    if (!msg?.["usage"] || typeof msg["model"] !== "string") continue;
+    const usage = msg["usage"];
+    const model = msg["model"];
+    const timestamp = row["timestamp"];
+    if (typeof timestamp !== "string" || timestamp.length < 10) continue;
+    const date = timestamp.slice(0, 10);
+    const p = pricingFor(model);
+    if (!p) continue;
+    const inp = Number(usage["input_tokens"] ?? 0);
+    const out = Number(usage["output_tokens"] ?? 0);
+    const cw = Number(usage["cache_creation_input_tokens"] ?? 0);
+    const cr = Number(usage["cache_read_input_tokens"] ?? 0);
+    const cost = inp * p[0] + out * p[1] + cw * p[2] + cr * p[3];
+    const rowCwd = typeof row["cwd"] === "string" ? row["cwd"] : null;
+    const workingDir = rowCwd && rowCwd.startsWith("/") ? rowCwd : fallbackWorkingDir;
+    const norm = normalizeModel(model);
+    const key = `${date}::${norm}::${workingDir}::${runId}`;
+    const prev = daily.get(key);
+    if (prev) {
+      prev.costUSD += cost;
+      prev.inputTokens += inp;
+      prev.outputTokens += out;
+      prev.cacheWriteTokens += cw;
+      prev.cacheReadTokens += cr;
+    } else {
+      daily.set(key, {
+        date,
+        model: norm,
+        workingDir,
+        runId,
+        costUSD: cost,
+        inputTokens: inp,
+        outputTokens: out,
+        cacheWriteTokens: cw,
+        cacheReadTokens: cr
+      });
+    }
+  }
+  return daily;
+}
+function collectEntries() {
+  const projectsDir = path5.join(os5.homedir(), ".claude", "projects");
+  if (!fs4.existsSync(projectsDir)) return [];
+  const combined = /* @__PURE__ */ new Map();
+  let dirs;
+  try {
+    dirs = fs4.readdirSync(projectsDir);
+  } catch {
+    return [];
+  }
+  for (const dir of dirs) {
+    const dirPath = path5.join(projectsDir, dir);
+    try {
+      if (!fs4.statSync(dirPath).isDirectory()) continue;
+    } catch {
+      continue;
+    }
+    let files;
+    try {
+      files = fs4.readdirSync(dirPath).filter((f) => f.endsWith(".jsonl"));
+    } catch {
+      continue;
+    }
+    const fallbackWorkingDir = decodeProjectDirName(dir);
+    for (const file of files) {
+      const entries = parseJSONLFile(path5.join(dirPath, file), fallbackWorkingDir);
+      for (const [key, e] of entries) {
+        const prev = combined.get(key);
+        if (prev) {
+          prev.costUSD += e.costUSD;
+          prev.inputTokens += e.inputTokens;
+          prev.outputTokens += e.outputTokens;
+          prev.cacheWriteTokens += e.cacheWriteTokens;
+          prev.cacheReadTokens += e.cacheReadTokens;
+        } else {
+          combined.set(key, { ...e });
+        }
+      }
+    }
+  }
+  return [...combined.values()];
+}
+var SYNC_INTERVAL_MS;
+var init_costSync = __esm({
+  "src/costSync.ts"() {
+    "use strict";
+    init_config();
+    init_audit();
+    init_litellm();
+    SYNC_INTERVAL_MS = 10 * 60 * 1e3;
+  }
+});
+// src/daemon/scan-watermark.ts
+function extractFindingsFromLine(line, sessionId, lineIndex) {
+  if (!line || typeof line !== "object") return [];
+  const findings = [];
+  const obj = line;
+  const candidates = [];
+  if (obj.message && typeof obj.message === "object") {
+    const msg = obj.message;
+    if (typeof msg.content === "string") candidates.push(msg.content);
+    else if (Array.isArray(msg.content)) candidates.push(msg.content);
+  }
+  if (typeof obj.toolUseResult === "string") candidates.push(obj.toolUseResult);
+  if (obj.input && typeof obj.input === "object") candidates.push(obj.input);
+  for (const candidate of candidates) {
+    const wrapped = typeof candidate === "string" ? { content: candidate } : candidate;
+    const hit = scanArgs(wrapped);
+    if (hit) {
+      findings.push({
+        type: "dlp",
+        patternName: hit.patternName,
+        sessionId,
+        lineIndex
+      });
+    }
+    if (typeof candidate === "string" && candidate.length > 0) {
+      const piiHits = detectPii(candidate);
+      for (const patternName of piiHits) {
+        findings.push({
+          type: "pii",
+          patternName,
+          sessionId,
+          lineIndex
+        });
+      }
+    }
+  }
+  const ctx = {
+    sessionId,
+    lineIndex,
+    project: "",
+    agent: "claude",
+    rules: [],
+    toolInspection: { bash: "command", execute_bash: "command" },
+    dlpEnabled: false
+    // line-level DLP runs above already
+  };
+  const message = line.message;
+  if (message && typeof message === "object") {
+    const content = message.content;
+    if (Array.isArray(content)) {
+      for (const block of content) {
+        if (!block || typeof block !== "object") continue;
+        const b = block;
+        if (b.type === "tool_result") {
+          const c = b.content;
+          const len = typeof c === "string" ? c.length : Array.isArray(c) ? JSON.stringify(c).length : 0;
+          if (len > LONG_OUTPUT_THRESHOLD_BYTES2) {
+            findings.push({
+              type: "long-output-redacted",
+              sessionId,
+              lineIndex
+            });
+          }
+          continue;
+        }
+        if (b.type !== "tool_use") continue;
+        const toolName = typeof b.name === "string" ? b.name : "";
+        const input = b.input ?? {};
+        const call = {
+          toolName,
+          args: input,
+          timestamp: typeof obj.timestamp === "string" ? obj.timestamp : ""
+        };
+        const canonical = extractCanonicalFindings(call, ctx);
+        for (const cf of canonical) {
+          const sf = toScanFinding(cf);
+          if (sf) findings.push(sf);
+        }
+      }
+    }
+  }
+  return findings;
+}
+var MAX_LINE_BYTES, LONG_OUTPUT_THRESHOLD_BYTES2;
+var init_scan_watermark = __esm({
+  "src/daemon/scan-watermark.ts"() {
+    "use strict";
+    init_dlp();
+    init_dist();
+    MAX_LINE_BYTES = 2 * 1024 * 1024;
+    LONG_OUTPUT_THRESHOLD_BYTES2 = LONG_OUTPUT_THRESHOLD_BYTES;
+  }
+});
+// src/tui/dashboard/data.ts
+import fs5 from "fs";
+import os6 from "os";
+import path6 from "path";
+import http from "http";
+function auditLogPath() {
+  return path6.join(os6.homedir(), ".node9", "audit.log");
+}
+function readAuditEntries() {
+  const p = auditLogPath();
+  if (!fs5.existsSync(p)) return [];
+  try {
+    const lines = fs5.readFileSync(p, "utf8").split("\n");
+    const out = [];
+    for (const line of lines) {
+      if (!line.trim()) continue;
+      try {
+        const e = JSON.parse(line);
+        if (e && typeof e.ts === "string") out.push(e);
+      } catch {
+      }
+    }
+    return out;
+  } catch {
+    return [];
+  }
+}
+function aggregateAudit(entries, startMs, endMs = Date.now()) {
+  const inWindow = entries.filter((e) => {
+    if (e.source === "post-hook" || e.source === "response-dlp") return false;
+    const t = Date.parse(e.ts);
+    return t >= startMs && t <= endMs;
+  });
+  let allow = 0;
+  let block = 0;
+  let review = 0;
+  let loops = 0;
+  let dlpHits = 0;
+  const sessionSet = /* @__PURE__ */ new Set();
+  const mcpSet = /* @__PURE__ */ new Set();
+  const toolMap = /* @__PURE__ */ new Map();
+  const blockMap = /* @__PURE__ */ new Map();
+  const shellMap = /* @__PURE__ */ new Map();
+  for (const e of inWindow) {
+    if (e.sessionId) sessionSet.add(e.sessionId);
+    if (e.mcpServer) mcpSet.add(e.mcpServer);
+    const isAllow = e.decision === "allow" || e.decision === "observe-allow";
+    const isReview = e.decision === "review";
+    const isLoop = e.checkedBy === "loop-detected";
+    const isDlp = !!(e.checkedBy && e.checkedBy.toLowerCase().includes("dlp"));
+    if (isAllow) allow++;
+    else if (isReview) review++;
+    else block++;
+    if (isLoop) loops++;
+    if (isDlp) dlpHits++;
+    const t = toolMap.get(e.tool) ?? { calls: 0, blocked: 0 };
+    t.calls++;
+    if (!isAllow && !isReview) t.blocked++;
+    toolMap.set(e.tool, t);
+    if (!isAllow && e.checkedBy) {
+      blockMap.set(e.checkedBy, (blockMap.get(e.checkedBy) ?? 0) + 1);
+    }
+    if (TEST_TOOLS.has(e.tool) && typeof e.args?.command === "string") {
+      const head = e.args.command.trim().split(/\s+/)[0];
+      if (head && /^[a-zA-Z0-9._-]+$/.test(head)) {
+        const s = shellMap.get(head) ?? { count: 0, blocked: 0 };
+        s.count++;
+        if (!isAllow && !isReview) s.blocked++;
+        shellMap.set(head, s);
+      }
+    }
+  }
+  return {
+    total: inWindow.length,
+    allow,
+    block,
+    review,
+    loops,
+    dlpHits,
+    sessions: sessionSet.size,
+    mcpServers: mcpSet.size,
+    mcpCalls: [...inWindow].filter((e) => !!e.mcpServer).length,
+    byTool: [...toolMap.entries()].sort((a, b) => b[1].calls - a[1].calls).slice(0, 5).map(([tool, v]) => ({ tool, calls: v.calls, blocked: v.blocked })),
+    byBlock: [...blockMap.entries()].sort((a, b) => b[1] - a[1]).slice(0, 6).map(([rule, count]) => ({ rule, count })),
+    byShell: [...shellMap.entries()].sort((a, b) => b[1].count - a[1].count).slice(0, 5).map(([cmd, v]) => ({ cmd, count: v.count, blocked: v.blocked }))
+  };
+}
+function compactPath(p) {
+  if (!p) return p;
+  const looksLikePath = p.startsWith("/") || p.startsWith("~") || p.includes("/");
+  if (!looksLikePath) return p;
+  const segs = p.split("/").filter((s) => s.length > 0);
+  if (segs.length <= 3) return p;
+  return ".../" + segs.slice(-2).join("/");
+}
+function loadCostEntries() {
+  return new Promise((resolve) => {
+    setImmediate(() => {
+      try {
+        resolve(collectEntries());
+      } catch {
+        resolve([]);
+      }
+    });
+  });
+}
+function entryKey(e) {
+  return `${e.date}|${e.model}|${e.workingDir ?? ""}|${e.runId ?? ""}`;
+}
+function subtractCostBaseline(entries, baseline) {
+  return entries.map((e) => {
+    const b = baseline.get(entryKey(e));
+    if (!b) return e;
+    return {
+      ...e,
+      costUSD: Math.max(0, e.costUSD - b.costUSD),
+      inputTokens: Math.max(0, e.inputTokens - b.inputTokens),
+      outputTokens: Math.max(0, e.outputTokens - b.outputTokens),
+      cacheReadTokens: Math.max(0, e.cacheReadTokens - b.cacheReadTokens),
+      cacheWriteTokens: Math.max(0, e.cacheWriteTokens - b.cacheWriteTokens)
+    };
+  });
+}
+function buildCostBaseline(entries) {
+  const map = /* @__PURE__ */ new Map();
+  for (const e of entries) map.set(entryKey(e), { ...e });
+  return map;
+}
+function aggregateCost(entries, startMs, endMs = Date.now()) {
+  let totalUSD = 0;
+  let inputTokens = 0;
+  let outputTokens = 0;
+  let cacheReadTokens = 0;
+  let cacheWriteTokens = 0;
+  const byModelMap = /* @__PURE__ */ new Map();
+  const dayMs = 864e5;
+  for (const e of entries) {
+    const t = Date.parse(e.date);
+    if (Number.isNaN(t)) continue;
+    if (t + dayMs < startMs) continue;
+    if (t > endMs) continue;
+    totalUSD += e.costUSD;
+    inputTokens += e.inputTokens;
+    outputTokens += e.outputTokens;
+    cacheReadTokens += e.cacheReadTokens;
+    cacheWriteTokens += e.cacheWriteTokens;
+    const m = byModelMap.get(e.model) ?? { costUSD: 0, calls: 0 };
+    m.costUSD += e.costUSD;
+    m.calls += 1;
+    byModelMap.set(e.model, m);
+  }
+  return {
+    totalUSD,
+    inputTokens,
+    outputTokens,
+    cacheReadTokens,
+    cacheWriteTokens,
+    byModel: [...byModelMap.entries()].sort((a, b) => b[1].costUSD - a[1].costUSD).map(([model, v]) => ({ model, costUSD: v.costUSD, calls: v.calls })),
+    loaded: true
+  };
+}
+function loadScanSignals() {
+  return new Promise((resolve) => {
+    setImmediate(() => {
+      try {
+        resolve({ loaded: true, ...walkClaudeJsonlsForSignals() });
+      } catch {
+        resolve({ loaded: true, ...EMPTY_SIGNALS });
+      }
+    });
+  });
+}
+function walkClaudeJsonlsForSignals() {
+  const counts = { ...EMPTY_SIGNALS };
+  const projectsDir = path6.join(os6.homedir(), ".claude", "projects");
+  if (!fs5.existsSync(projectsDir)) return counts;
+  let dirs;
+  try {
+    dirs = fs5.readdirSync(projectsDir);
+  } catch {
+    return counts;
+  }
+  for (const dir of dirs) {
+    const dirPath = path6.join(projectsDir, dir);
+    try {
+      if (!fs5.statSync(dirPath).isDirectory()) continue;
+    } catch {
+      continue;
+    }
+    let files;
+    try {
+      files = fs5.readdirSync(dirPath).filter((f) => f.endsWith(".jsonl"));
+    } catch {
+      continue;
+    }
+    for (const file of files) {
+      const sessionId = file.replace(/\.jsonl$/, "");
+      const filePath = path6.join(dirPath, file);
+      let content;
+      try {
+        content = fs5.readFileSync(filePath, "utf8");
+      } catch {
+        continue;
+      }
+      const lines = content.split("\n");
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        if (!line.trim()) continue;
+        let parsed;
+        try {
+          parsed = JSON.parse(line);
+        } catch {
+          continue;
+        }
+        let findings;
+        try {
+          findings = extractFindingsFromLine(parsed, sessionId, i);
+        } catch {
+          continue;
+        }
+        for (const f of findings) {
+          switch (f.type) {
+            case "pii":
+              counts.pii++;
+              break;
+            case "sensitive-file-read":
+              counts.sensitiveFileRead++;
+              break;
+            case "privilege-escalation":
+              counts.privilegeEscalation++;
+              break;
+            case "destructive-op":
+              counts.destructiveOp++;
+              break;
+            case "pipe-to-shell":
+              counts.pipeToShell++;
+              break;
+            case "eval-of-remote":
+              counts.evalOfRemote++;
+              break;
+            case "long-output-redacted":
+              counts.longOutputRedacted++;
+              break;
+            // 'dlp', 'loop', 'network-exfil' tracked via other paths
+            // (audit / session-level) — skip here to avoid double-count.
+            default:
+              break;
+          }
+        }
+      }
+    }
+  }
+  return counts;
+}
+function loadShieldStatus() {
+  try {
+    const all = Object.keys(SHIELDS).sort();
+    const activeSet = new Set(readActiveShields());
+    const active = all.filter((n) => activeSet.has(n));
+    const inactive = all.filter((n) => !activeSet.has(n));
+    return { active, inactive };
+  } catch {
+    return { active: [], inactive: [] };
+  }
+}
+function loadBlast() {
+  try {
+    const r = runBlast();
+    return {
+      score: r.score,
+      paths: r.reachable.slice(0, 5).map((f) => shortenPath(f.full)),
+      envFindings: r.envFindings.length
+    };
+  } catch {
+    return { score: 100, paths: [], envFindings: 0 };
+  }
+}
+function shortenPath(p) {
+  const home = os6.homedir();
+  return p.startsWith(home) ? p.replace(home, "~") : p;
+}
+function mapResultStatus(status) {
+  if (typeof status !== "string") return void 0;
+  if (status === "allow" || status === "observe-allow" || status === "trust") return "allow";
+  if (status === "dlp" || status === "block" || status === "denied" || status === "deny" || status === "timeout") {
+    return "block";
+  }
+  if (status === "review") return "review";
+  return void 0;
+}
+function normalizeTs(ts) {
+  if (typeof ts === "string" && ts.length > 0) return ts;
+  if (typeof ts === "number" && Number.isFinite(ts)) {
+    return new Date(ts).toISOString();
+  }
+  return (/* @__PURE__ */ new Date()).toISOString();
+}
+function submitDecision(id, decision) {
+  return new Promise((resolve) => {
+    const token = getInternalToken();
+    if (!token) {
+      resolve({ ok: false, error: "daemon not running" });
+      return;
+    }
+    const bodyObj = { decision, source: "dashboard" };
+    if (decision === "trust") bodyObj.persist = true;
+    const body = JSON.stringify(bodyObj);
+    const req = http.request(
+      {
+        hostname: DAEMON_HOST,
+        port: DAEMON_PORT,
+        path: `/decision/${encodeURIComponent(id)}`,
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "Content-Length": Buffer.byteLength(body),
+          "X-Node9-Internal": token
+        }
+      },
+      (res) => {
+        res.resume();
+        if (res.statusCode === 200 || res.statusCode === 409) {
+          resolve({ ok: true });
+        } else {
+          resolve({ ok: false, error: `daemon returned ${res.statusCode}` });
+        }
+      }
+    );
+    req.on("error", (err) => resolve({ ok: false, error: err.message }));
+    req.end(body);
+  });
+}
+function isValidForensicEvent(e) {
+  if (!e || typeof e !== "object") return false;
+  const ev = e;
+  return typeof ev.id === "string" && typeof ev.sessionId === "string" && typeof ev.category === "string" && FORENSIC_CATEGORIES.has(ev.category);
+}
+function applyForensicEvent(agg, ev) {
+  const next = { ...agg };
+  switch (ev.category) {
+    case "pii":
+      next.pii++;
+      break;
+    case "sensitive-file-read":
+      next.sensitiveFileRead++;
+      break;
+    case "privilege-escalation":
+      next.privilegeEscalation++;
+      break;
+    case "destructive-op":
+      next.destructiveOp++;
+      break;
+    case "pipe-to-shell":
+      next.pipeToShell++;
+      break;
+    case "eval-of-remote":
+      next.evalOfRemote++;
+      break;
+    case "long-output-redacted":
+      next.longOutputRedacted++;
+      break;
+    default:
+      break;
+  }
+  return next;
+}
+function subscribeToSse(onEvent, onResolve, onForensic, onError) {
+  const token = getInternalToken();
+  if (!token) {
+    onError("daemon not running (no ~/.node9/daemon.pid). Run: node9 daemon start");
+    return () => {
+    };
+  }
+  let req;
+  let reconnectTimer;
+  let aborted = false;
+  let backoffMs = SSE_BACKOFF_INITIAL_MS;
+  const scheduleReconnect = (reason) => {
+    if (aborted) return;
+    const wait = backoffMs;
+    onError(`${reason}; reconnecting in ${Math.round(wait / 1e3)}s\u2026`);
+    backoffMs = Math.min(backoffMs * 2, SSE_BACKOFF_MAX_MS);
+    reconnectTimer = setTimeout(() => {
+      reconnectTimer = void 0;
+      connect();
+    }, wait);
+  };
+  const connect = () => {
+    if (aborted) return;
+    req = http.get(
+      `http://${DAEMON_HOST}:${DAEMON_PORT}/events`,
+      { headers: { "X-Node9-Internal": token, Accept: "text/event-stream" } },
+      (res) => {
+        if (res.statusCode !== 200) {
+          res.resume();
+          scheduleReconnect(`daemon /events returned ${res.statusCode}`);
+          return;
+        }
+        backoffMs = SSE_BACKOFF_INITIAL_MS;
+        let buf = "";
+        let currentEvent = "";
+        res.setEncoding("utf8");
+        res.on("data", (chunk) => {
+          buf += chunk;
+          let idx;
+          while ((idx = buf.indexOf("\n")) !== -1) {
+            const line = buf.slice(0, idx).replace(/\r$/, "");
+            buf = buf.slice(idx + 1);
+            if (line.startsWith("event:")) {
+              currentEvent = line.slice(6).trim();
+            } else if (line.startsWith("data:")) {
+              const raw = line.slice(5).trim();
+              if (!raw) continue;
+              try {
+                if (currentEvent === "forensic") {
+                  const fEvent = JSON.parse(raw);
+                  if (isValidForensicEvent(fEvent)) {
+                    onForensic(fEvent);
+                  }
+                  continue;
+                }
+                const data = JSON.parse(raw);
+                if (currentEvent === "activity-result" || currentEvent === "remove") {
+                  if (typeof data.id === "string") {
+                    const verdict = mapResultStatus(data.status ?? data.decision);
+                    onResolve(data.id, verdict);
+                  }
+                  continue;
+                }
+                const evt = toActivityEvent(currentEvent, data);
+                if (evt) onEvent(evt);
+              } catch {
+              }
+            }
+          }
+        });
+        res.on("end", () => {
+          if (!aborted) scheduleReconnect("daemon disconnected");
+        });
+      }
+    );
+    req.on("error", (err) => {
+      if (!aborted) scheduleReconnect(`connection failed: ${err.message}`);
+    });
+  };
+  connect();
+  return () => {
+    aborted = true;
+    if (reconnectTimer) clearTimeout(reconnectTimer);
+    if (req) req.destroy();
+  };
+}
+function toActivityEvent(eventName, data) {
+  const payload = data.activity ?? data;
+  const ts = normalizeTs(payload.ts);
+  if (eventName === "snapshot") {
+    return {
+      kind: "snapshot",
+      id: payload.id ?? `${ts}-snapshot`,
+      ts,
+      hash: payload.hash ?? "",
+      summary: payload.argsSummary ?? payload.tool ?? "snapshot",
+      fileCount: typeof payload.fileCount === "number" ? payload.fileCount : 0
+    };
+  }
+  if (eventName !== "activity" && eventName !== "add") return null;
+  const toolName = payload.tool ?? payload.toolName;
+  if (!toolName) return null;
+  const verdict = (() => {
+    const d = payload.decision ?? payload.status;
+    if (d === "allow" || d === "observe-allow" || d === "trust") return "allow";
+    if (d === "block" || d === "deny" || d === "denied" || d === "dlp") return "block";
+    if (d === "review") return "review";
+    return "pending";
+  })();
+  let preview;
+  if (typeof payload.args?.command === "string" && payload.args.command.length > 0) {
+    preview = payload.args.command.replace(/\s+/g, " ").slice(0, 70);
+  } else if (typeof payload.args?.file_path === "string" && payload.args.file_path.length > 0) {
+    preview = compactPath(payload.args.file_path).slice(0, 70);
+  } else if (typeof payload.args?.path === "string" && payload.args.path.length > 0) {
+    preview = compactPath(payload.args.path).slice(0, 70);
+  } else {
+    preview = JSON.stringify(payload.args ?? {}).replace(/\s+/g, " ").slice(0, 70);
+  }
+  return {
+    kind: "tool",
+    id: payload.id ?? `${ts}-${toolName}`,
+    ts,
+    tool: toolName,
+    agent: payload.agent,
+    preview,
+    verdict,
+    reason: payload.reason,
+    checkedBy: payload.checkedBy,
+    sessionId: payload.sessionId,
+    mcpServer: payload.mcpServer,
+    // Only `add` SSE events are sent to the approval channel — those
+    // are real "queued for human approval" entries. `activity` events
+    // with status:'pending' look identical at the wire level (no
+    // decision, transient) but should NOT pop the notification card.
+    isApprovalRequest: eventName === "add"
+  };
+}
+var TEST_TOOLS, EMPTY_SIGNALS, FORENSIC_CATEGORIES, SSE_BACKOFF_INITIAL_MS, SSE_BACKOFF_MAX_MS;
+var init_data = __esm({
+  "src/tui/dashboard/data.ts"() {
+    "use strict";
+    init_blast();
+    init_daemon();
+    init_costSync();
+    init_shields();
+    init_scan_watermark();
+    TEST_TOOLS = /* @__PURE__ */ new Set(["Bash", "bash"]);
+    EMPTY_SIGNALS = {
+      pii: 0,
+      sensitiveFileRead: 0,
+      privilegeEscalation: 0,
+      destructiveOp: 0,
+      pipeToShell: 0,
+      evalOfRemote: 0,
+      longOutputRedacted: 0
+    };
+    FORENSIC_CATEGORIES = /* @__PURE__ */ new Set([
+      "dlp",
+      "pii",
+      "sensitive-file-read",
+      "privilege-escalation",
+      "network-exfil",
+      "pipe-to-shell",
+      "eval-of-remote",
+      "destructive-op",
+      "loop",
+      "long-output-redacted"
+    ]);
+    SSE_BACKOFF_INITIAL_MS = 1e3;
+    SSE_BACKOFF_MAX_MS = 3e4;
+  }
+});
+// src/tui/dashboard/health.ts
+function computeHealthBadge(input) {
+  const reasons = [];
+  let severity = "secure";
+  if (input.agg.dlpHits > 0) {
+    severity = "critical";
+    reasons.push(`${input.agg.dlpHits} DLP`);
+  }
+  if (input.agg.loops > 0) {
+    severity = "critical";
+    reasons.push(`${input.agg.loops} loops`);
+  }
+  const liveSevere = input.forensicAgg.privilegeEscalation + input.forensicAgg.destructiveOp + input.forensicAgg.evalOfRemote;
+  const histSevere = input.scanSignals ? input.scanSignals.privilegeEscalation + input.scanSignals.destructiveOp + input.scanSignals.evalOfRemote : 0;
+  const totalSevere = liveSevere + histSevere;
+  if (totalSevere > 0) {
+    severity = "critical";
+    reasons.push(`${totalSevere} severe forensic`);
+  }
+  if (input.blast.score < 25) {
+    severity = "critical";
+    reasons.push(`score ${input.blast.score}/100`);
+  }
+  if (severity !== "critical") {
+    const liveWarn = input.forensicAgg.pii + input.forensicAgg.sensitiveFileRead + input.forensicAgg.pipeToShell + input.forensicAgg.longOutputRedacted;
+    const histWarn = input.scanSignals ? input.scanSignals.pii + input.scanSignals.sensitiveFileRead + input.scanSignals.pipeToShell + input.scanSignals.longOutputRedacted : 0;
+    const totalWarn = liveWarn + histWarn;
+    if (totalWarn > 0) {
+      severity = "warning";
+      reasons.push(`${totalWarn} forensic`);
+    }
+    if (input.blast.paths.length > 0) {
+      severity = "warning";
+      reasons.push(`${input.blast.paths.length} paths`);
+    }
+    if (input.shieldStatus && input.shieldStatus.inactive.length > 0) {
+      severity = "warning";
+      reasons.push(`${input.shieldStatus.inactive.length} shields off`);
+    }
+    if (input.blast.score >= 25 && input.blast.score < 50) {
+      severity = "warning";
+      reasons.push(`score ${input.blast.score}/100`);
+    }
+  }
+  const cappedReasons = reasons.slice(0, 3);
+  return {
+    severity,
+    reasons: cappedReasons,
+    hint: severity === "secure" ? void 0 : "see node9 scan"
+  };
+}
+var init_health = __esm({
+  "src/tui/dashboard/health.ts"() {
+    "use strict";
+  }
+});
+// src/tui/dashboard/format.ts
+function formatCost(usd) {
+  if (usd === 0) return "$0";
+  if (usd < 1) return `$${usd.toFixed(2)}`;
+  if (usd < 100) return `$${usd.toFixed(2)}`;
+  if (usd < 1e4) return `$${Math.round(usd).toLocaleString()}`;
+  return `$${(usd / 1e3).toFixed(1)}K`;
+}
+function formatTokens(n) {
+  if (n < 1e3) return `${n}`;
+  if (n < 1e6) return `${(n / 1e3).toFixed(n < 1e4 ? 1 : 0)}K`;
+  return `${(n / 1e6).toFixed(1)}M`;
+}
+function formatPct(pct) {
+  if (!Number.isFinite(pct)) return "\u2014";
+  return `${Math.round(pct)}%`;
+}
+function cacheHitRate(cost) {
+  const denom = cost.cacheReadTokens + cost.inputTokens;
+  if (denom <= 0) return 0;
+  return cost.cacheReadTokens / denom * 100;
+}
+function shortenModel(model) {
+  return model.replace(/^claude-/, "").replace(/-2025\d{4}$/, "");
+}
+function truncate(s, width) {
+  return s.length <= width ? s : s.slice(0, width - 1) + "\u2026";
+}
+function localTimeOf(ts) {
+  let d;
+  if (typeof ts === "number" && Number.isFinite(ts)) {
+    d = new Date(ts);
+  } else if (typeof ts === "string" && ts.length > 0) {
+    d = new Date(ts);
+  } else {
+    return "--:--:--";
+  }
+  if (Number.isNaN(d.getTime())) return "--:--:--";
+  const hh = String(d.getHours()).padStart(2, "0");
+  const mm = String(d.getMinutes()).padStart(2, "0");
+  const ss = String(d.getSeconds()).padStart(2, "0");
+  return `${hh}:${mm}:${ss}`;
+}
+var init_format = __esm({
+  "src/tui/dashboard/format.ts"() {
+    "use strict";
+  }
+});
+// src/tui/dashboard/panels.tsx
+import { Box, Text } from "ink";
+import { Fragment, jsx, jsxs } from "react/jsx-runtime";
+function Header(props) {
+  return /* @__PURE__ */ jsxs(Box, { flexDirection: "row", justifyContent: "space-between", paddingX: 1, children: [
+    /* @__PURE__ */ jsxs(Box, { children: [
+      /* @__PURE__ */ jsx(Text, { color: COL.brand, bold: true, children: "\u{1F6E1} node9 dashboard" }),
+      /* @__PURE__ */ jsx(Text, { children: "   " }),
+      /* @__PURE__ */ jsx(Text, { color: props.connected ? COL.live : COL.liveOff, children: "\u25CF" }),
+      /* @__PURE__ */ jsx(Text, { dimColor: true, children: props.connected ? " live" : " offline" }),
+      props.lastAgent ? /* @__PURE__ */ jsx(Text, { dimColor: true, children: `  ${props.lastAgent}` }) : null
+    ] }),
+    /* @__PURE__ */ jsx(Box, { children: renderHealthBadge(props.health) })
+  ] });
+}
+function renderHealthBadge(h) {
+  if (h.severity === "secure") {
+    return /* @__PURE__ */ jsxs(Fragment, { children: [
+      /* @__PURE__ */ jsx(Text, { dimColor: true, children: "  \xB7 " }),
+      /* @__PURE__ */ jsx(Text, { color: COL.live, children: "\u2713 secure" })
+    ] });
+  }
+  const icon = h.severity === "critical" ? "\u{1F6D1}" : "\u26A0";
+  const color = h.severity === "critical" ? COL.liveOff : COL.panelHigh;
+  const summary = h.reasons.length > 0 ? h.reasons.join(", ") : "risk";
+  return /* @__PURE__ */ jsxs(Fragment, { children: [
+    /* @__PURE__ */ jsx(Text, { dimColor: true, children: "  \xB7 " }),
+    /* @__PURE__ */ jsx(Text, { color, bold: true, children: `${icon} ` }),
+    /* @__PURE__ */ jsx(Text, { color, children: summary })
+  ] });
+}
+function HighLevel(props) {
+  const { agg, cost } = props;
+  const blockColor = agg.block > 0 ? COL.liveOff : COL.textDim;
+  return /* @__PURE__ */ jsxs(
+    Box,
+    {
+      flexDirection: "column",
+      borderStyle: "round",
+      borderColor: COL.panelHigh,
+      paddingX: 1,
+      marginX: 1,
+      children: [
+        /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+          /* @__PURE__ */ jsx(Text, { color: COL.brand, bold: true, children: "HIGH LEVEL" }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: `  \xB7 ${labelFor(props.window)}` })
+        ] }),
+        /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+          !cost ? /* @__PURE__ */ jsx(Text, { dimColor: true, children: "cost loading\u2026  " }) : /* @__PURE__ */ jsxs(Fragment, { children: [
+            /* @__PURE__ */ jsx(Text, { bold: true, children: formatCost(cost.totalUSD) }),
+            /* @__PURE__ */ jsx(Text, { dimColor: true, children: " cost \xB7 " }),
+            /* @__PURE__ */ jsx(Text, { bold: true, children: formatTokens(cost.inputTokens + cost.outputTokens) }),
+            /* @__PURE__ */ jsx(Text, { dimColor: true, children: " tokens \xB7 " }),
+            /* @__PURE__ */ jsx(Text, { bold: true, children: formatPct(cacheHitRate(cost)) }),
+            /* @__PURE__ */ jsx(Text, { dimColor: true, children: " cache  " })
+          ] }),
+          /* @__PURE__ */ jsx(Text, { bold: true, children: agg.allow.toLocaleString() }),
+          /* @__PURE__ */ jsx(Text, { color: "#5BF58C", children: " \u2713 allow  " }),
+          /* @__PURE__ */ jsx(Text, { bold: true, color: blockColor, children: `${agg.block} ` }),
+          /* @__PURE__ */ jsx(Text, { color: COL.liveOff, children: "\u{1F6D1} block  " }),
+          /* @__PURE__ */ jsx(Text, { bold: true, children: agg.review }),
+          /* @__PURE__ */ jsx(Text, { color: COL.panelHigh, children: " \u{1F7E1} review  " }),
+          /* @__PURE__ */ jsx(Text, { bold: true, children: agg.total.toLocaleString() }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: " events" })
+        ] }),
+        /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+          /* @__PURE__ */ jsx(Text, { bold: true, children: agg.sessions }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: " sessions \xB7 " }),
+          /* @__PURE__ */ jsx(Text, { bold: true, children: props.mcpPinned }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: ` MCP (${agg.mcpCalls} calls)  \xB7  ` }),
+          /* @__PURE__ */ jsx(Text, { bold: true, children: props.skillsPinned }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: " skills pinned" })
+        ] })
+      ]
+    }
+  );
+}
+function labelFor(w) {
+  switch (w) {
+    case "now":
+      return "since dashboard opened";
+    case "1d":
+      return "last 24 hours";
+    case "7d":
+      return "last 7 days";
+    case "30d":
+      return "last 30 days";
+    case "60d":
+      return "last 60 days";
+  }
+}
+function NotificationArea(props) {
+  const { notification } = props;
+  const borderColor = (() => {
+    switch (notification.kind) {
+      case "approval":
+        return COL.brand;
+      case "resolved":
+        return notification.outcome === "allow" ? "#5BF58C" : notification.outcome === "deny" ? COL.liveOff : COL.panelHigh;
+      case "forensic":
+        return COL.liveOff;
+      case "block":
+        return COL.liveOff;
+      case "review":
+      case "loop":
+        return COL.panelHigh;
+      case "idle":
+        return COL.textDim;
+    }
+  })();
+  return /* @__PURE__ */ jsx(
+    Box,
+    {
+      flexDirection: "column",
+      borderStyle: "round",
+      borderColor,
+      paddingX: 1,
+      marginX: 1,
+      height: NOTIFICATION_HEIGHT,
+      children: renderNotificationBody(notification)
+    }
+  );
+}
+function renderNotificationBody(n) {
+  if (n.kind === "approval") return renderApproval(n.event, n.status);
+  if (n.kind === "resolved") return renderResolved(n.event, n.outcome);
+  if (n.kind === "forensic") return renderForensic(n.category, n.sessionId);
+  if (n.kind === "block") return renderEventInfo(n.event, "\u{1F6D1} BLOCKED", COL.liveOff, n.ageMs);
+  if (n.kind === "review") return renderEventInfo(n.event, "\u{1F7E1} REVIEWED", COL.panelHigh, n.ageMs);
+  if (n.kind === "loop")
+    return renderEventInfo(n.event, "\u{1F501} LOOP DETECTED", COL.panelHigh, n.ageMs);
+  return renderIdle(n.blastScore);
+}
+function renderForensic(category, sessionId) {
+  const label = (() => {
+    switch (category) {
+      case "privilege-escalation":
+        return "PRIVILEGE ESCALATION";
+      case "destructive-op":
+        return "DESTRUCTIVE OPERATION";
+      case "eval-of-remote":
+        return "EVAL OF REMOTE CONTENT";
+      default:
+        return category.toUpperCase().replace(/-/g, " ");
+    }
+  })();
+  const sid = sessionId ? `\xB7${sessionId.slice(0, 8)}` : "";
+  return /* @__PURE__ */ jsxs(Fragment, { children: [
+    /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+      /* @__PURE__ */ jsx(Text, { color: COL.liveOff, bold: true, children: `\u{1F6D1} CRITICAL  ` }),
+      /* @__PURE__ */ jsx(Text, { bold: true, children: label }),
+      /* @__PURE__ */ jsx(Text, { dimColor: true, children: `  ${sid}` })
+    ] }),
+    /* @__PURE__ */ jsx(Text, { dimColor: true, wrap: "truncate-end", children: "forensic finding \xB7 see [2] scan for details (Claude session)" })
+  ] });
+}
+function renderApproval(event, status) {
+  if (event.kind !== "tool") return null;
+  const agent = event.agent ? capitalize(event.agent) : "agent";
+  const sid = event.sessionId ? `\xB7${event.sessionId.slice(0, 4)}` : "";
+  const subject = `${event.tool}  ${event.preview}`;
+  const actionLine = (() => {
+    if (status.kind === "idle") {
+      return /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+        event.checkedBy ? /* @__PURE__ */ jsx(
+          Text,
+          {
+            dimColor: true,
+            children: `${event.checkedBy}${event.reason ? ` \u2014 ${event.reason}` : ""}   `
+          }
+        ) : null,
+        /* @__PURE__ */ jsx(Text, { color: "#5BF58C", children: "[a]" }),
+        /* @__PURE__ */ jsx(Text, { dimColor: true, children: "llow " }),
+        /* @__PURE__ */ jsx(Text, { color: COL.liveOff, children: "[d]" }),
+        /* @__PURE__ */ jsx(Text, { dimColor: true, children: "eny " }),
+        /* @__PURE__ */ jsx(Text, { color: COL.panelHigh, children: "[t]" }),
+        /* @__PURE__ */ jsx(Text, { dimColor: true, children: "rust " }),
+        /* @__PURE__ */ jsx(Text, { dimColor: true, children: "[Esc]" })
+      ] });
+    }
+    if (status.kind === "sending") return /* @__PURE__ */ jsx(Text, { dimColor: true, children: "sending decision\u2026" });
+    if (status.kind === "ok") {
+      const v = status.verdict;
+      const color = v === "allow" ? "#5BF58C" : v === "deny" ? COL.liveOff : COL.panelHigh;
+      const label = v === "allow" ? "\u2713 approved" : v === "deny" ? "\u2717 denied" : "\u2605 trusted";
+      return /* @__PURE__ */ jsx(Text, { color, children: label });
+    }
+    return /* @__PURE__ */ jsx(Text, { color: COL.liveOff, children: `\u26A0 failed: ${status.message} (retry [a/d/t] or [Esc])` });
+  })();
+  return /* @__PURE__ */ jsxs(Fragment, { children: [
+    /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+      /* @__PURE__ */ jsx(Text, { color: COL.brand, bold: true, children: "\u26A0 APPROVAL" }),
+      /* @__PURE__ */ jsx(Text, { dimColor: true, children: `  \xB7 ${agent}${sid}  ` }),
+      /* @__PURE__ */ jsx(Text, { bold: true, children: subject })
+    ] }),
+    actionLine
+  ] });
+}
+function renderResolved(event, outcome) {
+  if (event.kind !== "tool") return null;
+  const agent = event.agent ? capitalize(event.agent) : "agent";
+  const subject = `${event.tool}  ${event.preview}`;
+  const color = outcome === "allow" ? "#5BF58C" : outcome === "deny" ? COL.liveOff : COL.panelHigh;
+  const label = outcome === "allow" ? "\u2713 approved" : outcome === "deny" ? "\u2717 denied" : "\u2605 trusted";
+  return /* @__PURE__ */ jsxs(Fragment, { children: [
+    /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+      /* @__PURE__ */ jsx(Text, { color, bold: true, children: label }),
+      /* @__PURE__ */ jsx(Text, { dimColor: true, children: `  \xB7 ${agent}  ` }),
+      /* @__PURE__ */ jsx(Text, { children: subject })
+    ] }),
+    /* @__PURE__ */ jsx(Text, { dimColor: true, children: "(dismissing\u2026)" })
+  ] });
+}
+function renderEventInfo(event, label, color, ageMs) {
+  if (event.kind !== "tool") return null;
+  const ago = ageMs < 1e3 ? "just now" : `${Math.floor(ageMs / 1e3)}s ago`;
+  const agent = event.agent ? capitalize(event.agent) : "agent";
+  const subject = `${event.tool}  ${event.preview}`;
+  return /* @__PURE__ */ jsxs(Fragment, { children: [
+    /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+      /* @__PURE__ */ jsx(Text, { color, bold: true, children: label }),
+      /* @__PURE__ */ jsx(Text, { dimColor: true, children: `  \xB7 ${agent}  ` }),
+      /* @__PURE__ */ jsx(Text, { children: subject })
+    ] }),
+    /* @__PURE__ */ jsx(Text, { dimColor: true, wrap: "truncate-end", children: event.checkedBy ? `rule: ${event.checkedBy} \xB7 ${ago}` : ago })
+  ] });
+}
+function renderIdle(blastScore) {
+  const scoreColor = blastScore >= 80 ? "#5BF58C" : blastScore >= 50 ? COL.panelHigh : COL.liveOff;
+  return /* @__PURE__ */ jsxs(Fragment, { children: [
+    /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+      /* @__PURE__ */ jsx(Text, { dimColor: true, children: "\u2713 no recent alerts \xB7 blast " }),
+      /* @__PURE__ */ jsx(Text, { bold: true, color: scoreColor, children: `${blastScore}/100` })
+    ] }),
+    /* @__PURE__ */ jsx(Text, { dimColor: true, children: "(approvals + recent blocks/loops appear here)" })
+  ] });
+}
+function LiveLog(props) {
+  const filtered = applyFilter(props.events, props.filter);
+  const visible = filtered.slice(-props.maxRows);
+  const padCount = Math.max(0, props.maxRows - visible.length);
+  return /* @__PURE__ */ jsxs(
+    Box,
+    {
+      flexDirection: "column",
+      borderStyle: "round",
+      borderColor: COL.panelLive,
+      paddingX: 1,
+      marginX: 1,
+      flexGrow: 1,
+      children: [
+        /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+          /* @__PURE__ */ jsx(Text, { color: COL.brand, bold: true, children: "LIVE" }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: `  \xB7 last ${props.maxRows} events` }),
+          props.filter || props.filterInputMode ? /* @__PURE__ */ jsxs(Text, { children: [
+            /* @__PURE__ */ jsx(Text, { dimColor: true, children: "   " }),
+            /* @__PURE__ */ jsx(Text, { color: COL.panelHigh, children: props.filterInputMode ? `\u{1F50D} /${props.filter}_` : `\u{1F50D} /${props.filter}` }),
+            /* @__PURE__ */ jsx(Text, { dimColor: true, children: props.filterInputMode ? "   [Enter] apply  [Esc] cancel" : `   ${filtered.length}/${props.events.length} matches  [Esc] clear` })
+          ] }) : null
+        ] }),
+        props.errorBanner ? /* @__PURE__ */ jsx(Text, { color: COL.liveOff, children: `\u26A0 ${props.errorBanner}` }) : null,
+        Array.from(
+          { length: padCount },
+          (_, i) => i === 0 && visible.length === 0 ? /* @__PURE__ */ jsx(Text, { dimColor: true, children: props.filter ? `(no events match "${props.filter}" \u2014 [Esc] to clear)` : "(no activity yet \u2014 agent must be running and daemon must be up)" }, `pad-${i}`) : /* @__PURE__ */ jsx(Text, { children: " " }, `pad-${i}`)
+        ),
+        visible.map((e) => /* @__PURE__ */ jsx(ActivityRow, { event: e }, e.id))
+      ]
+    }
+  );
+}
+function applyFilter(events, filter) {
+  if (!filter) return events;
+  const needle = filter.toLowerCase();
+  return events.filter((e) => {
+    if (e.kind === "snapshot") {
+      return e.hash.toLowerCase().includes(needle) || e.summary.toLowerCase().includes(needle);
+    }
+    if (e.tool.toLowerCase().includes(needle)) return true;
+    if (e.agent && e.agent.toLowerCase().includes(needle)) return true;
+    if (e.preview.toLowerCase().includes(needle)) return true;
+    if (e.checkedBy && e.checkedBy.toLowerCase().includes(needle)) return true;
+    if (e.verdict.toLowerCase().includes(needle)) return true;
+    return false;
+  });
+}
+function ActivityRow({ event }) {
+  const t = localTimeOf(event.ts);
+  if (event.kind === "snapshot") {
+    const filesSuffix = event.fileCount > 0 ? ` \xB7 ${event.fileCount} file${event.fileCount === 1 ? "" : "s"}` : "";
+    return /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+      /* @__PURE__ */ jsxs(Text, { dimColor: true, children: [
+        t,
+        " "
+      ] }),
+      /* @__PURE__ */ jsx(Text, { color: COL.agentClaude, children: "\u{1F4F8} snapshot" }),
+      /* @__PURE__ */ jsx(Text, { dimColor: true, children: `  ${event.hash}  ` }),
+      /* @__PURE__ */ jsx(Text, { children: event.summary }),
+      /* @__PURE__ */ jsx(Text, { dimColor: true, children: filesSuffix })
+    ] });
+  }
+  const agentLabel = event.agent ? `[${truncate(capitalize(event.agent), 8)}]`.padEnd(10) : " ".repeat(10);
+  const isLoop = event.checkedBy === "loop-detected";
+  const verdictIcon = isLoop ? "\u{1F501}" : event.verdict === "block" ? "\u{1F6D1}" : event.verdict === "review" ? "\u{1F7E1}" : event.verdict === "allow" ? "\u2713 " : "\u2026 ";
+  const verdictColor = isLoop ? COL.panelHigh : event.verdict === "block" ? COL.liveOff : event.verdict === "review" ? COL.panelHigh : event.verdict === "allow" ? "#5BF58C" : COL.textDim;
+  const agentLower = (event.agent ?? "").toLowerCase();
+  const agentColor = agentLower.startsWith("claude") ? COL.agentClaude : agentLower.startsWith("gemini") ? COL.agentGemini : agentLower.startsWith("codex") ? COL.agentCodex : COL.agentShell;
+  return /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+    /* @__PURE__ */ jsxs(Text, { dimColor: true, children: [
+      t,
+      " "
+    ] }),
+    /* @__PURE__ */ jsx(Text, { color: agentColor, children: agentLabel }),
+    /* @__PURE__ */ jsx(Text, { children: " " }),
+    /* @__PURE__ */ jsx(Text, { bold: true, children: truncate(event.tool, 14).padEnd(14) }),
+    /* @__PURE__ */ jsxs(Text, { color: verdictColor, children: [
+      verdictIcon,
+      " "
+    ] }),
+    /* @__PURE__ */ jsx(Text, { dimColor: true, children: event.preview })
+  ] });
+}
+function capitalize(s) {
+  return s ? s.charAt(0).toUpperCase() + s.slice(1) : "";
+}
+function Report(props) {
+  const { agg, cost } = props;
+  const maxTool = Math.max(1, ...agg.byTool.map((t) => t.calls));
+  const maxShell = Math.max(1, ...agg.byShell.map((s) => s.count));
+  const topModels = (cost?.byModel ?? []).slice(0, 3);
+  const maxModelCost = Math.max(1, ...topModels.map((m) => m.costUSD));
+  return (
+    // Fixed height so adding/removing model rows doesn't reflow the rest
+    // of the dashboard. Worst case: tools or shell column = 6 rows
+    // (1 header + 5 data). Plus title (1) + 2 borders = 9.
+    /* @__PURE__ */ jsxs(
+      Box,
+      {
+        flexDirection: "column",
+        borderStyle: "round",
+        borderColor: COL.panelReport,
+        paddingX: 1,
+        marginX: 1,
+        height: REPORT_PANEL_HEIGHT,
+        children: [
+          /* @__PURE__ */ jsxs(Text, { children: [
+            /* @__PURE__ */ jsx(Text, { color: COL.brand, bold: true, children: "REPORT" }),
+            /* @__PURE__ */ jsx(Text, { dimColor: true, children: `  \xB7 ${labelFor(props.window)}` })
+          ] }),
+          /* @__PURE__ */ jsxs(Box, { flexDirection: "row", children: [
+            /* @__PURE__ */ jsxs(Box, { flexDirection: "column", flexGrow: 1, children: [
+              /* @__PURE__ */ jsx(Text, { dimColor: true, wrap: "truncate-end", children: "Tools".padEnd(13) + "calls".padStart(6) + "blk".padStart(5) }),
+              agg.byTool.length === 0 ? /* @__PURE__ */ jsx(Text, { dimColor: true, children: "(no tools)" }) : agg.byTool.map((t) => /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+                /* @__PURE__ */ jsx(Text, { dimColor: true, children: bar(t.calls, maxTool, 4) }),
+                /* @__PURE__ */ jsx(Text, { children: ` ${truncate(t.tool, 11).padEnd(11)}` }),
+                /* @__PURE__ */ jsx(Text, { bold: true, children: `${t.calls}`.padStart(5) }),
+                /* @__PURE__ */ jsx(Text, { color: t.blocked > 0 ? COL.liveOff : COL.textDim, children: `  ${t.blocked}`.padStart(5) })
+              ] }, t.tool))
+            ] }),
+            /* @__PURE__ */ jsxs(Box, { flexDirection: "column", flexGrow: 1, marginLeft: 2, children: [
+              /* @__PURE__ */ jsx(Text, { dimColor: true, wrap: "truncate-end", children: "Shell".padEnd(13) + "calls".padStart(6) + "blk".padStart(5) }),
+              agg.byShell.length === 0 ? /* @__PURE__ */ jsx(Text, { dimColor: true, children: "(no shell)" }) : agg.byShell.map((s) => /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+                /* @__PURE__ */ jsx(Text, { dimColor: true, children: bar(s.count, maxShell, 4) }),
+                /* @__PURE__ */ jsx(Text, { children: ` ${truncate(s.cmd, 11).padEnd(11)}` }),
+                /* @__PURE__ */ jsx(Text, { bold: true, children: `${s.count}`.padStart(5) }),
+                /* @__PURE__ */ jsx(Text, { color: s.blocked > 0 ? COL.liveOff : COL.textDim, children: `  ${s.blocked}`.padStart(5) })
+              ] }, s.cmd))
+            ] }),
+            /* @__PURE__ */ jsxs(Box, { flexDirection: "column", flexGrow: 1, marginLeft: 2, children: [
+              /* @__PURE__ */ jsx(Text, { dimColor: true, wrap: "truncate-end", children: "Models".padEnd(15) + "cost".padStart(8) }),
+              topModels.length === 0 ? /* @__PURE__ */ jsx(Text, { dimColor: true, children: "(cost loading\u2026)" }) : topModels.map((m) => /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+                /* @__PURE__ */ jsx(Text, { dimColor: true, children: bar(m.costUSD, maxModelCost, 4) }),
+                /* @__PURE__ */ jsx(Text, { children: ` ${truncate(shortenModel(m.model), 13).padEnd(13)}` }),
+                /* @__PURE__ */ jsx(Text, { bold: true, children: formatCost(m.costUSD).padStart(7) })
+              ] }, m.model))
+            ] })
+          ] })
+        ]
+      }
+    )
+  );
+}
+function bar(value, max, width) {
+  if (max <= 0 || width <= 0) return "\u2591".repeat(width);
+  const filled = Math.max(1, Math.round(value / max * width));
+  return "\u2588".repeat(filled) + "\u2591".repeat(Math.max(0, width - filled));
+}
+function Risk(props) {
+  const dlpHits = props.agg.dlpHits;
+  const loopHits = props.agg.loops;
+  const scoreColor = props.blast.score >= 80 ? "#5BF58C" : props.blast.score >= 50 ? COL.panelHigh : COL.liveOff;
+  return /* @__PURE__ */ jsxs(
+    Box,
+    {
+      flexDirection: "column",
+      borderStyle: "round",
+      borderColor: COL.panelRisk,
+      paddingX: 1,
+      marginX: 1,
+      height: RISK_PANEL_HEIGHT,
+      children: [
+        /* @__PURE__ */ jsxs(Text, { children: [
+          /* @__PURE__ */ jsx(Text, { color: COL.brand, bold: true, children: "Live security" }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: `  \xB7 ${labelFor(props.window)}` })
+        ] }),
+        /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+          /* @__PURE__ */ jsx(Text, { color: COL.liveOff, children: "\u{1F511} " }),
+          /* @__PURE__ */ jsx(Text, { bold: true, children: dlpHits }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: " DLP \xB7 " }),
+          /* @__PURE__ */ jsx(Text, { color: COL.panelHigh, children: "\u{1F501} " }),
+          /* @__PURE__ */ jsx(Text, { bold: true, children: loopHits }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: " loops \xB7 " }),
+          /* @__PURE__ */ jsx(Text, { color: COL.liveOff, children: "\u{1F52D} " }),
+          /* @__PURE__ */ jsx(Text, { bold: true, children: props.blast.paths.length }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: " paths \xB7 score " }),
+          /* @__PURE__ */ jsx(Text, { bold: true, color: scoreColor, children: `${props.blast.score}/100` })
+        ] }),
+        /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+          /* @__PURE__ */ jsx(Text, { bold: true, children: props.forensicAgg.pii }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: " pii \xB7 " }),
+          /* @__PURE__ */ jsx(Text, { bold: true, children: props.forensicAgg.sensitiveFileRead }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: " read \xB7 " }),
+          /* @__PURE__ */ jsx(Text, { bold: true, children: props.forensicAgg.privilegeEscalation }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: " priv \xB7 " }),
+          /* @__PURE__ */ jsx(Text, { bold: true, children: props.forensicAgg.destructiveOp }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: " dest \xB7 " }),
+          /* @__PURE__ */ jsx(Text, { bold: true, children: props.forensicAgg.evalOfRemote }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: " eval \xB7 " }),
+          /* @__PURE__ */ jsx(Text, { bold: true, children: props.forensicAgg.pipeToShell }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: " pipe \xB7 " }),
+          /* @__PURE__ */ jsx(Text, { bold: true, children: props.forensicAgg.longOutputRedacted }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: " long (Claude)" })
+        ] }),
+        /* @__PURE__ */ jsxs(Text, { wrap: "truncate-end", children: [
+          /* @__PURE__ */ jsx(Text, { color: COL.live, children: "\u{1F6E1} " }),
+          /* @__PURE__ */ jsx(Text, { bold: true, children: props.shieldStatus ? props.shieldStatus.active.length : "\u2026" }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: " active \xB7 " }),
+          /* @__PURE__ */ jsx(Text, { bold: true, children: props.shieldStatus ? props.shieldStatus.inactive.length : "\u2026" }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: " inactive" })
+        ] })
+      ]
+    }
+  );
+}
+function StatusBar(props) {
+  const realtimeActive = props.view === "realtime";
+  const reportActive = props.view === "report";
+  const refreshedAt = localTimeOf(props.lastRefreshAt);
+  return /* @__PURE__ */ jsxs(Box, { paddingX: 1, children: [
+    /* @__PURE__ */ jsx(Text, { color: realtimeActive ? COL.brand : void 0, bold: realtimeActive, children: `[1] realtime ${realtimeActive ? "\u25CF" : "\u25CB"} ` }),
+    /* @__PURE__ */ jsx(Text, { color: reportActive ? COL.brand : void 0, bold: reportActive, children: `[2] report ${reportActive ? "\u25CF" : "\u25CB"} ` }),
+    /* @__PURE__ */ jsx(Text, { dimColor: true, children: "\xB7 " }),
+    /* @__PURE__ */ jsx(Text, { dimColor: true, children: `[r] refresh (${refreshedAt}) ` }),
+    /* @__PURE__ */ jsx(Text, { dimColor: true, children: "[?] help " }),
+    /* @__PURE__ */ jsx(Text, { dimColor: true, children: "[q] quit" })
+  ] });
+}
+function ReportView(props) {
+  return /* @__PURE__ */ jsxs(Box, { flexDirection: "column", flexGrow: 1, paddingX: 1, children: [
+    /* @__PURE__ */ jsxs(Box, { paddingY: 1, children: [
+      /* @__PURE__ */ jsx(Text, { color: COL.brand, bold: true, children: "REPORT" }),
+      /* @__PURE__ */ jsx(Text, { dimColor: true, children: `  \xB7 period ${props.period}` })
+    ] }),
+    /* @__PURE__ */ jsxs(Box, { flexDirection: "column", gap: 0, children: [
+      /* @__PURE__ */ jsx(ReportSectionStub, { label: "Security", hint: "leaks \xB7 blocks \xB7 loops \xB7 forensic 90d" }),
+      /* @__PURE__ */ jsx(ReportSectionStub, { label: "Activity", hint: "top tools \xB7 top blocks \xB7 daily/hourly" }),
+      /* @__PURE__ */ jsx(ReportSectionStub, { label: "Cost", hint: "per model \xB7 per day \xB7 cache hit" }),
+      /* @__PURE__ */ jsx(ReportSectionStub, { label: "Coverage", hint: "inactive shields \xB7 reachable paths" })
+    ] }),
+    /* @__PURE__ */ jsx(Box, { marginTop: 1, children: /* @__PURE__ */ jsx(Text, { dimColor: true, children: "(report sections land in phases 4\u20138 \u2014 press [1] to return to realtime)" }) })
+  ] });
+}
+function ReportSectionStub(props) {
+  return /* @__PURE__ */ jsxs(
+    Box,
+    {
+      borderStyle: "round",
+      borderColor: COL.textDim,
+      paddingX: 1,
+      marginX: 1,
+      flexDirection: "column",
+      children: [
+        /* @__PURE__ */ jsxs(Text, { children: [
+          /* @__PURE__ */ jsx(Text, { bold: true, children: props.label }),
+          /* @__PURE__ */ jsx(Text, { dimColor: true, children: `  \u2014 ${props.hint}` })
+        ] }),
+        /* @__PURE__ */ jsx(Text, { dimColor: true, children: "(coming soon)" })
+      ]
+    }
+  );
+}
+var COL, NOTIFICATION_HEIGHT, REPORT_PANEL_HEIGHT, RISK_PANEL_HEIGHT;
+var init_panels = __esm({
+  "src/tui/dashboard/panels.tsx"() {
+    "use strict";
+    init_format();
+    COL = {
+      brand: "#FF8C42",
+      // orange — brand
+      live: "#5BF58C",
+      // green — connected status
+      liveOff: "#F55B5B",
+      // red — disconnected
+      panelLive: "#5B9EF5",
+      // blue — Live panel border
+      panelHigh: "#F5C85B",
+      // yellow — High Level panel border
+      panelReport: "#5BF5A0",
+      // green — Report panel border
+      panelRisk: "#FF6B6B",
+      // red — Risk panel border
+      agentClaude: "#5BF5E0",
+      // cyan
+      agentGemini: "#5B9EF5",
+      // blue
+      agentCodex: "#E05BF5",
+      // magenta
+      agentShell: "#F5C85B",
+      // yellow
+      textDim: "#888888"
+    };
+    NOTIFICATION_HEIGHT = 4;
+    REPORT_PANEL_HEIGHT = 9;
+    RISK_PANEL_HEIGHT = 6;
+  }
+});
+// src/tui/dashboard/App.tsx
+var App_exports = {};
+__export(App_exports, {
+  App: () => App
+});
+import React, { useEffect, useMemo, useState } from "react";
+import fs6 from "fs";
+import os7 from "os";
+import path7 from "path";
+import { Box as Box2, Text as Text2, useApp, useInput, useStdout } from "ink";
+import { Fragment as Fragment2, jsx as jsx2, jsxs as jsxs2 } from "react/jsx-runtime";
+function App() {
+  const { exit } = useApp();
+  const { stdout } = useStdout();
+  const [openedAt] = useState(() => Date.now());
+  const [view, setView] = useState("realtime");
+  const [lastRefreshAt, setLastRefreshAt] = useState(() => Date.now());
+  const [reportPeriod] = useState("7d");
+  const [window] = useState("now");
+  const [events, setEvents] = useState([]);
+  const [sseError, setSseError] = useState();
+  const [agg, setAgg] = useState(null);
+  const [blast, setBlast] = useState(null);
+  const [shieldStatus, setShieldStatus] = useState(null);
+  const [scanSignals, setScanSignals] = useState(null);
+  const [sessionForensicAgg, setSessionForensicAgg] = useState(() => ({
+    ...EMPTY_SESSION_FORENSIC
+  }));
+  const [recentForensic, setRecentForensic] = useState(null);
+  const forensicNotifyCooldownRef = React.useRef(
+    /* @__PURE__ */ new Map()
+  );
+  const [costEntries, setCostEntries] = useState(null);
+  const [skillsPinned] = useState(() => readSkillsPinned());
+  const [mcpPinned] = useState(() => readMcpPinned());
+  const [pendingApproval, setPendingApproval] = useState(null);
+  const [approvalStatus, setApprovalStatus] = useState({ kind: "idle" });
+  const [resolvedApproval, setResolvedApproval] = useState(null);
+  const [tick, setTick] = useState(0);
+  useEffect(() => {
+    const id = setInterval(() => setTick((t) => t + 1), 1e3);
+    return () => clearInterval(id);
+  }, []);
+  const [filter, setFilter] = useState("");
+  const [filterInputMode, setFilterInputMode] = useState(false);
+  const [termRows, setTermRows] = useState(stdout?.rows ?? 24);
+  useEffect(() => {
+    if (!stdout) return void 0;
+    const onResize = () => setTermRows(stdout.rows ?? 24);
+    stdout.on("resize", onResize);
+    return () => {
+      stdout.off("resize", onResize);
+    };
+  }, [stdout]);
+  const liveMaxRows = Math.max(LIVE_MIN_ROWS, termRows - FIXED_PANELS_HEIGHT);
+  useEffect(() => {
+    const teardown = subscribeToSse(
+      (e) => {
+        if (e.kind === "tool" && e.isApprovalRequest) {
+          setPendingApproval(e);
+          setApprovalStatus({ kind: "idle" });
+          setSseError(void 0);
+          return;
+        }
+        setEvents((prev) => {
+          const next = [...prev, e];
+          return next.length > LIVE_BUFFER_CAP ? next.slice(next.length - LIVE_BUFFER_CAP) : next;
+        });
+        setSseError(void 0);
+        if (e.kind === "tool" && e.verdict === "review") {
+          setPendingApproval(e);
+          setApprovalStatus({ kind: "idle" });
+        }
+      },
+      (resolvedId, finalVerdict) => {
+        if (finalVerdict) {
+          setEvents(
+            (prev) => prev.map(
+              (e) => e.kind === "tool" && e.id === resolvedId ? { ...e, verdict: finalVerdict } : e
+            )
+          );
+        }
+        setPendingApproval((prev) => {
+          if (!prev || prev.id !== resolvedId) return prev;
+          if (finalVerdict && prev.kind === "tool") {
+            const outcome = finalVerdict === "allow" ? "allow" : finalVerdict === "block" ? "deny" : null;
+            if (outcome) {
+              setResolvedApproval({
+                event: prev,
+                outcome,
+                resolvedAt: Date.now()
+              });
+            }
+          }
+          return null;
+        });
+      },
+      (forensicEvent) => {
+        setSessionForensicAgg((prev) => applyForensicEvent(prev, forensicEvent));
+        if (forensicEvent.severity === "critical") {
+          const now = Date.now();
+          const cooldown = forensicNotifyCooldownRef.current;
+          const lastFired = cooldown.get(forensicEvent.category) ?? 0;
+          if (now - lastFired >= FORENSIC_NOTIFY_COOLDOWN_MS) {
+            cooldown.set(forensicEvent.category, now);
+            setRecentForensic({
+              category: forensicEvent.category,
+              sessionId: forensicEvent.sessionId,
+              firedAt: now
+            });
+          }
+        }
+      },
+      (msg) => setSseError(msg)
+    );
+    return teardown;
+  }, []);
+  useEffect(() => {
+    const recompute = () => {
+      const entries = readAuditEntries();
+      const startMs = windowStartMs(window, openedAt);
+      setAgg(aggregateAudit(entries, startMs));
+    };
+    recompute();
+    const id = setInterval(recompute, AUDIT_REFRESH_MS);
+    return () => clearInterval(id);
+  }, [window, openedAt]);
+  useEffect(() => {
+    setBlast(loadBlast());
+    const id = setInterval(() => setBlast(loadBlast()), BLAST_REFRESH_MS);
+    return () => clearInterval(id);
+  }, []);
+  useEffect(() => {
+    setShieldStatus(loadShieldStatus());
+    const id = setInterval(() => setShieldStatus(loadShieldStatus()), BLAST_REFRESH_MS);
+    return () => clearInterval(id);
+  }, []);
+  useEffect(() => {
+    let cancelled = false;
+    const loadAndSet = () => {
+      loadScanSignals().then((s) => {
+        if (!cancelled) setScanSignals(s);
+      });
+    };
+    loadAndSet();
+    const id = setInterval(loadAndSet, COST_REFRESH_MS);
+    return () => {
+      cancelled = true;
+      clearInterval(id);
+    };
+  }, []);
+  const costBaselineRef = React.useRef(null);
+  useEffect(() => {
+    let cancelled = false;
+    const loadAndSet = () => {
+      loadCostEntries().then((entries) => {
+        if (cancelled) return;
+        if (costBaselineRef.current === null) {
+          costBaselineRef.current = buildCostBaseline(entries);
+        }
+        setCostEntries(entries);
+      });
+    };
+    loadAndSet();
+    const id = setInterval(loadAndSet, COST_REFRESH_MS);
+    return () => {
+      cancelled = true;
+      clearInterval(id);
+    };
+  }, []);
+  const costSnapshot = useMemo(() => {
+    if (!costEntries) return null;
+    const baseline = costBaselineRef.current ?? /* @__PURE__ */ new Map();
+    const adjusted = subtractCostBaseline(costEntries, baseline);
+    return aggregateCost(adjusted, windowStartMs(window, openedAt));
+  }, [costEntries, window, openedAt]);
+  useInput((input, key) => {
+    if (filterInputMode) {
+      if (key.escape) {
+        setFilter("");
+        setFilterInputMode(false);
+        return;
+      }
+      if (key.return) {
+        setFilterInputMode(false);
+        return;
+      }
+      if (key.backspace || key.delete) {
+        setFilter((prev) => prev.slice(0, -1));
+        return;
+      }
+      if (input && input.length === 1 && input.charCodeAt(0) >= 32) {
+        setFilter((prev) => prev + input);
+        return;
+      }
+      return;
+    }
+    if (pendingApproval && approvalStatus.kind !== "sending") {
+      if (input === "a" || input === "d" || input === "t") {
+        const decision = input === "a" ? "allow" : input === "d" ? "deny" : "trust";
+        const id = pendingApproval.id;
+        const eventAtAction = pendingApproval;
+        setApprovalStatus({ kind: "sending" });
+        void submitDecision(id, decision).then((res) => {
+          if (res.ok) {
+            setApprovalStatus({ kind: "ok", verdict: decision });
+            setResolvedApproval({
+              event: eventAtAction,
+              outcome: decision,
+              resolvedAt: Date.now()
+            });
+            setTimeout(() => {
+              setPendingApproval((prev) => prev && prev.id === id ? null : prev);
+              setApprovalStatus({ kind: "idle" });
+            }, 600);
+          } else {
+            setApprovalStatus({ kind: "error", message: res.error ?? "unknown" });
+          }
+        });
+        return;
+      }
+      if (key.escape) {
+        setPendingApproval(null);
+        setApprovalStatus({ kind: "idle" });
+        return;
+      }
+      return;
+    }
+    if (input === "/") {
+      setFilterInputMode(true);
+      return;
+    }
+    if (key.escape && filter) {
+      setFilter("");
+      return;
+    }
+    if (input === "q" || key.ctrl && input === "c") exit();
+    else if (input === "1") {
+      setView("realtime");
+    } else if (input === "2") {
+      setView("report");
+    } else if (input === "r") {
+      setLastRefreshAt(Date.now());
+      const entries = readAuditEntries();
+      setAgg(aggregateAudit(entries, windowStartMs(window, openedAt)));
+      setBlast(loadBlast());
+      setShieldStatus(loadShieldStatus());
+      void loadCostEntries().then(setCostEntries);
+      void loadScanSignals().then(setScanSignals);
+    }
+  });
+  const lastToolEvent = useMemo(
+    () => [...events].reverse().find((e) => e.kind === "tool"),
+    [events]
+  );
+  const lastAgent = useMemo(() => {
+    if (!lastToolEvent || !lastToolEvent.agent) return void 0;
+    const a = lastToolEvent.agent;
+    const sid = lastToolEvent.sessionId?.slice(0, 4);
+    return sid ? `${capitalize2(a)}\xB7${sid}` : capitalize2(a);
+  }, [lastToolEvent]);
+  const lastEvent = events[events.length - 1];
+  const stickyRef = React.useRef(null);
+  const notification = useMemo(() => {
+    if (pendingApproval) {
+      stickyRef.current = null;
+      return { kind: "approval", event: pendingApproval, status: approvalStatus };
+    }
+    if (resolvedApproval && Date.now() - resolvedApproval.resolvedAt < RESOLVED_HOLD_MS) {
+      stickyRef.current = null;
+      return {
+        kind: "resolved",
+        event: resolvedApproval.event,
+        outcome: resolvedApproval.outcome
+      };
+    }
+    if (recentForensic && Date.now() - recentForensic.firedAt < FORENSIC_DISPLAY_MS) {
+      stickyRef.current = null;
+      return {
+        kind: "forensic",
+        category: recentForensic.category,
+        sessionId: recentForensic.sessionId,
+        firedAt: recentForensic.firedAt
+      };
+    }
+    const now = Date.now();
+    let candidate = null;
+    for (const e of [...events].reverse()) {
+      if (e.kind !== "tool") continue;
+      if (!isNotificationWorthy(e)) continue;
+      const ageMs = now - Date.parse(e.ts);
+      if (Number.isNaN(ageMs) || ageMs > NOTIFICATION_RECENT_WINDOW_MS) continue;
+      if (e.checkedBy === "loop-detected") {
+        candidate = { kind: "loop", event: e, ageMs };
+        break;
+      }
+      if (e.verdict === "block") {
+        candidate = { kind: "block", event: e, ageMs };
+        break;
+      }
+      if (e.verdict === "review") {
+        candidate = { kind: "review", event: e, ageMs };
+        break;
+      }
+    }
+    if (!candidate) {
+      stickyRef.current = null;
+      return { kind: "idle", blastScore: blast?.score ?? 100 };
+    }
+    const sticky = stickyRef.current;
+    if (sticky && sticky.eventId !== candidate.event.id) {
+      const stuckFor = now - sticky.firstShownAt;
+      if (stuckFor < NOTIFICATION_STICKY_MS) {
+        const stickyEvent = events.find((x) => x.kind === "tool" && x.id === sticky.eventId);
+        if (stickyEvent && stickyEvent.kind === "tool") {
+          const stickyAge = now - Date.parse(stickyEvent.ts);
+          if (!Number.isNaN(stickyAge) && stickyAge <= NOTIFICATION_RECENT_WINDOW_MS) {
+            return { kind: sticky.kind, event: stickyEvent, ageMs: stickyAge };
+          }
+        }
+      }
+    }
+    if (!sticky || sticky.eventId !== candidate.event.id) {
+      stickyRef.current = {
+        kind: candidate.kind,
+        eventId: candidate.event.id,
+        firstShownAt: now
+      };
+    }
+    return candidate;
+  }, [pendingApproval, approvalStatus, resolvedApproval, recentForensic, events, blast, tick]);
+  const healthBadge = useMemo(
+    () => computeHealthBadge({
+      agg: agg ?? {
+        total: 0,
+        allow: 0,
+        block: 0,
+        review: 0,
+        loops: 0,
+        dlpHits: 0,
+        sessions: 0,
+        mcpServers: 0,
+        mcpCalls: 0,
+        byTool: [],
+        byBlock: [],
+        byShell: []
+      },
+      blast: blast ?? { score: 100, paths: [], envFindings: 0 },
+      scanSignals,
+      shieldStatus,
+      forensicAgg: sessionForensicAgg
+    }),
+    [agg, blast, scanSignals, shieldStatus, sessionForensicAgg]
+  );
+  const loading = !agg || !blast;
+  return /* @__PURE__ */ jsxs2(Box2, { flexDirection: "column", height: "100%", overflow: "hidden", children: [
+    /* @__PURE__ */ jsx2(
+      Header,
+      {
+        connected: !sseError,
+        lastAgent,
+        lastTs: lastEvent?.ts,
+        health: healthBadge
+      }
+    ),
+    loading ? /* @__PURE__ */ jsx2(Box2, { flexGrow: 1, paddingX: 1, children: /* @__PURE__ */ jsx2(Text2, { dimColor: true, children: "Loading dashboard\u2026" }) }) : view === "realtime" ? /* @__PURE__ */ jsxs2(Fragment2, { children: [
+      /* @__PURE__ */ jsx2(
+        HighLevel,
+        {
+          window,
+          agg,
+          cost: costSnapshot,
+          skillsPinned,
+          mcpPinned
+        }
+      ),
+      /* @__PURE__ */ jsx2(NotificationArea, { notification }),
+      /* @__PURE__ */ jsx2(
+        LiveLog,
+        {
+          events,
+          errorBanner: sseError,
+          maxRows: liveMaxRows,
+          filter,
+          filterInputMode
+        }
+      ),
+      /* @__PURE__ */ jsx2(Report, { agg, cost: costSnapshot, window }),
+      /* @__PURE__ */ jsx2(
+        Risk,
+        {
+          agg,
+          blast,
+          shieldStatus,
+          forensicAgg: sessionForensicAgg,
+          window
+        }
+      )
+    ] }) : /* @__PURE__ */ jsx2(ReportView, { period: reportPeriod }),
+    /* @__PURE__ */ jsx2(StatusBar, { view, lastRefreshAt })
+  ] });
+}
+function capitalize2(s) {
+  return s ? s.charAt(0).toUpperCase() + s.slice(1) : "";
+}
+function isNotificationWorthy(e) {
+  if (e.kind !== "tool") return false;
+  if (!e.checkedBy) return e.verdict === "block" || e.verdict === "review";
+  if (e.checkedBy.startsWith("observe-mode")) return false;
+  if (e.checkedBy === "timeout" || e.checkedBy === "popup-timeout") return false;
+  return true;
+}
+function readMcpPinned() {
+  try {
+    const p = path7.join(os7.homedir(), ".node9", "mcp-pins.json");
+    if (!fs6.existsSync(p)) return 0;
+    const parsed = JSON.parse(fs6.readFileSync(p, "utf8"));
+    return parsed.servers ? Object.keys(parsed.servers).length : 0;
+  } catch {
+    return 0;
+  }
+}
+function readSkillsPinned() {
+  try {
+    const p = path7.join(os7.homedir(), ".node9", "skill-pins.json");
+    if (!fs6.existsSync(p)) return 0;
+    const parsed = JSON.parse(fs6.readFileSync(p, "utf8"));
+    return parsed.roots ? Object.keys(parsed.roots).length : 0;
+  } catch {
+    return 0;
+  }
+}
+var LIVE_BUFFER_CAP, AUDIT_REFRESH_MS, BLAST_REFRESH_MS, FIXED_PANELS_HEIGHT, LIVE_MIN_ROWS, NOTIFICATION_RECENT_WINDOW_MS, RESOLVED_HOLD_MS, COST_REFRESH_MS, NOTIFICATION_STICKY_MS, FORENSIC_NOTIFY_COOLDOWN_MS, FORENSIC_DISPLAY_MS;
+var init_App = __esm({
+  "src/tui/dashboard/App.tsx"() {
+    "use strict";
+    init_types();
+    init_data();
+    init_health();
+    init_panels();
+    LIVE_BUFFER_CAP = 100;
+    AUDIT_REFRESH_MS = 3e4;
+    BLAST_REFRESH_MS = 5 * 6e4;
+    FIXED_PANELS_HEIGHT = 30;
+    LIVE_MIN_ROWS = 1;
+    NOTIFICATION_RECENT_WINDOW_MS = 6e4;
+    RESOLVED_HOLD_MS = 5e3;
+    COST_REFRESH_MS = 5 * 6e4;
+    NOTIFICATION_STICKY_MS = 1e4;
+    FORENSIC_NOTIFY_COOLDOWN_MS = 3e4;
+    FORENSIC_DISPLAY_MS = 5e3;
+  }
+});
+// src/tui/dashboard/index.ts
+var ENTER_ALT_SCREEN = "\x1B[?1049h";
+var EXIT_ALT_SCREEN = "\x1B[?1049l";
+var altScreenActive = false;
+function enterAltScreen() {
+  if (altScreenActive) return;
+  process.stdout.write(ENTER_ALT_SCREEN);
+  altScreenActive = true;
+}
+function exitAltScreen() {
+  if (!altScreenActive) return;
+  process.stdout.write(EXIT_ALT_SCREEN);
+  altScreenActive = false;
+}
+async function startMonitor() {
+  if (!process.stdin.isTTY) {
+    process.stderr.write(
+      "node9 monitor requires an interactive TTY (run it directly in your terminal).\n"
+    );
+    process.exit(1);
+  }
+  const React2 = await import("react");
+  const { render } = await import("ink");
+  const { App: App2 } = await Promise.resolve().then(() => (init_App(), App_exports));
+  const cleanup = () => exitAltScreen();
+  process.on("exit", cleanup);
+  process.on("SIGINT", () => {
+    cleanup();
+    process.exit(130);
+  });
+  process.on("SIGTERM", () => {
+    cleanup();
+    process.exit(143);
+  });
+  process.on("uncaughtException", (err) => {
+    cleanup();
+    setImmediate(() => {
+      throw err;
+    });
+  });
+  enterAltScreen();
+  try {
+    const instance = render(React2.createElement(App2));
+    await instance.waitUntilExit();
+  } finally {
+    exitAltScreen();
+  }
+}
+export {
+  startMonitor
+};