@node9/proxy 1.3.2 → 1.4.0

package/dist/index.js

@@ -191,8 +191,8 @@ function sanitizeConfig(raw) {
     }
   }
   const lines = result.error.issues.map((issue) => {
-    const path13 = issue.path.length > 0 ? issue.path.join(".") : "root";
-    return `  \u2022 ${path13}: ${issue.message}`;
+    const path14 = issue.path.length > 0 ? issue.path.join(".") : "root";
+    return `  \u2022 ${path14}: ${issue.message}`;
   });
   return {
     sanitized,
@@ -922,7 +922,7 @@ function getCompiledRegex(pattern, flags = "") {
 }
 
 // src/policy/index.ts
-var import_path7 = __toESM(require("path"));
+var import_path8 = __toESM(require("path"));
 var import_picomatch = __toESM(require("picomatch"));
 var import_sh_syntax = require("sh-syntax");
 
@@ -1476,6 +1476,37 @@ function extractAllSshHosts(tokens) {
   return [...hosts].filter(Boolean);
 }
 
+// src/auth/trusted-hosts.ts
+var import_fs6 = __toESM(require("fs"));
+var import_path7 = __toESM(require("path"));
+var import_os5 = __toESM(require("os"));
+function getTrustedHostsPath() {
+  return import_path7.default.join(import_os5.default.homedir(), ".node9", "trusted-hosts.json");
+}
+function readTrustedHosts() {
+  try {
+    const raw = import_fs6.default.readFileSync(getTrustedHostsPath(), "utf8");
+    const parsed = JSON.parse(raw);
+    return Array.isArray(parsed.hosts) ? parsed.hosts : [];
+  } catch {
+    return [];
+  }
+}
+function normalizeHost(raw) {
+  return raw.toLowerCase().replace(/^https?:\/\//, "").replace(/\/.*$/, "").replace(/^[^@]+@/, "").replace(/:\d+$/, "");
+}
+function isTrustedHost(host) {
+  const normalized = normalizeHost(host);
+  return readTrustedHosts().some((entry) => {
+    const entryHost = entry.host.toLowerCase();
+    if (entryHost.startsWith("*.")) {
+      const domain = entryHost.slice(2);
+      return normalized === domain || normalized.endsWith("." + domain);
+    }
+    return normalized === entryHost;
+  });
+}
+
 // src/policy/index.ts
 function tokenize2(toolName) {
   return toolName.toLowerCase().split(/[_.\-\s]+/).filter(Boolean);
@@ -1490,9 +1521,9 @@ function matchesPattern(text, patterns) {
   const withoutDotSlash = text.replace(/^\.\//, "");
   return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
 }
-function getNestedValue(obj, path13) {
+function getNestedValue(obj, path14) {
   if (!obj || typeof obj !== "object") return null;
-  return path13.split(".").reduce((prev, curr) => prev?.[curr], obj);
+  return path14.split(".").reduce((prev, curr) => prev?.[curr], obj);
 }
 function evaluateSmartConditions(args, rule) {
   if (!rule.conditions || rule.conditions.length === 0) return true;
@@ -1647,23 +1678,34 @@ async function evaluatePolicy(toolName, args, agent, cwd) {
       return { decision: "review", blockedByLabel: "Node9 Standard (Inline Execution)", tier: 3 };
     }
     const pipeAnalysis = analyzePipeChain(shellCommand);
-    if (pipeAnalysis.isPipeline) {
+    if (pipeAnalysis.isPipeline && (pipeAnalysis.risk === "critical" || pipeAnalysis.risk === "high")) {
+      const sinks = pipeAnalysis.sinkTargets;
+      const allTrusted = sinks.length > 0 && sinks.every(isTrustedHost);
       if (pipeAnalysis.risk === "critical") {
+        if (allTrusted) {
+          return {
+            decision: "review",
+            blockedByLabel: "Node9: Pipe-Chain to Trusted Host (obfuscated)",
+            reason: `Obfuscated pipe to trusted host(s): ${sinks.join(", ")} \u2014 requires approval`,
+            tier: 3
+          };
+        }
         return {
           decision: "block",
           blockedByLabel: "Node9: Pipe-Chain Exfiltration (critical)",
-          reason: `Sensitive file piped through obfuscator to network sink: ${pipeAnalysis.sourceFiles.join(", ")} \u2192 ${pipeAnalysis.sinkTargets.join(", ")}`,
+          reason: `Sensitive file piped through obfuscator to network sink: ${pipeAnalysis.sourceFiles.join(", ")} \u2192 ${sinks.join(", ")}`,
           tier: 3
         };
       }
-      if (pipeAnalysis.risk === "high") {
-        return {
-          decision: "review",
-          blockedByLabel: "Node9: Pipe-Chain Exfiltration (high)",
-          reason: `Sensitive file piped to network sink: ${pipeAnalysis.sourceFiles.join(", ")} \u2192 ${pipeAnalysis.sinkTargets.join(", ")}`,
-          tier: 3
-        };
+      if (allTrusted) {
+        return { decision: "allow" };
       }
+      return {
+        decision: "review",
+        blockedByLabel: "Node9: Pipe-Chain Exfiltration (high)",
+        reason: `Sensitive file piped to network sink: ${pipeAnalysis.sourceFiles.join(", ")} \u2192 ${sinks.join(", ")}`,
+        tier: 3
+      };
     }
     const firstToken = analyzed.actions[0] ?? "";
     if (["ssh", "scp", "rsync"].includes(firstToken)) {
@@ -1671,7 +1713,7 @@ async function evaluatePolicy(toolName, args, agent, cwd) {
       const sshHosts = extractAllSshHosts(rawTokens.slice(1));
       allTokens.push(...sshHosts);
     }
-    if (firstToken && import_path7.default.posix.isAbsolute(firstToken)) {
+    if (firstToken && import_path8.default.posix.isAbsolute(firstToken)) {
       const prov = checkProvenance(firstToken, cwd);
       if (prov.trustLevel === "suspect") {
         return {
@@ -1772,18 +1814,18 @@ function isIgnoredTool(toolName) {
 }
 
 // src/auth/state.ts
-var import_fs6 = __toESM(require("fs"));
-var import_path8 = __toESM(require("path"));
-var import_os5 = __toESM(require("os"));
-var PAUSED_FILE = import_path8.default.join(import_os5.default.homedir(), ".node9", "PAUSED");
-var TRUST_FILE = import_path8.default.join(import_os5.default.homedir(), ".node9", "trust.json");
+var import_fs7 = __toESM(require("fs"));
+var import_path9 = __toESM(require("path"));
+var import_os6 = __toESM(require("os"));
+var PAUSED_FILE = import_path9.default.join(import_os6.default.homedir(), ".node9", "PAUSED");
+var TRUST_FILE = import_path9.default.join(import_os6.default.homedir(), ".node9", "trust.json");
 function checkPause() {
   try {
-    if (!import_fs6.default.existsSync(PAUSED_FILE)) return { paused: false };
-    const state = JSON.parse(import_fs6.default.readFileSync(PAUSED_FILE, "utf-8"));
+    if (!import_fs7.default.existsSync(PAUSED_FILE)) return { paused: false };
+    const state = JSON.parse(import_fs7.default.readFileSync(PAUSED_FILE, "utf-8"));
     if (state.expiry > 0 && Date.now() >= state.expiry) {
       try {
-        import_fs6.default.unlinkSync(PAUSED_FILE);
+        import_fs7.default.unlinkSync(PAUSED_FILE);
       } catch {
       }
       return { paused: false };
@@ -1794,20 +1836,20 @@ function checkPause() {
   }
 }
 function atomicWriteSync(filePath, data, options) {
-  const dir = import_path8.default.dirname(filePath);
-  if (!import_fs6.default.existsSync(dir)) import_fs6.default.mkdirSync(dir, { recursive: true });
-  const tmpPath = `${filePath}.${import_os5.default.hostname()}.${process.pid}.tmp`;
-  import_fs6.default.writeFileSync(tmpPath, data, options);
-  import_fs6.default.renameSync(tmpPath, filePath);
+  const dir = import_path9.default.dirname(filePath);
+  if (!import_fs7.default.existsSync(dir)) import_fs7.default.mkdirSync(dir, { recursive: true });
+  const tmpPath = `${filePath}.${import_os6.default.hostname()}.${process.pid}.tmp`;
+  import_fs7.default.writeFileSync(tmpPath, data, options);
+  import_fs7.default.renameSync(tmpPath, filePath);
 }
 function getActiveTrustSession(toolName) {
   try {
-    if (!import_fs6.default.existsSync(TRUST_FILE)) return false;
-    const trust = JSON.parse(import_fs6.default.readFileSync(TRUST_FILE, "utf-8"));
+    if (!import_fs7.default.existsSync(TRUST_FILE)) return false;
+    const trust = JSON.parse(import_fs7.default.readFileSync(TRUST_FILE, "utf-8"));
     const now = Date.now();
     const active = trust.entries.filter((e) => e.expiry > now);
     if (active.length !== trust.entries.length) {
-      import_fs6.default.writeFileSync(TRUST_FILE, JSON.stringify({ entries: active }, null, 2));
+      import_fs7.default.writeFileSync(TRUST_FILE, JSON.stringify({ entries: active }, null, 2));
     }
     return active.some((e) => e.tool === toolName || matchesPattern(toolName, e.tool));
   } catch {
@@ -1818,8 +1860,8 @@ function writeTrustSession(toolName, durationMs) {
   try {
     let trust = { entries: [] };
     try {
-      if (import_fs6.default.existsSync(TRUST_FILE)) {
-        trust = JSON.parse(import_fs6.default.readFileSync(TRUST_FILE, "utf-8"));
+      if (import_fs7.default.existsSync(TRUST_FILE)) {
+        trust = JSON.parse(import_fs7.default.readFileSync(TRUST_FILE, "utf-8"));
       }
     } catch {
     }
@@ -1835,9 +1877,9 @@ function writeTrustSession(toolName, durationMs) {
 }
 function getPersistentDecision(toolName) {
   try {
-    const file = import_path8.default.join(import_os5.default.homedir(), ".node9", "decisions.json");
-    if (!import_fs6.default.existsSync(file)) return null;
-    const decisions = JSON.parse(import_fs6.default.readFileSync(file, "utf-8"));
+    const file = import_path9.default.join(import_os6.default.homedir(), ".node9", "decisions.json");
+    if (!import_fs7.default.existsSync(file)) return null;
+    const decisions = JSON.parse(import_fs7.default.readFileSync(file, "utf-8"));
     const d = decisions[toolName];
     if (d === "allow" || d === "deny") return d;
   } catch {
@@ -1846,17 +1888,17 @@ function getPersistentDecision(toolName) {
 }
 
 // src/auth/daemon.ts
-var import_fs7 = __toESM(require("fs"));
-var import_path9 = __toESM(require("path"));
-var import_os6 = __toESM(require("os"));
+var import_fs8 = __toESM(require("fs"));
+var import_path10 = __toESM(require("path"));
+var import_os7 = __toESM(require("os"));
 var import_child_process = require("child_process");
 var DAEMON_PORT = 7391;
 var DAEMON_HOST = "127.0.0.1";
 function getInternalToken() {
   try {
-    const pidFile = import_path9.default.join(import_os6.default.homedir(), ".node9", "daemon.pid");
-    if (!import_fs7.default.existsSync(pidFile)) return null;
-    const data = JSON.parse(import_fs7.default.readFileSync(pidFile, "utf-8"));
+    const pidFile = import_path10.default.join(import_os7.default.homedir(), ".node9", "daemon.pid");
+    if (!import_fs8.default.existsSync(pidFile)) return null;
+    const data = JSON.parse(import_fs8.default.readFileSync(pidFile, "utf-8"));
     process.kill(data.pid, 0);
     return data.internalToken ?? null;
   } catch {
@@ -1864,10 +1906,10 @@ function getInternalToken() {
   }
 }
 function isDaemonRunning() {
-  const pidFile = import_path9.default.join(import_os6.default.homedir(), ".node9", "daemon.pid");
-  if (import_fs7.default.existsSync(pidFile)) {
+  const pidFile = import_path10.default.join(import_os7.default.homedir(), ".node9", "daemon.pid");
+  if (import_fs8.default.existsSync(pidFile)) {
     try {
-      const { pid, port } = JSON.parse(import_fs7.default.readFileSync(pidFile, "utf-8"));
+      const { pid, port } = JSON.parse(import_fs8.default.readFileSync(pidFile, "utf-8"));
       if (port !== DAEMON_PORT) return false;
       process.kill(pid, 0);
       return true;
@@ -1963,16 +2005,16 @@ async function resolveViaDaemon(id, decision, internalToken) {
 
 // src/auth/orchestrator.ts
 var import_net = __toESM(require("net"));
-var import_path12 = __toESM(require("path"));
-var import_os8 = __toESM(require("os"));
+var import_path13 = __toESM(require("path"));
+var import_os9 = __toESM(require("os"));
 var import_crypto = require("crypto");
 
 // src/ui/native.ts
 var import_child_process2 = require("child_process");
-var import_path11 = __toESM(require("path"));
+var import_path12 = __toESM(require("path"));
 
 // src/context-sniper.ts
-var import_path10 = __toESM(require("path"));
+var import_path11 = __toESM(require("path"));
 function smartTruncate(str, maxLen = 500) {
   if (str.length <= maxLen) return str;
   const edge = Math.floor(maxLen / 2) - 3;
@@ -2040,7 +2082,7 @@ function computeRiskMetadata(args, tier, blockedByLabel, matchedField, matchedWo
       intent = "EDIT";
       if (obj.file_path) {
         editFilePath = String(obj.file_path);
-        editFileName = import_path10.default.basename(editFilePath);
+        editFileName = import_path11.default.basename(editFilePath);
       }
       const result = extractContext(String(obj.new_string), matchedWord);
       contextSnippet = result.snippet;
@@ -2095,7 +2137,7 @@ function formatArgs(args, matchedField, matchedWord) {
   if (typeof parsed === "object" && !Array.isArray(parsed)) {
     const obj = parsed;
     if (obj.old_string !== void 0 && obj.new_string !== void 0) {
-      const file = obj.file_path ? import_path11.default.basename(String(obj.file_path)) : "file";
+      const file = obj.file_path ? import_path12.default.basename(String(obj.file_path)) : "file";
       const oldPreview = smartTruncate(String(obj.old_string), 120);
       const newPreview = extractContext(String(obj.new_string), matchedWord).snippet;
       return {
@@ -2270,8 +2312,8 @@ end run`;
 }
 
 // src/auth/cloud.ts
-var import_fs8 = __toESM(require("fs"));
-var import_os7 = __toESM(require("os"));
+var import_fs9 = __toESM(require("fs"));
+var import_os8 = __toESM(require("os"));
 function auditLocalAllow(toolName, args, checkedBy, creds, meta) {
   return fetch(`${creds.apiUrl}/audit`, {
     method: "POST",
@@ -2283,9 +2325,9 @@ function auditLocalAllow(toolName, args, checkedBy, creds, meta) {
       context: {
         agent: meta?.agent,
         mcpServer: meta?.mcpServer,
-        hostname: import_os7.default.hostname(),
+        hostname: import_os8.default.hostname(),
         cwd: process.cwd(),
-        platform: import_os7.default.platform()
+        platform: import_os8.default.platform()
       }
     }),
     signal: AbortSignal.timeout(5e3)
@@ -2306,9 +2348,9 @@ async function initNode9SaaS(toolName, args, creds, meta, riskMetadata) {
         context: {
           agent: meta?.agent,
           mcpServer: meta?.mcpServer,
-          hostname: import_os7.default.hostname(),
+          hostname: import_os8.default.hostname(),
           cwd: process.cwd(),
-          platform: import_os7.default.platform()
+          platform: import_os8.default.platform()
         },
         ...riskMetadata && { riskMetadata }
       }),
@@ -2364,14 +2406,14 @@ async function resolveNode9SaaS(requestId, creds, approved, decidedBy) {
     });
     clearTimeout(timer);
     if (!res.ok) {
-      import_fs8.default.appendFileSync(
+      import_fs9.default.appendFileSync(
         HOOK_DEBUG_LOG,
         `[resolve-cloud] PATCH ${resolveUrl} \u2192 HTTP ${res.status}
 `
       );
     }
   } catch (err) {
-    import_fs8.default.appendFileSync(
+    import_fs9.default.appendFileSync(
       HOOK_DEBUG_LOG,
       `[resolve-cloud] PATCH failed for ${requestId}: ${err.message}
 `
@@ -2380,7 +2422,7 @@ async function resolveNode9SaaS(requestId, creds, approved, decidedBy) {
 }
 
 // src/auth/orchestrator.ts
-var ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path12.default.join(import_os8.default.tmpdir(), "node9-activity.sock");
+var ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path13.default.join(import_os9.default.tmpdir(), "node9-activity.sock");
 function notifyActivity(data) {
   return new Promise((resolve) => {
     try {

package/dist/index.mjs

@@ -155,8 +155,8 @@ function sanitizeConfig(raw) {
     }
   }
   const lines = result.error.issues.map((issue) => {
-    const path13 = issue.path.length > 0 ? issue.path.join(".") : "root";
-    return `  \u2022 ${path13}: ${issue.message}`;
+    const path14 = issue.path.length > 0 ? issue.path.join(".") : "root";
+    return `  \u2022 ${path14}: ${issue.message}`;
   });
   return {
     sanitized,
@@ -886,7 +886,7 @@ function getCompiledRegex(pattern, flags = "") {
 }
 
 // src/policy/index.ts
-import path7 from "path";
+import path8 from "path";
 import pm from "picomatch";
 import { parse } from "sh-syntax";
 
@@ -1440,6 +1440,37 @@ function extractAllSshHosts(tokens) {
   return [...hosts].filter(Boolean);
 }
 
+// src/auth/trusted-hosts.ts
+import fs6 from "fs";
+import path7 from "path";
+import os5 from "os";
+function getTrustedHostsPath() {
+  return path7.join(os5.homedir(), ".node9", "trusted-hosts.json");
+}
+function readTrustedHosts() {
+  try {
+    const raw = fs6.readFileSync(getTrustedHostsPath(), "utf8");
+    const parsed = JSON.parse(raw);
+    return Array.isArray(parsed.hosts) ? parsed.hosts : [];
+  } catch {
+    return [];
+  }
+}
+function normalizeHost(raw) {
+  return raw.toLowerCase().replace(/^https?:\/\//, "").replace(/\/.*$/, "").replace(/^[^@]+@/, "").replace(/:\d+$/, "");
+}
+function isTrustedHost(host) {
+  const normalized = normalizeHost(host);
+  return readTrustedHosts().some((entry) => {
+    const entryHost = entry.host.toLowerCase();
+    if (entryHost.startsWith("*.")) {
+      const domain = entryHost.slice(2);
+      return normalized === domain || normalized.endsWith("." + domain);
+    }
+    return normalized === entryHost;
+  });
+}
+
 // src/policy/index.ts
 function tokenize2(toolName) {
   return toolName.toLowerCase().split(/[_.\-\s]+/).filter(Boolean);
@@ -1454,9 +1485,9 @@ function matchesPattern(text, patterns) {
   const withoutDotSlash = text.replace(/^\.\//, "");
   return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
 }
-function getNestedValue(obj, path13) {
+function getNestedValue(obj, path14) {
   if (!obj || typeof obj !== "object") return null;
-  return path13.split(".").reduce((prev, curr) => prev?.[curr], obj);
+  return path14.split(".").reduce((prev, curr) => prev?.[curr], obj);
 }
 function evaluateSmartConditions(args, rule) {
   if (!rule.conditions || rule.conditions.length === 0) return true;
@@ -1611,23 +1642,34 @@ async function evaluatePolicy(toolName, args, agent, cwd) {
       return { decision: "review", blockedByLabel: "Node9 Standard (Inline Execution)", tier: 3 };
     }
     const pipeAnalysis = analyzePipeChain(shellCommand);
-    if (pipeAnalysis.isPipeline) {
+    if (pipeAnalysis.isPipeline && (pipeAnalysis.risk === "critical" || pipeAnalysis.risk === "high")) {
+      const sinks = pipeAnalysis.sinkTargets;
+      const allTrusted = sinks.length > 0 && sinks.every(isTrustedHost);
       if (pipeAnalysis.risk === "critical") {
+        if (allTrusted) {
+          return {
+            decision: "review",
+            blockedByLabel: "Node9: Pipe-Chain to Trusted Host (obfuscated)",
+            reason: `Obfuscated pipe to trusted host(s): ${sinks.join(", ")} \u2014 requires approval`,
+            tier: 3
+          };
+        }
         return {
           decision: "block",
           blockedByLabel: "Node9: Pipe-Chain Exfiltration (critical)",
-          reason: `Sensitive file piped through obfuscator to network sink: ${pipeAnalysis.sourceFiles.join(", ")} \u2192 ${pipeAnalysis.sinkTargets.join(", ")}`,
+          reason: `Sensitive file piped through obfuscator to network sink: ${pipeAnalysis.sourceFiles.join(", ")} \u2192 ${sinks.join(", ")}`,
           tier: 3
         };
       }
-      if (pipeAnalysis.risk === "high") {
-        return {
-          decision: "review",
-          blockedByLabel: "Node9: Pipe-Chain Exfiltration (high)",
-          reason: `Sensitive file piped to network sink: ${pipeAnalysis.sourceFiles.join(", ")} \u2192 ${pipeAnalysis.sinkTargets.join(", ")}`,
-          tier: 3
-        };
+      if (allTrusted) {
+        return { decision: "allow" };
       }
+      return {
+        decision: "review",
+        blockedByLabel: "Node9: Pipe-Chain Exfiltration (high)",
+        reason: `Sensitive file piped to network sink: ${pipeAnalysis.sourceFiles.join(", ")} \u2192 ${sinks.join(", ")}`,
+        tier: 3
+      };
     }
     const firstToken = analyzed.actions[0] ?? "";
     if (["ssh", "scp", "rsync"].includes(firstToken)) {
@@ -1635,7 +1677,7 @@ async function evaluatePolicy(toolName, args, agent, cwd) {
       const sshHosts = extractAllSshHosts(rawTokens.slice(1));
       allTokens.push(...sshHosts);
     }
-    if (firstToken && path7.posix.isAbsolute(firstToken)) {
+    if (firstToken && path8.posix.isAbsolute(firstToken)) {
       const prov = checkProvenance(firstToken, cwd);
       if (prov.trustLevel === "suspect") {
         return {
@@ -1736,18 +1778,18 @@ function isIgnoredTool(toolName) {
 }
 
 // src/auth/state.ts
-import fs6 from "fs";
-import path8 from "path";
-import os5 from "os";
-var PAUSED_FILE = path8.join(os5.homedir(), ".node9", "PAUSED");
-var TRUST_FILE = path8.join(os5.homedir(), ".node9", "trust.json");
+import fs7 from "fs";
+import path9 from "path";
+import os6 from "os";
+var PAUSED_FILE = path9.join(os6.homedir(), ".node9", "PAUSED");
+var TRUST_FILE = path9.join(os6.homedir(), ".node9", "trust.json");
 function checkPause() {
   try {
-    if (!fs6.existsSync(PAUSED_FILE)) return { paused: false };
-    const state = JSON.parse(fs6.readFileSync(PAUSED_FILE, "utf-8"));
+    if (!fs7.existsSync(PAUSED_FILE)) return { paused: false };
+    const state = JSON.parse(fs7.readFileSync(PAUSED_FILE, "utf-8"));
     if (state.expiry > 0 && Date.now() >= state.expiry) {
       try {
-        fs6.unlinkSync(PAUSED_FILE);
+        fs7.unlinkSync(PAUSED_FILE);
       } catch {
       }
       return { paused: false };
@@ -1758,20 +1800,20 @@ function checkPause() {
   }
 }
 function atomicWriteSync(filePath, data, options) {
-  const dir = path8.dirname(filePath);
-  if (!fs6.existsSync(dir)) fs6.mkdirSync(dir, { recursive: true });
-  const tmpPath = `${filePath}.${os5.hostname()}.${process.pid}.tmp`;
-  fs6.writeFileSync(tmpPath, data, options);
-  fs6.renameSync(tmpPath, filePath);
+  const dir = path9.dirname(filePath);
+  if (!fs7.existsSync(dir)) fs7.mkdirSync(dir, { recursive: true });
+  const tmpPath = `${filePath}.${os6.hostname()}.${process.pid}.tmp`;
+  fs7.writeFileSync(tmpPath, data, options);
+  fs7.renameSync(tmpPath, filePath);
 }
 function getActiveTrustSession(toolName) {
   try {
-    if (!fs6.existsSync(TRUST_FILE)) return false;
-    const trust = JSON.parse(fs6.readFileSync(TRUST_FILE, "utf-8"));
+    if (!fs7.existsSync(TRUST_FILE)) return false;
+    const trust = JSON.parse(fs7.readFileSync(TRUST_FILE, "utf-8"));
     const now = Date.now();
     const active = trust.entries.filter((e) => e.expiry > now);
     if (active.length !== trust.entries.length) {
-      fs6.writeFileSync(TRUST_FILE, JSON.stringify({ entries: active }, null, 2));
+      fs7.writeFileSync(TRUST_FILE, JSON.stringify({ entries: active }, null, 2));
     }
     return active.some((e) => e.tool === toolName || matchesPattern(toolName, e.tool));
   } catch {
@@ -1782,8 +1824,8 @@ function writeTrustSession(toolName, durationMs) {
   try {
     let trust = { entries: [] };
     try {
-      if (fs6.existsSync(TRUST_FILE)) {
-        trust = JSON.parse(fs6.readFileSync(TRUST_FILE, "utf-8"));
+      if (fs7.existsSync(TRUST_FILE)) {
+        trust = JSON.parse(fs7.readFileSync(TRUST_FILE, "utf-8"));
       }
     } catch {
     }
@@ -1799,9 +1841,9 @@ function writeTrustSession(toolName, durationMs) {
 }
 function getPersistentDecision(toolName) {
   try {
-    const file = path8.join(os5.homedir(), ".node9", "decisions.json");
-    if (!fs6.existsSync(file)) return null;
-    const decisions = JSON.parse(fs6.readFileSync(file, "utf-8"));
+    const file = path9.join(os6.homedir(), ".node9", "decisions.json");
+    if (!fs7.existsSync(file)) return null;
+    const decisions = JSON.parse(fs7.readFileSync(file, "utf-8"));
     const d = decisions[toolName];
     if (d === "allow" || d === "deny") return d;
   } catch {
@@ -1810,17 +1852,17 @@ function getPersistentDecision(toolName) {
 }
 
 // src/auth/daemon.ts
-import fs7 from "fs";
-import path9 from "path";
-import os6 from "os";
+import fs8 from "fs";
+import path10 from "path";
+import os7 from "os";
 import { spawnSync } from "child_process";
 var DAEMON_PORT = 7391;
 var DAEMON_HOST = "127.0.0.1";
 function getInternalToken() {
   try {
-    const pidFile = path9.join(os6.homedir(), ".node9", "daemon.pid");
-    if (!fs7.existsSync(pidFile)) return null;
-    const data = JSON.parse(fs7.readFileSync(pidFile, "utf-8"));
+    const pidFile = path10.join(os7.homedir(), ".node9", "daemon.pid");
+    if (!fs8.existsSync(pidFile)) return null;
+    const data = JSON.parse(fs8.readFileSync(pidFile, "utf-8"));
     process.kill(data.pid, 0);
     return data.internalToken ?? null;
   } catch {
@@ -1828,10 +1870,10 @@ function getInternalToken() {
   }
 }
 function isDaemonRunning() {
-  const pidFile = path9.join(os6.homedir(), ".node9", "daemon.pid");
-  if (fs7.existsSync(pidFile)) {
+  const pidFile = path10.join(os7.homedir(), ".node9", "daemon.pid");
+  if (fs8.existsSync(pidFile)) {
     try {
-      const { pid, port } = JSON.parse(fs7.readFileSync(pidFile, "utf-8"));
+      const { pid, port } = JSON.parse(fs8.readFileSync(pidFile, "utf-8"));
       if (port !== DAEMON_PORT) return false;
       process.kill(pid, 0);
       return true;
@@ -1927,16 +1969,16 @@ async function resolveViaDaemon(id, decision, internalToken) {
 
 // src/auth/orchestrator.ts
 import net from "net";
-import path12 from "path";
-import os8 from "os";
+import path13 from "path";
+import os9 from "os";
 import { randomUUID } from "crypto";
 
 // src/ui/native.ts
 import { spawn } from "child_process";
-import path11 from "path";
+import path12 from "path";
 
 // src/context-sniper.ts
-import path10 from "path";
+import path11 from "path";
 function smartTruncate(str, maxLen = 500) {
   if (str.length <= maxLen) return str;
   const edge = Math.floor(maxLen / 2) - 3;
@@ -2004,7 +2046,7 @@ function computeRiskMetadata(args, tier, blockedByLabel, matchedField, matchedWo
       intent = "EDIT";
       if (obj.file_path) {
         editFilePath = String(obj.file_path);
-        editFileName = path10.basename(editFilePath);
+        editFileName = path11.basename(editFilePath);
       }
       const result = extractContext(String(obj.new_string), matchedWord);
       contextSnippet = result.snippet;
@@ -2059,7 +2101,7 @@ function formatArgs(args, matchedField, matchedWord) {
   if (typeof parsed === "object" && !Array.isArray(parsed)) {
     const obj = parsed;
     if (obj.old_string !== void 0 && obj.new_string !== void 0) {
-      const file = obj.file_path ? path11.basename(String(obj.file_path)) : "file";
+      const file = obj.file_path ? path12.basename(String(obj.file_path)) : "file";
       const oldPreview = smartTruncate(String(obj.old_string), 120);
       const newPreview = extractContext(String(obj.new_string), matchedWord).snippet;
       return {
@@ -2234,8 +2276,8 @@ end run`;
 }
 
 // src/auth/cloud.ts
-import fs8 from "fs";
-import os7 from "os";
+import fs9 from "fs";
+import os8 from "os";
 function auditLocalAllow(toolName, args, checkedBy, creds, meta) {
   return fetch(`${creds.apiUrl}/audit`, {
     method: "POST",
@@ -2247,9 +2289,9 @@ function auditLocalAllow(toolName, args, checkedBy, creds, meta) {
       context: {
         agent: meta?.agent,
         mcpServer: meta?.mcpServer,
-        hostname: os7.hostname(),
+        hostname: os8.hostname(),
         cwd: process.cwd(),
-        platform: os7.platform()
+        platform: os8.platform()
       }
     }),
     signal: AbortSignal.timeout(5e3)
@@ -2270,9 +2312,9 @@ async function initNode9SaaS(toolName, args, creds, meta, riskMetadata) {
         context: {
           agent: meta?.agent,
           mcpServer: meta?.mcpServer,
-          hostname: os7.hostname(),
+          hostname: os8.hostname(),
           cwd: process.cwd(),
-          platform: os7.platform()
+          platform: os8.platform()
         },
         ...riskMetadata && { riskMetadata }
       }),
@@ -2328,14 +2370,14 @@ async function resolveNode9SaaS(requestId, creds, approved, decidedBy) {
     });
     clearTimeout(timer);
     if (!res.ok) {
-      fs8.appendFileSync(
+      fs9.appendFileSync(
         HOOK_DEBUG_LOG,
         `[resolve-cloud] PATCH ${resolveUrl} \u2192 HTTP ${res.status}
 `
       );
     }
   } catch (err) {
-    fs8.appendFileSync(
+    fs9.appendFileSync(
       HOOK_DEBUG_LOG,
       `[resolve-cloud] PATCH failed for ${requestId}: ${err.message}
 `
@@ -2344,7 +2386,7 @@ async function resolveNode9SaaS(requestId, creds, approved, decidedBy) {
 }
 
 // src/auth/orchestrator.ts
-var ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path12.join(os8.tmpdir(), "node9-activity.sock");
+var ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path13.join(os9.tmpdir(), "node9-activity.sock");
 function notifyActivity(data) {
   return new Promise((resolve) => {
     try {