@node9/proxy 1.29.0 → 1.30.0

package/dist/cli.mjs

@@ -52,11 +52,17 @@ __export(audit_exports, {
   appendHookDebug: () => appendHookDebug,
   appendLocalAudit: () => appendLocalAudit,
   appendToLog: () => appendToLog,
+  buildArgsPreview: () => buildArgsPreview,
+  generateEventId: () => generateEventId,
   redactSecrets: () => redactSecrets
 });
 import fs from "fs";
 import path from "path";
 import os from "os";
+import crypto from "crypto";
+function generateEventId() {
+  return `${Date.now().toString(36)}-${crypto.randomBytes(6).toString("hex")}`;
+}
 function isTestCall(toolName, args) {
   if (toolName !== "Bash" && toolName !== "bash") return false;
   const cmd = args?.command;
@@ -75,6 +81,17 @@ function redactSecrets(text) {
   );
   return redacted;
 }
+function buildArgsPreview(args) {
+  try {
+    const o = args && typeof args === "object" ? args : null;
+    const primary = o && (o.command ?? o.file_path ?? o.path ?? o.url ?? o.query);
+    const text = typeof primary === "string" ? primary : args ? JSON.stringify(args) : "";
+    if (!text) return void 0;
+    return redactSecrets(text).slice(0, 120);
+  } catch {
+    return void 0;
+  }
+}
 function appendToLog(logPath, entry) {
   try {
     const dir = path.dirname(logPath);
@@ -97,11 +114,18 @@ function appendHookDebug(toolName, args, meta, auditHashArgsEnabled) {
   });
 }
 function appendLocalAudit(toolName, args, decision, checkedBy, meta, auditHashArgsEnabled) {
-  const argsField = auditHashArgsEnabled ? { argsHash: hashArgs(args) } : { args: args ? JSON.parse(redactSecrets(JSON.stringify(args))) : {} };
+  const isDlpRow = checkedBy.toLowerCase().includes("dlp") || Boolean(meta?.dlpPattern);
+  const preview2 = auditHashArgsEnabled && !isDlpRow ? buildArgsPreview(args) : void 0;
+  const argsField = auditHashArgsEnabled ? { argsHash: hashArgs(args), ...preview2 ? { argsPreview: preview2 } : {} } : { args: args ? JSON.parse(redactSecrets(JSON.stringify(args))) : {} };
   const testRun = isTestCall(toolName, args) || process.env.NODE9_TESTING === "1" ? { testRun: true } : {};
   const ruleNameField = meta?.ruleName ? { ruleName: meta.ruleName } : {};
   const agentToolNameField = meta?.agentToolName ? { agentToolName: meta.agentToolName } : {};
+  const dlpFields = meta?.dlpPattern ? { dlpPattern: meta.dlpPattern, dlpSample: meta.dlpSample } : {};
+  const cloudLinkField = meta?.cloudRequestId ? { cloudRequestId: meta.cloudRequestId } : {};
   appendToLog(LOCAL_AUDIT_LOG, {
+    // eid first: the outbox shipper dedups on it, and a fixed leading field
+    // makes the JSONL easy to eyeball.
+    eid: generateEventId(),
     ts: (/* @__PURE__ */ new Date()).toISOString(),
     tool: toolName,
     ...agentToolNameField,
@@ -109,6 +133,8 @@ function appendLocalAudit(toolName, args, decision, checkedBy, meta, auditHashAr
     decision,
     checkedBy,
     ...ruleNameField,
+    ...dlpFields,
+    ...cloudLinkField,
     ...testRun,
     agent: meta?.agent,
     mcpServer: meta?.mcpServer,
@@ -153,8 +179,8 @@ function sanitizeConfig(raw) {
     }
   }
   const lines = result.error.issues.map((issue) => {
-    const path50 = issue.path.length > 0 ? issue.path.join(".") : "root";
-    return `  \u2022 ${path50}: ${issue.message}`;
+    const path51 = issue.path.length > 0 ? issue.path.join(".") : "root";
+    return `  \u2022 ${path51}: ${issue.message}`;
   });
   return {
     sanitized,
@@ -239,7 +265,13 @@ var init_config_schema = __esm({
         allowGlobalPause: z.boolean().optional(),
         auditHashArgs: z.boolean().optional(),
         agentPolicy: z.enum(["require_approval", "block_on_rules"]).optional(),
-        cloudSyncIntervalHours: z.number().positive().optional()
+        cloudSyncIntervalHours: z.number().positive().optional(),
+        // Outbox shipper (audit.log → SaaS batch ingest). enabled defaults
+        // to true; set false to fall back to local-only auditing.
+        shipper: z.object({
+          enabled: z.boolean().optional(),
+          intervalSeconds: z.number().min(5).optional()
+        }).optional()
       }).optional(),
       policy: z.object({
         sandboxPaths: z.array(z.string()).optional(),
@@ -278,7 +310,7 @@ import mvdanSh from "mvdan-sh";
 import pm from "picomatch";
 import safeRegex2 from "safe-regex2";
 import safeRegex3 from "safe-regex2";
-import crypto from "crypto";
+import crypto2 from "crypto";
 function isAssignmentContext(text) {
   return ASSIGNMENT_CONTEXT_RE.test(text);
 }
@@ -991,9 +1023,9 @@ function matchesPattern(text, patterns) {
   const withoutDotSlash = text.replace(/^\.\//, "");
   return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
 }
-function getNestedValue(obj, path50) {
+function getNestedValue(obj, path51) {
   if (!obj || typeof obj !== "object") return null;
-  const segments = path50.split(".");
+  const segments = path51.split(".");
   for (const seg of segments) {
     if (FORBIDDEN_PATH_SEGMENTS.has(seg)) return null;
   }
@@ -1355,7 +1387,7 @@ function assertBuiltinShieldRegexesAreSafe() {
 }
 function computeArgsHash(args) {
   const str = JSON.stringify(args ?? "");
-  return crypto.createHash("sha256").update(str).digest("hex").slice(0, 16);
+  return crypto2.createHash("sha256").update(str).digest("hex").slice(0, 16);
 }
 function evaluateLoopWindow(records, tool, args, threshold, windowMs, now) {
   const hash = computeArgsHash(args);
@@ -3394,7 +3426,7 @@ var init_dist = __esm({
 import fs2 from "fs";
 import path2 from "path";
 import os2 from "os";
-import crypto2 from "crypto";
+import crypto3 from "crypto";
 function loadUserShields() {
   const result = {};
   let entries;
@@ -3469,7 +3501,7 @@ function readShieldsFile() {
 }
 function writeShieldsFile(data) {
   fs2.mkdirSync(path2.dirname(SHIELDS_STATE_FILE), { recursive: true });
-  const tmp = `${SHIELDS_STATE_FILE}.${crypto2.randomBytes(6).toString("hex")}.tmp`;
+  const tmp = `${SHIELDS_STATE_FILE}.${crypto3.randomBytes(6).toString("hex")}.tmp`;
   const toWrite = { active: data.active };
   if (data.overrides && Object.keys(data.overrides).length > 0) toWrite.overrides = data.overrides;
   fs2.writeFileSync(tmp, JSON.stringify(toWrite, null, 2), { mode: 384 });
@@ -3559,7 +3591,7 @@ function installShield(name, shieldJson) {
   }
   fs2.mkdirSync(USER_SHIELDS_DIR, { recursive: true });
   const filePath = path2.join(USER_SHIELDS_DIR, `${name}.json`);
-  const tmp = `${filePath}.${crypto2.randomBytes(6).toString("hex")}.tmp`;
+  const tmp = `${filePath}.${crypto3.randomBytes(6).toString("hex")}.tmp`;
   fs2.writeFileSync(tmp, JSON.stringify(shieldJson, null, 2), { mode: 384 });
   fs2.renameSync(tmp, filePath);
 }
@@ -3657,7 +3689,8 @@ function getConfig(cwd) {
   const projectConfig = tryLoadConfig(projectPath);
   const mergedSettings = {
     ...DEFAULT_CONFIG.settings,
-    approvers: { ...DEFAULT_CONFIG.settings.approvers }
+    approvers: { ...DEFAULT_CONFIG.settings.approvers },
+    shipper: { ...DEFAULT_CONFIG.settings.shipper }
   };
   const mergedPolicy = {
     sandboxPaths: [...DEFAULT_CONFIG.policy.sandboxPaths],
@@ -3688,6 +3721,7 @@ function getConfig(cwd) {
     if (s.enableHookLogDebug !== void 0)
       mergedSettings.enableHookLogDebug = s.enableHookLogDebug;
     if (s.approvers) mergedSettings.approvers = { ...mergedSettings.approvers, ...s.approvers };
+    if (s.shipper) mergedSettings.shipper = { ...mergedSettings.shipper, ...s.shipper };
     if (s.approvalTimeoutMs !== void 0) mergedSettings.approvalTimeoutMs = s.approvalTimeoutMs;
     if (s.approvalTimeoutSeconds !== void 0 && s.approvalTimeoutMs === void 0)
       mergedSettings.approvalTimeoutMs = s.approvalTimeoutSeconds * 1e3;
@@ -3885,7 +3919,8 @@ var init_config = __esm({
         flightRecorder: true,
         auditHashArgs: true,
         approvers: { native: true, browser: false, cloud: false, terminal: true },
-        cloudSyncIntervalHours: 5
+        cloudSyncIntervalHours: 5,
+        shipper: { enabled: true, intervalSeconds: 20 }
       },
       policy: {
         sandboxPaths: ["/tmp/**", "**/sandbox/**", "**/test-results/**"],
@@ -5430,55 +5465,6 @@ function validateApiUrl(raw) {
   }
   return null;
 }
-function auditLocalAllow(toolName, args, checkedBy, creds, meta, dlpInfo, containsSensitiveArgs = false, riskMetadata) {
-  const validated = validateApiUrl(creds.apiUrl);
-  if (!validated) {
-    try {
-      fs10.appendFileSync(
-        HOOK_DEBUG_LOG,
-        `[audit] refused to send: invalid apiUrl scheme/host (got "${String(creds.apiUrl).slice(0, 200)}")
-`
-      );
-    } catch {
-    }
-    return Promise.resolve();
-  }
-  const safeArgs = containsSensitiveArgs ? { tool: toolName, redacted: true } : args;
-  const dlpSample = dlpInfo && typeof dlpInfo.redactedSample === "string" ? dlpInfo.redactedSample.slice(0, DLP_SAMPLE_MAX_LEN) : void 0;
-  const dlpPattern = dlpInfo && typeof dlpInfo.pattern === "string" ? dlpInfo.pattern.slice(0, DLP_PATTERN_MAX_LEN) : void 0;
-  const safeCheckedBy = KNOWN_CHECKED_BY.has(checkedBy) ? checkedBy : "unknown";
-  const cleanedRiskMetadata = riskMetadata ? Object.fromEntries(
-    Object.entries(riskMetadata).filter(([, v]) => typeof v === "string" && v.length > 0)
-  ) : void 0;
-  const hasRiskMetadata = cleanedRiskMetadata && Object.keys(cleanedRiskMetadata).length > 0;
-  return fetch(`${validated.toString().replace(/\/$/, "")}/audit`, {
-    method: "POST",
-    headers: { "Content-Type": "application/json", Authorization: `Bearer ${creds.apiKey}` },
-    body: JSON.stringify({
-      toolName,
-      args: safeArgs,
-      checkedBy: safeCheckedBy,
-      ...dlpInfo && { dlpPattern, dlpSample },
-      ...hasRiskMetadata && { riskMetadata: cleanedRiskMetadata },
-      // session_id (Claude Code + Gemini CLI) groups all audit rows from one
-      // agent run; transcript_path is the authoritative pointer to the
-      // session log (survives Gemini resume drift). Both optional —
-      // unsupported agents (MCP-mediated) leave them undefined.
-      ...meta?.sessionId && { runId: meta.sessionId },
-      ...meta?.transcriptPath && { transcriptPath: meta.transcriptPath },
-      context: {
-        agent: meta?.agent,
-        mcpServer: meta?.mcpServer,
-        hostname: os9.hostname(),
-        cwd: process.cwd(),
-        platform: os9.platform()
-      }
-    }),
-    signal: AbortSignal.timeout(5e3)
-  }).then(() => {
-  }).catch(() => {
-  });
-}
 async function initNode9SaaS(toolName, args, creds, meta, riskMetadata, agentPolicy, forceReview) {
   const controller = new AbortController();
   const timeout = setTimeout(() => controller.abort(), 1e4);
@@ -5602,32 +5588,10 @@ async function resolveNode9SaaS(requestId, creds, approved, decidedBy) {
     );
   }
 }
-var DLP_SAMPLE_MAX_LEN, DLP_PATTERN_MAX_LEN, KNOWN_CHECKED_BY;
 var init_cloud = __esm({
   "src/auth/cloud.ts"() {
     "use strict";
     init_audit();
-    DLP_SAMPLE_MAX_LEN = 200;
-    DLP_PATTERN_MAX_LEN = 100;
-    KNOWN_CHECKED_BY = /* @__PURE__ */ new Set([
-      "dlp-block",
-      "observe-mode-dlp-would-block",
-      "dlp-review-flagged",
-      "loop-detected",
-      "audit-mode",
-      "local-policy",
-      "smart-rule-block",
-      // Smart-rule block was downgraded to review because the daemon was
-      // running and we're not in CI. The block attempt is still recorded;
-      // the user got a popup. Distinct from 'smart-rule-block' so the
-      // dashboard can show "block rule overridden" separately from a hard
-      // block that fired with no human in the loop.
-      "smart-rule-block-override",
-      "persistent",
-      "trust",
-      "observe-mode",
-      "observe-mode-would-block"
-    ]);
   }
 });
 
@@ -5809,17 +5773,11 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
             args,
             "deny",
             isObserveMode ? "observe-mode-dlp-would-block" : "dlp-block",
-            meta,
-            true
-          );
-        if (approvers.cloud && creds?.apiKey)
-          auditLocalAllow(
-            toolName,
-            args,
-            isObserveMode ? "observe-mode-dlp-would-block" : "dlp-block",
-            creds,
-            meta,
-            { pattern: dlpMatch.patternName, redactedSample: dlpMatch.redactedSample },
+            {
+              ...meta,
+              dlpPattern: dlpMatch.patternName,
+              dlpSample: dlpMatch.redactedSample
+            },
             true
           );
         if (isWriteTool(toolName) && filePath) {
@@ -5875,9 +5833,6 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
       const policyResult = await evaluatePolicy2(toolName, args, meta?.agent, options?.cwd);
       if (policyResult.decision === "review") {
         appendLocalAudit(toolName, args, "allow", "audit-mode", meta, hashAuditArgs);
-        if (approvers.cloud && creds?.apiKey) {
-          await auditLocalAllow(toolName, args, "audit-mode", creds, meta);
-        }
       }
     }
     return { approved: true, checkedBy: "audit" };
@@ -5890,8 +5845,6 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
         const reason = `It looks like you've called "${toolName}" ${loopResult.count} times with identical arguments in the last ${ld.windowSeconds}s. Are you stuck? Step back and reconsider your approach \u2014 what are you actually trying to accomplish, and is there a different way to get there?`;
         if (!isManual)
           appendLocalAudit(toolName, args, "deny", "loop-detected", meta, hashAuditArgs);
-        if (approvers.cloud && creds?.apiKey)
-          auditLocalAllow(toolName, args, "loop-detected", creds, meta, void 0, true);
         return {
           approved: false,
           reason,
@@ -5910,15 +5863,15 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
       };
     }
     if (policyResult.decision === "allow") {
-      if (approvers.cloud && creds?.apiKey)
-        await auditLocalAllow(toolName, args, "local-policy", creds, meta, void 0, false, {
-          ruleName: policyResult.ruleName,
-          ruleDescription: policyResult.ruleDescription,
-          blockedByLabel: policyResult.blockedByLabel,
-          matchedField: policyResult.matchedField,
-          matchedWord: policyResult.matchedWord
-        });
-      if (!isManual) appendLocalAudit(toolName, args, "allow", "local-policy", meta, hashAuditArgs);
+      if (!isManual)
+        appendLocalAudit(
+          toolName,
+          args,
+          "allow",
+          "local-policy",
+          { ...meta, ruleName: policyResult.ruleName },
+          hashAuditArgs
+        );
       return { approved: true, checkedBy: "local-policy" };
     }
     if (policyResult.decision === "block") {
@@ -5951,23 +5904,6 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
             { ...meta, ruleName: policyResult.ruleName },
             hashAuditArgs
           );
-        if (approvers.cloud && creds?.apiKey)
-          auditLocalAllow(
-            toolName,
-            args,
-            "smart-rule-block-override",
-            creds,
-            meta,
-            void 0,
-            false,
-            {
-              ruleName: policyResult.ruleName,
-              ruleDescription: policyResult.ruleDescription,
-              blockedByLabel: policyResult.blockedByLabel,
-              matchedField: policyResult.matchedField,
-              matchedWord: policyResult.matchedWord
-            }
-          );
         const baseLabel = policyResult.blockedByLabel || "Smart Rule";
         const OVERRIDE_PREFIX = "\u26A0\uFE0F Override block rule: ";
         if (!baseLabel.startsWith(OVERRIDE_PREFIX)) {
@@ -5992,14 +5928,6 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
             { ...meta, ruleName: policyResult.ruleName },
             hashAuditArgs
           );
-        if (approvers.cloud && creds?.apiKey)
-          auditLocalAllow(toolName, args, "smart-rule-block", creds, meta, void 0, false, {
-            ruleName: policyResult.ruleName,
-            ruleDescription: policyResult.ruleDescription,
-            blockedByLabel: policyResult.blockedByLabel,
-            matchedField: policyResult.matchedField,
-            matchedWord: policyResult.matchedWord
-          });
         return {
           approved: false,
           reason: policyResult.reason ?? "Action explicitly blocked by Smart Policy.",
@@ -6028,8 +5956,6 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
     if (policyRuleDescription) riskMetadata.ruleDescription = policyRuleDescription.slice(0, 200);
     const persistent = policyResult.ruleName ? null : getPersistentDecision(toolName);
     if (persistent === "allow") {
-      if (approvers.cloud && creds?.apiKey)
-        await auditLocalAllow(toolName, args, "persistent", creds, meta);
       if (!isManual) appendLocalAudit(toolName, args, "allow", "persistent", meta, hashAuditArgs);
       return { approved: true, checkedBy: "persistent" };
     }
@@ -6062,8 +5988,6 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
     }
   }
   if (!taintWarning && getActiveTrustSession(toolName, args)) {
-    if (approvers.cloud && creds?.apiKey)
-      await auditLocalAllow(toolName, args, "trust", creds, meta);
     if (!isManual) appendLocalAudit(toolName, args, "allow", "trust", meta, hashAuditArgs);
     return { approved: true, checkedBy: "trust" };
   }
@@ -6308,7 +6232,12 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
       args,
       finalResult.approved ? "allow" : "deny",
       finalResult.checkedBy || finalResult.blockedBy || "unknown",
-      meta,
+      // cloudRequestId links this row to the BE-origin AuditLog row the
+      // /intercept handshake created — the shipper hands it to the SaaS so
+      // the BE enriches that row instead of inserting a duplicate. Matters
+      // for EVERY racer outcome, not just cloud wins: a native-popup
+      // decision on a cloud-pending request would otherwise count twice.
+      cloudRequestId ? { ...meta, cloudRequestId } : meta,
       hashAuditArgs
     );
   }
@@ -6362,7 +6291,7 @@ var init_core = __esm({
 import fs12 from "fs";
 import path14 from "path";
 import os11 from "os";
-import crypto3 from "crypto";
+import crypto4 from "crypto";
 function getHomePinsFilePath() {
   return path14.join(os11.homedir(), ".node9", "mcp-pins.json");
 }
@@ -6392,10 +6321,10 @@ function hashToolDefinitions(tools) {
     return nameA.localeCompare(nameB);
   });
   const canonical = JSON.stringify(sorted);
-  return crypto3.createHash("sha256").update(canonical).digest("hex");
+  return crypto4.createHash("sha256").update(canonical).digest("hex");
 }
 function getServerKey(upstreamCommand) {
-  return crypto3.createHash("sha256").update(upstreamCommand).digest("hex").slice(0, 16);
+  return crypto4.createHash("sha256").update(upstreamCommand).digest("hex").slice(0, 16);
 }
 function readPinsFile(filePath) {
   try {
@@ -6426,7 +6355,7 @@ function readMcpPins() {
 }
 function writePinsFile(filePath, data) {
   fs12.mkdirSync(path14.dirname(filePath), { recursive: true });
-  const tmp = `${filePath}.${crypto3.randomBytes(6).toString("hex")}.tmp`;
+  const tmp = `${filePath}.${crypto4.randomBytes(6).toString("hex")}.tmp`;
   const isHome = filePath === getHomePinsFilePath();
   fs12.writeFileSync(tmp, JSON.stringify(data, null, 2), isHome ? { mode: 384 } : {});
   fs12.renameSync(tmp, filePath);
@@ -14256,74 +14185,285 @@ var init_sync = __esm({
   }
 });
 
-// src/daemon/dlp-scanner.ts
+// src/daemon/audit-shipper.ts
+var audit_shipper_exports = {};
+__export(audit_shipper_exports, {
+  AUDIT_SHIP_WATERMARK: () => AUDIT_SHIP_WATERMARK,
+  buildWireRows: () => buildWireRows,
+  fileSignature: () => fileSignature,
+  readWatermark: () => readWatermark,
+  shipLagBytes: () => shipLagBytes,
+  shipOnce: () => shipOnce,
+  startAuditShipper: () => startAuditShipper,
+  writeWatermark: () => writeWatermark
+});
 import fs24 from "fs";
 import path26 from "path";
 import os22 from "os";
+import crypto5 from "crypto";
+function fileSignature(filePath) {
+  const fd = fs24.openSync(filePath, "r");
+  try {
+    const buf = Buffer.alloc(512);
+    const read = fs24.readSync(fd, buf, 0, 512, 0);
+    const slice = buf.subarray(0, read);
+    const nl = slice.indexOf(10);
+    const firstLine = nl === -1 ? slice : slice.subarray(0, nl);
+    return crypto5.createHash("sha256").update(firstLine).digest("hex").slice(0, 16);
+  } finally {
+    fs24.closeSync(fd);
+  }
+}
+function readWatermark(watermarkPath) {
+  try {
+    const raw = JSON.parse(fs24.readFileSync(watermarkPath, "utf-8"));
+    if (typeof raw.fileSig === "string" && typeof raw.offset === "number" && raw.offset >= 0)
+      return raw;
+  } catch {
+  }
+  return null;
+}
+function writeWatermark(watermarkPath, wm) {
+  const tmp = `${watermarkPath}.tmp`;
+  fs24.writeFileSync(tmp, JSON.stringify(wm));
+  fs24.renameSync(tmp, watermarkPath);
+}
+function buildWireRows(chunk) {
+  const lastNl = chunk.lastIndexOf(10);
+  if (lastNl === -1) return { rows: [], consumed: 0 };
+  const complete = chunk.subarray(0, lastNl + 1);
+  const rows = [];
+  for (const line of complete.toString("utf-8").split("\n")) {
+    if (!line.trim()) continue;
+    let parsed;
+    try {
+      parsed = JSON.parse(line);
+    } catch {
+      continue;
+    }
+    if (typeof parsed.eid !== "string" || parsed.eid.length < 8) continue;
+    if (typeof parsed.tool !== "string" || !parsed.tool) continue;
+    if (parsed.decision !== "allow" && parsed.decision !== "deny") continue;
+    if (typeof parsed.ts !== "string") continue;
+    if (parsed.testRun === true) continue;
+    const checkedBy = typeof parsed.checkedBy === "string" ? parsed.checkedBy : void 0;
+    if (checkedBy && SKIP_CHECKED_BY.has(checkedBy)) continue;
+    const cloudRequestId = typeof parsed.cloudRequestId === "string" ? parsed.cloudRequestId : void 0;
+    if (checkedBy === "cloud" && !cloudRequestId) continue;
+    rows.push({
+      eid: parsed.eid,
+      ts: parsed.ts,
+      tool: parsed.tool,
+      ...parsed.args && typeof parsed.args === "object" ? { args: parsed.args } : {},
+      ...typeof parsed.argsHash === "string" ? { argsHash: parsed.argsHash } : {},
+      ...typeof parsed.argsPreview === "string" ? { argsPreview: parsed.argsPreview } : {},
+      decision: parsed.decision,
+      ...checkedBy ? { checkedBy } : {},
+      ...typeof parsed.ruleName === "string" ? { ruleName: parsed.ruleName } : {},
+      ...typeof parsed.agent === "string" ? { agent: parsed.agent } : {},
+      ...typeof parsed.mcpServer === "string" ? { mcpServer: parsed.mcpServer } : {},
+      ...typeof parsed.sessionId === "string" ? { sessionId: parsed.sessionId } : {},
+      ...typeof parsed.dlpPattern === "string" ? { dlpPattern: parsed.dlpPattern } : {},
+      ...typeof parsed.dlpSample === "string" ? { dlpSample: parsed.dlpSample } : {},
+      ...cloudRequestId ? { cloudRequestId } : {}
+    });
+  }
+  return { rows, consumed: lastNl + 1 };
+}
+async function shipOnce(deps = {}) {
+  const auditLogPath = deps.auditLogPath ?? LOCAL_AUDIT_LOG;
+  const watermarkPath = deps.watermarkPath ?? AUDIT_SHIP_WATERMARK;
+  const fetchImpl = deps.fetchImpl ?? fetch;
+  let cloudEnabled = deps.cloudEnabled;
+  if (cloudEnabled === void 0) {
+    try {
+      const settings = getConfig().settings;
+      cloudEnabled = settings.shipper.enabled !== false && settings.approvers.cloud;
+    } catch {
+      cloudEnabled = false;
+    }
+  }
+  if (!cloudEnabled) return { status: "disabled", shipped: 0 };
+  const creds = deps.creds !== void 0 ? deps.creds : readCredentials();
+  if (!creds?.apiKey) return { status: "no-creds", shipped: 0 };
+  const validated = validateApiUrl(creds.apiUrl);
+  if (!validated) return { status: "no-creds", shipped: 0 };
+  const endpoint = `${validated.toString().replace(/\/$/, "")}/audit/batch`;
+  if (!fs24.existsSync(auditLogPath)) return { status: "idle", shipped: 0 };
+  let shipped = 0;
+  try {
+    for (let chunkN = 0; chunkN < MAX_CHUNKS_PER_TICK; chunkN++) {
+      const size = fs24.statSync(auditLogPath).size;
+      if (size === 0) break;
+      const sig = fileSignature(auditLogPath);
+      const wm = readWatermark(watermarkPath);
+      const offset = wm && wm.fileSig === sig && wm.offset <= size ? wm.offset : 0;
+      if (offset >= size) break;
+      const toRead = Math.min(size - offset, MAX_CHUNK_BYTES);
+      const buf = Buffer.alloc(toRead);
+      const fd = fs24.openSync(auditLogPath, "r");
+      let read;
+      try {
+        read = fs24.readSync(fd, buf, 0, toRead, offset);
+      } finally {
+        fs24.closeSync(fd);
+      }
+      const { rows, consumed } = buildWireRows(buf.subarray(0, read));
+      if (consumed === 0) break;
+      for (let i = 0; i < rows.length; i += MAX_BATCH) {
+        const batch = rows.slice(i, i + MAX_BATCH);
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), FETCH_TIMEOUT_MS);
+        try {
+          const res = await fetchImpl(endpoint, {
+            method: "POST",
+            headers: {
+              "Content-Type": "application/json",
+              Authorization: `Bearer ${creds.apiKey}`
+            },
+            body: JSON.stringify({ rows: batch }),
+            signal: controller.signal
+          });
+          if (!res.ok) throw new Error(`audit/batch HTTP ${res.status}`);
+        } finally {
+          clearTimeout(timer);
+        }
+        shipped += batch.length;
+      }
+      writeWatermark(watermarkPath, {
+        fileSig: sig,
+        offset: offset + consumed,
+        lastEid: rows.length > 0 ? rows[rows.length - 1].eid : wm?.lastEid,
+        updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+      });
+      if (consumed < toRead) break;
+    }
+  } catch (err2) {
+    try {
+      appendToLog(HOOK_DEBUG_LOG, {
+        ts: (/* @__PURE__ */ new Date()).toISOString(),
+        shipper: "error",
+        message: err2.message
+      });
+    } catch {
+    }
+    return { status: "error", shipped };
+  }
+  return { status: shipped > 0 ? "shipped" : "idle", shipped };
+}
+function shipLagBytes(auditLogPath = LOCAL_AUDIT_LOG, watermarkPath = AUDIT_SHIP_WATERMARK) {
+  try {
+    if (!fs24.existsSync(auditLogPath)) return 0;
+    const size = fs24.statSync(auditLogPath).size;
+    const wm = readWatermark(watermarkPath);
+    if (!wm) return size;
+    if (wm.fileSig !== fileSignature(auditLogPath)) return size;
+    return Math.max(0, size - wm.offset);
+  } catch {
+    return null;
+  }
+}
+function startAuditShipper() {
+  if (shipperStarted) return;
+  shipperStarted = true;
+  const intervalMs = (() => {
+    try {
+      const sec = getConfig().settings.shipper.intervalSeconds;
+      return sec >= 5 ? sec * 1e3 : DEFAULT_INTERVAL_MS;
+    } catch {
+      return DEFAULT_INTERVAL_MS;
+    }
+  })();
+  setTimeout(() => void shipOnce(), 3e3);
+  setInterval(() => void shipOnce(), intervalMs);
+}
+var AUDIT_SHIP_WATERMARK, DEFAULT_INTERVAL_MS, MAX_BATCH, MAX_CHUNK_BYTES, MAX_CHUNKS_PER_TICK, FETCH_TIMEOUT_MS, SKIP_CHECKED_BY, shipperStarted;
+var init_audit_shipper = __esm({
+  "src/daemon/audit-shipper.ts"() {
+    "use strict";
+    init_audit();
+    init_config();
+    init_sync();
+    init_cloud();
+    AUDIT_SHIP_WATERMARK = path26.join(os22.homedir(), ".node9", "audit-ship.json");
+    DEFAULT_INTERVAL_MS = 2e4;
+    MAX_BATCH = 500;
+    MAX_CHUNK_BYTES = 4 * 1024 * 1024;
+    MAX_CHUNKS_PER_TICK = 10;
+    FETCH_TIMEOUT_MS = 1e4;
+    SKIP_CHECKED_BY = /* @__PURE__ */ new Set(["ignored"]);
+    shipperStarted = false;
+  }
+});
+
+// src/daemon/dlp-scanner.ts
+import fs25 from "fs";
+import path27 from "path";
+import os23 from "os";
 function loadIndex() {
   try {
-    return JSON.parse(fs24.readFileSync(INDEX_FILE, "utf-8"));
+    return JSON.parse(fs25.readFileSync(INDEX_FILE, "utf-8"));
   } catch {
     return {};
   }
 }
 function saveIndex(index) {
   try {
-    fs24.writeFileSync(INDEX_FILE, JSON.stringify(index), { encoding: "utf-8", mode: 384 });
+    fs25.writeFileSync(INDEX_FILE, JSON.stringify(index), { encoding: "utf-8", mode: 384 });
   } catch {
   }
 }
 function appendAuditEntry(entry) {
   try {
-    fs24.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
+    fs25.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
   } catch {
   }
 }
 function runDlpScan() {
-  if (!fs24.existsSync(PROJECTS_DIR2)) return;
+  if (!fs25.existsSync(PROJECTS_DIR2)) return;
   const index = loadIndex();
   let updated = false;
   let projDirs;
   try {
-    projDirs = fs24.readdirSync(PROJECTS_DIR2);
+    projDirs = fs25.readdirSync(PROJECTS_DIR2);
   } catch {
     return;
   }
   for (const proj of projDirs) {
-    const projPath = path26.join(PROJECTS_DIR2, proj);
+    const projPath = path27.join(PROJECTS_DIR2, proj);
     try {
-      if (!fs24.lstatSync(projPath).isDirectory()) continue;
-      const real = fs24.realpathSync(projPath);
-      if (!real.startsWith(PROJECTS_DIR2 + path26.sep) && real !== PROJECTS_DIR2) continue;
+      if (!fs25.lstatSync(projPath).isDirectory()) continue;
+      const real = fs25.realpathSync(projPath);
+      if (!real.startsWith(PROJECTS_DIR2 + path27.sep) && real !== PROJECTS_DIR2) continue;
     } catch {
       continue;
     }
     let files;
     try {
-      files = fs24.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
+      files = fs25.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
     } catch {
       continue;
     }
     for (const file of files) {
-      const filePath = path26.join(projPath, file);
+      const filePath = path27.join(projPath, file);
       const lastOffset = index[filePath] ?? 0;
       let size;
       try {
-        size = fs24.statSync(filePath).size;
+        size = fs25.statSync(filePath).size;
       } catch {
         continue;
       }
       if (size <= lastOffset) continue;
       let fd;
       try {
-        fd = fs24.openSync(filePath, "r");
+        fd = fs25.openSync(filePath, "r");
       } catch {
         continue;
       }
       try {
         const chunkSize = size - lastOffset;
         const buf = Buffer.alloc(chunkSize);
-        fs24.readSync(fd, buf, 0, chunkSize, lastOffset);
+        fs25.readSync(fd, buf, 0, chunkSize, lastOffset);
         const chunk = buf.toString("utf-8");
         for (const line of chunk.split("\n")) {
           if (!line.trim()) continue;
@@ -14343,7 +14483,7 @@ function runDlpScan() {
             if (typeof text !== "string") continue;
             const match = scanText(text);
             if (!match) continue;
-            const projLabel = decodeURIComponent(proj).replace(os22.homedir(), "~").slice(0, 40);
+            const projLabel = decodeURIComponent(proj).replace(os23.homedir(), "~").slice(0, 40);
             const ts = entry.timestamp ?? (/* @__PURE__ */ new Date()).toISOString();
             appendAuditEntry({
               ts,
@@ -14368,7 +14508,7 @@ Run: node9 report --period 30d`
         updated = true;
       } finally {
         try {
-          fs24.closeSync(fd);
+          fs25.closeSync(fd);
         } catch {
         }
       }
@@ -14401,23 +14541,23 @@ var init_dlp_scanner = __esm({
     init_dlp();
     init_native();
     init_state2();
-    INDEX_FILE = path26.join(os22.homedir(), ".node9", "dlp-index.json");
-    PROJECTS_DIR2 = path26.join(os22.homedir(), ".claude", "projects");
+    INDEX_FILE = path27.join(os23.homedir(), ".node9", "dlp-index.json");
+    PROJECTS_DIR2 = path27.join(os23.homedir(), ".claude", "projects");
   }
 });
 
 // src/daemon/mcp-tools.ts
-import fs25 from "fs";
-import path27 from "path";
-import os23 from "os";
+import fs26 from "fs";
+import path28 from "path";
+import os24 from "os";
 function getMcpToolsFile() {
-  return path27.join(os23.homedir(), ".node9", "mcp-tools.json");
+  return path28.join(os24.homedir(), ".node9", "mcp-tools.json");
 }
 function readMcpToolsConfig() {
   try {
     const file = getMcpToolsFile();
-    if (!fs25.existsSync(file)) return {};
-    const raw = fs25.readFileSync(file, "utf-8");
+    if (!fs26.existsSync(file)) return {};
+    const raw = fs26.readFileSync(file, "utf-8");
     return JSON.parse(raw);
   } catch {
     return {};
@@ -14426,11 +14566,11 @@ function readMcpToolsConfig() {
 function writeMcpToolsConfig(config) {
   try {
     const file = getMcpToolsFile();
-    const dir = path27.dirname(file);
-    if (!fs25.existsSync(dir)) fs25.mkdirSync(dir, { recursive: true });
-    const tmpPath = `${file}.${os23.hostname()}.${process.pid}.tmp`;
-    fs25.writeFileSync(tmpPath, JSON.stringify(config, null, 2));
-    fs25.renameSync(tmpPath, file);
+    const dir = path28.dirname(file);
+    if (!fs26.existsSync(dir)) fs26.mkdirSync(dir, { recursive: true });
+    const tmpPath = `${file}.${os24.hostname()}.${process.pid}.tmp`;
+    fs26.writeFileSync(tmpPath, JSON.stringify(config, null, 2));
+    fs26.renameSync(tmpPath, file);
   } catch (e) {
     console.error("Failed to write mcp-tools.json", e);
   }
@@ -14477,9 +14617,9 @@ var init_mcp_tools = __esm({
 
 // src/daemon/server.ts
 import http from "http";
-import fs26 from "fs";
-import path28 from "path";
-import os24 from "os";
+import fs27 from "fs";
+import path29 from "path";
+import os25 from "os";
 import { randomUUID as randomUUID4 } from "crypto";
 import { spawnSync } from "child_process";
 import chalk6 from "chalk";
@@ -14487,6 +14627,7 @@ function startDaemon() {
   startCostSync();
   startCloudSync();
   startForensicBroadcast();
+  startAuditShipper();
   startDlpScanner();
   loadInsightCounts();
   const internalToken = randomUUID4();
@@ -14500,7 +14641,7 @@ function startDaemon() {
     idleTimer = setTimeout(() => {
       if (autoStarted) {
         try {
-          fs26.unlinkSync(DAEMON_PID_FILE);
+          fs27.unlinkSync(DAEMON_PID_FILE);
         } catch {
         }
       }
@@ -14645,7 +14786,7 @@ data: ${JSON.stringify(item.data)}
             mcpServer: entry.mcpServer
           });
         }
-        const projectCwd = typeof cwd === "string" && path28.isAbsolute(cwd) ? cwd : void 0;
+        const projectCwd = typeof cwd === "string" && path29.isAbsolute(cwd) ? cwd : void 0;
         const projectConfig = getConfig(projectCwd);
         const browserEnabled = projectConfig.settings.approvers?.browser !== false;
         const terminalEnabled = projectConfig.settings.approvers?.terminal !== false;
@@ -14937,8 +15078,8 @@ data: ${JSON.stringify(item.data)}
       if (!validToken(req)) return res.writeHead(403).end();
       const periodParam = reqUrl.searchParams.get("period") || "7d";
       const period = ["today", "7d", "30d", "month"].includes(periodParam) ? periodParam : "7d";
-      const logPath = path28.join(os24.homedir(), ".node9", "audit.log");
-      if (!fs26.existsSync(logPath)) {
+      const logPath = path29.join(os25.homedir(), ".node9", "audit.log");
+      if (!fs27.existsSync(logPath)) {
         res.writeHead(200, { "Content-Type": "application/json" });
         return res.end(
           JSON.stringify({
@@ -14951,7 +15092,7 @@ data: ${JSON.stringify(item.data)}
         );
       }
       try {
-        const raw = fs26.readFileSync(logPath, "utf-8");
+        const raw = fs27.readFileSync(logPath, "utf-8");
         const allEntries = raw.split("\n").flatMap((line) => {
           if (!line.trim()) return [];
           try {
@@ -15274,14 +15415,14 @@ data: ${JSON.stringify(item.data)}
   server.on("error", (e) => {
     if (e.code === "EADDRINUSE") {
       try {
-        if (fs26.existsSync(DAEMON_PID_FILE)) {
-          const { pid } = JSON.parse(fs26.readFileSync(DAEMON_PID_FILE, "utf-8"));
+        if (fs27.existsSync(DAEMON_PID_FILE)) {
+          const { pid } = JSON.parse(fs27.readFileSync(DAEMON_PID_FILE, "utf-8"));
           process.kill(pid, 0);
           return process.exit(0);
         }
       } catch {
         try {
-          fs26.unlinkSync(DAEMON_PID_FILE);
+          fs27.unlinkSync(DAEMON_PID_FILE);
         } catch {
         }
         server.listen(DAEMON_PORT, DAEMON_HOST);
@@ -15363,21 +15504,22 @@ var init_server = __esm({
     init_state();
     init_costSync();
     init_sync();
+    init_audit_shipper();
     init_dlp_scanner();
     init_mcp_tools();
   }
 });
 
 // src/daemon/service.ts
-import fs27 from "fs";
-import path29 from "path";
-import os25 from "os";
+import fs28 from "fs";
+import path30 from "path";
+import os26 from "os";
 import { spawnSync as spawnSync2, execFileSync } from "child_process";
 function resolveNode9Binary() {
   try {
     const script = process.argv[1];
-    if (typeof script === "string" && path29.isAbsolute(script) && fs27.existsSync(script)) {
-      return fs27.realpathSync(script);
+    if (typeof script === "string" && path30.isAbsolute(script) && fs28.existsSync(script)) {
+      return fs28.realpathSync(script);
     }
   } catch {
   }
@@ -15395,11 +15537,11 @@ function xmlEscape(s) {
   return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
 }
 function launchdPlist(binaryPath) {
-  const logDir = path29.join(os25.homedir(), ".node9");
+  const logDir = path30.join(os26.homedir(), ".node9");
   const nodePath = xmlEscape(process.execPath);
   const scriptPath = xmlEscape(binaryPath);
-  const outLog = xmlEscape(path29.join(logDir, "daemon.log"));
-  const errLog = xmlEscape(path29.join(logDir, "daemon-error.log"));
+  const outLog = xmlEscape(path30.join(logDir, "daemon.log"));
+  const errLog = xmlEscape(path30.join(logDir, "daemon-error.log"));
   return `<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
@@ -15432,9 +15574,9 @@ function launchdPlist(binaryPath) {
 `;
 }
 function installLaunchd(binaryPath) {
-  const dir = path29.dirname(LAUNCHD_PLIST);
-  if (!fs27.existsSync(dir)) fs27.mkdirSync(dir, { recursive: true });
-  fs27.writeFileSync(LAUNCHD_PLIST, launchdPlist(binaryPath), "utf-8");
+  const dir = path30.dirname(LAUNCHD_PLIST);
+  if (!fs28.existsSync(dir)) fs28.mkdirSync(dir, { recursive: true });
+  fs28.writeFileSync(LAUNCHD_PLIST, launchdPlist(binaryPath), "utf-8");
   spawnSync2("launchctl", ["unload", LAUNCHD_PLIST], { encoding: "utf8" });
   const r = spawnSync2("launchctl", ["load", "-w", LAUNCHD_PLIST], {
     encoding: "utf8",
@@ -15445,13 +15587,13 @@ function installLaunchd(binaryPath) {
   }
 }
 function uninstallLaunchd() {
-  if (fs27.existsSync(LAUNCHD_PLIST)) {
+  if (fs28.existsSync(LAUNCHD_PLIST)) {
     spawnSync2("launchctl", ["unload", "-w", LAUNCHD_PLIST], { encoding: "utf8", timeout: 5e3 });
-    fs27.unlinkSync(LAUNCHD_PLIST);
+    fs28.unlinkSync(LAUNCHD_PLIST);
   }
 }
 function isLaunchdInstalled() {
-  return fs27.existsSync(LAUNCHD_PLIST);
+  return fs28.existsSync(LAUNCHD_PLIST);
 }
 function systemdUnit(binaryPath) {
   return `[Unit]
@@ -15470,12 +15612,12 @@ WantedBy=default.target
 `;
 }
 function installSystemd(binaryPath) {
-  if (!fs27.existsSync(SYSTEMD_UNIT_DIR)) {
-    fs27.mkdirSync(SYSTEMD_UNIT_DIR, { recursive: true });
+  if (!fs28.existsSync(SYSTEMD_UNIT_DIR)) {
+    fs28.mkdirSync(SYSTEMD_UNIT_DIR, { recursive: true });
   }
-  fs27.writeFileSync(SYSTEMD_UNIT, systemdUnit(binaryPath), "utf-8");
+  fs28.writeFileSync(SYSTEMD_UNIT, systemdUnit(binaryPath), "utf-8");
   try {
-    execFileSync("loginctl", ["enable-linger", os25.userInfo().username], { timeout: 3e3 });
+    execFileSync("loginctl", ["enable-linger", os26.userInfo().username], { timeout: 3e3 });
   } catch {
   }
   const reload = spawnSync2("systemctl", ["--user", "daemon-reload"], {
@@ -15495,23 +15637,23 @@ function installSystemd(binaryPath) {
   }
 }
 function uninstallSystemd() {
-  if (fs27.existsSync(SYSTEMD_UNIT)) {
+  if (fs28.existsSync(SYSTEMD_UNIT)) {
     spawnSync2("systemctl", ["--user", "disable", "--now", "node9-daemon"], {
       encoding: "utf8",
       timeout: 5e3
     });
     spawnSync2("systemctl", ["--user", "daemon-reload"], { encoding: "utf8", timeout: 5e3 });
-    fs27.unlinkSync(SYSTEMD_UNIT);
+    fs28.unlinkSync(SYSTEMD_UNIT);
   }
 }
 function isSystemdInstalled() {
-  return fs27.existsSync(SYSTEMD_UNIT);
+  return fs28.existsSync(SYSTEMD_UNIT);
 }
 function stopRunningDaemon() {
-  const pidFile = path29.join(os25.homedir(), ".node9", "daemon.pid");
-  if (!fs27.existsSync(pidFile)) return;
+  const pidFile = path30.join(os26.homedir(), ".node9", "daemon.pid");
+  if (!fs28.existsSync(pidFile)) return;
   try {
-    const data = JSON.parse(fs27.readFileSync(pidFile, "utf-8"));
+    const data = JSON.parse(fs28.readFileSync(pidFile, "utf-8"));
     const pid = data.pid;
     const MAX_PID2 = 4194304;
     if (typeof pid === "number" && Number.isInteger(pid) && pid > 0 && pid <= MAX_PID2) {
@@ -15531,7 +15673,7 @@ function stopRunningDaemon() {
       }
     }
     try {
-      fs27.unlinkSync(pidFile);
+      fs28.unlinkSync(pidFile);
     } catch {
     }
   } catch {
@@ -15606,19 +15748,19 @@ var init_service = __esm({
   "src/daemon/service.ts"() {
     "use strict";
     LAUNCHD_LABEL = "ai.node9.daemon";
-    LAUNCHD_PLIST = path29.join(os25.homedir(), "Library", "LaunchAgents", `${LAUNCHD_LABEL}.plist`);
-    SYSTEMD_UNIT_DIR = path29.join(os25.homedir(), ".config", "systemd", "user");
-    SYSTEMD_UNIT = path29.join(SYSTEMD_UNIT_DIR, "node9-daemon.service");
+    LAUNCHD_PLIST = path30.join(os26.homedir(), "Library", "LaunchAgents", `${LAUNCHD_LABEL}.plist`);
+    SYSTEMD_UNIT_DIR = path30.join(os26.homedir(), ".config", "systemd", "user");
+    SYSTEMD_UNIT = path30.join(SYSTEMD_UNIT_DIR, "node9-daemon.service");
   }
 });
 
 // src/daemon/index.ts
-import fs28 from "fs";
+import fs29 from "fs";
 import chalk7 from "chalk";
 function stopDaemon() {
-  if (!fs28.existsSync(DAEMON_PID_FILE)) return console.log(chalk7.yellow("Not running."));
+  if (!fs29.existsSync(DAEMON_PID_FILE)) return console.log(chalk7.yellow("Not running."));
   try {
-    const data = JSON.parse(fs28.readFileSync(DAEMON_PID_FILE, "utf-8"));
+    const data = JSON.parse(fs29.readFileSync(DAEMON_PID_FILE, "utf-8"));
     const pid = data.pid;
     if (typeof pid !== "number" || !Number.isInteger(pid) || pid <= 0 || pid > MAX_PID) {
       console.log(chalk7.gray("Cleaned up invalid PID file."));
@@ -15630,7 +15772,7 @@ function stopDaemon() {
     console.log(chalk7.gray("Cleaned up stale PID file."));
   } finally {
     try {
-      fs28.unlinkSync(DAEMON_PID_FILE);
+      fs29.unlinkSync(DAEMON_PID_FILE);
     } catch {
     }
   }
@@ -15639,9 +15781,9 @@ function daemonStatus() {
   const serviceInstalled = isDaemonServiceInstalled();
   const serviceLabel = serviceInstalled ? chalk7.green("installed (starts on login)") : chalk7.yellow("not installed \u2014 run: node9 daemon install");
   let processStatus;
-  if (fs28.existsSync(DAEMON_PID_FILE)) {
+  if (fs29.existsSync(DAEMON_PID_FILE)) {
     try {
-      const data = JSON.parse(fs28.readFileSync(DAEMON_PID_FILE, "utf-8"));
+      const data = JSON.parse(fs29.readFileSync(DAEMON_PID_FILE, "utf-8"));
       const pid = data.pid;
       const port = data.port;
       if (typeof pid !== "number" || !Number.isInteger(pid) || pid <= 0 || pid > MAX_PID) {
@@ -15686,9 +15828,9 @@ __export(tail_exports, {
 });
 import http2 from "http";
 import chalk29 from "chalk";
-import fs46 from "fs";
-import os41 from "os";
-import path47 from "path";
+import fs47 from "fs";
+import os42 from "os";
+import path48 from "path";
 import readline6 from "readline";
 import { spawn as spawn8 } from "child_process";
 function shortenPathSummary(s) {
@@ -15712,20 +15854,20 @@ function getModelContextLimit(model) {
   return 2e5;
 }
 function readSessionUsage() {
-  const projectsDir = path47.join(os41.homedir(), ".claude", "projects");
-  if (!fs46.existsSync(projectsDir)) return null;
+  const projectsDir = path48.join(os42.homedir(), ".claude", "projects");
+  if (!fs47.existsSync(projectsDir)) return null;
   let latestFile = null;
   let latestMtime = 0;
   try {
-    for (const dir of fs46.readdirSync(projectsDir)) {
-      const dirPath = path47.join(projectsDir, dir);
+    for (const dir of fs47.readdirSync(projectsDir)) {
+      const dirPath = path48.join(projectsDir, dir);
       try {
-        if (!fs46.statSync(dirPath).isDirectory()) continue;
-        for (const file of fs46.readdirSync(dirPath)) {
+        if (!fs47.statSync(dirPath).isDirectory()) continue;
+        for (const file of fs47.readdirSync(dirPath)) {
           if (!file.endsWith(".jsonl") || file.startsWith("agent-")) continue;
-          const filePath = path47.join(dirPath, file);
+          const filePath = path48.join(dirPath, file);
           try {
-            const mtime = fs46.statSync(filePath).mtimeMs;
+            const mtime = fs47.statSync(filePath).mtimeMs;
             if (mtime > latestMtime) {
               latestMtime = mtime;
               latestFile = filePath;
@@ -15740,7 +15882,7 @@ function readSessionUsage() {
   }
   if (!latestFile) return null;
   try {
-    const lines = fs46.readFileSync(latestFile, "utf-8").split("\n");
+    const lines = fs47.readFileSync(latestFile, "utf-8").split("\n");
     let lastModel = "";
     let lastInput = 0;
     let lastOutput = 0;
@@ -15801,7 +15943,7 @@ function formatBase(activity) {
   const time = new Date(activity.ts).toLocaleTimeString([], { hour12: false });
   const icon = getIcon(activity.tool);
   const toolName = activity.tool.slice(0, 16).padEnd(16);
-  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ").replaceAll(os41.homedir(), "~");
+  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ").replaceAll(os42.homedir(), "~");
   const argsPreview = argsStr.length > 70 ? argsStr.slice(0, 70) + "\u2026" : argsStr;
   return `${chalk29.gray(time)} ${icon} ${agentLabel(activity.agent, activity.mcpServer, activity.sessionId)}${chalk29.white.bold(toolName)} ${chalk29.dim(argsPreview)}`;
 }
@@ -15840,9 +15982,9 @@ function renderPending(activity) {
 }
 async function ensureDaemon() {
   let pidPort = null;
-  if (fs46.existsSync(PID_FILE)) {
+  if (fs47.existsSync(PID_FILE)) {
     try {
-      const { port } = JSON.parse(fs46.readFileSync(PID_FILE, "utf-8"));
+      const { port } = JSON.parse(fs47.readFileSync(PID_FILE, "utf-8"));
       pidPort = port;
     } catch {
       console.error(chalk29.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
@@ -15998,9 +16140,9 @@ function buildRecoveryCardLines(req) {
   ];
 }
 function readApproversFromDisk() {
-  const configPath = path47.join(os41.homedir(), ".node9", "config.json");
+  const configPath = path48.join(os42.homedir(), ".node9", "config.json");
   try {
-    const raw = JSON.parse(fs46.readFileSync(configPath, "utf-8"));
+    const raw = JSON.parse(fs47.readFileSync(configPath, "utf-8"));
     const settings = raw.settings ?? {};
     return settings.approvers ?? {};
   } catch {
@@ -16016,15 +16158,15 @@ function approverStatusLine() {
   return `${fmt("native", "native")}  ${fmt("cloud", "cloud")}  ${fmt("terminal", "terminal")}`;
 }
 function toggleApprover(channel) {
-  const configPath = path47.join(os41.homedir(), ".node9", "config.json");
+  const configPath = path48.join(os42.homedir(), ".node9", "config.json");
   try {
-    const raw = JSON.parse(fs46.readFileSync(configPath, "utf-8"));
+    const raw = JSON.parse(fs47.readFileSync(configPath, "utf-8"));
     const settings = raw.settings ?? {};
     const approvers = settings.approvers ?? {};
     approvers[channel] = approvers[channel] === false;
     settings.approvers = approvers;
     raw.settings = settings;
-    fs46.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
+    fs47.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
   } catch (err2) {
     process.stderr.write(`[node9] toggleApprover failed: ${String(err2)}
 `);
@@ -16196,8 +16338,8 @@ async function startTail(options = {}) {
       }
       postDecisionHttp(req2.id, httpDecision, authToken, port, httpOpts).catch((err2) => {
         try {
-          fs46.appendFileSync(
-            path47.join(os41.homedir(), ".node9", "hook-debug.log"),
+          fs47.appendFileSync(
+            path48.join(os42.homedir(), ".node9", "hook-debug.log"),
             `[tail] POST /decision failed: ${String(err2)}
 `
           );
@@ -16261,9 +16403,9 @@ async function startTail(options = {}) {
     };
     process.stdin.on("keypress", onKeypress);
   }
-  const auditLog = path47.join(os41.homedir(), ".node9", "audit.log");
+  const auditLog = path48.join(os42.homedir(), ".node9", "audit.log");
   try {
-    const unackedDlp = fs46.readFileSync(auditLog, "utf-8").split("\n").filter((l) => l.includes('"response-dlp"')).length;
+    const unackedDlp = fs47.readFileSync(auditLog, "utf-8").split("\n").filter((l) => l.includes('"response-dlp"')).length;
     if (unackedDlp > 0) {
       console.log("");
       console.log(
@@ -16303,7 +16445,7 @@ async function startTail(options = {}) {
     if (stallWarned) return;
     if (Date.now() - lastActivityFromDaemon < STALL_THRESHOLD_MS) return;
     try {
-      const auditMtime = fs46.statSync(auditLog).mtimeMs;
+      const auditMtime = fs47.statSync(auditLog).mtimeMs;
       if (Date.now() - auditMtime >= STALL_THRESHOLD_MS) return;
       console.log("");
       console.log(
@@ -16494,7 +16636,7 @@ var init_tail = __esm({
     "use strict";
     init_daemon2();
     init_daemon();
-    PID_FILE = path47.join(os41.homedir(), ".node9", "daemon.pid");
+    PID_FILE = path48.join(os42.homedir(), ".node9", "daemon.pid");
     ICONS = {
       bash: "\u{1F4BB}",
       shell: "\u{1F4BB}",
@@ -16542,9 +16684,9 @@ __export(hud_exports, {
   main: () => main,
   renderEnvironmentLine: () => renderEnvironmentLine
 });
-import fs47 from "fs";
-import path48 from "path";
-import os42 from "os";
+import fs48 from "fs";
+import path49 from "path";
+import os43 from "os";
 import http3 from "http";
 async function readStdin() {
   const chunks = [];
@@ -16620,9 +16762,9 @@ function formatTimeLeft(resetsAt) {
   return ` (${m}m left)`;
 }
 function safeReadJson(filePath) {
-  if (!fs47.existsSync(filePath)) return null;
+  if (!fs48.existsSync(filePath)) return null;
   try {
-    return JSON.parse(fs47.readFileSync(filePath, "utf-8"));
+    return JSON.parse(fs48.readFileSync(filePath, "utf-8"));
   } catch {
     return null;
   }
@@ -16643,12 +16785,12 @@ function countHooksInFile(filePath) {
   return Object.keys(cfg.hooks).length;
 }
 function countRulesInDir(rulesDir) {
-  if (!fs47.existsSync(rulesDir)) return 0;
+  if (!fs48.existsSync(rulesDir)) return 0;
   let count = 0;
   try {
-    for (const entry of fs47.readdirSync(rulesDir, { withFileTypes: true })) {
+    for (const entry of fs48.readdirSync(rulesDir, { withFileTypes: true })) {
       if (entry.isDirectory()) {
-        count += countRulesInDir(path48.join(rulesDir, entry.name));
+        count += countRulesInDir(path49.join(rulesDir, entry.name));
       } else if (entry.isFile() && entry.name.endsWith(".md")) {
         count++;
       }
@@ -16659,46 +16801,46 @@ function countRulesInDir(rulesDir) {
 }
 function isSamePath(a, b) {
   try {
-    return path48.resolve(a) === path48.resolve(b);
+    return path49.resolve(a) === path49.resolve(b);
   } catch {
     return false;
   }
 }
 function countConfigs(cwd) {
-  const homeDir2 = os42.homedir();
-  const claudeDir = path48.join(homeDir2, ".claude");
+  const homeDir2 = os43.homedir();
+  const claudeDir = path49.join(homeDir2, ".claude");
   let claudeMdCount = 0;
   let rulesCount = 0;
   let hooksCount = 0;
   const userMcpServers = /* @__PURE__ */ new Set();
   const projectMcpServers = /* @__PURE__ */ new Set();
-  if (fs47.existsSync(path48.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
-  rulesCount += countRulesInDir(path48.join(claudeDir, "rules"));
-  const userSettings = path48.join(claudeDir, "settings.json");
+  if (fs48.existsSync(path49.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
+  rulesCount += countRulesInDir(path49.join(claudeDir, "rules"));
+  const userSettings = path49.join(claudeDir, "settings.json");
   for (const name of getMcpServerNames(userSettings)) userMcpServers.add(name);
   hooksCount += countHooksInFile(userSettings);
-  const userClaudeJson = path48.join(homeDir2, ".claude.json");
+  const userClaudeJson = path49.join(homeDir2, ".claude.json");
   for (const name of getMcpServerNames(userClaudeJson)) userMcpServers.add(name);
   for (const name of getDisabledMcpServers(userClaudeJson, "disabledMcpServers")) {
     userMcpServers.delete(name);
   }
   if (cwd) {
-    if (fs47.existsSync(path48.join(cwd, "CLAUDE.md"))) claudeMdCount++;
-    if (fs47.existsSync(path48.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
-    const projectClaudeDir = path48.join(cwd, ".claude");
+    if (fs48.existsSync(path49.join(cwd, "CLAUDE.md"))) claudeMdCount++;
+    if (fs48.existsSync(path49.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
+    const projectClaudeDir = path49.join(cwd, ".claude");
     const overlapsUserScope = isSamePath(projectClaudeDir, claudeDir);
     if (!overlapsUserScope) {
-      if (fs47.existsSync(path48.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
-      rulesCount += countRulesInDir(path48.join(projectClaudeDir, "rules"));
-      const projSettings = path48.join(projectClaudeDir, "settings.json");
+      if (fs48.existsSync(path49.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
+      rulesCount += countRulesInDir(path49.join(projectClaudeDir, "rules"));
+      const projSettings = path49.join(projectClaudeDir, "settings.json");
       for (const name of getMcpServerNames(projSettings)) projectMcpServers.add(name);
       hooksCount += countHooksInFile(projSettings);
     }
-    if (fs47.existsSync(path48.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
-    const localSettings = path48.join(projectClaudeDir, "settings.local.json");
+    if (fs48.existsSync(path49.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
+    const localSettings = path49.join(projectClaudeDir, "settings.local.json");
     for (const name of getMcpServerNames(localSettings)) projectMcpServers.add(name);
     hooksCount += countHooksInFile(localSettings);
-    const mcpJsonServers = getMcpServerNames(path48.join(cwd, ".mcp.json"));
+    const mcpJsonServers = getMcpServerNames(path49.join(cwd, ".mcp.json"));
     const disabledMcpJson = getDisabledMcpServers(localSettings, "disabledMcpjsonServers");
     for (const name of disabledMcpJson) mcpJsonServers.delete(name);
     for (const name of mcpJsonServers) projectMcpServers.add(name);
@@ -16731,12 +16873,12 @@ function readActiveShieldsHud() {
     return shieldsCache.value;
   }
   try {
-    const shieldsPath = path48.join(os42.homedir(), ".node9", "shields.json");
-    if (!fs47.existsSync(shieldsPath)) {
+    const shieldsPath = path49.join(os43.homedir(), ".node9", "shields.json");
+    if (!fs48.existsSync(shieldsPath)) {
       shieldsCache = { value: [], ts: now };
       return [];
     }
-    const parsed = JSON.parse(fs47.readFileSync(shieldsPath, "utf-8"));
+    const parsed = JSON.parse(fs48.readFileSync(shieldsPath, "utf-8"));
     if (!Array.isArray(parsed.active)) {
       shieldsCache = { value: [], ts: now };
       return [];
@@ -16838,17 +16980,17 @@ function renderContextLine(stdin) {
 async function main() {
   try {
     const [stdin, daemonStatus2] = await Promise.all([readStdin(), queryDaemon()]);
-    if (fs47.existsSync(path48.join(os42.homedir(), ".node9", "hud-debug"))) {
+    if (fs48.existsSync(path49.join(os43.homedir(), ".node9", "hud-debug"))) {
       try {
-        const logPath = path48.join(os42.homedir(), ".node9", "hud-debug.log");
+        const logPath = path49.join(os43.homedir(), ".node9", "hud-debug.log");
         const MAX_LOG_SIZE = 10 * 1024 * 1024;
         let size = 0;
         try {
-          size = fs47.statSync(logPath).size;
+          size = fs48.statSync(logPath).size;
         } catch {
         }
         if (size < MAX_LOG_SIZE) {
-          fs47.appendFileSync(
+          fs48.appendFileSync(
             logPath,
             JSON.stringify({ ts: (/* @__PURE__ */ new Date()).toISOString(), stdin }) + "\n"
           );
@@ -16869,11 +17011,11 @@ async function main() {
       try {
         const cwd = stdin.cwd ?? process.cwd();
         for (const configPath of [
-          path48.join(cwd, "node9.config.json"),
-          path48.join(os42.homedir(), ".node9", "config.json")
+          path49.join(cwd, "node9.config.json"),
+          path49.join(os43.homedir(), ".node9", "config.json")
         ]) {
-          if (!fs47.existsSync(configPath)) continue;
-          const cfg = JSON.parse(fs47.readFileSync(configPath, "utf-8"));
+          if (!fs48.existsSync(configPath)) continue;
+          const cfg = JSON.parse(fs48.readFileSync(configPath, "utf-8"));
           const hud = cfg.settings?.hud;
           if (hud && "showEnvironmentCounts" in hud) return hud.showEnvironmentCounts !== false;
         }
@@ -16920,9 +17062,9 @@ init_setup();
 init_daemon2();
 import { Command } from "commander";
 import chalk30 from "chalk";
-import fs48 from "fs";
-import path49 from "path";
-import os43 from "os";
+import fs49 from "fs";
+import path50 from "path";
+import os44 from "os";
 import { confirm as confirm2 } from "@inquirer/prompts";
 
 // src/utils/duration.ts
@@ -17105,17 +17247,17 @@ async function runProxy(targetCommand) {
 // src/cli/daemon-starter.ts
 init_daemon();
 import { spawn as spawn3 } from "child_process";
-import path30 from "path";
-import fs29 from "fs";
+import path31 from "path";
+import fs30 from "fs";
 function isTestingMode() {
   return /^(1|true|yes)$/i.test(process.env.NODE9_TESTING ?? "");
 }
 async function autoStartDaemonAndWait() {
   if (isTestingMode()) return false;
-  if (!path30.isAbsolute(process.argv[1])) return false;
+  if (!path31.isAbsolute(process.argv[1])) return false;
   let resolvedArgv1;
   try {
-    resolvedArgv1 = fs29.realpathSync(process.argv[1]);
+    resolvedArgv1 = fs30.realpathSync(process.argv[1]);
   } catch {
     return false;
   }
@@ -17146,19 +17288,19 @@ init_daemon();
 init_config();
 init_policy();
 import chalk9 from "chalk";
-import fs32 from "fs";
+import fs33 from "fs";
 import { spawn as spawn5 } from "child_process";
-import path33 from "path";
-import os28 from "os";
+import path34 from "path";
+import os29 from "os";
 
 // src/undo.ts
 import { spawnSync as spawnSync3, spawn as spawn4 } from "child_process";
-import crypto4 from "crypto";
-import fs30 from "fs";
+import crypto6 from "crypto";
+import fs31 from "fs";
 import net3 from "net";
-import path31 from "path";
-import os26 from "os";
-var ACTIVITY_SOCKET_PATH3 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path31.join(os26.tmpdir(), "node9-activity.sock");
+import path32 from "path";
+import os27 from "os";
+var ACTIVITY_SOCKET_PATH3 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path32.join(os27.tmpdir(), "node9-activity.sock");
 function notifySnapshotTaken(hash, tool, argsSummary, fileCount) {
   try {
     const payload = JSON.stringify({
@@ -17178,22 +17320,22 @@ function notifySnapshotTaken(hash, tool, argsSummary, fileCount) {
   } catch {
   }
 }
-var SNAPSHOT_STACK_PATH = path31.join(os26.homedir(), ".node9", "snapshots.json");
-var UNDO_LATEST_PATH = path31.join(os26.homedir(), ".node9", "undo_latest.txt");
+var SNAPSHOT_STACK_PATH = path32.join(os27.homedir(), ".node9", "snapshots.json");
+var UNDO_LATEST_PATH = path32.join(os27.homedir(), ".node9", "undo_latest.txt");
 var MAX_SNAPSHOTS = 10;
 var GIT_TIMEOUT = 15e3;
 function readStack() {
   try {
-    if (fs30.existsSync(SNAPSHOT_STACK_PATH))
-      return JSON.parse(fs30.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
+    if (fs31.existsSync(SNAPSHOT_STACK_PATH))
+      return JSON.parse(fs31.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
   } catch {
   }
   return [];
 }
 function writeStack(stack) {
-  const dir = path31.dirname(SNAPSHOT_STACK_PATH);
-  if (!fs30.existsSync(dir)) fs30.mkdirSync(dir, { recursive: true });
-  fs30.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
+  const dir = path32.dirname(SNAPSHOT_STACK_PATH);
+  if (!fs31.existsSync(dir)) fs31.mkdirSync(dir, { recursive: true });
+  fs31.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
 }
 function extractFilePath(args) {
   if (!args || typeof args !== "object") return null;
@@ -17213,12 +17355,12 @@ function buildArgsSummary(tool, args) {
   return "";
 }
 function findProjectRoot(filePath) {
-  let dir = path31.dirname(filePath);
+  let dir = path32.dirname(filePath);
   while (true) {
-    if (fs30.existsSync(path31.join(dir, ".git")) || fs30.existsSync(path31.join(dir, "package.json"))) {
+    if (fs31.existsSync(path32.join(dir, ".git")) || fs31.existsSync(path32.join(dir, "package.json"))) {
       return dir;
     }
-    const parent = path31.dirname(dir);
+    const parent = path32.dirname(dir);
     if (parent === dir) return process.cwd();
     dir = parent;
   }
@@ -17226,7 +17368,7 @@ function findProjectRoot(filePath) {
 function normalizeCwdForHash(cwd) {
   let normalized;
   try {
-    normalized = fs30.realpathSync(cwd);
+    normalized = fs31.realpathSync(cwd);
   } catch {
     normalized = cwd;
   }
@@ -17235,17 +17377,17 @@ function normalizeCwdForHash(cwd) {
   return normalized;
 }
 function getShadowRepoDir(cwd) {
-  const hash = crypto4.createHash("sha256").update(normalizeCwdForHash(cwd)).digest("hex").slice(0, 16);
-  return path31.join(os26.homedir(), ".node9", "snapshots", hash);
+  const hash = crypto6.createHash("sha256").update(normalizeCwdForHash(cwd)).digest("hex").slice(0, 16);
+  return path32.join(os27.homedir(), ".node9", "snapshots", hash);
 }
 function cleanOrphanedIndexFiles(shadowDir) {
   try {
     const cutoff = Date.now() - 6e4;
-    for (const f of fs30.readdirSync(shadowDir)) {
+    for (const f of fs31.readdirSync(shadowDir)) {
       if (f.startsWith("index_")) {
-        const fp = path31.join(shadowDir, f);
+        const fp = path32.join(shadowDir, f);
         try {
-          if (fs30.statSync(fp).mtimeMs < cutoff) fs30.unlinkSync(fp);
+          if (fs31.statSync(fp).mtimeMs < cutoff) fs31.unlinkSync(fp);
         } catch {
         }
       }
@@ -17257,7 +17399,7 @@ function writeShadowExcludes(shadowDir, ignorePaths) {
   const hardcoded = [".git", ".node9"];
   const lines = [...hardcoded, ...ignorePaths].join("\n");
   try {
-    fs30.writeFileSync(path31.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
+    fs31.writeFileSync(path32.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
   } catch {
   }
 }
@@ -17270,25 +17412,25 @@ function ensureShadowRepo(shadowDir, cwd) {
     timeout: 3e3
   });
   if (check.status === 0) {
-    const ptPath = path31.join(shadowDir, "project-path.txt");
+    const ptPath = path32.join(shadowDir, "project-path.txt");
     try {
-      const stored = fs30.readFileSync(ptPath, "utf8").trim();
+      const stored = fs31.readFileSync(ptPath, "utf8").trim();
       if (stored === normalizedCwd) return true;
       if (process.env.NODE9_DEBUG === "1")
         console.error(
           `[Node9] Shadow repo path mismatch: stored="${stored}" expected="${normalizedCwd}" \u2014 reinitializing`
         );
-      fs30.rmSync(shadowDir, { recursive: true, force: true });
+      fs31.rmSync(shadowDir, { recursive: true, force: true });
     } catch {
       try {
-        fs30.writeFileSync(ptPath, normalizedCwd, "utf8");
+        fs31.writeFileSync(ptPath, normalizedCwd, "utf8");
       } catch {
       }
       return true;
     }
   }
   try {
-    fs30.mkdirSync(shadowDir, { recursive: true });
+    fs31.mkdirSync(shadowDir, { recursive: true });
   } catch {
   }
   const init = spawnSync3("git", ["init", "--bare", shadowDir], { timeout: 5e3 });
@@ -17297,7 +17439,7 @@ function ensureShadowRepo(shadowDir, cwd) {
     if (process.env.NODE9_DEBUG === "1") console.error("[Node9] git init --bare failed:", reason);
     return false;
   }
-  const configFile = path31.join(shadowDir, "config");
+  const configFile = path32.join(shadowDir, "config");
   spawnSync3("git", ["config", "--file", configFile, "core.untrackedCache", "true"], {
     timeout: 3e3
   });
@@ -17305,7 +17447,7 @@ function ensureShadowRepo(shadowDir, cwd) {
     timeout: 3e3
   });
   try {
-    fs30.writeFileSync(path31.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
+    fs31.writeFileSync(path32.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
   } catch {
   }
   return true;
@@ -17328,12 +17470,12 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
   let indexFile = null;
   try {
     const rawFilePath = extractFilePath(args);
-    const absFilePath = rawFilePath && path31.isAbsolute(rawFilePath) ? rawFilePath : null;
+    const absFilePath = rawFilePath && path32.isAbsolute(rawFilePath) ? rawFilePath : null;
     const cwd = absFilePath ? findProjectRoot(absFilePath) : process.cwd();
     const shadowDir = getShadowRepoDir(cwd);
     if (!ensureShadowRepo(shadowDir, cwd)) return null;
     writeShadowExcludes(shadowDir, ignorePaths);
-    indexFile = path31.join(shadowDir, `index_${process.pid}_${Date.now()}`);
+    indexFile = path32.join(shadowDir, `index_${process.pid}_${Date.now()}`);
     const shadowEnv = {
       ...process.env,
       GIT_DIR: shadowDir,
@@ -17405,7 +17547,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
     writeStack(stack);
     const entry = stack[stack.length - 1];
     notifySnapshotTaken(commitHash.slice(0, 7), tool, entry.argsSummary, capturedFiles.length);
-    fs30.writeFileSync(UNDO_LATEST_PATH, commitHash);
+    fs31.writeFileSync(UNDO_LATEST_PATH, commitHash);
     if (shouldGc) {
       spawn4("git", ["gc", "--auto"], { env: shadowEnv, detached: true, stdio: "ignore" }).unref();
     }
@@ -17416,7 +17558,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
   } finally {
     if (indexFile) {
       try {
-        fs30.unlinkSync(indexFile);
+        fs31.unlinkSync(indexFile);
       } catch {
       }
     }
@@ -17492,9 +17634,9 @@ function applyUndo(hash, cwd) {
       timeout: GIT_TIMEOUT
     }).stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
     for (const file of [...tracked, ...untracked]) {
-      const fullPath = path31.join(dir, file);
-      if (!snapshotFiles.has(file) && fs30.existsSync(fullPath)) {
-        fs30.unlinkSync(fullPath);
+      const fullPath = path32.join(dir, file);
+      if (!snapshotFiles.has(file) && fs31.existsSync(fullPath)) {
+        fs31.unlinkSync(fullPath);
       }
     }
     return true;
@@ -17504,17 +17646,17 @@ function applyUndo(hash, cwd) {
 }
 
 // src/skill-pin.ts
-import fs31 from "fs";
-import path32 from "path";
-import os27 from "os";
-import crypto5 from "crypto";
+import fs32 from "fs";
+import path33 from "path";
+import os28 from "os";
+import crypto7 from "crypto";
 function getPinsFilePath2() {
-  return path32.join(os27.homedir(), ".node9", "skill-pins.json");
+  return path33.join(os28.homedir(), ".node9", "skill-pins.json");
 }
 var MAX_FILES = 5e3;
 var MAX_TOTAL_BYTES = 50 * 1024 * 1024;
 function sha256Bytes(buf) {
-  return crypto5.createHash("sha256").update(buf).digest("hex");
+  return crypto7.createHash("sha256").update(buf).digest("hex");
 }
 function walkDir(root) {
   const out = [];
@@ -17523,18 +17665,18 @@ function walkDir(root) {
     if (out.length >= MAX_FILES) return;
     let entries;
     try {
-      entries = fs31.readdirSync(dir, { withFileTypes: true });
+      entries = fs32.readdirSync(dir, { withFileTypes: true });
     } catch {
       return;
     }
     entries.sort((a, b) => a.name.localeCompare(b.name));
     for (const entry of entries) {
       if (out.length >= MAX_FILES) return;
-      const full = path32.join(dir, entry.name);
-      const rel = relDir ? path32.posix.join(relDir, entry.name) : entry.name;
+      const full = path33.join(dir, entry.name);
+      const rel = relDir ? path33.posix.join(relDir, entry.name) : entry.name;
       let lst;
       try {
-        lst = fs31.lstatSync(full);
+        lst = fs32.lstatSync(full);
       } catch {
         continue;
       }
@@ -17546,7 +17688,7 @@ function walkDir(root) {
       if (!lst.isFile()) continue;
       if (totalBytes + lst.size > MAX_TOTAL_BYTES) continue;
       try {
-        const buf = fs31.readFileSync(full);
+        const buf = fs32.readFileSync(full);
         totalBytes += buf.length;
         out.push({ rel, hash: sha256Bytes(buf) });
       } catch {
@@ -17560,32 +17702,32 @@ function walkDir(root) {
 function hashSkillRoot(absPath) {
   let lst;
   try {
-    lst = fs31.lstatSync(absPath);
+    lst = fs32.lstatSync(absPath);
   } catch {
     return { exists: false, contentHash: "", fileCount: 0 };
   }
   if (lst.isSymbolicLink()) return { exists: false, contentHash: "", fileCount: 0 };
   if (lst.isFile()) {
     try {
-      return { exists: true, contentHash: sha256Bytes(fs31.readFileSync(absPath)), fileCount: 1 };
+      return { exists: true, contentHash: sha256Bytes(fs32.readFileSync(absPath)), fileCount: 1 };
     } catch {
       return { exists: false, contentHash: "", fileCount: 0 };
     }
   }
   if (lst.isDirectory()) {
     const entries = walkDir(absPath);
-    const contentHash = crypto5.createHash("sha256").update(entries.join("\n")).digest("hex");
+    const contentHash = crypto7.createHash("sha256").update(entries.join("\n")).digest("hex");
     return { exists: true, contentHash, fileCount: entries.length };
   }
   return { exists: false, contentHash: "", fileCount: 0 };
 }
 function getRootKey(absPath) {
-  return crypto5.createHash("sha256").update(absPath).digest("hex").slice(0, 16);
+  return crypto7.createHash("sha256").update(absPath).digest("hex").slice(0, 16);
 }
 function readSkillPinsSafe() {
   const filePath = getPinsFilePath2();
   try {
-    const raw = fs31.readFileSync(filePath, "utf-8");
+    const raw = fs32.readFileSync(filePath, "utf-8");
     if (!raw.trim()) return { ok: false, reason: "corrupt", detail: "empty file" };
     const parsed = JSON.parse(raw);
     if (!parsed.roots || typeof parsed.roots !== "object" || Array.isArray(parsed.roots)) {
@@ -17605,10 +17747,10 @@ function readSkillPins() {
 }
 function writeSkillPins(data) {
   const filePath = getPinsFilePath2();
-  fs31.mkdirSync(path32.dirname(filePath), { recursive: true });
-  const tmp = `${filePath}.${crypto5.randomBytes(6).toString("hex")}.tmp`;
-  fs31.writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 384 });
-  fs31.renameSync(tmp, filePath);
+  fs32.mkdirSync(path33.dirname(filePath), { recursive: true });
+  const tmp = `${filePath}.${crypto7.randomBytes(6).toString("hex")}.tmp`;
+  fs32.writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 384 });
+  fs32.renameSync(tmp, filePath);
 }
 function removePin2(rootKey) {
   const pins = readSkillPins();
@@ -17652,36 +17794,36 @@ function verifyAndPinRoots(roots) {
   return { kind: "verified" };
 }
 function defaultSkillRoots(_cwd) {
-  const marketplaces = path32.join(os27.homedir(), ".claude", "plugins", "marketplaces");
+  const marketplaces = path33.join(os28.homedir(), ".claude", "plugins", "marketplaces");
   const roots = [];
   let registries;
   try {
-    registries = fs31.readdirSync(marketplaces, { withFileTypes: true });
+    registries = fs32.readdirSync(marketplaces, { withFileTypes: true });
   } catch {
     return [];
   }
   for (const registry of registries) {
     if (!registry.isDirectory()) continue;
-    const pluginsDir = path32.join(marketplaces, registry.name, "plugins");
+    const pluginsDir = path33.join(marketplaces, registry.name, "plugins");
     let plugins;
     try {
-      plugins = fs31.readdirSync(pluginsDir, { withFileTypes: true });
+      plugins = fs32.readdirSync(pluginsDir, { withFileTypes: true });
     } catch {
       continue;
     }
     for (const plugin of plugins) {
       if (!plugin.isDirectory()) continue;
-      roots.push(path32.join(pluginsDir, plugin.name));
+      roots.push(path33.join(pluginsDir, plugin.name));
     }
   }
   return roots;
 }
 function resolveUserSkillRoot(entry, cwd) {
   if (!entry) return null;
-  if (entry.startsWith("~/") || entry === "~") return path32.join(os27.homedir(), entry.slice(1));
-  if (path32.isAbsolute(entry)) return entry;
-  if (!cwd || !path32.isAbsolute(cwd)) return null;
-  return path32.join(cwd, entry);
+  if (entry.startsWith("~/") || entry === "~") return path33.join(os28.homedir(), entry.slice(1));
+  if (path33.isAbsolute(entry)) return entry;
+  if (!cwd || !path33.isAbsolute(cwd)) return null;
+  return path33.join(cwd, entry);
 }
 
 // src/cli/commands/check.ts
@@ -17750,9 +17892,9 @@ function registerCheckCommand(program2) {
         } catch (err2) {
           const tempConfig = getConfig();
           if (process.env.NODE9_DEBUG === "1" || tempConfig.settings.enableHookLogDebug) {
-            const logPath = path33.join(os28.homedir(), ".node9", "hook-debug.log");
+            const logPath = path34.join(os29.homedir(), ".node9", "hook-debug.log");
             const errMsg = err2 instanceof Error ? err2.message : String(err2);
-            fs32.appendFileSync(
+            fs33.appendFileSync(
               logPath,
               `[${(/* @__PURE__ */ new Date()).toISOString()}] JSON_PARSE_ERROR: ${errMsg}
 RAW: ${raw}
@@ -17765,14 +17907,14 @@ RAW: ${raw}
           const prompt = typeof payload.prompt === "string" ? payload.prompt : "";
           if (process.env.NODE9_DEBUG === "1") {
             try {
-              const logPath = path33.join(os28.homedir(), ".node9", "hook-debug.log");
-              if (!fs32.existsSync(path33.dirname(logPath)))
-                fs32.mkdirSync(path33.dirname(logPath), { recursive: true });
+              const logPath = path34.join(os29.homedir(), ".node9", "hook-debug.log");
+              if (!fs33.existsSync(path34.dirname(logPath)))
+                fs33.mkdirSync(path34.dirname(logPath), { recursive: true });
               const sanitized = JSON.stringify({
                 ...payload,
                 prompt: `<redacted, ${prompt.length} bytes>`
               });
-              fs32.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${sanitized}
+              fs33.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${sanitized}
 `);
             } catch {
             }
@@ -17792,8 +17934,8 @@ RAW: ${raw}
           );
           const reason = `\u{1F6A8} Node9 DLP: ${dlpMatch.patternName} detected in prompt (${dlpMatch.redactedSample}). Prompt was not submitted \u2014 remove the credential and try again.`;
           try {
-            const ttyFd = fs32.openSync("/dev/tty", "w");
-            fs32.writeSync(
+            const ttyFd = fs33.openSync("/dev/tty", "w");
+            fs33.writeSync(
               ttyFd,
               chalk9.bgRed.white.bold(`
  \u{1F6A8} NODE9 DLP \u2014 PROMPT BLOCKED 
@@ -17803,7 +17945,7 @@ RAW: ${raw}
 
 `)
             );
-            fs32.closeSync(ttyFd);
+            fs33.closeSync(ttyFd);
           } catch {
           }
           const isCodex = agent2 === "Codex";
@@ -17822,16 +17964,16 @@ RAW: ${raw}
           process.exit(2);
         }
         const payloadCwd = typeof payload.cwd === "string" ? payload.cwd : Array.isArray(payload.workspacePaths) && typeof payload.workspacePaths[0] === "string" ? payload.workspacePaths[0] : void 0;
-        const safeCwdForConfig = typeof payloadCwd === "string" && path33.isAbsolute(payloadCwd) ? payloadCwd : void 0;
+        const safeCwdForConfig = typeof payloadCwd === "string" && path34.isAbsolute(payloadCwd) ? payloadCwd : void 0;
         const config = getConfig(safeCwdForConfig);
         if (config.settings.autoStartDaemon && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON) {
           try {
             const scriptPath = process.argv[1];
-            if (typeof scriptPath !== "string" || !path33.isAbsolute(scriptPath))
+            if (typeof scriptPath !== "string" || !path34.isAbsolute(scriptPath))
               throw new Error("node9: argv[1] is not an absolute path");
-            const resolvedScript = fs32.realpathSync(scriptPath);
-            const packageDist = fs32.realpathSync(path33.resolve(__dirname, "../.."));
-            if (!resolvedScript.startsWith(packageDist + path33.sep) && resolvedScript !== packageDist)
+            const resolvedScript = fs33.realpathSync(scriptPath);
+            const packageDist = fs33.realpathSync(path34.resolve(__dirname, "../.."));
+            if (!resolvedScript.startsWith(packageDist + path34.sep) && resolvedScript !== packageDist)
               throw new Error(
                 `node9: daemon spawn aborted \u2014 argv[1] (${resolvedScript}) is outside package dist (${packageDist})`
               );
@@ -17853,10 +17995,10 @@ RAW: ${raw}
             });
             d.unref();
           } catch (spawnErr) {
-            const logPath = path33.join(os28.homedir(), ".node9", "hook-debug.log");
+            const logPath = path34.join(os29.homedir(), ".node9", "hook-debug.log");
             const msg = spawnErr instanceof Error ? spawnErr.message : String(spawnErr);
             try {
-              fs32.appendFileSync(
+              fs33.appendFileSync(
                 logPath,
                 `[${(/* @__PURE__ */ new Date()).toISOString()}] daemon-autostart-failed: ${msg}
 `
@@ -17866,10 +18008,10 @@ RAW: ${raw}
           }
         }
         if (process.env.NODE9_DEBUG === "1" || config.settings.enableHookLogDebug) {
-          const logPath = path33.join(os28.homedir(), ".node9", "hook-debug.log");
-          if (!fs32.existsSync(path33.dirname(logPath)))
-            fs32.mkdirSync(path33.dirname(logPath), { recursive: true });
-          fs32.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
+          const logPath = path34.join(os29.homedir(), ".node9", "hook-debug.log");
+          if (!fs33.existsSync(path34.dirname(logPath)))
+            fs33.mkdirSync(path34.dirname(logPath), { recursive: true });
+          fs33.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
 `);
         }
         const rawToolName = sanitize2(extractToolName(payload));
@@ -17883,8 +18025,8 @@ RAW: ${raw}
           const isHumanDecision = blockedByContext.toLowerCase().includes("user") || blockedByContext.toLowerCase().includes("daemon") || blockedByContext.toLowerCase().includes("decision");
           let ttyFd = null;
           try {
-            ttyFd = fs32.openSync("/dev/tty", "w");
-            const writeTty = (line) => fs32.writeSync(ttyFd, line + "\n");
+            ttyFd = fs33.openSync("/dev/tty", "w");
+            const writeTty = (line) => fs33.writeSync(ttyFd, line + "\n");
             if (blockedByContext.includes("DLP") || blockedByContext.includes("Secret Detected") || blockedByContext.includes("Credential Review")) {
               writeTty(chalk9.bgRed.white.bold(`
  \u{1F6A8} NODE9 DLP ALERT \u2014 CREDENTIAL DETECTED `));
@@ -17903,7 +18045,7 @@ RAW: ${raw}
           } finally {
             if (ttyFd !== null)
               try {
-                fs32.closeSync(ttyFd);
+                fs33.closeSync(ttyFd);
               } catch {
               }
           }
@@ -17954,17 +18096,17 @@ RAW: ${raw}
         const safeSessionId = /^[A-Za-z0-9_\-]{1,128}$/.test(rawSessionId) ? rawSessionId : "";
         if (skillPinCfg.enabled && safeSessionId) {
           try {
-            const sessionsDir = path33.join(os28.homedir(), ".node9", "skill-sessions");
-            const flagPath = path33.join(sessionsDir, `${safeSessionId}.json`);
+            const sessionsDir = path34.join(os29.homedir(), ".node9", "skill-sessions");
+            const flagPath = path34.join(sessionsDir, `${safeSessionId}.json`);
             let flag = null;
             try {
-              flag = JSON.parse(fs32.readFileSync(flagPath, "utf-8"));
+              flag = JSON.parse(fs33.readFileSync(flagPath, "utf-8"));
             } catch {
             }
             const writeFlag = (data2) => {
               try {
-                fs32.mkdirSync(sessionsDir, { recursive: true });
-                fs32.writeFileSync(
+                fs33.mkdirSync(sessionsDir, { recursive: true });
+                fs33.writeFileSync(
                   flagPath,
                   JSON.stringify({ ...data2, timestamp: (/* @__PURE__ */ new Date()).toISOString() }, null, 2),
                   { mode: 384 }
@@ -17975,8 +18117,8 @@ RAW: ${raw}
             const sendSkillWarn = (detail, recoveryCmd) => {
               let ttyFd = null;
               try {
-                ttyFd = fs32.openSync("/dev/tty", "w");
-                const w = (line) => fs32.writeSync(ttyFd, line + "\n");
+                ttyFd = fs33.openSync("/dev/tty", "w");
+                const w = (line) => fs33.writeSync(ttyFd, line + "\n");
                 w(chalk9.yellow(`
 \u26A0\uFE0F  Node9: installed skill drift detected`));
                 w(chalk9.gray(`   ${detail}`));
@@ -17991,7 +18133,7 @@ RAW: ${raw}
               } finally {
                 if (ttyFd !== null)
                   try {
-                    fs32.closeSync(ttyFd);
+                    fs33.closeSync(ttyFd);
                   } catch {
                   }
               }
@@ -18007,7 +18149,7 @@ RAW: ${raw}
               return;
             }
             if (!flag || flag.state !== "verified" && flag.state !== "warned") {
-              const absoluteCwd = typeof payloadCwd === "string" && path33.isAbsolute(payloadCwd) ? payloadCwd : void 0;
+              const absoluteCwd = typeof payloadCwd === "string" && path34.isAbsolute(payloadCwd) ? payloadCwd : void 0;
               const extraRoots = skillPinCfg.roots;
               const resolvedExtra = extraRoots.map((r) => resolveUserSkillRoot(r, absoluteCwd)).filter((r) => typeof r === "string");
               const roots = [...defaultSkillRoots(absoluteCwd), ...resolvedExtra];
@@ -18048,10 +18190,10 @@ RAW: ${raw}
               }
               try {
                 const cutoff = Date.now() - 7 * 24 * 60 * 60 * 1e3;
-                for (const name of fs32.readdirSync(sessionsDir)) {
-                  const p = path33.join(sessionsDir, name);
+                for (const name of fs33.readdirSync(sessionsDir)) {
+                  const p = path34.join(sessionsDir, name);
                   try {
-                    if (fs32.statSync(p).mtimeMs < cutoff) fs32.unlinkSync(p);
+                    if (fs33.statSync(p).mtimeMs < cutoff) fs33.unlinkSync(p);
                   } catch {
                   }
                 }
@@ -18061,9 +18203,9 @@ RAW: ${raw}
           } catch (err2) {
             if (process.env.NODE9_DEBUG === "1") {
               try {
-                const dbg = path33.join(os28.homedir(), ".node9", "hook-debug.log");
+                const dbg = path34.join(os29.homedir(), ".node9", "hook-debug.log");
                 const msg = err2 instanceof Error ? err2.message : String(err2);
-                fs32.appendFileSync(dbg, `[${(/* @__PURE__ */ new Date()).toISOString()}] SKILL_PIN_ERROR: ${msg}
+                fs33.appendFileSync(dbg, `[${(/* @__PURE__ */ new Date()).toISOString()}] SKILL_PIN_ERROR: ${msg}
 `);
               } catch {
               }
@@ -18073,7 +18215,7 @@ RAW: ${raw}
         if (shouldSnapshot(toolName, toolInput, config)) {
           await createShadowSnapshot(toolName, toolInput, config.policy.snapshot.ignorePaths);
         }
-        const safeCwdForAuth = typeof payloadCwd === "string" && path33.isAbsolute(payloadCwd) ? payloadCwd : void 0;
+        const safeCwdForAuth = typeof payloadCwd === "string" && path34.isAbsolute(payloadCwd) ? payloadCwd : void 0;
         const result = await authorizeHeadless(toolName, toolInput, meta, {
           cwd: safeCwdForAuth
         });
@@ -18085,12 +18227,12 @@ RAW: ${raw}
         }
         if (result.noApprovalMechanism && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON && !process.stdout.isTTY && config.settings.autoStartDaemon) {
           try {
-            const tty = fs32.openSync("/dev/tty", "w");
-            fs32.writeSync(
+            const tty = fs33.openSync("/dev/tty", "w");
+            fs33.writeSync(
               tty,
               chalk9.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically...\n")
             );
-            fs32.closeSync(tty);
+            fs33.closeSync(tty);
           } catch {
           }
           const daemonReady = await autoStartDaemonAndWait();
@@ -18117,9 +18259,9 @@ RAW: ${raw}
         });
       } catch (err2) {
         if (process.env.NODE9_DEBUG === "1") {
-          const logPath = path33.join(os28.homedir(), ".node9", "hook-debug.log");
+          const logPath = path34.join(os29.homedir(), ".node9", "hook-debug.log");
           const errMsg = err2 instanceof Error ? err2.message : String(err2);
-          fs32.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
+          fs33.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
 `);
         }
         process.exit(0);
@@ -18155,9 +18297,9 @@ RAW: ${raw}
 // src/cli/commands/log.ts
 init_audit();
 init_config();
-import fs33 from "fs";
-import path34 from "path";
-import os29 from "os";
+import fs34 from "fs";
+import path35 from "path";
+import os30 from "os";
 init_daemon();
 
 // src/utils/cp-mv-parser.ts
@@ -18250,10 +18392,10 @@ function registerLogCommand(program2) {
         if (rawToolName !== tool) entry.agentToolName = rawToolName;
         const payloadSessionId = payload.session_id ?? payload.conversationId;
         if (payloadSessionId) entry.sessionId = payloadSessionId;
-        const logPath = path34.join(os29.homedir(), ".node9", "audit.log");
-        if (!fs33.existsSync(path34.dirname(logPath)))
-          fs33.mkdirSync(path34.dirname(logPath), { recursive: true });
-        fs33.appendFileSync(logPath, JSON.stringify(entry) + "\n");
+        const logPath = path35.join(os30.homedir(), ".node9", "audit.log");
+        if (!fs34.existsSync(path35.dirname(logPath)))
+          fs34.mkdirSync(path35.dirname(logPath), { recursive: true });
+        fs34.appendFileSync(logPath, JSON.stringify(entry) + "\n");
         if ((tool === "Bash" || tool === "bash") && isDaemonRunning()) {
           const command = typeof rawInput === "object" && rawInput !== null && "command" in rawInput && typeof rawInput.command === "string" ? rawInput.command : null;
           if (command) {
@@ -18287,7 +18429,7 @@ function registerLogCommand(program2) {
           }
         }
         const payloadCwd = typeof payload.cwd === "string" ? payload.cwd : Array.isArray(payload.workspacePaths) && typeof payload.workspacePaths[0] === "string" ? payload.workspacePaths[0] : void 0;
-        const safeCwd = typeof payloadCwd === "string" && path34.isAbsolute(payloadCwd) ? payloadCwd : void 0;
+        const safeCwd = typeof payloadCwd === "string" && path35.isAbsolute(payloadCwd) ? payloadCwd : void 0;
         const config = getConfig(safeCwd);
         if ((tool === "Bash" || tool === "bash") && config.settings.enableUndo !== false) {
           const bashCommand = typeof rawInput === "object" && rawInput !== null && "command" in rawInput && typeof rawInput.command === "string" ? rawInput.command : null;
@@ -18308,9 +18450,9 @@ function registerLogCommand(program2) {
         const msg = err2 instanceof Error ? err2.message : String(err2);
         process.stderr.write(`[Node9] audit log error: ${msg}
 `);
-        const debugPath = path34.join(os29.homedir(), ".node9", "hook-debug.log");
+        const debugPath = path35.join(os30.homedir(), ".node9", "hook-debug.log");
         try {
-          fs33.appendFileSync(debugPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] LOG_ERROR: ${msg}
+          fs34.appendFileSync(debugPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] LOG_ERROR: ${msg}
 `);
         } catch {
         }
@@ -18710,14 +18852,15 @@ function registerConfigShowCommand(program2) {
 
 // src/cli/commands/doctor.ts
 init_daemon();
+init_config();
 import chalk11 from "chalk";
-import fs34 from "fs";
-import path35 from "path";
-import os30 from "os";
+import fs35 from "fs";
+import path36 from "path";
+import os31 from "os";
 import { execSync } from "child_process";
 function registerDoctorCommand(program2, version2) {
-  program2.command("doctor").description("Check that Node9 is installed and configured correctly").action(() => {
-    const homeDir2 = os30.homedir();
+  program2.command("doctor").description("Check that Node9 is installed and configured correctly").action(async () => {
+    const homeDir2 = os31.homedir();
     let failures = 0;
     function pass(msg) {
       console.log(chalk11.green("  \u2705 ") + msg);
@@ -18766,10 +18909,10 @@ function registerDoctorCommand(program2, version2) {
       );
     }
     section("Configuration");
-    const globalConfigPath = path35.join(homeDir2, ".node9", "config.json");
-    if (fs34.existsSync(globalConfigPath)) {
+    const globalConfigPath = path36.join(homeDir2, ".node9", "config.json");
+    if (fs35.existsSync(globalConfigPath)) {
       try {
-        JSON.parse(fs34.readFileSync(globalConfigPath, "utf-8"));
+        JSON.parse(fs35.readFileSync(globalConfigPath, "utf-8"));
         pass("~/.node9/config.json found and valid");
       } catch {
         fail("~/.node9/config.json is invalid JSON", "Run: node9 init --force");
@@ -18777,10 +18920,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("~/.node9/config.json not found (using defaults)", "Run: node9 init");
     }
-    const projectConfigPath = path35.join(process.cwd(), "node9.config.json");
-    if (fs34.existsSync(projectConfigPath)) {
+    const projectConfigPath = path36.join(process.cwd(), "node9.config.json");
+    if (fs35.existsSync(projectConfigPath)) {
       try {
-        JSON.parse(fs34.readFileSync(projectConfigPath, "utf-8"));
+        JSON.parse(fs35.readFileSync(projectConfigPath, "utf-8"));
         pass("node9.config.json found and valid (project)");
       } catch {
         fail(
@@ -18789,8 +18932,8 @@ function registerDoctorCommand(program2, version2) {
         );
       }
     }
-    const credsPath = path35.join(homeDir2, ".node9", "credentials.json");
-    if (fs34.existsSync(credsPath)) {
+    const credsPath = path36.join(homeDir2, ".node9", "credentials.json");
+    if (fs35.existsSync(credsPath)) {
       pass("Cloud credentials found (~/.node9/credentials.json)");
     } else {
       warn(
@@ -18799,10 +18942,10 @@ function registerDoctorCommand(program2, version2) {
       );
     }
     section("Agent Hooks");
-    const claudeSettingsPath = path35.join(homeDir2, ".claude", "settings.json");
-    if (fs34.existsSync(claudeSettingsPath)) {
+    const claudeSettingsPath = path36.join(homeDir2, ".claude", "settings.json");
+    if (fs35.existsSync(claudeSettingsPath)) {
       try {
-        const cs = JSON.parse(fs34.readFileSync(claudeSettingsPath, "utf-8"));
+        const cs = JSON.parse(fs35.readFileSync(claudeSettingsPath, "utf-8"));
         const hasHook = cs.hooks?.PreToolUse?.some(
           (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
         );
@@ -18818,10 +18961,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("Claude Code \u2014 not configured", "Run: node9 setup claude");
     }
-    const geminiSettingsPath = path35.join(homeDir2, ".gemini", "settings.json");
-    if (fs34.existsSync(geminiSettingsPath)) {
+    const geminiSettingsPath = path36.join(homeDir2, ".gemini", "settings.json");
+    if (fs35.existsSync(geminiSettingsPath)) {
       try {
-        const gs = JSON.parse(fs34.readFileSync(geminiSettingsPath, "utf-8"));
+        const gs = JSON.parse(fs35.readFileSync(geminiSettingsPath, "utf-8"));
         const hasHook = gs.hooks?.BeforeTool?.some(
           (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
         );
@@ -18837,10 +18980,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("Gemini CLI  \u2014 not configured", "Run: node9 setup gemini  (skip if not using Gemini)");
     }
-    const cursorHooksPath = path35.join(homeDir2, ".cursor", "hooks.json");
-    if (fs34.existsSync(cursorHooksPath)) {
+    const cursorHooksPath = path36.join(homeDir2, ".cursor", "hooks.json");
+    if (fs35.existsSync(cursorHooksPath)) {
       try {
-        const cur = JSON.parse(fs34.readFileSync(cursorHooksPath, "utf-8"));
+        const cur = JSON.parse(fs35.readFileSync(cursorHooksPath, "utf-8"));
         const hasHook = cur.hooks?.preToolUse?.some(
           (h) => h.command?.includes("node9") || h.command?.includes("cli.js")
         );
@@ -18867,6 +19010,47 @@ function registerDoctorCommand(program2, version2) {
         "Run: node9 daemon --background"
       );
     }
+    section("Cloud audit shipping");
+    try {
+      const { shipLagBytes: shipLagBytes2, readWatermark: readWatermark2, AUDIT_SHIP_WATERMARK: AUDIT_SHIP_WATERMARK2 } = await Promise.resolve().then(() => (init_audit_shipper(), audit_shipper_exports));
+      const cfg = getConfig();
+      const creds = fs35.existsSync(path36.join(os31.homedir(), ".node9", "credentials.json"));
+      if (!creds) {
+        warn("Not logged in \u2014 audit rows stay local", "Run: node9 login <api-key>");
+      } else if (!cfg.settings.approvers.cloud) {
+        warn(
+          "Cloud approvals OFF (settings.approvers.cloud=false) \u2014 nothing syncs to the dashboard",
+          "Privacy mode is a valid choice; set approvers.cloud=true to sync."
+        );
+      } else if (cfg.settings.shipper.enabled === false) {
+        warn("Shipper disabled (settings.shipper.enabled=false) \u2014 audit rows stay local");
+      } else {
+        const lag = shipLagBytes2();
+        const wm = readWatermark2(AUDIT_SHIP_WATERMARK2);
+        if (lag === 0) {
+          pass("Audit shipping caught up \u2014 dashboard matches the local log");
+        } else if (wm && lag !== null) {
+          const ageMin = Math.round((Date.now() - new Date(wm.updatedAt).getTime()) / 6e4);
+          if (ageMin > 5 && !isDaemonRunning()) {
+            warn(
+              `${Math.round(lag / 1024)} KB of audit rows not shipped (last ship ${ageMin}m ago)`,
+              "The daemon ships every ~20s \u2014 start it: node9 daemon --background"
+            );
+          } else {
+            pass(
+              `Shipping in progress \u2014 ${Math.round(lag / 1024)} KB queued, last ship ${ageMin}m ago`
+            );
+          }
+        } else {
+          warn(
+            "Shipper has never run on this machine \u2014 dashboard may lag the local log",
+            "Start the daemon: node9 daemon --background"
+          );
+        }
+      }
+    } catch (err2) {
+      warn(`Shipping status unavailable: ${err2.message}`);
+    }
     console.log("");
     if (failures === 0) {
       console.log(chalk11.green.bold("  All checks passed. Node9 is ready.\n"));
@@ -18880,9 +19064,9 @@ function registerDoctorCommand(program2, version2) {
 
 // src/cli/commands/audit.ts
 import chalk12 from "chalk";
-import fs35 from "fs";
-import path36 from "path";
-import os31 from "os";
+import fs36 from "fs";
+import path37 from "path";
+import os32 from "os";
 function formatRelativeTime(timestamp) {
   const diff = Date.now() - new Date(timestamp).getTime();
   const sec = Math.floor(diff / 1e3);
@@ -18895,14 +19079,14 @@ function formatRelativeTime(timestamp) {
 }
 function registerAuditCommand(program2) {
   program2.command("audit").description("View local execution audit log").option("--tail <n>", "Number of entries to show", "20").option("--tool <pattern>", "Filter by tool name (substring match)").option("--deny", "Show only denied actions").option("--json", "Output raw JSON").action((options) => {
-    const logPath = path36.join(os31.homedir(), ".node9", "audit.log");
-    if (!fs35.existsSync(logPath)) {
+    const logPath = path37.join(os32.homedir(), ".node9", "audit.log");
+    if (!fs36.existsSync(logPath)) {
       console.log(
         chalk12.yellow("No audit logs found. Run node9 with an agent to generate entries.")
       );
       return;
     }
-    const raw = fs35.readFileSync(logPath, "utf-8");
+    const raw = fs36.readFileSync(logPath, "utf-8");
     const lines = raw.split("\n").filter((l) => l.trim() !== "");
     let entries = lines.flatMap((line) => {
       try {
@@ -18960,9 +19144,9 @@ import chalk13 from "chalk";
 // src/cli/aggregate/report-audit.ts
 init_costSync();
 init_litellm();
-import fs36 from "fs";
-import os32 from "os";
-import path37 from "path";
+import fs37 from "fs";
+import os33 from "os";
+import path38 from "path";
 var TEST_COMMAND_RE3 = /(?:^|\s)(npm\s+(?:run\s+)?test|npx\s+(?:vitest|jest|mocha)|yarn\s+(?:run\s+)?test|pnpm\s+(?:run\s+)?test|vitest|jest|mocha|pytest|py\.test|cargo\s+test|go\s+test|bundle\s+exec\s+rspec|rspec|phpunit|dotnet\s+test)\b/i;
 function buildTestTimestamps(allEntries) {
   const testTs = /* @__PURE__ */ new Set();
@@ -19042,8 +19226,8 @@ function getDateRange(period, now) {
   }
 }
 function parseAuditLog(logPath) {
-  if (!fs36.existsSync(logPath)) return [];
-  const raw = fs36.readFileSync(logPath, "utf-8");
+  if (!fs37.existsSync(logPath)) return [];
+  const raw = fs37.readFileSync(logPath, "utf-8");
   return raw.split("\n").flatMap((line) => {
     if (!line.trim()) return [];
     try {
@@ -19103,25 +19287,25 @@ function freezeClaudeCost(acc) {
   };
 }
 function processClaudeCostProject(proj, projectsDir, start, end, acc) {
-  const projPath = path37.join(projectsDir, proj);
+  const projPath = path38.join(projectsDir, proj);
   let files;
   try {
-    const stat = fs36.statSync(projPath);
+    const stat = fs37.statSync(projPath);
     if (!stat.isDirectory()) return;
-    files = fs36.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
+    files = fs37.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
   } catch {
     return;
   }
   const startMs = start.getTime();
   for (const file of files) {
-    const filePath = path37.join(projPath, file);
+    const filePath = path38.join(projPath, file);
     try {
-      if (fs36.statSync(filePath).mtimeMs < startMs) continue;
+      if (fs37.statSync(filePath).mtimeMs < startMs) continue;
     } catch {
       continue;
     }
     try {
-      const raw = fs36.readFileSync(filePath, "utf-8");
+      const raw = fs37.readFileSync(filePath, "utf-8");
       for (const line of raw.split("\n")) {
         if (!line.trim()) continue;
         let entry;
@@ -19171,10 +19355,10 @@ function processClaudeCostProject(proj, projectsDir, start, end, acc) {
 }
 function loadClaudeCost(start, end, projectsDir) {
   const acc = emptyClaudeCostAccumulator();
-  if (!fs36.existsSync(projectsDir)) return freezeClaudeCost(acc);
+  if (!fs37.existsSync(projectsDir)) return freezeClaudeCost(acc);
   let dirs;
   try {
-    dirs = fs36.readdirSync(projectsDir);
+    dirs = fs37.readdirSync(projectsDir);
   } catch {
     return freezeClaudeCost(acc);
   }
@@ -19186,7 +19370,7 @@ function loadClaudeCost(start, end, projectsDir) {
 function processCodexCostFile(filePath, start, end, acc) {
   let lines;
   try {
-    lines = fs36.readFileSync(filePath, "utf-8").split("\n");
+    lines = fs37.readFileSync(filePath, "utf-8").split("\n");
   } catch {
     return;
   }
@@ -19231,31 +19415,31 @@ function processCodexCostFile(filePath, start, end, acc) {
 }
 function listCodexSessionFiles(sessionsBase) {
   const jsonlFiles = [];
-  if (!fs36.existsSync(sessionsBase)) return jsonlFiles;
+  if (!fs37.existsSync(sessionsBase)) return jsonlFiles;
   try {
-    for (const year of fs36.readdirSync(sessionsBase)) {
-      const yearPath = path37.join(sessionsBase, year);
+    for (const year of fs37.readdirSync(sessionsBase)) {
+      const yearPath = path38.join(sessionsBase, year);
       try {
-        if (!fs36.statSync(yearPath).isDirectory()) continue;
+        if (!fs37.statSync(yearPath).isDirectory()) continue;
       } catch {
         continue;
       }
-      for (const month of fs36.readdirSync(yearPath)) {
-        const monthPath = path37.join(yearPath, month);
+      for (const month of fs37.readdirSync(yearPath)) {
+        const monthPath = path38.join(yearPath, month);
         try {
-          if (!fs36.statSync(monthPath).isDirectory()) continue;
+          if (!fs37.statSync(monthPath).isDirectory()) continue;
         } catch {
           continue;
         }
-        for (const day of fs36.readdirSync(monthPath)) {
-          const dayPath = path37.join(monthPath, day);
+        for (const day of fs37.readdirSync(monthPath)) {
+          const dayPath = path38.join(monthPath, day);
           try {
-            if (!fs36.statSync(dayPath).isDirectory()) continue;
+            if (!fs37.statSync(dayPath).isDirectory()) continue;
           } catch {
             continue;
           }
-          for (const file of fs36.readdirSync(dayPath)) {
-            if (file.endsWith(".jsonl")) jsonlFiles.push(path37.join(dayPath, file));
+          for (const file of fs37.readdirSync(dayPath)) {
+            if (file.endsWith(".jsonl")) jsonlFiles.push(path38.join(dayPath, file));
           }
         }
       }
@@ -19308,13 +19492,13 @@ function freezeGeminiCost(acc) {
 function processGeminiCostFile(filePath, projectKey, start, end, acc) {
   const startMs = start.getTime();
   try {
-    if (fs36.statSync(filePath).mtimeMs < startMs) return;
+    if (fs37.statSync(filePath).mtimeMs < startMs) return;
   } catch {
     return;
   }
   let raw;
   try {
-    raw = fs36.readFileSync(filePath, "utf-8");
+    raw = fs37.readFileSync(filePath, "utf-8");
   } catch {
     return;
   }
@@ -19363,30 +19547,30 @@ function listGeminiSessionFiles(geminiTmpDir) {
   const out = [];
   let dirs;
   try {
-    if (!fs36.statSync(geminiTmpDir).isDirectory()) return out;
-    dirs = fs36.readdirSync(geminiTmpDir);
+    if (!fs37.statSync(geminiTmpDir).isDirectory()) return out;
+    dirs = fs37.readdirSync(geminiTmpDir);
   } catch {
     return out;
   }
   for (const proj of dirs) {
-    const chatsDir = path37.join(geminiTmpDir, proj, "chats");
+    const chatsDir = path38.join(geminiTmpDir, proj, "chats");
     let files;
     try {
-      if (!fs36.statSync(chatsDir).isDirectory()) continue;
-      files = fs36.readdirSync(chatsDir);
+      if (!fs37.statSync(chatsDir).isDirectory()) continue;
+      files = fs37.readdirSync(chatsDir);
     } catch {
       continue;
     }
     for (const f of files) {
       if (!f.endsWith(".jsonl")) continue;
-      out.push({ projectKey: proj, file: path37.join(chatsDir, f) });
+      out.push({ projectKey: proj, file: path38.join(chatsDir, f) });
     }
   }
   return out;
 }
 function loadGeminiCost(start, end, geminiTmpDir) {
   const acc = emptyGeminiAccumulator();
-  if (!fs36.existsSync(geminiTmpDir)) return freezeGeminiCost(acc);
+  if (!fs37.existsSync(geminiTmpDir)) return freezeGeminiCost(acc);
   for (const { projectKey, file } of listGeminiSessionFiles(geminiTmpDir)) {
     processGeminiCostFile(file, projectKey, start, end, acc);
   }
@@ -19394,11 +19578,11 @@ function loadGeminiCost(start, end, geminiTmpDir) {
 }
 function aggregateReportFromAudit(period, opts = {}) {
   const now = opts.now ?? /* @__PURE__ */ new Date();
-  const auditLogPath = opts.auditLogPath ?? path37.join(os32.homedir(), ".node9", "audit.log");
-  const claudeProjectsDir = opts.claudeProjectsDir ?? path37.join(os32.homedir(), ".claude", "projects");
-  const codexSessionsDir = opts.codexSessionsDir ?? path37.join(os32.homedir(), ".codex", "sessions");
-  const geminiTmpDir = opts.geminiTmpDir ?? path37.join(os32.homedir(), ".gemini", "tmp");
-  const hasAuditFile = fs36.existsSync(auditLogPath);
+  const auditLogPath = opts.auditLogPath ?? path38.join(os33.homedir(), ".node9", "audit.log");
+  const claudeProjectsDir = opts.claudeProjectsDir ?? path38.join(os33.homedir(), ".claude", "projects");
+  const codexSessionsDir = opts.codexSessionsDir ?? path38.join(os33.homedir(), ".codex", "sessions");
+  const geminiTmpDir = opts.geminiTmpDir ?? path38.join(os33.homedir(), ".gemini", "tmp");
+  const hasAuditFile = fs37.existsSync(auditLogPath);
   const allEntries = opts.preloadedAuditEntries ?? parseAuditLog(auditLogPath);
   const unackedDlp = allEntries.filter((e) => e.source === "response-dlp");
   const { start, end } = getDateRange(period, now);
@@ -20096,12 +20280,12 @@ function registerDaemonCommand(program2) {
 init_core();
 init_daemon();
 import chalk15 from "chalk";
-import fs37 from "fs";
-import path38 from "path";
-import os33 from "os";
+import fs38 from "fs";
+import path39 from "path";
+import os34 from "os";
 function readJson2(filePath) {
   try {
-    if (fs37.existsSync(filePath)) return JSON.parse(fs37.readFileSync(filePath, "utf-8"));
+    if (fs38.existsSync(filePath)) return JSON.parse(fs38.readFileSync(filePath, "utf-8"));
   } catch {
   }
   return null;
@@ -20166,28 +20350,28 @@ function registerStatusCommand(program2) {
     console.log("");
     const modeLabel = settings.mode === "audit" ? chalk15.blue("audit") : settings.mode === "strict" ? chalk15.red("strict") : chalk15.white("standard");
     console.log(`  Mode:    ${modeLabel}`);
-    const projectConfig = path38.join(process.cwd(), "node9.config.json");
-    const globalConfig = path38.join(os33.homedir(), ".node9", "config.json");
+    const projectConfig = path39.join(process.cwd(), "node9.config.json");
+    const globalConfig = path39.join(os34.homedir(), ".node9", "config.json");
     console.log(
-      `  Local:   ${fs37.existsSync(projectConfig) ? chalk15.green("Active (node9.config.json)") : chalk15.gray("Not present")}`
+      `  Local:   ${fs38.existsSync(projectConfig) ? chalk15.green("Active (node9.config.json)") : chalk15.gray("Not present")}`
     );
     console.log(
-      `  Global:  ${fs37.existsSync(globalConfig) ? chalk15.green("Active (~/.node9/config.json)") : chalk15.gray("Not present")}`
+      `  Global:  ${fs38.existsSync(globalConfig) ? chalk15.green("Active (~/.node9/config.json)") : chalk15.gray("Not present")}`
     );
     if (mergedConfig.policy.sandboxPaths.length > 0) {
       console.log(
         `  Sandbox: ${chalk15.green(`${mergedConfig.policy.sandboxPaths.length} safe zones active`)}`
       );
     }
-    const homeDir2 = os33.homedir();
+    const homeDir2 = os34.homedir();
     const claudeSettings = readJson2(
-      path38.join(homeDir2, ".claude", "settings.json")
+      path39.join(homeDir2, ".claude", "settings.json")
     );
-    const claudeConfig = readJson2(path38.join(homeDir2, ".claude.json"));
+    const claudeConfig = readJson2(path39.join(homeDir2, ".claude.json"));
     const geminiSettings = readJson2(
-      path38.join(homeDir2, ".gemini", "settings.json")
+      path39.join(homeDir2, ".gemini", "settings.json")
     );
-    const cursorConfig = readJson2(path38.join(homeDir2, ".cursor", "mcp.json"));
+    const cursorConfig = readJson2(path39.join(homeDir2, ".cursor", "mcp.json"));
     const agentFound = claudeSettings || claudeConfig || geminiSettings || cursorConfig;
     if (agentFound) {
       console.log("");
@@ -20250,9 +20434,9 @@ init_setup();
 init_shields();
 init_service();
 import chalk16 from "chalk";
-import fs38 from "fs";
-import path39 from "path";
-import os34 from "os";
+import fs39 from "fs";
+import path40 from "path";
+import os35 from "os";
 import https4 from "https";
 var DEFAULT_SHIELDS = ["bash-safe", "filesystem", "project-jail"];
 function buildTelemetryPayload(agents, firstInstall) {
@@ -20338,16 +20522,16 @@ function registerInitCommand(program2) {
         }
         console.log("");
       }
-      const configPath = path39.join(os34.homedir(), ".node9", "config.json");
-      const isFirstInstall = !fs38.existsSync(configPath);
-      if (fs38.existsSync(configPath) && !options.force) {
+      const configPath = path40.join(os35.homedir(), ".node9", "config.json");
+      const isFirstInstall = !fs39.existsSync(configPath);
+      if (fs39.existsSync(configPath) && !options.force) {
         try {
-          const existing = JSON.parse(fs38.readFileSync(configPath, "utf-8"));
+          const existing = JSON.parse(fs39.readFileSync(configPath, "utf-8"));
           const settings = existing.settings ?? {};
           if (settings.mode !== chosenMode) {
             settings.mode = chosenMode;
             existing.settings = settings;
-            fs38.writeFileSync(configPath, JSON.stringify(existing, null, 2) + "\n");
+            fs39.writeFileSync(configPath, JSON.stringify(existing, null, 2) + "\n");
             console.log(chalk16.green(`\u2705 Mode updated: ${chosenMode}`));
           } else {
             console.log(chalk16.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
@@ -20360,9 +20544,9 @@ function registerInitCommand(program2) {
           ...DEFAULT_CONFIG,
           settings: { ...DEFAULT_CONFIG.settings, mode: chosenMode }
         };
-        const dir = path39.dirname(configPath);
-        if (!fs38.existsSync(dir)) fs38.mkdirSync(dir, { recursive: true });
-        fs38.writeFileSync(configPath, JSON.stringify(configToSave, null, 2) + "\n");
+        const dir = path40.dirname(configPath);
+        if (!fs39.existsSync(dir)) fs39.mkdirSync(dir, { recursive: true });
+        fs39.writeFileSync(configPath, JSON.stringify(configToSave, null, 2) + "\n");
         console.log(chalk16.green(`\u2705 Config created: ${configPath}`));
         console.log(chalk16.gray(`   Mode: ${chosenMode}`));
       }
@@ -20467,7 +20651,7 @@ function registerInitCommand(program2) {
 }
 
 // src/cli/commands/undo.ts
-import path40 from "path";
+import path41 from "path";
 import chalk18 from "chalk";
 
 // src/tui/undo-navigator.ts
@@ -20626,7 +20810,7 @@ function findMatchingCwd(startDir, history) {
   let dir = startDir;
   while (true) {
     if (cwds.has(dir)) return dir;
-    const parent = path40.dirname(dir);
+    const parent = path41.dirname(dir);
     if (parent === dir) return null;
     dir = parent;
   }
@@ -21202,9 +21386,9 @@ function registerMcpGatewayCommand(program2) {
 
 // src/mcp-server/index.ts
 import readline5 from "readline";
-import fs39 from "fs";
-import os35 from "os";
-import path41 from "path";
+import fs40 from "fs";
+import os36 from "os";
+import path42 from "path";
 import { spawnSync as spawnSync4 } from "child_process";
 init_core();
 init_daemon();
@@ -21455,13 +21639,13 @@ function handleStatus() {
   lines.push(`Active shields: ${activeShields.length > 0 ? activeShields.join(", ") : "none"}`);
   lines.push(`Smart rules: ${config.policy.smartRules.length} loaded`);
   lines.push(`DLP: ${config.policy.dlp?.enabled !== false ? "enabled" : "disabled"}`);
-  const projectConfig = path41.join(process.cwd(), "node9.config.json");
-  const globalConfig = path41.join(os35.homedir(), ".node9", "config.json");
+  const projectConfig = path42.join(process.cwd(), "node9.config.json");
+  const globalConfig = path42.join(os36.homedir(), ".node9", "config.json");
   lines.push(
-    `Project config (node9.config.json): ${fs39.existsSync(projectConfig) ? "present" : "not found"}`
+    `Project config (node9.config.json): ${fs40.existsSync(projectConfig) ? "present" : "not found"}`
   );
   lines.push(
-    `Global config (~/.node9/config.json): ${fs39.existsSync(globalConfig) ? "present" : "not found"}`
+    `Global config (~/.node9/config.json): ${fs40.existsSync(globalConfig) ? "present" : "not found"}`
   );
   return lines.join("\n");
 }
@@ -21535,21 +21719,21 @@ function handleShieldDisable(args) {
   writeActiveShields(active.filter((s) => s !== name));
   return `Shield "${name}" disabled.`;
 }
-var GLOBAL_CONFIG_PATH = path41.join(os35.homedir(), ".node9", "config.json");
+var GLOBAL_CONFIG_PATH = path42.join(os36.homedir(), ".node9", "config.json");
 var APPROVER_CHANNELS = ["native", "browser", "cloud", "terminal"];
 function readGlobalConfigRaw() {
   try {
-    if (fs39.existsSync(GLOBAL_CONFIG_PATH)) {
-      return JSON.parse(fs39.readFileSync(GLOBAL_CONFIG_PATH, "utf-8"));
+    if (fs40.existsSync(GLOBAL_CONFIG_PATH)) {
+      return JSON.parse(fs40.readFileSync(GLOBAL_CONFIG_PATH, "utf-8"));
     }
   } catch {
   }
   return {};
 }
 function writeGlobalConfigRaw(data) {
-  const dir = path41.dirname(GLOBAL_CONFIG_PATH);
-  if (!fs39.existsSync(dir)) fs39.mkdirSync(dir, { recursive: true });
-  fs39.writeFileSync(GLOBAL_CONFIG_PATH, JSON.stringify(data, null, 2) + "\n");
+  const dir = path42.dirname(GLOBAL_CONFIG_PATH);
+  if (!fs40.existsSync(dir)) fs40.mkdirSync(dir, { recursive: true });
+  fs40.writeFileSync(GLOBAL_CONFIG_PATH, JSON.stringify(data, null, 2) + "\n");
 }
 function handleApproverList() {
   const config = getConfig();
@@ -21593,9 +21777,9 @@ function handleApproverSet(args) {
 function handleAuditGet(args) {
   const limit = Math.min(typeof args.limit === "number" ? args.limit : 20, 100);
   const filter = typeof args.filter === "string" && args.filter !== "all" ? args.filter : null;
-  const auditPath = path41.join(os35.homedir(), ".node9", "audit.log");
-  if (!fs39.existsSync(auditPath)) return "No audit log found.";
-  const rawLines = fs39.readFileSync(auditPath, "utf-8").trim().split("\n").filter(Boolean);
+  const auditPath = path42.join(os36.homedir(), ".node9", "audit.log");
+  if (!fs40.existsSync(auditPath)) return "No audit log found.";
+  const rawLines = fs40.readFileSync(auditPath, "utf-8").trim().split("\n").filter(Boolean);
   const parsed = [];
   for (const line of rawLines) {
     try {
@@ -21930,7 +22114,7 @@ function registerTrustCommand(program2) {
 // src/cli/commands/mcp-pin.ts
 init_mcp_pin();
 import chalk21 from "chalk";
-import fs40 from "fs";
+import fs41 from "fs";
 function registerMcpPinCommand(program2) {
   const pinCmd = program2.command("mcp").description("Manage MCP server tool definition pinning (rug pull defense)");
   const pinSubCmd = pinCmd.command("pin").description("Manage pinned MCP server tool definitions");
@@ -21941,7 +22125,7 @@ function registerMcpPinCommand(program2) {
     let repoCorrupt = false;
     if (found.source === "repo") {
       try {
-        const raw = fs40.readFileSync(found.path, "utf-8");
+        const raw = fs41.readFileSync(found.path, "utf-8");
         const parsed = JSON.parse(raw);
         repoEntries = parsed.servers ?? {};
       } catch {
@@ -22255,9 +22439,9 @@ init_scan();
 // src/cli/commands/sessions.ts
 init_scan_summary();
 import chalk24 from "chalk";
-import fs41 from "fs";
-import path42 from "path";
-import os36 from "os";
+import fs42 from "fs";
+import path43 from "path";
+import os37 from "os";
 var CLAUDE_PRICING3 = {
   "claude-opus-4-6": { i: 5e-6, o: 25e-6, cw: 625e-8, cr: 5e-7 },
   "claude-opus-4-5": { i: 5e-6, o: 25e-6, cw: 625e-8, cr: 5e-7 },
@@ -22298,10 +22482,10 @@ function encodeProjectPath(projectPath) {
 }
 function sessionJsonlPath(projectPath, sessionId) {
   const encoded = encodeProjectPath(projectPath);
-  return path42.join(os36.homedir(), ".claude", "projects", encoded, `${sessionId}.jsonl`);
+  return path43.join(os37.homedir(), ".claude", "projects", encoded, `${sessionId}.jsonl`);
 }
 function projectLabel(projectPath) {
-  return projectPath.replace(os36.homedir(), "~");
+  return projectPath.replace(os37.homedir(), "~");
 }
 function parseHistoryLines(lines) {
   const entries = [];
@@ -22370,10 +22554,10 @@ function parseSessionLines(lines) {
   return { toolCalls, costUSD, hasSnapshot, modifiedFiles };
 }
 function loadAuditEntries(auditPath) {
-  const aPath = auditPath ?? path42.join(os36.homedir(), ".node9", "audit.log");
+  const aPath = auditPath ?? path43.join(os37.homedir(), ".node9", "audit.log");
   let raw;
   try {
-    raw = fs41.readFileSync(aPath, "utf-8");
+    raw = fs42.readFileSync(aPath, "utf-8");
   } catch {
     return [];
   }
@@ -22409,8 +22593,8 @@ function auditEntriesInWindow(entries, windowStart, windowEnd) {
   return result;
 }
 function buildGeminiSessions(days, allAuditEntries) {
-  const tmpDir = path42.join(os36.homedir(), ".gemini", "tmp");
-  if (!fs41.existsSync(tmpDir)) return [];
+  const tmpDir = path43.join(os37.homedir(), ".gemini", "tmp");
+  if (!fs42.existsSync(tmpDir)) return [];
   const cutoff = days !== null ? (() => {
     const d = /* @__PURE__ */ new Date();
     d.setDate(d.getDate() - days);
@@ -22419,35 +22603,35 @@ function buildGeminiSessions(days, allAuditEntries) {
   })() : null;
   let slugDirs;
   try {
-    slugDirs = fs41.readdirSync(tmpDir);
+    slugDirs = fs42.readdirSync(tmpDir);
   } catch {
     return [];
   }
   const summaries = [];
   for (const slug of slugDirs) {
-    const slugPath = path42.join(tmpDir, slug);
+    const slugPath = path43.join(tmpDir, slug);
     try {
-      if (!fs41.statSync(slugPath).isDirectory()) continue;
+      if (!fs42.statSync(slugPath).isDirectory()) continue;
     } catch {
       continue;
     }
-    let projectRoot = path42.join(os36.homedir(), slug);
+    let projectRoot = path43.join(os37.homedir(), slug);
     try {
-      projectRoot = fs41.readFileSync(path42.join(slugPath, ".project_root"), "utf-8").trim();
+      projectRoot = fs42.readFileSync(path43.join(slugPath, ".project_root"), "utf-8").trim();
     } catch {
     }
-    const chatsDir = path42.join(slugPath, "chats");
-    if (!fs41.existsSync(chatsDir)) continue;
+    const chatsDir = path43.join(slugPath, "chats");
+    if (!fs42.existsSync(chatsDir)) continue;
     let chatFiles;
     try {
-      chatFiles = fs41.readdirSync(chatsDir).filter((f) => f.endsWith(".json"));
+      chatFiles = fs42.readdirSync(chatsDir).filter((f) => f.endsWith(".json"));
     } catch {
       continue;
     }
     for (const chatFile of chatFiles) {
       let raw;
       try {
-        raw = fs41.readFileSync(path42.join(chatsDir, chatFile), "utf-8");
+        raw = fs42.readFileSync(path43.join(chatsDir, chatFile), "utf-8");
       } catch {
         continue;
       }
@@ -22527,8 +22711,8 @@ function buildGeminiSessions(days, allAuditEntries) {
   return summaries;
 }
 function buildCodexSessions(days, allAuditEntries) {
-  const sessionsBase = path42.join(os36.homedir(), ".codex", "sessions");
-  if (!fs41.existsSync(sessionsBase)) return [];
+  const sessionsBase = path43.join(os37.homedir(), ".codex", "sessions");
+  if (!fs42.existsSync(sessionsBase)) return [];
   const cutoff = days !== null ? (() => {
     const d = /* @__PURE__ */ new Date();
     d.setDate(d.getDate() - days);
@@ -22537,29 +22721,29 @@ function buildCodexSessions(days, allAuditEntries) {
   })() : null;
   const jsonlFiles = [];
   try {
-    for (const year of fs41.readdirSync(sessionsBase)) {
-      const yearPath = path42.join(sessionsBase, year);
+    for (const year of fs42.readdirSync(sessionsBase)) {
+      const yearPath = path43.join(sessionsBase, year);
       try {
-        if (!fs41.statSync(yearPath).isDirectory()) continue;
+        if (!fs42.statSync(yearPath).isDirectory()) continue;
       } catch {
         continue;
       }
-      for (const month of fs41.readdirSync(yearPath)) {
-        const monthPath = path42.join(yearPath, month);
+      for (const month of fs42.readdirSync(yearPath)) {
+        const monthPath = path43.join(yearPath, month);
         try {
-          if (!fs41.statSync(monthPath).isDirectory()) continue;
+          if (!fs42.statSync(monthPath).isDirectory()) continue;
         } catch {
           continue;
         }
-        for (const day of fs41.readdirSync(monthPath)) {
-          const dayPath = path42.join(monthPath, day);
+        for (const day of fs42.readdirSync(monthPath)) {
+          const dayPath = path43.join(monthPath, day);
           try {
-            if (!fs41.statSync(dayPath).isDirectory()) continue;
+            if (!fs42.statSync(dayPath).isDirectory()) continue;
           } catch {
             continue;
           }
-          for (const file of fs41.readdirSync(dayPath)) {
-            if (file.endsWith(".jsonl")) jsonlFiles.push(path42.join(dayPath, file));
+          for (const file of fs42.readdirSync(dayPath)) {
+            if (file.endsWith(".jsonl")) jsonlFiles.push(path43.join(dayPath, file));
           }
         }
       }
@@ -22571,7 +22755,7 @@ function buildCodexSessions(days, allAuditEntries) {
   for (const filePath of jsonlFiles) {
     let lines;
     try {
-      lines = fs41.readFileSync(filePath, "utf-8").split("\n");
+      lines = fs42.readFileSync(filePath, "utf-8").split("\n");
     } catch {
       continue;
     }
@@ -22649,10 +22833,10 @@ function buildCodexSessions(days, allAuditEntries) {
   return summaries;
 }
 function buildSessions(days, historyPath) {
-  const hPath = historyPath ?? path42.join(os36.homedir(), ".claude", "history.jsonl");
+  const hPath = historyPath ?? path43.join(os37.homedir(), ".claude", "history.jsonl");
   let historyRaw;
   try {
-    historyRaw = fs41.readFileSync(hPath, "utf-8");
+    historyRaw = fs42.readFileSync(hPath, "utf-8");
   } catch {
     return [];
   }
@@ -22677,7 +22861,7 @@ function buildSessions(days, historyPath) {
     const jsonlFile = sessionJsonlPath(entry.project, entry.sessionId);
     let sessionLines = [];
     try {
-      sessionLines = fs41.readFileSync(jsonlFile, "utf-8").split("\n");
+      sessionLines = fs42.readFileSync(jsonlFile, "utf-8").split("\n");
     } catch {
     }
     const { toolCalls, costUSD, hasSnapshot, modifiedFiles } = parseSessionLines(sessionLines);
@@ -22945,8 +23129,8 @@ function registerSessionsCommand(program2) {
     console.log("");
     console.log(chalk24.cyan.bold("\u{1F4CB}  node9 sessions") + chalk24.dim("  \u2014 what your AI agent did"));
     console.log("");
-    const historyPath = path42.join(os36.homedir(), ".claude", "history.jsonl");
-    if (!fs41.existsSync(historyPath)) {
+    const historyPath = path43.join(os37.homedir(), ".claude", "history.jsonl");
+    if (!fs42.existsSync(historyPath)) {
       console.log(chalk24.yellow("  No Claude session history found at ~/.claude/history.jsonl"));
       console.log(chalk24.gray("  Install Claude Code, run a few sessions, then try again.\n"));
       return;
@@ -22983,12 +23167,12 @@ function registerSessionsCommand(program2) {
 
 // src/cli/commands/skill-pin.ts
 import chalk25 from "chalk";
-import fs42 from "fs";
-import os37 from "os";
-import path43 from "path";
+import fs43 from "fs";
+import os38 from "os";
+import path44 from "path";
 function wipeSkillSessions() {
   try {
-    fs42.rmSync(path43.join(os37.homedir(), ".node9", "skill-sessions"), {
+    fs43.rmSync(path44.join(os38.homedir(), ".node9", "skill-sessions"), {
       recursive: true,
       force: true
     });
@@ -23070,15 +23254,15 @@ function registerSkillPinCommand(program2) {
 }
 
 // src/cli/commands/decisions.ts
-import fs43 from "fs";
-import os38 from "os";
-import path44 from "path";
+import fs44 from "fs";
+import os39 from "os";
+import path45 from "path";
 import chalk26 from "chalk";
-var DECISIONS_FILE2 = path44.join(os38.homedir(), ".node9", "decisions.json");
+var DECISIONS_FILE2 = path45.join(os39.homedir(), ".node9", "decisions.json");
 function readDecisions() {
   try {
-    if (!fs43.existsSync(DECISIONS_FILE2)) return {};
-    const raw = fs43.readFileSync(DECISIONS_FILE2, "utf-8");
+    if (!fs44.existsSync(DECISIONS_FILE2)) return {};
+    const raw = fs44.readFileSync(DECISIONS_FILE2, "utf-8");
     const parsed = JSON.parse(raw);
     const out = {};
     for (const [k, v] of Object.entries(parsed)) {
@@ -23090,11 +23274,11 @@ function readDecisions() {
   }
 }
 function writeDecisions(d) {
-  const dir = path44.dirname(DECISIONS_FILE2);
-  if (!fs43.existsSync(dir)) fs43.mkdirSync(dir, { recursive: true });
+  const dir = path45.dirname(DECISIONS_FILE2);
+  if (!fs44.existsSync(dir)) fs44.mkdirSync(dir, { recursive: true });
   const tmp = `${DECISIONS_FILE2}.${process.pid}.tmp`;
-  fs43.writeFileSync(tmp, JSON.stringify(d, null, 2));
-  fs43.renameSync(tmp, DECISIONS_FILE2);
+  fs44.writeFileSync(tmp, JSON.stringify(d, null, 2));
+  fs44.renameSync(tmp, DECISIONS_FILE2);
 }
 function registerDecisionsCommand(program2) {
   const cmd = program2.command("decisions").description('Manage persistent "Always Allow" / "Always Deny" tool decisions');
@@ -23151,18 +23335,18 @@ Persistent decisions  (${entries.length})
 
 // src/cli/commands/dlp.ts
 import chalk27 from "chalk";
-import fs44 from "fs";
-import path45 from "path";
-import os39 from "os";
-var AUDIT_LOG = path45.join(os39.homedir(), ".node9", "audit.log");
-var RESOLVED_FILE = path45.join(os39.homedir(), ".node9", "dlp-resolved.json");
+import fs45 from "fs";
+import path46 from "path";
+import os40 from "os";
+var AUDIT_LOG = path46.join(os40.homedir(), ".node9", "audit.log");
+var RESOLVED_FILE = path46.join(os40.homedir(), ".node9", "dlp-resolved.json");
 var ANSI_RE = /\x1b(?:\[[0-9;?]*[a-zA-Z]|\][^\x07\x1b]*(?:\x07|\x1b\\)|[@-_])/g;
 function stripAnsi(s) {
   return s.replace(ANSI_RE, "");
 }
 function loadResolved() {
   try {
-    const raw = JSON.parse(fs44.readFileSync(RESOLVED_FILE, "utf-8"));
+    const raw = JSON.parse(fs45.readFileSync(RESOLVED_FILE, "utf-8"));
     return new Set(raw);
   } catch {
     return /* @__PURE__ */ new Set();
@@ -23170,13 +23354,13 @@ function loadResolved() {
 }
 function saveResolved(resolved) {
   try {
-    fs44.writeFileSync(RESOLVED_FILE, JSON.stringify([...resolved], null, 2), { mode: 384 });
+    fs45.writeFileSync(RESOLVED_FILE, JSON.stringify([...resolved], null, 2), { mode: 384 });
   } catch {
   }
 }
 function loadDlpFindings() {
-  if (!fs44.existsSync(AUDIT_LOG)) return [];
-  return fs44.readFileSync(AUDIT_LOG, "utf-8").split("\n").flatMap((line) => {
+  if (!fs45.existsSync(AUDIT_LOG)) return [];
+  return fs45.readFileSync(AUDIT_LOG, "utf-8").split("\n").flatMap((line) => {
     if (!line.trim()) return [];
     try {
       const e = JSON.parse(line);
@@ -23275,14 +23459,14 @@ function registerDlpCommand(program2) {
 // src/cli/commands/mask.ts
 init_dlp();
 import chalk28 from "chalk";
-import fs45 from "fs";
-import path46 from "path";
-import os40 from "os";
+import fs46 from "fs";
+import path47 from "path";
+import os41 from "os";
 function findJsonlFiles(dir) {
   const results = [];
-  if (!fs45.existsSync(dir)) return results;
-  for (const entry of fs45.readdirSync(dir, { withFileTypes: true })) {
-    const full = path46.join(dir, entry.name);
+  if (!fs46.existsSync(dir)) return results;
+  for (const entry of fs46.readdirSync(dir, { withFileTypes: true })) {
+    const full = path47.join(dir, entry.name);
     if (entry.isDirectory()) results.push(...findJsonlFiles(full));
     else if (entry.isFile() && entry.name.endsWith(".jsonl")) results.push(full);
   }
@@ -23325,7 +23509,7 @@ function redactJson(obj) {
 function processFile(filePath, dryRun) {
   let raw;
   try {
-    raw = fs45.readFileSync(filePath, "utf-8");
+    raw = fs46.readFileSync(filePath, "utf-8");
   } catch {
     return { redactedLines: 0, patterns: [] };
   }
@@ -23357,14 +23541,14 @@ function processFile(filePath, dryRun) {
     }
   }
   if (!dryRun && redactedLines > 0) {
-    fs45.writeFileSync(filePath, newLines.join("\n"), "utf-8");
+    fs46.writeFileSync(filePath, newLines.join("\n"), "utf-8");
   }
   return { redactedLines, patterns };
 }
 function processJsonFile(filePath, dryRun) {
   let raw;
   try {
-    raw = fs45.readFileSync(filePath, "utf-8");
+    raw = fs46.readFileSync(filePath, "utf-8");
   } catch {
     return { redactedLines: 0, patterns: [] };
   }
@@ -23377,15 +23561,15 @@ function processJsonFile(filePath, dryRun) {
   const { value, modified, found } = redactJson(parsed);
   if (!modified) return { redactedLines: 0, patterns: [] };
   if (!dryRun) {
-    fs45.writeFileSync(filePath, JSON.stringify(value, null, 2), "utf-8");
+    fs46.writeFileSync(filePath, JSON.stringify(value, null, 2), "utf-8");
   }
   return { redactedLines: 1, patterns: found };
 }
 function findJsonFiles(dir) {
   const results = [];
-  if (!fs45.existsSync(dir)) return results;
-  for (const entry of fs45.readdirSync(dir, { withFileTypes: true })) {
-    const full = path46.join(dir, entry.name);
+  if (!fs46.existsSync(dir)) return results;
+  for (const entry of fs46.readdirSync(dir, { withFileTypes: true })) {
+    const full = path47.join(dir, entry.name);
     if (entry.isDirectory()) results.push(...findJsonFiles(full));
     else if (entry.isFile() && entry.name.endsWith(".json")) results.push(full);
   }
@@ -23394,9 +23578,9 @@ function findJsonFiles(dir) {
 function registerMaskCommand(program2) {
   program2.command("mask").description("Redact plaintext secrets from local AI session history files").option("--dry-run", "show what would be redacted without making changes").option("--all", "scan all history (default: last 30 days)").action(async (options) => {
     const dryRun = !!options.dryRun;
-    const home = os40.homedir();
-    const claudeDir = path46.join(home, ".claude", "projects");
-    const geminiDir = path46.join(home, ".gemini", "tmp");
+    const home = os41.homedir();
+    const claudeDir = path47.join(home, ".claude", "projects");
+    const geminiDir = path47.join(home, ".gemini", "tmp");
     const allFiles = [
       ...findJsonlFiles(claudeDir).map((p) => ({ path: p, type: "jsonl" })),
       ...findJsonFiles(geminiDir).map((p) => ({ path: p, type: "json" }))
@@ -23404,7 +23588,7 @@ function registerMaskCommand(program2) {
     const cutoff = options.all ? null : new Date(Date.now() - 30 * 24 * 60 * 60 * 1e3);
     const filtered = cutoff ? allFiles.filter((f) => {
       try {
-        return fs45.statSync(f.path).mtime >= cutoff;
+        return fs46.statSync(f.path).mtime >= cutoff;
       } catch {
         return false;
       }
@@ -23460,20 +23644,20 @@ function registerMaskCommand(program2) {
 // src/cli.ts
 init_blast();
 var { version } = JSON.parse(
-  fs48.readFileSync(path49.join(__dirname, "../package.json"), "utf-8")
+  fs49.readFileSync(path50.join(__dirname, "../package.json"), "utf-8")
 );
 var program = new Command();
 program.name("node9").description("The Sudo Command for AI Agents").version(version);
 program.command("login").argument("<apiKey>").option("--local", "Save key for audit/logging only \u2014 local config still controls all decisions").option("--profile <name>", 'Save as a named profile (default: "default")').action((apiKey, options) => {
   const DEFAULT_API_URL2 = "https://api.node9.ai/api/v1/intercept";
-  const credPath = path49.join(os43.homedir(), ".node9", "credentials.json");
-  if (!fs48.existsSync(path49.dirname(credPath)))
-    fs48.mkdirSync(path49.dirname(credPath), { recursive: true });
+  const credPath = path50.join(os44.homedir(), ".node9", "credentials.json");
+  if (!fs49.existsSync(path50.dirname(credPath)))
+    fs49.mkdirSync(path50.dirname(credPath), { recursive: true });
   const profileName = options.profile || "default";
   let existingCreds = {};
   try {
-    if (fs48.existsSync(credPath)) {
-      const raw = JSON.parse(fs48.readFileSync(credPath, "utf-8"));
+    if (fs49.existsSync(credPath)) {
+      const raw = JSON.parse(fs49.readFileSync(credPath, "utf-8"));
       if (raw.apiKey) {
         existingCreds = {
           default: { apiKey: raw.apiKey, apiUrl: raw.apiUrl || DEFAULT_API_URL2 }
@@ -23485,13 +23669,14 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
   } catch {
   }
   existingCreds[profileName] = { apiKey, apiUrl: DEFAULT_API_URL2 };
-  fs48.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
+  fs49.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
+  let effectiveCloud = null;
   if (profileName === "default") {
-    const configPath = path49.join(os43.homedir(), ".node9", "config.json");
+    const configPath = path50.join(os44.homedir(), ".node9", "config.json");
     let config = {};
     try {
-      if (fs48.existsSync(configPath))
-        config = JSON.parse(fs48.readFileSync(configPath, "utf-8"));
+      if (fs49.existsSync(configPath))
+        config = JSON.parse(fs49.readFileSync(configPath, "utf-8"));
     } catch {
     }
     if (!config.settings || typeof config.settings !== "object") config.settings = {};
@@ -23506,16 +23691,25 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
       approvers.cloud = false;
     }
     s.approvers = approvers;
-    if (!fs48.existsSync(path49.dirname(configPath)))
-      fs48.mkdirSync(path49.dirname(configPath), { recursive: true });
-    fs48.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
+    if (!fs49.existsSync(path50.dirname(configPath)))
+      fs49.mkdirSync(path50.dirname(configPath), { recursive: true });
+    fs49.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
+    effectiveCloud = approvers.cloud === true;
   }
   if (options.profile && profileName !== "default") {
     console.log(chalk30.green(`\u2705 Profile "${profileName}" saved`));
     console.log(chalk30.gray(`   Switch to it per-session:  NODE9_PROFILE=${profileName} claude`));
-  } else if (options.local) {
-    console.log(chalk30.green(`\u2705 Privacy mode \u{1F6E1}\uFE0F`));
-    console.log(chalk30.gray(`   All decisions stay on this machine.`));
+  } else if (options.local || effectiveCloud === false) {
+    console.log(chalk30.green(`\u2705 Key saved \u2014 Privacy mode \u{1F6E1}\uFE0F`));
+    console.log(chalk30.gray(`   All decisions stay on this machine. Nothing syncs to the cloud.`));
+    if (!options.local) {
+      console.log(
+        chalk30.yellow(`   Your config has cloud approvals OFF (settings.approvers.cloud).`)
+      );
+      console.log(
+        chalk30.gray(`   To enable team policy + dashboard sync: set it to true, or re-init.`)
+      );
+    }
   } else {
     console.log(chalk30.green(`\u2705 Logged in \u2014 agent mode`));
     console.log(chalk30.gray(`   Team policy enforced for all calls via Node9 cloud.`));
@@ -23658,15 +23852,15 @@ program.command("uninstall").description("Remove all Node9 hooks and optionally
     }
   }
   if (options.purge) {
-    const node9Dir = path49.join(os43.homedir(), ".node9");
-    if (fs48.existsSync(node9Dir)) {
+    const node9Dir = path50.join(os44.homedir(), ".node9");
+    if (fs49.existsSync(node9Dir)) {
       const confirmed = await confirm2({
         message: `Permanently delete ${node9Dir} (config, audit log, credentials)?`,
         default: false
       });
       if (confirmed) {
-        fs48.rmSync(node9Dir, { recursive: true });
-        if (fs48.existsSync(node9Dir)) {
+        fs49.rmSync(node9Dir, { recursive: true });
+        if (fs49.existsSync(node9Dir)) {
           console.error(
             chalk30.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
           );
@@ -23781,7 +23975,7 @@ program.command("tail").description("Stream live agent activity to the terminal"
 });
 program.command("monitor").description("Live interactive dashboard \u2014 activity feed, approvals, security signals").action(async () => {
   try {
-    const dashboardPath = path49.join(__dirname, "dashboard.mjs");
+    const dashboardPath = path50.join(__dirname, "dashboard.mjs");
     const dynamicImport = new Function("id", "return import(id)");
     const mod = await dynamicImport(`file://${dashboardPath}`);
     await mod.startMonitor();
@@ -23819,14 +24013,14 @@ Claude Code spawns this command every ~300ms and writes a JSON payload to stdin.
 Run "node9 addto claude" to register it as the statusLine.`
 ).argument("[subcommand]", 'Optional: "debug on" / "debug off" to toggle stdin logging').argument("[state]", 'on|off \u2014 used with "debug" subcommand').action(async (subcommand, state) => {
   if (subcommand === "debug") {
-    const flagFile = path49.join(os43.homedir(), ".node9", "hud-debug");
+    const flagFile = path50.join(os44.homedir(), ".node9", "hud-debug");
     if (state === "on") {
-      fs48.mkdirSync(path49.dirname(flagFile), { recursive: true });
-      fs48.writeFileSync(flagFile, "");
+      fs49.mkdirSync(path50.dirname(flagFile), { recursive: true });
+      fs49.writeFileSync(flagFile, "");
       console.log("HUD debug logging enabled \u2192 ~/.node9/hud-debug.log");
       console.log("Tail it with: tail -f ~/.node9/hud-debug.log");
     } else if (state === "off") {
-      if (fs48.existsSync(flagFile)) fs48.unlinkSync(flagFile);
+      if (fs49.existsSync(flagFile)) fs49.unlinkSync(flagFile);
       console.log("HUD debug logging disabled.");
     } else {
       console.error("Usage: node9 hud debug on|off");
@@ -23943,9 +24137,9 @@ if (process.argv[2] !== "daemon") {
     const isCheckHook = process.argv[2] === "check";
     if (isCheckHook) {
       if (process.env.NODE9_DEBUG === "1" || getConfig().settings.enableHookLogDebug) {
-        const logPath = path49.join(os43.homedir(), ".node9", "hook-debug.log");
+        const logPath = path50.join(os44.homedir(), ".node9", "hook-debug.log");
         const msg = reason instanceof Error ? reason.message : String(reason);
-        fs48.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
+        fs49.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
 `);
       }
       process.exit(0);