@node9/proxy 1.20.0 → 1.21.0

package/README.md

@@ -1,5 +1,5 @@
 <h1 align="center">🛡️ Node9</h1>
-<p align="center"><strong>What did your AI agent actually do? Find out, and stop the dangerous stuff.</strong></p>
+<p align="center"><strong>What did your AI agent actually do? Find out.</strong></p>
 <p align="center">
   <a href="https://www.npmjs.com/package/node9-ai"><img src="https://img.shields.io/npm/v/node9-ai.svg" alt="npm version" /></a>
   <a href="https://www.npmjs.com/package/node9-ai"><img src="https://img.shields.io/npm/dm/node9-ai.svg" alt="monthly downloads" /></a>
@@ -8,21 +8,33 @@
   <a href="https://huggingface.co/spaces/Node9ai/node9-security-demo"><img src="https://huggingface.co/datasets/huggingface/badges/resolve/main/open-in-hf-spaces-sm.svg" alt="Try on HF Spaces" /></a>
 </p>
 
-Node9 sits between your AI agent and the tools it can use — recording every action, blocking the dangerous ones, and showing you what happened both live and in retrospect.
+Node9 sits between your AI agent and the tools it can use — **discover** what it's already been doing, **protect** against risky actions in real time, and **review** what happened over any time window.
 
 Works with **Claude Code · Codex CLI · Gemini CLI · Cursor · Windsurf · any MCP server**.
 
 ## What Node9 does
 
-- 🛑 **Block** dangerous AI actions before they run — `rm -rf`, `git push --force`, `DROP TABLE`, credential reads, `curl | bash`
-- 🔍 **Scan** what your AI has already been doing — loops, leaked secrets, blocked operations across every session
-- 🔑 **Catch credential leaks** — AWS keys, GitHub tokens, JWTs, GCP API keys, PEM private keys flagged in tool args, file contents, and shell config
-- 🔭 **Map your blast radius** — every SSH key, AWS credential, and `.env` file an AI agent on this machine could reach right now
+- 🔍 **Discover** — scan every past AI session for credential leaks, agent loops, blocked operations, and every secret on disk an agent could reach right now
+- 🛡 **Protect** — review or block risky commands before they run — `rm -rf`, `git push --force`, `DROP TABLE`, credential reads, `curl | bash`, AWS/GitHub/Stripe key leaks
+- 📊 **Review** — period-windowed report (today / week / month / 90 days) — cost per agent, top tools, shields fired, blast radius
+
+## Retrospective scan
+
+This is my own machine — 90 days while building Node9. Score 25/100, 5 credential files an AI agent could reach right now.
+
+```bash
+npx node9-ai scan   # before installation, runs in ~10s, nothing uploads
+node9 scan          # after installation, same output
+```
+
+<p align="center">
+  <img src="https://github.com/user-attachments/assets/7c5b30f1-1ca1-40b4-bfd5-d6671002e98e" width="720" alt="Node9 scan scorecard" />
+</p>
 
 ## Live monitoring
 
 <p align="center">
-  <img src="https://github.com/user-attachments/assets/25c601db-221d-4553-8b8c-34af85ab30c8" width="720" alt="Node9 monitor dashboard" />
+  <img src="https://github.com/user-attachments/assets/4661da97-c174-4bae-ae54-4c52a1d69213" width="720" alt="Node9 monitor dashboard" />
 </p>
 
 `node9 monitor` opens an interactive terminal dashboard with two views:
@@ -30,32 +42,19 @@ Works with **Claude Code · Codex CLI · Gemini CLI · Cursor · Windsurf · any
 - **`[1]` Realtime** — live activity, approvals, security alerts, current risk score
 - **`[2]` Report** — period-windowed summary: cost, top tools, shields fired, blast radius
 
-## Retrospective scan
+## Report
 
-This is my own machine — 30 days while building Node9. Score 25/100, 5 credential files an AI agent could reach right now.
+Press `[2]` in monitor for a period-windowed summary. Toggle the window with `[T]oday` · `[W]eek` · `[M]onth` · `[N]inety` — same panels as the scan above, driven by your post-install audit log.
 
 <p align="center">
-  <img src="https://github.com/user-attachments/assets/bc165779-4200-438d-967a-20d42bbfe69e" width="720" alt="Node9 scan scorecard" />
+  <img src="https://github.com/user-attachments/assets/66c02a72-e477-443d-807f-d65a21d096cd" width="720" alt="Node9 monitor [2] Report" />
 </p>
 
-```
-🛡  Node9 Scan  ·  21 sessions  ·  8,114 tool calls  ·  Apr 6 – May 1, 2026
-
-Security Score: 25/100  ·  Critical
-$3,789 AI spend  ·  62 risky operations
-
-🔑  14   credential leak     (Bearer Token ×4, GCP API Key ×4, JWT ×2)
-🛑  15   would have blocked  (force-push ×5, read-ssh ×4, read-aws ×4)
-🔁  193  agent loops         (18% wasted  ·  ~$6.51)
-👁  33   flagged for review  (git-destructive ×19, rm ×9, sudo ×2)
-
-🔭  Blast radius             ssh × gcp × npm × other (5 exposures)
-
-→  npx node9-ai scan         run this on your machine
+```bash
+node9 monitor              # press [2] for Report view
+node9 report --period 7d   # CLI form, no TUI
 ```
 
-Run it on yours — `npx node9-ai scan` finishes in ~10 seconds and runs entirely local. Nothing uploads.
-
 ## Install
 
 ```bash
@@ -97,10 +96,10 @@ node9 shield list    # show all shields + status
 
 ## Always on — no config needed
 
-- **Git** — blocks `git push --force`, `git reset --hard`, `git clean -fd`
-- **SQL** — blocks `DELETE` / `UPDATE` without `WHERE`, `DROP TABLE`, `TRUNCATE`
-- **Shell** — blocks `curl | bash`, unauthorized `sudo`
-- **DLP** — blocks AWS keys, GitHub tokens, Stripe keys, PEM private keys in any tool argument, file contents, or shell config (`~/.zshrc`, `~/.bashrc`)
+- **Git** — catches `git push --force`, `git reset --hard`, `git clean -fd`
+- **SQL** — catches `DELETE` / `UPDATE` without `WHERE`, `DROP TABLE`, `TRUNCATE`
+- **Shell** — catches `curl | bash`, unauthorized `sudo`
+- **DLP** — flags AWS keys, GitHub tokens, Stripe keys, PEM private keys in any tool argument, file contents, or shell config (`~/.zshrc`, `~/.bashrc`)
 - **Response DLP** — background scanner reads Claude's conversation history and alerts you if Claude _wrote_ a secret in its response text
 - **Auto-undo** — git snapshot before every AI file edit → `node9 undo` to revert
 - **Skills pinning** — SHA-256 verification of installed Claude skills / plugins between sessions
@@ -141,17 +140,17 @@ node9 mcp pin reset               # clear all pins
 
 </details>
 
-## Observability — five views
+## Other commands
+
+Beyond the three flow commands above (`scan` / `monitor` / `report`):
 
-| Command          | What it shows                                             | When to use                               |
-| ---------------- | --------------------------------------------------------- | ----------------------------------------- |
-| `node9 blast`    | What an AI agent can reach right now — files, creds, env  | First thing to run on any machine         |
-| `node9 scan`     | Retrospective audit of existing agent history             | Before installing, or to review past risk |
-| `node9 tail`     | Live stream of every tool call                            | Watching an agent work in real time       |
-| `node9 report`   | Per-period summary: allowed/blocked/DLP/cost + top tools  | Reviewing what happened after a session   |
-| `node9 sessions` | Session history with prompt, tool trace, cost, snapshot   | Reviewing a handoff or past work          |
-| `node9 dlp`      | Credential-leak findings in Claude response text          | Any time a DLP desktop alert fires        |
-| `node9 mask`     | Redact plaintext secrets from local session history files | After a DLP finding — cleans local disk   |
+| Command          | What it shows                                             | When to use                             |
+| ---------------- | --------------------------------------------------------- | --------------------------------------- |
+| `node9 blast`    | What an AI agent can reach right now — files, creds, env  | First thing to run on any machine       |
+| `node9 tail`     | Live stream of every tool call (text-only, no TUI)        | Piping into other tools, CI, logs       |
+| `node9 sessions` | Session history with prompt, tool trace, cost, snapshot   | Reviewing a handoff or past work        |
+| `node9 dlp`      | Credential-leak findings in Claude response text          | Any time a DLP desktop alert fires      |
+| `node9 mask`     | Redact plaintext secrets from local session history files | After a DLP finding — cleans local disk |
 
 Plus a **live HUD** in your Claude Code statusline:
 
@@ -167,7 +166,7 @@ Node9 surfaces the signal. Here are the patterns worth knowing:
 
 | Signal                                         | Likely meaning                                                                                     |
 | ---------------------------------------------- | -------------------------------------------------------------------------------------------------- |
-| `Would have blocked` ≥ 5 in a week             | Agent is attempting destructive ops; shields need review                                           |
+| `Would have blocked` ≥ 5 in a week             | Agent is attempting high-impact ops; shields are worth reviewing                                   |
 | Single `review-git-push` rule >50% of findings | Your own rule is firing as intended — not a risk, just supervision                                 |
 | DLP finding in `user-prompt` tool              | You pasted a secret into your own prompt — rotate the key                                          |
 | Agent Loop ×50+ on same file                   | Agent stuck in edit/test/fix cycle — check context or slow down                                    |

package/dist/cli.js

@@ -7780,8 +7780,9 @@ function boxPanel(title, bodyLines, width = PANEL_WIDTH) {
   const inner = width - 4;
   const out = [];
   const titlePad = ` ${title} `;
-  const titleSegment = titlePad.length <= inner ? titlePad : titlePad.slice(0, inner);
-  const dashFill = "\u2500".repeat(Math.max(0, inner - titleSegment.length));
+  const titleWidth = (0, import_string_width.default)(titlePad);
+  const titleSegment = titleWidth <= inner ? titlePad : titlePad.slice(0, inner);
+  const dashFill = "\u2500".repeat(Math.max(0, inner - (0, import_string_width.default)(titleSegment)));
   out.push(import_chalk3.default.dim("\u256D\u2500") + import_chalk3.default.bold(titleSegment) + import_chalk3.default.dim(`${dashFill}\u2500\u256E`));
   for (const line of bodyLines) {
     const padding = " ".repeat(Math.max(0, inner - line.width));
@@ -7798,11 +7799,12 @@ function relativeDate(timestamp, now = /* @__PURE__ */ new Date()) {
   if (days > 90) return "90d+";
   return `${days}d`;
 }
-var import_chalk3, PANEL_WIDTH;
+var import_chalk3, import_string_width, PANEL_WIDTH;
 var init_scan_derive = __esm({
   "src/cli/render/scan-derive.ts"() {
     "use strict";
     import_chalk3 = __toESM(require("chalk"));
+    import_string_width = __toESM(require("string-width"));
     PANEL_WIDTH = 76;
   }
 });
@@ -10246,7 +10248,7 @@ function mkLine(...parts) {
   let width = 0;
   for (const [text, fmt] of parts) {
     rendered += fmt ? fmt(text) : text;
-    width += text.length;
+    width += (0, import_string_width2.default)(text);
   }
   return { rendered, width };
 }
@@ -10367,7 +10369,11 @@ function renderPanelScorecard(input, now = /* @__PURE__ */ new Date()) {
       const origin = originForRule(r.name, summary.sections);
       reviewLines.push(
         mkLine(
-          ["\u{1F441}  ", import_chalk5.default.yellow],
+          // VS-16 (U+FE0F) forces emoji-presentation so string-width
+          // returns 2 cells (matching how modern terminals actually
+          // render it). Without VS-16 string-width says 1 cell — and
+          // the right border drifts off. Same applies to 🛡 / ⚠ below.
+          ["\u{1F441}\uFE0F  ", import_chalk5.default.yellow],
           [shortRule(r.name, 24), import_chalk5.default.bold],
           [" \xD7" + String(r.count).padEnd(4), import_chalk5.default.bold],
           [" "],
@@ -10425,7 +10431,7 @@ function renderPanelScorecard(input, now = /* @__PURE__ */ new Date()) {
     }
     for (const e of blast.envFindings.slice(0, 3)) {
       blastLines.push(
-        mkLine(["\u26A0  ", import_chalk5.default.yellow], [`${e.key} `], [`(${e.patternName})`, import_chalk5.default.dim])
+        mkLine(["\u26A0\uFE0F  ", import_chalk5.default.yellow], [`${e.key} `], [`(${e.patternName})`, import_chalk5.default.dim])
       );
     }
     const totalExposed = blast.reachable.length + blast.envFindings.length;
@@ -10449,7 +10455,7 @@ function renderPanelScorecard(input, now = /* @__PURE__ */ new Date()) {
     if (impact.totalCatches === 0) continue;
     const discount = PROTECTIVE_SHIELD_DISCOUNTS[impact.shieldName] ?? 0;
     const bonus = Math.round(exposed * discount);
-    const icon = discount > 0 ? "\u{1F6E1}  " : "\u2610   ";
+    const icon = discount > 0 ? "\u{1F6E1}\uFE0F  " : "\u2610   ";
     const wouldCatch = `would catch ${impact.totalCatches} op${impact.totalCatches !== 1 ? "s" : ""}`;
     const deltaSuffix = bonus > 0 ? `  \u2192  +${bonus} pts  (${blast.score} \u2192 ${blast.score + bonus})` : "";
     shieldLines.push(
@@ -10499,7 +10505,7 @@ function originForRule(ruleName, sections) {
   return "";
 }
 function registerScanCommand(program2) {
-  program2.command("scan").description("Forecast: scan agent history and show what node9 would catch if installed").option("--all", "Scan all history (default: last 90 days)").option("--days <n>", "Scan last N days of history", "90").option("--top <n>", "Max findings to show per rule (default: 5)", "5").option("--drill-down", "Show all findings with full commands and session IDs").option("--compact", "Compact one-screen scorecard \u2014 for screenshots and sharing").option("--narrative", "Severity-grouped report \u2014 for video / dramatic sharing").option(
+  program2.command("scan").description("Forecast: scan agent history and show what node9 would catch if installed").option("--all", "Scan all history (default: last 90 days)").option("--days <n>", "Scan last N days of history", "90").option("--top <n>", "Max findings to show per rule (default: 5)", "5").option("--drill-down", "Show all findings with full commands and session IDs").option("--compact", "Compact one-screen scorecard \u2014 for screenshots and sharing").option("--narrative", "Severity-grouped report \u2014 for video / dramatic sharing").option("--classic", "Original chalk-based scorecard layout (default: new Ink-rendered view)").option(
     "--json",
     "Emit machine-readable JSON to stdout (suppresses banner, progress, and renderer)"
   ).option(
@@ -10533,7 +10539,8 @@ function registerScanCommand(program2) {
       })();
       const isWired = getAgentsStatus().some((a) => a.wired);
       const screenshotMode = options.compact || options.narrative;
-      const quiet = screenshotMode || options.json;
+      const useInk = !options.classic && !drillDown;
+      const quiet = screenshotMode || options.json || useInk;
       if (!quiet) {
         console.log("");
         if (!isWired) {
@@ -10671,6 +10678,7 @@ function registerScanCommand(program2) {
         });
         return;
       }
+      const useInkForHero = !options.classic && !drillDown;
       if (totalFindings === 0 && scan.dlpFindings.length === 0) {
         console.log(import_chalk5.default.green("  \u2705 No risky operations found in your history."));
         console.log(
@@ -10690,9 +10698,11 @@ function registerScanCommand(program2) {
           const since = daysAgo === 0 ? "today" : daysAgo === 1 ? "yesterday" : `${daysAgo} days ago`;
           return import_chalk5.default.dim("  \xB7  ") + arrow + import_chalk5.default.dim(` since ${since}`);
         })();
-        console.log(
-          "  " + (score.band === "critical" ? import_chalk5.default.red.bold("\u26A0  ") : "") + import_chalk5.default.bold("Security Score ") + score.color.bold(`${blast.score}/100`) + "  " + severityDisplay + trendSuffix + import_chalk5.default.dim("  \xB7  ") + (totalRisky > 0 ? import_chalk5.default.red.bold(`${totalRisky} risky operation${totalRisky !== 1 ? "s" : ""}`) : import_chalk5.default.green("No risky operations"))
-        );
+        if (!useInkForHero) {
+          console.log(
+            "  " + (score.band === "critical" ? import_chalk5.default.red.bold("\u26A0  ") : "") + import_chalk5.default.bold("Security Score ") + score.color.bold(`${blast.score}/100`) + "  " + severityDisplay + trendSuffix + import_chalk5.default.dim("  \xB7  ") + (totalRisky > 0 ? import_chalk5.default.red.bold(`${totalRisky} risky operation${totalRisky !== 1 ? "s" : ""}`) : import_chalk5.default.green("No risky operations"))
+          );
+        }
         const cardParts = [];
         if (scan.dlpFindings.length > 0) {
           cardParts.push(
@@ -10721,10 +10731,10 @@ function registerScanCommand(program2) {
             import_chalk5.default.red("\u{1F52D} ") + import_chalk5.default.red.bold(String(blastExposures)) + import_chalk5.default.dim(" exposures")
           );
         }
-        if (cardParts.length > 0) {
+        if (cardParts.length > 0 && !useInkForHero) {
           console.log("  " + cardParts.join(import_chalk5.default.dim("   ")));
         }
-        if (scan.totalCostUSD > 0) {
+        if (scan.totalCostUSD > 0 && !useInkForHero) {
           console.log(
             "  " + import_chalk5.default.dim("AI spend  ") + import_chalk5.default.bold(fmtCost(scan.totalCostUSD)) + (summary.loopWastedUSD > 0 ? import_chalk5.default.dim("   \xB7   wasted on loops  ") + import_chalk5.default.yellow("~" + fmtCost(summary.loopWastedUSD)) : "")
           );
@@ -10736,16 +10746,38 @@ function registerScanCommand(program2) {
             )
           );
         }
-        console.log("");
+        if (!useInkForHero) {
+          console.log("");
+        }
         if (!drillDown) {
-          renderPanelScorecard({
-            scan,
-            summary,
-            blast,
-            blastExposures,
-            blockedCount,
-            reviewCount
-          });
+          const useInk2 = !options.classic;
+          if (useInk2) {
+            const scanInkPath = import_path21.default.join(__dirname, "scan-ink.mjs");
+            const dynamicImport = new Function("id", "return import(id)");
+            const mod = await dynamicImport(`file://${scanInkPath}`);
+            const rangeLabel2 = options.all ? "all time" : `last ${options.days ?? 90} days`;
+            mod.renderScanScorecardInk(
+              {
+                scan,
+                summary,
+                blast,
+                blastExposures,
+                blockedCount,
+                reviewCount
+              },
+              rangeLabel2
+            );
+            console.log("");
+          } else {
+            renderPanelScorecard({
+              scan,
+              summary,
+              blast,
+              blastExposures,
+              blockedCount,
+              reviewCount
+            });
+          }
           const cta = isWired ? "\u2705 node9 is active" : "\u2192 install node9 to enable protection";
           console.log("  " + import_chalk5.default.green(cta));
           console.log(
@@ -10945,7 +10977,7 @@ function registerScanCommand(program2) {
     }
   );
 }
-var import_chalk5, import_fs19, import_path21, import_os18, CLAUDE_PRICING, GEMINI_PRICING, CODE_EXTENSIONS, SELF_OUTPUT_MARKERS, FIXTURE_TOKEN_PATTERNS, TERMINAL_ESCAPE_RE2, LOOP_TOOLS, LOOP_THRESHOLD, LOOP_TIMESPAN_THRESHOLD_MS, STUCK_TOOLS_MIN_WASTE, STUCK_TOOLS_LIMIT, RECURRING_SESSION_THRESHOLD, STALE_AGE_DAYS, classifyRuleSeverity2, narrativeRuleLabel2;
+var import_chalk5, import_fs19, import_path21, import_os18, import_string_width2, CLAUDE_PRICING, GEMINI_PRICING, CODE_EXTENSIONS, SELF_OUTPUT_MARKERS, FIXTURE_TOKEN_PATTERNS, TERMINAL_ESCAPE_RE2, LOOP_TOOLS, LOOP_THRESHOLD, LOOP_TIMESPAN_THRESHOLD_MS, STUCK_TOOLS_MIN_WASTE, STUCK_TOOLS_LIMIT, RECURRING_SESSION_THRESHOLD, STALE_AGE_DAYS, classifyRuleSeverity2, narrativeRuleLabel2;
 var init_scan = __esm({
   "src/cli/commands/scan.ts"() {
     "use strict";
@@ -10964,6 +10996,7 @@ var init_scan = __esm({
     init_blast();
     init_scan_derive();
     init_protection();
+    import_string_width2 = __toESM(require("string-width"));
     init_scan_json();
     init_scan_history();
     CLAUDE_PRICING = {

package/dist/cli.mjs

@@ -7708,6 +7708,7 @@ var init_blast = __esm({
 
 // src/cli/render/scan-derive.ts
 import chalk3 from "chalk";
+import stringWidth from "string-width";
 function classifyScore(score) {
   if (score >= 80) return { band: "good", label: "Good", color: chalk3.green };
   if (score >= 50) return { band: "at-risk", label: "At Risk", color: chalk3.yellow };
@@ -7756,8 +7757,9 @@ function boxPanel(title, bodyLines, width = PANEL_WIDTH) {
   const inner = width - 4;
   const out = [];
   const titlePad = ` ${title} `;
-  const titleSegment = titlePad.length <= inner ? titlePad : titlePad.slice(0, inner);
-  const dashFill = "\u2500".repeat(Math.max(0, inner - titleSegment.length));
+  const titleWidth = stringWidth(titlePad);
+  const titleSegment = titleWidth <= inner ? titlePad : titlePad.slice(0, inner);
+  const dashFill = "\u2500".repeat(Math.max(0, inner - stringWidth(titleSegment)));
   out.push(chalk3.dim("\u256D\u2500") + chalk3.bold(titleSegment) + chalk3.dim(`${dashFill}\u2500\u256E`));
   for (const line of bodyLines) {
     const padding = " ".repeat(Math.max(0, inner - line.width));
@@ -8903,6 +8905,7 @@ import chalk5 from "chalk";
 import fs19 from "fs";
 import path21 from "path";
 import os18 from "os";
+import stringWidth2 from "string-width";
 function claudeModelPrice(model) {
   const base = model.replace(/@.*$/, "").replace(/-\d{8}$/, "");
   for (const [key, p] of Object.entries(CLAUDE_PRICING)) {
@@ -10225,7 +10228,7 @@ function mkLine(...parts) {
   let width = 0;
   for (const [text, fmt] of parts) {
     rendered += fmt ? fmt(text) : text;
-    width += text.length;
+    width += stringWidth2(text);
   }
   return { rendered, width };
 }
@@ -10346,7 +10349,11 @@ function renderPanelScorecard(input, now = /* @__PURE__ */ new Date()) {
       const origin = originForRule(r.name, summary.sections);
       reviewLines.push(
         mkLine(
-          ["\u{1F441}  ", chalk5.yellow],
+          // VS-16 (U+FE0F) forces emoji-presentation so string-width
+          // returns 2 cells (matching how modern terminals actually
+          // render it). Without VS-16 string-width says 1 cell — and
+          // the right border drifts off. Same applies to 🛡 / ⚠ below.
+          ["\u{1F441}\uFE0F  ", chalk5.yellow],
           [shortRule(r.name, 24), chalk5.bold],
           [" \xD7" + String(r.count).padEnd(4), chalk5.bold],
           [" "],
@@ -10404,7 +10411,7 @@ function renderPanelScorecard(input, now = /* @__PURE__ */ new Date()) {
     }
     for (const e of blast.envFindings.slice(0, 3)) {
       blastLines.push(
-        mkLine(["\u26A0  ", chalk5.yellow], [`${e.key} `], [`(${e.patternName})`, chalk5.dim])
+        mkLine(["\u26A0\uFE0F  ", chalk5.yellow], [`${e.key} `], [`(${e.patternName})`, chalk5.dim])
       );
     }
     const totalExposed = blast.reachable.length + blast.envFindings.length;
@@ -10428,7 +10435,7 @@ function renderPanelScorecard(input, now = /* @__PURE__ */ new Date()) {
     if (impact.totalCatches === 0) continue;
     const discount = PROTECTIVE_SHIELD_DISCOUNTS[impact.shieldName] ?? 0;
     const bonus = Math.round(exposed * discount);
-    const icon = discount > 0 ? "\u{1F6E1}  " : "\u2610   ";
+    const icon = discount > 0 ? "\u{1F6E1}\uFE0F  " : "\u2610   ";
     const wouldCatch = `would catch ${impact.totalCatches} op${impact.totalCatches !== 1 ? "s" : ""}`;
     const deltaSuffix = bonus > 0 ? `  \u2192  +${bonus} pts  (${blast.score} \u2192 ${blast.score + bonus})` : "";
     shieldLines.push(
@@ -10478,7 +10485,7 @@ function originForRule(ruleName, sections) {
   return "";
 }
 function registerScanCommand(program2) {
-  program2.command("scan").description("Forecast: scan agent history and show what node9 would catch if installed").option("--all", "Scan all history (default: last 90 days)").option("--days <n>", "Scan last N days of history", "90").option("--top <n>", "Max findings to show per rule (default: 5)", "5").option("--drill-down", "Show all findings with full commands and session IDs").option("--compact", "Compact one-screen scorecard \u2014 for screenshots and sharing").option("--narrative", "Severity-grouped report \u2014 for video / dramatic sharing").option(
+  program2.command("scan").description("Forecast: scan agent history and show what node9 would catch if installed").option("--all", "Scan all history (default: last 90 days)").option("--days <n>", "Scan last N days of history", "90").option("--top <n>", "Max findings to show per rule (default: 5)", "5").option("--drill-down", "Show all findings with full commands and session IDs").option("--compact", "Compact one-screen scorecard \u2014 for screenshots and sharing").option("--narrative", "Severity-grouped report \u2014 for video / dramatic sharing").option("--classic", "Original chalk-based scorecard layout (default: new Ink-rendered view)").option(
     "--json",
     "Emit machine-readable JSON to stdout (suppresses banner, progress, and renderer)"
   ).option(
@@ -10512,7 +10519,8 @@ function registerScanCommand(program2) {
       })();
       const isWired = getAgentsStatus().some((a) => a.wired);
       const screenshotMode = options.compact || options.narrative;
-      const quiet = screenshotMode || options.json;
+      const useInk = !options.classic && !drillDown;
+      const quiet = screenshotMode || options.json || useInk;
       if (!quiet) {
         console.log("");
         if (!isWired) {
@@ -10650,6 +10658,7 @@ function registerScanCommand(program2) {
         });
         return;
       }
+      const useInkForHero = !options.classic && !drillDown;
       if (totalFindings === 0 && scan.dlpFindings.length === 0) {
         console.log(chalk5.green("  \u2705 No risky operations found in your history."));
         console.log(
@@ -10669,9 +10678,11 @@ function registerScanCommand(program2) {
           const since = daysAgo === 0 ? "today" : daysAgo === 1 ? "yesterday" : `${daysAgo} days ago`;
           return chalk5.dim("  \xB7  ") + arrow + chalk5.dim(` since ${since}`);
         })();
-        console.log(
-          "  " + (score.band === "critical" ? chalk5.red.bold("\u26A0  ") : "") + chalk5.bold("Security Score ") + score.color.bold(`${blast.score}/100`) + "  " + severityDisplay + trendSuffix + chalk5.dim("  \xB7  ") + (totalRisky > 0 ? chalk5.red.bold(`${totalRisky} risky operation${totalRisky !== 1 ? "s" : ""}`) : chalk5.green("No risky operations"))
-        );
+        if (!useInkForHero) {
+          console.log(
+            "  " + (score.band === "critical" ? chalk5.red.bold("\u26A0  ") : "") + chalk5.bold("Security Score ") + score.color.bold(`${blast.score}/100`) + "  " + severityDisplay + trendSuffix + chalk5.dim("  \xB7  ") + (totalRisky > 0 ? chalk5.red.bold(`${totalRisky} risky operation${totalRisky !== 1 ? "s" : ""}`) : chalk5.green("No risky operations"))
+          );
+        }
         const cardParts = [];
         if (scan.dlpFindings.length > 0) {
           cardParts.push(
@@ -10700,10 +10711,10 @@ function registerScanCommand(program2) {
             chalk5.red("\u{1F52D} ") + chalk5.red.bold(String(blastExposures)) + chalk5.dim(" exposures")
           );
         }
-        if (cardParts.length > 0) {
+        if (cardParts.length > 0 && !useInkForHero) {
           console.log("  " + cardParts.join(chalk5.dim("   ")));
         }
-        if (scan.totalCostUSD > 0) {
+        if (scan.totalCostUSD > 0 && !useInkForHero) {
           console.log(
             "  " + chalk5.dim("AI spend  ") + chalk5.bold(fmtCost(scan.totalCostUSD)) + (summary.loopWastedUSD > 0 ? chalk5.dim("   \xB7   wasted on loops  ") + chalk5.yellow("~" + fmtCost(summary.loopWastedUSD)) : "")
           );
@@ -10715,16 +10726,38 @@ function registerScanCommand(program2) {
             )
           );
         }
-        console.log("");
+        if (!useInkForHero) {
+          console.log("");
+        }
         if (!drillDown) {
-          renderPanelScorecard({
-            scan,
-            summary,
-            blast,
-            blastExposures,
-            blockedCount,
-            reviewCount
-          });
+          const useInk2 = !options.classic;
+          if (useInk2) {
+            const scanInkPath = path21.join(__dirname, "scan-ink.mjs");
+            const dynamicImport = new Function("id", "return import(id)");
+            const mod = await dynamicImport(`file://${scanInkPath}`);
+            const rangeLabel2 = options.all ? "all time" : `last ${options.days ?? 90} days`;
+            mod.renderScanScorecardInk(
+              {
+                scan,
+                summary,
+                blast,
+                blastExposures,
+                blockedCount,
+                reviewCount
+              },
+              rangeLabel2
+            );
+            console.log("");
+          } else {
+            renderPanelScorecard({
+              scan,
+              summary,
+              blast,
+              blastExposures,
+              blockedCount,
+              reviewCount
+            });
+          }
           const cta = isWired ? "\u2705 node9 is active" : "\u2192 install node9 to enable protection";
           console.log("  " + chalk5.green(cta));
           console.log(

package/dist/dashboard.mjs

@@ -3308,6 +3308,7 @@ var init_setup = __esm({
 
 // src/cli/render/scan-derive.ts
 import chalk3 from "chalk";
+import stringWidth from "string-width";
 var init_scan_derive = __esm({
   "src/cli/render/scan-derive.ts"() {
     "use strict";
@@ -3334,6 +3335,7 @@ import chalk4 from "chalk";
 import fs5 from "fs";
 import path7 from "path";
 import os7 from "os";
+import stringWidth2 from "string-width";
 function claudeModelPrice2(model) {
   const base = model.replace(/@.*$/, "").replace(/-\d{8}$/, "");
   for (const [key, p] of Object.entries(CLAUDE_PRICING2)) {