@node9/proxy 1.19.3 → 1.19.4

package/dist/cli.js

@@ -1708,7 +1708,11 @@ function extractCanonicalFindings(call, ctx) {
       })
     );
   }
-  if (PRIVILEGE_ESCALATION_RE.test(command)) {
+  const ast = analyzeShellCommand(command);
+  const sudoVariant = ast.actions.includes("sudo") || ast.actions.includes("su");
+  const chmodVariant = ast.actions.includes("chmod") && (ast.allTokens.includes("777") || ast.allTokens.includes("0777") || ast.allTokens.includes("+x"));
+  const chownVariant = ast.actions.includes("chown") && ast.allTokens.includes("root");
+  if (sudoVariant || chmodVariant || chownVariant) {
     out.push(
       makeFinding({
         type: "privilege-escalation",
@@ -1840,7 +1844,7 @@ function* stringValues(obj, depth = 0) {
   }
   for (const v of Object.values(obj)) yield* stringValues(v, depth + 1);
 }
-var import_safe_regex2, import_mvdan_sh, import_picomatch, import_safe_regex22, import_safe_regex23, import_crypto2, ASSIGNMENT_CONTEXT_RE, DLP_STOPWORDS, DLP_PATTERNS, DLP_PATTERNS_GLOBAL, SENSITIVE_PATH_PATTERNS, MAX_DEPTH, MAX_STRING_BYTES, MAX_JSON_PARSE_BYTES, syntax, sharedParser, MESSAGE_FLAGS, SHELL_INTERPRETERS, DOWNLOAD_CMDS, NORMALIZE_CACHE_MAX, normalizeCache, AST_CACHE_MAX, astCache, PARSE_FAIL, FS_READ_TOOLS, FS_OP_PRESCREEN_RE, HOME_CACHE_ALLOWLIST, SENSITIVE_PATH_RULES, BASH_TOOL_NAMES, AST_FS_REGEX_RULES, FS_OP_CACHE_MAX, fsOpCache, SOURCE_COMMANDS, SINK_COMMANDS, OBFUSCATORS, SENSITIVE_PATTERNS, FLAGS_WITH_VALUES, MAX_REGEX_LENGTH, REGEX_CACHE_MAX, regexCache, FORBIDDEN_PATH_SEGMENTS, SQL_DML_KEYWORDS, aws_default, bash_safe_default, docker_default, filesystem_default, github_default, k8s_default, mongodb_default, postgres_default, project_jail_default, redis_default, BUILTIN_SHIELDS, LOOP_MAX_RECORDS, FINDING_TO_SIGNAL, SCAN_SIGNAL_WEIGHTS, LOOP_THRESHOLD_FOR_WASTE, COST_PER_LOOP_ITER_USD, DESTRUCTIVE_OP_RE, PRIVILEGE_ESCALATION_RE, SENSITIVE_PATH_RE, FILE_TOOLS, PII_EMAIL_RE, PII_SSN_RE, PII_PHONE_RE, PII_CC_RE, LONG_OUTPUT_THRESHOLD_BYTES, CANONICAL_EXTRACTOR_VERSION, DEDUPE_PREVIEW_LEN, TERMINAL_ESCAPE_RE;
+var import_safe_regex2, import_mvdan_sh, import_picomatch, import_safe_regex22, import_safe_regex23, import_crypto2, ASSIGNMENT_CONTEXT_RE, DLP_STOPWORDS, DLP_PATTERNS, DLP_PATTERNS_GLOBAL, SENSITIVE_PATH_PATTERNS, MAX_DEPTH, MAX_STRING_BYTES, MAX_JSON_PARSE_BYTES, syntax, sharedParser, MESSAGE_FLAGS, SHELL_INTERPRETERS, DOWNLOAD_CMDS, NORMALIZE_CACHE_MAX, normalizeCache, AST_CACHE_MAX, astCache, PARSE_FAIL, FS_READ_TOOLS, FS_OP_PRESCREEN_RE, HOME_CACHE_ALLOWLIST, SENSITIVE_PATH_RULES, BASH_TOOL_NAMES, AST_FS_REGEX_RULES, FS_OP_CACHE_MAX, fsOpCache, SOURCE_COMMANDS, SINK_COMMANDS, OBFUSCATORS, SENSITIVE_PATTERNS, FLAGS_WITH_VALUES, MAX_REGEX_LENGTH, REGEX_CACHE_MAX, regexCache, FORBIDDEN_PATH_SEGMENTS, SQL_DML_KEYWORDS, aws_default, bash_safe_default, docker_default, filesystem_default, github_default, k8s_default, mongodb_default, postgres_default, project_jail_default, redis_default, BUILTIN_SHIELDS, LOOP_MAX_RECORDS, FINDING_TO_SIGNAL, SCAN_SIGNAL_WEIGHTS, LOOP_THRESHOLD_FOR_WASTE, COST_PER_LOOP_ITER_USD, DESTRUCTIVE_OP_RE, SENSITIVE_PATH_RE, FILE_TOOLS, PII_EMAIL_RE, PII_SSN_RE, PII_PHONE_RE, PII_CC_RE, LONG_OUTPUT_THRESHOLD_BYTES, CANONICAL_EXTRACTOR_VERSION, DEDUPE_PREVIEW_LEN, TERMINAL_ESCAPE_RE;
 var init_dist = __esm({
   "packages/policy-engine/dist/index.mjs"() {
     "use strict";
@@ -3246,7 +3250,6 @@ var init_dist = __esm({
     LOOP_THRESHOLD_FOR_WASTE = 3;
     COST_PER_LOOP_ITER_USD = 6e-3;
     DESTRUCTIVE_OP_RE = /\brm\s+-[rRf]+\b|\bDROP\s+(TABLE|DATABASE|COLLECTION|SCHEMA)\b|\bTRUNCATE\s+TABLE\b|\bgit\s+push\s+(--force|-f)\b|\bFLUSHALL\b|\bFLUSHDB\b|\bkubectl\s+delete\b|\bhelm\s+uninstall\b/i;
-    PRIVILEGE_ESCALATION_RE = /\b(sudo|su)\b\s+[a-z]|\bchmod\s+(0?777|\+x)\b|\bchown\s+root\b/i;
     SENSITIVE_PATH_RE = /\.aws\/(credentials|config)\b|\.ssh\/(id_rsa|id_ed25519|id_ecdsa|id_dsa)\b|\.env(\.|$|\b)|\.config\/gcloud\/credentials\.db\b|\.docker\/config\.json\b|\.netrc\b|\.npmrc\b|\.node9\/credentials\.json\b/i;
     FILE_TOOLS = /* @__PURE__ */ new Set([
       "read",
@@ -3266,7 +3269,7 @@ var init_dist = __esm({
     PII_PHONE_RE = /\b(?:\+?1[-.\s]?)?\(?\d{3}\)?[-.\s]\d{3}[-.\s]\d{4}\b/;
     PII_CC_RE = /\b(?:4\d{3}|5[1-5]\d{2}|3[47]\d{2}|6\d{3})[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b/;
     LONG_OUTPUT_THRESHOLD_BYTES = 100 * 1024;
-    CANONICAL_EXTRACTOR_VERSION = "canonical-v1";
+    CANONICAL_EXTRACTOR_VERSION = "canonical-v4";
     DEDUPE_PREVIEW_LEN = 120;
     TERMINAL_ESCAPE_RE = // eslint-disable-next-line no-control-regex
     /\x1b\[[0-9;?]*[A-Za-z]|\x1b\][^\x07\x1b]*(?:\x07|\x1b\\)|\x1b[@-_]|[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]/g;
@@ -4807,7 +4810,7 @@ async function waitForDaemonDecision(id, signal) {
     if (signal) signal.removeEventListener("abort", onAbort);
   }
 }
-async function notifyDaemonViewer(toolName, args, meta, riskMetadata) {
+async function notifyDaemonViewer(toolName, args, meta, riskMetadata, activityId, socketActivitySent) {
   const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
   const res = await fetch(`${base}/check`, {
     method: "POST",
@@ -4818,7 +4821,12 @@ async function notifyDaemonViewer(toolName, args, meta, riskMetadata) {
       slackDelegated: true,
       agent: meta?.agent,
       mcpServer: meta?.mcpServer,
-      ...riskMetadata && { riskMetadata }
+      ...riskMetadata && { riskMetadata },
+      // fromCLI=true tells the daemon the CLI already sent the activity
+      // event via socket. Same contract as registerDaemonEntry — without
+      // it the daemon double-emits 'activity' for cloud-enforced flows.
+      fromCLI: socketActivitySent !== false,
+      activityId
     }),
     signal: AbortSignal.timeout(3e3)
   });
@@ -5963,7 +5971,14 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
   let daemonAllowCount = 1;
   if (approvers.terminal && isDaemonRunning() && !options?.calledFromDaemon) {
     if (cloudEnforced && cloudRequestId) {
-      const viewer = await notifyDaemonViewer(toolName, args, meta, riskMetadata).catch(() => null);
+      const viewer = await notifyDaemonViewer(
+        toolName,
+        args,
+        meta,
+        riskMetadata,
+        options?.activityId,
+        options?.socketActivitySent
+      ).catch(() => null);
       viewerId = viewer?.id ?? null;
       daemonEntryId = viewerId;
       if (viewer) daemonAllowCount = viewer.allowCount;
@@ -8056,6 +8071,7 @@ __export(scan_watermark_exports, {
   markUploadComplete: () => markUploadComplete,
   saveWatermark: () => saveWatermark,
   scanDelta: () => scanDelta,
+  tickForensicBroadcast: () => tickForensicBroadcast,
   tickScanWatcher: () => tickScanWatcher
 });
 function freshWatermark() {
@@ -8259,6 +8275,25 @@ function extractFindingsFromLine(line, sessionId, lineIndex) {
   }
   return findings;
 }
+async function tickForensicBroadcast(offsets) {
+  const out = [];
+  const files = listJsonlFiles();
+  for (const file of files) {
+    const size = fileSize(file);
+    const offset = offsets.get(file);
+    if (offset === void 0) {
+      offsets.set(file, size);
+      continue;
+    }
+    if (size <= offset) continue;
+    const sessionId = import_path19.default.basename(file, ".jsonl");
+    const newOffset = await scanDelta(file, offset, (obj, lineIndex) => {
+      out.push(...extractFindingsFromLine(obj, sessionId, lineIndex));
+    });
+    offsets.set(file, newOffset);
+  }
+  return out;
+}
 function markUploadComplete() {
   const state = loadWatermark();
   if (state.status === "schema-future") return;
@@ -11027,6 +11062,19 @@ data: ${JSON.stringify(data)}
     }
   });
 }
+function broadcastForensic(finding) {
+  const severity = CRITICAL_FORENSIC_CATEGORIES.has(finding.type) ? "critical" : "warning";
+  const event = {
+    type: "forensic",
+    id: `fnd_${(0, import_crypto6.randomUUID)()}`,
+    ts: Date.now(),
+    sessionId: finding.sessionId,
+    category: finding.type,
+    severity
+  };
+  if (finding.patternName !== void 0) event.patternName = finding.patternName;
+  broadcast("forensic", event);
+}
 function abandonPending() {
   setAbandonTimer(null);
   pending.forEach((entry, id) => {
@@ -11210,7 +11258,7 @@ function bindActivitySocket() {
   });
   activitySocketServer = unixServer;
 }
-var import_net2, import_fs21, import_path23, import_os19, import_crypto6, homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, LARGE_RESPONSE_RING_SIZE, largeResponseRing, cachedScanResult, cachedScanTs, SCAN_CACHE_TTL_MS, SECRET_KEY_RE, INPUT_PRICE_PER_1M, OUTPUT_PRICE_PER_1M, BYTES_PER_TOKEN, WRITE_TOOL_NAMES, ACTIVITY_REBIND_MAX_ATTEMPTS, ACTIVITY_REBIND_WINDOW_MS, ACTIVITY_HEALTH_PROBE_MS, activitySocketServer, activityHealthInterval, activityRebindAttempts, activityCircuitTripped;
+var import_net2, import_fs21, import_path23, import_os19, import_crypto6, homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, LARGE_RESPONSE_RING_SIZE, largeResponseRing, cachedScanResult, cachedScanTs, SCAN_CACHE_TTL_MS, SECRET_KEY_RE, INPUT_PRICE_PER_1M, OUTPUT_PRICE_PER_1M, BYTES_PER_TOKEN, CRITICAL_FORENSIC_CATEGORIES, WRITE_TOOL_NAMES, ACTIVITY_REBIND_MAX_ATTEMPTS, ACTIVITY_REBIND_WINDOW_MS, ACTIVITY_HEALTH_PROBE_MS, activitySocketServer, activityHealthInterval, activityRebindAttempts, activityCircuitTripped;
 var init_state2 = __esm({
   "src/daemon/state.ts"() {
     "use strict";
@@ -11260,6 +11308,11 @@ var init_state2 = __esm({
     INPUT_PRICE_PER_1M = 3;
     OUTPUT_PRICE_PER_1M = 15;
     BYTES_PER_TOKEN = 4;
+    CRITICAL_FORENSIC_CATEGORIES = /* @__PURE__ */ new Set([
+      "privilege-escalation",
+      "destructive-op",
+      "eval-of-remote"
+    ]);
     WRITE_TOOL_NAMES = /* @__PURE__ */ new Set([
       "write",
       "write_file",
@@ -11600,7 +11653,26 @@ function startCloudSync() {
   const recurring = setInterval(() => void syncOnce(), intervalMs);
   recurring.unref();
 }
-var import_fs22, import_https2, import_os20, import_path24, FINDING_TO_SIGNAL3, rulesCacheFile, DEFAULT_API_URL, DEFAULT_INTERVAL_HOURS, MIN_INTERVAL_HOURS;
+function startForensicBroadcast() {
+  const tick = async () => {
+    try {
+      const findings = await tickForensicBroadcast(forensicBroadcastOffsets);
+      for (const f of findings) broadcastForensic(f);
+    } catch (err2) {
+      const msg = err2 instanceof Error ? err2.message : String(err2);
+      appendToLog(HOOK_DEBUG_LOG, {
+        ts: (/* @__PURE__ */ new Date()).toISOString(),
+        kind: "forensic-broadcast-error",
+        error: msg
+      });
+    }
+  };
+  const initial = setTimeout(() => void tick(), FORENSIC_INITIAL_DELAY_MS);
+  initial.unref();
+  const recurring = setInterval(() => void tick(), FORENSIC_BROADCAST_INTERVAL_MS);
+  recurring.unref();
+}
+var import_fs22, import_https2, import_os20, import_path24, FINDING_TO_SIGNAL3, rulesCacheFile, DEFAULT_API_URL, DEFAULT_INTERVAL_HOURS, MIN_INTERVAL_HOURS, FORENSIC_BROADCAST_INTERVAL_MS, FORENSIC_INITIAL_DELAY_MS, forensicBroadcastOffsets;
 var init_sync = __esm({
   "src/daemon/sync.ts"() {
     "use strict";
@@ -11612,6 +11684,8 @@ var init_sync = __esm({
     init_blast();
     init_dist();
     init_scan_watermark();
+    init_state2();
+    init_audit();
     FINDING_TO_SIGNAL3 = {
       dlp: "dlpFindings",
       pii: "piiFindings",
@@ -11628,6 +11702,9 @@ var init_sync = __esm({
     DEFAULT_API_URL = "https://api.node9.ai/api/v1/intercept/policies/sync";
     DEFAULT_INTERVAL_HOURS = 5;
     MIN_INTERVAL_HOURS = 1;
+    FORENSIC_BROADCAST_INTERVAL_MS = 3e4;
+    FORENSIC_INITIAL_DELAY_MS = 5e3;
+    forensicBroadcastOffsets = /* @__PURE__ */ new Map();
   }
 });
 
@@ -11855,6 +11932,7 @@ var init_mcp_tools = __esm({
 function startDaemon() {
   startCostSync();
   startCloudSync();
+  startForensicBroadcast();
   startDlpScanner();
   loadInsightCounts();
   const internalToken = (0, import_crypto7.randomUUID)();
@@ -20785,6 +20863,17 @@ program.command("tail").description("Stream live agent activity to the terminal"
     process.exit(1);
   }
 });
+program.command("monitor").description("Live interactive dashboard \u2014 activity feed, approvals, security signals").action(async () => {
+  try {
+    const dashboardPath = import_path49.default.join(__dirname, "dashboard.mjs");
+    const dynamicImport = new Function("id", "return import(id)");
+    const mod = await dynamicImport(`file://${dashboardPath}`);
+    await mod.startMonitor();
+  } catch (err2) {
+    console.error(import_chalk31.default.red(`\u274C ${err2 instanceof Error ? err2.message : String(err2)}`));
+    process.exit(1);
+  }
+});
 registerWatchCommand(program);
 registerMcpGatewayCommand(program);
 registerMcpServerCommand(program);

package/dist/cli.mjs

@@ -1692,7 +1692,11 @@ function extractCanonicalFindings(call, ctx) {
       })
     );
   }
-  if (PRIVILEGE_ESCALATION_RE.test(command)) {
+  const ast = analyzeShellCommand(command);
+  const sudoVariant = ast.actions.includes("sudo") || ast.actions.includes("su");
+  const chmodVariant = ast.actions.includes("chmod") && (ast.allTokens.includes("777") || ast.allTokens.includes("0777") || ast.allTokens.includes("+x"));
+  const chownVariant = ast.actions.includes("chown") && ast.allTokens.includes("root");
+  if (sudoVariant || chmodVariant || chownVariant) {
     out.push(
       makeFinding({
         type: "privilege-escalation",
@@ -1824,7 +1828,7 @@ function* stringValues(obj, depth = 0) {
   }
   for (const v of Object.values(obj)) yield* stringValues(v, depth + 1);
 }
-var ASSIGNMENT_CONTEXT_RE, DLP_STOPWORDS, DLP_PATTERNS, DLP_PATTERNS_GLOBAL, SENSITIVE_PATH_PATTERNS, MAX_DEPTH, MAX_STRING_BYTES, MAX_JSON_PARSE_BYTES, syntax, sharedParser, MESSAGE_FLAGS, SHELL_INTERPRETERS, DOWNLOAD_CMDS, NORMALIZE_CACHE_MAX, normalizeCache, AST_CACHE_MAX, astCache, PARSE_FAIL, FS_READ_TOOLS, FS_OP_PRESCREEN_RE, HOME_CACHE_ALLOWLIST, SENSITIVE_PATH_RULES, BASH_TOOL_NAMES, AST_FS_REGEX_RULES, FS_OP_CACHE_MAX, fsOpCache, SOURCE_COMMANDS, SINK_COMMANDS, OBFUSCATORS, SENSITIVE_PATTERNS, FLAGS_WITH_VALUES, MAX_REGEX_LENGTH, REGEX_CACHE_MAX, regexCache, FORBIDDEN_PATH_SEGMENTS, SQL_DML_KEYWORDS, aws_default, bash_safe_default, docker_default, filesystem_default, github_default, k8s_default, mongodb_default, postgres_default, project_jail_default, redis_default, BUILTIN_SHIELDS, LOOP_MAX_RECORDS, FINDING_TO_SIGNAL, SCAN_SIGNAL_WEIGHTS, LOOP_THRESHOLD_FOR_WASTE, COST_PER_LOOP_ITER_USD, DESTRUCTIVE_OP_RE, PRIVILEGE_ESCALATION_RE, SENSITIVE_PATH_RE, FILE_TOOLS, PII_EMAIL_RE, PII_SSN_RE, PII_PHONE_RE, PII_CC_RE, LONG_OUTPUT_THRESHOLD_BYTES, CANONICAL_EXTRACTOR_VERSION, DEDUPE_PREVIEW_LEN, TERMINAL_ESCAPE_RE;
+var ASSIGNMENT_CONTEXT_RE, DLP_STOPWORDS, DLP_PATTERNS, DLP_PATTERNS_GLOBAL, SENSITIVE_PATH_PATTERNS, MAX_DEPTH, MAX_STRING_BYTES, MAX_JSON_PARSE_BYTES, syntax, sharedParser, MESSAGE_FLAGS, SHELL_INTERPRETERS, DOWNLOAD_CMDS, NORMALIZE_CACHE_MAX, normalizeCache, AST_CACHE_MAX, astCache, PARSE_FAIL, FS_READ_TOOLS, FS_OP_PRESCREEN_RE, HOME_CACHE_ALLOWLIST, SENSITIVE_PATH_RULES, BASH_TOOL_NAMES, AST_FS_REGEX_RULES, FS_OP_CACHE_MAX, fsOpCache, SOURCE_COMMANDS, SINK_COMMANDS, OBFUSCATORS, SENSITIVE_PATTERNS, FLAGS_WITH_VALUES, MAX_REGEX_LENGTH, REGEX_CACHE_MAX, regexCache, FORBIDDEN_PATH_SEGMENTS, SQL_DML_KEYWORDS, aws_default, bash_safe_default, docker_default, filesystem_default, github_default, k8s_default, mongodb_default, postgres_default, project_jail_default, redis_default, BUILTIN_SHIELDS, LOOP_MAX_RECORDS, FINDING_TO_SIGNAL, SCAN_SIGNAL_WEIGHTS, LOOP_THRESHOLD_FOR_WASTE, COST_PER_LOOP_ITER_USD, DESTRUCTIVE_OP_RE, SENSITIVE_PATH_RE, FILE_TOOLS, PII_EMAIL_RE, PII_SSN_RE, PII_PHONE_RE, PII_CC_RE, LONG_OUTPUT_THRESHOLD_BYTES, CANONICAL_EXTRACTOR_VERSION, DEDUPE_PREVIEW_LEN, TERMINAL_ESCAPE_RE;
 var init_dist = __esm({
   "packages/policy-engine/dist/index.mjs"() {
     "use strict";
@@ -3224,7 +3228,6 @@ var init_dist = __esm({
     LOOP_THRESHOLD_FOR_WASTE = 3;
     COST_PER_LOOP_ITER_USD = 6e-3;
     DESTRUCTIVE_OP_RE = /\brm\s+-[rRf]+\b|\bDROP\s+(TABLE|DATABASE|COLLECTION|SCHEMA)\b|\bTRUNCATE\s+TABLE\b|\bgit\s+push\s+(--force|-f)\b|\bFLUSHALL\b|\bFLUSHDB\b|\bkubectl\s+delete\b|\bhelm\s+uninstall\b/i;
-    PRIVILEGE_ESCALATION_RE = /\b(sudo|su)\b\s+[a-z]|\bchmod\s+(0?777|\+x)\b|\bchown\s+root\b/i;
     SENSITIVE_PATH_RE = /\.aws\/(credentials|config)\b|\.ssh\/(id_rsa|id_ed25519|id_ecdsa|id_dsa)\b|\.env(\.|$|\b)|\.config\/gcloud\/credentials\.db\b|\.docker\/config\.json\b|\.netrc\b|\.npmrc\b|\.node9\/credentials\.json\b/i;
     FILE_TOOLS = /* @__PURE__ */ new Set([
       "read",
@@ -3244,7 +3247,7 @@ var init_dist = __esm({
     PII_PHONE_RE = /\b(?:\+?1[-.\s]?)?\(?\d{3}\)?[-.\s]\d{3}[-.\s]\d{4}\b/;
     PII_CC_RE = /\b(?:4\d{3}|5[1-5]\d{2}|3[47]\d{2}|6\d{3})[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b/;
     LONG_OUTPUT_THRESHOLD_BYTES = 100 * 1024;
-    CANONICAL_EXTRACTOR_VERSION = "canonical-v1";
+    CANONICAL_EXTRACTOR_VERSION = "canonical-v4";
     DEDUPE_PREVIEW_LEN = 120;
     TERMINAL_ESCAPE_RE = // eslint-disable-next-line no-control-regex
     /\x1b\[[0-9;?]*[A-Za-z]|\x1b\][^\x07\x1b]*(?:\x07|\x1b\\)|\x1b[@-_]|[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]/g;
@@ -4788,7 +4791,7 @@ async function waitForDaemonDecision(id, signal) {
     if (signal) signal.removeEventListener("abort", onAbort);
   }
 }
-async function notifyDaemonViewer(toolName, args, meta, riskMetadata) {
+async function notifyDaemonViewer(toolName, args, meta, riskMetadata, activityId, socketActivitySent) {
   const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
   const res = await fetch(`${base}/check`, {
     method: "POST",
@@ -4799,7 +4802,12 @@ async function notifyDaemonViewer(toolName, args, meta, riskMetadata) {
       slackDelegated: true,
       agent: meta?.agent,
       mcpServer: meta?.mcpServer,
-      ...riskMetadata && { riskMetadata }
+      ...riskMetadata && { riskMetadata },
+      // fromCLI=true tells the daemon the CLI already sent the activity
+      // event via socket. Same contract as registerDaemonEntry — without
+      // it the daemon double-emits 'activity' for cloud-enforced flows.
+      fromCLI: socketActivitySent !== false,
+      activityId
     }),
     signal: AbortSignal.timeout(3e3)
   });
@@ -5940,7 +5948,14 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
   let daemonAllowCount = 1;
   if (approvers.terminal && isDaemonRunning() && !options?.calledFromDaemon) {
     if (cloudEnforced && cloudRequestId) {
-      const viewer = await notifyDaemonViewer(toolName, args, meta, riskMetadata).catch(() => null);
+      const viewer = await notifyDaemonViewer(
+        toolName,
+        args,
+        meta,
+        riskMetadata,
+        options?.activityId,
+        options?.socketActivitySent
+      ).catch(() => null);
       viewerId = viewer?.id ?? null;
       daemonEntryId = viewerId;
       if (viewer) daemonAllowCount = viewer.allowCount;
@@ -8030,6 +8045,7 @@ __export(scan_watermark_exports, {
   markUploadComplete: () => markUploadComplete,
   saveWatermark: () => saveWatermark,
   scanDelta: () => scanDelta,
+  tickForensicBroadcast: () => tickForensicBroadcast,
   tickScanWatcher: () => tickScanWatcher
 });
 import fs17 from "fs";
@@ -8237,6 +8253,25 @@ function extractFindingsFromLine(line, sessionId, lineIndex) {
   }
   return findings;
 }
+async function tickForensicBroadcast(offsets) {
+  const out = [];
+  const files = listJsonlFiles();
+  for (const file of files) {
+    const size = fileSize(file);
+    const offset = offsets.get(file);
+    if (offset === void 0) {
+      offsets.set(file, size);
+      continue;
+    }
+    if (size <= offset) continue;
+    const sessionId = path19.basename(file, ".jsonl");
+    const newOffset = await scanDelta(file, offset, (obj, lineIndex) => {
+      out.push(...extractFindingsFromLine(obj, sessionId, lineIndex));
+    });
+    offsets.set(file, newOffset);
+  }
+  return out;
+}
 function markUploadComplete() {
   const state = loadWatermark();
   if (state.status === "schema-future") return;
@@ -11006,6 +11041,19 @@ data: ${JSON.stringify(data)}
     }
   });
 }
+function broadcastForensic(finding) {
+  const severity = CRITICAL_FORENSIC_CATEGORIES.has(finding.type) ? "critical" : "warning";
+  const event = {
+    type: "forensic",
+    id: `fnd_${randomUUID3()}`,
+    ts: Date.now(),
+    sessionId: finding.sessionId,
+    category: finding.type,
+    severity
+  };
+  if (finding.patternName !== void 0) event.patternName = finding.patternName;
+  broadcast("forensic", event);
+}
 function abandonPending() {
   setAbandonTimer(null);
   pending.forEach((entry, id) => {
@@ -11189,7 +11237,7 @@ function bindActivitySocket() {
   });
   activitySocketServer = unixServer;
 }
-var homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, LARGE_RESPONSE_RING_SIZE, largeResponseRing, cachedScanResult, cachedScanTs, SCAN_CACHE_TTL_MS, SECRET_KEY_RE, INPUT_PRICE_PER_1M, OUTPUT_PRICE_PER_1M, BYTES_PER_TOKEN, WRITE_TOOL_NAMES, ACTIVITY_REBIND_MAX_ATTEMPTS, ACTIVITY_REBIND_WINDOW_MS, ACTIVITY_HEALTH_PROBE_MS, activitySocketServer, activityHealthInterval, activityRebindAttempts, activityCircuitTripped;
+var homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, LARGE_RESPONSE_RING_SIZE, largeResponseRing, cachedScanResult, cachedScanTs, SCAN_CACHE_TTL_MS, SECRET_KEY_RE, INPUT_PRICE_PER_1M, OUTPUT_PRICE_PER_1M, BYTES_PER_TOKEN, CRITICAL_FORENSIC_CATEGORIES, WRITE_TOOL_NAMES, ACTIVITY_REBIND_MAX_ATTEMPTS, ACTIVITY_REBIND_WINDOW_MS, ACTIVITY_HEALTH_PROBE_MS, activitySocketServer, activityHealthInterval, activityRebindAttempts, activityCircuitTripped;
 var init_state2 = __esm({
   "src/daemon/state.ts"() {
     "use strict";
@@ -11234,6 +11282,11 @@ var init_state2 = __esm({
     INPUT_PRICE_PER_1M = 3;
     OUTPUT_PRICE_PER_1M = 15;
     BYTES_PER_TOKEN = 4;
+    CRITICAL_FORENSIC_CATEGORIES = /* @__PURE__ */ new Set([
+      "privilege-escalation",
+      "destructive-op",
+      "eval-of-remote"
+    ]);
     WRITE_TOOL_NAMES = /* @__PURE__ */ new Set([
       "write",
       "write_file",
@@ -11578,7 +11631,26 @@ function startCloudSync() {
   const recurring = setInterval(() => void syncOnce(), intervalMs);
   recurring.unref();
 }
-var FINDING_TO_SIGNAL3, rulesCacheFile, DEFAULT_API_URL, DEFAULT_INTERVAL_HOURS, MIN_INTERVAL_HOURS;
+function startForensicBroadcast() {
+  const tick = async () => {
+    try {
+      const findings = await tickForensicBroadcast(forensicBroadcastOffsets);
+      for (const f of findings) broadcastForensic(f);
+    } catch (err2) {
+      const msg = err2 instanceof Error ? err2.message : String(err2);
+      appendToLog(HOOK_DEBUG_LOG, {
+        ts: (/* @__PURE__ */ new Date()).toISOString(),
+        kind: "forensic-broadcast-error",
+        error: msg
+      });
+    }
+  };
+  const initial = setTimeout(() => void tick(), FORENSIC_INITIAL_DELAY_MS);
+  initial.unref();
+  const recurring = setInterval(() => void tick(), FORENSIC_BROADCAST_INTERVAL_MS);
+  recurring.unref();
+}
+var FINDING_TO_SIGNAL3, rulesCacheFile, DEFAULT_API_URL, DEFAULT_INTERVAL_HOURS, MIN_INTERVAL_HOURS, FORENSIC_BROADCAST_INTERVAL_MS, FORENSIC_INITIAL_DELAY_MS, forensicBroadcastOffsets;
 var init_sync = __esm({
   "src/daemon/sync.ts"() {
     "use strict";
@@ -11586,6 +11658,8 @@ var init_sync = __esm({
     init_blast();
     init_dist();
     init_scan_watermark();
+    init_state2();
+    init_audit();
     FINDING_TO_SIGNAL3 = {
       dlp: "dlpFindings",
       pii: "piiFindings",
@@ -11602,6 +11676,9 @@ var init_sync = __esm({
     DEFAULT_API_URL = "https://api.node9.ai/api/v1/intercept/policies/sync";
     DEFAULT_INTERVAL_HOURS = 5;
     MIN_INTERVAL_HOURS = 1;
+    FORENSIC_BROADCAST_INTERVAL_MS = 3e4;
+    FORENSIC_INITIAL_DELAY_MS = 5e3;
+    forensicBroadcastOffsets = /* @__PURE__ */ new Map();
   }
 });
 
@@ -11835,6 +11912,7 @@ import chalk6 from "chalk";
 function startDaemon() {
   startCostSync();
   startCloudSync();
+  startForensicBroadcast();
   startDlpScanner();
   loadInsightCounts();
   const internalToken = randomUUID4();
@@ -20757,6 +20835,17 @@ program.command("tail").description("Stream live agent activity to the terminal"
     process.exit(1);
   }
 });
+program.command("monitor").description("Live interactive dashboard \u2014 activity feed, approvals, security signals").action(async () => {
+  try {
+    const dashboardPath = path49.join(__dirname, "dashboard.mjs");
+    const dynamicImport = new Function("id", "return import(id)");
+    const mod = await dynamicImport(`file://${dashboardPath}`);
+    await mod.startMonitor();
+  } catch (err2) {
+    console.error(chalk31.red(`\u274C ${err2 instanceof Error ? err2.message : String(err2)}`));
+    process.exit(1);
+  }
+});
 registerWatchCommand(program);
 registerMcpGatewayCommand(program);
 registerMcpServerCommand(program);