@node9/proxy 1.30.0 → 1.31.0

package/dist/cli.mjs

@@ -179,8 +179,8 @@ function sanitizeConfig(raw) {
     }
   }
   const lines = result.error.issues.map((issue) => {
-    const path51 = issue.path.length > 0 ? issue.path.join(".") : "root";
-    return `  \u2022 ${path51}: ${issue.message}`;
+    const path52 = issue.path.length > 0 ? issue.path.join(".") : "root";
+    return `  \u2022 ${path52}: ${issue.message}`;
   });
   return {
     sanitized,
@@ -286,7 +286,15 @@ var init_config_schema = __esm({
         }).optional(),
         dlp: z.object({
           enabled: z.boolean().optional(),
-          scanIgnoredTools: z.boolean().optional()
+          scanIgnoredTools: z.boolean().optional(),
+          pii: z.enum(["off", "block"]).optional()
+        }).optional(),
+        egress: z.object({
+          enabled: z.boolean().optional(),
+          mode: z.enum(["off", "review", "block"]).optional(),
+          allow: z.array(z.string()).optional(),
+          deny: z.array(z.string()).optional(),
+          allowPrivate: z.boolean().optional()
         }).optional(),
         loopDetection: z.object({
           enabled: z.boolean().optional(),
@@ -669,6 +677,116 @@ function extractLiteralArgs(callExpr) {
   }
   return { name, flags, paths };
 }
+function resolveWordLiteral(w) {
+  const parts = w?.Parts || [];
+  let s = "";
+  for (const p of parts) {
+    const t = syntax.NodeType(p);
+    if (t === "Lit") s += (p.Value ?? "").replace(/\\(.)/g, "$1");
+    else if (t === "SglQuoted") s += p.Value ?? "";
+    else if (t === "DblQuoted") {
+      const inner = p.Parts || [];
+      if (!inner.every((ip) => syntax.NodeType(ip) === "Lit")) return null;
+      s += inner.map((ip) => ip.Value ?? "").join("");
+    } else {
+      return null;
+    }
+  }
+  return s;
+}
+function parseDestHost(token) {
+  if (!token) return null;
+  let t = token.trim();
+  if (!t || t.startsWith("-")) return null;
+  if (/^[a-z][a-z0-9+.-]*:\/\//i.test(t)) {
+    try {
+      const h = new URL(t).hostname.toLowerCase();
+      return h || null;
+    } catch {
+      return null;
+    }
+  }
+  const at = t.lastIndexOf("@");
+  if (at >= 0) t = t.slice(at + 1);
+  t = t.split("/")[0];
+  t = t.replace(/:\d+$/, "");
+  t = t.split(":")[0];
+  t = t.toLowerCase();
+  if (t.length > 253) return null;
+  if (t === "localhost") return t;
+  if (/^[a-z0-9.-]+\.[a-z0-9.-]+$/.test(t)) return t;
+  return null;
+}
+function destTokensForBinary(binary, args) {
+  const valueFlags = VALUE_FLAGS[binary] ?? /* @__PURE__ */ new Set();
+  const positionals = [];
+  const urlFlagValues = [];
+  for (let i = 0; i < args.length; i++) {
+    const tok = args[i];
+    if (tok === null) continue;
+    if (tok.startsWith("-")) {
+      if (tok.startsWith("--url=")) {
+        urlFlagValues.push(tok.slice("--url=".length));
+        continue;
+      }
+      if (tok === "--url") {
+        const next = args[i + 1];
+        if (typeof next === "string") urlFlagValues.push(next);
+        i++;
+        continue;
+      }
+      if (tok.includes("=")) continue;
+      if (valueFlags.has(tok)) i++;
+      continue;
+    }
+    positionals.push(tok);
+  }
+  switch (binary) {
+    case "curl":
+    case "wget":
+      return [...urlFlagValues, ...positionals];
+    case "ssh":
+      return positionals.slice(0, 1);
+    case "scp":
+      return positionals.filter((p) => p.includes(":") || p.includes("@"));
+    case "nc":
+    case "ncat":
+    case "netcat":
+      return positionals.slice(0, 1);
+    default:
+      return [];
+  }
+}
+function extractShellDestinations(command) {
+  const f = parseShared(command);
+  if (f === PARSE_FAIL) return [];
+  const out = [];
+  const seen = /* @__PURE__ */ new Set();
+  try {
+    syntax.Walk(f, (node) => {
+      if (!node) return false;
+      const n = node;
+      if (syntax.NodeType(n) !== "CallExpr") return true;
+      const callArgs = n.Args || [];
+      if (callArgs.length === 0) return true;
+      const name = (resolveWordLiteral(callArgs[0]) || "").toLowerCase();
+      if (!NET_BINARIES.has(name)) return true;
+      const rest = callArgs.slice(1).map((a) => resolveWordLiteral(a));
+      for (const raw of destTokensForBinary(name, rest)) {
+        const host = parseDestHost(raw);
+        if (!host) continue;
+        const key = `${name}:${host}`;
+        if (seen.has(key)) continue;
+        seen.add(key);
+        out.push({ host, binary: name, raw });
+      }
+      return true;
+    });
+  } catch {
+    return out;
+  }
+  return out;
+}
 function analyzeFsOperation(command) {
   if (!FS_OP_PRESCREEN_RE.test(command)) return null;
   if (fsOpCache.has(command)) {
@@ -796,6 +914,64 @@ function analyzeShellCommand(command) {
   }
   return { actions, paths, allTokens };
 }
+function hostMatches(host, pattern) {
+  const h = host.toLowerCase();
+  const p = pattern.toLowerCase().trim();
+  if (!p) return false;
+  if (p === "*") return true;
+  if (p.startsWith("*.")) {
+    const suffix = p.slice(2);
+    return h === suffix || h.endsWith("." + suffix);
+  }
+  return h === p;
+}
+function matchesAny(host, patterns) {
+  for (const p of patterns) if (hostMatches(host, p)) return true;
+  return false;
+}
+function isPrivateHost(host) {
+  const h = host.toLowerCase();
+  if (h === "localhost" || h === "0.0.0.0") return true;
+  if (h.endsWith(".local") || h.endsWith(".internal") || h.endsWith(".localhost")) return true;
+  if (/^127\./.test(h)) return true;
+  if (/^10\./.test(h)) return true;
+  if (/^192\.168\./.test(h)) return true;
+  if (/^172\.(1[6-9]|2\d|3[01])\./.test(h)) return true;
+  return false;
+}
+function evaluateEgress(dests, policy) {
+  if (!policy.enabled) return null;
+  let review = null;
+  for (const d of dests) {
+    if (matchesAny(d.host, policy.deny)) {
+      return {
+        verdict: "block",
+        host: d.host,
+        binary: d.binary,
+        reason: `Egress to ${d.host} is on the deny list.`
+      };
+    }
+    if (policy.allowPrivate && isPrivateHost(d.host)) continue;
+    if (matchesAny(d.host, policy.allow) || matchesAny(d.host, DEFAULT_EGRESS_ALLOWLIST)) continue;
+    if (policy.mode === "block") {
+      return {
+        verdict: "block",
+        host: d.host,
+        binary: d.binary,
+        reason: `Egress to unknown host ${d.host} is blocked (egress policy: block).`
+      };
+    }
+    if (policy.mode === "review" && !review) {
+      review = {
+        verdict: "review",
+        host: d.host,
+        binary: d.binary,
+        reason: `${d.binary} is sending data to an unrecognized host (${d.host}). Approve this destination?`
+      };
+    }
+  }
+  return review;
+}
 function isSensitivePath(p) {
   return SENSITIVE_PATTERNS.some((re) => re.test(p));
 }
@@ -1023,9 +1199,9 @@ function matchesPattern(text, patterns) {
   const withoutDotSlash = text.replace(/^\.\//, "");
   return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
 }
-function getNestedValue(obj, path51) {
+function getNestedValue(obj, path52) {
   if (!obj || typeof obj !== "object") return null;
-  const segments = path51.split(".");
+  const segments = path52.split(".");
   for (const seg of segments) {
     if (FORBIDDEN_PATH_SEGMENTS.has(seg)) return null;
   }
@@ -1228,6 +1404,22 @@ async function evaluatePolicy(config, toolName, args, context = {}, hooks = {})
     }
     const ptVerdict = pipeChainVerdict(shellCommand, isTrustedHost2);
     if (ptVerdict) return ptVerdict;
+    if (config.policy.egress?.enabled) {
+      const dests = extractShellDestinations(shellCommand);
+      if (dests.length > 0) {
+        const eg = evaluateEgress(dests, config.policy.egress);
+        if (eg) {
+          return {
+            decision: eg.verdict,
+            blockedByLabel: eg.verdict === "block" ? "\u{1F310} Node9 Egress (Blocked)" : "\u{1F310} Node9 Egress (Review)",
+            reason: eg.reason,
+            ruleName: `egress:${eg.binary}:${eg.host}`,
+            ruleDescription: eg.reason,
+            tier: eg.verdict === "block" ? 3 : 4
+          };
+        }
+      }
+    }
     const firstToken = analyzed.actions[0] ?? "";
     if (["ssh", "scp", "rsync"].includes(firstToken)) {
       const rawTokens = shellCommand.trim().split(/\s+/);
@@ -1557,6 +1749,18 @@ function detectPii(text) {
   if (PII_CC_RE.test(text)) found.add("Credit Card");
   return [...found];
 }
+function detectArgsPii(args) {
+  if (args === null || args === void 0) return [];
+  let text;
+  try {
+    text = typeof args === "string" ? args : JSON.stringify(args);
+  } catch {
+    return [];
+  }
+  if (typeof text !== "string") return [];
+  if (text.length > MAX_PII_SCAN_BYTES) text = text.slice(0, MAX_PII_SCAN_BYTES);
+  return detectPii(text).filter((p) => REALTIME_PII_PATTERNS.includes(p));
+}
 function extractCanonicalFindings(call, ctx) {
   const out = [];
   const ts = call.timestamp;
@@ -1869,7 +2073,7 @@ function* stringValues(obj, depth = 0) {
   }
   for (const v of Object.values(obj)) yield* stringValues(v, depth + 1);
 }
-var ASSIGNMENT_CONTEXT_RE, DLP_STOPWORDS, DLP_PATTERNS, DLP_PATTERNS_GLOBAL, SENSITIVE_PATH_PATTERNS, MAX_DEPTH, MAX_STRING_BYTES, MAX_JSON_PARSE_BYTES, syntax, sharedParser, MESSAGE_FLAGS, SHELL_INTERPRETERS, DOWNLOAD_CMDS, NORMALIZE_CACHE_MAX, normalizeCache, AST_CACHE_MAX, astCache, PARSE_FAIL, FS_READ_TOOLS, FS_OP_PRESCREEN_RE, HOME_CACHE_ALLOWLIST, SENSITIVE_PATH_RULES, BASH_TOOL_NAMES, AST_FS_REGEX_RULES, FS_OP_CACHE_MAX, fsOpCache, SOURCE_COMMANDS, SINK_COMMANDS, OBFUSCATORS, SENSITIVE_PATTERNS, FLAGS_WITH_VALUES, MAX_REGEX_LENGTH, REGEX_CACHE_MAX, regexCache, FORBIDDEN_PATH_SEGMENTS, SQL_DML_KEYWORDS, aws_default, bash_safe_default, docker_default, filesystem_default, github_default, k8s_default, mongodb_default, postgres_default, project_jail_default, redis_default, BUILTIN_SHIELDS, LOOP_MAX_RECORDS, FINDING_TO_SIGNAL, SCAN_SIGNAL_WEIGHTS, LOOP_THRESHOLD_FOR_WASTE, COST_PER_LOOP_ITER_USD, DESTRUCTIVE_OP_RE, SENSITIVE_PATH_RE, FILE_TOOLS, PII_EMAIL_RE, PII_SSN_RE, PII_PHONE_RE, PII_CC_RE, LONG_OUTPUT_THRESHOLD_BYTES, CANONICAL_EXTRACTOR_VERSION, DEDUPE_PREVIEW_LEN, TERMINAL_ESCAPE_RE;
+var ASSIGNMENT_CONTEXT_RE, DLP_STOPWORDS, DLP_PATTERNS, DLP_PATTERNS_GLOBAL, SENSITIVE_PATH_PATTERNS, MAX_DEPTH, MAX_STRING_BYTES, MAX_JSON_PARSE_BYTES, syntax, sharedParser, MESSAGE_FLAGS, SHELL_INTERPRETERS, DOWNLOAD_CMDS, NORMALIZE_CACHE_MAX, normalizeCache, AST_CACHE_MAX, astCache, PARSE_FAIL, FS_READ_TOOLS, FS_OP_PRESCREEN_RE, HOME_CACHE_ALLOWLIST, SENSITIVE_PATH_RULES, BASH_TOOL_NAMES, AST_FS_REGEX_RULES, NET_BINARIES, VALUE_FLAGS, FS_OP_CACHE_MAX, fsOpCache, DEFAULT_EGRESS_ALLOWLIST, SOURCE_COMMANDS, SINK_COMMANDS, OBFUSCATORS, SENSITIVE_PATTERNS, FLAGS_WITH_VALUES, MAX_REGEX_LENGTH, REGEX_CACHE_MAX, regexCache, FORBIDDEN_PATH_SEGMENTS, SQL_DML_KEYWORDS, aws_default, bash_safe_default, docker_default, filesystem_default, github_default, k8s_default, mongodb_default, postgres_default, project_jail_default, redis_default, BUILTIN_SHIELDS, LOOP_MAX_RECORDS, FINDING_TO_SIGNAL, SCAN_SIGNAL_WEIGHTS, LOOP_THRESHOLD_FOR_WASTE, COST_PER_LOOP_ITER_USD, DESTRUCTIVE_OP_RE, SENSITIVE_PATH_RE, FILE_TOOLS, PII_EMAIL_RE, PII_SSN_RE, PII_PHONE_RE, PII_CC_RE, REALTIME_PII_PATTERNS, MAX_PII_SCAN_BYTES, LONG_OUTPUT_THRESHOLD_BYTES, CANONICAL_EXTRACTOR_VERSION, DEDUPE_PREVIEW_LEN, TERMINAL_ESCAPE_RE;
 var init_dist = __esm({
   "packages/policy-engine/dist/index.mjs"() {
     "use strict";
@@ -2483,8 +2687,112 @@ var init_dist = __esm({
       "shield:project-jail:block-read-env",
       "shield:project-jail:review-read-credentials"
     ]);
+    NET_BINARIES = /* @__PURE__ */ new Set(["curl", "wget", "scp", "ssh", "nc", "ncat", "netcat"]);
+    VALUE_FLAGS = {
+      curl: /* @__PURE__ */ new Set([
+        "-d",
+        "--data",
+        "--data-ascii",
+        "--data-binary",
+        "--data-raw",
+        "--data-urlencode",
+        "-F",
+        "--form",
+        "-H",
+        "--header",
+        "-X",
+        "--request",
+        "-o",
+        "--output",
+        "-T",
+        "--upload-file",
+        "-u",
+        "--user",
+        "-e",
+        "--referer",
+        "-A",
+        "--user-agent",
+        "-b",
+        "--cookie",
+        "-c",
+        "--cookie-jar",
+        "--connect-to",
+        "--resolve",
+        "--cacert",
+        "--cert",
+        "--key",
+        "-x",
+        "--proxy",
+        "-m",
+        "--max-time",
+        "--retry"
+      ]),
+      wget: /* @__PURE__ */ new Set([
+        "-O",
+        "--output-document",
+        "--post-data",
+        "--post-file",
+        "--header",
+        "-U",
+        "--user-agent",
+        "--user",
+        "--password",
+        "-o",
+        "--output-file",
+        "-P",
+        "--directory-prefix",
+        "-t",
+        "--tries",
+        "-T",
+        "--timeout"
+      ]),
+      scp: /* @__PURE__ */ new Set(["-i", "-F", "-l", "-o", "-c", "-S", "-P", "-J", "-D", "-W"]),
+      ssh: /* @__PURE__ */ new Set([
+        "-i",
+        "-p",
+        "-o",
+        "-l",
+        "-F",
+        "-c",
+        "-L",
+        "-R",
+        "-D",
+        "-W",
+        "-b",
+        "-e",
+        "-m",
+        "-O",
+        "-Q",
+        "-S",
+        "-J",
+        "-w",
+        "-B",
+        "-I",
+        "-E"
+      ]),
+      nc: /* @__PURE__ */ new Set(["-p", "-s", "-w", "-X", "-x", "-e", "-g", "-G", "-i", "-O", "-T", "-q", "-m"])
+    };
     FS_OP_CACHE_MAX = 5e3;
     fsOpCache = /* @__PURE__ */ new Map();
+    DEFAULT_EGRESS_ALLOWLIST = [
+      "*.github.com",
+      "*.githubusercontent.com",
+      "*.npmjs.org",
+      "pypi.org",
+      "*.pythonhosted.org",
+      "crates.io",
+      "*.crates.io",
+      "rubygems.org",
+      "proxy.golang.org",
+      "sum.golang.org",
+      "*.anthropic.com",
+      "*.openai.com",
+      "*.googleapis.com",
+      "*.docker.io",
+      "*.docker.com",
+      "deb.debian.org",
+      "*.ubuntu.com"
+    ];
     SOURCE_COMMANDS = /* @__PURE__ */ new Set([
       "cat",
       "head",
@@ -3414,6 +3722,8 @@ var init_dist = __esm({
     PII_SSN_RE = /\b\d{3}-\d{2}-\d{4}\b/;
     PII_PHONE_RE = /\b(?:\+?1[-.\s]?)?\(?\d{3}\)?[-.\s]\d{3}[-.\s]\d{4}\b/;
     PII_CC_RE = /\b(?:4\d{3}|5[1-5]\d{2}|3[47]\d{2}|6\d{3})[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b/;
+    REALTIME_PII_PATTERNS = ["SSN", "Credit Card"];
+    MAX_PII_SCAN_BYTES = 1e5;
     LONG_OUTPUT_THRESHOLD_BYTES = 100 * 1024;
     CANONICAL_EXTRACTOR_VERSION = "canonical-v4";
     DEDUPE_PREVIEW_LEN = 120;
@@ -3704,6 +4014,11 @@ function getConfig(cwd) {
       ignorePaths: [...DEFAULT_CONFIG.policy.snapshot.ignorePaths]
     },
     dlp: { ...DEFAULT_CONFIG.policy.dlp },
+    egress: {
+      ...DEFAULT_CONFIG.policy.egress,
+      allow: [...DEFAULT_CONFIG.policy.egress.allow],
+      deny: [...DEFAULT_CONFIG.policy.egress.deny]
+    },
     loopDetection: { ...DEFAULT_CONFIG.policy.loopDetection },
     skillPinning: {
       ...DEFAULT_CONFIG.policy.skillPinning,
@@ -3754,6 +4069,15 @@ function getConfig(cwd) {
       const d = p.dlp;
       if (d.enabled !== void 0) mergedPolicy.dlp.enabled = d.enabled;
       if (d.scanIgnoredTools !== void 0) mergedPolicy.dlp.scanIgnoredTools = d.scanIgnoredTools;
+      if (d.pii !== void 0) mergedPolicy.dlp.pii = d.pii;
+    }
+    if (p.egress) {
+      const e = p.egress;
+      if (e.enabled !== void 0) mergedPolicy.egress.enabled = e.enabled;
+      if (e.mode !== void 0) mergedPolicy.egress.mode = e.mode;
+      if (Array.isArray(e.allow)) mergedPolicy.egress.allow.push(...e.allow);
+      if (Array.isArray(e.deny)) mergedPolicy.egress.deny.push(...e.deny);
+      if (e.allowPrivate !== void 0) mergedPolicy.egress.allowPrivate = e.allowPrivate;
     }
     if (p.loopDetection) {
       const ld = p.loopDetection;
@@ -4104,7 +4428,8 @@ var init_config = __esm({
             description: "The AI wants to download a script from the internet and run it immediately, without you seeing what it contains. This is one of the most common ways malware gets installed."
           }
         ],
-        dlp: { enabled: true, scanIgnoredTools: true },
+        dlp: { enabled: true, scanIgnoredTools: true, pii: "off" },
+        egress: { enabled: false, mode: "review", allow: [], deny: [], allowPrivate: true },
         loopDetection: { enabled: true, threshold: 5, windowSeconds: 120 },
         skillPinning: { enabled: false, mode: "warn", roots: [] }
       },
@@ -5207,6 +5532,14 @@ var init_context_sniper = __esm({
 // src/ui/native.ts
 import { spawn } from "child_process";
 import path11 from "path";
+function resolveNativeDecision(opts) {
+  const { code, output, elapsedMs, locked } = opts;
+  if (locked) return "deny";
+  const tooFast = elapsedMs < MIN_INTERACTION_MS;
+  if (output.includes("Always Allow")) return tooFast ? "deny" : "always_allow";
+  if (code === 0) return tooFast ? "deny" : "allow";
+  return "deny";
+}
 function formatArgs(args, matchedField, matchedWord) {
   if (args === null || args === void 0) return { message: "(none)", intent: "EXEC" };
   let parsed = args;
@@ -5366,6 +5699,7 @@ async function askNativePopup(toolName, args, agent, explainableLabel, locked =
   );
   return new Promise((resolve) => {
     let childProcess = null;
+    const startedAt = Date.now();
     const onAbort = () => {
       if (childProcess && childProcess.pid) {
         try {
@@ -5423,19 +5757,20 @@ end run`;
       }
       let output = "";
       childProcess?.stdout?.on("data", (d) => output += d.toString());
-      childProcess?.on("close", (code) => {
+      childProcess?.on("error", () => {
         if (signal) signal.removeEventListener("abort", onAbort);
-        if (locked) return resolve("deny");
-        if (output.includes("Always Allow")) return resolve("always_allow");
-        if (code === 0) return resolve("allow");
         resolve("deny");
       });
+      childProcess?.on("close", (code) => {
+        if (signal) signal.removeEventListener("abort", onAbort);
+        resolve(resolveNativeDecision({ code, output, elapsedMs: Date.now() - startedAt, locked }));
+      });
     } catch {
       resolve("deny");
     }
   });
 }
-var isTestEnv;
+var isTestEnv, MIN_INTERACTION_MS;
 var init_native = __esm({
   "src/ui/native.ts"() {
     "use strict";
@@ -5443,6 +5778,7 @@ var init_native = __esm({
     isTestEnv = () => {
       return process.env.NODE_ENV === "test" || process.env.VITEST === "true" || !!process.env.VITEST || process.env.CI === "true" || !!process.env.CI || process.env.NODE9_TESTING === "1";
     };
+    MIN_INTERACTION_MS = 400;
   }
 });
 
@@ -5755,6 +6091,37 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
       if (taintResult.tainted && taintResult.record) {
         const { path: taintedPath, source: taintSource } = taintResult.record;
         taintWarning = `\u26A0\uFE0F ${taintedPath} was flagged by ${taintSource} \u2014 this file may contain sensitive data`;
+        if (config.policy.egress?.enabled) {
+          const a = args && typeof args === "object" && !Array.isArray(args) ? args : {};
+          const cmd = typeof a.command === "string" ? a.command : typeof a.cmd === "string" ? a.cmd : "";
+          const dests = cmd ? extractShellDestinations(cmd) : [];
+          const eg = dests.length > 0 ? evaluateEgress(dests, config.policy.egress) : null;
+          if (eg) {
+            if (!isManual)
+              appendLocalAudit(
+                toolName,
+                args,
+                "deny",
+                isObserveMode ? "observe-mode-taint-egress-would-block" : "taint-egress-block",
+                { ...meta, ruleName: `taint-egress:${eg.host}` },
+                hashAuditArgs
+              );
+            if (isObserveMode) {
+              return {
+                approved: true,
+                checkedBy: "audit",
+                observeWouldBlock: true,
+                blockedByLabel: "\u{1F534} Node9 Taint+Egress (Exfiltration)"
+              };
+            }
+            return {
+              approved: false,
+              reason: `\u{1F534} EXFILTRATION BLOCKED: the tainted file "${taintedPath}" is being sent to untrusted host "${eg.host}". A flagged file leaving to an unrecognized destination is blocked outright.`,
+              blockedBy: "local-config",
+              blockedByLabel: "\u{1F534} Node9 Taint+Egress (Exfiltration Blocked)"
+            };
+          }
+        }
       } else if (taintResult.daemonUnavailable) {
         taintWarning = `\u26A0\uFE0F Taint service unavailable \u2014 cannot verify if ${filePaths.join(", ")} is clean`;
       }
@@ -5803,6 +6170,35 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
       explainableLabel = "\u{1F6A8} Node9 DLP (Credential Review)";
     }
   }
+  if (config.policy.dlp.pii === "block" && (!isIgnoredTool2(toolName) || config.policy.dlp.scanIgnoredTools)) {
+    const piiFound = detectArgsPii(args);
+    if (piiFound.length > 0) {
+      const piiReason = `\u{1F512} PII DETECTED: ${piiFound.join(", ")} found in tool arguments. Remove or tokenize personal data before passing it to a tool.`;
+      if (!isManual)
+        appendLocalAudit(
+          toolName,
+          args,
+          "deny",
+          isObserveMode ? "observe-mode-pii-would-block" : "pii-block",
+          { ...meta, piiPatterns: piiFound.join(",") },
+          true
+        );
+      if (isObserveMode) {
+        return {
+          approved: true,
+          checkedBy: "audit",
+          observeWouldBlock: true,
+          blockedByLabel: "\u{1F512} Node9 PII (Detected)"
+        };
+      }
+      return {
+        approved: false,
+        reason: piiReason,
+        blockedBy: "local-config",
+        blockedByLabel: "\u{1F512} Node9 PII (Detected)"
+      };
+    }
+  }
   if (isObserveMode) {
     if (!isIgnoredTool2(toolName)) {
       const policyResult = await evaluatePolicy2(toolName, args, meta?.agent, options?.cwd);
@@ -6251,6 +6647,7 @@ var init_orchestrator = __esm({
     init_native();
     init_context_sniper();
     init_dlp();
+    init_dist();
     init_audit();
     init_config();
     init_policy();
@@ -9602,18 +9999,118 @@ var init_litellm = __esm({
   }
 });
 
-// src/costSync.ts
+// src/cost-codex.ts
 import fs17 from "fs";
-import path19 from "path";
 import os16 from "os";
+import path19 from "path";
+function codexLogPath() {
+  return path19.join(os16.homedir(), ".codex", "log", "codex-tui.log");
+}
+function parseCodexUsageLine(line) {
+  if (!line.includes("token_usage")) return null;
+  const date = line.match(RE_DATE)?.[1];
+  if (!date) return null;
+  const model = line.match(RE_MODEL)?.[1];
+  if (!model) return null;
+  const num3 = (re) => {
+    const m = line.match(re);
+    return m ? Number(m[1]) : 0;
+  };
+  const totalInput = num3(RE_INPUT);
+  const cached = num3(RE_CACHED);
+  const nonCached = num3(RE_NON_CACHED);
+  const output = num3(RE_OUTPUT);
+  const inputTokens = nonCached || Math.max(0, totalInput - cached);
+  if (inputTokens === 0 && output === 0 && cached === 0) return null;
+  const runId = line.match(RE_THREAD)?.[1] ?? "";
+  const norm = normalizeModel(model);
+  const p = pricingFor(model);
+  const costUSD = p ? inputTokens * p[0] + output * p[1] + cached * p[3] : 0;
+  return {
+    date,
+    model: norm,
+    workingDir: "",
+    // Codex span carries no cwd — attribution is by runId (thread)
+    runId,
+    costUSD,
+    inputTokens,
+    outputTokens: output,
+    cacheReadTokens: cached,
+    cacheWriteTokens: 0
+  };
+}
+var RE_INPUT, RE_CACHED, RE_NON_CACHED, RE_OUTPUT, RE_MODEL, RE_THREAD, RE_DATE, codexSource;
+var init_cost_codex = __esm({
+  "src/cost-codex.ts"() {
+    "use strict";
+    init_litellm();
+    RE_INPUT = /token_usage\.input_tokens=(\d+)/;
+    RE_CACHED = /token_usage\.cached_input_tokens=(\d+)/;
+    RE_NON_CACHED = /token_usage\.non_cached_input_tokens=(\d+)/;
+    RE_OUTPUT = /token_usage\.output_tokens=(\d+)/;
+    RE_MODEL = /\bmodel=([^\s}]+)/;
+    RE_THREAD = /\bthread\.id=([0-9a-fA-F-]+)/;
+    RE_DATE = /^(\d{4}-\d{2}-\d{2})T/;
+    codexSource = {
+      id: "codex",
+      available() {
+        try {
+          return fs17.existsSync(codexLogPath());
+        } catch {
+          return false;
+        }
+      },
+      collect(sinceMs) {
+        const file = codexLogPath();
+        let content;
+        try {
+          if (sinceMs !== void 0 && fs17.statSync(file).mtimeMs < sinceMs) return [];
+          content = fs17.readFileSync(file, "utf8");
+        } catch {
+          return [];
+        }
+        const combined = /* @__PURE__ */ new Map();
+        for (const line of content.split("\n")) {
+          if (!line.includes("token_usage")) continue;
+          if (sinceMs !== void 0) {
+            const tsFull = line.match(/^(\S+)\s/)?.[1];
+            if (tsFull) {
+              const t = Date.parse(tsFull);
+              if (!Number.isNaN(t) && t < sinceMs) continue;
+            }
+          }
+          const e = parseCodexUsageLine(line);
+          if (!e) continue;
+          const key = `${e.date}::${e.model}::${e.workingDir ?? ""}::${e.runId ?? ""}`;
+          const prev = combined.get(key);
+          if (prev) {
+            prev.costUSD += e.costUSD;
+            prev.inputTokens += e.inputTokens;
+            prev.outputTokens += e.outputTokens;
+            prev.cacheReadTokens += e.cacheReadTokens;
+            prev.cacheWriteTokens += e.cacheWriteTokens;
+          } else {
+            combined.set(key, { ...e });
+          }
+        }
+        return [...combined.values()];
+      }
+    };
+  }
+});
+
+// src/costSync.ts
+import fs18 from "fs";
+import path20 from "path";
+import os17 from "os";
 function decodeProjectDirName(dirName) {
   return dirName.replace(/-/g, "/");
 }
 function parseJSONLFile(filePath, fallbackWorkingDir) {
-  const runId = path19.basename(filePath, ".jsonl");
+  const runId = path20.basename(filePath, ".jsonl");
   let content;
   try {
-    content = fs17.readFileSync(filePath, "utf8");
+    content = fs18.readFileSync(filePath, "utf8");
   } catch {
     return /* @__PURE__ */ new Map();
   }
@@ -9668,51 +10165,30 @@ function parseJSONLFile(filePath, fallbackWorkingDir) {
   }
   return daily;
 }
+function entryKey(e) {
+  return `${e.date}::${e.model}::${e.workingDir ?? ""}::${e.runId ?? ""}`;
+}
 function collectEntries(sinceMs) {
-  const projectsDir = path19.join(os16.homedir(), ".claude", "projects");
-  if (!fs17.existsSync(projectsDir)) return [];
   const combined = /* @__PURE__ */ new Map();
-  let dirs;
-  try {
-    dirs = fs17.readdirSync(projectsDir);
-  } catch {
-    return [];
-  }
-  for (const dir of dirs) {
-    const dirPath = path19.join(projectsDir, dir);
-    try {
-      if (!fs17.statSync(dirPath).isDirectory()) continue;
-    } catch {
-      continue;
-    }
-    let files;
+  for (const src of COST_SOURCES) {
+    let rows;
     try {
-      files = fs17.readdirSync(dirPath).filter((f) => f.endsWith(".jsonl"));
+      if (!src.available()) continue;
+      rows = src.collect(sinceMs);
     } catch {
       continue;
     }
-    const fallbackWorkingDir = decodeProjectDirName(dir);
-    for (const file of files) {
-      const filePath = path19.join(dirPath, file);
-      if (sinceMs !== void 0) {
-        try {
-          if (fs17.statSync(filePath).mtimeMs < sinceMs) continue;
-        } catch {
-          continue;
-        }
-      }
-      const entries = parseJSONLFile(filePath, fallbackWorkingDir);
-      for (const [key, e] of entries) {
-        const prev = combined.get(key);
-        if (prev) {
-          prev.costUSD += e.costUSD;
-          prev.inputTokens += e.inputTokens;
-          prev.outputTokens += e.outputTokens;
-          prev.cacheWriteTokens += e.cacheWriteTokens;
-          prev.cacheReadTokens += e.cacheReadTokens;
-        } else {
-          combined.set(key, { ...e });
-        }
+    for (const e of rows) {
+      const key = entryKey(e);
+      const prev = combined.get(key);
+      if (prev) {
+        prev.costUSD += e.costUSD;
+        prev.inputTokens += e.inputTokens;
+        prev.outputTokens += e.outputTokens;
+        prev.cacheWriteTokens += e.cacheWriteTokens;
+        prev.cacheReadTokens += e.cacheReadTokens;
+      } else {
+        combined.set(key, { ...e });
       }
     }
   }
@@ -9726,10 +10202,10 @@ async function syncCost() {
   if (entries.length === 0) return;
   let username = "unknown";
   try {
-    username = os16.userInfo().username;
+    username = os17.userInfo().username;
   } catch {
   }
-  const machineId = `${os16.hostname()}:${username}`;
+  const machineId = `${os17.hostname()}:${username}`;
   try {
     const res = await fetch(`${creds.apiUrl}/cost-sync`, {
       method: "POST",
@@ -9738,11 +10214,11 @@ async function syncCost() {
       signal: AbortSignal.timeout(15e3)
     });
     if (!res.ok) {
-      fs17.appendFileSync(HOOK_DEBUG_LOG, `[cost-sync] HTTP ${res.status}
+      fs18.appendFileSync(HOOK_DEBUG_LOG, `[cost-sync] HTTP ${res.status}
 `);
     }
   } catch (err2) {
-    fs17.appendFileSync(HOOK_DEBUG_LOG, `[cost-sync] ${err2.message}
+    fs18.appendFileSync(HOOK_DEBUG_LOG, `[cost-sync] ${err2.message}
 `);
   }
 }
@@ -9755,14 +10231,72 @@ function startCostSync() {
   }, SYNC_INTERVAL_MS);
   timer.unref();
 }
-var SYNC_INTERVAL_MS;
+var SYNC_INTERVAL_MS, claudeSource, COST_SOURCES;
 var init_costSync = __esm({
   "src/costSync.ts"() {
     "use strict";
     init_config();
     init_audit();
     init_litellm();
+    init_cost_codex();
     SYNC_INTERVAL_MS = 10 * 60 * 1e3;
+    claudeSource = {
+      id: "claude",
+      available() {
+        return fs18.existsSync(path20.join(os17.homedir(), ".claude", "projects"));
+      },
+      collect(sinceMs) {
+        const projectsDir = path20.join(os17.homedir(), ".claude", "projects");
+        if (!fs18.existsSync(projectsDir)) return [];
+        const combined = /* @__PURE__ */ new Map();
+        let dirs;
+        try {
+          dirs = fs18.readdirSync(projectsDir);
+        } catch {
+          return [];
+        }
+        for (const dir of dirs) {
+          const dirPath = path20.join(projectsDir, dir);
+          try {
+            if (!fs18.statSync(dirPath).isDirectory()) continue;
+          } catch {
+            continue;
+          }
+          let files;
+          try {
+            files = fs18.readdirSync(dirPath).filter((f) => f.endsWith(".jsonl"));
+          } catch {
+            continue;
+          }
+          const fallbackWorkingDir = decodeProjectDirName(dir);
+          for (const file of files) {
+            const filePath = path20.join(dirPath, file);
+            if (sinceMs !== void 0) {
+              try {
+                if (fs18.statSync(filePath).mtimeMs < sinceMs) continue;
+              } catch {
+                continue;
+              }
+            }
+            const entries = parseJSONLFile(filePath, fallbackWorkingDir);
+            for (const [key, e] of entries) {
+              const prev = combined.get(key);
+              if (prev) {
+                prev.costUSD += e.costUSD;
+                prev.inputTokens += e.inputTokens;
+                prev.outputTokens += e.outputTokens;
+                prev.cacheWriteTokens += e.cacheWriteTokens;
+                prev.cacheReadTokens += e.cacheReadTokens;
+              } else {
+                combined.set(key, { ...e });
+              }
+            }
+          }
+        }
+        return [...combined.values()];
+      }
+    };
+    COST_SOURCES = [claudeSource, codexSource];
   }
 });
 
@@ -9778,9 +10312,9 @@ __export(scan_watermark_exports, {
   tickForensicBroadcast: () => tickForensicBroadcast,
   tickScanWatcher: () => tickScanWatcher
 });
-import fs18 from "fs";
-import os17 from "os";
-import path20 from "path";
+import fs19 from "fs";
+import os18 from "os";
+import path21 from "path";
 import readline from "readline";
 function freshWatermark() {
   return {
@@ -9793,7 +10327,7 @@ function freshWatermark() {
 function loadWatermark() {
   let raw;
   try {
-    raw = fs18.readFileSync(WATERMARK_FILE(), "utf-8");
+    raw = fs19.readFileSync(WATERMARK_FILE(), "utf-8");
   } catch {
     return { status: "fresh", wm: freshWatermark() };
   }
@@ -9845,28 +10379,28 @@ function loadWatermark() {
 function saveWatermark(wm) {
   if (wm.schemaVersion > WATERMARK_SCHEMA_VERSION) return;
   const target = WATERMARK_FILE();
-  const dir = path20.dirname(target);
-  if (!fs18.existsSync(dir)) fs18.mkdirSync(dir, { recursive: true });
+  const dir = path21.dirname(target);
+  if (!fs19.existsSync(dir)) fs19.mkdirSync(dir, { recursive: true });
   const tmp = target + ".tmp";
-  fs18.writeFileSync(tmp, JSON.stringify(wm, null, 2) + "\n", "utf-8");
-  fs18.renameSync(tmp, target);
+  fs19.writeFileSync(tmp, JSON.stringify(wm, null, 2) + "\n", "utf-8");
+  fs19.renameSync(tmp, target);
 }
 function listJsonlFiles() {
   const root = PROJECTS_DIR();
-  if (!fs18.existsSync(root)) return [];
+  if (!fs19.existsSync(root)) return [];
   const out = [];
-  for (const entry of fs18.readdirSync(root, { withFileTypes: true })) {
+  for (const entry of fs19.readdirSync(root, { withFileTypes: true })) {
     if (!entry.isDirectory()) continue;
-    const projectDir = path20.join(root, entry.name);
+    const projectDir = path21.join(root, entry.name);
     let inner;
     try {
-      inner = fs18.readdirSync(projectDir, { withFileTypes: true });
+      inner = fs19.readdirSync(projectDir, { withFileTypes: true });
     } catch {
       continue;
     }
     for (const file of inner) {
       if (file.isFile() && file.name.endsWith(".jsonl")) {
-        out.push(path20.join(projectDir, file.name));
+        out.push(path21.join(projectDir, file.name));
       }
     }
   }
@@ -9874,7 +10408,7 @@ function listJsonlFiles() {
 }
 function fileSize(p) {
   try {
-    return fs18.statSync(p).size;
+    return fs19.statSync(p).size;
   } catch {
     return 0;
   }
@@ -9882,7 +10416,7 @@ function fileSize(p) {
 async function scanDelta(filePath, fromByte, onLine) {
   const size = fileSize(filePath);
   if (size <= fromByte) return fromByte;
-  const stream = fs18.createReadStream(filePath, {
+  const stream = fs19.createReadStream(filePath, {
     start: fromByte,
     end: size - 1,
     highWaterMark: 64 * 1024
@@ -9994,7 +10528,7 @@ async function tickForensicBroadcast(offsets) {
       continue;
     }
     if (size <= offset) continue;
-    const sessionId = path20.basename(file, ".jsonl");
+    const sessionId = path21.basename(file, ".jsonl");
     const newOffset = await scanDelta(file, offset, (obj, lineIndex) => {
       out.push(...extractFindingsFromLine(obj, sessionId, lineIndex));
     });
@@ -10053,7 +10587,7 @@ function emptyTick(uploadAs) {
 function readRawWatermarkPreservingOffsets() {
   let raw;
   try {
-    raw = fs18.readFileSync(WATERMARK_FILE(), "utf-8");
+    raw = fs19.readFileSync(WATERMARK_FILE(), "utf-8");
   } catch {
     return null;
   }
@@ -10087,13 +10621,13 @@ async function runActualTick(wm) {
     if (!known) {
       let mtimeMs = 0;
       try {
-        mtimeMs = fs18.statSync(filePath).mtime.getTime();
+        mtimeMs = fs19.statSync(filePath).mtime.getTime();
       } catch {
         continue;
       }
       if (mtimeMs >= watermarkCreatedAt) {
         filesNew++;
-        const sessionId2 = path20.basename(filePath, ".jsonl");
+        const sessionId2 = path21.basename(filePath, ".jsonl");
         const newScannedTo2 = await scanDelta(filePath, 0, (obj, lineIndex) => {
           totalToolCalls++;
           toolCallsBySession[sessionId2] = (toolCallsBySession[sessionId2] ?? 0) + 1;
@@ -10111,7 +10645,7 @@ async function runActualTick(wm) {
       filesSkipped++;
       continue;
     }
-    const sessionId = path20.basename(filePath, ".jsonl");
+    const sessionId = path21.basename(filePath, ".jsonl");
     const newScannedTo = await scanDelta(filePath, known.scannedTo, (obj, lineIndex) => {
       totalToolCalls++;
       toolCallsBySession[sessionId] = (toolCallsBySession[sessionId] ?? 0) + 1;
@@ -10139,8 +10673,8 @@ var init_scan_watermark = __esm({
     "use strict";
     init_dlp();
     init_dist();
-    PROJECTS_DIR = () => path20.join(os17.homedir(), ".claude", "projects");
-    WATERMARK_FILE = () => path20.join(os17.homedir(), ".node9", "scan-watermark.json");
+    PROJECTS_DIR = () => path21.join(os18.homedir(), ".claude", "projects");
+    WATERMARK_FILE = () => path21.join(os18.homedir(), ".node9", "scan-watermark.json");
     MAX_LINE_BYTES = 2 * 1024 * 1024;
     WATERMARK_SCHEMA_VERSION = 2;
     LONG_OUTPUT_THRESHOLD_BYTES2 = LONG_OUTPUT_THRESHOLD_BYTES;
@@ -10151,14 +10685,15 @@ var init_scan_watermark = __esm({
 var scan_upload_history_exports = {};
 __export(scan_upload_history_exports, {
   buildSessionTotals: () => buildSessionTotals,
+  extractHistoricalLoops: () => extractHistoricalLoops,
   iterateJsonlFiles: () => iterateJsonlFiles,
   parseSinceCutoff: () => parseSinceCutoff,
   runUploadHistory: () => runUploadHistory
 });
-import fs19 from "fs";
+import fs20 from "fs";
 import https from "https";
-import os18 from "os";
-import path21 from "path";
+import os19 from "os";
+import path22 from "path";
 import chalk4 from "chalk";
 function emptySignals2() {
   return {
@@ -10193,40 +10728,40 @@ function parseSinceCutoff(raw, now = /* @__PURE__ */ new Date()) {
   return now.getTime() - 90 * 864e5;
 }
 function* iterateJsonlFiles(cutoffMs) {
-  const projectsDir = path21.join(os18.homedir(), ".claude", "projects");
+  const projectsDir = path22.join(os19.homedir(), ".claude", "projects");
   let dirs;
   try {
-    dirs = fs19.readdirSync(projectsDir);
+    dirs = fs20.readdirSync(projectsDir);
   } catch {
     return;
   }
   for (const dir of dirs) {
-    const dirPath = path21.join(projectsDir, dir);
+    const dirPath = path22.join(projectsDir, dir);
     let stats;
     try {
-      stats = fs19.statSync(dirPath);
+      stats = fs20.statSync(dirPath);
     } catch {
       continue;
     }
     if (!stats.isDirectory()) continue;
     let files;
     try {
-      files = fs19.readdirSync(dirPath).filter((f) => f.endsWith(".jsonl"));
+      files = fs20.readdirSync(dirPath).filter((f) => f.endsWith(".jsonl"));
     } catch {
       continue;
     }
     for (const file of files) {
-      const filePath = path21.join(dirPath, file);
+      const filePath = path22.join(dirPath, file);
       let mtime = 0;
       try {
-        mtime = fs19.statSync(filePath).mtimeMs;
+        mtime = fs20.statSync(filePath).mtimeMs;
       } catch {
         continue;
       }
       if (mtime < cutoffMs) continue;
       yield {
         filePath,
-        sessionId: path21.basename(file, ".jsonl"),
+        sessionId: path22.basename(file, ".jsonl"),
         projectDir: dir
       };
     }
@@ -10249,6 +10784,19 @@ function buildSessionTotals(findings, toolCallsBySession) {
     signals
   }));
 }
+function extractHistoricalLoops(sessionCalls, ctx) {
+  return extractSessionLevelFindings(sessionCalls, {
+    sessionId: ctx.sessionId,
+    project: ctx.project,
+    agent: ctx.agent,
+    loopDetection: {
+      enabled: true,
+      threshold: ctx.threshold,
+      windowSeconds: 0
+      // whole session — never the live blocker's window
+    }
+  });
+}
 async function runUploadHistory(opts) {
   const creds = getCredentials();
   if (!creds?.apiKey) {
@@ -10279,7 +10827,7 @@ async function runUploadHistory(opts) {
     filesScanned++;
     let content;
     try {
-      content = fs19.readFileSync(filePath, "utf8");
+      content = fs20.readFileSync(filePath, "utf8");
     } catch {
       continue;
     }
@@ -10318,15 +10866,11 @@ async function runUploadHistory(opts) {
       lineIndex++;
     }
     if (loopCfg.enabled && sessionCalls.length > 0) {
-      const loops = extractSessionLevelFindings(sessionCalls, {
+      const loops = extractHistoricalLoops(sessionCalls, {
         sessionId,
         project: decodeProjectDirName(projectDir),
         agent: "claude",
-        loopDetection: {
-          enabled: loopCfg.enabled,
-          threshold: loopCfg.threshold,
-          windowSeconds: loopCfg.windowSeconds
-        }
+        threshold: loopCfg.threshold
       });
       for (const cf of loops) {
         const sf = toScanFinding(cf);
@@ -10365,10 +10909,10 @@ async function runUploadHistory(opts) {
     const costUrl = creds.apiUrl.endsWith("/policies/sync") ? creds.apiUrl.replace(/\/policies\/sync$/, "/cost-sync") : `${creds.apiUrl.replace(/\/$/, "")}/cost-sync`;
     let username = "unknown";
     try {
-      username = os18.userInfo().username;
+      username = os19.userInfo().username;
     } catch {
     }
-    const machineId = `${os18.hostname()}:${username}`;
+    const machineId = `${os19.hostname()}:${username}`;
     await postJson(costUrl, creds.apiKey, {
       machineId,
       entries: dailyEntries
@@ -10442,9 +10986,9 @@ var init_scan_upload_history = __esm({
 
 // src/cli/commands/scan.ts
 import chalk5 from "chalk";
-import fs20 from "fs";
-import path22 from "path";
-import os19 from "os";
+import fs21 from "fs";
+import path23 from "path";
+import os20 from "os";
 import stringWidth2 from "string-width";
 function claudeModelPrice(model) {
   const base = model.replace(/@.*$/, "").replace(/-\d{8}$/, "");
@@ -10671,14 +11215,14 @@ function buildRuleSources() {
 }
 function countScanFiles() {
   let total = 0;
-  const claudeDir = path22.join(os19.homedir(), ".claude", "projects");
-  if (fs20.existsSync(claudeDir)) {
+  const claudeDir = path23.join(os20.homedir(), ".claude", "projects");
+  if (fs21.existsSync(claudeDir)) {
     try {
-      for (const proj of fs20.readdirSync(claudeDir)) {
-        const p = path22.join(claudeDir, proj);
+      for (const proj of fs21.readdirSync(claudeDir)) {
+        const p = path23.join(claudeDir, proj);
         try {
-          if (!fs20.statSync(p).isDirectory()) continue;
-          total += fs20.readdirSync(p).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-")).length;
+          if (!fs21.statSync(p).isDirectory()) continue;
+          total += fs21.readdirSync(p).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-")).length;
         } catch {
           continue;
         }
@@ -10686,17 +11230,17 @@ function countScanFiles() {
     } catch {
     }
   }
-  const geminiDir = path22.join(os19.homedir(), ".gemini", "tmp");
-  if (fs20.existsSync(geminiDir)) {
+  const geminiDir = path23.join(os20.homedir(), ".gemini", "tmp");
+  if (fs21.existsSync(geminiDir)) {
     try {
-      for (const slug of fs20.readdirSync(geminiDir)) {
-        const p = path22.join(geminiDir, slug);
+      for (const slug of fs21.readdirSync(geminiDir)) {
+        const p = path23.join(geminiDir, slug);
         try {
-          if (!fs20.statSync(p).isDirectory()) continue;
-          const chatsDir = path22.join(p, "chats");
-          if (fs20.existsSync(chatsDir)) {
+          if (!fs21.statSync(p).isDirectory()) continue;
+          const chatsDir = path23.join(p, "chats");
+          if (fs21.existsSync(chatsDir)) {
             try {
-              total += fs20.readdirSync(chatsDir).filter((f) => f.endsWith(".json")).length;
+              total += fs21.readdirSync(chatsDir).filter((f) => f.endsWith(".json")).length;
             } catch {
             }
           }
@@ -10708,15 +11252,15 @@ function countScanFiles() {
     }
   }
   for (const surface of ["antigravity-cli", "antigravity-ide"]) {
-    const brainDir = path22.join(os19.homedir(), ".gemini", surface, "brain");
-    if (!fs20.existsSync(brainDir)) continue;
+    const brainDir = path23.join(os20.homedir(), ".gemini", surface, "brain");
+    if (!fs21.existsSync(brainDir)) continue;
     try {
-      for (const conv of fs20.readdirSync(brainDir)) {
-        const convPath = path22.join(brainDir, conv);
+      for (const conv of fs21.readdirSync(brainDir)) {
+        const convPath = path23.join(brainDir, conv);
         try {
-          if (!fs20.statSync(convPath).isDirectory()) continue;
-          const logsDir = path22.join(convPath, ".system_generated", "logs");
-          if (fs20.existsSync(path22.join(logsDir, "transcript_full.jsonl")) || fs20.existsSync(path22.join(logsDir, "transcript.jsonl"))) {
+          if (!fs21.statSync(convPath).isDirectory()) continue;
+          const logsDir = path23.join(convPath, ".system_generated", "logs");
+          if (fs21.existsSync(path23.join(logsDir, "transcript_full.jsonl")) || fs21.existsSync(path23.join(logsDir, "transcript.jsonl"))) {
             total += 1;
           }
         } catch {
@@ -10726,31 +11270,31 @@ function countScanFiles() {
     } catch {
     }
   }
-  const copilotDir = path22.join(os19.homedir(), ".copilot", "session-state");
-  if (fs20.existsSync(copilotDir)) {
+  const copilotDir = path23.join(os20.homedir(), ".copilot", "session-state");
+  if (fs21.existsSync(copilotDir)) {
     try {
-      for (const sid of fs20.readdirSync(copilotDir)) {
-        if (fs20.existsSync(path22.join(copilotDir, sid, "events.jsonl"))) total += 1;
+      for (const sid of fs21.readdirSync(copilotDir)) {
+        if (fs21.existsSync(path23.join(copilotDir, sid, "events.jsonl"))) total += 1;
       }
     } catch {
     }
   }
-  const codexDir = path22.join(os19.homedir(), ".codex", "sessions");
-  if (fs20.existsSync(codexDir)) {
+  const codexDir = path23.join(os20.homedir(), ".codex", "sessions");
+  if (fs21.existsSync(codexDir)) {
     try {
-      for (const year of fs20.readdirSync(codexDir)) {
-        const yp = path22.join(codexDir, year);
+      for (const year of fs21.readdirSync(codexDir)) {
+        const yp = path23.join(codexDir, year);
         try {
-          if (!fs20.statSync(yp).isDirectory()) continue;
-          for (const month of fs20.readdirSync(yp)) {
-            const mp = path22.join(yp, month);
+          if (!fs21.statSync(yp).isDirectory()) continue;
+          for (const month of fs21.readdirSync(yp)) {
+            const mp = path23.join(yp, month);
             try {
-              if (!fs20.statSync(mp).isDirectory()) continue;
-              for (const day of fs20.readdirSync(mp)) {
-                const dp = path22.join(mp, day);
+              if (!fs21.statSync(mp).isDirectory()) continue;
+              for (const day of fs21.readdirSync(mp)) {
+                const dp = path23.join(mp, day);
                 try {
-                  if (!fs20.statSync(dp).isDirectory()) continue;
-                  total += fs20.readdirSync(dp).filter((f) => f.endsWith(".jsonl")).length;
+                  if (!fs21.statSync(dp).isDirectory()) continue;
+                  total += fs21.readdirSync(dp).filter((f) => f.endsWith(".jsonl")).length;
                 } catch {
                   continue;
                 }
@@ -10786,7 +11330,7 @@ function processClaudeFile(file, projPath, projLabel, ruleSources, startDate, re
   const sessionId = file.replace(/\.jsonl$/, "");
   let raw;
   try {
-    raw = fs20.readFileSync(path22.join(projPath, file), "utf-8");
+    raw = fs21.readFileSync(path23.join(projPath, file), "utf-8");
   } catch {
     return;
   }
@@ -10838,7 +11382,7 @@ function processClaudeFile(file, projPath, projLabel, ruleSources, startDate, re
           if (block.type !== "tool_result") continue;
           const filePath = block.tool_use_id ? toolUseFilePaths.get(block.tool_use_id) : void 0;
           if (filePath) {
-            const ext = path22.extname(filePath).toLowerCase();
+            const ext = path23.extname(filePath).toLowerCase();
             if (CODE_EXTENSIONS.has(ext)) continue;
           }
           const resultText = typeof block.content === "string" ? block.content : Array.isArray(block.content) ? block.content.map((c) => c.text ?? "").join("\n") : null;
@@ -10895,7 +11439,7 @@ function processClaudeFile(file, projPath, projLabel, ruleSources, startDate, re
       const rawCmd = String(input.command ?? "").trimStart();
       if (/^node9\s+(scan|explain|report|tail|dlp|status|sessions|audit)\b/.test(rawCmd)) continue;
       const inputFilePath = typeof input.file_path === "string" ? input.file_path : "";
-      const inputFileExt = inputFilePath ? path22.extname(inputFilePath).toLowerCase() : "";
+      const inputFileExt = inputFilePath ? path23.extname(inputFilePath).toLowerCase() : "";
       if (CODE_EXTENSIONS.has(inputFileExt)) continue;
       const dlpMatch = scanArgs(input);
       if (dlpMatch) {
@@ -10992,19 +11536,19 @@ function processClaudeFile(file, projPath, projLabel, ruleSources, startDate, re
   }
 }
 function processClaudeProject(proj, projectsDir, ruleSources, startDate, result, dedup, onProgress, onLine) {
-  const projPath = path22.join(projectsDir, proj);
+  const projPath = path23.join(projectsDir, proj);
   try {
-    if (!fs20.statSync(projPath).isDirectory()) return;
+    if (!fs21.statSync(projPath).isDirectory()) return;
   } catch {
     return;
   }
-  const projLabel = stripTerminalEscapes(decodeURIComponent(proj).replace(os19.homedir(), "~")).slice(
+  const projLabel = stripTerminalEscapes(decodeURIComponent(proj).replace(os20.homedir(), "~")).slice(
     0,
     40
   );
   let files;
   try {
-    files = fs20.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
+    files = fs21.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
   } catch {
     return;
   }
@@ -11038,12 +11582,12 @@ function emptyClaudeScan() {
   };
 }
 function scanClaudeHistory(startDate, onProgress, onLine) {
-  const projectsDir = path22.join(os19.homedir(), ".claude", "projects");
+  const projectsDir = path23.join(os20.homedir(), ".claude", "projects");
   const result = emptyClaudeScan();
-  if (!fs20.existsSync(projectsDir)) return result;
+  if (!fs21.existsSync(projectsDir)) return result;
   let projDirs;
   try {
-    projDirs = fs20.readdirSync(projectsDir);
+    projDirs = fs21.readdirSync(projectsDir);
   } catch {
     return result;
   }
@@ -11064,7 +11608,7 @@ function scanClaudeHistory(startDate, onProgress, onLine) {
   return result;
 }
 function scanGeminiHistory(startDate, onProgress, onLine) {
-  const tmpDir = path22.join(os19.homedir(), ".gemini", "tmp");
+  const tmpDir = path23.join(os20.homedir(), ".gemini", "tmp");
   const result = {
     filesScanned: 0,
     sessions: 0,
@@ -11079,33 +11623,33 @@ function scanGeminiHistory(startDate, onProgress, onLine) {
     sessionsWithEarlySecrets: 0
   };
   const dedup = emptyScanDedup();
-  if (!fs20.existsSync(tmpDir)) return result;
+  if (!fs21.existsSync(tmpDir)) return result;
   let slugDirs;
   try {
-    slugDirs = fs20.readdirSync(tmpDir);
+    slugDirs = fs21.readdirSync(tmpDir);
   } catch {
     return result;
   }
   const ruleSources = buildRuleSources();
   for (const slug of slugDirs) {
-    const slugPath = path22.join(tmpDir, slug);
+    const slugPath = path23.join(tmpDir, slug);
     try {
-      if (!fs20.statSync(slugPath).isDirectory()) continue;
+      if (!fs21.statSync(slugPath).isDirectory()) continue;
     } catch {
       continue;
     }
     let projLabel = stripTerminalEscapes(slug).slice(0, 40);
     try {
       projLabel = stripTerminalEscapes(
-        fs20.readFileSync(path22.join(slugPath, ".project_root"), "utf-8").trim()
-      ).replace(os19.homedir(), "~").slice(0, 40);
+        fs21.readFileSync(path23.join(slugPath, ".project_root"), "utf-8").trim()
+      ).replace(os20.homedir(), "~").slice(0, 40);
     } catch {
     }
-    const chatsDir = path22.join(slugPath, "chats");
-    if (!fs20.existsSync(chatsDir)) continue;
+    const chatsDir = path23.join(slugPath, "chats");
+    if (!fs21.existsSync(chatsDir)) continue;
     let chatFiles;
     try {
-      chatFiles = fs20.readdirSync(chatsDir).filter((f) => f.endsWith(".json"));
+      chatFiles = fs21.readdirSync(chatsDir).filter((f) => f.endsWith(".json"));
     } catch {
       continue;
     }
@@ -11115,7 +11659,7 @@ function scanGeminiHistory(startDate, onProgress, onLine) {
       const sessionId = chatFile.replace(/\.json$/, "");
       let raw;
       try {
-        raw = fs20.readFileSync(path22.join(chatsDir, chatFile), "utf-8");
+        raw = fs21.readFileSync(path23.join(chatsDir, chatFile), "utf-8");
       } catch {
         continue;
       }
@@ -11277,13 +11821,13 @@ function scanGeminiHistory(startDate, onProgress, onLine) {
   return result;
 }
 function antigravityBrainDirs() {
-  return ["antigravity-cli", "antigravity-ide"].map((surface) => path22.join(os19.homedir(), ".gemini", surface, "brain")).filter((p) => fs20.existsSync(p));
+  return ["antigravity-cli", "antigravity-ide"].map((surface) => path23.join(os20.homedir(), ".gemini", surface, "brain")).filter((p) => fs21.existsSync(p));
 }
 function antigravityTranscriptPath(convPath) {
-  const logsDir = path22.join(convPath, ".system_generated", "logs");
+  const logsDir = path23.join(convPath, ".system_generated", "logs");
   for (const name of ["transcript_full.jsonl", "transcript.jsonl"]) {
-    const p = path22.join(logsDir, name);
-    if (fs20.existsSync(p)) return p;
+    const p = path23.join(logsDir, name);
+    if (fs21.existsSync(p)) return p;
   }
   return null;
 }
@@ -11309,14 +11853,14 @@ function scanAntigravityHistory(startDate, onProgress, onLine) {
   for (const brainDir of brainDirs) {
     let convDirs;
     try {
-      convDirs = fs20.readdirSync(brainDir);
+      convDirs = fs21.readdirSync(brainDir);
     } catch {
       continue;
     }
     for (const conv of convDirs) {
-      const convPath = path22.join(brainDir, conv);
+      const convPath = path23.join(brainDir, conv);
       try {
-        if (!fs20.statSync(convPath).isDirectory()) continue;
+        if (!fs21.statSync(convPath).isDirectory()) continue;
       } catch {
         continue;
       }
@@ -11326,7 +11870,7 @@ function scanAntigravityHistory(startDate, onProgress, onLine) {
       onProgress?.(result.filesScanned);
       let raw;
       try {
-        raw = fs20.readFileSync(transcriptFile, "utf-8");
+        raw = fs21.readFileSync(transcriptFile, "utf-8");
       } catch {
         continue;
       }
@@ -11383,7 +11927,7 @@ function scanAntigravityHistory(startDate, onProgress, onLine) {
             result.bashCalls++;
             const cwd = String(input.cwd ?? "");
             if (cwd && projLabel === conv.slice(0, 8)) {
-              projLabel = stripTerminalEscapes(cwd).replace(os19.homedir(), "~").slice(0, 40);
+              projLabel = stripTerminalEscapes(cwd).replace(os20.homedir(), "~").slice(0, 40);
             }
           }
           const rawCmd = String(input.command ?? "").trimStart();
@@ -11483,7 +12027,7 @@ function scanAntigravityHistory(startDate, onProgress, onLine) {
   return result;
 }
 function scanCopilotHistory(startDate, onProgress, onLine) {
-  const sessionDir = path22.join(os19.homedir(), ".copilot", "session-state");
+  const sessionDir = path23.join(os20.homedir(), ".copilot", "session-state");
   const result = {
     filesScanned: 0,
     sessions: 0,
@@ -11499,22 +12043,22 @@ function scanCopilotHistory(startDate, onProgress, onLine) {
     sessionsWithEarlySecrets: 0
   };
   const dedup = emptyScanDedup();
-  if (!fs20.existsSync(sessionDir)) return result;
+  if (!fs21.existsSync(sessionDir)) return result;
   let sessionIds;
   try {
-    sessionIds = fs20.readdirSync(sessionDir);
+    sessionIds = fs21.readdirSync(sessionDir);
   } catch {
     return result;
   }
   const ruleSources = buildRuleSources();
   for (const sessionId of sessionIds) {
-    const eventsPath = path22.join(sessionDir, sessionId, "events.jsonl");
-    if (!fs20.existsSync(eventsPath)) continue;
+    const eventsPath = path23.join(sessionDir, sessionId, "events.jsonl");
+    if (!fs21.existsSync(eventsPath)) continue;
     result.filesScanned++;
     onProgress?.(result.filesScanned);
     let raw;
     try {
-      raw = fs20.readFileSync(eventsPath, "utf-8");
+      raw = fs21.readFileSync(eventsPath, "utf-8");
     } catch {
       continue;
     }
@@ -11534,7 +12078,7 @@ function scanCopilotHistory(startDate, onProgress, onLine) {
       if (ev.type === "session.start") {
         const cwd = ev.data?.context?.cwd;
         if (typeof cwd === "string" && cwd) {
-          projLabel = stripTerminalEscapes(cwd).replace(os19.homedir(), "~").slice(0, 40);
+          projLabel = stripTerminalEscapes(cwd).replace(os20.homedir(), "~").slice(0, 40);
         }
         continue;
       }
@@ -11666,7 +12210,7 @@ function scanCopilotHistory(startDate, onProgress, onLine) {
   return result;
 }
 function scanCodexHistory(startDate, onProgress, onLine) {
-  const sessionsBase = path22.join(os19.homedir(), ".codex", "sessions");
+  const sessionsBase = path23.join(os20.homedir(), ".codex", "sessions");
   const result = {
     filesScanned: 0,
     sessions: 0,
@@ -11681,32 +12225,32 @@ function scanCodexHistory(startDate, onProgress, onLine) {
     sessionsWithEarlySecrets: 0
   };
   const dedup = emptyScanDedup();
-  if (!fs20.existsSync(sessionsBase)) return result;
+  if (!fs21.existsSync(sessionsBase)) return result;
   const jsonlFiles = [];
   try {
-    for (const year of fs20.readdirSync(sessionsBase)) {
-      const yearPath = path22.join(sessionsBase, year);
+    for (const year of fs21.readdirSync(sessionsBase)) {
+      const yearPath = path23.join(sessionsBase, year);
       try {
-        if (!fs20.statSync(yearPath).isDirectory()) continue;
+        if (!fs21.statSync(yearPath).isDirectory()) continue;
       } catch {
         continue;
       }
-      for (const month of fs20.readdirSync(yearPath)) {
-        const monthPath = path22.join(yearPath, month);
+      for (const month of fs21.readdirSync(yearPath)) {
+        const monthPath = path23.join(yearPath, month);
         try {
-          if (!fs20.statSync(monthPath).isDirectory()) continue;
+          if (!fs21.statSync(monthPath).isDirectory()) continue;
         } catch {
           continue;
         }
-        for (const day of fs20.readdirSync(monthPath)) {
-          const dayPath = path22.join(monthPath, day);
+        for (const day of fs21.readdirSync(monthPath)) {
+          const dayPath = path23.join(monthPath, day);
           try {
-            if (!fs20.statSync(dayPath).isDirectory()) continue;
+            if (!fs21.statSync(dayPath).isDirectory()) continue;
           } catch {
             continue;
           }
-          for (const file of fs20.readdirSync(dayPath)) {
-            if (file.endsWith(".jsonl")) jsonlFiles.push(path22.join(dayPath, file));
+          for (const file of fs21.readdirSync(dayPath)) {
+            if (file.endsWith(".jsonl")) jsonlFiles.push(path23.join(dayPath, file));
           }
         }
       }
@@ -11720,7 +12264,7 @@ function scanCodexHistory(startDate, onProgress, onLine) {
     onProgress?.(result.filesScanned);
     let lines;
     try {
-      lines = fs20.readFileSync(filePath, "utf-8").split("\n");
+      lines = fs21.readFileSync(filePath, "utf-8").split("\n");
     } catch {
       continue;
     }
@@ -11746,7 +12290,7 @@ function scanCodexHistory(startDate, onProgress, onLine) {
         sessionId = String(payload["id"] ?? filePath);
         startTime = String(payload["timestamp"] ?? "");
         const cwd = String(payload["cwd"] ?? "");
-        projLabel = stripTerminalEscapes(cwd.replace(os19.homedir(), "~")).slice(0, 40);
+        projLabel = stripTerminalEscapes(cwd.replace(os20.homedir(), "~")).slice(0, 40);
         continue;
       }
       if (entry.type === "event_msg" && payload["type"] === "token_count") {
@@ -11899,17 +12443,17 @@ function scanCodexHistory(startDate, onProgress, onLine) {
   return result;
 }
 function scanShellConfig() {
-  const home = os19.homedir();
+  const home = os20.homedir();
   const configFiles = [".zshrc", ".bashrc", ".bash_profile", ".profile"].map(
-    (f) => path22.join(home, f)
+    (f) => path23.join(home, f)
   );
   const findings = [];
   const seen = /* @__PURE__ */ new Set();
   for (const filePath of configFiles) {
-    if (!fs20.existsSync(filePath)) continue;
+    if (!fs21.existsSync(filePath)) continue;
     let lines;
     try {
-      lines = fs20.readFileSync(filePath, "utf-8").split("\n");
+      lines = fs21.readFileSync(filePath, "utf-8").split("\n");
     } catch {
       continue;
     }
@@ -12715,7 +13259,7 @@ function registerScanCommand(program2) {
         if (!drillDown) {
           const useInk2 = !options.classic;
           if (useInk2) {
-            const scanInkPath = path22.join(__dirname, "scan-ink.mjs");
+            const scanInkPath = path23.join(__dirname, "scan-ink.mjs");
             const dynamicImport = new Function("id", "return import(id)");
             const mod = await dynamicImport(`file://${scanInkPath}`);
             const rangeLabel2 = options.all ? "all time" : `last ${options.days ?? 90} days`;
@@ -13136,8 +13680,8 @@ var init_suggestion_tracker = __esm({
 });
 
 // src/daemon/taint-store.ts
-import fs21 from "fs";
-import path23 from "path";
+import fs22 from "fs";
+import path24 from "path";
 var DEFAULT_TTL_MS, TaintStore;
 var init_taint_store = __esm({
   "src/daemon/taint-store.ts"() {
@@ -13206,9 +13750,9 @@ var init_taint_store = __esm({
       /** Resolve to absolute path, falling back to path.resolve if file doesn't exist yet. */
       _resolve(filePath) {
         try {
-          return fs21.realpathSync.native(path23.resolve(filePath));
+          return fs22.realpathSync.native(path24.resolve(filePath));
         } catch {
-          return path23.resolve(filePath);
+          return path24.resolve(filePath);
         }
       }
     };
@@ -13325,14 +13869,14 @@ var init_session_history = __esm({
 
 // src/daemon/state.ts
 import net2 from "net";
-import fs22 from "fs";
-import path24 from "path";
-import os20 from "os";
+import fs23 from "fs";
+import path25 from "path";
+import os21 from "os";
 import { randomUUID as randomUUID3 } from "crypto";
 function loadInsightCounts() {
   try {
-    if (!fs22.existsSync(INSIGHT_COUNTS_FILE)) return;
-    const data = JSON.parse(fs22.readFileSync(INSIGHT_COUNTS_FILE, "utf-8"));
+    if (!fs23.existsSync(INSIGHT_COUNTS_FILE)) return;
+    const data = JSON.parse(fs23.readFileSync(INSIGHT_COUNTS_FILE, "utf-8"));
     for (const [tool, count] of Object.entries(data)) {
       if (typeof count === "number" && count > 0) insightCounts.set(tool, count);
     }
@@ -13371,23 +13915,23 @@ function markRejectionHandlerRegistered() {
   daemonRejectionHandlerRegistered = true;
 }
 function atomicWriteSync2(filePath, data, options) {
-  const dir = path24.dirname(filePath);
-  if (!fs22.existsSync(dir)) fs22.mkdirSync(dir, { recursive: true });
+  const dir = path25.dirname(filePath);
+  if (!fs23.existsSync(dir)) fs23.mkdirSync(dir, { recursive: true });
   const tmpPath = `${filePath}.${randomUUID3()}.tmp`;
   try {
-    fs22.writeFileSync(tmpPath, data, options);
+    fs23.writeFileSync(tmpPath, data, options);
   } catch (err2) {
     try {
-      fs22.unlinkSync(tmpPath);
+      fs23.unlinkSync(tmpPath);
     } catch {
     }
     throw err2;
   }
   try {
-    fs22.renameSync(tmpPath, filePath);
+    fs23.renameSync(tmpPath, filePath);
   } catch (err2) {
     try {
-      fs22.unlinkSync(tmpPath);
+      fs23.unlinkSync(tmpPath);
     } catch {
     }
     throw err2;
@@ -13411,16 +13955,16 @@ function appendAuditLog(data) {
       decision: data.decision,
       source: "daemon"
     };
-    const dir = path24.dirname(AUDIT_LOG_FILE);
-    if (!fs22.existsSync(dir)) fs22.mkdirSync(dir, { recursive: true });
-    fs22.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
+    const dir = path25.dirname(AUDIT_LOG_FILE);
+    if (!fs23.existsSync(dir)) fs23.mkdirSync(dir, { recursive: true });
+    fs23.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
   } catch {
   }
 }
 function getAuditHistory(limit = 20) {
   try {
-    if (!fs22.existsSync(AUDIT_LOG_FILE)) return [];
-    const lines = fs22.readFileSync(AUDIT_LOG_FILE, "utf-8").trim().split("\n");
+    if (!fs23.existsSync(AUDIT_LOG_FILE)) return [];
+    const lines = fs23.readFileSync(AUDIT_LOG_FILE, "utf-8").trim().split("\n");
     if (lines.length === 1 && lines[0] === "") return [];
     return lines.slice(-limit).map((l) => JSON.parse(l)).reverse();
   } catch {
@@ -13429,7 +13973,7 @@ function getAuditHistory(limit = 20) {
 }
 function getOrgName() {
   try {
-    if (fs22.existsSync(CREDENTIALS_FILE)) return "Node9 Cloud";
+    if (fs23.existsSync(CREDENTIALS_FILE)) return "Node9 Cloud";
   } catch {
   }
   return null;
@@ -13437,8 +13981,8 @@ function getOrgName() {
 function writeGlobalSetting(key, value) {
   let config = {};
   try {
-    if (fs22.existsSync(GLOBAL_CONFIG_FILE)) {
-      config = JSON.parse(fs22.readFileSync(GLOBAL_CONFIG_FILE, "utf-8"));
+    if (fs23.existsSync(GLOBAL_CONFIG_FILE)) {
+      config = JSON.parse(fs23.readFileSync(GLOBAL_CONFIG_FILE, "utf-8"));
     }
   } catch {
   }
@@ -13450,8 +13994,8 @@ function writeTrustEntry(toolName, durationMs, commandPattern) {
   try {
     let trust = { entries: [] };
     try {
-      if (fs22.existsSync(TRUST_FILE2))
-        trust = JSON.parse(fs22.readFileSync(TRUST_FILE2, "utf-8"));
+      if (fs23.existsSync(TRUST_FILE2))
+        trust = JSON.parse(fs23.readFileSync(TRUST_FILE2, "utf-8"));
     } catch {
     }
     trust.entries = trust.entries.filter(
@@ -13468,8 +14012,8 @@ function writeTrustEntry(toolName, durationMs, commandPattern) {
 }
 function readPersistentDecisions() {
   try {
-    if (fs22.existsSync(DECISIONS_FILE)) {
-      return JSON.parse(fs22.readFileSync(DECISIONS_FILE, "utf-8"));
+    if (fs23.existsSync(DECISIONS_FILE)) {
+      return JSON.parse(fs23.readFileSync(DECISIONS_FILE, "utf-8"));
     }
   } catch {
   }
@@ -13497,7 +14041,7 @@ function estimateToolCost(tool, args) {
     const filePath = a.file_path ?? a.path;
     if (filePath) {
       try {
-        const bytes = fs22.statSync(filePath).size;
+        const bytes = fs23.statSync(filePath).size;
         return bytes / BYTES_PER_TOKEN / 1e6 * INPUT_PRICE_PER_1M;
       } catch {
       }
@@ -13568,7 +14112,7 @@ function abandonPending() {
   });
   if (autoStarted) {
     try {
-      fs22.unlinkSync(DAEMON_PID_FILE);
+      fs23.unlinkSync(DAEMON_PID_FILE);
     } catch {
     }
     setTimeout(() => {
@@ -13579,8 +14123,8 @@ function abandonPending() {
 }
 function logActivitySocket(msg) {
   try {
-    fs22.appendFileSync(
-      path24.join(homeDir, ".node9", "hook-debug.log"),
+    fs23.appendFileSync(
+      path25.join(homeDir, ".node9", "hook-debug.log"),
       `[${(/* @__PURE__ */ new Date()).toISOString()}] [activity-socket] ${msg}
 `
     );
@@ -13602,13 +14146,13 @@ function shouldRebind(now = Date.now()) {
 function startActivitySocket() {
   bindActivitySocket();
   activityHealthInterval = setInterval(() => {
-    if (!fs22.existsSync(ACTIVITY_SOCKET_PATH2)) attemptRebind("health-probe");
+    if (!fs23.existsSync(ACTIVITY_SOCKET_PATH2)) attemptRebind("health-probe");
   }, ACTIVITY_HEALTH_PROBE_MS);
   activityHealthInterval.unref();
   process.on("exit", () => {
     if (activityHealthInterval) clearInterval(activityHealthInterval);
     try {
-      fs22.unlinkSync(ACTIVITY_SOCKET_PATH2);
+      fs23.unlinkSync(ACTIVITY_SOCKET_PATH2);
     } catch {
     }
   });
@@ -13636,7 +14180,7 @@ function attemptRebind(reason) {
 }
 function bindActivitySocket() {
   try {
-    fs22.unlinkSync(ACTIVITY_SOCKET_PATH2);
+    fs23.unlinkSync(ACTIVITY_SOCKET_PATH2);
   } catch {
   }
   const ACTIVITY_MAX_BYTES = 1024 * 1024;
@@ -13749,14 +14293,14 @@ var init_state2 = __esm({
     init_taint_store();
     init_session_counters();
     init_session_history();
-    homeDir = os20.homedir();
-    DAEMON_PID_FILE = path24.join(homeDir, ".node9", "daemon.pid");
-    DECISIONS_FILE = path24.join(homeDir, ".node9", "decisions.json");
-    AUDIT_LOG_FILE = path24.join(homeDir, ".node9", "audit.log");
-    TRUST_FILE2 = path24.join(homeDir, ".node9", "trust.json");
-    GLOBAL_CONFIG_FILE = path24.join(homeDir, ".node9", "config.json");
-    CREDENTIALS_FILE = path24.join(homeDir, ".node9", "credentials.json");
-    INSIGHT_COUNTS_FILE = path24.join(homeDir, ".node9", "insight-counts.json");
+    homeDir = os21.homedir();
+    DAEMON_PID_FILE = path25.join(homeDir, ".node9", "daemon.pid");
+    DECISIONS_FILE = path25.join(homeDir, ".node9", "decisions.json");
+    AUDIT_LOG_FILE = path25.join(homeDir, ".node9", "audit.log");
+    TRUST_FILE2 = path25.join(homeDir, ".node9", "trust.json");
+    GLOBAL_CONFIG_FILE = path25.join(homeDir, ".node9", "config.json");
+    CREDENTIALS_FILE = path25.join(homeDir, ".node9", "credentials.json");
+    INSIGHT_COUNTS_FILE = path25.join(homeDir, ".node9", "insight-counts.json");
     pending = /* @__PURE__ */ new Map();
     sseClients = /* @__PURE__ */ new Set();
     suggestionTracker = new SuggestionTracker(3);
@@ -13773,7 +14317,7 @@ var init_state2 = __esm({
       "2h": 2 * 60 * 6e4
     };
     autoStarted = process.env.NODE9_AUTO_STARTED === "1";
-    ACTIVITY_SOCKET_PATH2 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path24.join(os20.tmpdir(), "node9-activity.sock");
+    ACTIVITY_SOCKET_PATH2 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path25.join(os21.tmpdir(), "node9-activity.sock");
     ACTIVITY_RING_SIZE = 100;
     activityRing = [];
     LARGE_RESPONSE_RING_SIZE = 20;
@@ -13812,10 +14356,10 @@ var init_state2 = __esm({
 });
 
 // src/daemon/sync.ts
-import fs23 from "fs";
+import fs24 from "fs";
 import https2 from "https";
-import os21 from "os";
-import path25 from "path";
+import os22 from "os";
+import path26 from "path";
 function emptySignals3() {
   return {
     dlpFindings: 0,
@@ -13855,8 +14399,8 @@ function readCredentials() {
     };
   }
   try {
-    const credPath = path25.join(os21.homedir(), ".node9", "credentials.json");
-    const creds = JSON.parse(fs23.readFileSync(credPath, "utf-8"));
+    const credPath = path26.join(os22.homedir(), ".node9", "credentials.json");
+    const creds = JSON.parse(fs24.readFileSync(credPath, "utf-8"));
     const profileName = process.env.NODE9_PROFILE ?? "default";
     const profile = creds[profileName];
     if (typeof profile?.apiKey === "string" && profile.apiKey.length > 0) {
@@ -13882,7 +14426,7 @@ function readCredentials() {
 }
 function readCachedEtag() {
   try {
-    const raw = JSON.parse(fs23.readFileSync(rulesCacheFile(), "utf-8"));
+    const raw = JSON.parse(fs24.readFileSync(rulesCacheFile(), "utf-8"));
     return typeof raw.etag === "string" ? raw.etag : void 0;
   } catch {
     return void 0;
@@ -13943,9 +14487,9 @@ function extractRules(body) {
   return [];
 }
 function writeCache2(cache) {
-  const dir = path25.dirname(rulesCacheFile());
-  if (!fs23.existsSync(dir)) fs23.mkdirSync(dir, { recursive: true });
-  fs23.writeFileSync(rulesCacheFile(), JSON.stringify(cache, null, 2) + "\n", "utf-8");
+  const dir = path26.dirname(rulesCacheFile());
+  if (!fs24.existsSync(dir)) fs24.mkdirSync(dir, { recursive: true });
+  fs24.writeFileSync(rulesCacheFile(), JSON.stringify(cache, null, 2) + "\n", "utf-8");
 }
 async function syncOnce() {
   const creds = readCredentials();
@@ -14102,7 +14646,7 @@ async function runCloudSync() {
 }
 function getCloudSyncStatus() {
   try {
-    const raw = JSON.parse(fs23.readFileSync(rulesCacheFile(), "utf-8"));
+    const raw = JSON.parse(fs24.readFileSync(rulesCacheFile(), "utf-8"));
     if (!Array.isArray(raw.rules) || typeof raw.fetchedAt !== "string") return { cached: false };
     return {
       cached: true,
@@ -14119,7 +14663,7 @@ function getCloudSyncStatus() {
 }
 function getCloudRules() {
   try {
-    const raw = JSON.parse(fs23.readFileSync(rulesCacheFile(), "utf-8"));
+    const raw = JSON.parse(fs24.readFileSync(rulesCacheFile(), "utf-8"));
     return Array.isArray(raw.rules) ? raw.rules : null;
   } catch {
     return null;
@@ -14175,7 +14719,7 @@ var init_sync = __esm({
       loop: "loops",
       "long-output-redacted": "longOutputRedactions"
     };
-    rulesCacheFile = () => path25.join(os21.homedir(), ".node9", "rules-cache.json");
+    rulesCacheFile = () => path26.join(os22.homedir(), ".node9", "rules-cache.json");
     DEFAULT_API_URL = "https://api.node9.ai/api/v1/intercept/policies/sync";
     DEFAULT_INTERVAL_HOURS = 5;
     MIN_INTERVAL_HOURS = 1;
@@ -14189,6 +14733,7 @@ var init_sync = __esm({
 var audit_shipper_exports = {};
 __export(audit_shipper_exports, {
   AUDIT_SHIP_WATERMARK: () => AUDIT_SHIP_WATERMARK,
+  buildBatchEndpoint: () => buildBatchEndpoint,
   buildWireRows: () => buildWireRows,
   fileSignature: () => fileSignature,
   readWatermark: () => readWatermark,
@@ -14197,26 +14742,26 @@ __export(audit_shipper_exports, {
   startAuditShipper: () => startAuditShipper,
   writeWatermark: () => writeWatermark
 });
-import fs24 from "fs";
-import path26 from "path";
-import os22 from "os";
+import fs25 from "fs";
+import path27 from "path";
+import os23 from "os";
 import crypto5 from "crypto";
 function fileSignature(filePath) {
-  const fd = fs24.openSync(filePath, "r");
+  const fd = fs25.openSync(filePath, "r");
   try {
     const buf = Buffer.alloc(512);
-    const read = fs24.readSync(fd, buf, 0, 512, 0);
+    const read = fs25.readSync(fd, buf, 0, 512, 0);
     const slice = buf.subarray(0, read);
     const nl = slice.indexOf(10);
     const firstLine = nl === -1 ? slice : slice.subarray(0, nl);
     return crypto5.createHash("sha256").update(firstLine).digest("hex").slice(0, 16);
   } finally {
-    fs24.closeSync(fd);
+    fs25.closeSync(fd);
   }
 }
 function readWatermark(watermarkPath) {
   try {
-    const raw = JSON.parse(fs24.readFileSync(watermarkPath, "utf-8"));
+    const raw = JSON.parse(fs25.readFileSync(watermarkPath, "utf-8"));
     if (typeof raw.fileSig === "string" && typeof raw.offset === "number" && raw.offset >= 0)
       return raw;
   } catch {
@@ -14225,8 +14770,8 @@ function readWatermark(watermarkPath) {
 }
 function writeWatermark(watermarkPath, wm) {
   const tmp = `${watermarkPath}.tmp`;
-  fs24.writeFileSync(tmp, JSON.stringify(wm));
-  fs24.renameSync(tmp, watermarkPath);
+  fs25.writeFileSync(tmp, JSON.stringify(wm));
+  fs25.renameSync(tmp, watermarkPath);
 }
 function buildWireRows(chunk) {
   const lastNl = chunk.lastIndexOf(10);
@@ -14270,6 +14815,12 @@ function buildWireRows(chunk) {
   }
   return { rows, consumed: lastNl + 1 };
 }
+function buildBatchEndpoint(rawApiUrl) {
+  const validated = validateApiUrl(rawApiUrl);
+  if (!validated) return null;
+  const base = validated.toString().replace(/\/$/, "").replace(/\/policies\/sync$/, "");
+  return `${base}/audit/batch`;
+}
 async function shipOnce(deps = {}) {
   const auditLogPath = deps.auditLogPath ?? LOCAL_AUDIT_LOG;
   const watermarkPath = deps.watermarkPath ?? AUDIT_SHIP_WATERMARK;
@@ -14286,14 +14837,13 @@ async function shipOnce(deps = {}) {
   if (!cloudEnabled) return { status: "disabled", shipped: 0 };
   const creds = deps.creds !== void 0 ? deps.creds : readCredentials();
   if (!creds?.apiKey) return { status: "no-creds", shipped: 0 };
-  const validated = validateApiUrl(creds.apiUrl);
-  if (!validated) return { status: "no-creds", shipped: 0 };
-  const endpoint = `${validated.toString().replace(/\/$/, "")}/audit/batch`;
-  if (!fs24.existsSync(auditLogPath)) return { status: "idle", shipped: 0 };
+  const endpoint = buildBatchEndpoint(creds.apiUrl);
+  if (!endpoint) return { status: "no-creds", shipped: 0 };
+  if (!fs25.existsSync(auditLogPath)) return { status: "idle", shipped: 0 };
   let shipped = 0;
   try {
     for (let chunkN = 0; chunkN < MAX_CHUNKS_PER_TICK; chunkN++) {
-      const size = fs24.statSync(auditLogPath).size;
+      const size = fs25.statSync(auditLogPath).size;
       if (size === 0) break;
       const sig = fileSignature(auditLogPath);
       const wm = readWatermark(watermarkPath);
@@ -14301,12 +14851,12 @@ async function shipOnce(deps = {}) {
       if (offset >= size) break;
       const toRead = Math.min(size - offset, MAX_CHUNK_BYTES);
       const buf = Buffer.alloc(toRead);
-      const fd = fs24.openSync(auditLogPath, "r");
+      const fd = fs25.openSync(auditLogPath, "r");
       let read;
       try {
-        read = fs24.readSync(fd, buf, 0, toRead, offset);
+        read = fs25.readSync(fd, buf, 0, toRead, offset);
       } finally {
-        fs24.closeSync(fd);
+        fs25.closeSync(fd);
       }
       const { rows, consumed } = buildWireRows(buf.subarray(0, read));
       if (consumed === 0) break;
@@ -14353,8 +14903,8 @@ async function shipOnce(deps = {}) {
 }
 function shipLagBytes(auditLogPath = LOCAL_AUDIT_LOG, watermarkPath = AUDIT_SHIP_WATERMARK) {
   try {
-    if (!fs24.existsSync(auditLogPath)) return 0;
-    const size = fs24.statSync(auditLogPath).size;
+    if (!fs25.existsSync(auditLogPath)) return 0;
+    const size = fs25.statSync(auditLogPath).size;
     const wm = readWatermark(watermarkPath);
     if (!wm) return size;
     if (wm.fileSig !== fileSignature(auditLogPath)) return size;
@@ -14385,7 +14935,7 @@ var init_audit_shipper = __esm({
     init_config();
     init_sync();
     init_cloud();
-    AUDIT_SHIP_WATERMARK = path26.join(os22.homedir(), ".node9", "audit-ship.json");
+    AUDIT_SHIP_WATERMARK = path27.join(os23.homedir(), ".node9", "audit-ship.json");
     DEFAULT_INTERVAL_MS = 2e4;
     MAX_BATCH = 500;
     MAX_CHUNK_BYTES = 4 * 1024 * 1024;
@@ -14397,73 +14947,73 @@ var init_audit_shipper = __esm({
 });
 
 // src/daemon/dlp-scanner.ts
-import fs25 from "fs";
-import path27 from "path";
-import os23 from "os";
+import fs26 from "fs";
+import path28 from "path";
+import os24 from "os";
 function loadIndex() {
   try {
-    return JSON.parse(fs25.readFileSync(INDEX_FILE, "utf-8"));
+    return JSON.parse(fs26.readFileSync(INDEX_FILE, "utf-8"));
   } catch {
     return {};
   }
 }
 function saveIndex(index) {
   try {
-    fs25.writeFileSync(INDEX_FILE, JSON.stringify(index), { encoding: "utf-8", mode: 384 });
+    fs26.writeFileSync(INDEX_FILE, JSON.stringify(index), { encoding: "utf-8", mode: 384 });
   } catch {
   }
 }
 function appendAuditEntry(entry) {
   try {
-    fs25.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
+    fs26.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
   } catch {
   }
 }
 function runDlpScan() {
-  if (!fs25.existsSync(PROJECTS_DIR2)) return;
+  if (!fs26.existsSync(PROJECTS_DIR2)) return;
   const index = loadIndex();
   let updated = false;
   let projDirs;
   try {
-    projDirs = fs25.readdirSync(PROJECTS_DIR2);
+    projDirs = fs26.readdirSync(PROJECTS_DIR2);
   } catch {
     return;
   }
   for (const proj of projDirs) {
-    const projPath = path27.join(PROJECTS_DIR2, proj);
+    const projPath = path28.join(PROJECTS_DIR2, proj);
     try {
-      if (!fs25.lstatSync(projPath).isDirectory()) continue;
-      const real = fs25.realpathSync(projPath);
-      if (!real.startsWith(PROJECTS_DIR2 + path27.sep) && real !== PROJECTS_DIR2) continue;
+      if (!fs26.lstatSync(projPath).isDirectory()) continue;
+      const real = fs26.realpathSync(projPath);
+      if (!real.startsWith(PROJECTS_DIR2 + path28.sep) && real !== PROJECTS_DIR2) continue;
     } catch {
       continue;
     }
     let files;
     try {
-      files = fs25.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
+      files = fs26.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
     } catch {
       continue;
     }
     for (const file of files) {
-      const filePath = path27.join(projPath, file);
+      const filePath = path28.join(projPath, file);
       const lastOffset = index[filePath] ?? 0;
       let size;
       try {
-        size = fs25.statSync(filePath).size;
+        size = fs26.statSync(filePath).size;
       } catch {
         continue;
       }
       if (size <= lastOffset) continue;
       let fd;
       try {
-        fd = fs25.openSync(filePath, "r");
+        fd = fs26.openSync(filePath, "r");
       } catch {
         continue;
       }
       try {
         const chunkSize = size - lastOffset;
         const buf = Buffer.alloc(chunkSize);
-        fs25.readSync(fd, buf, 0, chunkSize, lastOffset);
+        fs26.readSync(fd, buf, 0, chunkSize, lastOffset);
         const chunk = buf.toString("utf-8");
         for (const line of chunk.split("\n")) {
           if (!line.trim()) continue;
@@ -14483,7 +15033,7 @@ function runDlpScan() {
             if (typeof text !== "string") continue;
             const match = scanText(text);
             if (!match) continue;
-            const projLabel = decodeURIComponent(proj).replace(os23.homedir(), "~").slice(0, 40);
+            const projLabel = decodeURIComponent(proj).replace(os24.homedir(), "~").slice(0, 40);
             const ts = entry.timestamp ?? (/* @__PURE__ */ new Date()).toISOString();
             appendAuditEntry({
               ts,
@@ -14508,7 +15058,7 @@ Run: node9 report --period 30d`
         updated = true;
       } finally {
         try {
-          fs25.closeSync(fd);
+          fs26.closeSync(fd);
         } catch {
         }
       }
@@ -14541,23 +15091,23 @@ var init_dlp_scanner = __esm({
     init_dlp();
     init_native();
     init_state2();
-    INDEX_FILE = path27.join(os23.homedir(), ".node9", "dlp-index.json");
-    PROJECTS_DIR2 = path27.join(os23.homedir(), ".claude", "projects");
+    INDEX_FILE = path28.join(os24.homedir(), ".node9", "dlp-index.json");
+    PROJECTS_DIR2 = path28.join(os24.homedir(), ".claude", "projects");
   }
 });
 
 // src/daemon/mcp-tools.ts
-import fs26 from "fs";
-import path28 from "path";
-import os24 from "os";
+import fs27 from "fs";
+import path29 from "path";
+import os25 from "os";
 function getMcpToolsFile() {
-  return path28.join(os24.homedir(), ".node9", "mcp-tools.json");
+  return path29.join(os25.homedir(), ".node9", "mcp-tools.json");
 }
 function readMcpToolsConfig() {
   try {
     const file = getMcpToolsFile();
-    if (!fs26.existsSync(file)) return {};
-    const raw = fs26.readFileSync(file, "utf-8");
+    if (!fs27.existsSync(file)) return {};
+    const raw = fs27.readFileSync(file, "utf-8");
     return JSON.parse(raw);
   } catch {
     return {};
@@ -14566,11 +15116,11 @@ function readMcpToolsConfig() {
 function writeMcpToolsConfig(config) {
   try {
     const file = getMcpToolsFile();
-    const dir = path28.dirname(file);
-    if (!fs26.existsSync(dir)) fs26.mkdirSync(dir, { recursive: true });
-    const tmpPath = `${file}.${os24.hostname()}.${process.pid}.tmp`;
-    fs26.writeFileSync(tmpPath, JSON.stringify(config, null, 2));
-    fs26.renameSync(tmpPath, file);
+    const dir = path29.dirname(file);
+    if (!fs27.existsSync(dir)) fs27.mkdirSync(dir, { recursive: true });
+    const tmpPath = `${file}.${os25.hostname()}.${process.pid}.tmp`;
+    fs27.writeFileSync(tmpPath, JSON.stringify(config, null, 2));
+    fs27.renameSync(tmpPath, file);
   } catch (e) {
     console.error("Failed to write mcp-tools.json", e);
   }
@@ -14617,9 +15167,9 @@ var init_mcp_tools = __esm({
 
 // src/daemon/server.ts
 import http from "http";
-import fs27 from "fs";
-import path29 from "path";
-import os25 from "os";
+import fs28 from "fs";
+import path30 from "path";
+import os26 from "os";
 import { randomUUID as randomUUID4 } from "crypto";
 import { spawnSync } from "child_process";
 import chalk6 from "chalk";
@@ -14641,7 +15191,7 @@ function startDaemon() {
     idleTimer = setTimeout(() => {
       if (autoStarted) {
         try {
-          fs27.unlinkSync(DAEMON_PID_FILE);
+          fs28.unlinkSync(DAEMON_PID_FILE);
         } catch {
         }
       }
@@ -14786,7 +15336,7 @@ data: ${JSON.stringify(item.data)}
             mcpServer: entry.mcpServer
           });
         }
-        const projectCwd = typeof cwd === "string" && path29.isAbsolute(cwd) ? cwd : void 0;
+        const projectCwd = typeof cwd === "string" && path30.isAbsolute(cwd) ? cwd : void 0;
         const projectConfig = getConfig(projectCwd);
         const browserEnabled = projectConfig.settings.approvers?.browser !== false;
         const terminalEnabled = projectConfig.settings.approvers?.terminal !== false;
@@ -15078,8 +15628,8 @@ data: ${JSON.stringify(item.data)}
       if (!validToken(req)) return res.writeHead(403).end();
       const periodParam = reqUrl.searchParams.get("period") || "7d";
       const period = ["today", "7d", "30d", "month"].includes(periodParam) ? periodParam : "7d";
-      const logPath = path29.join(os25.homedir(), ".node9", "audit.log");
-      if (!fs27.existsSync(logPath)) {
+      const logPath = path30.join(os26.homedir(), ".node9", "audit.log");
+      if (!fs28.existsSync(logPath)) {
         res.writeHead(200, { "Content-Type": "application/json" });
         return res.end(
           JSON.stringify({
@@ -15092,7 +15642,7 @@ data: ${JSON.stringify(item.data)}
         );
       }
       try {
-        const raw = fs27.readFileSync(logPath, "utf-8");
+        const raw = fs28.readFileSync(logPath, "utf-8");
         const allEntries = raw.split("\n").flatMap((line) => {
           if (!line.trim()) return [];
           try {
@@ -15415,14 +15965,14 @@ data: ${JSON.stringify(item.data)}
   server.on("error", (e) => {
     if (e.code === "EADDRINUSE") {
       try {
-        if (fs27.existsSync(DAEMON_PID_FILE)) {
-          const { pid } = JSON.parse(fs27.readFileSync(DAEMON_PID_FILE, "utf-8"));
+        if (fs28.existsSync(DAEMON_PID_FILE)) {
+          const { pid } = JSON.parse(fs28.readFileSync(DAEMON_PID_FILE, "utf-8"));
           process.kill(pid, 0);
           return process.exit(0);
         }
       } catch {
         try {
-          fs27.unlinkSync(DAEMON_PID_FILE);
+          fs28.unlinkSync(DAEMON_PID_FILE);
         } catch {
         }
         server.listen(DAEMON_PORT, DAEMON_HOST);
@@ -15511,15 +16061,15 @@ var init_server = __esm({
 });
 
 // src/daemon/service.ts
-import fs28 from "fs";
-import path30 from "path";
-import os26 from "os";
+import fs29 from "fs";
+import path31 from "path";
+import os27 from "os";
 import { spawnSync as spawnSync2, execFileSync } from "child_process";
 function resolveNode9Binary() {
   try {
     const script = process.argv[1];
-    if (typeof script === "string" && path30.isAbsolute(script) && fs28.existsSync(script)) {
-      return fs28.realpathSync(script);
+    if (typeof script === "string" && path31.isAbsolute(script) && fs29.existsSync(script)) {
+      return fs29.realpathSync(script);
     }
   } catch {
   }
@@ -15537,11 +16087,11 @@ function xmlEscape(s) {
   return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
 }
 function launchdPlist(binaryPath) {
-  const logDir = path30.join(os26.homedir(), ".node9");
+  const logDir = path31.join(os27.homedir(), ".node9");
   const nodePath = xmlEscape(process.execPath);
   const scriptPath = xmlEscape(binaryPath);
-  const outLog = xmlEscape(path30.join(logDir, "daemon.log"));
-  const errLog = xmlEscape(path30.join(logDir, "daemon-error.log"));
+  const outLog = xmlEscape(path31.join(logDir, "daemon.log"));
+  const errLog = xmlEscape(path31.join(logDir, "daemon-error.log"));
   return `<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
@@ -15574,9 +16124,9 @@ function launchdPlist(binaryPath) {
 `;
 }
 function installLaunchd(binaryPath) {
-  const dir = path30.dirname(LAUNCHD_PLIST);
-  if (!fs28.existsSync(dir)) fs28.mkdirSync(dir, { recursive: true });
-  fs28.writeFileSync(LAUNCHD_PLIST, launchdPlist(binaryPath), "utf-8");
+  const dir = path31.dirname(LAUNCHD_PLIST);
+  if (!fs29.existsSync(dir)) fs29.mkdirSync(dir, { recursive: true });
+  fs29.writeFileSync(LAUNCHD_PLIST, launchdPlist(binaryPath), "utf-8");
   spawnSync2("launchctl", ["unload", LAUNCHD_PLIST], { encoding: "utf8" });
   const r = spawnSync2("launchctl", ["load", "-w", LAUNCHD_PLIST], {
     encoding: "utf8",
@@ -15587,13 +16137,13 @@ function installLaunchd(binaryPath) {
   }
 }
 function uninstallLaunchd() {
-  if (fs28.existsSync(LAUNCHD_PLIST)) {
+  if (fs29.existsSync(LAUNCHD_PLIST)) {
     spawnSync2("launchctl", ["unload", "-w", LAUNCHD_PLIST], { encoding: "utf8", timeout: 5e3 });
-    fs28.unlinkSync(LAUNCHD_PLIST);
+    fs29.unlinkSync(LAUNCHD_PLIST);
   }
 }
 function isLaunchdInstalled() {
-  return fs28.existsSync(LAUNCHD_PLIST);
+  return fs29.existsSync(LAUNCHD_PLIST);
 }
 function systemdUnit(binaryPath) {
   return `[Unit]
@@ -15612,12 +16162,12 @@ WantedBy=default.target
 `;
 }
 function installSystemd(binaryPath) {
-  if (!fs28.existsSync(SYSTEMD_UNIT_DIR)) {
-    fs28.mkdirSync(SYSTEMD_UNIT_DIR, { recursive: true });
+  if (!fs29.existsSync(SYSTEMD_UNIT_DIR)) {
+    fs29.mkdirSync(SYSTEMD_UNIT_DIR, { recursive: true });
   }
-  fs28.writeFileSync(SYSTEMD_UNIT, systemdUnit(binaryPath), "utf-8");
+  fs29.writeFileSync(SYSTEMD_UNIT, systemdUnit(binaryPath), "utf-8");
   try {
-    execFileSync("loginctl", ["enable-linger", os26.userInfo().username], { timeout: 3e3 });
+    execFileSync("loginctl", ["enable-linger", os27.userInfo().username], { timeout: 3e3 });
   } catch {
   }
   const reload = spawnSync2("systemctl", ["--user", "daemon-reload"], {
@@ -15637,23 +16187,23 @@ function installSystemd(binaryPath) {
   }
 }
 function uninstallSystemd() {
-  if (fs28.existsSync(SYSTEMD_UNIT)) {
+  if (fs29.existsSync(SYSTEMD_UNIT)) {
     spawnSync2("systemctl", ["--user", "disable", "--now", "node9-daemon"], {
       encoding: "utf8",
       timeout: 5e3
     });
     spawnSync2("systemctl", ["--user", "daemon-reload"], { encoding: "utf8", timeout: 5e3 });
-    fs28.unlinkSync(SYSTEMD_UNIT);
+    fs29.unlinkSync(SYSTEMD_UNIT);
   }
 }
 function isSystemdInstalled() {
-  return fs28.existsSync(SYSTEMD_UNIT);
+  return fs29.existsSync(SYSTEMD_UNIT);
 }
 function stopRunningDaemon() {
-  const pidFile = path30.join(os26.homedir(), ".node9", "daemon.pid");
-  if (!fs28.existsSync(pidFile)) return;
+  const pidFile = path31.join(os27.homedir(), ".node9", "daemon.pid");
+  if (!fs29.existsSync(pidFile)) return;
   try {
-    const data = JSON.parse(fs28.readFileSync(pidFile, "utf-8"));
+    const data = JSON.parse(fs29.readFileSync(pidFile, "utf-8"));
     const pid = data.pid;
     const MAX_PID2 = 4194304;
     if (typeof pid === "number" && Number.isInteger(pid) && pid > 0 && pid <= MAX_PID2) {
@@ -15673,7 +16223,7 @@ function stopRunningDaemon() {
       }
     }
     try {
-      fs28.unlinkSync(pidFile);
+      fs29.unlinkSync(pidFile);
     } catch {
     }
   } catch {
@@ -15748,19 +16298,19 @@ var init_service = __esm({
   "src/daemon/service.ts"() {
     "use strict";
     LAUNCHD_LABEL = "ai.node9.daemon";
-    LAUNCHD_PLIST = path30.join(os26.homedir(), "Library", "LaunchAgents", `${LAUNCHD_LABEL}.plist`);
-    SYSTEMD_UNIT_DIR = path30.join(os26.homedir(), ".config", "systemd", "user");
-    SYSTEMD_UNIT = path30.join(SYSTEMD_UNIT_DIR, "node9-daemon.service");
+    LAUNCHD_PLIST = path31.join(os27.homedir(), "Library", "LaunchAgents", `${LAUNCHD_LABEL}.plist`);
+    SYSTEMD_UNIT_DIR = path31.join(os27.homedir(), ".config", "systemd", "user");
+    SYSTEMD_UNIT = path31.join(SYSTEMD_UNIT_DIR, "node9-daemon.service");
   }
 });
 
 // src/daemon/index.ts
-import fs29 from "fs";
+import fs30 from "fs";
 import chalk7 from "chalk";
 function stopDaemon() {
-  if (!fs29.existsSync(DAEMON_PID_FILE)) return console.log(chalk7.yellow("Not running."));
+  if (!fs30.existsSync(DAEMON_PID_FILE)) return console.log(chalk7.yellow("Not running."));
   try {
-    const data = JSON.parse(fs29.readFileSync(DAEMON_PID_FILE, "utf-8"));
+    const data = JSON.parse(fs30.readFileSync(DAEMON_PID_FILE, "utf-8"));
     const pid = data.pid;
     if (typeof pid !== "number" || !Number.isInteger(pid) || pid <= 0 || pid > MAX_PID) {
       console.log(chalk7.gray("Cleaned up invalid PID file."));
@@ -15772,7 +16322,7 @@ function stopDaemon() {
     console.log(chalk7.gray("Cleaned up stale PID file."));
   } finally {
     try {
-      fs29.unlinkSync(DAEMON_PID_FILE);
+      fs30.unlinkSync(DAEMON_PID_FILE);
     } catch {
     }
   }
@@ -15781,9 +16331,9 @@ function daemonStatus() {
   const serviceInstalled = isDaemonServiceInstalled();
   const serviceLabel = serviceInstalled ? chalk7.green("installed (starts on login)") : chalk7.yellow("not installed \u2014 run: node9 daemon install");
   let processStatus;
-  if (fs29.existsSync(DAEMON_PID_FILE)) {
+  if (fs30.existsSync(DAEMON_PID_FILE)) {
     try {
-      const data = JSON.parse(fs29.readFileSync(DAEMON_PID_FILE, "utf-8"));
+      const data = JSON.parse(fs30.readFileSync(DAEMON_PID_FILE, "utf-8"));
       const pid = data.pid;
       const port = data.port;
       if (typeof pid !== "number" || !Number.isInteger(pid) || pid <= 0 || pid > MAX_PID) {
@@ -15828,9 +16378,9 @@ __export(tail_exports, {
 });
 import http2 from "http";
 import chalk29 from "chalk";
-import fs47 from "fs";
-import os42 from "os";
-import path48 from "path";
+import fs48 from "fs";
+import os43 from "os";
+import path49 from "path";
 import readline6 from "readline";
 import { spawn as spawn8 } from "child_process";
 function shortenPathSummary(s) {
@@ -15854,20 +16404,20 @@ function getModelContextLimit(model) {
   return 2e5;
 }
 function readSessionUsage() {
-  const projectsDir = path48.join(os42.homedir(), ".claude", "projects");
-  if (!fs47.existsSync(projectsDir)) return null;
+  const projectsDir = path49.join(os43.homedir(), ".claude", "projects");
+  if (!fs48.existsSync(projectsDir)) return null;
   let latestFile = null;
   let latestMtime = 0;
   try {
-    for (const dir of fs47.readdirSync(projectsDir)) {
-      const dirPath = path48.join(projectsDir, dir);
+    for (const dir of fs48.readdirSync(projectsDir)) {
+      const dirPath = path49.join(projectsDir, dir);
       try {
-        if (!fs47.statSync(dirPath).isDirectory()) continue;
-        for (const file of fs47.readdirSync(dirPath)) {
+        if (!fs48.statSync(dirPath).isDirectory()) continue;
+        for (const file of fs48.readdirSync(dirPath)) {
           if (!file.endsWith(".jsonl") || file.startsWith("agent-")) continue;
-          const filePath = path48.join(dirPath, file);
+          const filePath = path49.join(dirPath, file);
           try {
-            const mtime = fs47.statSync(filePath).mtimeMs;
+            const mtime = fs48.statSync(filePath).mtimeMs;
             if (mtime > latestMtime) {
               latestMtime = mtime;
               latestFile = filePath;
@@ -15882,7 +16432,7 @@ function readSessionUsage() {
   }
   if (!latestFile) return null;
   try {
-    const lines = fs47.readFileSync(latestFile, "utf-8").split("\n");
+    const lines = fs48.readFileSync(latestFile, "utf-8").split("\n");
     let lastModel = "";
     let lastInput = 0;
     let lastOutput = 0;
@@ -15943,7 +16493,7 @@ function formatBase(activity) {
   const time = new Date(activity.ts).toLocaleTimeString([], { hour12: false });
   const icon = getIcon(activity.tool);
   const toolName = activity.tool.slice(0, 16).padEnd(16);
-  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ").replaceAll(os42.homedir(), "~");
+  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ").replaceAll(os43.homedir(), "~");
   const argsPreview = argsStr.length > 70 ? argsStr.slice(0, 70) + "\u2026" : argsStr;
   return `${chalk29.gray(time)} ${icon} ${agentLabel(activity.agent, activity.mcpServer, activity.sessionId)}${chalk29.white.bold(toolName)} ${chalk29.dim(argsPreview)}`;
 }
@@ -15982,9 +16532,9 @@ function renderPending(activity) {
 }
 async function ensureDaemon() {
   let pidPort = null;
-  if (fs47.existsSync(PID_FILE)) {
+  if (fs48.existsSync(PID_FILE)) {
     try {
-      const { port } = JSON.parse(fs47.readFileSync(PID_FILE, "utf-8"));
+      const { port } = JSON.parse(fs48.readFileSync(PID_FILE, "utf-8"));
       pidPort = port;
     } catch {
       console.error(chalk29.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
@@ -16140,9 +16690,9 @@ function buildRecoveryCardLines(req) {
   ];
 }
 function readApproversFromDisk() {
-  const configPath = path48.join(os42.homedir(), ".node9", "config.json");
+  const configPath = path49.join(os43.homedir(), ".node9", "config.json");
   try {
-    const raw = JSON.parse(fs47.readFileSync(configPath, "utf-8"));
+    const raw = JSON.parse(fs48.readFileSync(configPath, "utf-8"));
     const settings = raw.settings ?? {};
     return settings.approvers ?? {};
   } catch {
@@ -16158,15 +16708,15 @@ function approverStatusLine() {
   return `${fmt("native", "native")}  ${fmt("cloud", "cloud")}  ${fmt("terminal", "terminal")}`;
 }
 function toggleApprover(channel) {
-  const configPath = path48.join(os42.homedir(), ".node9", "config.json");
+  const configPath = path49.join(os43.homedir(), ".node9", "config.json");
   try {
-    const raw = JSON.parse(fs47.readFileSync(configPath, "utf-8"));
+    const raw = JSON.parse(fs48.readFileSync(configPath, "utf-8"));
     const settings = raw.settings ?? {};
     const approvers = settings.approvers ?? {};
     approvers[channel] = approvers[channel] === false;
     settings.approvers = approvers;
     raw.settings = settings;
-    fs47.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
+    fs48.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
   } catch (err2) {
     process.stderr.write(`[node9] toggleApprover failed: ${String(err2)}
 `);
@@ -16338,8 +16888,8 @@ async function startTail(options = {}) {
       }
       postDecisionHttp(req2.id, httpDecision, authToken, port, httpOpts).catch((err2) => {
         try {
-          fs47.appendFileSync(
-            path48.join(os42.homedir(), ".node9", "hook-debug.log"),
+          fs48.appendFileSync(
+            path49.join(os43.homedir(), ".node9", "hook-debug.log"),
             `[tail] POST /decision failed: ${String(err2)}
 `
           );
@@ -16403,9 +16953,9 @@ async function startTail(options = {}) {
     };
     process.stdin.on("keypress", onKeypress);
   }
-  const auditLog = path48.join(os42.homedir(), ".node9", "audit.log");
+  const auditLog = path49.join(os43.homedir(), ".node9", "audit.log");
   try {
-    const unackedDlp = fs47.readFileSync(auditLog, "utf-8").split("\n").filter((l) => l.includes('"response-dlp"')).length;
+    const unackedDlp = fs48.readFileSync(auditLog, "utf-8").split("\n").filter((l) => l.includes('"response-dlp"')).length;
     if (unackedDlp > 0) {
       console.log("");
       console.log(
@@ -16445,7 +16995,7 @@ async function startTail(options = {}) {
     if (stallWarned) return;
     if (Date.now() - lastActivityFromDaemon < STALL_THRESHOLD_MS) return;
     try {
-      const auditMtime = fs47.statSync(auditLog).mtimeMs;
+      const auditMtime = fs48.statSync(auditLog).mtimeMs;
       if (Date.now() - auditMtime >= STALL_THRESHOLD_MS) return;
       console.log("");
       console.log(
@@ -16636,7 +17186,7 @@ var init_tail = __esm({
     "use strict";
     init_daemon2();
     init_daemon();
-    PID_FILE = path48.join(os42.homedir(), ".node9", "daemon.pid");
+    PID_FILE = path49.join(os43.homedir(), ".node9", "daemon.pid");
     ICONS = {
       bash: "\u{1F4BB}",
       shell: "\u{1F4BB}",
@@ -16684,9 +17234,9 @@ __export(hud_exports, {
   main: () => main,
   renderEnvironmentLine: () => renderEnvironmentLine
 });
-import fs48 from "fs";
-import path49 from "path";
-import os43 from "os";
+import fs49 from "fs";
+import path50 from "path";
+import os44 from "os";
 import http3 from "http";
 async function readStdin() {
   const chunks = [];
@@ -16762,9 +17312,9 @@ function formatTimeLeft(resetsAt) {
   return ` (${m}m left)`;
 }
 function safeReadJson(filePath) {
-  if (!fs48.existsSync(filePath)) return null;
+  if (!fs49.existsSync(filePath)) return null;
   try {
-    return JSON.parse(fs48.readFileSync(filePath, "utf-8"));
+    return JSON.parse(fs49.readFileSync(filePath, "utf-8"));
   } catch {
     return null;
   }
@@ -16785,12 +17335,12 @@ function countHooksInFile(filePath) {
   return Object.keys(cfg.hooks).length;
 }
 function countRulesInDir(rulesDir) {
-  if (!fs48.existsSync(rulesDir)) return 0;
+  if (!fs49.existsSync(rulesDir)) return 0;
   let count = 0;
   try {
-    for (const entry of fs48.readdirSync(rulesDir, { withFileTypes: true })) {
+    for (const entry of fs49.readdirSync(rulesDir, { withFileTypes: true })) {
       if (entry.isDirectory()) {
-        count += countRulesInDir(path49.join(rulesDir, entry.name));
+        count += countRulesInDir(path50.join(rulesDir, entry.name));
       } else if (entry.isFile() && entry.name.endsWith(".md")) {
         count++;
       }
@@ -16801,46 +17351,46 @@ function countRulesInDir(rulesDir) {
 }
 function isSamePath(a, b) {
   try {
-    return path49.resolve(a) === path49.resolve(b);
+    return path50.resolve(a) === path50.resolve(b);
   } catch {
     return false;
   }
 }
 function countConfigs(cwd) {
-  const homeDir2 = os43.homedir();
-  const claudeDir = path49.join(homeDir2, ".claude");
+  const homeDir2 = os44.homedir();
+  const claudeDir = path50.join(homeDir2, ".claude");
   let claudeMdCount = 0;
   let rulesCount = 0;
   let hooksCount = 0;
   const userMcpServers = /* @__PURE__ */ new Set();
   const projectMcpServers = /* @__PURE__ */ new Set();
-  if (fs48.existsSync(path49.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
-  rulesCount += countRulesInDir(path49.join(claudeDir, "rules"));
-  const userSettings = path49.join(claudeDir, "settings.json");
+  if (fs49.existsSync(path50.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
+  rulesCount += countRulesInDir(path50.join(claudeDir, "rules"));
+  const userSettings = path50.join(claudeDir, "settings.json");
   for (const name of getMcpServerNames(userSettings)) userMcpServers.add(name);
   hooksCount += countHooksInFile(userSettings);
-  const userClaudeJson = path49.join(homeDir2, ".claude.json");
+  const userClaudeJson = path50.join(homeDir2, ".claude.json");
   for (const name of getMcpServerNames(userClaudeJson)) userMcpServers.add(name);
   for (const name of getDisabledMcpServers(userClaudeJson, "disabledMcpServers")) {
     userMcpServers.delete(name);
   }
   if (cwd) {
-    if (fs48.existsSync(path49.join(cwd, "CLAUDE.md"))) claudeMdCount++;
-    if (fs48.existsSync(path49.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
-    const projectClaudeDir = path49.join(cwd, ".claude");
+    if (fs49.existsSync(path50.join(cwd, "CLAUDE.md"))) claudeMdCount++;
+    if (fs49.existsSync(path50.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
+    const projectClaudeDir = path50.join(cwd, ".claude");
     const overlapsUserScope = isSamePath(projectClaudeDir, claudeDir);
     if (!overlapsUserScope) {
-      if (fs48.existsSync(path49.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
-      rulesCount += countRulesInDir(path49.join(projectClaudeDir, "rules"));
-      const projSettings = path49.join(projectClaudeDir, "settings.json");
+      if (fs49.existsSync(path50.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
+      rulesCount += countRulesInDir(path50.join(projectClaudeDir, "rules"));
+      const projSettings = path50.join(projectClaudeDir, "settings.json");
       for (const name of getMcpServerNames(projSettings)) projectMcpServers.add(name);
       hooksCount += countHooksInFile(projSettings);
     }
-    if (fs48.existsSync(path49.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
-    const localSettings = path49.join(projectClaudeDir, "settings.local.json");
+    if (fs49.existsSync(path50.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
+    const localSettings = path50.join(projectClaudeDir, "settings.local.json");
     for (const name of getMcpServerNames(localSettings)) projectMcpServers.add(name);
     hooksCount += countHooksInFile(localSettings);
-    const mcpJsonServers = getMcpServerNames(path49.join(cwd, ".mcp.json"));
+    const mcpJsonServers = getMcpServerNames(path50.join(cwd, ".mcp.json"));
     const disabledMcpJson = getDisabledMcpServers(localSettings, "disabledMcpjsonServers");
     for (const name of disabledMcpJson) mcpJsonServers.delete(name);
     for (const name of mcpJsonServers) projectMcpServers.add(name);
@@ -16873,12 +17423,12 @@ function readActiveShieldsHud() {
     return shieldsCache.value;
   }
   try {
-    const shieldsPath = path49.join(os43.homedir(), ".node9", "shields.json");
-    if (!fs48.existsSync(shieldsPath)) {
+    const shieldsPath = path50.join(os44.homedir(), ".node9", "shields.json");
+    if (!fs49.existsSync(shieldsPath)) {
       shieldsCache = { value: [], ts: now };
       return [];
     }
-    const parsed = JSON.parse(fs48.readFileSync(shieldsPath, "utf-8"));
+    const parsed = JSON.parse(fs49.readFileSync(shieldsPath, "utf-8"));
     if (!Array.isArray(parsed.active)) {
       shieldsCache = { value: [], ts: now };
       return [];
@@ -16980,17 +17530,17 @@ function renderContextLine(stdin) {
 async function main() {
   try {
     const [stdin, daemonStatus2] = await Promise.all([readStdin(), queryDaemon()]);
-    if (fs48.existsSync(path49.join(os43.homedir(), ".node9", "hud-debug"))) {
+    if (fs49.existsSync(path50.join(os44.homedir(), ".node9", "hud-debug"))) {
       try {
-        const logPath = path49.join(os43.homedir(), ".node9", "hud-debug.log");
+        const logPath = path50.join(os44.homedir(), ".node9", "hud-debug.log");
         const MAX_LOG_SIZE = 10 * 1024 * 1024;
         let size = 0;
         try {
-          size = fs48.statSync(logPath).size;
+          size = fs49.statSync(logPath).size;
         } catch {
         }
         if (size < MAX_LOG_SIZE) {
-          fs48.appendFileSync(
+          fs49.appendFileSync(
             logPath,
             JSON.stringify({ ts: (/* @__PURE__ */ new Date()).toISOString(), stdin }) + "\n"
           );
@@ -17011,11 +17561,11 @@ async function main() {
       try {
         const cwd = stdin.cwd ?? process.cwd();
         for (const configPath of [
-          path49.join(cwd, "node9.config.json"),
-          path49.join(os43.homedir(), ".node9", "config.json")
+          path50.join(cwd, "node9.config.json"),
+          path50.join(os44.homedir(), ".node9", "config.json")
         ]) {
-          if (!fs48.existsSync(configPath)) continue;
-          const cfg = JSON.parse(fs48.readFileSync(configPath, "utf-8"));
+          if (!fs49.existsSync(configPath)) continue;
+          const cfg = JSON.parse(fs49.readFileSync(configPath, "utf-8"));
           const hud = cfg.settings?.hud;
           if (hud && "showEnvironmentCounts" in hud) return hud.showEnvironmentCounts !== false;
         }
@@ -17062,9 +17612,9 @@ init_setup();
 init_daemon2();
 import { Command } from "commander";
 import chalk30 from "chalk";
-import fs49 from "fs";
-import path50 from "path";
-import os44 from "os";
+import fs50 from "fs";
+import path51 from "path";
+import os45 from "os";
 import { confirm as confirm2 } from "@inquirer/prompts";
 
 // src/utils/duration.ts
@@ -17247,17 +17797,17 @@ async function runProxy(targetCommand) {
 // src/cli/daemon-starter.ts
 init_daemon();
 import { spawn as spawn3 } from "child_process";
-import path31 from "path";
-import fs30 from "fs";
+import path32 from "path";
+import fs31 from "fs";
 function isTestingMode() {
   return /^(1|true|yes)$/i.test(process.env.NODE9_TESTING ?? "");
 }
 async function autoStartDaemonAndWait() {
   if (isTestingMode()) return false;
-  if (!path31.isAbsolute(process.argv[1])) return false;
+  if (!path32.isAbsolute(process.argv[1])) return false;
   let resolvedArgv1;
   try {
-    resolvedArgv1 = fs30.realpathSync(process.argv[1]);
+    resolvedArgv1 = fs31.realpathSync(process.argv[1]);
   } catch {
     return false;
   }
@@ -17288,19 +17838,19 @@ init_daemon();
 init_config();
 init_policy();
 import chalk9 from "chalk";
-import fs33 from "fs";
+import fs34 from "fs";
 import { spawn as spawn5 } from "child_process";
-import path34 from "path";
-import os29 from "os";
+import path35 from "path";
+import os30 from "os";
 
 // src/undo.ts
 import { spawnSync as spawnSync3, spawn as spawn4 } from "child_process";
 import crypto6 from "crypto";
-import fs31 from "fs";
+import fs32 from "fs";
 import net3 from "net";
-import path32 from "path";
-import os27 from "os";
-var ACTIVITY_SOCKET_PATH3 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path32.join(os27.tmpdir(), "node9-activity.sock");
+import path33 from "path";
+import os28 from "os";
+var ACTIVITY_SOCKET_PATH3 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path33.join(os28.tmpdir(), "node9-activity.sock");
 function notifySnapshotTaken(hash, tool, argsSummary, fileCount) {
   try {
     const payload = JSON.stringify({
@@ -17320,22 +17870,22 @@ function notifySnapshotTaken(hash, tool, argsSummary, fileCount) {
   } catch {
   }
 }
-var SNAPSHOT_STACK_PATH = path32.join(os27.homedir(), ".node9", "snapshots.json");
-var UNDO_LATEST_PATH = path32.join(os27.homedir(), ".node9", "undo_latest.txt");
+var SNAPSHOT_STACK_PATH = path33.join(os28.homedir(), ".node9", "snapshots.json");
+var UNDO_LATEST_PATH = path33.join(os28.homedir(), ".node9", "undo_latest.txt");
 var MAX_SNAPSHOTS = 10;
 var GIT_TIMEOUT = 15e3;
 function readStack() {
   try {
-    if (fs31.existsSync(SNAPSHOT_STACK_PATH))
-      return JSON.parse(fs31.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
+    if (fs32.existsSync(SNAPSHOT_STACK_PATH))
+      return JSON.parse(fs32.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
   } catch {
   }
   return [];
 }
 function writeStack(stack) {
-  const dir = path32.dirname(SNAPSHOT_STACK_PATH);
-  if (!fs31.existsSync(dir)) fs31.mkdirSync(dir, { recursive: true });
-  fs31.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
+  const dir = path33.dirname(SNAPSHOT_STACK_PATH);
+  if (!fs32.existsSync(dir)) fs32.mkdirSync(dir, { recursive: true });
+  fs32.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
 }
 function extractFilePath(args) {
   if (!args || typeof args !== "object") return null;
@@ -17355,12 +17905,12 @@ function buildArgsSummary(tool, args) {
   return "";
 }
 function findProjectRoot(filePath) {
-  let dir = path32.dirname(filePath);
+  let dir = path33.dirname(filePath);
   while (true) {
-    if (fs31.existsSync(path32.join(dir, ".git")) || fs31.existsSync(path32.join(dir, "package.json"))) {
+    if (fs32.existsSync(path33.join(dir, ".git")) || fs32.existsSync(path33.join(dir, "package.json"))) {
       return dir;
     }
-    const parent = path32.dirname(dir);
+    const parent = path33.dirname(dir);
     if (parent === dir) return process.cwd();
     dir = parent;
   }
@@ -17368,7 +17918,7 @@ function findProjectRoot(filePath) {
 function normalizeCwdForHash(cwd) {
   let normalized;
   try {
-    normalized = fs31.realpathSync(cwd);
+    normalized = fs32.realpathSync(cwd);
   } catch {
     normalized = cwd;
   }
@@ -17378,16 +17928,16 @@ function normalizeCwdForHash(cwd) {
 }
 function getShadowRepoDir(cwd) {
   const hash = crypto6.createHash("sha256").update(normalizeCwdForHash(cwd)).digest("hex").slice(0, 16);
-  return path32.join(os27.homedir(), ".node9", "snapshots", hash);
+  return path33.join(os28.homedir(), ".node9", "snapshots", hash);
 }
 function cleanOrphanedIndexFiles(shadowDir) {
   try {
     const cutoff = Date.now() - 6e4;
-    for (const f of fs31.readdirSync(shadowDir)) {
+    for (const f of fs32.readdirSync(shadowDir)) {
       if (f.startsWith("index_")) {
-        const fp = path32.join(shadowDir, f);
+        const fp = path33.join(shadowDir, f);
         try {
-          if (fs31.statSync(fp).mtimeMs < cutoff) fs31.unlinkSync(fp);
+          if (fs32.statSync(fp).mtimeMs < cutoff) fs32.unlinkSync(fp);
         } catch {
         }
       }
@@ -17399,7 +17949,7 @@ function writeShadowExcludes(shadowDir, ignorePaths) {
   const hardcoded = [".git", ".node9"];
   const lines = [...hardcoded, ...ignorePaths].join("\n");
   try {
-    fs31.writeFileSync(path32.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
+    fs32.writeFileSync(path33.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
   } catch {
   }
 }
@@ -17412,25 +17962,25 @@ function ensureShadowRepo(shadowDir, cwd) {
     timeout: 3e3
   });
   if (check.status === 0) {
-    const ptPath = path32.join(shadowDir, "project-path.txt");
+    const ptPath = path33.join(shadowDir, "project-path.txt");
     try {
-      const stored = fs31.readFileSync(ptPath, "utf8").trim();
+      const stored = fs32.readFileSync(ptPath, "utf8").trim();
       if (stored === normalizedCwd) return true;
       if (process.env.NODE9_DEBUG === "1")
         console.error(
           `[Node9] Shadow repo path mismatch: stored="${stored}" expected="${normalizedCwd}" \u2014 reinitializing`
         );
-      fs31.rmSync(shadowDir, { recursive: true, force: true });
+      fs32.rmSync(shadowDir, { recursive: true, force: true });
     } catch {
       try {
-        fs31.writeFileSync(ptPath, normalizedCwd, "utf8");
+        fs32.writeFileSync(ptPath, normalizedCwd, "utf8");
       } catch {
       }
       return true;
     }
   }
   try {
-    fs31.mkdirSync(shadowDir, { recursive: true });
+    fs32.mkdirSync(shadowDir, { recursive: true });
   } catch {
   }
   const init = spawnSync3("git", ["init", "--bare", shadowDir], { timeout: 5e3 });
@@ -17439,7 +17989,7 @@ function ensureShadowRepo(shadowDir, cwd) {
     if (process.env.NODE9_DEBUG === "1") console.error("[Node9] git init --bare failed:", reason);
     return false;
   }
-  const configFile = path32.join(shadowDir, "config");
+  const configFile = path33.join(shadowDir, "config");
   spawnSync3("git", ["config", "--file", configFile, "core.untrackedCache", "true"], {
     timeout: 3e3
   });
@@ -17447,7 +17997,7 @@ function ensureShadowRepo(shadowDir, cwd) {
     timeout: 3e3
   });
   try {
-    fs31.writeFileSync(path32.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
+    fs32.writeFileSync(path33.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
   } catch {
   }
   return true;
@@ -17470,12 +18020,12 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
   let indexFile = null;
   try {
     const rawFilePath = extractFilePath(args);
-    const absFilePath = rawFilePath && path32.isAbsolute(rawFilePath) ? rawFilePath : null;
+    const absFilePath = rawFilePath && path33.isAbsolute(rawFilePath) ? rawFilePath : null;
     const cwd = absFilePath ? findProjectRoot(absFilePath) : process.cwd();
     const shadowDir = getShadowRepoDir(cwd);
     if (!ensureShadowRepo(shadowDir, cwd)) return null;
     writeShadowExcludes(shadowDir, ignorePaths);
-    indexFile = path32.join(shadowDir, `index_${process.pid}_${Date.now()}`);
+    indexFile = path33.join(shadowDir, `index_${process.pid}_${Date.now()}`);
     const shadowEnv = {
       ...process.env,
       GIT_DIR: shadowDir,
@@ -17547,7 +18097,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
     writeStack(stack);
     const entry = stack[stack.length - 1];
     notifySnapshotTaken(commitHash.slice(0, 7), tool, entry.argsSummary, capturedFiles.length);
-    fs31.writeFileSync(UNDO_LATEST_PATH, commitHash);
+    fs32.writeFileSync(UNDO_LATEST_PATH, commitHash);
     if (shouldGc) {
       spawn4("git", ["gc", "--auto"], { env: shadowEnv, detached: true, stdio: "ignore" }).unref();
     }
@@ -17558,7 +18108,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
   } finally {
     if (indexFile) {
       try {
-        fs31.unlinkSync(indexFile);
+        fs32.unlinkSync(indexFile);
       } catch {
       }
     }
@@ -17634,9 +18184,9 @@ function applyUndo(hash, cwd) {
       timeout: GIT_TIMEOUT
     }).stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
     for (const file of [...tracked, ...untracked]) {
-      const fullPath = path32.join(dir, file);
-      if (!snapshotFiles.has(file) && fs31.existsSync(fullPath)) {
-        fs31.unlinkSync(fullPath);
+      const fullPath = path33.join(dir, file);
+      if (!snapshotFiles.has(file) && fs32.existsSync(fullPath)) {
+        fs32.unlinkSync(fullPath);
       }
     }
     return true;
@@ -17646,12 +18196,12 @@ function applyUndo(hash, cwd) {
 }
 
 // src/skill-pin.ts
-import fs32 from "fs";
-import path33 from "path";
-import os28 from "os";
+import fs33 from "fs";
+import path34 from "path";
+import os29 from "os";
 import crypto7 from "crypto";
 function getPinsFilePath2() {
-  return path33.join(os28.homedir(), ".node9", "skill-pins.json");
+  return path34.join(os29.homedir(), ".node9", "skill-pins.json");
 }
 var MAX_FILES = 5e3;
 var MAX_TOTAL_BYTES = 50 * 1024 * 1024;
@@ -17665,18 +18215,18 @@ function walkDir(root) {
     if (out.length >= MAX_FILES) return;
     let entries;
     try {
-      entries = fs32.readdirSync(dir, { withFileTypes: true });
+      entries = fs33.readdirSync(dir, { withFileTypes: true });
     } catch {
       return;
     }
     entries.sort((a, b) => a.name.localeCompare(b.name));
     for (const entry of entries) {
       if (out.length >= MAX_FILES) return;
-      const full = path33.join(dir, entry.name);
-      const rel = relDir ? path33.posix.join(relDir, entry.name) : entry.name;
+      const full = path34.join(dir, entry.name);
+      const rel = relDir ? path34.posix.join(relDir, entry.name) : entry.name;
       let lst;
       try {
-        lst = fs32.lstatSync(full);
+        lst = fs33.lstatSync(full);
       } catch {
         continue;
       }
@@ -17688,7 +18238,7 @@ function walkDir(root) {
       if (!lst.isFile()) continue;
       if (totalBytes + lst.size > MAX_TOTAL_BYTES) continue;
       try {
-        const buf = fs32.readFileSync(full);
+        const buf = fs33.readFileSync(full);
         totalBytes += buf.length;
         out.push({ rel, hash: sha256Bytes(buf) });
       } catch {
@@ -17702,14 +18252,14 @@ function walkDir(root) {
 function hashSkillRoot(absPath) {
   let lst;
   try {
-    lst = fs32.lstatSync(absPath);
+    lst = fs33.lstatSync(absPath);
   } catch {
     return { exists: false, contentHash: "", fileCount: 0 };
   }
   if (lst.isSymbolicLink()) return { exists: false, contentHash: "", fileCount: 0 };
   if (lst.isFile()) {
     try {
-      return { exists: true, contentHash: sha256Bytes(fs32.readFileSync(absPath)), fileCount: 1 };
+      return { exists: true, contentHash: sha256Bytes(fs33.readFileSync(absPath)), fileCount: 1 };
     } catch {
       return { exists: false, contentHash: "", fileCount: 0 };
     }
@@ -17727,7 +18277,7 @@ function getRootKey(absPath) {
 function readSkillPinsSafe() {
   const filePath = getPinsFilePath2();
   try {
-    const raw = fs32.readFileSync(filePath, "utf-8");
+    const raw = fs33.readFileSync(filePath, "utf-8");
     if (!raw.trim()) return { ok: false, reason: "corrupt", detail: "empty file" };
     const parsed = JSON.parse(raw);
     if (!parsed.roots || typeof parsed.roots !== "object" || Array.isArray(parsed.roots)) {
@@ -17747,10 +18297,10 @@ function readSkillPins() {
 }
 function writeSkillPins(data) {
   const filePath = getPinsFilePath2();
-  fs32.mkdirSync(path33.dirname(filePath), { recursive: true });
+  fs33.mkdirSync(path34.dirname(filePath), { recursive: true });
   const tmp = `${filePath}.${crypto7.randomBytes(6).toString("hex")}.tmp`;
-  fs32.writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 384 });
-  fs32.renameSync(tmp, filePath);
+  fs33.writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 384 });
+  fs33.renameSync(tmp, filePath);
 }
 function removePin2(rootKey) {
   const pins = readSkillPins();
@@ -17794,36 +18344,36 @@ function verifyAndPinRoots(roots) {
   return { kind: "verified" };
 }
 function defaultSkillRoots(_cwd) {
-  const marketplaces = path33.join(os28.homedir(), ".claude", "plugins", "marketplaces");
+  const marketplaces = path34.join(os29.homedir(), ".claude", "plugins", "marketplaces");
   const roots = [];
   let registries;
   try {
-    registries = fs32.readdirSync(marketplaces, { withFileTypes: true });
+    registries = fs33.readdirSync(marketplaces, { withFileTypes: true });
   } catch {
     return [];
   }
   for (const registry of registries) {
     if (!registry.isDirectory()) continue;
-    const pluginsDir = path33.join(marketplaces, registry.name, "plugins");
+    const pluginsDir = path34.join(marketplaces, registry.name, "plugins");
     let plugins;
     try {
-      plugins = fs32.readdirSync(pluginsDir, { withFileTypes: true });
+      plugins = fs33.readdirSync(pluginsDir, { withFileTypes: true });
     } catch {
       continue;
     }
     for (const plugin of plugins) {
       if (!plugin.isDirectory()) continue;
-      roots.push(path33.join(pluginsDir, plugin.name));
+      roots.push(path34.join(pluginsDir, plugin.name));
     }
   }
   return roots;
 }
 function resolveUserSkillRoot(entry, cwd) {
   if (!entry) return null;
-  if (entry.startsWith("~/") || entry === "~") return path33.join(os28.homedir(), entry.slice(1));
-  if (path33.isAbsolute(entry)) return entry;
-  if (!cwd || !path33.isAbsolute(cwd)) return null;
-  return path33.join(cwd, entry);
+  if (entry.startsWith("~/") || entry === "~") return path34.join(os29.homedir(), entry.slice(1));
+  if (path34.isAbsolute(entry)) return entry;
+  if (!cwd || !path34.isAbsolute(cwd)) return null;
+  return path34.join(cwd, entry);
 }
 
 // src/cli/commands/check.ts
@@ -17892,9 +18442,9 @@ function registerCheckCommand(program2) {
         } catch (err2) {
           const tempConfig = getConfig();
           if (process.env.NODE9_DEBUG === "1" || tempConfig.settings.enableHookLogDebug) {
-            const logPath = path34.join(os29.homedir(), ".node9", "hook-debug.log");
+            const logPath = path35.join(os30.homedir(), ".node9", "hook-debug.log");
             const errMsg = err2 instanceof Error ? err2.message : String(err2);
-            fs33.appendFileSync(
+            fs34.appendFileSync(
               logPath,
               `[${(/* @__PURE__ */ new Date()).toISOString()}] JSON_PARSE_ERROR: ${errMsg}
 RAW: ${raw}
@@ -17907,14 +18457,14 @@ RAW: ${raw}
           const prompt = typeof payload.prompt === "string" ? payload.prompt : "";
           if (process.env.NODE9_DEBUG === "1") {
             try {
-              const logPath = path34.join(os29.homedir(), ".node9", "hook-debug.log");
-              if (!fs33.existsSync(path34.dirname(logPath)))
-                fs33.mkdirSync(path34.dirname(logPath), { recursive: true });
+              const logPath = path35.join(os30.homedir(), ".node9", "hook-debug.log");
+              if (!fs34.existsSync(path35.dirname(logPath)))
+                fs34.mkdirSync(path35.dirname(logPath), { recursive: true });
               const sanitized = JSON.stringify({
                 ...payload,
                 prompt: `<redacted, ${prompt.length} bytes>`
               });
-              fs33.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${sanitized}
+              fs34.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${sanitized}
 `);
             } catch {
             }
@@ -17934,8 +18484,8 @@ RAW: ${raw}
           );
           const reason = `\u{1F6A8} Node9 DLP: ${dlpMatch.patternName} detected in prompt (${dlpMatch.redactedSample}). Prompt was not submitted \u2014 remove the credential and try again.`;
           try {
-            const ttyFd = fs33.openSync("/dev/tty", "w");
-            fs33.writeSync(
+            const ttyFd = fs34.openSync("/dev/tty", "w");
+            fs34.writeSync(
               ttyFd,
               chalk9.bgRed.white.bold(`
  \u{1F6A8} NODE9 DLP \u2014 PROMPT BLOCKED 
@@ -17945,7 +18495,7 @@ RAW: ${raw}
 
 `)
             );
-            fs33.closeSync(ttyFd);
+            fs34.closeSync(ttyFd);
           } catch {
           }
           const isCodex = agent2 === "Codex";
@@ -17964,16 +18514,16 @@ RAW: ${raw}
           process.exit(2);
         }
         const payloadCwd = typeof payload.cwd === "string" ? payload.cwd : Array.isArray(payload.workspacePaths) && typeof payload.workspacePaths[0] === "string" ? payload.workspacePaths[0] : void 0;
-        const safeCwdForConfig = typeof payloadCwd === "string" && path34.isAbsolute(payloadCwd) ? payloadCwd : void 0;
+        const safeCwdForConfig = typeof payloadCwd === "string" && path35.isAbsolute(payloadCwd) ? payloadCwd : void 0;
         const config = getConfig(safeCwdForConfig);
         if (config.settings.autoStartDaemon && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON) {
           try {
             const scriptPath = process.argv[1];
-            if (typeof scriptPath !== "string" || !path34.isAbsolute(scriptPath))
+            if (typeof scriptPath !== "string" || !path35.isAbsolute(scriptPath))
               throw new Error("node9: argv[1] is not an absolute path");
-            const resolvedScript = fs33.realpathSync(scriptPath);
-            const packageDist = fs33.realpathSync(path34.resolve(__dirname, "../.."));
-            if (!resolvedScript.startsWith(packageDist + path34.sep) && resolvedScript !== packageDist)
+            const resolvedScript = fs34.realpathSync(scriptPath);
+            const packageDist = fs34.realpathSync(path35.resolve(__dirname, "../.."));
+            if (!resolvedScript.startsWith(packageDist + path35.sep) && resolvedScript !== packageDist)
               throw new Error(
                 `node9: daemon spawn aborted \u2014 argv[1] (${resolvedScript}) is outside package dist (${packageDist})`
               );
@@ -17995,10 +18545,10 @@ RAW: ${raw}
             });
             d.unref();
           } catch (spawnErr) {
-            const logPath = path34.join(os29.homedir(), ".node9", "hook-debug.log");
+            const logPath = path35.join(os30.homedir(), ".node9", "hook-debug.log");
             const msg = spawnErr instanceof Error ? spawnErr.message : String(spawnErr);
             try {
-              fs33.appendFileSync(
+              fs34.appendFileSync(
                 logPath,
                 `[${(/* @__PURE__ */ new Date()).toISOString()}] daemon-autostart-failed: ${msg}
 `
@@ -18008,10 +18558,10 @@ RAW: ${raw}
           }
         }
         if (process.env.NODE9_DEBUG === "1" || config.settings.enableHookLogDebug) {
-          const logPath = path34.join(os29.homedir(), ".node9", "hook-debug.log");
-          if (!fs33.existsSync(path34.dirname(logPath)))
-            fs33.mkdirSync(path34.dirname(logPath), { recursive: true });
-          fs33.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
+          const logPath = path35.join(os30.homedir(), ".node9", "hook-debug.log");
+          if (!fs34.existsSync(path35.dirname(logPath)))
+            fs34.mkdirSync(path35.dirname(logPath), { recursive: true });
+          fs34.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
 `);
         }
         const rawToolName = sanitize2(extractToolName(payload));
@@ -18025,8 +18575,8 @@ RAW: ${raw}
           const isHumanDecision = blockedByContext.toLowerCase().includes("user") || blockedByContext.toLowerCase().includes("daemon") || blockedByContext.toLowerCase().includes("decision");
           let ttyFd = null;
           try {
-            ttyFd = fs33.openSync("/dev/tty", "w");
-            const writeTty = (line) => fs33.writeSync(ttyFd, line + "\n");
+            ttyFd = fs34.openSync("/dev/tty", "w");
+            const writeTty = (line) => fs34.writeSync(ttyFd, line + "\n");
             if (blockedByContext.includes("DLP") || blockedByContext.includes("Secret Detected") || blockedByContext.includes("Credential Review")) {
               writeTty(chalk9.bgRed.white.bold(`
  \u{1F6A8} NODE9 DLP ALERT \u2014 CREDENTIAL DETECTED `));
@@ -18045,7 +18595,7 @@ RAW: ${raw}
           } finally {
             if (ttyFd !== null)
               try {
-                fs33.closeSync(ttyFd);
+                fs34.closeSync(ttyFd);
               } catch {
               }
           }
@@ -18096,17 +18646,17 @@ RAW: ${raw}
         const safeSessionId = /^[A-Za-z0-9_\-]{1,128}$/.test(rawSessionId) ? rawSessionId : "";
         if (skillPinCfg.enabled && safeSessionId) {
           try {
-            const sessionsDir = path34.join(os29.homedir(), ".node9", "skill-sessions");
-            const flagPath = path34.join(sessionsDir, `${safeSessionId}.json`);
+            const sessionsDir = path35.join(os30.homedir(), ".node9", "skill-sessions");
+            const flagPath = path35.join(sessionsDir, `${safeSessionId}.json`);
             let flag = null;
             try {
-              flag = JSON.parse(fs33.readFileSync(flagPath, "utf-8"));
+              flag = JSON.parse(fs34.readFileSync(flagPath, "utf-8"));
             } catch {
             }
             const writeFlag = (data2) => {
               try {
-                fs33.mkdirSync(sessionsDir, { recursive: true });
-                fs33.writeFileSync(
+                fs34.mkdirSync(sessionsDir, { recursive: true });
+                fs34.writeFileSync(
                   flagPath,
                   JSON.stringify({ ...data2, timestamp: (/* @__PURE__ */ new Date()).toISOString() }, null, 2),
                   { mode: 384 }
@@ -18117,8 +18667,8 @@ RAW: ${raw}
             const sendSkillWarn = (detail, recoveryCmd) => {
               let ttyFd = null;
               try {
-                ttyFd = fs33.openSync("/dev/tty", "w");
-                const w = (line) => fs33.writeSync(ttyFd, line + "\n");
+                ttyFd = fs34.openSync("/dev/tty", "w");
+                const w = (line) => fs34.writeSync(ttyFd, line + "\n");
                 w(chalk9.yellow(`
 \u26A0\uFE0F  Node9: installed skill drift detected`));
                 w(chalk9.gray(`   ${detail}`));
@@ -18133,7 +18683,7 @@ RAW: ${raw}
               } finally {
                 if (ttyFd !== null)
                   try {
-                    fs33.closeSync(ttyFd);
+                    fs34.closeSync(ttyFd);
                   } catch {
                   }
               }
@@ -18149,7 +18699,7 @@ RAW: ${raw}
               return;
             }
             if (!flag || flag.state !== "verified" && flag.state !== "warned") {
-              const absoluteCwd = typeof payloadCwd === "string" && path34.isAbsolute(payloadCwd) ? payloadCwd : void 0;
+              const absoluteCwd = typeof payloadCwd === "string" && path35.isAbsolute(payloadCwd) ? payloadCwd : void 0;
               const extraRoots = skillPinCfg.roots;
               const resolvedExtra = extraRoots.map((r) => resolveUserSkillRoot(r, absoluteCwd)).filter((r) => typeof r === "string");
               const roots = [...defaultSkillRoots(absoluteCwd), ...resolvedExtra];
@@ -18190,10 +18740,10 @@ RAW: ${raw}
               }
               try {
                 const cutoff = Date.now() - 7 * 24 * 60 * 60 * 1e3;
-                for (const name of fs33.readdirSync(sessionsDir)) {
-                  const p = path34.join(sessionsDir, name);
+                for (const name of fs34.readdirSync(sessionsDir)) {
+                  const p = path35.join(sessionsDir, name);
                   try {
-                    if (fs33.statSync(p).mtimeMs < cutoff) fs33.unlinkSync(p);
+                    if (fs34.statSync(p).mtimeMs < cutoff) fs34.unlinkSync(p);
                   } catch {
                   }
                 }
@@ -18203,9 +18753,9 @@ RAW: ${raw}
           } catch (err2) {
             if (process.env.NODE9_DEBUG === "1") {
               try {
-                const dbg = path34.join(os29.homedir(), ".node9", "hook-debug.log");
+                const dbg = path35.join(os30.homedir(), ".node9", "hook-debug.log");
                 const msg = err2 instanceof Error ? err2.message : String(err2);
-                fs33.appendFileSync(dbg, `[${(/* @__PURE__ */ new Date()).toISOString()}] SKILL_PIN_ERROR: ${msg}
+                fs34.appendFileSync(dbg, `[${(/* @__PURE__ */ new Date()).toISOString()}] SKILL_PIN_ERROR: ${msg}
 `);
               } catch {
               }
@@ -18215,7 +18765,7 @@ RAW: ${raw}
         if (shouldSnapshot(toolName, toolInput, config)) {
           await createShadowSnapshot(toolName, toolInput, config.policy.snapshot.ignorePaths);
         }
-        const safeCwdForAuth = typeof payloadCwd === "string" && path34.isAbsolute(payloadCwd) ? payloadCwd : void 0;
+        const safeCwdForAuth = typeof payloadCwd === "string" && path35.isAbsolute(payloadCwd) ? payloadCwd : void 0;
         const result = await authorizeHeadless(toolName, toolInput, meta, {
           cwd: safeCwdForAuth
         });
@@ -18227,12 +18777,12 @@ RAW: ${raw}
         }
         if (result.noApprovalMechanism && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON && !process.stdout.isTTY && config.settings.autoStartDaemon) {
           try {
-            const tty = fs33.openSync("/dev/tty", "w");
-            fs33.writeSync(
+            const tty = fs34.openSync("/dev/tty", "w");
+            fs34.writeSync(
               tty,
               chalk9.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically...\n")
             );
-            fs33.closeSync(tty);
+            fs34.closeSync(tty);
           } catch {
           }
           const daemonReady = await autoStartDaemonAndWait();
@@ -18259,9 +18809,9 @@ RAW: ${raw}
         });
       } catch (err2) {
         if (process.env.NODE9_DEBUG === "1") {
-          const logPath = path34.join(os29.homedir(), ".node9", "hook-debug.log");
+          const logPath = path35.join(os30.homedir(), ".node9", "hook-debug.log");
           const errMsg = err2 instanceof Error ? err2.message : String(err2);
-          fs33.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
+          fs34.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
 `);
         }
         process.exit(0);
@@ -18297,9 +18847,9 @@ RAW: ${raw}
 // src/cli/commands/log.ts
 init_audit();
 init_config();
-import fs34 from "fs";
-import path35 from "path";
-import os30 from "os";
+import fs35 from "fs";
+import path36 from "path";
+import os31 from "os";
 init_daemon();
 
 // src/utils/cp-mv-parser.ts
@@ -18392,10 +18942,10 @@ function registerLogCommand(program2) {
         if (rawToolName !== tool) entry.agentToolName = rawToolName;
         const payloadSessionId = payload.session_id ?? payload.conversationId;
         if (payloadSessionId) entry.sessionId = payloadSessionId;
-        const logPath = path35.join(os30.homedir(), ".node9", "audit.log");
-        if (!fs34.existsSync(path35.dirname(logPath)))
-          fs34.mkdirSync(path35.dirname(logPath), { recursive: true });
-        fs34.appendFileSync(logPath, JSON.stringify(entry) + "\n");
+        const logPath = path36.join(os31.homedir(), ".node9", "audit.log");
+        if (!fs35.existsSync(path36.dirname(logPath)))
+          fs35.mkdirSync(path36.dirname(logPath), { recursive: true });
+        fs35.appendFileSync(logPath, JSON.stringify(entry) + "\n");
         if ((tool === "Bash" || tool === "bash") && isDaemonRunning()) {
           const command = typeof rawInput === "object" && rawInput !== null && "command" in rawInput && typeof rawInput.command === "string" ? rawInput.command : null;
           if (command) {
@@ -18429,7 +18979,7 @@ function registerLogCommand(program2) {
           }
         }
         const payloadCwd = typeof payload.cwd === "string" ? payload.cwd : Array.isArray(payload.workspacePaths) && typeof payload.workspacePaths[0] === "string" ? payload.workspacePaths[0] : void 0;
-        const safeCwd = typeof payloadCwd === "string" && path35.isAbsolute(payloadCwd) ? payloadCwd : void 0;
+        const safeCwd = typeof payloadCwd === "string" && path36.isAbsolute(payloadCwd) ? payloadCwd : void 0;
         const config = getConfig(safeCwd);
         if ((tool === "Bash" || tool === "bash") && config.settings.enableUndo !== false) {
           const bashCommand = typeof rawInput === "object" && rawInput !== null && "command" in rawInput && typeof rawInput.command === "string" ? rawInput.command : null;
@@ -18450,9 +19000,9 @@ function registerLogCommand(program2) {
         const msg = err2 instanceof Error ? err2.message : String(err2);
         process.stderr.write(`[Node9] audit log error: ${msg}
 `);
-        const debugPath = path35.join(os30.homedir(), ".node9", "hook-debug.log");
+        const debugPath = path36.join(os31.homedir(), ".node9", "hook-debug.log");
         try {
-          fs34.appendFileSync(debugPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] LOG_ERROR: ${msg}
+          fs35.appendFileSync(debugPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] LOG_ERROR: ${msg}
 `);
         } catch {
         }
@@ -18854,13 +19404,13 @@ function registerConfigShowCommand(program2) {
 init_daemon();
 init_config();
 import chalk11 from "chalk";
-import fs35 from "fs";
-import path36 from "path";
-import os31 from "os";
+import fs36 from "fs";
+import path37 from "path";
+import os32 from "os";
 import { execSync } from "child_process";
 function registerDoctorCommand(program2, version2) {
   program2.command("doctor").description("Check that Node9 is installed and configured correctly").action(async () => {
-    const homeDir2 = os31.homedir();
+    const homeDir2 = os32.homedir();
     let failures = 0;
     function pass(msg) {
       console.log(chalk11.green("  \u2705 ") + msg);
@@ -18909,10 +19459,10 @@ function registerDoctorCommand(program2, version2) {
       );
     }
     section("Configuration");
-    const globalConfigPath = path36.join(homeDir2, ".node9", "config.json");
-    if (fs35.existsSync(globalConfigPath)) {
+    const globalConfigPath = path37.join(homeDir2, ".node9", "config.json");
+    if (fs36.existsSync(globalConfigPath)) {
       try {
-        JSON.parse(fs35.readFileSync(globalConfigPath, "utf-8"));
+        JSON.parse(fs36.readFileSync(globalConfigPath, "utf-8"));
         pass("~/.node9/config.json found and valid");
       } catch {
         fail("~/.node9/config.json is invalid JSON", "Run: node9 init --force");
@@ -18920,10 +19470,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("~/.node9/config.json not found (using defaults)", "Run: node9 init");
     }
-    const projectConfigPath = path36.join(process.cwd(), "node9.config.json");
-    if (fs35.existsSync(projectConfigPath)) {
+    const projectConfigPath = path37.join(process.cwd(), "node9.config.json");
+    if (fs36.existsSync(projectConfigPath)) {
       try {
-        JSON.parse(fs35.readFileSync(projectConfigPath, "utf-8"));
+        JSON.parse(fs36.readFileSync(projectConfigPath, "utf-8"));
         pass("node9.config.json found and valid (project)");
       } catch {
         fail(
@@ -18932,8 +19482,8 @@ function registerDoctorCommand(program2, version2) {
         );
       }
     }
-    const credsPath = path36.join(homeDir2, ".node9", "credentials.json");
-    if (fs35.existsSync(credsPath)) {
+    const credsPath = path37.join(homeDir2, ".node9", "credentials.json");
+    if (fs36.existsSync(credsPath)) {
       pass("Cloud credentials found (~/.node9/credentials.json)");
     } else {
       warn(
@@ -18942,10 +19492,10 @@ function registerDoctorCommand(program2, version2) {
       );
     }
     section("Agent Hooks");
-    const claudeSettingsPath = path36.join(homeDir2, ".claude", "settings.json");
-    if (fs35.existsSync(claudeSettingsPath)) {
+    const claudeSettingsPath = path37.join(homeDir2, ".claude", "settings.json");
+    if (fs36.existsSync(claudeSettingsPath)) {
       try {
-        const cs = JSON.parse(fs35.readFileSync(claudeSettingsPath, "utf-8"));
+        const cs = JSON.parse(fs36.readFileSync(claudeSettingsPath, "utf-8"));
         const hasHook = cs.hooks?.PreToolUse?.some(
           (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
         );
@@ -18961,10 +19511,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("Claude Code \u2014 not configured", "Run: node9 setup claude");
     }
-    const geminiSettingsPath = path36.join(homeDir2, ".gemini", "settings.json");
-    if (fs35.existsSync(geminiSettingsPath)) {
+    const geminiSettingsPath = path37.join(homeDir2, ".gemini", "settings.json");
+    if (fs36.existsSync(geminiSettingsPath)) {
       try {
-        const gs = JSON.parse(fs35.readFileSync(geminiSettingsPath, "utf-8"));
+        const gs = JSON.parse(fs36.readFileSync(geminiSettingsPath, "utf-8"));
         const hasHook = gs.hooks?.BeforeTool?.some(
           (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
         );
@@ -18980,10 +19530,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("Gemini CLI  \u2014 not configured", "Run: node9 setup gemini  (skip if not using Gemini)");
     }
-    const cursorHooksPath = path36.join(homeDir2, ".cursor", "hooks.json");
-    if (fs35.existsSync(cursorHooksPath)) {
+    const cursorHooksPath = path37.join(homeDir2, ".cursor", "hooks.json");
+    if (fs36.existsSync(cursorHooksPath)) {
       try {
-        const cur = JSON.parse(fs35.readFileSync(cursorHooksPath, "utf-8"));
+        const cur = JSON.parse(fs36.readFileSync(cursorHooksPath, "utf-8"));
         const hasHook = cur.hooks?.preToolUse?.some(
           (h) => h.command?.includes("node9") || h.command?.includes("cli.js")
         );
@@ -19014,7 +19564,7 @@ function registerDoctorCommand(program2, version2) {
     try {
       const { shipLagBytes: shipLagBytes2, readWatermark: readWatermark2, AUDIT_SHIP_WATERMARK: AUDIT_SHIP_WATERMARK2 } = await Promise.resolve().then(() => (init_audit_shipper(), audit_shipper_exports));
       const cfg = getConfig();
-      const creds = fs35.existsSync(path36.join(os31.homedir(), ".node9", "credentials.json"));
+      const creds = fs36.existsSync(path37.join(os32.homedir(), ".node9", "credentials.json"));
       if (!creds) {
         warn("Not logged in \u2014 audit rows stay local", "Run: node9 login <api-key>");
       } else if (!cfg.settings.approvers.cloud) {
@@ -19064,9 +19614,9 @@ function registerDoctorCommand(program2, version2) {
 
 // src/cli/commands/audit.ts
 import chalk12 from "chalk";
-import fs36 from "fs";
-import path37 from "path";
-import os32 from "os";
+import fs37 from "fs";
+import path38 from "path";
+import os33 from "os";
 function formatRelativeTime(timestamp) {
   const diff = Date.now() - new Date(timestamp).getTime();
   const sec = Math.floor(diff / 1e3);
@@ -19079,14 +19629,14 @@ function formatRelativeTime(timestamp) {
 }
 function registerAuditCommand(program2) {
   program2.command("audit").description("View local execution audit log").option("--tail <n>", "Number of entries to show", "20").option("--tool <pattern>", "Filter by tool name (substring match)").option("--deny", "Show only denied actions").option("--json", "Output raw JSON").action((options) => {
-    const logPath = path37.join(os32.homedir(), ".node9", "audit.log");
-    if (!fs36.existsSync(logPath)) {
+    const logPath = path38.join(os33.homedir(), ".node9", "audit.log");
+    if (!fs37.existsSync(logPath)) {
       console.log(
         chalk12.yellow("No audit logs found. Run node9 with an agent to generate entries.")
       );
       return;
     }
-    const raw = fs36.readFileSync(logPath, "utf-8");
+    const raw = fs37.readFileSync(logPath, "utf-8");
     const lines = raw.split("\n").filter((l) => l.trim() !== "");
     let entries = lines.flatMap((line) => {
       try {
@@ -19144,9 +19694,9 @@ import chalk13 from "chalk";
 // src/cli/aggregate/report-audit.ts
 init_costSync();
 init_litellm();
-import fs37 from "fs";
-import os33 from "os";
-import path38 from "path";
+import fs38 from "fs";
+import os34 from "os";
+import path39 from "path";
 var TEST_COMMAND_RE3 = /(?:^|\s)(npm\s+(?:run\s+)?test|npx\s+(?:vitest|jest|mocha)|yarn\s+(?:run\s+)?test|pnpm\s+(?:run\s+)?test|vitest|jest|mocha|pytest|py\.test|cargo\s+test|go\s+test|bundle\s+exec\s+rspec|rspec|phpunit|dotnet\s+test)\b/i;
 function buildTestTimestamps(allEntries) {
   const testTs = /* @__PURE__ */ new Set();
@@ -19226,8 +19776,8 @@ function getDateRange(period, now) {
   }
 }
 function parseAuditLog(logPath) {
-  if (!fs37.existsSync(logPath)) return [];
-  const raw = fs37.readFileSync(logPath, "utf-8");
+  if (!fs38.existsSync(logPath)) return [];
+  const raw = fs38.readFileSync(logPath, "utf-8");
   return raw.split("\n").flatMap((line) => {
     if (!line.trim()) return [];
     try {
@@ -19287,25 +19837,25 @@ function freezeClaudeCost(acc) {
   };
 }
 function processClaudeCostProject(proj, projectsDir, start, end, acc) {
-  const projPath = path38.join(projectsDir, proj);
+  const projPath = path39.join(projectsDir, proj);
   let files;
   try {
-    const stat = fs37.statSync(projPath);
+    const stat = fs38.statSync(projPath);
     if (!stat.isDirectory()) return;
-    files = fs37.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
+    files = fs38.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
   } catch {
     return;
   }
   const startMs = start.getTime();
   for (const file of files) {
-    const filePath = path38.join(projPath, file);
+    const filePath = path39.join(projPath, file);
     try {
-      if (fs37.statSync(filePath).mtimeMs < startMs) continue;
+      if (fs38.statSync(filePath).mtimeMs < startMs) continue;
     } catch {
       continue;
     }
     try {
-      const raw = fs37.readFileSync(filePath, "utf-8");
+      const raw = fs38.readFileSync(filePath, "utf-8");
       for (const line of raw.split("\n")) {
         if (!line.trim()) continue;
         let entry;
@@ -19355,10 +19905,10 @@ function processClaudeCostProject(proj, projectsDir, start, end, acc) {
 }
 function loadClaudeCost(start, end, projectsDir) {
   const acc = emptyClaudeCostAccumulator();
-  if (!fs37.existsSync(projectsDir)) return freezeClaudeCost(acc);
+  if (!fs38.existsSync(projectsDir)) return freezeClaudeCost(acc);
   let dirs;
   try {
-    dirs = fs37.readdirSync(projectsDir);
+    dirs = fs38.readdirSync(projectsDir);
   } catch {
     return freezeClaudeCost(acc);
   }
@@ -19370,7 +19920,7 @@ function loadClaudeCost(start, end, projectsDir) {
 function processCodexCostFile(filePath, start, end, acc) {
   let lines;
   try {
-    lines = fs37.readFileSync(filePath, "utf-8").split("\n");
+    lines = fs38.readFileSync(filePath, "utf-8").split("\n");
   } catch {
     return;
   }
@@ -19415,31 +19965,31 @@ function processCodexCostFile(filePath, start, end, acc) {
 }
 function listCodexSessionFiles(sessionsBase) {
   const jsonlFiles = [];
-  if (!fs37.existsSync(sessionsBase)) return jsonlFiles;
+  if (!fs38.existsSync(sessionsBase)) return jsonlFiles;
   try {
-    for (const year of fs37.readdirSync(sessionsBase)) {
-      const yearPath = path38.join(sessionsBase, year);
+    for (const year of fs38.readdirSync(sessionsBase)) {
+      const yearPath = path39.join(sessionsBase, year);
       try {
-        if (!fs37.statSync(yearPath).isDirectory()) continue;
+        if (!fs38.statSync(yearPath).isDirectory()) continue;
       } catch {
         continue;
       }
-      for (const month of fs37.readdirSync(yearPath)) {
-        const monthPath = path38.join(yearPath, month);
+      for (const month of fs38.readdirSync(yearPath)) {
+        const monthPath = path39.join(yearPath, month);
         try {
-          if (!fs37.statSync(monthPath).isDirectory()) continue;
+          if (!fs38.statSync(monthPath).isDirectory()) continue;
         } catch {
           continue;
         }
-        for (const day of fs37.readdirSync(monthPath)) {
-          const dayPath = path38.join(monthPath, day);
+        for (const day of fs38.readdirSync(monthPath)) {
+          const dayPath = path39.join(monthPath, day);
           try {
-            if (!fs37.statSync(dayPath).isDirectory()) continue;
+            if (!fs38.statSync(dayPath).isDirectory()) continue;
           } catch {
             continue;
           }
-          for (const file of fs37.readdirSync(dayPath)) {
-            if (file.endsWith(".jsonl")) jsonlFiles.push(path38.join(dayPath, file));
+          for (const file of fs38.readdirSync(dayPath)) {
+            if (file.endsWith(".jsonl")) jsonlFiles.push(path39.join(dayPath, file));
           }
         }
       }
@@ -19492,13 +20042,13 @@ function freezeGeminiCost(acc) {
 function processGeminiCostFile(filePath, projectKey, start, end, acc) {
   const startMs = start.getTime();
   try {
-    if (fs37.statSync(filePath).mtimeMs < startMs) return;
+    if (fs38.statSync(filePath).mtimeMs < startMs) return;
   } catch {
     return;
   }
   let raw;
   try {
-    raw = fs37.readFileSync(filePath, "utf-8");
+    raw = fs38.readFileSync(filePath, "utf-8");
   } catch {
     return;
   }
@@ -19547,30 +20097,30 @@ function listGeminiSessionFiles(geminiTmpDir) {
   const out = [];
   let dirs;
   try {
-    if (!fs37.statSync(geminiTmpDir).isDirectory()) return out;
-    dirs = fs37.readdirSync(geminiTmpDir);
+    if (!fs38.statSync(geminiTmpDir).isDirectory()) return out;
+    dirs = fs38.readdirSync(geminiTmpDir);
   } catch {
     return out;
   }
   for (const proj of dirs) {
-    const chatsDir = path38.join(geminiTmpDir, proj, "chats");
+    const chatsDir = path39.join(geminiTmpDir, proj, "chats");
     let files;
     try {
-      if (!fs37.statSync(chatsDir).isDirectory()) continue;
-      files = fs37.readdirSync(chatsDir);
+      if (!fs38.statSync(chatsDir).isDirectory()) continue;
+      files = fs38.readdirSync(chatsDir);
     } catch {
       continue;
     }
     for (const f of files) {
       if (!f.endsWith(".jsonl")) continue;
-      out.push({ projectKey: proj, file: path38.join(chatsDir, f) });
+      out.push({ projectKey: proj, file: path39.join(chatsDir, f) });
     }
   }
   return out;
 }
 function loadGeminiCost(start, end, geminiTmpDir) {
   const acc = emptyGeminiAccumulator();
-  if (!fs37.existsSync(geminiTmpDir)) return freezeGeminiCost(acc);
+  if (!fs38.existsSync(geminiTmpDir)) return freezeGeminiCost(acc);
   for (const { projectKey, file } of listGeminiSessionFiles(geminiTmpDir)) {
     processGeminiCostFile(file, projectKey, start, end, acc);
   }
@@ -19578,11 +20128,11 @@ function loadGeminiCost(start, end, geminiTmpDir) {
 }
 function aggregateReportFromAudit(period, opts = {}) {
   const now = opts.now ?? /* @__PURE__ */ new Date();
-  const auditLogPath = opts.auditLogPath ?? path38.join(os33.homedir(), ".node9", "audit.log");
-  const claudeProjectsDir = opts.claudeProjectsDir ?? path38.join(os33.homedir(), ".claude", "projects");
-  const codexSessionsDir = opts.codexSessionsDir ?? path38.join(os33.homedir(), ".codex", "sessions");
-  const geminiTmpDir = opts.geminiTmpDir ?? path38.join(os33.homedir(), ".gemini", "tmp");
-  const hasAuditFile = fs37.existsSync(auditLogPath);
+  const auditLogPath = opts.auditLogPath ?? path39.join(os34.homedir(), ".node9", "audit.log");
+  const claudeProjectsDir = opts.claudeProjectsDir ?? path39.join(os34.homedir(), ".claude", "projects");
+  const codexSessionsDir = opts.codexSessionsDir ?? path39.join(os34.homedir(), ".codex", "sessions");
+  const geminiTmpDir = opts.geminiTmpDir ?? path39.join(os34.homedir(), ".gemini", "tmp");
+  const hasAuditFile = fs38.existsSync(auditLogPath);
   const allEntries = opts.preloadedAuditEntries ?? parseAuditLog(auditLogPath);
   const unackedDlp = allEntries.filter((e) => e.source === "response-dlp");
   const { start, end } = getDateRange(period, now);
@@ -20280,12 +20830,12 @@ function registerDaemonCommand(program2) {
 init_core();
 init_daemon();
 import chalk15 from "chalk";
-import fs38 from "fs";
-import path39 from "path";
-import os34 from "os";
+import fs39 from "fs";
+import path40 from "path";
+import os35 from "os";
 function readJson2(filePath) {
   try {
-    if (fs38.existsSync(filePath)) return JSON.parse(fs38.readFileSync(filePath, "utf-8"));
+    if (fs39.existsSync(filePath)) return JSON.parse(fs39.readFileSync(filePath, "utf-8"));
   } catch {
   }
   return null;
@@ -20350,28 +20900,28 @@ function registerStatusCommand(program2) {
     console.log("");
     const modeLabel = settings.mode === "audit" ? chalk15.blue("audit") : settings.mode === "strict" ? chalk15.red("strict") : chalk15.white("standard");
     console.log(`  Mode:    ${modeLabel}`);
-    const projectConfig = path39.join(process.cwd(), "node9.config.json");
-    const globalConfig = path39.join(os34.homedir(), ".node9", "config.json");
+    const projectConfig = path40.join(process.cwd(), "node9.config.json");
+    const globalConfig = path40.join(os35.homedir(), ".node9", "config.json");
     console.log(
-      `  Local:   ${fs38.existsSync(projectConfig) ? chalk15.green("Active (node9.config.json)") : chalk15.gray("Not present")}`
+      `  Local:   ${fs39.existsSync(projectConfig) ? chalk15.green("Active (node9.config.json)") : chalk15.gray("Not present")}`
     );
     console.log(
-      `  Global:  ${fs38.existsSync(globalConfig) ? chalk15.green("Active (~/.node9/config.json)") : chalk15.gray("Not present")}`
+      `  Global:  ${fs39.existsSync(globalConfig) ? chalk15.green("Active (~/.node9/config.json)") : chalk15.gray("Not present")}`
     );
     if (mergedConfig.policy.sandboxPaths.length > 0) {
       console.log(
         `  Sandbox: ${chalk15.green(`${mergedConfig.policy.sandboxPaths.length} safe zones active`)}`
       );
     }
-    const homeDir2 = os34.homedir();
+    const homeDir2 = os35.homedir();
     const claudeSettings = readJson2(
-      path39.join(homeDir2, ".claude", "settings.json")
+      path40.join(homeDir2, ".claude", "settings.json")
     );
-    const claudeConfig = readJson2(path39.join(homeDir2, ".claude.json"));
+    const claudeConfig = readJson2(path40.join(homeDir2, ".claude.json"));
     const geminiSettings = readJson2(
-      path39.join(homeDir2, ".gemini", "settings.json")
+      path40.join(homeDir2, ".gemini", "settings.json")
     );
-    const cursorConfig = readJson2(path39.join(homeDir2, ".cursor", "mcp.json"));
+    const cursorConfig = readJson2(path40.join(homeDir2, ".cursor", "mcp.json"));
     const agentFound = claudeSettings || claudeConfig || geminiSettings || cursorConfig;
     if (agentFound) {
       console.log("");
@@ -20434,9 +20984,9 @@ init_setup();
 init_shields();
 init_service();
 import chalk16 from "chalk";
-import fs39 from "fs";
-import path40 from "path";
-import os35 from "os";
+import fs40 from "fs";
+import path41 from "path";
+import os36 from "os";
 import https4 from "https";
 var DEFAULT_SHIELDS = ["bash-safe", "filesystem", "project-jail"];
 function buildTelemetryPayload(agents, firstInstall) {
@@ -20522,16 +21072,16 @@ function registerInitCommand(program2) {
         }
         console.log("");
       }
-      const configPath = path40.join(os35.homedir(), ".node9", "config.json");
-      const isFirstInstall = !fs39.existsSync(configPath);
-      if (fs39.existsSync(configPath) && !options.force) {
+      const configPath = path41.join(os36.homedir(), ".node9", "config.json");
+      const isFirstInstall = !fs40.existsSync(configPath);
+      if (fs40.existsSync(configPath) && !options.force) {
         try {
-          const existing = JSON.parse(fs39.readFileSync(configPath, "utf-8"));
+          const existing = JSON.parse(fs40.readFileSync(configPath, "utf-8"));
           const settings = existing.settings ?? {};
           if (settings.mode !== chosenMode) {
             settings.mode = chosenMode;
             existing.settings = settings;
-            fs39.writeFileSync(configPath, JSON.stringify(existing, null, 2) + "\n");
+            fs40.writeFileSync(configPath, JSON.stringify(existing, null, 2) + "\n");
             console.log(chalk16.green(`\u2705 Mode updated: ${chosenMode}`));
           } else {
             console.log(chalk16.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
@@ -20544,9 +21094,9 @@ function registerInitCommand(program2) {
           ...DEFAULT_CONFIG,
           settings: { ...DEFAULT_CONFIG.settings, mode: chosenMode }
         };
-        const dir = path40.dirname(configPath);
-        if (!fs39.existsSync(dir)) fs39.mkdirSync(dir, { recursive: true });
-        fs39.writeFileSync(configPath, JSON.stringify(configToSave, null, 2) + "\n");
+        const dir = path41.dirname(configPath);
+        if (!fs40.existsSync(dir)) fs40.mkdirSync(dir, { recursive: true });
+        fs40.writeFileSync(configPath, JSON.stringify(configToSave, null, 2) + "\n");
         console.log(chalk16.green(`\u2705 Config created: ${configPath}`));
         console.log(chalk16.gray(`   Mode: ${chosenMode}`));
       }
@@ -20651,7 +21201,7 @@ function registerInitCommand(program2) {
 }
 
 // src/cli/commands/undo.ts
-import path41 from "path";
+import path42 from "path";
 import chalk18 from "chalk";
 
 // src/tui/undo-navigator.ts
@@ -20810,7 +21360,7 @@ function findMatchingCwd(startDir, history) {
   let dir = startDir;
   while (true) {
     if (cwds.has(dir)) return dir;
-    const parent = path41.dirname(dir);
+    const parent = path42.dirname(dir);
     if (parent === dir) return null;
     dir = parent;
   }
@@ -21386,9 +21936,9 @@ function registerMcpGatewayCommand(program2) {
 
 // src/mcp-server/index.ts
 import readline5 from "readline";
-import fs40 from "fs";
-import os36 from "os";
-import path42 from "path";
+import fs41 from "fs";
+import os37 from "os";
+import path43 from "path";
 import { spawnSync as spawnSync4 } from "child_process";
 init_core();
 init_daemon();
@@ -21639,13 +22189,13 @@ function handleStatus() {
   lines.push(`Active shields: ${activeShields.length > 0 ? activeShields.join(", ") : "none"}`);
   lines.push(`Smart rules: ${config.policy.smartRules.length} loaded`);
   lines.push(`DLP: ${config.policy.dlp?.enabled !== false ? "enabled" : "disabled"}`);
-  const projectConfig = path42.join(process.cwd(), "node9.config.json");
-  const globalConfig = path42.join(os36.homedir(), ".node9", "config.json");
+  const projectConfig = path43.join(process.cwd(), "node9.config.json");
+  const globalConfig = path43.join(os37.homedir(), ".node9", "config.json");
   lines.push(
-    `Project config (node9.config.json): ${fs40.existsSync(projectConfig) ? "present" : "not found"}`
+    `Project config (node9.config.json): ${fs41.existsSync(projectConfig) ? "present" : "not found"}`
   );
   lines.push(
-    `Global config (~/.node9/config.json): ${fs40.existsSync(globalConfig) ? "present" : "not found"}`
+    `Global config (~/.node9/config.json): ${fs41.existsSync(globalConfig) ? "present" : "not found"}`
   );
   return lines.join("\n");
 }
@@ -21719,21 +22269,21 @@ function handleShieldDisable(args) {
   writeActiveShields(active.filter((s) => s !== name));
   return `Shield "${name}" disabled.`;
 }
-var GLOBAL_CONFIG_PATH = path42.join(os36.homedir(), ".node9", "config.json");
+var GLOBAL_CONFIG_PATH = path43.join(os37.homedir(), ".node9", "config.json");
 var APPROVER_CHANNELS = ["native", "browser", "cloud", "terminal"];
 function readGlobalConfigRaw() {
   try {
-    if (fs40.existsSync(GLOBAL_CONFIG_PATH)) {
-      return JSON.parse(fs40.readFileSync(GLOBAL_CONFIG_PATH, "utf-8"));
+    if (fs41.existsSync(GLOBAL_CONFIG_PATH)) {
+      return JSON.parse(fs41.readFileSync(GLOBAL_CONFIG_PATH, "utf-8"));
     }
   } catch {
   }
   return {};
 }
 function writeGlobalConfigRaw(data) {
-  const dir = path42.dirname(GLOBAL_CONFIG_PATH);
-  if (!fs40.existsSync(dir)) fs40.mkdirSync(dir, { recursive: true });
-  fs40.writeFileSync(GLOBAL_CONFIG_PATH, JSON.stringify(data, null, 2) + "\n");
+  const dir = path43.dirname(GLOBAL_CONFIG_PATH);
+  if (!fs41.existsSync(dir)) fs41.mkdirSync(dir, { recursive: true });
+  fs41.writeFileSync(GLOBAL_CONFIG_PATH, JSON.stringify(data, null, 2) + "\n");
 }
 function handleApproverList() {
   const config = getConfig();
@@ -21777,9 +22327,9 @@ function handleApproverSet(args) {
 function handleAuditGet(args) {
   const limit = Math.min(typeof args.limit === "number" ? args.limit : 20, 100);
   const filter = typeof args.filter === "string" && args.filter !== "all" ? args.filter : null;
-  const auditPath = path42.join(os36.homedir(), ".node9", "audit.log");
-  if (!fs40.existsSync(auditPath)) return "No audit log found.";
-  const rawLines = fs40.readFileSync(auditPath, "utf-8").trim().split("\n").filter(Boolean);
+  const auditPath = path43.join(os37.homedir(), ".node9", "audit.log");
+  if (!fs41.existsSync(auditPath)) return "No audit log found.";
+  const rawLines = fs41.readFileSync(auditPath, "utf-8").trim().split("\n").filter(Boolean);
   const parsed = [];
   for (const line of rawLines) {
     try {
@@ -22114,7 +22664,7 @@ function registerTrustCommand(program2) {
 // src/cli/commands/mcp-pin.ts
 init_mcp_pin();
 import chalk21 from "chalk";
-import fs41 from "fs";
+import fs42 from "fs";
 function registerMcpPinCommand(program2) {
   const pinCmd = program2.command("mcp").description("Manage MCP server tool definition pinning (rug pull defense)");
   const pinSubCmd = pinCmd.command("pin").description("Manage pinned MCP server tool definitions");
@@ -22125,7 +22675,7 @@ function registerMcpPinCommand(program2) {
     let repoCorrupt = false;
     if (found.source === "repo") {
       try {
-        const raw = fs41.readFileSync(found.path, "utf-8");
+        const raw = fs42.readFileSync(found.path, "utf-8");
         const parsed = JSON.parse(raw);
         repoEntries = parsed.servers ?? {};
       } catch {
@@ -22439,9 +22989,9 @@ init_scan();
 // src/cli/commands/sessions.ts
 init_scan_summary();
 import chalk24 from "chalk";
-import fs42 from "fs";
-import path43 from "path";
-import os37 from "os";
+import fs43 from "fs";
+import path44 from "path";
+import os38 from "os";
 var CLAUDE_PRICING3 = {
   "claude-opus-4-6": { i: 5e-6, o: 25e-6, cw: 625e-8, cr: 5e-7 },
   "claude-opus-4-5": { i: 5e-6, o: 25e-6, cw: 625e-8, cr: 5e-7 },
@@ -22482,10 +23032,10 @@ function encodeProjectPath(projectPath) {
 }
 function sessionJsonlPath(projectPath, sessionId) {
   const encoded = encodeProjectPath(projectPath);
-  return path43.join(os37.homedir(), ".claude", "projects", encoded, `${sessionId}.jsonl`);
+  return path44.join(os38.homedir(), ".claude", "projects", encoded, `${sessionId}.jsonl`);
 }
 function projectLabel(projectPath) {
-  return projectPath.replace(os37.homedir(), "~");
+  return projectPath.replace(os38.homedir(), "~");
 }
 function parseHistoryLines(lines) {
   const entries = [];
@@ -22554,10 +23104,10 @@ function parseSessionLines(lines) {
   return { toolCalls, costUSD, hasSnapshot, modifiedFiles };
 }
 function loadAuditEntries(auditPath) {
-  const aPath = auditPath ?? path43.join(os37.homedir(), ".node9", "audit.log");
+  const aPath = auditPath ?? path44.join(os38.homedir(), ".node9", "audit.log");
   let raw;
   try {
-    raw = fs42.readFileSync(aPath, "utf-8");
+    raw = fs43.readFileSync(aPath, "utf-8");
   } catch {
     return [];
   }
@@ -22593,8 +23143,8 @@ function auditEntriesInWindow(entries, windowStart, windowEnd) {
   return result;
 }
 function buildGeminiSessions(days, allAuditEntries) {
-  const tmpDir = path43.join(os37.homedir(), ".gemini", "tmp");
-  if (!fs42.existsSync(tmpDir)) return [];
+  const tmpDir = path44.join(os38.homedir(), ".gemini", "tmp");
+  if (!fs43.existsSync(tmpDir)) return [];
   const cutoff = days !== null ? (() => {
     const d = /* @__PURE__ */ new Date();
     d.setDate(d.getDate() - days);
@@ -22603,35 +23153,35 @@ function buildGeminiSessions(days, allAuditEntries) {
   })() : null;
   let slugDirs;
   try {
-    slugDirs = fs42.readdirSync(tmpDir);
+    slugDirs = fs43.readdirSync(tmpDir);
   } catch {
     return [];
   }
   const summaries = [];
   for (const slug of slugDirs) {
-    const slugPath = path43.join(tmpDir, slug);
+    const slugPath = path44.join(tmpDir, slug);
     try {
-      if (!fs42.statSync(slugPath).isDirectory()) continue;
+      if (!fs43.statSync(slugPath).isDirectory()) continue;
     } catch {
       continue;
     }
-    let projectRoot = path43.join(os37.homedir(), slug);
+    let projectRoot = path44.join(os38.homedir(), slug);
     try {
-      projectRoot = fs42.readFileSync(path43.join(slugPath, ".project_root"), "utf-8").trim();
+      projectRoot = fs43.readFileSync(path44.join(slugPath, ".project_root"), "utf-8").trim();
     } catch {
     }
-    const chatsDir = path43.join(slugPath, "chats");
-    if (!fs42.existsSync(chatsDir)) continue;
+    const chatsDir = path44.join(slugPath, "chats");
+    if (!fs43.existsSync(chatsDir)) continue;
     let chatFiles;
     try {
-      chatFiles = fs42.readdirSync(chatsDir).filter((f) => f.endsWith(".json"));
+      chatFiles = fs43.readdirSync(chatsDir).filter((f) => f.endsWith(".json"));
     } catch {
       continue;
     }
     for (const chatFile of chatFiles) {
       let raw;
       try {
-        raw = fs42.readFileSync(path43.join(chatsDir, chatFile), "utf-8");
+        raw = fs43.readFileSync(path44.join(chatsDir, chatFile), "utf-8");
       } catch {
         continue;
       }
@@ -22711,8 +23261,8 @@ function buildGeminiSessions(days, allAuditEntries) {
   return summaries;
 }
 function buildCodexSessions(days, allAuditEntries) {
-  const sessionsBase = path43.join(os37.homedir(), ".codex", "sessions");
-  if (!fs42.existsSync(sessionsBase)) return [];
+  const sessionsBase = path44.join(os38.homedir(), ".codex", "sessions");
+  if (!fs43.existsSync(sessionsBase)) return [];
   const cutoff = days !== null ? (() => {
     const d = /* @__PURE__ */ new Date();
     d.setDate(d.getDate() - days);
@@ -22721,29 +23271,29 @@ function buildCodexSessions(days, allAuditEntries) {
   })() : null;
   const jsonlFiles = [];
   try {
-    for (const year of fs42.readdirSync(sessionsBase)) {
-      const yearPath = path43.join(sessionsBase, year);
+    for (const year of fs43.readdirSync(sessionsBase)) {
+      const yearPath = path44.join(sessionsBase, year);
       try {
-        if (!fs42.statSync(yearPath).isDirectory()) continue;
+        if (!fs43.statSync(yearPath).isDirectory()) continue;
       } catch {
         continue;
       }
-      for (const month of fs42.readdirSync(yearPath)) {
-        const monthPath = path43.join(yearPath, month);
+      for (const month of fs43.readdirSync(yearPath)) {
+        const monthPath = path44.join(yearPath, month);
         try {
-          if (!fs42.statSync(monthPath).isDirectory()) continue;
+          if (!fs43.statSync(monthPath).isDirectory()) continue;
         } catch {
           continue;
         }
-        for (const day of fs42.readdirSync(monthPath)) {
-          const dayPath = path43.join(monthPath, day);
+        for (const day of fs43.readdirSync(monthPath)) {
+          const dayPath = path44.join(monthPath, day);
           try {
-            if (!fs42.statSync(dayPath).isDirectory()) continue;
+            if (!fs43.statSync(dayPath).isDirectory()) continue;
           } catch {
             continue;
           }
-          for (const file of fs42.readdirSync(dayPath)) {
-            if (file.endsWith(".jsonl")) jsonlFiles.push(path43.join(dayPath, file));
+          for (const file of fs43.readdirSync(dayPath)) {
+            if (file.endsWith(".jsonl")) jsonlFiles.push(path44.join(dayPath, file));
           }
         }
       }
@@ -22755,7 +23305,7 @@ function buildCodexSessions(days, allAuditEntries) {
   for (const filePath of jsonlFiles) {
     let lines;
     try {
-      lines = fs42.readFileSync(filePath, "utf-8").split("\n");
+      lines = fs43.readFileSync(filePath, "utf-8").split("\n");
     } catch {
       continue;
     }
@@ -22833,10 +23383,10 @@ function buildCodexSessions(days, allAuditEntries) {
   return summaries;
 }
 function buildSessions(days, historyPath) {
-  const hPath = historyPath ?? path43.join(os37.homedir(), ".claude", "history.jsonl");
+  const hPath = historyPath ?? path44.join(os38.homedir(), ".claude", "history.jsonl");
   let historyRaw;
   try {
-    historyRaw = fs42.readFileSync(hPath, "utf-8");
+    historyRaw = fs43.readFileSync(hPath, "utf-8");
   } catch {
     return [];
   }
@@ -22861,7 +23411,7 @@ function buildSessions(days, historyPath) {
     const jsonlFile = sessionJsonlPath(entry.project, entry.sessionId);
     let sessionLines = [];
     try {
-      sessionLines = fs42.readFileSync(jsonlFile, "utf-8").split("\n");
+      sessionLines = fs43.readFileSync(jsonlFile, "utf-8").split("\n");
     } catch {
     }
     const { toolCalls, costUSD, hasSnapshot, modifiedFiles } = parseSessionLines(sessionLines);
@@ -23129,8 +23679,8 @@ function registerSessionsCommand(program2) {
     console.log("");
     console.log(chalk24.cyan.bold("\u{1F4CB}  node9 sessions") + chalk24.dim("  \u2014 what your AI agent did"));
     console.log("");
-    const historyPath = path43.join(os37.homedir(), ".claude", "history.jsonl");
-    if (!fs42.existsSync(historyPath)) {
+    const historyPath = path44.join(os38.homedir(), ".claude", "history.jsonl");
+    if (!fs43.existsSync(historyPath)) {
       console.log(chalk24.yellow("  No Claude session history found at ~/.claude/history.jsonl"));
       console.log(chalk24.gray("  Install Claude Code, run a few sessions, then try again.\n"));
       return;
@@ -23167,12 +23717,12 @@ function registerSessionsCommand(program2) {
 
 // src/cli/commands/skill-pin.ts
 import chalk25 from "chalk";
-import fs43 from "fs";
-import os38 from "os";
-import path44 from "path";
+import fs44 from "fs";
+import os39 from "os";
+import path45 from "path";
 function wipeSkillSessions() {
   try {
-    fs43.rmSync(path44.join(os38.homedir(), ".node9", "skill-sessions"), {
+    fs44.rmSync(path45.join(os39.homedir(), ".node9", "skill-sessions"), {
       recursive: true,
       force: true
     });
@@ -23254,15 +23804,15 @@ function registerSkillPinCommand(program2) {
 }
 
 // src/cli/commands/decisions.ts
-import fs44 from "fs";
-import os39 from "os";
-import path45 from "path";
+import fs45 from "fs";
+import os40 from "os";
+import path46 from "path";
 import chalk26 from "chalk";
-var DECISIONS_FILE2 = path45.join(os39.homedir(), ".node9", "decisions.json");
+var DECISIONS_FILE2 = path46.join(os40.homedir(), ".node9", "decisions.json");
 function readDecisions() {
   try {
-    if (!fs44.existsSync(DECISIONS_FILE2)) return {};
-    const raw = fs44.readFileSync(DECISIONS_FILE2, "utf-8");
+    if (!fs45.existsSync(DECISIONS_FILE2)) return {};
+    const raw = fs45.readFileSync(DECISIONS_FILE2, "utf-8");
     const parsed = JSON.parse(raw);
     const out = {};
     for (const [k, v] of Object.entries(parsed)) {
@@ -23274,11 +23824,11 @@ function readDecisions() {
   }
 }
 function writeDecisions(d) {
-  const dir = path45.dirname(DECISIONS_FILE2);
-  if (!fs44.existsSync(dir)) fs44.mkdirSync(dir, { recursive: true });
+  const dir = path46.dirname(DECISIONS_FILE2);
+  if (!fs45.existsSync(dir)) fs45.mkdirSync(dir, { recursive: true });
   const tmp = `${DECISIONS_FILE2}.${process.pid}.tmp`;
-  fs44.writeFileSync(tmp, JSON.stringify(d, null, 2));
-  fs44.renameSync(tmp, DECISIONS_FILE2);
+  fs45.writeFileSync(tmp, JSON.stringify(d, null, 2));
+  fs45.renameSync(tmp, DECISIONS_FILE2);
 }
 function registerDecisionsCommand(program2) {
   const cmd = program2.command("decisions").description('Manage persistent "Always Allow" / "Always Deny" tool decisions');
@@ -23335,18 +23885,18 @@ Persistent decisions  (${entries.length})
 
 // src/cli/commands/dlp.ts
 import chalk27 from "chalk";
-import fs45 from "fs";
-import path46 from "path";
-import os40 from "os";
-var AUDIT_LOG = path46.join(os40.homedir(), ".node9", "audit.log");
-var RESOLVED_FILE = path46.join(os40.homedir(), ".node9", "dlp-resolved.json");
+import fs46 from "fs";
+import path47 from "path";
+import os41 from "os";
+var AUDIT_LOG = path47.join(os41.homedir(), ".node9", "audit.log");
+var RESOLVED_FILE = path47.join(os41.homedir(), ".node9", "dlp-resolved.json");
 var ANSI_RE = /\x1b(?:\[[0-9;?]*[a-zA-Z]|\][^\x07\x1b]*(?:\x07|\x1b\\)|[@-_])/g;
 function stripAnsi(s) {
   return s.replace(ANSI_RE, "");
 }
 function loadResolved() {
   try {
-    const raw = JSON.parse(fs45.readFileSync(RESOLVED_FILE, "utf-8"));
+    const raw = JSON.parse(fs46.readFileSync(RESOLVED_FILE, "utf-8"));
     return new Set(raw);
   } catch {
     return /* @__PURE__ */ new Set();
@@ -23354,13 +23904,13 @@ function loadResolved() {
 }
 function saveResolved(resolved) {
   try {
-    fs45.writeFileSync(RESOLVED_FILE, JSON.stringify([...resolved], null, 2), { mode: 384 });
+    fs46.writeFileSync(RESOLVED_FILE, JSON.stringify([...resolved], null, 2), { mode: 384 });
   } catch {
   }
 }
 function loadDlpFindings() {
-  if (!fs45.existsSync(AUDIT_LOG)) return [];
-  return fs45.readFileSync(AUDIT_LOG, "utf-8").split("\n").flatMap((line) => {
+  if (!fs46.existsSync(AUDIT_LOG)) return [];
+  return fs46.readFileSync(AUDIT_LOG, "utf-8").split("\n").flatMap((line) => {
     if (!line.trim()) return [];
     try {
       const e = JSON.parse(line);
@@ -23370,7 +23920,7 @@ function loadDlpFindings() {
     }
   });
 }
-function entryKey(e) {
+function entryKey2(e) {
   return `${e.ts}:${e.dlpPattern}:${e.dlpSample}`;
 }
 function fmtDate3(ts) {
@@ -23393,7 +23943,7 @@ function registerDlpCommand(program2) {
       return;
     }
     const resolved = loadResolved();
-    for (const e of findings) resolved.add(entryKey(e));
+    for (const e of findings) resolved.add(entryKey2(e));
     saveResolved(resolved);
     console.log(
       chalk27.green(
@@ -23406,7 +23956,7 @@ function registerDlpCommand(program2) {
   cmd.action(() => {
     const findings = loadDlpFindings();
     const resolved = loadResolved();
-    const open = findings.filter((e) => !resolved.has(entryKey(e)));
+    const open = findings.filter((e) => !resolved.has(entryKey2(e)));
     const resolvedCount = findings.length - open.length;
     console.log("");
     console.log(
@@ -23459,14 +24009,14 @@ function registerDlpCommand(program2) {
 // src/cli/commands/mask.ts
 init_dlp();
 import chalk28 from "chalk";
-import fs46 from "fs";
-import path47 from "path";
-import os41 from "os";
+import fs47 from "fs";
+import path48 from "path";
+import os42 from "os";
 function findJsonlFiles(dir) {
   const results = [];
-  if (!fs46.existsSync(dir)) return results;
-  for (const entry of fs46.readdirSync(dir, { withFileTypes: true })) {
-    const full = path47.join(dir, entry.name);
+  if (!fs47.existsSync(dir)) return results;
+  for (const entry of fs47.readdirSync(dir, { withFileTypes: true })) {
+    const full = path48.join(dir, entry.name);
     if (entry.isDirectory()) results.push(...findJsonlFiles(full));
     else if (entry.isFile() && entry.name.endsWith(".jsonl")) results.push(full);
   }
@@ -23509,7 +24059,7 @@ function redactJson(obj) {
 function processFile(filePath, dryRun) {
   let raw;
   try {
-    raw = fs46.readFileSync(filePath, "utf-8");
+    raw = fs47.readFileSync(filePath, "utf-8");
   } catch {
     return { redactedLines: 0, patterns: [] };
   }
@@ -23541,14 +24091,14 @@ function processFile(filePath, dryRun) {
     }
   }
   if (!dryRun && redactedLines > 0) {
-    fs46.writeFileSync(filePath, newLines.join("\n"), "utf-8");
+    fs47.writeFileSync(filePath, newLines.join("\n"), "utf-8");
   }
   return { redactedLines, patterns };
 }
 function processJsonFile(filePath, dryRun) {
   let raw;
   try {
-    raw = fs46.readFileSync(filePath, "utf-8");
+    raw = fs47.readFileSync(filePath, "utf-8");
   } catch {
     return { redactedLines: 0, patterns: [] };
   }
@@ -23561,15 +24111,15 @@ function processJsonFile(filePath, dryRun) {
   const { value, modified, found } = redactJson(parsed);
   if (!modified) return { redactedLines: 0, patterns: [] };
   if (!dryRun) {
-    fs46.writeFileSync(filePath, JSON.stringify(value, null, 2), "utf-8");
+    fs47.writeFileSync(filePath, JSON.stringify(value, null, 2), "utf-8");
   }
   return { redactedLines: 1, patterns: found };
 }
 function findJsonFiles(dir) {
   const results = [];
-  if (!fs46.existsSync(dir)) return results;
-  for (const entry of fs46.readdirSync(dir, { withFileTypes: true })) {
-    const full = path47.join(dir, entry.name);
+  if (!fs47.existsSync(dir)) return results;
+  for (const entry of fs47.readdirSync(dir, { withFileTypes: true })) {
+    const full = path48.join(dir, entry.name);
     if (entry.isDirectory()) results.push(...findJsonFiles(full));
     else if (entry.isFile() && entry.name.endsWith(".json")) results.push(full);
   }
@@ -23578,9 +24128,9 @@ function findJsonFiles(dir) {
 function registerMaskCommand(program2) {
   program2.command("mask").description("Redact plaintext secrets from local AI session history files").option("--dry-run", "show what would be redacted without making changes").option("--all", "scan all history (default: last 30 days)").action(async (options) => {
     const dryRun = !!options.dryRun;
-    const home = os41.homedir();
-    const claudeDir = path47.join(home, ".claude", "projects");
-    const geminiDir = path47.join(home, ".gemini", "tmp");
+    const home = os42.homedir();
+    const claudeDir = path48.join(home, ".claude", "projects");
+    const geminiDir = path48.join(home, ".gemini", "tmp");
     const allFiles = [
       ...findJsonlFiles(claudeDir).map((p) => ({ path: p, type: "jsonl" })),
       ...findJsonFiles(geminiDir).map((p) => ({ path: p, type: "json" }))
@@ -23588,7 +24138,7 @@ function registerMaskCommand(program2) {
     const cutoff = options.all ? null : new Date(Date.now() - 30 * 24 * 60 * 60 * 1e3);
     const filtered = cutoff ? allFiles.filter((f) => {
       try {
-        return fs46.statSync(f.path).mtime >= cutoff;
+        return fs47.statSync(f.path).mtime >= cutoff;
       } catch {
         return false;
       }
@@ -23644,20 +24194,20 @@ function registerMaskCommand(program2) {
 // src/cli.ts
 init_blast();
 var { version } = JSON.parse(
-  fs49.readFileSync(path50.join(__dirname, "../package.json"), "utf-8")
+  fs50.readFileSync(path51.join(__dirname, "../package.json"), "utf-8")
 );
 var program = new Command();
 program.name("node9").description("The Sudo Command for AI Agents").version(version);
 program.command("login").argument("<apiKey>").option("--local", "Save key for audit/logging only \u2014 local config still controls all decisions").option("--profile <name>", 'Save as a named profile (default: "default")').action((apiKey, options) => {
   const DEFAULT_API_URL2 = "https://api.node9.ai/api/v1/intercept";
-  const credPath = path50.join(os44.homedir(), ".node9", "credentials.json");
-  if (!fs49.existsSync(path50.dirname(credPath)))
-    fs49.mkdirSync(path50.dirname(credPath), { recursive: true });
+  const credPath = path51.join(os45.homedir(), ".node9", "credentials.json");
+  if (!fs50.existsSync(path51.dirname(credPath)))
+    fs50.mkdirSync(path51.dirname(credPath), { recursive: true });
   const profileName = options.profile || "default";
   let existingCreds = {};
   try {
-    if (fs49.existsSync(credPath)) {
-      const raw = JSON.parse(fs49.readFileSync(credPath, "utf-8"));
+    if (fs50.existsSync(credPath)) {
+      const raw = JSON.parse(fs50.readFileSync(credPath, "utf-8"));
       if (raw.apiKey) {
         existingCreds = {
           default: { apiKey: raw.apiKey, apiUrl: raw.apiUrl || DEFAULT_API_URL2 }
@@ -23669,14 +24219,14 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
   } catch {
   }
   existingCreds[profileName] = { apiKey, apiUrl: DEFAULT_API_URL2 };
-  fs49.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
+  fs50.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
   let effectiveCloud = null;
   if (profileName === "default") {
-    const configPath = path50.join(os44.homedir(), ".node9", "config.json");
+    const configPath = path51.join(os45.homedir(), ".node9", "config.json");
     let config = {};
     try {
-      if (fs49.existsSync(configPath))
-        config = JSON.parse(fs49.readFileSync(configPath, "utf-8"));
+      if (fs50.existsSync(configPath))
+        config = JSON.parse(fs50.readFileSync(configPath, "utf-8"));
     } catch {
     }
     if (!config.settings || typeof config.settings !== "object") config.settings = {};
@@ -23691,9 +24241,9 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
       approvers.cloud = false;
     }
     s.approvers = approvers;
-    if (!fs49.existsSync(path50.dirname(configPath)))
-      fs49.mkdirSync(path50.dirname(configPath), { recursive: true });
-    fs49.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
+    if (!fs50.existsSync(path51.dirname(configPath)))
+      fs50.mkdirSync(path51.dirname(configPath), { recursive: true });
+    fs50.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
     effectiveCloud = approvers.cloud === true;
   }
   if (options.profile && profileName !== "default") {
@@ -23852,15 +24402,15 @@ program.command("uninstall").description("Remove all Node9 hooks and optionally
     }
   }
   if (options.purge) {
-    const node9Dir = path50.join(os44.homedir(), ".node9");
-    if (fs49.existsSync(node9Dir)) {
+    const node9Dir = path51.join(os45.homedir(), ".node9");
+    if (fs50.existsSync(node9Dir)) {
       const confirmed = await confirm2({
         message: `Permanently delete ${node9Dir} (config, audit log, credentials)?`,
         default: false
       });
       if (confirmed) {
-        fs49.rmSync(node9Dir, { recursive: true });
-        if (fs49.existsSync(node9Dir)) {
+        fs50.rmSync(node9Dir, { recursive: true });
+        if (fs50.existsSync(node9Dir)) {
           console.error(
             chalk30.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
           );
@@ -23975,7 +24525,7 @@ program.command("tail").description("Stream live agent activity to the terminal"
 });
 program.command("monitor").description("Live interactive dashboard \u2014 activity feed, approvals, security signals").action(async () => {
   try {
-    const dashboardPath = path50.join(__dirname, "dashboard.mjs");
+    const dashboardPath = path51.join(__dirname, "dashboard.mjs");
     const dynamicImport = new Function("id", "return import(id)");
     const mod = await dynamicImport(`file://${dashboardPath}`);
     await mod.startMonitor();
@@ -24013,14 +24563,14 @@ Claude Code spawns this command every ~300ms and writes a JSON payload to stdin.
 Run "node9 addto claude" to register it as the statusLine.`
 ).argument("[subcommand]", 'Optional: "debug on" / "debug off" to toggle stdin logging').argument("[state]", 'on|off \u2014 used with "debug" subcommand').action(async (subcommand, state) => {
   if (subcommand === "debug") {
-    const flagFile = path50.join(os44.homedir(), ".node9", "hud-debug");
+    const flagFile = path51.join(os45.homedir(), ".node9", "hud-debug");
     if (state === "on") {
-      fs49.mkdirSync(path50.dirname(flagFile), { recursive: true });
-      fs49.writeFileSync(flagFile, "");
+      fs50.mkdirSync(path51.dirname(flagFile), { recursive: true });
+      fs50.writeFileSync(flagFile, "");
       console.log("HUD debug logging enabled \u2192 ~/.node9/hud-debug.log");
       console.log("Tail it with: tail -f ~/.node9/hud-debug.log");
     } else if (state === "off") {
-      if (fs49.existsSync(flagFile)) fs49.unlinkSync(flagFile);
+      if (fs50.existsSync(flagFile)) fs50.unlinkSync(flagFile);
       console.log("HUD debug logging disabled.");
     } else {
       console.error("Usage: node9 hud debug on|off");
@@ -24137,9 +24687,9 @@ if (process.argv[2] !== "daemon") {
     const isCheckHook = process.argv[2] === "check";
     if (isCheckHook) {
       if (process.env.NODE9_DEBUG === "1" || getConfig().settings.enableHookLogDebug) {
-        const logPath = path50.join(os44.homedir(), ".node9", "hook-debug.log");
+        const logPath = path51.join(os45.homedir(), ".node9", "hook-debug.log");
         const msg = reason instanceof Error ? reason.message : String(reason);
-        fs49.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
+        fs50.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
 `);
       }
       process.exit(0);