@node9/proxy 1.21.5 → 1.23.0

package/dist/cli.mjs

@@ -6281,10 +6281,167 @@ var init_core = __esm({
   }
 });
 
-// src/setup.ts
+// src/mcp-pin.ts
 import fs12 from "fs";
 import path14 from "path";
 import os11 from "os";
+import crypto3 from "crypto";
+function getHomePinsFilePath() {
+  return path14.join(os11.homedir(), ".node9", "mcp-pins.json");
+}
+function getPinsFilePath() {
+  return getHomePinsFilePath();
+}
+function findPinsFilePath(cwd) {
+  const homeDir2 = os11.homedir();
+  const homePath = getHomePinsFilePath();
+  let current = path14.resolve(cwd ?? process.cwd());
+  while (true) {
+    if (current === homeDir2) break;
+    const candidate = path14.join(current, ".node9", "mcp-pins.json");
+    if (fs12.existsSync(candidate)) {
+      return { path: candidate, source: "repo" };
+    }
+    const next = path14.dirname(current);
+    if (next === current) break;
+    current = next;
+  }
+  return { path: homePath, source: "home" };
+}
+function hashToolDefinitions(tools) {
+  const sorted = [...tools].sort((a, b) => {
+    const nameA = a.name ?? "";
+    const nameB = b.name ?? "";
+    return nameA.localeCompare(nameB);
+  });
+  const canonical = JSON.stringify(sorted);
+  return crypto3.createHash("sha256").update(canonical).digest("hex");
+}
+function getServerKey(upstreamCommand) {
+  return crypto3.createHash("sha256").update(upstreamCommand).digest("hex").slice(0, 16);
+}
+function readPinsFile(filePath) {
+  try {
+    const raw = fs12.readFileSync(filePath, "utf-8");
+    if (!raw.trim()) {
+      return { ok: false, reason: "corrupt", detail: "empty file" };
+    }
+    const parsed = JSON.parse(raw);
+    if (!parsed.servers || typeof parsed.servers !== "object" || Array.isArray(parsed.servers)) {
+      return { ok: false, reason: "corrupt", detail: "invalid structure: missing servers object" };
+    }
+    return { ok: true, pins: { servers: parsed.servers } };
+  } catch (err2) {
+    if (err2.code === "ENOENT") {
+      return { ok: false, reason: "missing" };
+    }
+    return { ok: false, reason: "corrupt", detail: String(err2) };
+  }
+}
+function readMcpPinsSafe() {
+  return readPinsFile(getHomePinsFilePath());
+}
+function readMcpPins() {
+  const result = readMcpPinsSafe();
+  if (result.ok) return result.pins;
+  if (result.reason === "missing") return { servers: {} };
+  throw new Error(`[node9] MCP pin file is corrupt: ${result.detail}`);
+}
+function writePinsFile(filePath, data) {
+  fs12.mkdirSync(path14.dirname(filePath), { recursive: true });
+  const tmp = `${filePath}.${crypto3.randomBytes(6).toString("hex")}.tmp`;
+  const isHome = filePath === getHomePinsFilePath();
+  fs12.writeFileSync(tmp, JSON.stringify(data, null, 2), isHome ? { mode: 384 } : {});
+  fs12.renameSync(tmp, filePath);
+}
+function writeMcpPins(data) {
+  writePinsFile(getHomePinsFilePath(), data);
+}
+function seedMcpPinsIfMissing() {
+  const filePath = getPinsFilePath();
+  if (fs12.existsSync(filePath)) return;
+  writeMcpPins({ servers: {} });
+}
+function checkPin(serverKey, currentHash, cwd) {
+  const found = findPinsFilePath(cwd);
+  let repoEntry;
+  if (found.source === "repo") {
+    const repoResult = readPinsFile(found.path);
+    if (!repoResult.ok) {
+      return "corrupt";
+    }
+    repoEntry = repoResult.pins.servers[serverKey];
+  }
+  if (repoEntry) {
+    return repoEntry.toolsHash === currentHash ? "match" : "mismatch";
+  }
+  const homeResult = readPinsFile(getHomePinsFilePath());
+  if (!homeResult.ok) {
+    if (homeResult.reason === "missing") return "new";
+    return "corrupt";
+  }
+  const homeEntry = homeResult.pins.servers[serverKey];
+  if (!homeEntry) return "new";
+  return homeEntry.toolsHash === currentHash ? "match" : "mismatch";
+}
+function updatePin(serverKey, label, toolsHash, toolNames) {
+  const pins = readMcpPins();
+  pins.servers[serverKey] = {
+    label,
+    toolsHash,
+    toolNames,
+    toolCount: toolNames.length,
+    pinnedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  writeMcpPins(pins);
+}
+function removePin(serverKey) {
+  const pins = readMcpPins();
+  delete pins.servers[serverKey];
+  writeMcpPins(pins);
+}
+function clearAllPins() {
+  writeMcpPins({ servers: {} });
+}
+function promotePin(serverKey, cwd) {
+  const homePins = readMcpPins();
+  const homeEntry = homePins.servers[serverKey];
+  if (!homeEntry) {
+    throw new Error(
+      `[node9] Server "${serverKey}" is not pinned in ~/.node9/mcp-pins.json. Run \`node9 mcp pin list\` to see what's pinned.`
+    );
+  }
+  const found = findPinsFilePath(cwd);
+  let repoPath;
+  let repoPins;
+  let created = false;
+  if (found.source === "repo") {
+    repoPath = found.path;
+    const result = readPinsFile(repoPath);
+    if (!result.ok) {
+      const detail = result.reason === "corrupt" ? result.detail : "missing";
+      throw new Error(`[node9] Repo pin file at ${repoPath} is unreadable: ${detail}`);
+    }
+    repoPins = result.pins;
+  } else {
+    repoPath = path14.join(cwd ?? process.cwd(), ".node9", "mcp-pins.json");
+    repoPins = { servers: {} };
+    created = true;
+  }
+  repoPins.servers[serverKey] = { ...homeEntry };
+  writePinsFile(repoPath, repoPins);
+  return { repoPath, created };
+}
+var init_mcp_pin = __esm({
+  "src/mcp-pin.ts"() {
+    "use strict";
+  }
+});
+
+// src/setup.ts
+import fs13 from "fs";
+import path15 from "path";
+import os12 from "os";
 import chalk from "chalk";
 import { confirm } from "@inquirer/prompts";
 import { parse as parseToml, stringify as stringifyToml } from "smol-toml";
@@ -6312,36 +6469,36 @@ function isStaleHookCommand(command) {
   const tokens = command.split(/\s+/);
   for (const tok of tokens) {
     if (!tok.startsWith("/")) continue;
-    if (!fs12.existsSync(tok)) return true;
+    if (!fs13.existsSync(tok)) return true;
   }
   return false;
 }
 function readJson(filePath) {
   try {
-    if (fs12.existsSync(filePath)) {
-      return JSON.parse(fs12.readFileSync(filePath, "utf-8"));
+    if (fs13.existsSync(filePath)) {
+      return JSON.parse(fs13.readFileSync(filePath, "utf-8"));
     }
   } catch {
   }
   return null;
 }
 function writeJson(filePath, data) {
-  const dir = path14.dirname(filePath);
-  if (!fs12.existsSync(dir)) fs12.mkdirSync(dir, { recursive: true });
-  fs12.writeFileSync(filePath, JSON.stringify(data, null, 2) + "\n");
+  const dir = path15.dirname(filePath);
+  if (!fs13.existsSync(dir)) fs13.mkdirSync(dir, { recursive: true });
+  fs13.writeFileSync(filePath, JSON.stringify(data, null, 2) + "\n");
 }
 function isNode9Hook(cmd) {
   if (!cmd) return false;
   return /(?:^|[\s/\\])node9 (?:check|log)/.test(cmd) || /(?:^|[\s/\\])cli\.js (?:check|log)/.test(cmd);
 }
 function teardownClaude() {
-  const homeDir2 = os11.homedir();
-  const hooksPath = path14.join(homeDir2, ".claude", "settings.json");
-  const mcpPath = path14.join(homeDir2, ".claude", ".mcp.json");
+  const homeDir2 = os12.homedir();
+  const hooksPath = path15.join(homeDir2, ".claude", "settings.json");
+  const mcpPath = path15.join(homeDir2, ".claude", ".mcp.json");
   let changed = false;
   const settings = readJson(hooksPath);
   if (settings?.hooks) {
-    for (const event of ["PreToolUse", "PostToolUse"]) {
+    for (const event of ["PreToolUse", "PostToolUse", "UserPromptSubmit"]) {
       const before = settings.hooks[event]?.length ?? 0;
       settings.hooks[event] = settings.hooks[event]?.filter(
         (m) => !m.hooks.some((h) => isNode9Hook(h.command))
@@ -6385,8 +6542,8 @@ function teardownClaude() {
   }
 }
 function teardownGemini() {
-  const homeDir2 = os11.homedir();
-  const settingsPath = path14.join(homeDir2, ".gemini", "settings.json");
+  const homeDir2 = os12.homedir();
+  const settingsPath = path15.join(homeDir2, ".gemini", "settings.json");
   const settings = readJson(settingsPath);
   if (!settings) {
     console.log(chalk.blue("  \u2139\uFE0F  ~/.gemini/settings.json not found \u2014 nothing to remove"));
@@ -6429,8 +6586,8 @@ function teardownGemini() {
   }
 }
 function teardownCursor() {
-  const homeDir2 = os11.homedir();
-  const mcpPath = path14.join(homeDir2, ".cursor", "mcp.json");
+  const homeDir2 = os12.homedir();
+  const mcpPath = path15.join(homeDir2, ".cursor", "mcp.json");
   const mcpConfig = readJson(mcpPath);
   if (!mcpConfig?.mcpServers) {
     console.log(chalk.blue("  \u2139\uFE0F  ~/.cursor/mcp.json not found \u2014 nothing to remove"));
@@ -6461,9 +6618,10 @@ function teardownCursor() {
   }
 }
 async function setupClaude() {
-  const homeDir2 = os11.homedir();
-  const mcpPath = path14.join(homeDir2, ".claude", ".mcp.json");
-  const hooksPath = path14.join(homeDir2, ".claude", "settings.json");
+  seedMcpPinsIfMissing();
+  const homeDir2 = os12.homedir();
+  const mcpPath = path15.join(homeDir2, ".claude", ".mcp.json");
+  const hooksPath = path15.join(homeDir2, ".claude", "settings.json");
   const claudeConfig = readJson(mcpPath) ?? {};
   const settings = readJson(hooksPath) ?? {};
   const servers = claudeConfig.mcpServers ?? {};
@@ -6522,6 +6680,33 @@ async function setupClaude() {
       }
     }
   }
+  const hasPromptHook = settings.hooks.UserPromptSubmit?.some(
+    (m) => m.hooks.some((h) => isNode9Hook(h.command))
+  );
+  if (!hasPromptHook) {
+    if (!settings.hooks.UserPromptSubmit) settings.hooks.UserPromptSubmit = [];
+    settings.hooks.UserPromptSubmit.push({
+      matcher: ".*",
+      hooks: [{ type: "command", command: fullPathCommand("check"), timeout: 600 }]
+    });
+    console.log(chalk.green("  \u2705 UserPromptSubmit hook added \u2192 node9 check (prompt DLP)"));
+    hooksChanged = true;
+    anythingChanged = true;
+  } else if (settings.hooks.UserPromptSubmit) {
+    for (const matcher of settings.hooks.UserPromptSubmit) {
+      for (const h of matcher.hooks) {
+        const cmd = h.command ?? "";
+        if (isNode9Hook(cmd) && isStaleHookCommand(cmd)) {
+          h.command = fullPathCommand("check");
+          console.log(
+            chalk.yellow("  \u{1F527} UserPromptSubmit hook repaired (stale path \u2192 current binary)")
+          );
+          hooksChanged = true;
+          anythingChanged = true;
+        }
+      }
+    }
+  }
   if (!hasNode9McpServer(servers)) {
     servers["node9"] = NODE9_MCP_SERVER_ENTRY;
     claudeConfig.mcpServers = servers;
@@ -6586,8 +6771,9 @@ async function setupClaude() {
   }
 }
 async function setupGemini() {
-  const homeDir2 = os11.homedir();
-  const settingsPath = path14.join(homeDir2, ".gemini", "settings.json");
+  seedMcpPinsIfMissing();
+  const homeDir2 = os12.homedir();
+  const settingsPath = path15.join(homeDir2, ".gemini", "settings.json");
   const settings = readJson(settingsPath) ?? {};
   const servers = settings.mcpServers ?? {};
   let hooksChanged = false;
@@ -6682,9 +6868,9 @@ async function setupGemini() {
     printDaemonTip();
   }
 }
-function claudeDesktopConfigPath(homeDir2 = os11.homedir()) {
+function claudeDesktopConfigPath(homeDir2 = os12.homedir()) {
   if (process.platform === "darwin") {
-    return path14.join(
+    return path15.join(
       homeDir2,
       "Library",
       "Application Support",
@@ -6693,18 +6879,18 @@ function claudeDesktopConfigPath(homeDir2 = os11.homedir()) {
     );
   }
   if (process.platform === "linux") {
-    return path14.join(homeDir2, ".config", "Claude", "claude_desktop_config.json");
+    return path15.join(homeDir2, ".config", "Claude", "claude_desktop_config.json");
   }
   if (process.platform === "win32") {
-    const appData = process.env.APPDATA ?? path14.join(homeDir2, "AppData", "Roaming");
-    return path14.join(appData, "Claude", "claude_desktop_config.json");
+    const appData = process.env.APPDATA ?? path15.join(homeDir2, "AppData", "Roaming");
+    return path15.join(appData, "Claude", "claude_desktop_config.json");
   }
   return null;
 }
-function detectAgents(homeDir2 = os11.homedir()) {
+function detectAgents(homeDir2 = os12.homedir()) {
   const exists = (p) => {
     try {
-      return fs12.existsSync(p);
+      return fs13.existsSync(p);
     } catch (err2) {
       const code = err2.code;
       if (code !== "ENOENT") {
@@ -6716,18 +6902,19 @@ function detectAgents(homeDir2 = os11.homedir()) {
   };
   const desktopPath = claudeDesktopConfigPath(homeDir2);
   return {
-    claude: exists(path14.join(homeDir2, ".claude")) || exists(path14.join(homeDir2, ".claude.json")),
-    gemini: exists(path14.join(homeDir2, ".gemini")),
-    cursor: exists(path14.join(homeDir2, ".cursor")),
-    codex: exists(path14.join(homeDir2, ".codex")),
-    windsurf: exists(path14.join(homeDir2, ".codeium", "windsurf")),
-    vscode: exists(path14.join(homeDir2, ".vscode")),
-    claudeDesktop: desktopPath !== null && exists(path14.dirname(desktopPath))
+    claude: exists(path15.join(homeDir2, ".claude")) || exists(path15.join(homeDir2, ".claude.json")),
+    gemini: exists(path15.join(homeDir2, ".gemini")),
+    cursor: exists(path15.join(homeDir2, ".cursor")),
+    codex: exists(path15.join(homeDir2, ".codex")),
+    windsurf: exists(path15.join(homeDir2, ".codeium", "windsurf")),
+    vscode: exists(path15.join(homeDir2, ".vscode")),
+    claudeDesktop: desktopPath !== null && exists(path15.dirname(desktopPath))
   };
 }
 async function setupCursor() {
-  const homeDir2 = os11.homedir();
-  const mcpPath = path14.join(homeDir2, ".cursor", "mcp.json");
+  seedMcpPinsIfMissing();
+  const homeDir2 = os12.homedir();
+  const mcpPath = path15.join(homeDir2, ".cursor", "mcp.json");
   const mcpConfig = readJson(mcpPath) ?? {};
   const servers = mcpConfig.mcpServers ?? {};
   let anythingChanged = false;
@@ -6793,24 +6980,95 @@ async function setupCursor() {
 }
 function readToml(filePath) {
   try {
-    if (fs12.existsSync(filePath)) {
-      return parseToml(fs12.readFileSync(filePath, "utf-8"));
+    if (fs13.existsSync(filePath)) {
+      return parseToml(fs13.readFileSync(filePath, "utf-8"));
     }
   } catch {
   }
   return null;
 }
 function writeToml(filePath, data) {
-  const dir = path14.dirname(filePath);
-  if (!fs12.existsSync(dir)) fs12.mkdirSync(dir, { recursive: true });
-  fs12.writeFileSync(filePath, stringifyToml(data));
+  const dir = path15.dirname(filePath);
+  if (!fs13.existsSync(dir)) fs13.mkdirSync(dir, { recursive: true });
+  fs13.writeFileSync(filePath, stringifyToml(data));
 }
 async function setupCodex() {
-  const homeDir2 = os11.homedir();
-  const configPath = path14.join(homeDir2, ".codex", "config.toml");
+  seedMcpPinsIfMissing();
+  const homeDir2 = os12.homedir();
+  const configPath = path15.join(homeDir2, ".codex", "config.toml");
+  const hooksPath = path15.join(homeDir2, ".codex", "hooks.json");
   const config = readToml(configPath) ?? {};
   const servers = config.mcp_servers ?? {};
   let anythingChanged = false;
+  const hooksFile = readJson(hooksPath) ?? {};
+  if (!hooksFile.hooks) hooksFile.hooks = {};
+  let hooksChanged = false;
+  if (!hooksFile.hooks.PreToolUse) hooksFile.hooks.PreToolUse = [];
+  for (const matcher of CODEX_PRE_TOOL_MATCHERS) {
+    const existing = hooksFile.hooks.PreToolUse.find((m) => m.matcher === matcher);
+    if (!existing) {
+      hooksFile.hooks.PreToolUse.push({
+        matcher,
+        hooks: [{ type: "command", command: fullPathCommand("check"), timeout: 600 }]
+      });
+      hooksChanged = true;
+    } else {
+      for (const h of existing.hooks) {
+        const cmd = h.command ?? "";
+        if (isNode9Hook(cmd) && isStaleHookCommand(cmd)) {
+          h.command = fullPathCommand("check");
+          hooksChanged = true;
+        }
+      }
+    }
+  }
+  if (!hooksFile.hooks.UserPromptSubmit) hooksFile.hooks.UserPromptSubmit = [];
+  const hasPromptHook = hooksFile.hooks.UserPromptSubmit.some(
+    (m) => m.hooks.some((h) => isNode9Hook(h.command))
+  );
+  if (!hasPromptHook) {
+    hooksFile.hooks.UserPromptSubmit.push({
+      hooks: [{ type: "command", command: fullPathCommand("check"), timeout: 600 }]
+    });
+    hooksChanged = true;
+  } else {
+    for (const m of hooksFile.hooks.UserPromptSubmit) {
+      for (const h of m.hooks) {
+        const cmd = h.command ?? "";
+        if (isNode9Hook(cmd) && isStaleHookCommand(cmd)) {
+          h.command = fullPathCommand("check");
+          hooksChanged = true;
+        }
+      }
+    }
+  }
+  if (!hooksFile.hooks.PostToolUse) hooksFile.hooks.PostToolUse = [];
+  const hasPostHook = hooksFile.hooks.PostToolUse.some(
+    (m) => m.hooks.some((h) => isNode9Hook(h.command))
+  );
+  if (!hasPostHook) {
+    hooksFile.hooks.PostToolUse.push({
+      matcher: ".*",
+      hooks: [{ type: "command", command: fullPathCommand("log"), timeout: 600 }]
+    });
+    hooksChanged = true;
+  } else {
+    for (const m of hooksFile.hooks.PostToolUse) {
+      for (const h of m.hooks) {
+        const cmd = h.command ?? "";
+        if (isNode9Hook(cmd) && isStaleHookCommand(cmd)) {
+          h.command = fullPathCommand("log");
+          hooksChanged = true;
+        }
+      }
+    }
+  }
+  if (hooksChanged) {
+    writeJson(hooksPath, hooksFile);
+    console.log(chalk.green("  \u2705 Codex hooks added         \u2192 node9 check / node9 log"));
+    anythingChanged = true;
+  }
+  const hooksInstalled = (hooksFile.hooks?.PreToolUse?.length ?? 0) > 0;
   if (!hasNode9McpServer(servers)) {
     servers["node9"] = NODE9_MCP_SERVER_ENTRY;
     config.mcp_servers = servers;
@@ -6850,30 +7108,63 @@ async function setupCodex() {
     }
     console.log("");
   }
-  console.log(
-    chalk.yellow(
-      "  \u26A0\uFE0F  Note: Codex does not yet support native pre-execution hooks.\n     MCP proxy wrapping is the only supported protection mode for Codex.\n     Native bash and file operations are not monitored."
-    )
-  );
-  console.log("");
-  if (!anythingChanged && serversToWrap.length === 0) {
+  const hooksDisabled = config.features?.hooks === false || config.codex_hooks === false;
+  if (hooksDisabled) {
     console.log(
-      chalk.blue(
-        "\u2139\uFE0F  No MCP servers found to wrap. Add MCP servers to ~/.codex/config.toml and re-run."
+      chalk.yellow(
+        "  \u26A0\uFE0F  Codex hooks are disabled in ~/.codex/config.toml ([features].hooks = false).\n     Re-enable hooks to activate Node9 shield evaluation on Bash, apply_patch,\n     MCP tool calls, and prompt submissions. Until then, only MCP proxy wrapping\n     is active."
+      )
+    );
+    console.log("");
+  }
+  const printCodexTrustReminder = () => {
+    console.log(
+      chalk.yellow(
+        "    \u279C  Open Codex and run /hooks to review and trust the Node9 entries.\n       Until trusted, only MCP proxy wrapping is active."
       )
     );
+  };
+  if (!anythingChanged && serversToWrap.length === 0) {
+    if (hooksInstalled) {
+      console.log(chalk.blue("\u2139\uFE0F  Codex hooks already installed."));
+      printCodexTrustReminder();
+    } else {
+      console.log(
+        chalk.blue(
+          "\u2139\uFE0F  No MCP servers found to wrap. Add MCP servers to ~/.codex/config.toml and re-run."
+        )
+      );
+    }
     printDaemonTip();
     return;
   }
   if (anythingChanged) {
-    console.log(chalk.green.bold("\u{1F6E1}\uFE0F  Node9 is now protecting Codex via MCP proxy!"));
+    console.log(chalk.green.bold("\u{1F6E1}\uFE0F  Node9 hooks installed for Codex."));
+    printCodexTrustReminder();
     console.log(chalk.gray("    Restart Codex for changes to take effect."));
     printDaemonTip();
   }
 }
 function teardownCodex() {
-  const homeDir2 = os11.homedir();
-  const configPath = path14.join(homeDir2, ".codex", "config.toml");
+  const homeDir2 = os12.homedir();
+  const configPath = path15.join(homeDir2, ".codex", "config.toml");
+  const hooksPath = path15.join(homeDir2, ".codex", "hooks.json");
+  const hooksFile = readJson(hooksPath);
+  if (hooksFile?.hooks) {
+    let hooksChanged = false;
+    for (const event of ["PreToolUse", "PostToolUse", "UserPromptSubmit"]) {
+      const before = hooksFile.hooks[event]?.length ?? 0;
+      hooksFile.hooks[event] = hooksFile.hooks[event]?.filter(
+        (m) => !m.hooks.some((h) => isNode9Hook(h.command))
+      );
+      if ((hooksFile.hooks[event]?.length ?? 0) < before) hooksChanged = true;
+      if (hooksFile.hooks[event]?.length === 0) delete hooksFile.hooks[event];
+    }
+    if (hooksChanged) {
+      writeJson(hooksPath, hooksFile);
+      console.log(chalk.green("  \u2705 Removed Node9 hooks from ~/.codex/hooks.json"));
+    }
+  }
   const config = readToml(configPath);
   if (!config?.mcp_servers) {
     console.log(chalk.blue("  \u2139\uFE0F  ~/.codex/config.toml not found \u2014 nothing to remove"));
@@ -6904,8 +7195,8 @@ function teardownCodex() {
   }
 }
 function setupHud() {
-  const homeDir2 = os11.homedir();
-  const hooksPath = path14.join(homeDir2, ".claude", "settings.json");
+  const homeDir2 = os12.homedir();
+  const hooksPath = path15.join(homeDir2, ".claude", "settings.json");
   const settings = readJson(hooksPath) ?? {};
   const hudCommand = fullPathCommand("hud");
   const statusLineObj = { type: "command", command: hudCommand };
@@ -6931,8 +7222,8 @@ function setupHud() {
   console.log(chalk.gray("   Restart Claude Code to activate."));
 }
 function teardownHud() {
-  const homeDir2 = os11.homedir();
-  const hooksPath = path14.join(homeDir2, ".claude", "settings.json");
+  const homeDir2 = os12.homedir();
+  const hooksPath = path15.join(homeDir2, ".claude", "settings.json");
   const settings = readJson(hooksPath);
   if (!settings) {
     console.log(chalk.blue("  \u2139\uFE0F  ~/.claude/settings.json not found \u2014 nothing to remove"));
@@ -6950,8 +7241,9 @@ function teardownHud() {
   console.log(chalk.gray("   Restart Claude Code for changes to take effect."));
 }
 async function setupWindsurf() {
-  const homeDir2 = os11.homedir();
-  const mcpPath = path14.join(homeDir2, ".codeium", "windsurf", "mcp_config.json");
+  seedMcpPinsIfMissing();
+  const homeDir2 = os12.homedir();
+  const mcpPath = path15.join(homeDir2, ".codeium", "windsurf", "mcp_config.json");
   const mcpConfig = readJson(mcpPath) ?? {};
   const servers = mcpConfig.mcpServers ?? {};
   let anythingChanged = false;
@@ -7011,8 +7303,8 @@ async function setupWindsurf() {
   }
 }
 function teardownWindsurf() {
-  const homeDir2 = os11.homedir();
-  const mcpPath = path14.join(homeDir2, ".codeium", "windsurf", "mcp_config.json");
+  const homeDir2 = os12.homedir();
+  const mcpPath = path15.join(homeDir2, ".codeium", "windsurf", "mcp_config.json");
   const mcpConfig = readJson(mcpPath);
   if (!mcpConfig?.mcpServers) {
     console.log(
@@ -7053,8 +7345,9 @@ function hasNode9McpServerVSCode(servers) {
   return !!entry && entry.command === "node9" && Array.isArray(entry.args) && entry.args[0] === "mcp-server";
 }
 async function setupVSCode() {
-  const homeDir2 = os11.homedir();
-  const mcpPath = path14.join(homeDir2, ".vscode", "mcp.json");
+  seedMcpPinsIfMissing();
+  const homeDir2 = os12.homedir();
+  const mcpPath = path15.join(homeDir2, ".vscode", "mcp.json");
   const mcpConfig = readJson(mcpPath) ?? {};
   const servers = mcpConfig.servers ?? {};
   let anythingChanged = false;
@@ -7115,8 +7408,8 @@ async function setupVSCode() {
   }
 }
 function teardownVSCode() {
-  const homeDir2 = os11.homedir();
-  const mcpPath = path14.join(homeDir2, ".vscode", "mcp.json");
+  const homeDir2 = os12.homedir();
+  const mcpPath = path15.join(homeDir2, ".vscode", "mcp.json");
   const mcpConfig = readJson(mcpPath);
   if (!mcpConfig?.servers) {
     console.log(chalk.blue("  \u2139\uFE0F  ~/.vscode/mcp.json not found \u2014 nothing to remove"));
@@ -7149,6 +7442,7 @@ function teardownVSCode() {
   }
 }
 async function setupClaudeDesktop() {
+  seedMcpPinsIfMissing();
   const configPath = claudeDesktopConfigPath();
   if (!configPath) {
     console.log(chalk.yellow("  \u26A0\uFE0F  Claude Desktop is not supported on this platform."));
@@ -7247,32 +7541,32 @@ function teardownClaudeDesktop() {
     console.log(chalk.blue("  \u2139\uFE0F  No Node9-wrapped MCP servers found in Claude Desktop config"));
   }
 }
-function getAgentsStatus(homeDir2 = os11.homedir()) {
+function getAgentsStatus(homeDir2 = os12.homedir()) {
   const detected = detectAgents(homeDir2);
   const claudeWired = (() => {
-    const settings = readJson(path14.join(homeDir2, ".claude", "settings.json"));
+    const settings = readJson(path15.join(homeDir2, ".claude", "settings.json"));
     return !!settings?.hooks?.PreToolUse?.some((m) => m.hooks.some((h) => isNode9Hook(h.command)));
   })();
   const geminiWired = (() => {
-    const settings = readJson(path14.join(homeDir2, ".gemini", "settings.json"));
+    const settings = readJson(path15.join(homeDir2, ".gemini", "settings.json"));
     return !!settings?.hooks?.BeforeTool?.some((m) => m.hooks.some((h) => isNode9Hook(h.command)));
   })();
   const cursorWired = (() => {
-    const cfg = readJson(path14.join(homeDir2, ".cursor", "mcp.json"));
+    const cfg = readJson(path15.join(homeDir2, ".cursor", "mcp.json"));
     return !!(cfg?.mcpServers && hasNode9McpServer(cfg.mcpServers));
   })();
   const codexWired = (() => {
-    const cfg = readToml(path14.join(homeDir2, ".codex", "config.toml"));
+    const cfg = readToml(path15.join(homeDir2, ".codex", "config.toml"));
     return !!(cfg?.mcp_servers && hasNode9McpServer(cfg.mcp_servers));
   })();
   const windsurfWired = (() => {
     const cfg = readJson(
-      path14.join(homeDir2, ".codeium", "windsurf", "mcp_config.json")
+      path15.join(homeDir2, ".codeium", "windsurf", "mcp_config.json")
     );
     return !!(cfg?.mcpServers && hasNode9McpServer(cfg.mcpServers));
   })();
   const vscodeWired = (() => {
-    const cfg = readJson(path14.join(homeDir2, ".vscode", "mcp.json"));
+    const cfg = readJson(path15.join(homeDir2, ".vscode", "mcp.json"));
     return !!(cfg?.servers && hasNode9McpServerVSCode(cfg.servers));
   })();
   return [
@@ -7332,11 +7626,13 @@ function getAgentsStatus(homeDir2 = os11.homedir()) {
     }
   ];
 }
-var NODE9_MCP_SERVER_ENTRY;
+var NODE9_MCP_SERVER_ENTRY, CODEX_PRE_TOOL_MATCHERS;
 var init_setup = __esm({
   "src/setup.ts"() {
     "use strict";
+    init_mcp_pin();
     NODE9_MCP_SERVER_ENTRY = { command: "node9", args: ["mcp-server"] };
+    CODEX_PRE_TOOL_MATCHERS = ["^Bash$", "^apply_patch$", "^mcp__.*"];
   }
 });
 
@@ -7528,85 +7824,85 @@ var init_scan_summary = __esm({
 
 // src/cli/commands/blast.ts
 import chalk2 from "chalk";
-import fs13 from "fs";
-import path15 from "path";
-import os12 from "os";
+import fs14 from "fs";
+import path16 from "path";
+import os13 from "os";
 function buildSensitivePaths(home, cwd) {
   return [
     {
-      full: path15.join(home, ".ssh", "id_rsa"),
+      full: path16.join(home, ".ssh", "id_rsa"),
       label: "~/.ssh/id_rsa",
       description: "RSA private key \u2014 grants SSH access to your servers",
       score: 20
     },
     {
-      full: path15.join(home, ".ssh", "id_ed25519"),
+      full: path16.join(home, ".ssh", "id_ed25519"),
       label: "~/.ssh/id_ed25519",
       description: "Ed25519 private key \u2014 grants SSH access to your servers",
       score: 20
     },
     {
-      full: path15.join(home, ".ssh", "id_ecdsa"),
+      full: path16.join(home, ".ssh", "id_ecdsa"),
       label: "~/.ssh/id_ecdsa",
       description: "ECDSA private key \u2014 grants SSH access to your servers",
       score: 20
     },
     {
-      full: path15.join(home, ".aws", "credentials"),
+      full: path16.join(home, ".aws", "credentials"),
       label: "~/.aws/credentials",
       description: "AWS access keys \u2014 full cloud account access",
       score: 20
     },
     {
-      full: path15.join(home, ".aws", "config"),
+      full: path16.join(home, ".aws", "config"),
       label: "~/.aws/config",
       description: "AWS configuration \u2014 account and region settings",
       score: 5
     },
     {
-      full: path15.join(home, ".config", "gcloud", "credentials.db"),
+      full: path16.join(home, ".config", "gcloud", "credentials.db"),
       label: "~/.config/gcloud/credentials.db",
       description: "Google Cloud credentials",
       score: 15
     },
     {
-      full: path15.join(home, ".docker", "config.json"),
+      full: path16.join(home, ".docker", "config.json"),
       label: "~/.docker/config.json",
       description: "Docker registry auth tokens",
       score: 10
     },
     {
-      full: path15.join(home, ".netrc"),
+      full: path16.join(home, ".netrc"),
       label: "~/.netrc",
       description: "FTP/HTTP credentials in plain text",
       score: 15
     },
     {
-      full: path15.join(home, ".npmrc"),
+      full: path16.join(home, ".npmrc"),
       label: "~/.npmrc",
       description: "npm auth token \u2014 can publish packages as you",
       score: 10
     },
     {
-      full: path15.join(home, ".node9", "credentials.json"),
+      full: path16.join(home, ".node9", "credentials.json"),
       label: "~/.node9/credentials.json",
       description: "Node9 cloud API key",
       score: 10
     },
     {
-      full: path15.join(cwd, ".env"),
+      full: path16.join(cwd, ".env"),
       label: ".env  (current folder)",
       description: "App secrets \u2014 database passwords, API keys",
       score: 20
     },
     {
-      full: path15.join(cwd, ".env.local"),
+      full: path16.join(cwd, ".env.local"),
       label: ".env.local  (current folder)",
       description: "Local overrides \u2014 often contains real credentials",
       score: 15
     },
     {
-      full: path15.join(cwd, ".env.production"),
+      full: path16.join(cwd, ".env.production"),
       label: ".env.production  (current folder)",
       description: "Production secrets",
       score: 20
@@ -7615,7 +7911,7 @@ function buildSensitivePaths(home, cwd) {
 }
 function isReadable(filePath) {
   try {
-    fs13.accessSync(filePath, fs13.constants.R_OK);
+    fs14.accessSync(filePath, fs14.constants.R_OK);
     return true;
   } catch {
     return false;
@@ -7628,13 +7924,13 @@ function scoreLabel(score) {
   return chalk2.red.bold(`${score}/100  Critical`);
 }
 function runBlast() {
-  const home = os12.homedir();
+  const home = os13.homedir();
   const cwd = process.cwd();
   const paths = buildSensitivePaths(home, cwd);
   let scoreDeduction = 0;
   const reachable = [];
   for (const p of paths) {
-    if (fs13.existsSync(p.full) && isReadable(p.full)) {
+    if (fs14.existsSync(p.full) && isReadable(p.full)) {
       reachable.push(p);
       scoreDeduction += p.score;
     }
@@ -7652,7 +7948,7 @@ function runBlast() {
 }
 function registerBlastCommand(program2) {
   program2.command("blast").description("Map what an AI agent can currently reach on this machine").action(() => {
-    const home = os12.homedir();
+    const home = os13.homedir();
     const cwd = process.cwd();
     const { reachable, envFindings, score } = runBlast();
     console.log("");
@@ -7828,17 +8124,17 @@ var init_scan_json = __esm({
 });
 
 // src/cli/render/scan-history.ts
-import fs14 from "fs";
-import path16 from "path";
-import os13 from "os";
+import fs15 from "fs";
+import path17 from "path";
+import os14 from "os";
 function defaultHistoryPath() {
-  return path16.join(os13.homedir(), ".node9", "scan-history.json");
+  return path17.join(os14.homedir(), ".node9", "scan-history.json");
 }
 function readPreviousScan(opts = {}) {
   const filePath = opts.path ?? defaultHistoryPath();
   try {
-    if (!fs14.existsSync(filePath)) return null;
-    const raw = fs14.readFileSync(filePath, "utf8");
+    if (!fs15.existsSync(filePath)) return null;
+    const raw = fs15.readFileSync(filePath, "utf8");
     const parsed = JSON.parse(raw);
     if (!Array.isArray(parsed) || parsed.length === 0) return null;
     const last = parsed[parsed.length - 1];
@@ -7852,11 +8148,11 @@ function appendScanHistory(record, opts = {}) {
   const filePath = opts.path ?? defaultHistoryPath();
   const cap = opts.cap ?? SCAN_HISTORY_CAP;
   try {
-    fs14.mkdirSync(path16.dirname(filePath), { recursive: true });
+    fs15.mkdirSync(path17.dirname(filePath), { recursive: true });
     let history = [];
-    if (fs14.existsSync(filePath)) {
+    if (fs15.existsSync(filePath)) {
       try {
-        const parsed = JSON.parse(fs14.readFileSync(filePath, "utf8"));
+        const parsed = JSON.parse(fs15.readFileSync(filePath, "utf8"));
         if (Array.isArray(parsed)) {
           history = parsed.filter(isValidRecord);
         }
@@ -7867,7 +8163,7 @@ function appendScanHistory(record, opts = {}) {
     if (history.length > cap) {
       history = history.slice(history.length - cap);
     }
-    fs14.writeFileSync(filePath, JSON.stringify(history, null, 2));
+    fs15.writeFileSync(filePath, JSON.stringify(history, null, 2));
   } catch (err2) {
     process.stderr.write(
       `[node9] Warning: could not write scan-history.json: ${err2.message}
@@ -7898,15 +8194,15 @@ var init_scan_history = __esm({
 });
 
 // src/pricing/litellm.ts
-import fs15 from "fs";
-import path17 from "path";
-import os14 from "os";
+import fs16 from "fs";
+import path18 from "path";
+import os15 from "os";
 function normalizeModel(raw) {
   return raw.replace(/-\d{8}$/, "").toLowerCase();
 }
 function readCache() {
   try {
-    const raw = JSON.parse(fs15.readFileSync(CACHE_FILE(), "utf-8"));
+    const raw = JSON.parse(fs16.readFileSync(CACHE_FILE(), "utf-8"));
     if (typeof raw.fetchedAt !== "string" || typeof raw.prices !== "object" || raw.prices === null) {
       return null;
     }
@@ -7920,18 +8216,18 @@ function readCache() {
 function writeCache(prices) {
   try {
     const target = CACHE_FILE();
-    const dir = path17.dirname(target);
-    if (!fs15.existsSync(dir)) fs15.mkdirSync(dir, { recursive: true });
+    const dir = path18.dirname(target);
+    if (!fs16.existsSync(dir)) fs16.mkdirSync(dir, { recursive: true });
     const tmp = target + ".tmp";
     const body = {
       fetchedAt: (/* @__PURE__ */ new Date()).toISOString(),
       prices
     };
-    fs15.writeFileSync(tmp, JSON.stringify(body) + "\n", "utf-8");
-    fs15.renameSync(tmp, target);
+    fs16.writeFileSync(tmp, JSON.stringify(body) + "\n", "utf-8");
+    fs16.renameSync(tmp, target);
   } catch (err2) {
     try {
-      fs15.appendFileSync(
+      fs16.appendFileSync(
         HOOK_DEBUG_LOG,
         `[pricing] cache write failed: ${err2.message}
 `
@@ -8054,7 +8350,7 @@ var init_litellm = __esm({
       "gemini-2.0-flash": [75e-9, 3e-7, 0, 0],
       "gemini-1.5-pro": [125e-8, 5e-6, 0, 0]
     };
-    CACHE_FILE = () => path17.join(os14.homedir(), ".node9", "model-pricing.json");
+    CACHE_FILE = () => path18.join(os15.homedir(), ".node9", "model-pricing.json");
     TTL_MS = 24 * 60 * 60 * 1e3;
     memCache = null;
     memCacheAt = 0;
@@ -8063,17 +8359,17 @@ var init_litellm = __esm({
 });
 
 // src/costSync.ts
-import fs16 from "fs";
-import path18 from "path";
-import os15 from "os";
+import fs17 from "fs";
+import path19 from "path";
+import os16 from "os";
 function decodeProjectDirName(dirName) {
   return dirName.replace(/-/g, "/");
 }
 function parseJSONLFile(filePath, fallbackWorkingDir) {
-  const runId = path18.basename(filePath, ".jsonl");
+  const runId = path19.basename(filePath, ".jsonl");
   let content;
   try {
-    content = fs16.readFileSync(filePath, "utf8");
+    content = fs17.readFileSync(filePath, "utf8");
   } catch {
     return /* @__PURE__ */ new Map();
   }
@@ -8129,34 +8425,34 @@ function parseJSONLFile(filePath, fallbackWorkingDir) {
   return daily;
 }
 function collectEntries(sinceMs) {
-  const projectsDir = path18.join(os15.homedir(), ".claude", "projects");
-  if (!fs16.existsSync(projectsDir)) return [];
+  const projectsDir = path19.join(os16.homedir(), ".claude", "projects");
+  if (!fs17.existsSync(projectsDir)) return [];
   const combined = /* @__PURE__ */ new Map();
   let dirs;
   try {
-    dirs = fs16.readdirSync(projectsDir);
+    dirs = fs17.readdirSync(projectsDir);
   } catch {
     return [];
   }
   for (const dir of dirs) {
-    const dirPath = path18.join(projectsDir, dir);
+    const dirPath = path19.join(projectsDir, dir);
     try {
-      if (!fs16.statSync(dirPath).isDirectory()) continue;
+      if (!fs17.statSync(dirPath).isDirectory()) continue;
     } catch {
       continue;
     }
     let files;
     try {
-      files = fs16.readdirSync(dirPath).filter((f) => f.endsWith(".jsonl"));
+      files = fs17.readdirSync(dirPath).filter((f) => f.endsWith(".jsonl"));
     } catch {
       continue;
     }
     const fallbackWorkingDir = decodeProjectDirName(dir);
     for (const file of files) {
-      const filePath = path18.join(dirPath, file);
+      const filePath = path19.join(dirPath, file);
       if (sinceMs !== void 0) {
         try {
-          if (fs16.statSync(filePath).mtimeMs < sinceMs) continue;
+          if (fs17.statSync(filePath).mtimeMs < sinceMs) continue;
         } catch {
           continue;
         }
@@ -8186,10 +8482,10 @@ async function syncCost() {
   if (entries.length === 0) return;
   let username = "unknown";
   try {
-    username = os15.userInfo().username;
+    username = os16.userInfo().username;
   } catch {
   }
-  const machineId = `${os15.hostname()}:${username}`;
+  const machineId = `${os16.hostname()}:${username}`;
   try {
     const res = await fetch(`${creds.apiUrl}/cost-sync`, {
       method: "POST",
@@ -8198,11 +8494,11 @@ async function syncCost() {
       signal: AbortSignal.timeout(15e3)
     });
     if (!res.ok) {
-      fs16.appendFileSync(HOOK_DEBUG_LOG, `[cost-sync] HTTP ${res.status}
+      fs17.appendFileSync(HOOK_DEBUG_LOG, `[cost-sync] HTTP ${res.status}
 `);
     }
   } catch (err2) {
-    fs16.appendFileSync(HOOK_DEBUG_LOG, `[cost-sync] ${err2.message}
+    fs17.appendFileSync(HOOK_DEBUG_LOG, `[cost-sync] ${err2.message}
 `);
   }
 }
@@ -8238,9 +8534,9 @@ __export(scan_watermark_exports, {
   tickForensicBroadcast: () => tickForensicBroadcast,
   tickScanWatcher: () => tickScanWatcher
 });
-import fs17 from "fs";
-import os16 from "os";
-import path19 from "path";
+import fs18 from "fs";
+import os17 from "os";
+import path20 from "path";
 import readline from "readline";
 function freshWatermark() {
   return {
@@ -8253,7 +8549,7 @@ function freshWatermark() {
 function loadWatermark() {
   let raw;
   try {
-    raw = fs17.readFileSync(WATERMARK_FILE(), "utf-8");
+    raw = fs18.readFileSync(WATERMARK_FILE(), "utf-8");
   } catch {
     return { status: "fresh", wm: freshWatermark() };
   }
@@ -8305,28 +8601,28 @@ function loadWatermark() {
 function saveWatermark(wm) {
   if (wm.schemaVersion > WATERMARK_SCHEMA_VERSION) return;
   const target = WATERMARK_FILE();
-  const dir = path19.dirname(target);
-  if (!fs17.existsSync(dir)) fs17.mkdirSync(dir, { recursive: true });
+  const dir = path20.dirname(target);
+  if (!fs18.existsSync(dir)) fs18.mkdirSync(dir, { recursive: true });
   const tmp = target + ".tmp";
-  fs17.writeFileSync(tmp, JSON.stringify(wm, null, 2) + "\n", "utf-8");
-  fs17.renameSync(tmp, target);
+  fs18.writeFileSync(tmp, JSON.stringify(wm, null, 2) + "\n", "utf-8");
+  fs18.renameSync(tmp, target);
 }
 function listJsonlFiles() {
   const root = PROJECTS_DIR();
-  if (!fs17.existsSync(root)) return [];
+  if (!fs18.existsSync(root)) return [];
   const out = [];
-  for (const entry of fs17.readdirSync(root, { withFileTypes: true })) {
+  for (const entry of fs18.readdirSync(root, { withFileTypes: true })) {
     if (!entry.isDirectory()) continue;
-    const projectDir = path19.join(root, entry.name);
+    const projectDir = path20.join(root, entry.name);
     let inner;
     try {
-      inner = fs17.readdirSync(projectDir, { withFileTypes: true });
+      inner = fs18.readdirSync(projectDir, { withFileTypes: true });
     } catch {
       continue;
     }
     for (const file of inner) {
       if (file.isFile() && file.name.endsWith(".jsonl")) {
-        out.push(path19.join(projectDir, file.name));
+        out.push(path20.join(projectDir, file.name));
       }
     }
   }
@@ -8334,7 +8630,7 @@ function listJsonlFiles() {
 }
 function fileSize(p) {
   try {
-    return fs17.statSync(p).size;
+    return fs18.statSync(p).size;
   } catch {
     return 0;
   }
@@ -8342,7 +8638,7 @@ function fileSize(p) {
 async function scanDelta(filePath, fromByte, onLine) {
   const size = fileSize(filePath);
   if (size <= fromByte) return fromByte;
-  const stream = fs17.createReadStream(filePath, {
+  const stream = fs18.createReadStream(filePath, {
     start: fromByte,
     end: size - 1,
     highWaterMark: 64 * 1024
@@ -8454,7 +8750,7 @@ async function tickForensicBroadcast(offsets) {
       continue;
     }
     if (size <= offset) continue;
-    const sessionId = path19.basename(file, ".jsonl");
+    const sessionId = path20.basename(file, ".jsonl");
     const newOffset = await scanDelta(file, offset, (obj, lineIndex) => {
       out.push(...extractFindingsFromLine(obj, sessionId, lineIndex));
     });
@@ -8513,7 +8809,7 @@ function emptyTick(uploadAs) {
 function readRawWatermarkPreservingOffsets() {
   let raw;
   try {
-    raw = fs17.readFileSync(WATERMARK_FILE(), "utf-8");
+    raw = fs18.readFileSync(WATERMARK_FILE(), "utf-8");
   } catch {
     return null;
   }
@@ -8547,13 +8843,13 @@ async function runActualTick(wm) {
     if (!known) {
       let mtimeMs = 0;
       try {
-        mtimeMs = fs17.statSync(filePath).mtime.getTime();
+        mtimeMs = fs18.statSync(filePath).mtime.getTime();
       } catch {
         continue;
       }
       if (mtimeMs >= watermarkCreatedAt) {
         filesNew++;
-        const sessionId2 = path19.basename(filePath, ".jsonl");
+        const sessionId2 = path20.basename(filePath, ".jsonl");
         const newScannedTo2 = await scanDelta(filePath, 0, (obj, lineIndex) => {
           totalToolCalls++;
           toolCallsBySession[sessionId2] = (toolCallsBySession[sessionId2] ?? 0) + 1;
@@ -8571,7 +8867,7 @@ async function runActualTick(wm) {
       filesSkipped++;
       continue;
     }
-    const sessionId = path19.basename(filePath, ".jsonl");
+    const sessionId = path20.basename(filePath, ".jsonl");
     const newScannedTo = await scanDelta(filePath, known.scannedTo, (obj, lineIndex) => {
       totalToolCalls++;
       toolCallsBySession[sessionId] = (toolCallsBySession[sessionId] ?? 0) + 1;
@@ -8599,8 +8895,8 @@ var init_scan_watermark = __esm({
     "use strict";
     init_dlp();
     init_dist();
-    PROJECTS_DIR = () => path19.join(os16.homedir(), ".claude", "projects");
-    WATERMARK_FILE = () => path19.join(os16.homedir(), ".node9", "scan-watermark.json");
+    PROJECTS_DIR = () => path20.join(os17.homedir(), ".claude", "projects");
+    WATERMARK_FILE = () => path20.join(os17.homedir(), ".node9", "scan-watermark.json");
     MAX_LINE_BYTES = 2 * 1024 * 1024;
     WATERMARK_SCHEMA_VERSION = 2;
     LONG_OUTPUT_THRESHOLD_BYTES2 = LONG_OUTPUT_THRESHOLD_BYTES;
@@ -8615,10 +8911,10 @@ __export(scan_upload_history_exports, {
   parseSinceCutoff: () => parseSinceCutoff,
   runUploadHistory: () => runUploadHistory
 });
-import fs18 from "fs";
+import fs19 from "fs";
 import https from "https";
-import os17 from "os";
-import path20 from "path";
+import os18 from "os";
+import path21 from "path";
 import chalk4 from "chalk";
 function emptySignals2() {
   return {
@@ -8653,40 +8949,40 @@ function parseSinceCutoff(raw, now = /* @__PURE__ */ new Date()) {
   return now.getTime() - 90 * 864e5;
 }
 function* iterateJsonlFiles(cutoffMs) {
-  const projectsDir = path20.join(os17.homedir(), ".claude", "projects");
+  const projectsDir = path21.join(os18.homedir(), ".claude", "projects");
   let dirs;
   try {
-    dirs = fs18.readdirSync(projectsDir);
+    dirs = fs19.readdirSync(projectsDir);
   } catch {
     return;
   }
   for (const dir of dirs) {
-    const dirPath = path20.join(projectsDir, dir);
+    const dirPath = path21.join(projectsDir, dir);
     let stats;
     try {
-      stats = fs18.statSync(dirPath);
+      stats = fs19.statSync(dirPath);
     } catch {
       continue;
     }
     if (!stats.isDirectory()) continue;
     let files;
     try {
-      files = fs18.readdirSync(dirPath).filter((f) => f.endsWith(".jsonl"));
+      files = fs19.readdirSync(dirPath).filter((f) => f.endsWith(".jsonl"));
     } catch {
       continue;
     }
     for (const file of files) {
-      const filePath = path20.join(dirPath, file);
+      const filePath = path21.join(dirPath, file);
       let mtime = 0;
       try {
-        mtime = fs18.statSync(filePath).mtimeMs;
+        mtime = fs19.statSync(filePath).mtimeMs;
       } catch {
         continue;
       }
       if (mtime < cutoffMs) continue;
       yield {
         filePath,
-        sessionId: path20.basename(file, ".jsonl"),
+        sessionId: path21.basename(file, ".jsonl"),
         projectDir: dir
       };
     }
@@ -8739,7 +9035,7 @@ async function runUploadHistory(opts) {
     filesScanned++;
     let content;
     try {
-      content = fs18.readFileSync(filePath, "utf8");
+      content = fs19.readFileSync(filePath, "utf8");
     } catch {
       continue;
     }
@@ -8825,10 +9121,10 @@ async function runUploadHistory(opts) {
     const costUrl = creds.apiUrl.endsWith("/policies/sync") ? creds.apiUrl.replace(/\/policies\/sync$/, "/cost-sync") : `${creds.apiUrl.replace(/\/$/, "")}/cost-sync`;
     let username = "unknown";
     try {
-      username = os17.userInfo().username;
+      username = os18.userInfo().username;
     } catch {
     }
-    const machineId = `${os17.hostname()}:${username}`;
+    const machineId = `${os18.hostname()}:${username}`;
     await postJson(costUrl, creds.apiKey, {
       machineId,
       entries: dailyEntries
@@ -8902,9 +9198,9 @@ var init_scan_upload_history = __esm({
 
 // src/cli/commands/scan.ts
 import chalk5 from "chalk";
-import fs19 from "fs";
-import path21 from "path";
-import os18 from "os";
+import fs20 from "fs";
+import path22 from "path";
+import os19 from "os";
 import stringWidth2 from "string-width";
 function claudeModelPrice(model) {
   const base = model.replace(/@.*$/, "").replace(/-\d{8}$/, "");
@@ -9131,14 +9427,14 @@ function buildRuleSources() {
 }
 function countScanFiles() {
   let total = 0;
-  const claudeDir = path21.join(os18.homedir(), ".claude", "projects");
-  if (fs19.existsSync(claudeDir)) {
+  const claudeDir = path22.join(os19.homedir(), ".claude", "projects");
+  if (fs20.existsSync(claudeDir)) {
     try {
-      for (const proj of fs19.readdirSync(claudeDir)) {
-        const p = path21.join(claudeDir, proj);
+      for (const proj of fs20.readdirSync(claudeDir)) {
+        const p = path22.join(claudeDir, proj);
         try {
-          if (!fs19.statSync(p).isDirectory()) continue;
-          total += fs19.readdirSync(p).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-")).length;
+          if (!fs20.statSync(p).isDirectory()) continue;
+          total += fs20.readdirSync(p).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-")).length;
         } catch {
           continue;
         }
@@ -9146,17 +9442,17 @@ function countScanFiles() {
     } catch {
     }
   }
-  const geminiDir = path21.join(os18.homedir(), ".gemini", "tmp");
-  if (fs19.existsSync(geminiDir)) {
+  const geminiDir = path22.join(os19.homedir(), ".gemini", "tmp");
+  if (fs20.existsSync(geminiDir)) {
     try {
-      for (const slug of fs19.readdirSync(geminiDir)) {
-        const p = path21.join(geminiDir, slug);
+      for (const slug of fs20.readdirSync(geminiDir)) {
+        const p = path22.join(geminiDir, slug);
         try {
-          if (!fs19.statSync(p).isDirectory()) continue;
-          const chatsDir = path21.join(p, "chats");
-          if (fs19.existsSync(chatsDir)) {
+          if (!fs20.statSync(p).isDirectory()) continue;
+          const chatsDir = path22.join(p, "chats");
+          if (fs20.existsSync(chatsDir)) {
             try {
-              total += fs19.readdirSync(chatsDir).filter((f) => f.endsWith(".json")).length;
+              total += fs20.readdirSync(chatsDir).filter((f) => f.endsWith(".json")).length;
             } catch {
             }
           }
@@ -9167,22 +9463,22 @@ function countScanFiles() {
     } catch {
     }
   }
-  const codexDir = path21.join(os18.homedir(), ".codex", "sessions");
-  if (fs19.existsSync(codexDir)) {
+  const codexDir = path22.join(os19.homedir(), ".codex", "sessions");
+  if (fs20.existsSync(codexDir)) {
     try {
-      for (const year of fs19.readdirSync(codexDir)) {
-        const yp = path21.join(codexDir, year);
+      for (const year of fs20.readdirSync(codexDir)) {
+        const yp = path22.join(codexDir, year);
         try {
-          if (!fs19.statSync(yp).isDirectory()) continue;
-          for (const month of fs19.readdirSync(yp)) {
-            const mp = path21.join(yp, month);
+          if (!fs20.statSync(yp).isDirectory()) continue;
+          for (const month of fs20.readdirSync(yp)) {
+            const mp = path22.join(yp, month);
             try {
-              if (!fs19.statSync(mp).isDirectory()) continue;
-              for (const day of fs19.readdirSync(mp)) {
-                const dp = path21.join(mp, day);
+              if (!fs20.statSync(mp).isDirectory()) continue;
+              for (const day of fs20.readdirSync(mp)) {
+                const dp = path22.join(mp, day);
                 try {
-                  if (!fs19.statSync(dp).isDirectory()) continue;
-                  total += fs19.readdirSync(dp).filter((f) => f.endsWith(".jsonl")).length;
+                  if (!fs20.statSync(dp).isDirectory()) continue;
+                  total += fs20.readdirSync(dp).filter((f) => f.endsWith(".jsonl")).length;
                 } catch {
                   continue;
                 }
@@ -9218,7 +9514,7 @@ function processClaudeFile(file, projPath, projLabel, ruleSources, startDate, re
   const sessionId = file.replace(/\.jsonl$/, "");
   let raw;
   try {
-    raw = fs19.readFileSync(path21.join(projPath, file), "utf-8");
+    raw = fs20.readFileSync(path22.join(projPath, file), "utf-8");
   } catch {
     return;
   }
@@ -9270,7 +9566,7 @@ function processClaudeFile(file, projPath, projLabel, ruleSources, startDate, re
           if (block.type !== "tool_result") continue;
           const filePath = block.tool_use_id ? toolUseFilePaths.get(block.tool_use_id) : void 0;
           if (filePath) {
-            const ext = path21.extname(filePath).toLowerCase();
+            const ext = path22.extname(filePath).toLowerCase();
             if (CODE_EXTENSIONS.has(ext)) continue;
           }
           const resultText = typeof block.content === "string" ? block.content : Array.isArray(block.content) ? block.content.map((c) => c.text ?? "").join("\n") : null;
@@ -9327,7 +9623,7 @@ function processClaudeFile(file, projPath, projLabel, ruleSources, startDate, re
       const rawCmd = String(input.command ?? "").trimStart();
       if (/^node9\s+(scan|explain|report|tail|dlp|status|sessions|audit)\b/.test(rawCmd)) continue;
       const inputFilePath = typeof input.file_path === "string" ? input.file_path : "";
-      const inputFileExt = inputFilePath ? path21.extname(inputFilePath).toLowerCase() : "";
+      const inputFileExt = inputFilePath ? path22.extname(inputFilePath).toLowerCase() : "";
       if (CODE_EXTENSIONS.has(inputFileExt)) continue;
       const dlpMatch = scanArgs(input);
       if (dlpMatch) {
@@ -9424,19 +9720,19 @@ function processClaudeFile(file, projPath, projLabel, ruleSources, startDate, re
   }
 }
 function processClaudeProject(proj, projectsDir, ruleSources, startDate, result, dedup, onProgress, onLine) {
-  const projPath = path21.join(projectsDir, proj);
+  const projPath = path22.join(projectsDir, proj);
   try {
-    if (!fs19.statSync(projPath).isDirectory()) return;
+    if (!fs20.statSync(projPath).isDirectory()) return;
   } catch {
     return;
   }
-  const projLabel = stripTerminalEscapes(decodeURIComponent(proj).replace(os18.homedir(), "~")).slice(
+  const projLabel = stripTerminalEscapes(decodeURIComponent(proj).replace(os19.homedir(), "~")).slice(
     0,
     40
   );
   let files;
   try {
-    files = fs19.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
+    files = fs20.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
   } catch {
     return;
   }
@@ -9470,12 +9766,12 @@ function emptyClaudeScan() {
   };
 }
 function scanClaudeHistory(startDate, onProgress, onLine) {
-  const projectsDir = path21.join(os18.homedir(), ".claude", "projects");
+  const projectsDir = path22.join(os19.homedir(), ".claude", "projects");
   const result = emptyClaudeScan();
-  if (!fs19.existsSync(projectsDir)) return result;
+  if (!fs20.existsSync(projectsDir)) return result;
   let projDirs;
   try {
-    projDirs = fs19.readdirSync(projectsDir);
+    projDirs = fs20.readdirSync(projectsDir);
   } catch {
     return result;
   }
@@ -9496,7 +9792,7 @@ function scanClaudeHistory(startDate, onProgress, onLine) {
   return result;
 }
 function scanGeminiHistory(startDate, onProgress, onLine) {
-  const tmpDir = path21.join(os18.homedir(), ".gemini", "tmp");
+  const tmpDir = path22.join(os19.homedir(), ".gemini", "tmp");
   const result = {
     filesScanned: 0,
     sessions: 0,
@@ -9511,33 +9807,33 @@ function scanGeminiHistory(startDate, onProgress, onLine) {
     sessionsWithEarlySecrets: 0
   };
   const dedup = emptyScanDedup();
-  if (!fs19.existsSync(tmpDir)) return result;
+  if (!fs20.existsSync(tmpDir)) return result;
   let slugDirs;
   try {
-    slugDirs = fs19.readdirSync(tmpDir);
+    slugDirs = fs20.readdirSync(tmpDir);
   } catch {
     return result;
   }
   const ruleSources = buildRuleSources();
   for (const slug of slugDirs) {
-    const slugPath = path21.join(tmpDir, slug);
+    const slugPath = path22.join(tmpDir, slug);
     try {
-      if (!fs19.statSync(slugPath).isDirectory()) continue;
+      if (!fs20.statSync(slugPath).isDirectory()) continue;
     } catch {
       continue;
     }
     let projLabel = stripTerminalEscapes(slug).slice(0, 40);
     try {
       projLabel = stripTerminalEscapes(
-        fs19.readFileSync(path21.join(slugPath, ".project_root"), "utf-8").trim()
-      ).replace(os18.homedir(), "~").slice(0, 40);
+        fs20.readFileSync(path22.join(slugPath, ".project_root"), "utf-8").trim()
+      ).replace(os19.homedir(), "~").slice(0, 40);
     } catch {
     }
-    const chatsDir = path21.join(slugPath, "chats");
-    if (!fs19.existsSync(chatsDir)) continue;
+    const chatsDir = path22.join(slugPath, "chats");
+    if (!fs20.existsSync(chatsDir)) continue;
     let chatFiles;
     try {
-      chatFiles = fs19.readdirSync(chatsDir).filter((f) => f.endsWith(".json"));
+      chatFiles = fs20.readdirSync(chatsDir).filter((f) => f.endsWith(".json"));
     } catch {
       continue;
     }
@@ -9547,7 +9843,7 @@ function scanGeminiHistory(startDate, onProgress, onLine) {
       const sessionId = chatFile.replace(/\.json$/, "");
       let raw;
       try {
-        raw = fs19.readFileSync(path21.join(chatsDir, chatFile), "utf-8");
+        raw = fs20.readFileSync(path22.join(chatsDir, chatFile), "utf-8");
       } catch {
         continue;
       }
@@ -9709,7 +10005,7 @@ function scanGeminiHistory(startDate, onProgress, onLine) {
   return result;
 }
 function scanCodexHistory(startDate, onProgress, onLine) {
-  const sessionsBase = path21.join(os18.homedir(), ".codex", "sessions");
+  const sessionsBase = path22.join(os19.homedir(), ".codex", "sessions");
   const result = {
     filesScanned: 0,
     sessions: 0,
@@ -9724,32 +10020,32 @@ function scanCodexHistory(startDate, onProgress, onLine) {
     sessionsWithEarlySecrets: 0
   };
   const dedup = emptyScanDedup();
-  if (!fs19.existsSync(sessionsBase)) return result;
+  if (!fs20.existsSync(sessionsBase)) return result;
   const jsonlFiles = [];
   try {
-    for (const year of fs19.readdirSync(sessionsBase)) {
-      const yearPath = path21.join(sessionsBase, year);
+    for (const year of fs20.readdirSync(sessionsBase)) {
+      const yearPath = path22.join(sessionsBase, year);
       try {
-        if (!fs19.statSync(yearPath).isDirectory()) continue;
+        if (!fs20.statSync(yearPath).isDirectory()) continue;
       } catch {
         continue;
       }
-      for (const month of fs19.readdirSync(yearPath)) {
-        const monthPath = path21.join(yearPath, month);
+      for (const month of fs20.readdirSync(yearPath)) {
+        const monthPath = path22.join(yearPath, month);
         try {
-          if (!fs19.statSync(monthPath).isDirectory()) continue;
+          if (!fs20.statSync(monthPath).isDirectory()) continue;
         } catch {
           continue;
         }
-        for (const day of fs19.readdirSync(monthPath)) {
-          const dayPath = path21.join(monthPath, day);
+        for (const day of fs20.readdirSync(monthPath)) {
+          const dayPath = path22.join(monthPath, day);
           try {
-            if (!fs19.statSync(dayPath).isDirectory()) continue;
+            if (!fs20.statSync(dayPath).isDirectory()) continue;
           } catch {
             continue;
           }
-          for (const file of fs19.readdirSync(dayPath)) {
-            if (file.endsWith(".jsonl")) jsonlFiles.push(path21.join(dayPath, file));
+          for (const file of fs20.readdirSync(dayPath)) {
+            if (file.endsWith(".jsonl")) jsonlFiles.push(path22.join(dayPath, file));
           }
         }
       }
@@ -9763,7 +10059,7 @@ function scanCodexHistory(startDate, onProgress, onLine) {
     onProgress?.(result.filesScanned);
     let lines;
     try {
-      lines = fs19.readFileSync(filePath, "utf-8").split("\n");
+      lines = fs20.readFileSync(filePath, "utf-8").split("\n");
     } catch {
       continue;
     }
@@ -9789,7 +10085,7 @@ function scanCodexHistory(startDate, onProgress, onLine) {
         sessionId = String(payload["id"] ?? filePath);
         startTime = String(payload["timestamp"] ?? "");
         const cwd = String(payload["cwd"] ?? "");
-        projLabel = stripTerminalEscapes(cwd.replace(os18.homedir(), "~")).slice(0, 40);
+        projLabel = stripTerminalEscapes(cwd.replace(os19.homedir(), "~")).slice(0, 40);
         continue;
       }
       if (entry.type === "event_msg" && payload["type"] === "token_count") {
@@ -9942,17 +10238,17 @@ function scanCodexHistory(startDate, onProgress, onLine) {
   return result;
 }
 function scanShellConfig() {
-  const home = os18.homedir();
+  const home = os19.homedir();
   const configFiles = [".zshrc", ".bashrc", ".bash_profile", ".profile"].map(
-    (f) => path21.join(home, f)
+    (f) => path22.join(home, f)
   );
   const findings = [];
   const seen = /* @__PURE__ */ new Set();
   for (const filePath of configFiles) {
-    if (!fs19.existsSync(filePath)) continue;
+    if (!fs20.existsSync(filePath)) continue;
     let lines;
     try {
-      lines = fs19.readFileSync(filePath, "utf-8").split("\n");
+      lines = fs20.readFileSync(filePath, "utf-8").split("\n");
     } catch {
       continue;
     }
@@ -10732,7 +11028,7 @@ function registerScanCommand(program2) {
         if (!drillDown) {
           const useInk2 = !options.classic;
           if (useInk2) {
-            const scanInkPath = path21.join(__dirname, "scan-ink.mjs");
+            const scanInkPath = path22.join(__dirname, "scan-ink.mjs");
             const dynamicImport = new Function("id", "return import(id)");
             const mod = await dynamicImport(`file://${scanInkPath}`);
             const rangeLabel2 = options.all ? "all time" : `last ${options.days ?? 90} days`;
@@ -11150,8 +11446,8 @@ var init_suggestion_tracker = __esm({
 });
 
 // src/daemon/taint-store.ts
-import fs20 from "fs";
-import path22 from "path";
+import fs21 from "fs";
+import path23 from "path";
 var DEFAULT_TTL_MS, TaintStore;
 var init_taint_store = __esm({
   "src/daemon/taint-store.ts"() {
@@ -11220,9 +11516,9 @@ var init_taint_store = __esm({
       /** Resolve to absolute path, falling back to path.resolve if file doesn't exist yet. */
       _resolve(filePath) {
         try {
-          return fs20.realpathSync.native(path22.resolve(filePath));
+          return fs21.realpathSync.native(path23.resolve(filePath));
         } catch {
-          return path22.resolve(filePath);
+          return path23.resolve(filePath);
         }
       }
     };
@@ -11339,14 +11635,14 @@ var init_session_history = __esm({
 
 // src/daemon/state.ts
 import net2 from "net";
-import fs21 from "fs";
-import path23 from "path";
-import os19 from "os";
+import fs22 from "fs";
+import path24 from "path";
+import os20 from "os";
 import { randomUUID as randomUUID3 } from "crypto";
 function loadInsightCounts() {
   try {
-    if (!fs21.existsSync(INSIGHT_COUNTS_FILE)) return;
-    const data = JSON.parse(fs21.readFileSync(INSIGHT_COUNTS_FILE, "utf-8"));
+    if (!fs22.existsSync(INSIGHT_COUNTS_FILE)) return;
+    const data = JSON.parse(fs22.readFileSync(INSIGHT_COUNTS_FILE, "utf-8"));
     for (const [tool, count] of Object.entries(data)) {
       if (typeof count === "number" && count > 0) insightCounts.set(tool, count);
     }
@@ -11385,23 +11681,23 @@ function markRejectionHandlerRegistered() {
   daemonRejectionHandlerRegistered = true;
 }
 function atomicWriteSync2(filePath, data, options) {
-  const dir = path23.dirname(filePath);
-  if (!fs21.existsSync(dir)) fs21.mkdirSync(dir, { recursive: true });
+  const dir = path24.dirname(filePath);
+  if (!fs22.existsSync(dir)) fs22.mkdirSync(dir, { recursive: true });
   const tmpPath = `${filePath}.${randomUUID3()}.tmp`;
   try {
-    fs21.writeFileSync(tmpPath, data, options);
+    fs22.writeFileSync(tmpPath, data, options);
   } catch (err2) {
     try {
-      fs21.unlinkSync(tmpPath);
+      fs22.unlinkSync(tmpPath);
     } catch {
     }
     throw err2;
   }
   try {
-    fs21.renameSync(tmpPath, filePath);
+    fs22.renameSync(tmpPath, filePath);
   } catch (err2) {
     try {
-      fs21.unlinkSync(tmpPath);
+      fs22.unlinkSync(tmpPath);
     } catch {
     }
     throw err2;
@@ -11425,16 +11721,16 @@ function appendAuditLog(data) {
       decision: data.decision,
       source: "daemon"
     };
-    const dir = path23.dirname(AUDIT_LOG_FILE);
-    if (!fs21.existsSync(dir)) fs21.mkdirSync(dir, { recursive: true });
-    fs21.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
+    const dir = path24.dirname(AUDIT_LOG_FILE);
+    if (!fs22.existsSync(dir)) fs22.mkdirSync(dir, { recursive: true });
+    fs22.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
   } catch {
   }
 }
 function getAuditHistory(limit = 20) {
   try {
-    if (!fs21.existsSync(AUDIT_LOG_FILE)) return [];
-    const lines = fs21.readFileSync(AUDIT_LOG_FILE, "utf-8").trim().split("\n");
+    if (!fs22.existsSync(AUDIT_LOG_FILE)) return [];
+    const lines = fs22.readFileSync(AUDIT_LOG_FILE, "utf-8").trim().split("\n");
     if (lines.length === 1 && lines[0] === "") return [];
     return lines.slice(-limit).map((l) => JSON.parse(l)).reverse();
   } catch {
@@ -11443,7 +11739,7 @@ function getAuditHistory(limit = 20) {
 }
 function getOrgName() {
   try {
-    if (fs21.existsSync(CREDENTIALS_FILE)) return "Node9 Cloud";
+    if (fs22.existsSync(CREDENTIALS_FILE)) return "Node9 Cloud";
   } catch {
   }
   return null;
@@ -11451,8 +11747,8 @@ function getOrgName() {
 function writeGlobalSetting(key, value) {
   let config = {};
   try {
-    if (fs21.existsSync(GLOBAL_CONFIG_FILE)) {
-      config = JSON.parse(fs21.readFileSync(GLOBAL_CONFIG_FILE, "utf-8"));
+    if (fs22.existsSync(GLOBAL_CONFIG_FILE)) {
+      config = JSON.parse(fs22.readFileSync(GLOBAL_CONFIG_FILE, "utf-8"));
     }
   } catch {
   }
@@ -11464,8 +11760,8 @@ function writeTrustEntry(toolName, durationMs, commandPattern) {
   try {
     let trust = { entries: [] };
     try {
-      if (fs21.existsSync(TRUST_FILE2))
-        trust = JSON.parse(fs21.readFileSync(TRUST_FILE2, "utf-8"));
+      if (fs22.existsSync(TRUST_FILE2))
+        trust = JSON.parse(fs22.readFileSync(TRUST_FILE2, "utf-8"));
     } catch {
     }
     trust.entries = trust.entries.filter(
@@ -11482,8 +11778,8 @@ function writeTrustEntry(toolName, durationMs, commandPattern) {
 }
 function readPersistentDecisions() {
   try {
-    if (fs21.existsSync(DECISIONS_FILE)) {
-      return JSON.parse(fs21.readFileSync(DECISIONS_FILE, "utf-8"));
+    if (fs22.existsSync(DECISIONS_FILE)) {
+      return JSON.parse(fs22.readFileSync(DECISIONS_FILE, "utf-8"));
     }
   } catch {
   }
@@ -11511,7 +11807,7 @@ function estimateToolCost(tool, args) {
     const filePath = a.file_path ?? a.path;
     if (filePath) {
       try {
-        const bytes = fs21.statSync(filePath).size;
+        const bytes = fs22.statSync(filePath).size;
         return bytes / BYTES_PER_TOKEN / 1e6 * INPUT_PRICE_PER_1M;
       } catch {
       }
@@ -11582,7 +11878,7 @@ function abandonPending() {
   });
   if (autoStarted) {
     try {
-      fs21.unlinkSync(DAEMON_PID_FILE);
+      fs22.unlinkSync(DAEMON_PID_FILE);
     } catch {
     }
     setTimeout(() => {
@@ -11593,8 +11889,8 @@ function abandonPending() {
 }
 function logActivitySocket(msg) {
   try {
-    fs21.appendFileSync(
-      path23.join(homeDir, ".node9", "hook-debug.log"),
+    fs22.appendFileSync(
+      path24.join(homeDir, ".node9", "hook-debug.log"),
       `[${(/* @__PURE__ */ new Date()).toISOString()}] [activity-socket] ${msg}
 `
     );
@@ -11616,13 +11912,13 @@ function shouldRebind(now = Date.now()) {
 function startActivitySocket() {
   bindActivitySocket();
   activityHealthInterval = setInterval(() => {
-    if (!fs21.existsSync(ACTIVITY_SOCKET_PATH2)) attemptRebind("health-probe");
+    if (!fs22.existsSync(ACTIVITY_SOCKET_PATH2)) attemptRebind("health-probe");
   }, ACTIVITY_HEALTH_PROBE_MS);
   activityHealthInterval.unref();
   process.on("exit", () => {
     if (activityHealthInterval) clearInterval(activityHealthInterval);
     try {
-      fs21.unlinkSync(ACTIVITY_SOCKET_PATH2);
+      fs22.unlinkSync(ACTIVITY_SOCKET_PATH2);
     } catch {
     }
   });
@@ -11650,7 +11946,7 @@ function attemptRebind(reason) {
 }
 function bindActivitySocket() {
   try {
-    fs21.unlinkSync(ACTIVITY_SOCKET_PATH2);
+    fs22.unlinkSync(ACTIVITY_SOCKET_PATH2);
   } catch {
   }
   const ACTIVITY_MAX_BYTES = 1024 * 1024;
@@ -11763,14 +12059,14 @@ var init_state2 = __esm({
     init_taint_store();
     init_session_counters();
     init_session_history();
-    homeDir = os19.homedir();
-    DAEMON_PID_FILE = path23.join(homeDir, ".node9", "daemon.pid");
-    DECISIONS_FILE = path23.join(homeDir, ".node9", "decisions.json");
-    AUDIT_LOG_FILE = path23.join(homeDir, ".node9", "audit.log");
-    TRUST_FILE2 = path23.join(homeDir, ".node9", "trust.json");
-    GLOBAL_CONFIG_FILE = path23.join(homeDir, ".node9", "config.json");
-    CREDENTIALS_FILE = path23.join(homeDir, ".node9", "credentials.json");
-    INSIGHT_COUNTS_FILE = path23.join(homeDir, ".node9", "insight-counts.json");
+    homeDir = os20.homedir();
+    DAEMON_PID_FILE = path24.join(homeDir, ".node9", "daemon.pid");
+    DECISIONS_FILE = path24.join(homeDir, ".node9", "decisions.json");
+    AUDIT_LOG_FILE = path24.join(homeDir, ".node9", "audit.log");
+    TRUST_FILE2 = path24.join(homeDir, ".node9", "trust.json");
+    GLOBAL_CONFIG_FILE = path24.join(homeDir, ".node9", "config.json");
+    CREDENTIALS_FILE = path24.join(homeDir, ".node9", "credentials.json");
+    INSIGHT_COUNTS_FILE = path24.join(homeDir, ".node9", "insight-counts.json");
     pending = /* @__PURE__ */ new Map();
     sseClients = /* @__PURE__ */ new Set();
     suggestionTracker = new SuggestionTracker(3);
@@ -11787,7 +12083,7 @@ var init_state2 = __esm({
       "2h": 2 * 60 * 6e4
     };
     autoStarted = process.env.NODE9_AUTO_STARTED === "1";
-    ACTIVITY_SOCKET_PATH2 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path23.join(os19.tmpdir(), "node9-activity.sock");
+    ACTIVITY_SOCKET_PATH2 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path24.join(os20.tmpdir(), "node9-activity.sock");
     ACTIVITY_RING_SIZE = 100;
     activityRing = [];
     LARGE_RESPONSE_RING_SIZE = 20;
@@ -11826,10 +12122,10 @@ var init_state2 = __esm({
 });
 
 // src/daemon/sync.ts
-import fs22 from "fs";
+import fs23 from "fs";
 import https2 from "https";
-import os20 from "os";
-import path24 from "path";
+import os21 from "os";
+import path25 from "path";
 function emptySignals3() {
   return {
     dlpFindings: 0,
@@ -11869,8 +12165,8 @@ function readCredentials() {
     };
   }
   try {
-    const credPath = path24.join(os20.homedir(), ".node9", "credentials.json");
-    const creds = JSON.parse(fs22.readFileSync(credPath, "utf-8"));
+    const credPath = path25.join(os21.homedir(), ".node9", "credentials.json");
+    const creds = JSON.parse(fs23.readFileSync(credPath, "utf-8"));
     const profileName = process.env.NODE9_PROFILE ?? "default";
     const profile = creds[profileName];
     if (typeof profile?.apiKey === "string" && profile.apiKey.length > 0) {
@@ -11896,7 +12192,7 @@ function readCredentials() {
 }
 function readCachedEtag() {
   try {
-    const raw = JSON.parse(fs22.readFileSync(rulesCacheFile(), "utf-8"));
+    const raw = JSON.parse(fs23.readFileSync(rulesCacheFile(), "utf-8"));
     return typeof raw.etag === "string" ? raw.etag : void 0;
   } catch {
     return void 0;
@@ -11957,9 +12253,9 @@ function extractRules(body) {
   return [];
 }
 function writeCache2(cache) {
-  const dir = path24.dirname(rulesCacheFile());
-  if (!fs22.existsSync(dir)) fs22.mkdirSync(dir, { recursive: true });
-  fs22.writeFileSync(rulesCacheFile(), JSON.stringify(cache, null, 2) + "\n", "utf-8");
+  const dir = path25.dirname(rulesCacheFile());
+  if (!fs23.existsSync(dir)) fs23.mkdirSync(dir, { recursive: true });
+  fs23.writeFileSync(rulesCacheFile(), JSON.stringify(cache, null, 2) + "\n", "utf-8");
 }
 async function syncOnce() {
   const creds = readCredentials();
@@ -12116,7 +12412,7 @@ async function runCloudSync() {
 }
 function getCloudSyncStatus() {
   try {
-    const raw = JSON.parse(fs22.readFileSync(rulesCacheFile(), "utf-8"));
+    const raw = JSON.parse(fs23.readFileSync(rulesCacheFile(), "utf-8"));
     if (!Array.isArray(raw.rules) || typeof raw.fetchedAt !== "string") return { cached: false };
     return {
       cached: true,
@@ -12133,7 +12429,7 @@ function getCloudSyncStatus() {
 }
 function getCloudRules() {
   try {
-    const raw = JSON.parse(fs22.readFileSync(rulesCacheFile(), "utf-8"));
+    const raw = JSON.parse(fs23.readFileSync(rulesCacheFile(), "utf-8"));
     return Array.isArray(raw.rules) ? raw.rules : null;
   } catch {
     return null;
@@ -12189,7 +12485,7 @@ var init_sync = __esm({
       loop: "loops",
       "long-output-redacted": "longOutputRedactions"
     };
-    rulesCacheFile = () => path24.join(os20.homedir(), ".node9", "rules-cache.json");
+    rulesCacheFile = () => path25.join(os21.homedir(), ".node9", "rules-cache.json");
     DEFAULT_API_URL = "https://api.node9.ai/api/v1/intercept/policies/sync";
     DEFAULT_INTERVAL_HOURS = 5;
     MIN_INTERVAL_HOURS = 1;
@@ -12200,73 +12496,73 @@ var init_sync = __esm({
 });
 
 // src/daemon/dlp-scanner.ts
-import fs23 from "fs";
-import path25 from "path";
-import os21 from "os";
+import fs24 from "fs";
+import path26 from "path";
+import os22 from "os";
 function loadIndex() {
   try {
-    return JSON.parse(fs23.readFileSync(INDEX_FILE, "utf-8"));
+    return JSON.parse(fs24.readFileSync(INDEX_FILE, "utf-8"));
   } catch {
     return {};
   }
 }
 function saveIndex(index) {
   try {
-    fs23.writeFileSync(INDEX_FILE, JSON.stringify(index), { encoding: "utf-8", mode: 384 });
+    fs24.writeFileSync(INDEX_FILE, JSON.stringify(index), { encoding: "utf-8", mode: 384 });
   } catch {
   }
 }
 function appendAuditEntry(entry) {
   try {
-    fs23.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
+    fs24.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
   } catch {
   }
 }
 function runDlpScan() {
-  if (!fs23.existsSync(PROJECTS_DIR2)) return;
+  if (!fs24.existsSync(PROJECTS_DIR2)) return;
   const index = loadIndex();
   let updated = false;
   let projDirs;
   try {
-    projDirs = fs23.readdirSync(PROJECTS_DIR2);
+    projDirs = fs24.readdirSync(PROJECTS_DIR2);
   } catch {
     return;
   }
   for (const proj of projDirs) {
-    const projPath = path25.join(PROJECTS_DIR2, proj);
+    const projPath = path26.join(PROJECTS_DIR2, proj);
     try {
-      if (!fs23.lstatSync(projPath).isDirectory()) continue;
-      const real = fs23.realpathSync(projPath);
-      if (!real.startsWith(PROJECTS_DIR2 + path25.sep) && real !== PROJECTS_DIR2) continue;
+      if (!fs24.lstatSync(projPath).isDirectory()) continue;
+      const real = fs24.realpathSync(projPath);
+      if (!real.startsWith(PROJECTS_DIR2 + path26.sep) && real !== PROJECTS_DIR2) continue;
     } catch {
       continue;
     }
     let files;
     try {
-      files = fs23.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
+      files = fs24.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
     } catch {
       continue;
     }
     for (const file of files) {
-      const filePath = path25.join(projPath, file);
+      const filePath = path26.join(projPath, file);
       const lastOffset = index[filePath] ?? 0;
       let size;
       try {
-        size = fs23.statSync(filePath).size;
+        size = fs24.statSync(filePath).size;
       } catch {
         continue;
       }
       if (size <= lastOffset) continue;
       let fd;
       try {
-        fd = fs23.openSync(filePath, "r");
+        fd = fs24.openSync(filePath, "r");
       } catch {
         continue;
       }
       try {
         const chunkSize = size - lastOffset;
         const buf = Buffer.alloc(chunkSize);
-        fs23.readSync(fd, buf, 0, chunkSize, lastOffset);
+        fs24.readSync(fd, buf, 0, chunkSize, lastOffset);
         const chunk = buf.toString("utf-8");
         for (const line of chunk.split("\n")) {
           if (!line.trim()) continue;
@@ -12286,7 +12582,7 @@ function runDlpScan() {
             if (typeof text !== "string") continue;
             const match = scanText(text);
             if (!match) continue;
-            const projLabel = decodeURIComponent(proj).replace(os21.homedir(), "~").slice(0, 40);
+            const projLabel = decodeURIComponent(proj).replace(os22.homedir(), "~").slice(0, 40);
             const ts = entry.timestamp ?? (/* @__PURE__ */ new Date()).toISOString();
             appendAuditEntry({
               ts,
@@ -12311,7 +12607,7 @@ Run: node9 report --period 30d`
         updated = true;
       } finally {
         try {
-          fs23.closeSync(fd);
+          fs24.closeSync(fd);
         } catch {
         }
       }
@@ -12344,23 +12640,23 @@ var init_dlp_scanner = __esm({
     init_dlp();
     init_native();
     init_state2();
-    INDEX_FILE = path25.join(os21.homedir(), ".node9", "dlp-index.json");
-    PROJECTS_DIR2 = path25.join(os21.homedir(), ".claude", "projects");
+    INDEX_FILE = path26.join(os22.homedir(), ".node9", "dlp-index.json");
+    PROJECTS_DIR2 = path26.join(os22.homedir(), ".claude", "projects");
   }
 });
 
 // src/daemon/mcp-tools.ts
-import fs24 from "fs";
-import path26 from "path";
-import os22 from "os";
+import fs25 from "fs";
+import path27 from "path";
+import os23 from "os";
 function getMcpToolsFile() {
-  return path26.join(os22.homedir(), ".node9", "mcp-tools.json");
+  return path27.join(os23.homedir(), ".node9", "mcp-tools.json");
 }
 function readMcpToolsConfig() {
   try {
     const file = getMcpToolsFile();
-    if (!fs24.existsSync(file)) return {};
-    const raw = fs24.readFileSync(file, "utf-8");
+    if (!fs25.existsSync(file)) return {};
+    const raw = fs25.readFileSync(file, "utf-8");
     return JSON.parse(raw);
   } catch {
     return {};
@@ -12369,11 +12665,11 @@ function readMcpToolsConfig() {
 function writeMcpToolsConfig(config) {
   try {
     const file = getMcpToolsFile();
-    const dir = path26.dirname(file);
-    if (!fs24.existsSync(dir)) fs24.mkdirSync(dir, { recursive: true });
-    const tmpPath = `${file}.${os22.hostname()}.${process.pid}.tmp`;
-    fs24.writeFileSync(tmpPath, JSON.stringify(config, null, 2));
-    fs24.renameSync(tmpPath, file);
+    const dir = path27.dirname(file);
+    if (!fs25.existsSync(dir)) fs25.mkdirSync(dir, { recursive: true });
+    const tmpPath = `${file}.${os23.hostname()}.${process.pid}.tmp`;
+    fs25.writeFileSync(tmpPath, JSON.stringify(config, null, 2));
+    fs25.renameSync(tmpPath, file);
   } catch (e) {
     console.error("Failed to write mcp-tools.json", e);
   }
@@ -12420,9 +12716,9 @@ var init_mcp_tools = __esm({
 
 // src/daemon/server.ts
 import http from "http";
-import fs25 from "fs";
-import path27 from "path";
-import os23 from "os";
+import fs26 from "fs";
+import path28 from "path";
+import os24 from "os";
 import { randomUUID as randomUUID4 } from "crypto";
 import { spawnSync } from "child_process";
 import chalk6 from "chalk";
@@ -12443,7 +12739,7 @@ function startDaemon() {
     idleTimer = setTimeout(() => {
       if (autoStarted) {
         try {
-          fs25.unlinkSync(DAEMON_PID_FILE);
+          fs26.unlinkSync(DAEMON_PID_FILE);
         } catch {
         }
       }
@@ -12588,7 +12884,7 @@ data: ${JSON.stringify(item.data)}
             mcpServer: entry.mcpServer
           });
         }
-        const projectCwd = typeof cwd === "string" && path27.isAbsolute(cwd) ? cwd : void 0;
+        const projectCwd = typeof cwd === "string" && path28.isAbsolute(cwd) ? cwd : void 0;
         const projectConfig = getConfig(projectCwd);
         const browserEnabled = projectConfig.settings.approvers?.browser !== false;
         const terminalEnabled = projectConfig.settings.approvers?.terminal !== false;
@@ -12880,8 +13176,8 @@ data: ${JSON.stringify(item.data)}
       if (!validToken(req)) return res.writeHead(403).end();
       const periodParam = reqUrl.searchParams.get("period") || "7d";
       const period = ["today", "7d", "30d", "month"].includes(periodParam) ? periodParam : "7d";
-      const logPath = path27.join(os23.homedir(), ".node9", "audit.log");
-      if (!fs25.existsSync(logPath)) {
+      const logPath = path28.join(os24.homedir(), ".node9", "audit.log");
+      if (!fs26.existsSync(logPath)) {
         res.writeHead(200, { "Content-Type": "application/json" });
         return res.end(
           JSON.stringify({
@@ -12894,7 +13190,7 @@ data: ${JSON.stringify(item.data)}
         );
       }
       try {
-        const raw = fs25.readFileSync(logPath, "utf-8");
+        const raw = fs26.readFileSync(logPath, "utf-8");
         const allEntries = raw.split("\n").flatMap((line) => {
           if (!line.trim()) return [];
           try {
@@ -13217,14 +13513,14 @@ data: ${JSON.stringify(item.data)}
   server.on("error", (e) => {
     if (e.code === "EADDRINUSE") {
       try {
-        if (fs25.existsSync(DAEMON_PID_FILE)) {
-          const { pid } = JSON.parse(fs25.readFileSync(DAEMON_PID_FILE, "utf-8"));
+        if (fs26.existsSync(DAEMON_PID_FILE)) {
+          const { pid } = JSON.parse(fs26.readFileSync(DAEMON_PID_FILE, "utf-8"));
           process.kill(pid, 0);
           return process.exit(0);
         }
       } catch {
         try {
-          fs25.unlinkSync(DAEMON_PID_FILE);
+          fs26.unlinkSync(DAEMON_PID_FILE);
         } catch {
         }
         server.listen(DAEMON_PORT, DAEMON_HOST);
@@ -13312,15 +13608,15 @@ var init_server = __esm({
 });
 
 // src/daemon/service.ts
-import fs26 from "fs";
-import path28 from "path";
-import os24 from "os";
+import fs27 from "fs";
+import path29 from "path";
+import os25 from "os";
 import { spawnSync as spawnSync2, execFileSync } from "child_process";
 function resolveNode9Binary() {
   try {
     const script = process.argv[1];
-    if (typeof script === "string" && path28.isAbsolute(script) && fs26.existsSync(script)) {
-      return fs26.realpathSync(script);
+    if (typeof script === "string" && path29.isAbsolute(script) && fs27.existsSync(script)) {
+      return fs27.realpathSync(script);
     }
   } catch {
   }
@@ -13338,11 +13634,11 @@ function xmlEscape(s) {
   return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
 }
 function launchdPlist(binaryPath) {
-  const logDir = path28.join(os24.homedir(), ".node9");
+  const logDir = path29.join(os25.homedir(), ".node9");
   const nodePath = xmlEscape(process.execPath);
   const scriptPath = xmlEscape(binaryPath);
-  const outLog = xmlEscape(path28.join(logDir, "daemon.log"));
-  const errLog = xmlEscape(path28.join(logDir, "daemon-error.log"));
+  const outLog = xmlEscape(path29.join(logDir, "daemon.log"));
+  const errLog = xmlEscape(path29.join(logDir, "daemon-error.log"));
   return `<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
@@ -13375,9 +13671,9 @@ function launchdPlist(binaryPath) {
 `;
 }
 function installLaunchd(binaryPath) {
-  const dir = path28.dirname(LAUNCHD_PLIST);
-  if (!fs26.existsSync(dir)) fs26.mkdirSync(dir, { recursive: true });
-  fs26.writeFileSync(LAUNCHD_PLIST, launchdPlist(binaryPath), "utf-8");
+  const dir = path29.dirname(LAUNCHD_PLIST);
+  if (!fs27.existsSync(dir)) fs27.mkdirSync(dir, { recursive: true });
+  fs27.writeFileSync(LAUNCHD_PLIST, launchdPlist(binaryPath), "utf-8");
   spawnSync2("launchctl", ["unload", LAUNCHD_PLIST], { encoding: "utf8" });
   const r = spawnSync2("launchctl", ["load", "-w", LAUNCHD_PLIST], {
     encoding: "utf8",
@@ -13388,13 +13684,13 @@ function installLaunchd(binaryPath) {
   }
 }
 function uninstallLaunchd() {
-  if (fs26.existsSync(LAUNCHD_PLIST)) {
+  if (fs27.existsSync(LAUNCHD_PLIST)) {
     spawnSync2("launchctl", ["unload", "-w", LAUNCHD_PLIST], { encoding: "utf8", timeout: 5e3 });
-    fs26.unlinkSync(LAUNCHD_PLIST);
+    fs27.unlinkSync(LAUNCHD_PLIST);
   }
 }
 function isLaunchdInstalled() {
-  return fs26.existsSync(LAUNCHD_PLIST);
+  return fs27.existsSync(LAUNCHD_PLIST);
 }
 function systemdUnit(binaryPath) {
   return `[Unit]
@@ -13413,12 +13709,12 @@ WantedBy=default.target
 `;
 }
 function installSystemd(binaryPath) {
-  if (!fs26.existsSync(SYSTEMD_UNIT_DIR)) {
-    fs26.mkdirSync(SYSTEMD_UNIT_DIR, { recursive: true });
+  if (!fs27.existsSync(SYSTEMD_UNIT_DIR)) {
+    fs27.mkdirSync(SYSTEMD_UNIT_DIR, { recursive: true });
   }
-  fs26.writeFileSync(SYSTEMD_UNIT, systemdUnit(binaryPath), "utf-8");
+  fs27.writeFileSync(SYSTEMD_UNIT, systemdUnit(binaryPath), "utf-8");
   try {
-    execFileSync("loginctl", ["enable-linger", os24.userInfo().username], { timeout: 3e3 });
+    execFileSync("loginctl", ["enable-linger", os25.userInfo().username], { timeout: 3e3 });
   } catch {
   }
   const reload = spawnSync2("systemctl", ["--user", "daemon-reload"], {
@@ -13438,23 +13734,23 @@ function installSystemd(binaryPath) {
   }
 }
 function uninstallSystemd() {
-  if (fs26.existsSync(SYSTEMD_UNIT)) {
+  if (fs27.existsSync(SYSTEMD_UNIT)) {
     spawnSync2("systemctl", ["--user", "disable", "--now", "node9-daemon"], {
       encoding: "utf8",
       timeout: 5e3
     });
     spawnSync2("systemctl", ["--user", "daemon-reload"], { encoding: "utf8", timeout: 5e3 });
-    fs26.unlinkSync(SYSTEMD_UNIT);
+    fs27.unlinkSync(SYSTEMD_UNIT);
   }
 }
 function isSystemdInstalled() {
-  return fs26.existsSync(SYSTEMD_UNIT);
+  return fs27.existsSync(SYSTEMD_UNIT);
 }
 function stopRunningDaemon() {
-  const pidFile = path28.join(os24.homedir(), ".node9", "daemon.pid");
-  if (!fs26.existsSync(pidFile)) return;
+  const pidFile = path29.join(os25.homedir(), ".node9", "daemon.pid");
+  if (!fs27.existsSync(pidFile)) return;
   try {
-    const data = JSON.parse(fs26.readFileSync(pidFile, "utf-8"));
+    const data = JSON.parse(fs27.readFileSync(pidFile, "utf-8"));
     const pid = data.pid;
     const MAX_PID2 = 4194304;
     if (typeof pid === "number" && Number.isInteger(pid) && pid > 0 && pid <= MAX_PID2) {
@@ -13474,7 +13770,7 @@ function stopRunningDaemon() {
       }
     }
     try {
-      fs26.unlinkSync(pidFile);
+      fs27.unlinkSync(pidFile);
     } catch {
     }
   } catch {
@@ -13549,19 +13845,19 @@ var init_service = __esm({
   "src/daemon/service.ts"() {
     "use strict";
     LAUNCHD_LABEL = "ai.node9.daemon";
-    LAUNCHD_PLIST = path28.join(os24.homedir(), "Library", "LaunchAgents", `${LAUNCHD_LABEL}.plist`);
-    SYSTEMD_UNIT_DIR = path28.join(os24.homedir(), ".config", "systemd", "user");
-    SYSTEMD_UNIT = path28.join(SYSTEMD_UNIT_DIR, "node9-daemon.service");
+    LAUNCHD_PLIST = path29.join(os25.homedir(), "Library", "LaunchAgents", `${LAUNCHD_LABEL}.plist`);
+    SYSTEMD_UNIT_DIR = path29.join(os25.homedir(), ".config", "systemd", "user");
+    SYSTEMD_UNIT = path29.join(SYSTEMD_UNIT_DIR, "node9-daemon.service");
   }
 });
 
 // src/daemon/index.ts
-import fs27 from "fs";
+import fs28 from "fs";
 import chalk7 from "chalk";
 function stopDaemon() {
-  if (!fs27.existsSync(DAEMON_PID_FILE)) return console.log(chalk7.yellow("Not running."));
+  if (!fs28.existsSync(DAEMON_PID_FILE)) return console.log(chalk7.yellow("Not running."));
   try {
-    const data = JSON.parse(fs27.readFileSync(DAEMON_PID_FILE, "utf-8"));
+    const data = JSON.parse(fs28.readFileSync(DAEMON_PID_FILE, "utf-8"));
     const pid = data.pid;
     if (typeof pid !== "number" || !Number.isInteger(pid) || pid <= 0 || pid > MAX_PID) {
       console.log(chalk7.gray("Cleaned up invalid PID file."));
@@ -13573,7 +13869,7 @@ function stopDaemon() {
     console.log(chalk7.gray("Cleaned up stale PID file."));
   } finally {
     try {
-      fs27.unlinkSync(DAEMON_PID_FILE);
+      fs28.unlinkSync(DAEMON_PID_FILE);
     } catch {
     }
   }
@@ -13582,9 +13878,9 @@ function daemonStatus() {
   const serviceInstalled = isDaemonServiceInstalled();
   const serviceLabel = serviceInstalled ? chalk7.green("installed (starts on login)") : chalk7.yellow("not installed \u2014 run: node9 daemon install");
   let processStatus;
-  if (fs27.existsSync(DAEMON_PID_FILE)) {
+  if (fs28.existsSync(DAEMON_PID_FILE)) {
     try {
-      const data = JSON.parse(fs27.readFileSync(DAEMON_PID_FILE, "utf-8"));
+      const data = JSON.parse(fs28.readFileSync(DAEMON_PID_FILE, "utf-8"));
       const pid = data.pid;
       const port = data.port;
       if (typeof pid !== "number" || !Number.isInteger(pid) || pid <= 0 || pid > MAX_PID) {
@@ -13629,7 +13925,7 @@ __export(tail_exports, {
 });
 import http2 from "http";
 import chalk29 from "chalk";
-import fs45 from "fs";
+import fs46 from "fs";
 import os41 from "os";
 import path47 from "path";
 import readline6 from "readline";
@@ -13656,19 +13952,19 @@ function getModelContextLimit(model) {
 }
 function readSessionUsage() {
   const projectsDir = path47.join(os41.homedir(), ".claude", "projects");
-  if (!fs45.existsSync(projectsDir)) return null;
+  if (!fs46.existsSync(projectsDir)) return null;
   let latestFile = null;
   let latestMtime = 0;
   try {
-    for (const dir of fs45.readdirSync(projectsDir)) {
+    for (const dir of fs46.readdirSync(projectsDir)) {
       const dirPath = path47.join(projectsDir, dir);
       try {
-        if (!fs45.statSync(dirPath).isDirectory()) continue;
-        for (const file of fs45.readdirSync(dirPath)) {
+        if (!fs46.statSync(dirPath).isDirectory()) continue;
+        for (const file of fs46.readdirSync(dirPath)) {
           if (!file.endsWith(".jsonl") || file.startsWith("agent-")) continue;
           const filePath = path47.join(dirPath, file);
           try {
-            const mtime = fs45.statSync(filePath).mtimeMs;
+            const mtime = fs46.statSync(filePath).mtimeMs;
             if (mtime > latestMtime) {
               latestMtime = mtime;
               latestFile = filePath;
@@ -13683,7 +13979,7 @@ function readSessionUsage() {
   }
   if (!latestFile) return null;
   try {
-    const lines = fs45.readFileSync(latestFile, "utf-8").split("\n");
+    const lines = fs46.readFileSync(latestFile, "utf-8").split("\n");
     let lastModel = "";
     let lastInput = 0;
     let lastOutput = 0;
@@ -13783,9 +14079,9 @@ function renderPending(activity) {
 }
 async function ensureDaemon() {
   let pidPort = null;
-  if (fs45.existsSync(PID_FILE)) {
+  if (fs46.existsSync(PID_FILE)) {
     try {
-      const { port } = JSON.parse(fs45.readFileSync(PID_FILE, "utf-8"));
+      const { port } = JSON.parse(fs46.readFileSync(PID_FILE, "utf-8"));
       pidPort = port;
     } catch {
       console.error(chalk29.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
@@ -13943,7 +14239,7 @@ function buildRecoveryCardLines(req) {
 function readApproversFromDisk() {
   const configPath = path47.join(os41.homedir(), ".node9", "config.json");
   try {
-    const raw = JSON.parse(fs45.readFileSync(configPath, "utf-8"));
+    const raw = JSON.parse(fs46.readFileSync(configPath, "utf-8"));
     const settings = raw.settings ?? {};
     return settings.approvers ?? {};
   } catch {
@@ -13961,13 +14257,13 @@ function approverStatusLine() {
 function toggleApprover(channel) {
   const configPath = path47.join(os41.homedir(), ".node9", "config.json");
   try {
-    const raw = JSON.parse(fs45.readFileSync(configPath, "utf-8"));
+    const raw = JSON.parse(fs46.readFileSync(configPath, "utf-8"));
     const settings = raw.settings ?? {};
     const approvers = settings.approvers ?? {};
     approvers[channel] = approvers[channel] === false;
     settings.approvers = approvers;
     raw.settings = settings;
-    fs45.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
+    fs46.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
   } catch (err2) {
     process.stderr.write(`[node9] toggleApprover failed: ${String(err2)}
 `);
@@ -14139,7 +14435,7 @@ async function startTail(options = {}) {
       }
       postDecisionHttp(req2.id, httpDecision, authToken, port, httpOpts).catch((err2) => {
         try {
-          fs45.appendFileSync(
+          fs46.appendFileSync(
             path47.join(os41.homedir(), ".node9", "hook-debug.log"),
             `[tail] POST /decision failed: ${String(err2)}
 `
@@ -14206,7 +14502,7 @@ async function startTail(options = {}) {
   }
   const auditLog = path47.join(os41.homedir(), ".node9", "audit.log");
   try {
-    const unackedDlp = fs45.readFileSync(auditLog, "utf-8").split("\n").filter((l) => l.includes('"response-dlp"')).length;
+    const unackedDlp = fs46.readFileSync(auditLog, "utf-8").split("\n").filter((l) => l.includes('"response-dlp"')).length;
     if (unackedDlp > 0) {
       console.log("");
       console.log(
@@ -14246,7 +14542,7 @@ async function startTail(options = {}) {
     if (stallWarned) return;
     if (Date.now() - lastActivityFromDaemon < STALL_THRESHOLD_MS) return;
     try {
-      const auditMtime = fs45.statSync(auditLog).mtimeMs;
+      const auditMtime = fs46.statSync(auditLog).mtimeMs;
       if (Date.now() - auditMtime >= STALL_THRESHOLD_MS) return;
       console.log("");
       console.log(
@@ -14485,7 +14781,7 @@ __export(hud_exports, {
   main: () => main,
   renderEnvironmentLine: () => renderEnvironmentLine
 });
-import fs46 from "fs";
+import fs47 from "fs";
 import path48 from "path";
 import os42 from "os";
 import http3 from "http";
@@ -14563,9 +14859,9 @@ function formatTimeLeft(resetsAt) {
   return ` (${m}m left)`;
 }
 function safeReadJson(filePath) {
-  if (!fs46.existsSync(filePath)) return null;
+  if (!fs47.existsSync(filePath)) return null;
   try {
-    return JSON.parse(fs46.readFileSync(filePath, "utf-8"));
+    return JSON.parse(fs47.readFileSync(filePath, "utf-8"));
   } catch {
     return null;
   }
@@ -14586,10 +14882,10 @@ function countHooksInFile(filePath) {
   return Object.keys(cfg.hooks).length;
 }
 function countRulesInDir(rulesDir) {
-  if (!fs46.existsSync(rulesDir)) return 0;
+  if (!fs47.existsSync(rulesDir)) return 0;
   let count = 0;
   try {
-    for (const entry of fs46.readdirSync(rulesDir, { withFileTypes: true })) {
+    for (const entry of fs47.readdirSync(rulesDir, { withFileTypes: true })) {
       if (entry.isDirectory()) {
         count += countRulesInDir(path48.join(rulesDir, entry.name));
       } else if (entry.isFile() && entry.name.endsWith(".md")) {
@@ -14615,7 +14911,7 @@ function countConfigs(cwd) {
   let hooksCount = 0;
   const userMcpServers = /* @__PURE__ */ new Set();
   const projectMcpServers = /* @__PURE__ */ new Set();
-  if (fs46.existsSync(path48.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
+  if (fs47.existsSync(path48.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
   rulesCount += countRulesInDir(path48.join(claudeDir, "rules"));
   const userSettings = path48.join(claudeDir, "settings.json");
   for (const name of getMcpServerNames(userSettings)) userMcpServers.add(name);
@@ -14626,18 +14922,18 @@ function countConfigs(cwd) {
     userMcpServers.delete(name);
   }
   if (cwd) {
-    if (fs46.existsSync(path48.join(cwd, "CLAUDE.md"))) claudeMdCount++;
-    if (fs46.existsSync(path48.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
+    if (fs47.existsSync(path48.join(cwd, "CLAUDE.md"))) claudeMdCount++;
+    if (fs47.existsSync(path48.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
     const projectClaudeDir = path48.join(cwd, ".claude");
     const overlapsUserScope = isSamePath(projectClaudeDir, claudeDir);
     if (!overlapsUserScope) {
-      if (fs46.existsSync(path48.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
+      if (fs47.existsSync(path48.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
       rulesCount += countRulesInDir(path48.join(projectClaudeDir, "rules"));
       const projSettings = path48.join(projectClaudeDir, "settings.json");
       for (const name of getMcpServerNames(projSettings)) projectMcpServers.add(name);
       hooksCount += countHooksInFile(projSettings);
     }
-    if (fs46.existsSync(path48.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
+    if (fs47.existsSync(path48.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
     const localSettings = path48.join(projectClaudeDir, "settings.local.json");
     for (const name of getMcpServerNames(localSettings)) projectMcpServers.add(name);
     hooksCount += countHooksInFile(localSettings);
@@ -14675,11 +14971,11 @@ function readActiveShieldsHud() {
   }
   try {
     const shieldsPath = path48.join(os42.homedir(), ".node9", "shields.json");
-    if (!fs46.existsSync(shieldsPath)) {
+    if (!fs47.existsSync(shieldsPath)) {
       shieldsCache = { value: [], ts: now };
       return [];
     }
-    const parsed = JSON.parse(fs46.readFileSync(shieldsPath, "utf-8"));
+    const parsed = JSON.parse(fs47.readFileSync(shieldsPath, "utf-8"));
     if (!Array.isArray(parsed.active)) {
       shieldsCache = { value: [], ts: now };
       return [];
@@ -14781,17 +15077,17 @@ function renderContextLine(stdin) {
 async function main() {
   try {
     const [stdin, daemonStatus2] = await Promise.all([readStdin(), queryDaemon()]);
-    if (fs46.existsSync(path48.join(os42.homedir(), ".node9", "hud-debug"))) {
+    if (fs47.existsSync(path48.join(os42.homedir(), ".node9", "hud-debug"))) {
       try {
         const logPath = path48.join(os42.homedir(), ".node9", "hud-debug.log");
         const MAX_LOG_SIZE = 10 * 1024 * 1024;
         let size = 0;
         try {
-          size = fs46.statSync(logPath).size;
+          size = fs47.statSync(logPath).size;
         } catch {
         }
         if (size < MAX_LOG_SIZE) {
-          fs46.appendFileSync(
+          fs47.appendFileSync(
             logPath,
             JSON.stringify({ ts: (/* @__PURE__ */ new Date()).toISOString(), stdin }) + "\n"
           );
@@ -14815,8 +15111,8 @@ async function main() {
           path48.join(cwd, "node9.config.json"),
           path48.join(os42.homedir(), ".node9", "config.json")
         ]) {
-          if (!fs46.existsSync(configPath)) continue;
-          const cfg = JSON.parse(fs46.readFileSync(configPath, "utf-8"));
+          if (!fs47.existsSync(configPath)) continue;
+          const cfg = JSON.parse(fs47.readFileSync(configPath, "utf-8"));
           const hud = cfg.settings?.hud;
           if (hud && "showEnvironmentCounts" in hud) return hud.showEnvironmentCounts !== false;
         }
@@ -14863,7 +15159,7 @@ init_setup();
 init_daemon2();
 import { Command } from "commander";
 import chalk30 from "chalk";
-import fs47 from "fs";
+import fs48 from "fs";
 import path49 from "path";
 import os43 from "os";
 import { confirm as confirm2 } from "@inquirer/prompts";
@@ -15048,17 +15344,17 @@ async function runProxy(targetCommand) {
 // src/cli/daemon-starter.ts
 init_daemon();
 import { spawn as spawn3 } from "child_process";
-import path29 from "path";
-import fs28 from "fs";
+import path30 from "path";
+import fs29 from "fs";
 function isTestingMode() {
   return /^(1|true|yes)$/i.test(process.env.NODE9_TESTING ?? "");
 }
 async function autoStartDaemonAndWait() {
   if (isTestingMode()) return false;
-  if (!path29.isAbsolute(process.argv[1])) return false;
+  if (!path30.isAbsolute(process.argv[1])) return false;
   let resolvedArgv1;
   try {
-    resolvedArgv1 = fs28.realpathSync(process.argv[1]);
+    resolvedArgv1 = fs29.realpathSync(process.argv[1]);
   } catch {
     return false;
   }
@@ -15089,19 +15385,19 @@ init_daemon();
 init_config();
 init_policy();
 import chalk9 from "chalk";
-import fs31 from "fs";
+import fs32 from "fs";
 import { spawn as spawn5 } from "child_process";
-import path32 from "path";
-import os27 from "os";
+import path33 from "path";
+import os28 from "os";
 
 // src/undo.ts
 import { spawnSync as spawnSync3, spawn as spawn4 } from "child_process";
-import crypto3 from "crypto";
-import fs29 from "fs";
+import crypto4 from "crypto";
+import fs30 from "fs";
 import net3 from "net";
-import path30 from "path";
-import os25 from "os";
-var ACTIVITY_SOCKET_PATH3 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path30.join(os25.tmpdir(), "node9-activity.sock");
+import path31 from "path";
+import os26 from "os";
+var ACTIVITY_SOCKET_PATH3 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path31.join(os26.tmpdir(), "node9-activity.sock");
 function notifySnapshotTaken(hash, tool, argsSummary, fileCount) {
   try {
     const payload = JSON.stringify({
@@ -15121,22 +15417,22 @@ function notifySnapshotTaken(hash, tool, argsSummary, fileCount) {
   } catch {
   }
 }
-var SNAPSHOT_STACK_PATH = path30.join(os25.homedir(), ".node9", "snapshots.json");
-var UNDO_LATEST_PATH = path30.join(os25.homedir(), ".node9", "undo_latest.txt");
+var SNAPSHOT_STACK_PATH = path31.join(os26.homedir(), ".node9", "snapshots.json");
+var UNDO_LATEST_PATH = path31.join(os26.homedir(), ".node9", "undo_latest.txt");
 var MAX_SNAPSHOTS = 10;
 var GIT_TIMEOUT = 15e3;
 function readStack() {
   try {
-    if (fs29.existsSync(SNAPSHOT_STACK_PATH))
-      return JSON.parse(fs29.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
+    if (fs30.existsSync(SNAPSHOT_STACK_PATH))
+      return JSON.parse(fs30.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
   } catch {
   }
   return [];
 }
 function writeStack(stack) {
-  const dir = path30.dirname(SNAPSHOT_STACK_PATH);
-  if (!fs29.existsSync(dir)) fs29.mkdirSync(dir, { recursive: true });
-  fs29.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
+  const dir = path31.dirname(SNAPSHOT_STACK_PATH);
+  if (!fs30.existsSync(dir)) fs30.mkdirSync(dir, { recursive: true });
+  fs30.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
 }
 function extractFilePath(args) {
   if (!args || typeof args !== "object") return null;
@@ -15156,12 +15452,12 @@ function buildArgsSummary(tool, args) {
   return "";
 }
 function findProjectRoot(filePath) {
-  let dir = path30.dirname(filePath);
+  let dir = path31.dirname(filePath);
   while (true) {
-    if (fs29.existsSync(path30.join(dir, ".git")) || fs29.existsSync(path30.join(dir, "package.json"))) {
+    if (fs30.existsSync(path31.join(dir, ".git")) || fs30.existsSync(path31.join(dir, "package.json"))) {
       return dir;
     }
-    const parent = path30.dirname(dir);
+    const parent = path31.dirname(dir);
     if (parent === dir) return process.cwd();
     dir = parent;
   }
@@ -15169,7 +15465,7 @@ function findProjectRoot(filePath) {
 function normalizeCwdForHash(cwd) {
   let normalized;
   try {
-    normalized = fs29.realpathSync(cwd);
+    normalized = fs30.realpathSync(cwd);
   } catch {
     normalized = cwd;
   }
@@ -15178,17 +15474,17 @@ function normalizeCwdForHash(cwd) {
   return normalized;
 }
 function getShadowRepoDir(cwd) {
-  const hash = crypto3.createHash("sha256").update(normalizeCwdForHash(cwd)).digest("hex").slice(0, 16);
-  return path30.join(os25.homedir(), ".node9", "snapshots", hash);
+  const hash = crypto4.createHash("sha256").update(normalizeCwdForHash(cwd)).digest("hex").slice(0, 16);
+  return path31.join(os26.homedir(), ".node9", "snapshots", hash);
 }
 function cleanOrphanedIndexFiles(shadowDir) {
   try {
     const cutoff = Date.now() - 6e4;
-    for (const f of fs29.readdirSync(shadowDir)) {
+    for (const f of fs30.readdirSync(shadowDir)) {
       if (f.startsWith("index_")) {
-        const fp = path30.join(shadowDir, f);
+        const fp = path31.join(shadowDir, f);
         try {
-          if (fs29.statSync(fp).mtimeMs < cutoff) fs29.unlinkSync(fp);
+          if (fs30.statSync(fp).mtimeMs < cutoff) fs30.unlinkSync(fp);
         } catch {
         }
       }
@@ -15200,7 +15496,7 @@ function writeShadowExcludes(shadowDir, ignorePaths) {
   const hardcoded = [".git", ".node9"];
   const lines = [...hardcoded, ...ignorePaths].join("\n");
   try {
-    fs29.writeFileSync(path30.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
+    fs30.writeFileSync(path31.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
   } catch {
   }
 }
@@ -15213,25 +15509,25 @@ function ensureShadowRepo(shadowDir, cwd) {
     timeout: 3e3
   });
   if (check.status === 0) {
-    const ptPath = path30.join(shadowDir, "project-path.txt");
+    const ptPath = path31.join(shadowDir, "project-path.txt");
     try {
-      const stored = fs29.readFileSync(ptPath, "utf8").trim();
+      const stored = fs30.readFileSync(ptPath, "utf8").trim();
       if (stored === normalizedCwd) return true;
       if (process.env.NODE9_DEBUG === "1")
         console.error(
           `[Node9] Shadow repo path mismatch: stored="${stored}" expected="${normalizedCwd}" \u2014 reinitializing`
         );
-      fs29.rmSync(shadowDir, { recursive: true, force: true });
+      fs30.rmSync(shadowDir, { recursive: true, force: true });
     } catch {
       try {
-        fs29.writeFileSync(ptPath, normalizedCwd, "utf8");
+        fs30.writeFileSync(ptPath, normalizedCwd, "utf8");
       } catch {
       }
       return true;
     }
   }
   try {
-    fs29.mkdirSync(shadowDir, { recursive: true });
+    fs30.mkdirSync(shadowDir, { recursive: true });
   } catch {
   }
   const init = spawnSync3("git", ["init", "--bare", shadowDir], { timeout: 5e3 });
@@ -15240,7 +15536,7 @@ function ensureShadowRepo(shadowDir, cwd) {
     if (process.env.NODE9_DEBUG === "1") console.error("[Node9] git init --bare failed:", reason);
     return false;
   }
-  const configFile = path30.join(shadowDir, "config");
+  const configFile = path31.join(shadowDir, "config");
   spawnSync3("git", ["config", "--file", configFile, "core.untrackedCache", "true"], {
     timeout: 3e3
   });
@@ -15248,7 +15544,7 @@ function ensureShadowRepo(shadowDir, cwd) {
     timeout: 3e3
   });
   try {
-    fs29.writeFileSync(path30.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
+    fs30.writeFileSync(path31.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
   } catch {
   }
   return true;
@@ -15271,12 +15567,12 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
   let indexFile = null;
   try {
     const rawFilePath = extractFilePath(args);
-    const absFilePath = rawFilePath && path30.isAbsolute(rawFilePath) ? rawFilePath : null;
+    const absFilePath = rawFilePath && path31.isAbsolute(rawFilePath) ? rawFilePath : null;
     const cwd = absFilePath ? findProjectRoot(absFilePath) : process.cwd();
     const shadowDir = getShadowRepoDir(cwd);
     if (!ensureShadowRepo(shadowDir, cwd)) return null;
     writeShadowExcludes(shadowDir, ignorePaths);
-    indexFile = path30.join(shadowDir, `index_${process.pid}_${Date.now()}`);
+    indexFile = path31.join(shadowDir, `index_${process.pid}_${Date.now()}`);
     const shadowEnv = {
       ...process.env,
       GIT_DIR: shadowDir,
@@ -15348,7 +15644,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
     writeStack(stack);
     const entry = stack[stack.length - 1];
     notifySnapshotTaken(commitHash.slice(0, 7), tool, entry.argsSummary, capturedFiles.length);
-    fs29.writeFileSync(UNDO_LATEST_PATH, commitHash);
+    fs30.writeFileSync(UNDO_LATEST_PATH, commitHash);
     if (shouldGc) {
       spawn4("git", ["gc", "--auto"], { env: shadowEnv, detached: true, stdio: "ignore" }).unref();
     }
@@ -15359,7 +15655,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
   } finally {
     if (indexFile) {
       try {
-        fs29.unlinkSync(indexFile);
+        fs30.unlinkSync(indexFile);
       } catch {
       }
     }
@@ -15435,9 +15731,9 @@ function applyUndo(hash, cwd) {
       timeout: GIT_TIMEOUT
     }).stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
     for (const file of [...tracked, ...untracked]) {
-      const fullPath = path30.join(dir, file);
-      if (!snapshotFiles.has(file) && fs29.existsSync(fullPath)) {
-        fs29.unlinkSync(fullPath);
+      const fullPath = path31.join(dir, file);
+      if (!snapshotFiles.has(file) && fs30.existsSync(fullPath)) {
+        fs30.unlinkSync(fullPath);
       }
     }
     return true;
@@ -15447,17 +15743,17 @@ function applyUndo(hash, cwd) {
 }
 
 // src/skill-pin.ts
-import fs30 from "fs";
-import path31 from "path";
-import os26 from "os";
-import crypto4 from "crypto";
-function getPinsFilePath() {
-  return path31.join(os26.homedir(), ".node9", "skill-pins.json");
+import fs31 from "fs";
+import path32 from "path";
+import os27 from "os";
+import crypto5 from "crypto";
+function getPinsFilePath2() {
+  return path32.join(os27.homedir(), ".node9", "skill-pins.json");
 }
 var MAX_FILES = 5e3;
 var MAX_TOTAL_BYTES = 50 * 1024 * 1024;
 function sha256Bytes(buf) {
-  return crypto4.createHash("sha256").update(buf).digest("hex");
+  return crypto5.createHash("sha256").update(buf).digest("hex");
 }
 function walkDir(root) {
   const out = [];
@@ -15466,18 +15762,18 @@ function walkDir(root) {
     if (out.length >= MAX_FILES) return;
     let entries;
     try {
-      entries = fs30.readdirSync(dir, { withFileTypes: true });
+      entries = fs31.readdirSync(dir, { withFileTypes: true });
     } catch {
       return;
     }
     entries.sort((a, b) => a.name.localeCompare(b.name));
     for (const entry of entries) {
       if (out.length >= MAX_FILES) return;
-      const full = path31.join(dir, entry.name);
-      const rel = relDir ? path31.posix.join(relDir, entry.name) : entry.name;
+      const full = path32.join(dir, entry.name);
+      const rel = relDir ? path32.posix.join(relDir, entry.name) : entry.name;
       let lst;
       try {
-        lst = fs30.lstatSync(full);
+        lst = fs31.lstatSync(full);
       } catch {
         continue;
       }
@@ -15489,7 +15785,7 @@ function walkDir(root) {
       if (!lst.isFile()) continue;
       if (totalBytes + lst.size > MAX_TOTAL_BYTES) continue;
       try {
-        const buf = fs30.readFileSync(full);
+        const buf = fs31.readFileSync(full);
         totalBytes += buf.length;
         out.push({ rel, hash: sha256Bytes(buf) });
       } catch {
@@ -15503,32 +15799,32 @@ function walkDir(root) {
 function hashSkillRoot(absPath) {
   let lst;
   try {
-    lst = fs30.lstatSync(absPath);
+    lst = fs31.lstatSync(absPath);
   } catch {
     return { exists: false, contentHash: "", fileCount: 0 };
   }
   if (lst.isSymbolicLink()) return { exists: false, contentHash: "", fileCount: 0 };
   if (lst.isFile()) {
     try {
-      return { exists: true, contentHash: sha256Bytes(fs30.readFileSync(absPath)), fileCount: 1 };
+      return { exists: true, contentHash: sha256Bytes(fs31.readFileSync(absPath)), fileCount: 1 };
     } catch {
       return { exists: false, contentHash: "", fileCount: 0 };
     }
   }
   if (lst.isDirectory()) {
     const entries = walkDir(absPath);
-    const contentHash = crypto4.createHash("sha256").update(entries.join("\n")).digest("hex");
+    const contentHash = crypto5.createHash("sha256").update(entries.join("\n")).digest("hex");
     return { exists: true, contentHash, fileCount: entries.length };
   }
   return { exists: false, contentHash: "", fileCount: 0 };
 }
 function getRootKey(absPath) {
-  return crypto4.createHash("sha256").update(absPath).digest("hex").slice(0, 16);
+  return crypto5.createHash("sha256").update(absPath).digest("hex").slice(0, 16);
 }
 function readSkillPinsSafe() {
-  const filePath = getPinsFilePath();
+  const filePath = getPinsFilePath2();
   try {
-    const raw = fs30.readFileSync(filePath, "utf-8");
+    const raw = fs31.readFileSync(filePath, "utf-8");
     if (!raw.trim()) return { ok: false, reason: "corrupt", detail: "empty file" };
     const parsed = JSON.parse(raw);
     if (!parsed.roots || typeof parsed.roots !== "object" || Array.isArray(parsed.roots)) {
@@ -15547,18 +15843,18 @@ function readSkillPins() {
   throw new Error(`[node9] skill pin file is corrupt: ${result.detail}`);
 }
 function writeSkillPins(data) {
-  const filePath = getPinsFilePath();
-  fs30.mkdirSync(path31.dirname(filePath), { recursive: true });
-  const tmp = `${filePath}.${crypto4.randomBytes(6).toString("hex")}.tmp`;
-  fs30.writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 384 });
-  fs30.renameSync(tmp, filePath);
+  const filePath = getPinsFilePath2();
+  fs31.mkdirSync(path32.dirname(filePath), { recursive: true });
+  const tmp = `${filePath}.${crypto5.randomBytes(6).toString("hex")}.tmp`;
+  fs31.writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 384 });
+  fs31.renameSync(tmp, filePath);
 }
-function removePin(rootKey) {
+function removePin2(rootKey) {
   const pins = readSkillPins();
   delete pins.roots[rootKey];
   writeSkillPins(pins);
 }
-function clearAllPins() {
+function clearAllPins2() {
   writeSkillPins({ roots: {} });
 }
 function verifyAndPinRoots(roots) {
@@ -15595,43 +15891,48 @@ function verifyAndPinRoots(roots) {
   return { kind: "verified" };
 }
 function defaultSkillRoots(_cwd) {
-  const marketplaces = path31.join(os26.homedir(), ".claude", "plugins", "marketplaces");
+  const marketplaces = path32.join(os27.homedir(), ".claude", "plugins", "marketplaces");
   const roots = [];
   let registries;
   try {
-    registries = fs30.readdirSync(marketplaces, { withFileTypes: true });
+    registries = fs31.readdirSync(marketplaces, { withFileTypes: true });
   } catch {
     return [];
   }
   for (const registry of registries) {
     if (!registry.isDirectory()) continue;
-    const pluginsDir = path31.join(marketplaces, registry.name, "plugins");
+    const pluginsDir = path32.join(marketplaces, registry.name, "plugins");
     let plugins;
     try {
-      plugins = fs30.readdirSync(pluginsDir, { withFileTypes: true });
+      plugins = fs31.readdirSync(pluginsDir, { withFileTypes: true });
     } catch {
       continue;
     }
     for (const plugin of plugins) {
       if (!plugin.isDirectory()) continue;
-      roots.push(path31.join(pluginsDir, plugin.name));
+      roots.push(path32.join(pluginsDir, plugin.name));
     }
   }
   return roots;
 }
 function resolveUserSkillRoot(entry, cwd) {
   if (!entry) return null;
-  if (entry.startsWith("~/") || entry === "~") return path31.join(os26.homedir(), entry.slice(1));
-  if (path31.isAbsolute(entry)) return entry;
-  if (!cwd || !path31.isAbsolute(cwd)) return null;
-  return path31.join(cwd, entry);
+  if (entry.startsWith("~/") || entry === "~") return path32.join(os27.homedir(), entry.slice(1));
+  if (path32.isAbsolute(entry)) return entry;
+  if (!cwd || !path32.isAbsolute(cwd)) return null;
+  return path32.join(cwd, entry);
 }
 
 // src/cli/commands/check.ts
+init_dlp();
+init_audit();
 function sanitize2(value) {
   return value.replace(/[\x00-\x1F\x7F]/g, "");
 }
 function detectAiAgent(payload) {
+  if (payload.turn_id !== void 0) {
+    return "Codex";
+  }
   if (payload.hook_event_name === "PreToolUse" || payload.hook_event_name === "PostToolUse" || payload.tool_use_id !== void 0 || payload.permission_mode !== void 0) {
     return "Claude Code";
   }
@@ -15666,9 +15967,9 @@ function registerCheckCommand(program2) {
         } catch (err2) {
           const tempConfig = getConfig();
           if (process.env.NODE9_DEBUG === "1" || tempConfig.settings.enableHookLogDebug) {
-            const logPath = path32.join(os27.homedir(), ".node9", "hook-debug.log");
+            const logPath = path33.join(os28.homedir(), ".node9", "hook-debug.log");
             const errMsg = err2 instanceof Error ? err2.message : String(err2);
-            fs31.appendFileSync(
+            fs32.appendFileSync(
               logPath,
               `[${(/* @__PURE__ */ new Date()).toISOString()}] JSON_PARSE_ERROR: ${errMsg}
 RAW: ${raw}
@@ -15677,15 +15978,76 @@ RAW: ${raw}
           }
           process.exit(0);
         }
-        const config = getConfig(payload.cwd || void 0);
+        if (payload.hook_event_name === "UserPromptSubmit") {
+          const prompt = typeof payload.prompt === "string" ? payload.prompt : "";
+          if (process.env.NODE9_DEBUG === "1") {
+            try {
+              const logPath = path33.join(os28.homedir(), ".node9", "hook-debug.log");
+              if (!fs32.existsSync(path33.dirname(logPath)))
+                fs32.mkdirSync(path33.dirname(logPath), { recursive: true });
+              const sanitized = JSON.stringify({
+                ...payload,
+                prompt: `<redacted, ${prompt.length} bytes>`
+              });
+              fs32.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${sanitized}
+`);
+            } catch {
+            }
+          }
+          if (!prompt) process.exit(0);
+          const dlpMatch = scanArgs({ prompt });
+          if (!dlpMatch) process.exit(0);
+          const agent2 = detectAiAgent(payload);
+          const sessionId2 = typeof payload.session_id === "string" ? payload.session_id : void 0;
+          appendLocalAudit(
+            "UserPromptSubmit",
+            { prompt },
+            "deny",
+            "dlp-block",
+            { agent: agent2, sessionId: sessionId2 },
+            true
+          );
+          const reason = `\u{1F6A8} Node9 DLP: ${dlpMatch.patternName} detected in prompt (${dlpMatch.redactedSample}). Prompt was not submitted \u2014 remove the credential and try again.`;
+          try {
+            const ttyFd = fs32.openSync("/dev/tty", "w");
+            fs32.writeSync(
+              ttyFd,
+              chalk9.bgRed.white.bold(`
+ \u{1F6A8} NODE9 DLP \u2014 PROMPT BLOCKED 
+`) + chalk9.red(`   ${dlpMatch.patternName} detected in your prompt.
+`) + chalk9.gray(`   Match: ${dlpMatch.redactedSample}
+`) + chalk9.cyan(`   Edit the prompt to remove the credential and resubmit.
+
+`)
+            );
+            fs32.closeSync(ttyFd);
+          } catch {
+          }
+          const isCodex = agent2 === "Codex";
+          process.stdout.write(
+            JSON.stringify({
+              decision: "block",
+              reason,
+              systemMessage: reason,
+              hookSpecificOutput: isCodex ? { hookEventName: "UserPromptSubmit" } : {
+                hookEventName: "UserPromptSubmit",
+                permissionDecision: "deny",
+                permissionDecisionReason: reason
+              }
+            }) + "\n"
+          );
+          process.exit(2);
+        }
+        const safeCwdForConfig = typeof payload.cwd === "string" && path33.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+        const config = getConfig(safeCwdForConfig);
         if (config.settings.autoStartDaemon && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON) {
           try {
             const scriptPath = process.argv[1];
-            if (typeof scriptPath !== "string" || !path32.isAbsolute(scriptPath))
+            if (typeof scriptPath !== "string" || !path33.isAbsolute(scriptPath))
               throw new Error("node9: argv[1] is not an absolute path");
-            const resolvedScript = fs31.realpathSync(scriptPath);
-            const packageDist = fs31.realpathSync(path32.resolve(__dirname, "../.."));
-            if (!resolvedScript.startsWith(packageDist + path32.sep) && resolvedScript !== packageDist)
+            const resolvedScript = fs32.realpathSync(scriptPath);
+            const packageDist = fs32.realpathSync(path33.resolve(__dirname, "../.."));
+            if (!resolvedScript.startsWith(packageDist + path33.sep) && resolvedScript !== packageDist)
               throw new Error(
                 `node9: daemon spawn aborted \u2014 argv[1] (${resolvedScript}) is outside package dist (${packageDist})`
               );
@@ -15707,10 +16069,10 @@ RAW: ${raw}
             });
             d.unref();
           } catch (spawnErr) {
-            const logPath = path32.join(os27.homedir(), ".node9", "hook-debug.log");
+            const logPath = path33.join(os28.homedir(), ".node9", "hook-debug.log");
             const msg = spawnErr instanceof Error ? spawnErr.message : String(spawnErr);
             try {
-              fs31.appendFileSync(
+              fs32.appendFileSync(
                 logPath,
                 `[${(/* @__PURE__ */ new Date()).toISOString()}] daemon-autostart-failed: ${msg}
 `
@@ -15720,10 +16082,10 @@ RAW: ${raw}
           }
         }
         if (process.env.NODE9_DEBUG === "1" || config.settings.enableHookLogDebug) {
-          const logPath = path32.join(os27.homedir(), ".node9", "hook-debug.log");
-          if (!fs31.existsSync(path32.dirname(logPath)))
-            fs31.mkdirSync(path32.dirname(logPath), { recursive: true });
-          fs31.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
+          const logPath = path33.join(os28.homedir(), ".node9", "hook-debug.log");
+          if (!fs32.existsSync(path33.dirname(logPath)))
+            fs32.mkdirSync(path33.dirname(logPath), { recursive: true });
+          fs32.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
 `);
         }
         const toolName = sanitize2(payload.tool_name ?? payload.name ?? "");
@@ -15736,8 +16098,8 @@ RAW: ${raw}
           const isHumanDecision = blockedByContext.toLowerCase().includes("user") || blockedByContext.toLowerCase().includes("daemon") || blockedByContext.toLowerCase().includes("decision");
           let ttyFd = null;
           try {
-            ttyFd = fs31.openSync("/dev/tty", "w");
-            const writeTty = (line) => fs31.writeSync(ttyFd, line + "\n");
+            ttyFd = fs32.openSync("/dev/tty", "w");
+            const writeTty = (line) => fs32.writeSync(ttyFd, line + "\n");
             if (blockedByContext.includes("DLP") || blockedByContext.includes("Secret Detected") || blockedByContext.includes("Credential Review")) {
               writeTty(chalk9.bgRed.white.bold(`
  \u{1F6A8} NODE9 DLP ALERT \u2014 CREDENTIAL DETECTED `));
@@ -15756,7 +16118,7 @@ RAW: ${raw}
           } finally {
             if (ttyFd !== null)
               try {
-                fs31.closeSync(ttyFd);
+                fs32.closeSync(ttyFd);
               } catch {
               }
           }
@@ -15792,17 +16154,17 @@ RAW: ${raw}
         const safeSessionId = /^[A-Za-z0-9_\-]{1,128}$/.test(rawSessionId) ? rawSessionId : "";
         if (skillPinCfg.enabled && safeSessionId) {
           try {
-            const sessionsDir = path32.join(os27.homedir(), ".node9", "skill-sessions");
-            const flagPath = path32.join(sessionsDir, `${safeSessionId}.json`);
+            const sessionsDir = path33.join(os28.homedir(), ".node9", "skill-sessions");
+            const flagPath = path33.join(sessionsDir, `${safeSessionId}.json`);
             let flag = null;
             try {
-              flag = JSON.parse(fs31.readFileSync(flagPath, "utf-8"));
+              flag = JSON.parse(fs32.readFileSync(flagPath, "utf-8"));
             } catch {
             }
             const writeFlag = (data2) => {
               try {
-                fs31.mkdirSync(sessionsDir, { recursive: true });
-                fs31.writeFileSync(
+                fs32.mkdirSync(sessionsDir, { recursive: true });
+                fs32.writeFileSync(
                   flagPath,
                   JSON.stringify({ ...data2, timestamp: (/* @__PURE__ */ new Date()).toISOString() }, null, 2),
                   { mode: 384 }
@@ -15813,8 +16175,8 @@ RAW: ${raw}
             const sendSkillWarn = (detail, recoveryCmd) => {
               let ttyFd = null;
               try {
-                ttyFd = fs31.openSync("/dev/tty", "w");
-                const w = (line) => fs31.writeSync(ttyFd, line + "\n");
+                ttyFd = fs32.openSync("/dev/tty", "w");
+                const w = (line) => fs32.writeSync(ttyFd, line + "\n");
                 w(chalk9.yellow(`
 \u26A0\uFE0F  Node9: installed skill drift detected`));
                 w(chalk9.gray(`   ${detail}`));
@@ -15829,7 +16191,7 @@ RAW: ${raw}
               } finally {
                 if (ttyFd !== null)
                   try {
-                    fs31.closeSync(ttyFd);
+                    fs32.closeSync(ttyFd);
                   } catch {
                   }
               }
@@ -15845,7 +16207,7 @@ RAW: ${raw}
               return;
             }
             if (!flag || flag.state !== "verified" && flag.state !== "warned") {
-              const absoluteCwd = typeof payload.cwd === "string" && path32.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+              const absoluteCwd = typeof payload.cwd === "string" && path33.isAbsolute(payload.cwd) ? payload.cwd : void 0;
               const extraRoots = skillPinCfg.roots;
               const resolvedExtra = extraRoots.map((r) => resolveUserSkillRoot(r, absoluteCwd)).filter((r) => typeof r === "string");
               const roots = [...defaultSkillRoots(absoluteCwd), ...resolvedExtra];
@@ -15886,10 +16248,10 @@ RAW: ${raw}
               }
               try {
                 const cutoff = Date.now() - 7 * 24 * 60 * 60 * 1e3;
-                for (const name of fs31.readdirSync(sessionsDir)) {
-                  const p = path32.join(sessionsDir, name);
+                for (const name of fs32.readdirSync(sessionsDir)) {
+                  const p = path33.join(sessionsDir, name);
                   try {
-                    if (fs31.statSync(p).mtimeMs < cutoff) fs31.unlinkSync(p);
+                    if (fs32.statSync(p).mtimeMs < cutoff) fs32.unlinkSync(p);
                   } catch {
                   }
                 }
@@ -15899,9 +16261,9 @@ RAW: ${raw}
           } catch (err2) {
             if (process.env.NODE9_DEBUG === "1") {
               try {
-                const dbg = path32.join(os27.homedir(), ".node9", "hook-debug.log");
+                const dbg = path33.join(os28.homedir(), ".node9", "hook-debug.log");
                 const msg = err2 instanceof Error ? err2.message : String(err2);
-                fs31.appendFileSync(dbg, `[${(/* @__PURE__ */ new Date()).toISOString()}] SKILL_PIN_ERROR: ${msg}
+                fs32.appendFileSync(dbg, `[${(/* @__PURE__ */ new Date()).toISOString()}] SKILL_PIN_ERROR: ${msg}
 `);
               } catch {
               }
@@ -15911,7 +16273,7 @@ RAW: ${raw}
         if (shouldSnapshot(toolName, toolInput, config)) {
           await createShadowSnapshot(toolName, toolInput, config.policy.snapshot.ignorePaths);
         }
-        const safeCwdForAuth = typeof payload.cwd === "string" && path32.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+        const safeCwdForAuth = typeof payload.cwd === "string" && path33.isAbsolute(payload.cwd) ? payload.cwd : void 0;
         const result = await authorizeHeadless(toolName, toolInput, meta, {
           cwd: safeCwdForAuth
         });
@@ -15923,12 +16285,12 @@ RAW: ${raw}
         }
         if (result.noApprovalMechanism && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON && !process.stdout.isTTY && config.settings.autoStartDaemon) {
           try {
-            const tty = fs31.openSync("/dev/tty", "w");
-            fs31.writeSync(
+            const tty = fs32.openSync("/dev/tty", "w");
+            fs32.writeSync(
               tty,
               chalk9.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically...\n")
             );
-            fs31.closeSync(tty);
+            fs32.closeSync(tty);
           } catch {
           }
           const daemonReady = await autoStartDaemonAndWait();
@@ -15955,9 +16317,9 @@ RAW: ${raw}
         });
       } catch (err2) {
         if (process.env.NODE9_DEBUG === "1") {
-          const logPath = path32.join(os27.homedir(), ".node9", "hook-debug.log");
+          const logPath = path33.join(os28.homedir(), ".node9", "hook-debug.log");
           const errMsg = err2 instanceof Error ? err2.message : String(err2);
-          fs31.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
+          fs32.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
 `);
         }
         process.exit(0);
@@ -15993,9 +16355,9 @@ RAW: ${raw}
 // src/cli/commands/log.ts
 init_audit();
 init_config();
-import fs32 from "fs";
-import path33 from "path";
-import os28 from "os";
+import fs33 from "fs";
+import path34 from "path";
+import os29 from "os";
 init_daemon();
 
 // src/utils/cp-mv-parser.ts
@@ -16061,7 +16423,7 @@ function registerLogCommand(program2) {
         const payload = JSON.parse(raw);
         const tool = sanitize3(payload.tool_name ?? payload.name ?? "unknown");
         const rawInput = payload.tool_input ?? payload.args ?? {};
-        const agent = payload.hook_event_name === "PreToolUse" || payload.hook_event_name === "PostToolUse" || payload.tool_use_id !== void 0 || payload.permission_mode !== void 0 ? "Claude Code" : payload.hook_event_name === "BeforeTool" || payload.hook_event_name === "AfterTool" || payload.timestamp !== void 0 ? "Gemini CLI" : void 0;
+        const agent = payload.turn_id !== void 0 ? "Codex" : payload.hook_event_name === "PreToolUse" || payload.hook_event_name === "PostToolUse" || payload.tool_use_id !== void 0 || payload.permission_mode !== void 0 ? "Claude Code" : payload.hook_event_name === "BeforeTool" || payload.hook_event_name === "AfterTool" || payload.timestamp !== void 0 ? "Gemini CLI" : void 0;
         const entry = {
           ts: (/* @__PURE__ */ new Date()).toISOString(),
           tool,
@@ -16071,10 +16433,10 @@ function registerLogCommand(program2) {
         };
         if (agent) entry.agent = agent;
         if (payload.session_id) entry.sessionId = payload.session_id;
-        const logPath = path33.join(os28.homedir(), ".node9", "audit.log");
-        if (!fs32.existsSync(path33.dirname(logPath)))
-          fs32.mkdirSync(path33.dirname(logPath), { recursive: true });
-        fs32.appendFileSync(logPath, JSON.stringify(entry) + "\n");
+        const logPath = path34.join(os29.homedir(), ".node9", "audit.log");
+        if (!fs33.existsSync(path34.dirname(logPath)))
+          fs33.mkdirSync(path34.dirname(logPath), { recursive: true });
+        fs33.appendFileSync(logPath, JSON.stringify(entry) + "\n");
         if ((tool === "Bash" || tool === "bash") && isDaemonRunning()) {
           const command = typeof rawInput === "object" && rawInput !== null && "command" in rawInput && typeof rawInput.command === "string" ? rawInput.command : null;
           if (command) {
@@ -16107,7 +16469,7 @@ function registerLogCommand(program2) {
             }
           }
         }
-        const safeCwd = typeof payload.cwd === "string" && path33.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+        const safeCwd = typeof payload.cwd === "string" && path34.isAbsolute(payload.cwd) ? payload.cwd : void 0;
         const config = getConfig(safeCwd);
         if ((tool === "Bash" || tool === "bash") && config.settings.enableUndo !== false) {
           const bashCommand = typeof rawInput === "object" && rawInput !== null && "command" in rawInput && typeof rawInput.command === "string" ? rawInput.command : null;
@@ -16128,9 +16490,9 @@ function registerLogCommand(program2) {
         const msg = err2 instanceof Error ? err2.message : String(err2);
         process.stderr.write(`[Node9] audit log error: ${msg}
 `);
-        const debugPath = path33.join(os28.homedir(), ".node9", "hook-debug.log");
+        const debugPath = path34.join(os29.homedir(), ".node9", "hook-debug.log");
         try {
-          fs32.appendFileSync(debugPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] LOG_ERROR: ${msg}
+          fs33.appendFileSync(debugPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] LOG_ERROR: ${msg}
 `);
         } catch {
         }
@@ -16531,13 +16893,13 @@ function registerConfigShowCommand(program2) {
 // src/cli/commands/doctor.ts
 init_daemon();
 import chalk11 from "chalk";
-import fs33 from "fs";
-import path34 from "path";
-import os29 from "os";
+import fs34 from "fs";
+import path35 from "path";
+import os30 from "os";
 import { execSync } from "child_process";
 function registerDoctorCommand(program2, version2) {
   program2.command("doctor").description("Check that Node9 is installed and configured correctly").action(() => {
-    const homeDir2 = os29.homedir();
+    const homeDir2 = os30.homedir();
     let failures = 0;
     function pass(msg) {
       console.log(chalk11.green("  \u2705 ") + msg);
@@ -16586,10 +16948,10 @@ function registerDoctorCommand(program2, version2) {
       );
     }
     section("Configuration");
-    const globalConfigPath = path34.join(homeDir2, ".node9", "config.json");
-    if (fs33.existsSync(globalConfigPath)) {
+    const globalConfigPath = path35.join(homeDir2, ".node9", "config.json");
+    if (fs34.existsSync(globalConfigPath)) {
       try {
-        JSON.parse(fs33.readFileSync(globalConfigPath, "utf-8"));
+        JSON.parse(fs34.readFileSync(globalConfigPath, "utf-8"));
         pass("~/.node9/config.json found and valid");
       } catch {
         fail("~/.node9/config.json is invalid JSON", "Run: node9 init --force");
@@ -16597,10 +16959,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("~/.node9/config.json not found (using defaults)", "Run: node9 init");
     }
-    const projectConfigPath = path34.join(process.cwd(), "node9.config.json");
-    if (fs33.existsSync(projectConfigPath)) {
+    const projectConfigPath = path35.join(process.cwd(), "node9.config.json");
+    if (fs34.existsSync(projectConfigPath)) {
       try {
-        JSON.parse(fs33.readFileSync(projectConfigPath, "utf-8"));
+        JSON.parse(fs34.readFileSync(projectConfigPath, "utf-8"));
         pass("node9.config.json found and valid (project)");
       } catch {
         fail(
@@ -16609,8 +16971,8 @@ function registerDoctorCommand(program2, version2) {
         );
       }
     }
-    const credsPath = path34.join(homeDir2, ".node9", "credentials.json");
-    if (fs33.existsSync(credsPath)) {
+    const credsPath = path35.join(homeDir2, ".node9", "credentials.json");
+    if (fs34.existsSync(credsPath)) {
       pass("Cloud credentials found (~/.node9/credentials.json)");
     } else {
       warn(
@@ -16619,10 +16981,10 @@ function registerDoctorCommand(program2, version2) {
       );
     }
     section("Agent Hooks");
-    const claudeSettingsPath = path34.join(homeDir2, ".claude", "settings.json");
-    if (fs33.existsSync(claudeSettingsPath)) {
+    const claudeSettingsPath = path35.join(homeDir2, ".claude", "settings.json");
+    if (fs34.existsSync(claudeSettingsPath)) {
       try {
-        const cs = JSON.parse(fs33.readFileSync(claudeSettingsPath, "utf-8"));
+        const cs = JSON.parse(fs34.readFileSync(claudeSettingsPath, "utf-8"));
         const hasHook = cs.hooks?.PreToolUse?.some(
           (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
         );
@@ -16638,10 +17000,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("Claude Code \u2014 not configured", "Run: node9 setup claude");
     }
-    const geminiSettingsPath = path34.join(homeDir2, ".gemini", "settings.json");
-    if (fs33.existsSync(geminiSettingsPath)) {
+    const geminiSettingsPath = path35.join(homeDir2, ".gemini", "settings.json");
+    if (fs34.existsSync(geminiSettingsPath)) {
       try {
-        const gs = JSON.parse(fs33.readFileSync(geminiSettingsPath, "utf-8"));
+        const gs = JSON.parse(fs34.readFileSync(geminiSettingsPath, "utf-8"));
         const hasHook = gs.hooks?.BeforeTool?.some(
           (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
         );
@@ -16657,10 +17019,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("Gemini CLI  \u2014 not configured", "Run: node9 setup gemini  (skip if not using Gemini)");
     }
-    const cursorHooksPath = path34.join(homeDir2, ".cursor", "hooks.json");
-    if (fs33.existsSync(cursorHooksPath)) {
+    const cursorHooksPath = path35.join(homeDir2, ".cursor", "hooks.json");
+    if (fs34.existsSync(cursorHooksPath)) {
       try {
-        const cur = JSON.parse(fs33.readFileSync(cursorHooksPath, "utf-8"));
+        const cur = JSON.parse(fs34.readFileSync(cursorHooksPath, "utf-8"));
         const hasHook = cur.hooks?.preToolUse?.some(
           (h) => h.command?.includes("node9") || h.command?.includes("cli.js")
         );
@@ -16700,9 +17062,9 @@ function registerDoctorCommand(program2, version2) {
 
 // src/cli/commands/audit.ts
 import chalk12 from "chalk";
-import fs34 from "fs";
-import path35 from "path";
-import os30 from "os";
+import fs35 from "fs";
+import path36 from "path";
+import os31 from "os";
 function formatRelativeTime(timestamp) {
   const diff = Date.now() - new Date(timestamp).getTime();
   const sec = Math.floor(diff / 1e3);
@@ -16715,14 +17077,14 @@ function formatRelativeTime(timestamp) {
 }
 function registerAuditCommand(program2) {
   program2.command("audit").description("View local execution audit log").option("--tail <n>", "Number of entries to show", "20").option("--tool <pattern>", "Filter by tool name (substring match)").option("--deny", "Show only denied actions").option("--json", "Output raw JSON").action((options) => {
-    const logPath = path35.join(os30.homedir(), ".node9", "audit.log");
-    if (!fs34.existsSync(logPath)) {
+    const logPath = path36.join(os31.homedir(), ".node9", "audit.log");
+    if (!fs35.existsSync(logPath)) {
       console.log(
         chalk12.yellow("No audit logs found. Run node9 with an agent to generate entries.")
       );
       return;
     }
-    const raw = fs34.readFileSync(logPath, "utf-8");
+    const raw = fs35.readFileSync(logPath, "utf-8");
     const lines = raw.split("\n").filter((l) => l.trim() !== "");
     let entries = lines.flatMap((line) => {
       try {
@@ -16780,9 +17142,9 @@ import chalk13 from "chalk";
 // src/cli/aggregate/report-audit.ts
 init_costSync();
 init_litellm();
-import fs35 from "fs";
-import os31 from "os";
-import path36 from "path";
+import fs36 from "fs";
+import os32 from "os";
+import path37 from "path";
 var TEST_COMMAND_RE3 = /(?:^|\s)(npm\s+(?:run\s+)?test|npx\s+(?:vitest|jest|mocha)|yarn\s+(?:run\s+)?test|pnpm\s+(?:run\s+)?test|vitest|jest|mocha|pytest|py\.test|cargo\s+test|go\s+test|bundle\s+exec\s+rspec|rspec|phpunit|dotnet\s+test)\b/i;
 function buildTestTimestamps(allEntries) {
   const testTs = /* @__PURE__ */ new Set();
@@ -16862,8 +17224,8 @@ function getDateRange(period, now) {
   }
 }
 function parseAuditLog(logPath) {
-  if (!fs35.existsSync(logPath)) return [];
-  const raw = fs35.readFileSync(logPath, "utf-8");
+  if (!fs36.existsSync(logPath)) return [];
+  const raw = fs36.readFileSync(logPath, "utf-8");
   return raw.split("\n").flatMap((line) => {
     if (!line.trim()) return [];
     try {
@@ -16923,25 +17285,25 @@ function freezeClaudeCost(acc) {
   };
 }
 function processClaudeCostProject(proj, projectsDir, start, end, acc) {
-  const projPath = path36.join(projectsDir, proj);
+  const projPath = path37.join(projectsDir, proj);
   let files;
   try {
-    const stat = fs35.statSync(projPath);
+    const stat = fs36.statSync(projPath);
     if (!stat.isDirectory()) return;
-    files = fs35.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
+    files = fs36.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
   } catch {
     return;
   }
   const startMs = start.getTime();
   for (const file of files) {
-    const filePath = path36.join(projPath, file);
+    const filePath = path37.join(projPath, file);
     try {
-      if (fs35.statSync(filePath).mtimeMs < startMs) continue;
+      if (fs36.statSync(filePath).mtimeMs < startMs) continue;
     } catch {
       continue;
     }
     try {
-      const raw = fs35.readFileSync(filePath, "utf-8");
+      const raw = fs36.readFileSync(filePath, "utf-8");
       for (const line of raw.split("\n")) {
         if (!line.trim()) continue;
         let entry;
@@ -16991,10 +17353,10 @@ function processClaudeCostProject(proj, projectsDir, start, end, acc) {
 }
 function loadClaudeCost(start, end, projectsDir) {
   const acc = emptyClaudeCostAccumulator();
-  if (!fs35.existsSync(projectsDir)) return freezeClaudeCost(acc);
+  if (!fs36.existsSync(projectsDir)) return freezeClaudeCost(acc);
   let dirs;
   try {
-    dirs = fs35.readdirSync(projectsDir);
+    dirs = fs36.readdirSync(projectsDir);
   } catch {
     return freezeClaudeCost(acc);
   }
@@ -17006,7 +17368,7 @@ function loadClaudeCost(start, end, projectsDir) {
 function processCodexCostFile(filePath, start, end, acc) {
   let lines;
   try {
-    lines = fs35.readFileSync(filePath, "utf-8").split("\n");
+    lines = fs36.readFileSync(filePath, "utf-8").split("\n");
   } catch {
     return;
   }
@@ -17051,31 +17413,31 @@ function processCodexCostFile(filePath, start, end, acc) {
 }
 function listCodexSessionFiles(sessionsBase) {
   const jsonlFiles = [];
-  if (!fs35.existsSync(sessionsBase)) return jsonlFiles;
+  if (!fs36.existsSync(sessionsBase)) return jsonlFiles;
   try {
-    for (const year of fs35.readdirSync(sessionsBase)) {
-      const yearPath = path36.join(sessionsBase, year);
+    for (const year of fs36.readdirSync(sessionsBase)) {
+      const yearPath = path37.join(sessionsBase, year);
       try {
-        if (!fs35.statSync(yearPath).isDirectory()) continue;
+        if (!fs36.statSync(yearPath).isDirectory()) continue;
       } catch {
         continue;
       }
-      for (const month of fs35.readdirSync(yearPath)) {
-        const monthPath = path36.join(yearPath, month);
+      for (const month of fs36.readdirSync(yearPath)) {
+        const monthPath = path37.join(yearPath, month);
         try {
-          if (!fs35.statSync(monthPath).isDirectory()) continue;
+          if (!fs36.statSync(monthPath).isDirectory()) continue;
         } catch {
           continue;
         }
-        for (const day of fs35.readdirSync(monthPath)) {
-          const dayPath = path36.join(monthPath, day);
+        for (const day of fs36.readdirSync(monthPath)) {
+          const dayPath = path37.join(monthPath, day);
           try {
-            if (!fs35.statSync(dayPath).isDirectory()) continue;
+            if (!fs36.statSync(dayPath).isDirectory()) continue;
           } catch {
             continue;
           }
-          for (const file of fs35.readdirSync(dayPath)) {
-            if (file.endsWith(".jsonl")) jsonlFiles.push(path36.join(dayPath, file));
+          for (const file of fs36.readdirSync(dayPath)) {
+            if (file.endsWith(".jsonl")) jsonlFiles.push(path37.join(dayPath, file));
           }
         }
       }
@@ -17128,13 +17490,13 @@ function freezeGeminiCost(acc) {
 function processGeminiCostFile(filePath, projectKey, start, end, acc) {
   const startMs = start.getTime();
   try {
-    if (fs35.statSync(filePath).mtimeMs < startMs) return;
+    if (fs36.statSync(filePath).mtimeMs < startMs) return;
   } catch {
     return;
   }
   let raw;
   try {
-    raw = fs35.readFileSync(filePath, "utf-8");
+    raw = fs36.readFileSync(filePath, "utf-8");
   } catch {
     return;
   }
@@ -17183,30 +17545,30 @@ function listGeminiSessionFiles(geminiTmpDir) {
   const out = [];
   let dirs;
   try {
-    if (!fs35.statSync(geminiTmpDir).isDirectory()) return out;
-    dirs = fs35.readdirSync(geminiTmpDir);
+    if (!fs36.statSync(geminiTmpDir).isDirectory()) return out;
+    dirs = fs36.readdirSync(geminiTmpDir);
   } catch {
     return out;
   }
   for (const proj of dirs) {
-    const chatsDir = path36.join(geminiTmpDir, proj, "chats");
+    const chatsDir = path37.join(geminiTmpDir, proj, "chats");
     let files;
     try {
-      if (!fs35.statSync(chatsDir).isDirectory()) continue;
-      files = fs35.readdirSync(chatsDir);
+      if (!fs36.statSync(chatsDir).isDirectory()) continue;
+      files = fs36.readdirSync(chatsDir);
     } catch {
       continue;
     }
     for (const f of files) {
       if (!f.endsWith(".jsonl")) continue;
-      out.push({ projectKey: proj, file: path36.join(chatsDir, f) });
+      out.push({ projectKey: proj, file: path37.join(chatsDir, f) });
     }
   }
   return out;
 }
 function loadGeminiCost(start, end, geminiTmpDir) {
   const acc = emptyGeminiAccumulator();
-  if (!fs35.existsSync(geminiTmpDir)) return freezeGeminiCost(acc);
+  if (!fs36.existsSync(geminiTmpDir)) return freezeGeminiCost(acc);
   for (const { projectKey, file } of listGeminiSessionFiles(geminiTmpDir)) {
     processGeminiCostFile(file, projectKey, start, end, acc);
   }
@@ -17214,11 +17576,11 @@ function loadGeminiCost(start, end, geminiTmpDir) {
 }
 function aggregateReportFromAudit(period, opts = {}) {
   const now = opts.now ?? /* @__PURE__ */ new Date();
-  const auditLogPath = opts.auditLogPath ?? path36.join(os31.homedir(), ".node9", "audit.log");
-  const claudeProjectsDir = opts.claudeProjectsDir ?? path36.join(os31.homedir(), ".claude", "projects");
-  const codexSessionsDir = opts.codexSessionsDir ?? path36.join(os31.homedir(), ".codex", "sessions");
-  const geminiTmpDir = opts.geminiTmpDir ?? path36.join(os31.homedir(), ".gemini", "tmp");
-  const hasAuditFile = fs35.existsSync(auditLogPath);
+  const auditLogPath = opts.auditLogPath ?? path37.join(os32.homedir(), ".node9", "audit.log");
+  const claudeProjectsDir = opts.claudeProjectsDir ?? path37.join(os32.homedir(), ".claude", "projects");
+  const codexSessionsDir = opts.codexSessionsDir ?? path37.join(os32.homedir(), ".codex", "sessions");
+  const geminiTmpDir = opts.geminiTmpDir ?? path37.join(os32.homedir(), ".gemini", "tmp");
+  const hasAuditFile = fs36.existsSync(auditLogPath);
   const allEntries = opts.preloadedAuditEntries ?? parseAuditLog(auditLogPath);
   const unackedDlp = allEntries.filter((e) => e.source === "response-dlp");
   const { start, end } = getDateRange(period, now);
@@ -17916,12 +18278,12 @@ function registerDaemonCommand(program2) {
 init_core();
 init_daemon();
 import chalk15 from "chalk";
-import fs36 from "fs";
-import path37 from "path";
-import os32 from "os";
+import fs37 from "fs";
+import path38 from "path";
+import os33 from "os";
 function readJson2(filePath) {
   try {
-    if (fs36.existsSync(filePath)) return JSON.parse(fs36.readFileSync(filePath, "utf-8"));
+    if (fs37.existsSync(filePath)) return JSON.parse(fs37.readFileSync(filePath, "utf-8"));
   } catch {
   }
   return null;
@@ -17986,28 +18348,28 @@ function registerStatusCommand(program2) {
     console.log("");
     const modeLabel = settings.mode === "audit" ? chalk15.blue("audit") : settings.mode === "strict" ? chalk15.red("strict") : chalk15.white("standard");
     console.log(`  Mode:    ${modeLabel}`);
-    const projectConfig = path37.join(process.cwd(), "node9.config.json");
-    const globalConfig = path37.join(os32.homedir(), ".node9", "config.json");
+    const projectConfig = path38.join(process.cwd(), "node9.config.json");
+    const globalConfig = path38.join(os33.homedir(), ".node9", "config.json");
     console.log(
-      `  Local:   ${fs36.existsSync(projectConfig) ? chalk15.green("Active (node9.config.json)") : chalk15.gray("Not present")}`
+      `  Local:   ${fs37.existsSync(projectConfig) ? chalk15.green("Active (node9.config.json)") : chalk15.gray("Not present")}`
     );
     console.log(
-      `  Global:  ${fs36.existsSync(globalConfig) ? chalk15.green("Active (~/.node9/config.json)") : chalk15.gray("Not present")}`
+      `  Global:  ${fs37.existsSync(globalConfig) ? chalk15.green("Active (~/.node9/config.json)") : chalk15.gray("Not present")}`
     );
     if (mergedConfig.policy.sandboxPaths.length > 0) {
       console.log(
         `  Sandbox: ${chalk15.green(`${mergedConfig.policy.sandboxPaths.length} safe zones active`)}`
       );
     }
-    const homeDir2 = os32.homedir();
+    const homeDir2 = os33.homedir();
     const claudeSettings = readJson2(
-      path37.join(homeDir2, ".claude", "settings.json")
+      path38.join(homeDir2, ".claude", "settings.json")
     );
-    const claudeConfig = readJson2(path37.join(homeDir2, ".claude.json"));
+    const claudeConfig = readJson2(path38.join(homeDir2, ".claude.json"));
     const geminiSettings = readJson2(
-      path37.join(homeDir2, ".gemini", "settings.json")
+      path38.join(homeDir2, ".gemini", "settings.json")
     );
-    const cursorConfig = readJson2(path37.join(homeDir2, ".cursor", "mcp.json"));
+    const cursorConfig = readJson2(path38.join(homeDir2, ".cursor", "mcp.json"));
     const agentFound = claudeSettings || claudeConfig || geminiSettings || cursorConfig;
     if (agentFound) {
       console.log("");
@@ -18070,9 +18432,9 @@ init_setup();
 init_shields();
 init_service();
 import chalk16 from "chalk";
-import fs37 from "fs";
-import path38 from "path";
-import os33 from "os";
+import fs38 from "fs";
+import path39 from "path";
+import os34 from "os";
 import https4 from "https";
 var DEFAULT_SHIELDS = ["bash-safe", "filesystem", "project-jail"];
 function fireTelemetryPing(agents) {
@@ -18148,15 +18510,15 @@ function registerInitCommand(program2) {
         }
         console.log("");
       }
-      const configPath = path38.join(os33.homedir(), ".node9", "config.json");
-      if (fs37.existsSync(configPath) && !options.force) {
+      const configPath = path39.join(os34.homedir(), ".node9", "config.json");
+      if (fs38.existsSync(configPath) && !options.force) {
         try {
-          const existing = JSON.parse(fs37.readFileSync(configPath, "utf-8"));
+          const existing = JSON.parse(fs38.readFileSync(configPath, "utf-8"));
           const settings = existing.settings ?? {};
           if (settings.mode !== chosenMode) {
             settings.mode = chosenMode;
             existing.settings = settings;
-            fs37.writeFileSync(configPath, JSON.stringify(existing, null, 2) + "\n");
+            fs38.writeFileSync(configPath, JSON.stringify(existing, null, 2) + "\n");
             console.log(chalk16.green(`\u2705 Mode updated: ${chosenMode}`));
           } else {
             console.log(chalk16.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
@@ -18169,9 +18531,9 @@ function registerInitCommand(program2) {
           ...DEFAULT_CONFIG,
           settings: { ...DEFAULT_CONFIG.settings, mode: chosenMode }
         };
-        const dir = path38.dirname(configPath);
-        if (!fs37.existsSync(dir)) fs37.mkdirSync(dir, { recursive: true });
-        fs37.writeFileSync(configPath, JSON.stringify(configToSave, null, 2) + "\n");
+        const dir = path39.dirname(configPath);
+        if (!fs38.existsSync(dir)) fs38.mkdirSync(dir, { recursive: true });
+        fs38.writeFileSync(configPath, JSON.stringify(configToSave, null, 2) + "\n");
         console.log(chalk16.green(`\u2705 Config created: ${configPath}`));
         console.log(chalk16.gray(`   Mode: ${chosenMode}`));
       }
@@ -18269,7 +18631,7 @@ function registerInitCommand(program2) {
 }
 
 // src/cli/commands/undo.ts
-import path39 from "path";
+import path40 from "path";
 import chalk18 from "chalk";
 
 // src/tui/undo-navigator.ts
@@ -18428,7 +18790,7 @@ function findMatchingCwd(startDir, history) {
   let dir = startDir;
   while (true) {
     if (cwds.has(dir)) return dir;
-    const parent = path39.dirname(dir);
+    const parent = path40.dirname(dir);
     if (parent === dir) return null;
     dir = parent;
   }
@@ -18561,90 +18923,7 @@ import chalk19 from "chalk";
 import { spawn as spawn7 } from "child_process";
 import { execa as execa2 } from "execa";
 init_provenance();
-
-// src/mcp-pin.ts
-import fs38 from "fs";
-import path40 from "path";
-import os34 from "os";
-import crypto5 from "crypto";
-function getPinsFilePath2() {
-  return path40.join(os34.homedir(), ".node9", "mcp-pins.json");
-}
-function hashToolDefinitions(tools) {
-  const sorted = [...tools].sort((a, b) => {
-    const nameA = a.name ?? "";
-    const nameB = b.name ?? "";
-    return nameA.localeCompare(nameB);
-  });
-  const canonical = JSON.stringify(sorted);
-  return crypto5.createHash("sha256").update(canonical).digest("hex");
-}
-function getServerKey(upstreamCommand) {
-  return crypto5.createHash("sha256").update(upstreamCommand).digest("hex").slice(0, 16);
-}
-function readMcpPinsSafe() {
-  const filePath = getPinsFilePath2();
-  try {
-    const raw = fs38.readFileSync(filePath, "utf-8");
-    if (!raw.trim()) {
-      return { ok: false, reason: "corrupt", detail: "empty file" };
-    }
-    const parsed = JSON.parse(raw);
-    if (!parsed.servers || typeof parsed.servers !== "object" || Array.isArray(parsed.servers)) {
-      return { ok: false, reason: "corrupt", detail: "invalid structure: missing servers object" };
-    }
-    return { ok: true, pins: { servers: parsed.servers } };
-  } catch (err2) {
-    if (err2.code === "ENOENT") {
-      return { ok: false, reason: "missing" };
-    }
-    return { ok: false, reason: "corrupt", detail: String(err2) };
-  }
-}
-function readMcpPins() {
-  const result = readMcpPinsSafe();
-  if (result.ok) return result.pins;
-  if (result.reason === "missing") return { servers: {} };
-  throw new Error(`[node9] MCP pin file is corrupt: ${result.detail}`);
-}
-function writeMcpPins(data) {
-  const filePath = getPinsFilePath2();
-  fs38.mkdirSync(path40.dirname(filePath), { recursive: true });
-  const tmp = `${filePath}.${crypto5.randomBytes(6).toString("hex")}.tmp`;
-  fs38.writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 384 });
-  fs38.renameSync(tmp, filePath);
-}
-function checkPin(serverKey, currentHash) {
-  const result = readMcpPinsSafe();
-  if (!result.ok) {
-    if (result.reason === "missing") return "new";
-    return "corrupt";
-  }
-  const entry = result.pins.servers[serverKey];
-  if (!entry) return "new";
-  return entry.toolsHash === currentHash ? "match" : "mismatch";
-}
-function updatePin(serverKey, label, toolsHash, toolNames) {
-  const pins = readMcpPins();
-  pins.servers[serverKey] = {
-    label,
-    toolsHash,
-    toolNames,
-    toolCount: toolNames.length,
-    pinnedAt: (/* @__PURE__ */ new Date()).toISOString()
-  };
-  writeMcpPins(pins);
-}
-function removePin2(serverKey) {
-  const pins = readMcpPins();
-  delete pins.servers[serverKey];
-  writeMcpPins(pins);
-}
-function clearAllPins2() {
-  writeMcpPins({ servers: {} });
-}
-
-// src/mcp-gateway/index.ts
+init_mcp_pin();
 init_mcp_tools();
 init_daemon();
 function sanitize4(value) {
@@ -18706,6 +18985,7 @@ function tokenize4(cmd) {
   return tokens;
 }
 async function runMcpGateway(upstreamCommand) {
+  const gatewayCwd = process.cwd();
   const commandParts = tokenize4(upstreamCommand);
   const cmd = commandParts[0];
   const cmdArgs = commandParts.slice(1);
@@ -18928,7 +19208,7 @@ async function runMcpGateway(upstreamCommand) {
       if (parsed.result && Array.isArray(parsed.result.tools)) {
         const tools = parsed.result.tools || [];
         const currentHash = hashToolDefinitions(tools);
-        const pinStatus = checkPin(serverKey, currentHash);
+        const pinStatus = checkPin(serverKey, currentHash, gatewayCwd);
         const token = getInternalToken();
         if (isDaemonRunning() && process.env.NODE9_TESTING !== "1") {
           const toolSummary = tools.map((t) => ({ name: t.name, description: t.description }));
@@ -19812,27 +20092,46 @@ function registerTrustCommand(program2) {
 }
 
 // src/cli/commands/mcp-pin.ts
+init_mcp_pin();
 import chalk21 from "chalk";
+import fs40 from "fs";
 function registerMcpPinCommand(program2) {
   const pinCmd = program2.command("mcp").description("Manage MCP server tool definition pinning (rug pull defense)");
   const pinSubCmd = pinCmd.command("pin").description("Manage pinned MCP server tool definitions");
   pinSubCmd.command("list").description("Show all pinned MCP servers and their tool definition hashes").action(() => {
-    const result = readMcpPinsSafe();
-    if (!result.ok) {
-      if (result.reason === "missing") {
-        console.log(chalk21.gray("\nNo MCP servers are pinned yet."));
-        console.log(
-          chalk21.gray("Pins are created automatically when the MCP gateway first connects.\n")
-        );
-        return;
+    const found = findPinsFilePath(process.cwd());
+    const homeResult = readMcpPinsSafe();
+    let repoEntries = {};
+    let repoCorrupt = false;
+    if (found.source === "repo") {
+      try {
+        const raw = fs40.readFileSync(found.path, "utf-8");
+        const parsed = JSON.parse(raw);
+        repoEntries = parsed.servers ?? {};
+      } catch {
+        repoCorrupt = true;
       }
+    }
+    if (repoCorrupt) {
       console.error(chalk21.red(`
-\u274C Pin file is corrupt: ${result.detail}`));
+\u274C Repo pin file at ${found.path} is corrupt or unreadable.`));
+      process.exit(1);
+    }
+    if (!homeResult.ok && homeResult.reason === "corrupt") {
+      console.error(chalk21.red(`
+\u274C Home pin file is corrupt: ${homeResult.detail}`));
       console.error(chalk21.yellow("   Run: node9 mcp pin reset\n"));
       process.exit(1);
     }
-    const entries = Object.entries(result.pins.servers);
-    if (entries.length === 0) {
+    const homeEntries = homeResult.ok ? homeResult.pins.servers : {};
+    const merged = /* @__PURE__ */ new Map();
+    for (const [key, entry] of Object.entries(homeEntries)) {
+      merged.set(key, { entry, source: "home" });
+    }
+    for (const [key, entry] of Object.entries(repoEntries)) {
+      merged.set(key, { entry, source: "repo" });
+    }
+    if (merged.size === 0) {
       console.log(chalk21.gray("\nNo MCP servers are pinned yet."));
       console.log(
         chalk21.gray("Pins are created automatically when the MCP gateway first connects.\n")
@@ -19840,13 +20139,47 @@ function registerMcpPinCommand(program2) {
       return;
     }
     console.log(chalk21.bold("\n\u{1F512} Pinned MCP Servers\n"));
-    for (const [key, entry] of entries) {
-      console.log(`  ${chalk21.cyan(key)}  ${chalk21.gray(entry.label)}`);
+    const showSource = found.source === "repo";
+    for (const [key, { entry, source }] of merged) {
+      const tag = showSource ? ` ${chalk21.yellow(`[${source}]`)}` : "";
+      console.log(`  ${chalk21.cyan(key)}${tag}  ${chalk21.gray(entry.label)}`);
       console.log(`    Tools (${entry.toolCount}): ${chalk21.white(entry.toolNames.join(", "))}`);
       console.log(`    Hash:  ${chalk21.gray(entry.toolsHash.slice(0, 16))}...`);
       console.log(`    Pinned: ${chalk21.gray(entry.pinnedAt)}`);
       console.log("");
     }
+    if (showSource) {
+      console.log(chalk21.gray(`   [repo] entries come from ${found.path}`));
+      console.log(chalk21.gray("   [home] entries come from ~/.node9/mcp-pins.json\n"));
+    }
+  });
+  pinSubCmd.command("promote <serverKey>").description(
+    "Copy a pin from ~/.node9/mcp-pins.json into <repo>/.node9/mcp-pins.json so teammates share the same vetted baseline"
+  ).action((serverKey) => {
+    try {
+      const { repoPath, created } = promotePin(serverKey, process.cwd());
+      if (created) {
+        console.log(
+          chalk21.green(
+            `
+\u2705 Created ${repoPath} with the promoted pin for ${chalk21.cyan(serverKey)}.`
+          )
+        );
+      } else {
+        console.log(chalk21.green(`
+\u2705 Promoted ${chalk21.cyan(serverKey)} into ${repoPath}.`));
+      }
+      console.log(chalk21.gray("   Review the change and commit it:"));
+      console.log(chalk21.cyan(`     git add ${repoPath}`));
+      console.log(chalk21.cyan(`     git commit -m "pin ${serverKey} (node9)"`));
+      console.log("");
+    } catch (err2) {
+      const msg = err2 instanceof Error ? err2.message : String(err2);
+      console.error(chalk21.red(`
+\u274C ${msg}
+`));
+      process.exit(1);
+    }
   });
   pinSubCmd.command("update <serverKey>").description(
     "Remove a pin so the next gateway connection re-pins with current tool definitions"
@@ -19868,7 +20201,7 @@ function registerMcpPinCommand(program2) {
       process.exit(1);
     }
     const label = pins.servers[serverKey].label;
-    removePin2(serverKey);
+    removePin(serverKey);
     console.log(chalk21.green(`
 \u{1F513} Pin removed for ${chalk21.cyan(serverKey)}`));
     console.log(chalk21.gray(`   Server: ${label}`));
@@ -19881,7 +20214,7 @@ function registerMcpPinCommand(program2) {
       return;
     }
     const count = result.ok ? Object.keys(result.pins.servers).length : "?";
-    clearAllPins2();
+    clearAllPins();
     console.log(chalk21.green(`
 \u{1F513} Cleared ${count} MCP pin(s).`));
     console.log(chalk21.gray("   Next connection to each server will re-pin.\n"));
@@ -20064,7 +20397,7 @@ init_scan();
 
 // src/cli/commands/sessions.ts
 import chalk24 from "chalk";
-import fs40 from "fs";
+import fs41 from "fs";
 import path42 from "path";
 import os36 from "os";
 var CLAUDE_PRICING3 = {
@@ -20182,7 +20515,7 @@ function loadAuditEntries(auditPath) {
   const aPath = auditPath ?? path42.join(os36.homedir(), ".node9", "audit.log");
   let raw;
   try {
-    raw = fs40.readFileSync(aPath, "utf-8");
+    raw = fs41.readFileSync(aPath, "utf-8");
   } catch {
     return [];
   }
@@ -20219,7 +20552,7 @@ function auditEntriesInWindow(entries, windowStart, windowEnd) {
 }
 function buildGeminiSessions(days, allAuditEntries) {
   const tmpDir = path42.join(os36.homedir(), ".gemini", "tmp");
-  if (!fs40.existsSync(tmpDir)) return [];
+  if (!fs41.existsSync(tmpDir)) return [];
   const cutoff = days !== null ? (() => {
     const d = /* @__PURE__ */ new Date();
     d.setDate(d.getDate() - days);
@@ -20228,7 +20561,7 @@ function buildGeminiSessions(days, allAuditEntries) {
   })() : null;
   let slugDirs;
   try {
-    slugDirs = fs40.readdirSync(tmpDir);
+    slugDirs = fs41.readdirSync(tmpDir);
   } catch {
     return [];
   }
@@ -20236,27 +20569,27 @@ function buildGeminiSessions(days, allAuditEntries) {
   for (const slug of slugDirs) {
     const slugPath = path42.join(tmpDir, slug);
     try {
-      if (!fs40.statSync(slugPath).isDirectory()) continue;
+      if (!fs41.statSync(slugPath).isDirectory()) continue;
     } catch {
       continue;
     }
     let projectRoot = path42.join(os36.homedir(), slug);
     try {
-      projectRoot = fs40.readFileSync(path42.join(slugPath, ".project_root"), "utf-8").trim();
+      projectRoot = fs41.readFileSync(path42.join(slugPath, ".project_root"), "utf-8").trim();
     } catch {
     }
     const chatsDir = path42.join(slugPath, "chats");
-    if (!fs40.existsSync(chatsDir)) continue;
+    if (!fs41.existsSync(chatsDir)) continue;
     let chatFiles;
     try {
-      chatFiles = fs40.readdirSync(chatsDir).filter((f) => f.endsWith(".json"));
+      chatFiles = fs41.readdirSync(chatsDir).filter((f) => f.endsWith(".json"));
     } catch {
       continue;
     }
     for (const chatFile of chatFiles) {
       let raw;
       try {
-        raw = fs40.readFileSync(path42.join(chatsDir, chatFile), "utf-8");
+        raw = fs41.readFileSync(path42.join(chatsDir, chatFile), "utf-8");
       } catch {
         continue;
       }
@@ -20337,7 +20670,7 @@ function buildGeminiSessions(days, allAuditEntries) {
 }
 function buildCodexSessions(days, allAuditEntries) {
   const sessionsBase = path42.join(os36.homedir(), ".codex", "sessions");
-  if (!fs40.existsSync(sessionsBase)) return [];
+  if (!fs41.existsSync(sessionsBase)) return [];
   const cutoff = days !== null ? (() => {
     const d = /* @__PURE__ */ new Date();
     d.setDate(d.getDate() - days);
@@ -20346,28 +20679,28 @@ function buildCodexSessions(days, allAuditEntries) {
   })() : null;
   const jsonlFiles = [];
   try {
-    for (const year of fs40.readdirSync(sessionsBase)) {
+    for (const year of fs41.readdirSync(sessionsBase)) {
       const yearPath = path42.join(sessionsBase, year);
       try {
-        if (!fs40.statSync(yearPath).isDirectory()) continue;
+        if (!fs41.statSync(yearPath).isDirectory()) continue;
       } catch {
         continue;
       }
-      for (const month of fs40.readdirSync(yearPath)) {
+      for (const month of fs41.readdirSync(yearPath)) {
         const monthPath = path42.join(yearPath, month);
         try {
-          if (!fs40.statSync(monthPath).isDirectory()) continue;
+          if (!fs41.statSync(monthPath).isDirectory()) continue;
         } catch {
           continue;
         }
-        for (const day of fs40.readdirSync(monthPath)) {
+        for (const day of fs41.readdirSync(monthPath)) {
           const dayPath = path42.join(monthPath, day);
           try {
-            if (!fs40.statSync(dayPath).isDirectory()) continue;
+            if (!fs41.statSync(dayPath).isDirectory()) continue;
           } catch {
             continue;
           }
-          for (const file of fs40.readdirSync(dayPath)) {
+          for (const file of fs41.readdirSync(dayPath)) {
             if (file.endsWith(".jsonl")) jsonlFiles.push(path42.join(dayPath, file));
           }
         }
@@ -20380,7 +20713,7 @@ function buildCodexSessions(days, allAuditEntries) {
   for (const filePath of jsonlFiles) {
     let lines;
     try {
-      lines = fs40.readFileSync(filePath, "utf-8").split("\n");
+      lines = fs41.readFileSync(filePath, "utf-8").split("\n");
     } catch {
       continue;
     }
@@ -20461,7 +20794,7 @@ function buildSessions(days, historyPath) {
   const hPath = historyPath ?? path42.join(os36.homedir(), ".claude", "history.jsonl");
   let historyRaw;
   try {
-    historyRaw = fs40.readFileSync(hPath, "utf-8");
+    historyRaw = fs41.readFileSync(hPath, "utf-8");
   } catch {
     return [];
   }
@@ -20486,7 +20819,7 @@ function buildSessions(days, historyPath) {
     const jsonlFile = sessionJsonlPath(entry.project, entry.sessionId);
     let sessionLines = [];
     try {
-      sessionLines = fs40.readFileSync(jsonlFile, "utf-8").split("\n");
+      sessionLines = fs41.readFileSync(jsonlFile, "utf-8").split("\n");
     } catch {
     }
     const { toolCalls, costUSD, hasSnapshot, modifiedFiles } = parseSessionLines(sessionLines);
@@ -20753,7 +21086,7 @@ function registerSessionsCommand(program2) {
     console.log(chalk24.cyan.bold("\u{1F4CB}  node9 sessions") + chalk24.dim("  \u2014 what your AI agent did"));
     console.log("");
     const historyPath = path42.join(os36.homedir(), ".claude", "history.jsonl");
-    if (!fs40.existsSync(historyPath)) {
+    if (!fs41.existsSync(historyPath)) {
       console.log(chalk24.yellow("  No Claude session history found at ~/.claude/history.jsonl"));
       console.log(chalk24.gray("  Install Claude Code, run a few sessions, then try again.\n"));
       return;
@@ -20790,12 +21123,12 @@ function registerSessionsCommand(program2) {
 
 // src/cli/commands/skill-pin.ts
 import chalk25 from "chalk";
-import fs41 from "fs";
+import fs42 from "fs";
 import os37 from "os";
 import path43 from "path";
 function wipeSkillSessions() {
   try {
-    fs41.rmSync(path43.join(os37.homedir(), ".node9", "skill-sessions"), {
+    fs42.rmSync(path43.join(os37.homedir(), ".node9", "skill-sessions"), {
       recursive: true,
       force: true
     });
@@ -20853,7 +21186,7 @@ function registerSkillPinCommand(program2) {
       process.exit(1);
     }
     const rootPath = pins.roots[rootKey].rootPath;
-    removePin(rootKey);
+    removePin2(rootKey);
     wipeSkillSessions();
     console.log(chalk25.green(`
 \u{1F513} Pin removed for ${chalk25.cyan(rootKey)}`));
@@ -20868,7 +21201,7 @@ function registerSkillPinCommand(program2) {
       return;
     }
     const count = result.ok ? Object.keys(result.pins.roots).length : "?";
-    clearAllPins();
+    clearAllPins2();
     wipeSkillSessions();
     console.log(chalk25.green(`
 \u{1F513} Cleared ${count} skill pin(s).`));
@@ -20877,15 +21210,15 @@ function registerSkillPinCommand(program2) {
 }
 
 // src/cli/commands/decisions.ts
-import fs42 from "fs";
+import fs43 from "fs";
 import os38 from "os";
 import path44 from "path";
 import chalk26 from "chalk";
 var DECISIONS_FILE2 = path44.join(os38.homedir(), ".node9", "decisions.json");
 function readDecisions() {
   try {
-    if (!fs42.existsSync(DECISIONS_FILE2)) return {};
-    const raw = fs42.readFileSync(DECISIONS_FILE2, "utf-8");
+    if (!fs43.existsSync(DECISIONS_FILE2)) return {};
+    const raw = fs43.readFileSync(DECISIONS_FILE2, "utf-8");
     const parsed = JSON.parse(raw);
     const out = {};
     for (const [k, v] of Object.entries(parsed)) {
@@ -20898,10 +21231,10 @@ function readDecisions() {
 }
 function writeDecisions(d) {
   const dir = path44.dirname(DECISIONS_FILE2);
-  if (!fs42.existsSync(dir)) fs42.mkdirSync(dir, { recursive: true });
+  if (!fs43.existsSync(dir)) fs43.mkdirSync(dir, { recursive: true });
   const tmp = `${DECISIONS_FILE2}.${process.pid}.tmp`;
-  fs42.writeFileSync(tmp, JSON.stringify(d, null, 2));
-  fs42.renameSync(tmp, DECISIONS_FILE2);
+  fs43.writeFileSync(tmp, JSON.stringify(d, null, 2));
+  fs43.renameSync(tmp, DECISIONS_FILE2);
 }
 function registerDecisionsCommand(program2) {
   const cmd = program2.command("decisions").description('Manage persistent "Always Allow" / "Always Deny" tool decisions');
@@ -20958,7 +21291,7 @@ Persistent decisions  (${entries.length})
 
 // src/cli/commands/dlp.ts
 import chalk27 from "chalk";
-import fs43 from "fs";
+import fs44 from "fs";
 import path45 from "path";
 import os39 from "os";
 var AUDIT_LOG = path45.join(os39.homedir(), ".node9", "audit.log");
@@ -20969,7 +21302,7 @@ function stripAnsi(s) {
 }
 function loadResolved() {
   try {
-    const raw = JSON.parse(fs43.readFileSync(RESOLVED_FILE, "utf-8"));
+    const raw = JSON.parse(fs44.readFileSync(RESOLVED_FILE, "utf-8"));
     return new Set(raw);
   } catch {
     return /* @__PURE__ */ new Set();
@@ -20977,13 +21310,13 @@ function loadResolved() {
 }
 function saveResolved(resolved) {
   try {
-    fs43.writeFileSync(RESOLVED_FILE, JSON.stringify([...resolved], null, 2), { mode: 384 });
+    fs44.writeFileSync(RESOLVED_FILE, JSON.stringify([...resolved], null, 2), { mode: 384 });
   } catch {
   }
 }
 function loadDlpFindings() {
-  if (!fs43.existsSync(AUDIT_LOG)) return [];
-  return fs43.readFileSync(AUDIT_LOG, "utf-8").split("\n").flatMap((line) => {
+  if (!fs44.existsSync(AUDIT_LOG)) return [];
+  return fs44.readFileSync(AUDIT_LOG, "utf-8").split("\n").flatMap((line) => {
     if (!line.trim()) return [];
     try {
       const e = JSON.parse(line);
@@ -21082,13 +21415,13 @@ function registerDlpCommand(program2) {
 // src/cli/commands/mask.ts
 init_dlp();
 import chalk28 from "chalk";
-import fs44 from "fs";
+import fs45 from "fs";
 import path46 from "path";
 import os40 from "os";
 function findJsonlFiles(dir) {
   const results = [];
-  if (!fs44.existsSync(dir)) return results;
-  for (const entry of fs44.readdirSync(dir, { withFileTypes: true })) {
+  if (!fs45.existsSync(dir)) return results;
+  for (const entry of fs45.readdirSync(dir, { withFileTypes: true })) {
     const full = path46.join(dir, entry.name);
     if (entry.isDirectory()) results.push(...findJsonlFiles(full));
     else if (entry.isFile() && entry.name.endsWith(".jsonl")) results.push(full);
@@ -21132,7 +21465,7 @@ function redactJson(obj) {
 function processFile(filePath, dryRun) {
   let raw;
   try {
-    raw = fs44.readFileSync(filePath, "utf-8");
+    raw = fs45.readFileSync(filePath, "utf-8");
   } catch {
     return { redactedLines: 0, patterns: [] };
   }
@@ -21164,14 +21497,14 @@ function processFile(filePath, dryRun) {
     }
   }
   if (!dryRun && redactedLines > 0) {
-    fs44.writeFileSync(filePath, newLines.join("\n"), "utf-8");
+    fs45.writeFileSync(filePath, newLines.join("\n"), "utf-8");
   }
   return { redactedLines, patterns };
 }
 function processJsonFile(filePath, dryRun) {
   let raw;
   try {
-    raw = fs44.readFileSync(filePath, "utf-8");
+    raw = fs45.readFileSync(filePath, "utf-8");
   } catch {
     return { redactedLines: 0, patterns: [] };
   }
@@ -21184,14 +21517,14 @@ function processJsonFile(filePath, dryRun) {
   const { value, modified, found } = redactJson(parsed);
   if (!modified) return { redactedLines: 0, patterns: [] };
   if (!dryRun) {
-    fs44.writeFileSync(filePath, JSON.stringify(value, null, 2), "utf-8");
+    fs45.writeFileSync(filePath, JSON.stringify(value, null, 2), "utf-8");
   }
   return { redactedLines: 1, patterns: found };
 }
 function findJsonFiles(dir) {
   const results = [];
-  if (!fs44.existsSync(dir)) return results;
-  for (const entry of fs44.readdirSync(dir, { withFileTypes: true })) {
+  if (!fs45.existsSync(dir)) return results;
+  for (const entry of fs45.readdirSync(dir, { withFileTypes: true })) {
     const full = path46.join(dir, entry.name);
     if (entry.isDirectory()) results.push(...findJsonFiles(full));
     else if (entry.isFile() && entry.name.endsWith(".json")) results.push(full);
@@ -21211,7 +21544,7 @@ function registerMaskCommand(program2) {
     const cutoff = options.all ? null : new Date(Date.now() - 30 * 24 * 60 * 60 * 1e3);
     const filtered = cutoff ? allFiles.filter((f) => {
       try {
-        return fs44.statSync(f.path).mtime >= cutoff;
+        return fs45.statSync(f.path).mtime >= cutoff;
       } catch {
         return false;
       }
@@ -21267,20 +21600,20 @@ function registerMaskCommand(program2) {
 // src/cli.ts
 init_blast();
 var { version } = JSON.parse(
-  fs47.readFileSync(path49.join(__dirname, "../package.json"), "utf-8")
+  fs48.readFileSync(path49.join(__dirname, "../package.json"), "utf-8")
 );
 var program = new Command();
 program.name("node9").description("The Sudo Command for AI Agents").version(version);
 program.command("login").argument("<apiKey>").option("--local", "Save key for audit/logging only \u2014 local config still controls all decisions").option("--profile <name>", 'Save as a named profile (default: "default")').action((apiKey, options) => {
   const DEFAULT_API_URL2 = "https://api.node9.ai/api/v1/intercept";
   const credPath = path49.join(os43.homedir(), ".node9", "credentials.json");
-  if (!fs47.existsSync(path49.dirname(credPath)))
-    fs47.mkdirSync(path49.dirname(credPath), { recursive: true });
+  if (!fs48.existsSync(path49.dirname(credPath)))
+    fs48.mkdirSync(path49.dirname(credPath), { recursive: true });
   const profileName = options.profile || "default";
   let existingCreds = {};
   try {
-    if (fs47.existsSync(credPath)) {
-      const raw = JSON.parse(fs47.readFileSync(credPath, "utf-8"));
+    if (fs48.existsSync(credPath)) {
+      const raw = JSON.parse(fs48.readFileSync(credPath, "utf-8"));
       if (raw.apiKey) {
         existingCreds = {
           default: { apiKey: raw.apiKey, apiUrl: raw.apiUrl || DEFAULT_API_URL2 }
@@ -21292,13 +21625,13 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
   } catch {
   }
   existingCreds[profileName] = { apiKey, apiUrl: DEFAULT_API_URL2 };
-  fs47.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
+  fs48.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
   if (profileName === "default") {
     const configPath = path49.join(os43.homedir(), ".node9", "config.json");
     let config = {};
     try {
-      if (fs47.existsSync(configPath))
-        config = JSON.parse(fs47.readFileSync(configPath, "utf-8"));
+      if (fs48.existsSync(configPath))
+        config = JSON.parse(fs48.readFileSync(configPath, "utf-8"));
     } catch {
     }
     if (!config.settings || typeof config.settings !== "object") config.settings = {};
@@ -21313,9 +21646,9 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
       approvers.cloud = false;
     }
     s.approvers = approvers;
-    if (!fs47.existsSync(path49.dirname(configPath)))
-      fs47.mkdirSync(path49.dirname(configPath), { recursive: true });
-    fs47.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
+    if (!fs48.existsSync(path49.dirname(configPath)))
+      fs48.mkdirSync(path49.dirname(configPath), { recursive: true });
+    fs48.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
   }
   if (options.profile && profileName !== "default") {
     console.log(chalk30.green(`\u2705 Profile "${profileName}" saved`));
@@ -21453,14 +21786,14 @@ program.command("uninstall").description("Remove all Node9 hooks and optionally
   }
   if (options.purge) {
     const node9Dir = path49.join(os43.homedir(), ".node9");
-    if (fs47.existsSync(node9Dir)) {
+    if (fs48.existsSync(node9Dir)) {
       const confirmed = await confirm2({
         message: `Permanently delete ${node9Dir} (config, audit log, credentials)?`,
         default: false
       });
       if (confirmed) {
-        fs47.rmSync(node9Dir, { recursive: true });
-        if (fs47.existsSync(node9Dir)) {
+        fs48.rmSync(node9Dir, { recursive: true });
+        if (fs48.existsSync(node9Dir)) {
           console.error(
             chalk30.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
           );
@@ -21615,12 +21948,12 @@ Run "node9 addto claude" to register it as the statusLine.`
   if (subcommand === "debug") {
     const flagFile = path49.join(os43.homedir(), ".node9", "hud-debug");
     if (state === "on") {
-      fs47.mkdirSync(path49.dirname(flagFile), { recursive: true });
-      fs47.writeFileSync(flagFile, "");
+      fs48.mkdirSync(path49.dirname(flagFile), { recursive: true });
+      fs48.writeFileSync(flagFile, "");
       console.log("HUD debug logging enabled \u2192 ~/.node9/hud-debug.log");
       console.log("Tail it with: tail -f ~/.node9/hud-debug.log");
     } else if (state === "off") {
-      if (fs47.existsSync(flagFile)) fs47.unlinkSync(flagFile);
+      if (fs48.existsSync(flagFile)) fs48.unlinkSync(flagFile);
       console.log("HUD debug logging disabled.");
     } else {
       console.error("Usage: node9 hud debug on|off");
@@ -21736,7 +22069,7 @@ if (process.argv[2] !== "daemon") {
       if (process.env.NODE9_DEBUG === "1" || getConfig().settings.enableHookLogDebug) {
         const logPath = path49.join(os43.homedir(), ".node9", "hook-debug.log");
         const msg = reason instanceof Error ? reason.message : String(reason);
-        fs47.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
+        fs48.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
 `);
       }
       process.exit(0);