npm - @node9/proxy - Versions diffs - 1.5.1 → 1.5.3 - Mend

@node9/proxy 1.5.1 → 1.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/cli.js CHANGED Viewed

@@ -213,12 +213,21 @@ var init_config_schema = __esm({
       verdict: import_zod.z.enum(["allow", "review", "block"], {
         errorMap: () => ({ message: "verdict must be one of: allow, review, block" })
       }),
-      reason: import_zod.z.string().optional()
+      reason: import_zod.z.string().optional(),
+      // Unknown predicate names are filtered out rather than failing the whole rule.
+      // Failing the whole z.array() would cause sanitizeConfig to drop the entire
+      // `policy` top-level key, silently disabling ALL smart rules in the config.
+      dependsOnState: import_zod.z.array(import_zod.z.string()).transform(
+        (arr) => arr.filter(
+          (p) => p === "no_test_passed_since_last_edit"
+        )
+      ).optional(),
+      recoveryCommand: import_zod.z.string().optional()
     });
     ConfigFileSchema = import_zod.z.object({
       version: import_zod.z.string().optional(),
       settings: import_zod.z.object({
-        mode: import_zod.z.enum(["standard", "strict", "audit"]).optional(),
+        mode: import_zod.z.enum(["standard", "strict", "audit", "observe"]).optional(),
         autoStartDaemon: import_zod.z.boolean().optional(),
         enableUndo: import_zod.z.boolean().optional(),
         enableHookLogDebug: import_zod.z.boolean().optional(),
@@ -645,12 +654,17 @@ function getConfig(cwd) {
     if (s.approvalTimeoutSeconds !== void 0 && s.approvalTimeoutMs === void 0)
       mergedSettings.approvalTimeoutMs = s.approvalTimeoutSeconds * 1e3;
     if (s.environment !== void 0) mergedSettings.environment = s.environment;
+    if (s.hud !== void 0) mergedSettings.hud = { ...mergedSettings.hud, ...s.hud };
     if (p.sandboxPaths) mergedPolicy.sandboxPaths.push(...p.sandboxPaths);
     if (p.ignoredTools) mergedPolicy.ignoredTools.push(...p.ignoredTools);
     if (p.dangerousWords) mergedPolicy.dangerousWords = [...p.dangerousWords];
     if (p.toolInspection)
       mergedPolicy.toolInspection = { ...mergedPolicy.toolInspection, ...p.toolInspection };
-    if (p.smartRules) mergedPolicy.smartRules.push(...p.smartRules);
+    if (p.smartRules) {
+      const defaultBlocks = mergedPolicy.smartRules.filter((r) => r.verdict === "block");
+      const defaultNonBlocks = mergedPolicy.smartRules.filter((r) => r.verdict !== "block");
+      mergedPolicy.smartRules = [...defaultBlocks, ...p.smartRules, ...defaultNonBlocks];
+    }
     if (p.snapshot) {
       const s2 = p.snapshot;
       if (s2.tools) mergedPolicy.snapshot.tools.push(...s2.tools);
@@ -1910,7 +1924,13 @@ async function evaluatePolicy(toolName, args, agent, cwd) {
         blockedByLabel: `Smart Rule: ${matchedRule.name ?? matchedRule.tool}`,
         reason: matchedRule.reason,
         tier: 2,
-        ruleName: matchedRule.name ?? matchedRule.tool
+        ruleName: matchedRule.name ?? matchedRule.tool,
+        ...matchedRule.verdict === "block" && matchedRule.dependsOnState?.length && {
+          dependsOnStatePredicates: matchedRule.dependsOnState
+        },
+        ...matchedRule.verdict === "block" && matchedRule.recoveryCommand && {
+          recoveryCommand: matchedRule.recoveryCommand
+        }
       };
     }
   }
@@ -2437,6 +2457,34 @@ var init_state = __esm({
 });
 // src/auth/daemon.ts
+function notifyActivitySocket(data) {
+  return new Promise((resolve) => {
+    try {
+      const payload = JSON.stringify(data);
+      const sock = import_net.default.createConnection(ACTIVITY_SOCKET_PATH);
+      sock.on("connect", () => {
+        sock.on("close", resolve);
+        sock.end(payload);
+      });
+      sock.on("error", resolve);
+    } catch {
+      resolve();
+    }
+  });
+}
+async function checkStatePredicates(predicates) {
+  if (predicates.length === 0) return {};
+  try {
+    const qs = predicates.map(encodeURIComponent).join(",");
+    const res = await fetch(`http://${DAEMON_HOST}:${DAEMON_PORT}/state/check?predicates=${qs}`, {
+      signal: AbortSignal.timeout(100)
+    });
+    if (!res.ok) return null;
+    return await res.json();
+  } catch {
+    return null;
+  }
+}
 function getInternalToken() {
   try {
     const pidFile = import_path10.default.join(import_os8.default.homedir(), ".node9", "daemon.pid");
@@ -2470,7 +2518,7 @@ function isDaemonRunning() {
     return false;
   }
 }
-async function registerDaemonEntry(toolName, args, meta, riskMetadata, activityId, cwd) {
+async function registerDaemonEntry(toolName, args, meta, riskMetadata, activityId, cwd, recoveryCommand, skipBackgroundAuth, viewOnly) {
   const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
   const ctrl = new AbortController();
   const timer = setTimeout(() => ctrl.abort(), 5e3);
@@ -2488,7 +2536,10 @@ async function registerDaemonEntry(toolName, args, meta, riskMetadata, activityI
         // activity-result as the CLI used for the pending activity event.
         activityId,
         ...riskMetadata && { riskMetadata },
-        ...cwd && { cwd }
+        ...cwd && { cwd },
+        ...recoveryCommand && { recoveryCommand },
+        ...skipBackgroundAuth && { skipBackgroundAuth: true },
+        ...viewOnly && { viewOnly: true }
       }),
       signal: ctrl.signal
     });
@@ -2508,10 +2559,10 @@ async function waitForDaemonDecision(id, signal) {
   try {
     const waitRes = await fetch(`${base}/wait/${id}`, { signal: waitCtrl.signal });
     if (!waitRes.ok) return { decision: "deny" };
-    const { decision, source } = await waitRes.json();
+    const { decision, source, reason } = await waitRes.json();
     if (decision === "allow") return { decision: "allow", source };
     if (decision === "abandoned") return { decision: "abandoned", source };
-    return { decision: "deny", source };
+    return { decision: "deny", source, reason };
   } finally {
     clearTimeout(waitTimer);
     if (signal) signal.removeEventListener("abort", onAbort);
@@ -2597,14 +2648,16 @@ async function resolveViaDaemon(id, decision, internalToken, source) {
     signal: AbortSignal.timeout(3e3)
   });
 }
-var import_fs9, import_path10, import_os8, import_child_process, DAEMON_PORT, DAEMON_HOST;
+var import_fs9, import_net, import_path10, import_os8, import_child_process, ACTIVITY_SOCKET_PATH, DAEMON_PORT, DAEMON_HOST;
 var init_daemon = __esm({
   "src/auth/daemon.ts"() {
     "use strict";
     import_fs9 = __toESM(require("fs"));
+    import_net = __toESM(require("net"));
     import_path10 = __toESM(require("path"));
     import_os8 = __toESM(require("os"));
     import_child_process = require("child_process");
+    ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path10.default.join(import_os8.default.tmpdir(), "node9-activity.sock");
     DAEMON_PORT = 7391;
     DAEMON_HOST = "127.0.0.1";
   }
@@ -3094,19 +3147,7 @@ function isNetworkTool(toolName, args) {
   return false;
 }
 function notifyActivity(data) {
-  return new Promise((resolve) => {
-    try {
-      const payload = JSON.stringify(data);
-      const sock = import_net.default.createConnection(ACTIVITY_SOCKET_PATH);
-      sock.on("connect", () => {
-        sock.on("close", resolve);
-        sock.end(payload);
-      });
-      sock.on("error", resolve);
-    } catch {
-      resolve();
-    }
-  });
+  return notifyActivitySocket(data);
 }
 async function authorizeHeadless(toolName, args, meta, options) {
   if (!options?.calledFromDaemon) {
@@ -3123,7 +3164,9 @@ async function authorizeHeadless(toolName, args, meta, options) {
         tool: toolName,
         ts: actTs,
         status: result.approved ? "allow" : result.blockedByLabel?.includes("DLP") ? "dlp" : result.blockedByLabel?.includes("Taint") ? "taint" : "block",
-        label: result.blockedByLabel
+        label: result.blockedByLabel,
+        ruleHit: result.ruleHit,
+        observeWouldBlock: result.observeWouldBlock
       });
     }
     return result;
@@ -3150,10 +3193,12 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
     appendHookDebug(toolName, args, meta, hashAuditArgs);
   }
   const isManual = meta?.agent === "Terminal";
+  const isObserveMode = config.settings.mode === "observe";
   let explainableLabel = "Local Config";
   let policyMatchedField;
   let policyMatchedWord;
   let riskMetadata;
+  let statefulRecoveryCommand;
   let taintWarning = null;
   if (isNetworkTool(toolName, args)) {
     const filePaths = extractFilePaths(toolName, args);
@@ -3174,10 +3219,26 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
     if (dlpMatch) {
       const dlpReason = `\u{1F6A8} DATA LOSS PREVENTION: ${dlpMatch.patternName} detected in field "${dlpMatch.fieldPath}" (${dlpMatch.redactedSample})`;
       if (dlpMatch.severity === "block") {
-        if (!isManual) appendLocalAudit(toolName, args, "deny", "dlp-block", meta, true);
+        if (!isManual)
+          appendLocalAudit(
+            toolName,
+            args,
+            "deny",
+            isObserveMode ? "observe-mode-dlp-would-block" : "dlp-block",
+            meta,
+            true
+          );
         if (isWriteTool(toolName) && filePath) {
           await notifyTaint(filePath, `DLP:${dlpMatch.patternName}`);
         }
+        if (isObserveMode) {
+          return {
+            approved: true,
+            checkedBy: "audit",
+            observeWouldBlock: true,
+            blockedByLabel: "\u{1F6A8} Node9 DLP (Secret Detected)"
+          };
+        }
         return {
           approved: false,
           reason: dlpReason,
@@ -3190,6 +3251,31 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
       explainableLabel = "\u{1F6A8} Node9 DLP (Credential Review)";
     }
   }
+  if (isObserveMode) {
+    if (!isIgnoredTool(toolName)) {
+      const policyResult = await evaluatePolicy(toolName, args, meta?.agent, options?.cwd);
+      const wouldBlock = policyResult.decision === "block";
+      if (!isManual)
+        appendLocalAudit(
+          toolName,
+          args,
+          "allow",
+          wouldBlock ? "observe-mode-would-block" : "observe-mode",
+          meta,
+          hashAuditArgs
+        );
+      return {
+        approved: true,
+        checkedBy: "audit",
+        ...wouldBlock && {
+          observeWouldBlock: true,
+          blockedByLabel: policyResult.blockedByLabel,
+          ruleHit: policyResult.ruleName
+        }
+      };
+    }
+    return { approved: true, checkedBy: "audit" };
+  }
   if (config.settings.mode === "audit") {
     if (!isIgnoredTool(toolName)) {
       const policyResult = await evaluatePolicy(toolName, args, meta?.agent, options?.cwd);
@@ -3217,14 +3303,34 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
       return { approved: true, checkedBy: "local-policy" };
     }
     if (policyResult.decision === "block") {
-      if (!isManual)
-        appendLocalAudit(toolName, args, "deny", "smart-rule-block", meta, hashAuditArgs);
-      return {
-        approved: false,
-        reason: policyResult.reason ?? "Action explicitly blocked by Smart Policy.",
-        blockedBy: "local-config",
-        blockedByLabel: policyResult.blockedByLabel
-      };
+      if (policyResult.dependsOnStatePredicates?.length) {
+        const stateResults = await checkStatePredicates(policyResult.dependsOnStatePredicates);
+        const predicatesMet = stateResults !== null && policyResult.dependsOnStatePredicates.every((p) => stateResults[p] === true);
+        if (stateResults === null && !isManual) {
+          appendToLog(HOOK_DEBUG_LOG, {
+            ts: (/* @__PURE__ */ new Date()).toISOString(),
+            event: "state-check-fail-open",
+            tool: toolName,
+            rule: policyResult.ruleName,
+            predicates: policyResult.dependsOnStatePredicates,
+            reason: "daemon unreachable or /state/check timed out \u2014 block rule downgraded to review"
+          });
+        }
+        if (predicatesMet && policyResult.recoveryCommand) {
+          statefulRecoveryCommand = policyResult.recoveryCommand;
+        }
+      } else {
+        if (!isManual)
+          appendLocalAudit(toolName, args, "deny", "smart-rule-block", meta, hashAuditArgs);
+        return {
+          approved: false,
+          reason: policyResult.reason ?? "Action explicitly blocked by Smart Policy.",
+          blockedBy: "local-config",
+          blockedByLabel: policyResult.blockedByLabel,
+          ruleHit: policyResult.ruleName,
+          ...policyResult.recoveryCommand && { recoveryCommand: policyResult.recoveryCommand }
+        };
+      }
     }
     explainableLabel = policyResult.blockedByLabel || "Local Config";
     policyMatchedField = policyResult.matchedField;
@@ -3331,7 +3437,8 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
           meta,
           riskMetadata,
           options?.activityId,
-          options?.cwd
+          options?.cwd,
+          statefulRecoveryCommand
         );
         daemonEntryId = entry.id;
         daemonAllowCount = entry.allowCount;
@@ -3392,20 +3499,26 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
   if (daemonEntryId && (approvers.browser || approvers.terminal)) {
     racePromises.push(
       (async () => {
-        const { decision: daemonDecision, source: decisionSource } = await waitForDaemonDecision(
-          daemonEntryId,
-          signal
-        );
+        const {
+          decision: daemonDecision,
+          source: decisionSource,
+          reason: daemonReason
+        } = await waitForDaemonDecision(daemonEntryId, signal);
         if (daemonDecision === "abandoned") throw new Error("Abandoned");
         const isApproved = daemonDecision === "allow";
-        const src = decisionSource === "terminal" || decisionSource === "browser" ? decisionSource : approvers.browser ? "browser" : "terminal";
+        const isRedirect = decisionSource === "terminal-redirect";
+        const src = decisionSource === "terminal" || decisionSource === "terminal-redirect" || decisionSource === "browser" ? decisionSource === "browser" ? "browser" : "terminal" : approvers.browser ? "browser" : "terminal";
         const via = src === "terminal" ? "Terminal (node9 tail)" : "Browser Dashboard";
         return {
           approved: isApproved,
-          reason: isApproved ? void 0 : `The human user rejected this action via the Node9 ${via}.`,
+          reason: isApproved ? void 0 : (
+            // Use the redirect reason from the tail when choice [2] was selected;
+            // otherwise fall back to the generic rejection message.
+            isRedirect && daemonReason || `The human user rejected this action via the Node9 ${via}.`
+          ),
           checkedBy: isApproved ? "daemon" : void 0,
           blockedBy: isApproved ? void 0 : "local-decision",
-          blockedByLabel: `User Decision (${via})`,
+          blockedByLabel: isRedirect ? "Steered Redirect (Terminal)" : `User Decision (${via})`,
           decisionSource: src
         };
       })()
@@ -3480,13 +3593,10 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
   }
   return finalResult;
 }
-var import_net, import_path13, import_os10, import_crypto3, WRITE_TOOLS, ACTIVITY_SOCKET_PATH;
+var import_crypto3, WRITE_TOOLS;
 var init_orchestrator = __esm({
   "src/auth/orchestrator.ts"() {
     "use strict";
-    import_net = __toESM(require("net"));
-    import_path13 = __toESM(require("path"));
-    import_os10 = __toESM(require("os"));
     import_crypto3 = require("crypto");
     init_native();
     init_context_sniper();
@@ -3508,7 +3618,6 @@ var init_orchestrator = __esm({
       "notebook_edit",
       "notebookedit"
     ]);
-    ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path13.default.join(import_os10.default.tmpdir(), "node9-activity.sock");
   }
 });
@@ -5235,12 +5344,12 @@ var init_suggestion_tracker = __esm({
 });
 // src/daemon/taint-store.ts
-var import_fs12, import_path15, DEFAULT_TTL_MS, TaintStore;
+var import_fs12, import_path14, DEFAULT_TTL_MS, TaintStore;
 var init_taint_store = __esm({
   "src/daemon/taint-store.ts"() {
     "use strict";
     import_fs12 = __toESM(require("fs"));
-    import_path15 = __toESM(require("path"));
+    import_path14 = __toESM(require("path"));
     DEFAULT_TTL_MS = 60 * 60 * 1e3;
     TaintStore = class {
       records = /* @__PURE__ */ new Map();
@@ -5305,15 +5414,116 @@ var init_taint_store = __esm({
       /** Resolve to absolute path, falling back to path.resolve if file doesn't exist yet. */
       _resolve(filePath) {
         try {
-          return import_fs12.default.realpathSync.native(import_path15.default.resolve(filePath));
+          return import_fs12.default.realpathSync.native(import_path14.default.resolve(filePath));
         } catch {
-          return import_path15.default.resolve(filePath);
+          return import_path14.default.resolve(filePath);
         }
       }
     };
   }
 });
+// src/daemon/session-counters.ts
+var SessionCounters, sessionCounters;
+var init_session_counters = __esm({
+  "src/daemon/session-counters.ts"() {
+    "use strict";
+    SessionCounters = class {
+      _allowed = 0;
+      _blocked = 0;
+      _dlpHits = 0;
+      _wouldBlock = 0;
+      _lastRuleHit = null;
+      _lastBlockedTool = null;
+      incrementAllowed() {
+        this._allowed++;
+      }
+      incrementBlocked() {
+        this._blocked++;
+      }
+      incrementDlpHits() {
+        this._dlpHits++;
+      }
+      incrementWouldBlock() {
+        this._wouldBlock++;
+      }
+      recordRuleHit(label) {
+        this._lastRuleHit = label;
+      }
+      recordBlockedTool(toolName) {
+        this._lastBlockedTool = toolName;
+      }
+      get() {
+        return {
+          allowed: this._allowed,
+          blocked: this._blocked,
+          dlpHits: this._dlpHits,
+          wouldBlock: this._wouldBlock,
+          lastRuleHit: this._lastRuleHit,
+          lastBlockedTool: this._lastBlockedTool
+        };
+      }
+      reset() {
+        this._allowed = 0;
+        this._blocked = 0;
+        this._dlpHits = 0;
+        this._wouldBlock = 0;
+        this._lastRuleHit = null;
+        this._lastBlockedTool = null;
+      }
+    };
+    sessionCounters = new SessionCounters();
+  }
+});
+// src/daemon/session-history.ts
+var SessionHistory, sessionHistory;
+var init_session_history = __esm({
+  "src/daemon/session-history.ts"() {
+    "use strict";
+    SessionHistory = class {
+      lastEditAt = null;
+      lastTestPassAt = null;
+      lastTestFailAt = null;
+      recordEdit(ts = Date.now()) {
+        this.lastEditAt = ts;
+      }
+      recordTestPass(ts = Date.now()) {
+        this.lastTestPassAt = ts;
+      }
+      recordTestFail(ts = Date.now()) {
+        this.lastTestFailAt = ts;
+      }
+      /**
+       * Returns true when the named predicate is currently satisfied.
+       * Unknown predicates always return false (fail-open: don't block on unknown state).
+       */
+      checkPredicate(name) {
+        switch (name) {
+          case "no_test_passed_since_last_edit":
+            if (this.lastEditAt === null) return false;
+            return this.lastTestPassAt === null || this.lastTestPassAt < this.lastEditAt;
+          default:
+            return false;
+        }
+      }
+      getSnapshot() {
+        return {
+          lastEditAt: this.lastEditAt,
+          lastTestPassAt: this.lastTestPassAt,
+          lastTestFailAt: this.lastTestFailAt
+        };
+      }
+      reset() {
+        this.lastEditAt = null;
+        this.lastTestPassAt = null;
+        this.lastTestFailAt = null;
+      }
+    };
+    sessionHistory = new SessionHistory();
+  }
+});
 // src/daemon/state.ts
 function loadInsightCounts() {
   try {
@@ -5357,7 +5567,7 @@ function markRejectionHandlerRegistered() {
   daemonRejectionHandlerRegistered = true;
 }
 function atomicWriteSync2(filePath, data, options) {
-  const dir = import_path16.default.dirname(filePath);
+  const dir = import_path15.default.dirname(filePath);
   if (!import_fs13.default.existsSync(dir)) import_fs13.default.mkdirSync(dir, { recursive: true });
   const tmpPath = `${filePath}.${(0, import_crypto5.randomUUID)()}.tmp`;
   try {
@@ -5397,7 +5607,7 @@ function appendAuditLog(data) {
       decision: data.decision,
       source: "daemon"
     };
-    const dir = import_path16.default.dirname(AUDIT_LOG_FILE);
+    const dir = import_path15.default.dirname(AUDIT_LOG_FILE);
     if (!import_fs13.default.existsSync(dir)) import_fs13.default.mkdirSync(dir, { recursive: true });
     import_fs13.default.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
   } catch {
@@ -5546,6 +5756,14 @@ function startActivitySocket() {
     socket.on("end", () => {
       try {
         const data = JSON.parse(Buffer.concat(chunks).toString());
+        if (data.status === "test_pass") {
+          sessionHistory.recordTestPass(data.ts);
+          return;
+        }
+        if (data.status === "test_fail") {
+          sessionHistory.recordTestFail(data.ts);
+          return;
+        }
         if (data.status === "pending") {
           broadcast("activity", {
             id: data.id,
@@ -5555,6 +5773,24 @@ function startActivitySocket() {
             status: "pending"
           });
         } else {
+          if (data.status === "allow") {
+            sessionCounters.incrementAllowed();
+            if (data.observeWouldBlock) sessionCounters.incrementWouldBlock();
+            if (WRITE_TOOL_NAMES.has(data.tool.toLowerCase().replace(/[^a-z_]/g, "_"))) {
+              sessionHistory.recordEdit(data.ts);
+            }
+          } else if (data.status === "block") {
+            sessionCounters.incrementBlocked();
+            sessionCounters.recordBlockedTool(data.tool);
+            if (data.ruleHit) sessionCounters.recordRuleHit(data.ruleHit);
+          } else if (data.status === "dlp") {
+            sessionCounters.incrementBlocked();
+            sessionCounters.incrementDlpHits();
+            sessionCounters.recordBlockedTool(data.tool);
+          } else if (data.status === "taint") {
+            sessionCounters.incrementBlocked();
+            sessionCounters.recordBlockedTool(data.tool);
+          }
           broadcast("activity-result", {
             id: data.id,
             status: data.status,
@@ -5575,27 +5811,29 @@ function startActivitySocket() {
     }
   });
 }
-var import_net2, import_fs13, import_path16, import_os12, import_child_process3, import_crypto5, homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, suggestions, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, SECRET_KEY_RE;
+var import_net2, import_fs13, import_path15, import_os11, import_child_process3, import_crypto5, homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, suggestions, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, SECRET_KEY_RE, WRITE_TOOL_NAMES;
 var init_state2 = __esm({
   "src/daemon/state.ts"() {
     "use strict";
     import_net2 = __toESM(require("net"));
     import_fs13 = __toESM(require("fs"));
-    import_path16 = __toESM(require("path"));
-    import_os12 = __toESM(require("os"));
+    import_path15 = __toESM(require("path"));
+    import_os11 = __toESM(require("os"));
     import_child_process3 = require("child_process");
     import_crypto5 = require("crypto");
     init_daemon();
     init_suggestion_tracker();
     init_taint_store();
-    homeDir = import_os12.default.homedir();
-    DAEMON_PID_FILE = import_path16.default.join(homeDir, ".node9", "daemon.pid");
-    DECISIONS_FILE = import_path16.default.join(homeDir, ".node9", "decisions.json");
-    AUDIT_LOG_FILE = import_path16.default.join(homeDir, ".node9", "audit.log");
-    TRUST_FILE2 = import_path16.default.join(homeDir, ".node9", "trust.json");
-    GLOBAL_CONFIG_FILE = import_path16.default.join(homeDir, ".node9", "config.json");
-    CREDENTIALS_FILE = import_path16.default.join(homeDir, ".node9", "credentials.json");
-    INSIGHT_COUNTS_FILE = import_path16.default.join(homeDir, ".node9", "insight-counts.json");
+    init_session_counters();
+    init_session_history();
+    homeDir = import_os11.default.homedir();
+    DAEMON_PID_FILE = import_path15.default.join(homeDir, ".node9", "daemon.pid");
+    DECISIONS_FILE = import_path15.default.join(homeDir, ".node9", "decisions.json");
+    AUDIT_LOG_FILE = import_path15.default.join(homeDir, ".node9", "audit.log");
+    TRUST_FILE2 = import_path15.default.join(homeDir, ".node9", "trust.json");
+    GLOBAL_CONFIG_FILE = import_path15.default.join(homeDir, ".node9", "config.json");
+    CREDENTIALS_FILE = import_path15.default.join(homeDir, ".node9", "credentials.json");
+    INSIGHT_COUNTS_FILE = import_path15.default.join(homeDir, ".node9", "insight-counts.json");
     pending = /* @__PURE__ */ new Map();
     sseClients = /* @__PURE__ */ new Set();
     suggestionTracker = new SuggestionTracker(3);
@@ -5613,10 +5851,21 @@ var init_state2 = __esm({
       "2h": 2 * 60 * 6e4
     };
     autoStarted = process.env.NODE9_AUTO_STARTED === "1";
-    ACTIVITY_SOCKET_PATH2 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path16.default.join(import_os12.default.tmpdir(), "node9-activity.sock");
+    ACTIVITY_SOCKET_PATH2 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path15.default.join(import_os11.default.tmpdir(), "node9-activity.sock");
     ACTIVITY_RING_SIZE = 100;
     activityRing = [];
     SECRET_KEY_RE = /password|secret|token|key|apikey|credential|auth/i;
+    WRITE_TOOL_NAMES = /* @__PURE__ */ new Set([
+      "write",
+      "write_file",
+      "create_file",
+      "edit",
+      "multiedit",
+      "str_replace_based_edit_tool",
+      "replace",
+      "notebook_edit",
+      "notebookedit"
+    ]);
   }
 });
@@ -5644,7 +5893,7 @@ function patchConfig(configPath, patch) {
       ignored.push(patch.toolName);
     }
   }
-  const dir = import_path17.default.dirname(configPath);
+  const dir = import_path16.default.dirname(configPath);
   import_fs14.default.mkdirSync(dir, { recursive: true });
   const tmp = configPath + ".node9-tmp";
   try {
@@ -5666,14 +5915,14 @@ function patchConfig(configPath, patch) {
     throw err;
   }
 }
-var import_fs14, import_path17, import_os13, GLOBAL_CONFIG_PATH;
+var import_fs14, import_path16, import_os12, GLOBAL_CONFIG_PATH;
 var init_patch = __esm({
   "src/config/patch.ts"() {
     "use strict";
     import_fs14 = __toESM(require("fs"));
-    import_path17 = __toESM(require("path"));
-    import_os13 = __toESM(require("os"));
-    GLOBAL_CONFIG_PATH = import_path17.default.join(import_os13.default.homedir(), ".node9", "config.json");
+    import_path16 = __toESM(require("path"));
+    import_os12 = __toESM(require("os"));
+    GLOBAL_CONFIG_PATH = import_path16.default.join(import_os12.default.homedir(), ".node9", "config.json");
   }
 });
@@ -5740,6 +5989,8 @@ data: ${JSON.stringify({
             toolName: e.toolName,
             args: e.args,
             riskMetadata: e.riskMetadata,
+            ...e.recoveryCommand && { recoveryCommand: e.recoveryCommand },
+            ...e.viewOnly && { viewOnly: true },
             slackDelegated: e.slackDelegated,
             timestamp: e.timestamp,
             agent: e.agent,
@@ -5805,6 +6056,9 @@ data: ${JSON.stringify(item.data)}
           agent,
           mcpServer,
           riskMetadata,
+          recoveryCommand,
+          skipBackgroundAuth = false,
+          viewOnly = false,
           fromCLI = false,
           activityId,
           cwd
@@ -5815,6 +6069,8 @@ data: ${JSON.stringify(item.data)}
           toolName,
           args,
           riskMetadata: riskMetadata ?? void 0,
+          ...typeof recoveryCommand === "string" && recoveryCommand && { recoveryCommand },
+          ...viewOnly && { viewOnly: true },
           agent: typeof agent === "string" ? agent : void 0,
           mcpServer: typeof mcpServer === "string" ? mcpServer : void 0,
           slackDelegated: !!slackDelegated,
@@ -5849,7 +6105,7 @@ data: ${JSON.stringify(item.data)}
             status: "pending"
           });
         }
-        const projectCwd = typeof cwd === "string" && import_path18.default.isAbsolute(cwd) ? cwd : void 0;
+        const projectCwd = typeof cwd === "string" && import_path17.default.isAbsolute(cwd) ? cwd : void 0;
         const projectConfig = getConfig(projectCwd);
         const browserEnabled = projectConfig.settings.approvers?.browser !== false;
         const terminalEnabled = projectConfig.settings.approvers?.terminal !== false;
@@ -5859,6 +6115,8 @@ data: ${JSON.stringify(item.data)}
             toolName,
             args,
             riskMetadata: entry.riskMetadata,
+            ...entry.recoveryCommand && { recoveryCommand: entry.recoveryCommand },
+            ...entry.viewOnly && { viewOnly: true },
             slackDelegated: entry.slackDelegated,
             agent: entry.agent,
             mcpServer: entry.mcpServer,
@@ -5875,7 +6133,7 @@ data: ${JSON.stringify(item.data)}
         }
         res.writeHead(200, { "Content-Type": "application/json" });
         res.end(JSON.stringify({ id, allowCount: (insightCounts.get(toolName) ?? 0) + 1 }));
-        if (slackDelegated) return;
+        if (slackDelegated || skipBackgroundAuth) return;
         authorizeHeadless(
           toolName,
           args,
@@ -6014,7 +6272,7 @@ data: ${JSON.stringify(item.data)}
           saveInsightCounts();
           suggestionTracker.resetTool(entry.toolName);
         }
-        const VALID_SOURCES = /* @__PURE__ */ new Set(["terminal", "browser", "native"]);
+        const VALID_SOURCES = /* @__PURE__ */ new Set(["terminal", "browser", "native", "terminal-redirect"]);
         if (source && VALID_SOURCES.has(source)) entry.decisionSource = source;
         if (entry.waiter) {
           entry.waiter(resolvedDecision, reason);
@@ -6043,6 +6301,41 @@ data: ${JSON.stringify(item.data)}
         return res.end(JSON.stringify({ error: "internal" }));
       }
     }
+    if (req.method === "GET" && pathname === "/status") {
+      try {
+        const s = getGlobalSettings();
+        const counters = sessionCounters.get();
+        const mode = s.mode ?? "standard";
+        const status = {
+          mode,
+          session: {
+            allowed: counters.allowed,
+            blocked: counters.blocked,
+            dlpHits: counters.dlpHits,
+            wouldBlock: counters.wouldBlock
+          },
+          taintedCount: taintStore.list().length,
+          lastRuleHit: counters.lastRuleHit,
+          lastBlockedTool: counters.lastBlockedTool
+        };
+        res.writeHead(200, { "Content-Type": "application/json" });
+        return res.end(JSON.stringify(status));
+      } catch (err) {
+        console.error(import_chalk2.default.red("[node9 daemon] GET /status failed:"), err);
+        res.writeHead(500, { "Content-Type": "application/json" });
+        return res.end(JSON.stringify({ error: "internal" }));
+      }
+    }
+    if (req.method === "GET" && pathname === "/state/check") {
+      const predicatesParam = reqUrl.searchParams.get("predicates") ?? "";
+      const predicates = predicatesParam.split(",").filter(Boolean);
+      const results = {};
+      for (const p of predicates) {
+        results[p] = sessionHistory.checkPredicate(p);
+      }
+      res.writeHead(200, { "Content-Type": "application/json" });
+      return res.end(JSON.stringify(results));
+    }
     if (req.method === "POST" && pathname === "/settings") {
       if (!validToken(req)) return res.writeHead(403).end();
       try {
@@ -6200,8 +6493,8 @@ data: ${JSON.stringify(item.data)}
         const body = await readBody(req);
         const data = body ? JSON.parse(body) : {};
         const configPath = data.configPath ?? GLOBAL_CONFIG_PATH;
-        const node9Dir = import_path18.default.dirname(GLOBAL_CONFIG_PATH);
-        if (!import_path18.default.resolve(configPath).startsWith(node9Dir + import_path18.default.sep)) {
+        const node9Dir = import_path17.default.dirname(GLOBAL_CONFIG_PATH);
+        if (!import_path17.default.resolve(configPath).startsWith(node9Dir + import_path17.default.sep)) {
           res.writeHead(400, { "Content-Type": "application/json" });
           return res.end(
             JSON.stringify({ error: "configPath must be within the node9 config directory" })
@@ -6378,13 +6671,13 @@ data: ${JSON.stringify(item.data)}
   }
   startActivitySocket();
 }
-var import_http, import_fs15, import_path18, import_crypto6, import_child_process4, import_chalk2;
+var import_http, import_fs15, import_path17, import_crypto6, import_child_process4, import_chalk2;
 var init_server = __esm({
   "src/daemon/server.ts"() {
     "use strict";
     import_http = __toESM(require("http"));
     import_fs15 = __toESM(require("fs"));
-    import_path18 = __toESM(require("path"));
+    import_path17 = __toESM(require("path"));
     import_crypto6 = require("crypto");
     import_child_process4 = require("child_process");
     import_chalk2 = __toESM(require("chalk"));
@@ -6528,9 +6821,10 @@ async function ensureDaemon() {
 }
 function postDecisionHttp(id, decision, csrfToken, port, opts) {
   return new Promise((resolve, reject) => {
-    const bodyObj = { decision, source: "terminal" };
+    const bodyObj = { decision, source: opts?.source ?? "terminal" };
     if (opts?.persist) bodyObj.persist = true;
     if (opts?.trustDuration) bodyObj.trustDuration = opts.trustDuration;
+    if (opts?.reason) bodyObj.reason = opts.reason;
     const body = JSON.stringify(bodyObj);
     const req = import_http2.default.request(
       {
@@ -6555,6 +6849,9 @@ function postDecisionHttp(id, decision, csrfToken, port, opts) {
   });
 }
 function buildCardLines(req, localCount = 0) {
+  if (req.recoveryCommand) {
+    return buildRecoveryCardLines(req);
+  }
   const argsStr = JSON.stringify(req.args ?? {}).replace(/\s+/g, " ");
   const argsPreview = argsStr.length > 60 ? argsStr.slice(0, 60) + "\u2026" : argsStr;
   const tierLabel = req.riskMetadata?.tier != null ? req.riskMetadata.tier <= 2 ? `${YELLOW}\u26A0  Tier ${req.riskMetadata.tier}` : `${RED}\u{1F6D1} Tier ${req.riskMetadata.tier}` : `${YELLOW}\u26A0  Review`;
@@ -6582,6 +6879,31 @@ function buildCardLines(req, localCount = 0) {
   );
   return lines;
 }
+function buildRecoveryCardLines(req) {
+  const argsObj = req.args;
+  const command = typeof argsObj?.command === "string" ? argsObj.command : JSON.stringify(req.args ?? {}).replace(/\s+/g, " ").slice(0, 60);
+  const ruleName = req.riskMetadata?.ruleName?.replace(/^Smart Rule:\s*/i, "") ?? "policy rule";
+  const recoveryCommand = req.recoveryCommand;
+  const interactiveLines = req.viewOnly ? [`  ${GRAY}\u2192 Awaiting decision from interactive terminal...${RESET}`] : [
+    `  ${BOLD}${GREEN}[1]${RESET} Allow anyway  ${GRAY}(override policy)${RESET}`,
+    `  ${BOLD}${YELLOW}[2]${RESET} Redirect AI: "Run '${recoveryCommand}' first, then retry"`,
+    `  ${BOLD}${RED}[3]${RESET} Deny & stop  ${GRAY}(hard block)${RESET}`,
+    ``,
+    `  ${GRAY}[Timeout: auto-deny]${RESET}`,
+    `  Select [1-3]: `
+  ];
+  return [
+    ``,
+    `${BOLD}${CYAN}${DIVIDER}${RESET}`,
+    `\u{1F6E1}\uFE0F  ${BOLD}NODE9 STATE GUARD:${RESET} '${BOLD}${command}${RESET}'`,
+    `${YELLOW}\u26A0\uFE0F  Rule: ${ruleName}${RESET}`,
+    `${CYAN}${DIVIDER}${RESET}`,
+    ...!req.viewOnly ? [`${BOLD}What would you like to do?${RESET}`, ``] : [],
+    ...interactiveLines,
+    `${CYAN}${DIVIDER}${RESET}`,
+    ``
+  ];
+}
 async function startTail(options = {}) {
   const port = await ensureDaemon();
   if (options.clear) {
@@ -6680,14 +7002,14 @@ async function startTail(options = {}) {
           localAllowCounts.get(req2.toolName) ?? 0
         )
       );
-      const decisionStamp = action === "always-allow" ? import_chalk16.default.yellow("\u2605 ALWAYS ALLOW") : action === "trust" ? import_chalk16.default.cyan("\u23F1 TRUST 30m") : action === "allow" ? import_chalk16.default.green("\u2713 ALLOWED") : import_chalk16.default.red("\u2717 DENIED");
+      const decisionStamp = action === "always-allow" ? import_chalk16.default.yellow("\u2605 ALWAYS ALLOW") : action === "trust" ? import_chalk16.default.cyan("\u23F1 TRUST 30m") : action === "allow" ? import_chalk16.default.green("\u2713 ALLOWED") : action === "redirect" ? import_chalk16.default.yellow("\u21A9 REDIRECT AI") : import_chalk16.default.red("\u2717 DENIED");
       stampedLines.push(`  ${BOLD}\u2192${RESET} ${decisionStamp} ${GRAY}(terminal)${RESET}`, ``);
       for (const line of stampedLines) process.stdout.write(line + "\n");
       process.stdout.write(SHOW_CURSOR);
       cardLineCount = 0;
       if (action === "allow" || action === "always-allow" || action === "trust") {
         localAllowCounts.set(req2.toolName, (localAllowCounts.get(req2.toolName) ?? 0) + 1);
-      } else if (action === "deny") {
+      } else if (action === "deny" || action === "redirect") {
         localAllowCounts.delete(req2.toolName);
       }
       let httpDecision;
@@ -6698,13 +7020,18 @@ async function startTail(options = {}) {
       } else if (action === "trust") {
         httpDecision = "trust";
         httpOpts = { trustDuration: "30m" };
+      } else if (action === "redirect") {
+        httpDecision = "deny";
+        const recoveryCommand = req2.recoveryCommand ?? "the required pre-condition";
+        const redirectReason = `USER INTERVENTION: I am blocking this ${req2.toolName} because the required pre-condition has not been met. Please execute \`${recoveryCommand}\`. If it passes, you are then authorized to run \`${req2.toolName}\`.`;
+        httpOpts = { reason: redirectReason, source: "terminal-redirect" };
       } else {
         httpDecision = action;
       }
       postDecisionHttp(req2.id, httpDecision, csrfToken, port, httpOpts).catch((err) => {
         try {
           import_fs24.default.appendFileSync(
-            import_path26.default.join(import_os21.default.homedir(), ".node9", "hook-debug.log"),
+            import_path25.default.join(import_os20.default.homedir(), ".node9", "hook-debug.log"),
             `[tail] POST /decision failed: ${String(err)}
 `
           );
@@ -6736,17 +7063,34 @@ async function startTail(options = {}) {
       cardActive = false;
       showNextCard();
     };
+    if (req2.viewOnly) {
+      process.stdin.resume();
+      onKeypress = () => {
+      };
+      process.stdin.on("keypress", onKeypress);
+      return;
+    }
     process.stdin.resume();
     onKeypress = (_str, key) => {
       const name = key?.name ?? "";
-      if (name === "y" || name === "return") {
-        settle("allow");
-      } else if (name === "n" || name === "d" || key?.ctrl && name === "c") {
-        settle("deny");
-      } else if (name === "a") {
-        settle("always-allow");
-      } else if (name === "t") {
-        settle("trust");
+      if (req2.recoveryCommand) {
+        if (name === "1") {
+          settle("allow");
+        } else if (name === "2") {
+          settle("redirect");
+        } else if (name === "3" || key?.ctrl && name === "c") {
+          settle("deny");
+        }
+      } else {
+        if (name === "y" || name === "return") {
+          settle("allow");
+        } else if (name === "n" || name === "d" || key?.ctrl && name === "c") {
+          settle("deny");
+        } else if (name === "a") {
+          settle("always-allow");
+        } else if (name === "t") {
+          settle("trust");
+        }
       }
     };
     process.stdin.on("keypress", onKeypress);
@@ -6916,21 +7260,21 @@ async function startTail(options = {}) {
     process.exit(1);
   });
 }
-var import_http2, import_chalk16, import_fs24, import_os21, import_path26, import_readline3, import_child_process13, PID_FILE, ICONS, RESET, BOLD, RED, YELLOW, CYAN, GRAY, GREEN, HIDE_CURSOR, SHOW_CURSOR, ERASE_DOWN;
+var import_http2, import_chalk16, import_fs24, import_os20, import_path25, import_readline3, import_child_process13, PID_FILE, ICONS, RESET, BOLD, RED, YELLOW, CYAN, GRAY, GREEN, HIDE_CURSOR, SHOW_CURSOR, ERASE_DOWN, DIVIDER;
 var init_tail = __esm({
   "src/tui/tail.ts"() {
     "use strict";
     import_http2 = __toESM(require("http"));
     import_chalk16 = __toESM(require("chalk"));
     import_fs24 = __toESM(require("fs"));
-    import_os21 = __toESM(require("os"));
-    import_path26 = __toESM(require("path"));
+    import_os20 = __toESM(require("os"));
+    import_path25 = __toESM(require("path"));
     import_readline3 = __toESM(require("readline"));
     import_child_process13 = require("child_process");
     init_daemon2();
     init_daemon();
     init_core();
-    PID_FILE = import_path26.default.join(import_os21.default.homedir(), ".node9", "daemon.pid");
+    PID_FILE = import_path25.default.join(import_os20.default.homedir(), ".node9", "daemon.pid");
     ICONS = {
       bash: "\u{1F4BB}",
       shell: "\u{1F4BB}",
@@ -6958,6 +7302,326 @@ var init_tail = __esm({
     HIDE_CURSOR = "\x1B[?25l";
     SHOW_CURSOR = "\x1B[?25h";
     ERASE_DOWN = "\x1B[J";
+    DIVIDER = "\u2500".repeat(60);
+  }
+});
+// src/cli/hud.ts
+var hud_exports = {};
+__export(hud_exports, {
+  countConfigs: () => countConfigs,
+  main: () => main,
+  renderEnvironmentLine: () => renderEnvironmentLine
+});
+async function readStdin() {
+  const chunks = [];
+  for await (const chunk of process.stdin) {
+    chunks.push(chunk);
+  }
+  const raw = Buffer.concat(chunks).toString("utf-8").trim();
+  if (!raw) return {};
+  try {
+    return JSON.parse(raw);
+  } catch {
+    return {};
+  }
+}
+function queryDaemon() {
+  return new Promise((resolve) => {
+    const timeout = setTimeout(() => resolve(null), 50);
+    try {
+      const req = import_http3.default.get(
+        `http://${DAEMON_HOST}:${DAEMON_PORT}/status`,
+        { timeout: 50 },
+        (res) => {
+          const chunks = [];
+          res.on("data", (c) => chunks.push(c));
+          res.on("end", () => {
+            clearTimeout(timeout);
+            try {
+              resolve(JSON.parse(Buffer.concat(chunks).toString()));
+            } catch {
+              resolve(null);
+            }
+          });
+        }
+      );
+      req.on("error", () => {
+        clearTimeout(timeout);
+        resolve(null);
+      });
+      req.on("timeout", () => {
+        clearTimeout(timeout);
+        req.destroy();
+        resolve(null);
+      });
+    } catch {
+      clearTimeout(timeout);
+      resolve(null);
+    }
+  });
+}
+function dim(s) {
+  return `${DIM}${s}${RESET2}`;
+}
+function bold(s) {
+  return `${BOLD2}${s}${RESET2}`;
+}
+function color(c, s) {
+  return `${c}${s}${RESET2}`;
+}
+function progressBar(pct, warnAt = 70, critAt = 85) {
+  const filled = Math.round(Math.min(pct, 100) / 100 * BAR_WIDTH);
+  const bar = BAR_FILLED.repeat(filled) + BAR_EMPTY.repeat(BAR_WIDTH - filled);
+  const c = pct >= critAt ? RED2 : pct >= warnAt ? YELLOW2 : GREEN2;
+  return `${c}${bar}${RESET2}`;
+}
+function formatTimeLeft(resetsAt) {
+  if (!resetsAt) return "";
+  const ms = new Date(resetsAt).getTime() - Date.now();
+  if (ms <= 0) return "";
+  const totalMin = Math.ceil(ms / 6e4);
+  const h = Math.floor(totalMin / 60);
+  const m = totalMin % 60;
+  if (h > 0) return ` (${h}h ${m}m left)`;
+  return ` (${m}m left)`;
+}
+function safeReadJson(filePath) {
+  if (!import_fs25.default.existsSync(filePath)) return null;
+  try {
+    return JSON.parse(import_fs25.default.readFileSync(filePath, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+function getMcpServerNames(filePath) {
+  const cfg = safeReadJson(filePath);
+  if (!cfg || typeof cfg.mcpServers !== "object" || cfg.mcpServers === null) return /* @__PURE__ */ new Set();
+  return new Set(Object.keys(cfg.mcpServers));
+}
+function getDisabledMcpServers(filePath, key) {
+  const cfg = safeReadJson(filePath);
+  if (!cfg || !Array.isArray(cfg[key])) return /* @__PURE__ */ new Set();
+  return new Set(cfg[key].filter((s) => typeof s === "string"));
+}
+function countHooksInFile(filePath) {
+  const cfg = safeReadJson(filePath);
+  if (!cfg || typeof cfg.hooks !== "object" || cfg.hooks === null) return 0;
+  return Object.keys(cfg.hooks).length;
+}
+function countRulesInDir(rulesDir) {
+  if (!import_fs25.default.existsSync(rulesDir)) return 0;
+  let count = 0;
+  try {
+    for (const entry of import_fs25.default.readdirSync(rulesDir, { withFileTypes: true })) {
+      if (entry.isDirectory()) {
+        count += countRulesInDir(import_path26.default.join(rulesDir, entry.name));
+      } else if (entry.isFile() && entry.name.endsWith(".md")) {
+        count++;
+      }
+    }
+  } catch {
+  }
+  return count;
+}
+function isSamePath(a, b) {
+  try {
+    return import_path26.default.resolve(a) === import_path26.default.resolve(b);
+  } catch {
+    return false;
+  }
+}
+function countConfigs(cwd) {
+  const homeDir2 = import_os21.default.homedir();
+  const claudeDir = import_path26.default.join(homeDir2, ".claude");
+  let claudeMdCount = 0;
+  let rulesCount = 0;
+  let hooksCount = 0;
+  const userMcpServers = /* @__PURE__ */ new Set();
+  const projectMcpServers = /* @__PURE__ */ new Set();
+  if (import_fs25.default.existsSync(import_path26.default.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
+  rulesCount += countRulesInDir(import_path26.default.join(claudeDir, "rules"));
+  const userSettings = import_path26.default.join(claudeDir, "settings.json");
+  for (const name of getMcpServerNames(userSettings)) userMcpServers.add(name);
+  hooksCount += countHooksInFile(userSettings);
+  const userClaudeJson = import_path26.default.join(homeDir2, ".claude.json");
+  for (const name of getMcpServerNames(userClaudeJson)) userMcpServers.add(name);
+  for (const name of getDisabledMcpServers(userClaudeJson, "disabledMcpServers")) {
+    userMcpServers.delete(name);
+  }
+  if (cwd) {
+    if (import_fs25.default.existsSync(import_path26.default.join(cwd, "CLAUDE.md"))) claudeMdCount++;
+    if (import_fs25.default.existsSync(import_path26.default.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
+    const projectClaudeDir = import_path26.default.join(cwd, ".claude");
+    const overlapsUserScope = isSamePath(projectClaudeDir, claudeDir);
+    if (!overlapsUserScope) {
+      if (import_fs25.default.existsSync(import_path26.default.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
+      rulesCount += countRulesInDir(import_path26.default.join(projectClaudeDir, "rules"));
+      const projSettings = import_path26.default.join(projectClaudeDir, "settings.json");
+      for (const name of getMcpServerNames(projSettings)) projectMcpServers.add(name);
+      hooksCount += countHooksInFile(projSettings);
+    }
+    if (import_fs25.default.existsSync(import_path26.default.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
+    const localSettings = import_path26.default.join(projectClaudeDir, "settings.local.json");
+    for (const name of getMcpServerNames(localSettings)) projectMcpServers.add(name);
+    hooksCount += countHooksInFile(localSettings);
+    const mcpJsonServers = getMcpServerNames(import_path26.default.join(cwd, ".mcp.json"));
+    const disabledMcpJson = getDisabledMcpServers(localSettings, "disabledMcpjsonServers");
+    for (const name of disabledMcpJson) mcpJsonServers.delete(name);
+    for (const name of mcpJsonServers) projectMcpServers.add(name);
+  }
+  return {
+    claudeMdCount,
+    rulesCount,
+    mcpCount: userMcpServers.size + projectMcpServers.size,
+    hooksCount
+  };
+}
+function renderEnvironmentLine(counts) {
+  const { claudeMdCount, rulesCount, mcpCount, hooksCount } = counts;
+  if (claudeMdCount === 0 && rulesCount === 0 && mcpCount === 0 && hooksCount === 0) return null;
+  const parts = [
+    `${claudeMdCount} CLAUDE.md`,
+    `${rulesCount} rules`,
+    `${mcpCount} MCPs`,
+    `${hooksCount} hooks`
+  ];
+  return color(DIM, parts.join(` ${dim("|")} `));
+}
+function renderOffline() {
+  process.stdout.write(`${color(BLUE, "\u{1F6E1}")} ${bold("node9")} ${dim("|")} ${dim("offline")}
+`);
+}
+function renderSecurityLine(status) {
+  const parts = [];
+  parts.push(`${color(BLUE, "\u{1F6E1}")} ${bold("node9")}`);
+  const modeColors = {
+    standard: GREEN2,
+    strict: RED2,
+    observe: MAGENTA,
+    audit: YELLOW2
+  };
+  const modeIcon = {
+    standard: "",
+    strict: "",
+    observe: "\u{1F441} ",
+    audit: ""
+  };
+  const mc = modeColors[status.mode] ?? WHITE;
+  parts.push(`${dim("|")} ${color(mc, modeIcon[status.mode] ?? "")}${color(mc, status.mode)}`);
+  if (status.mode === "observe") {
+    parts.push(`${dim("|")} ${color(GREEN2, `\u2705 ${status.session.allowed} passed`)}`);
+    if (status.session.wouldBlock > 0) {
+      parts.push(color(YELLOW2, `\u26A0 ${status.session.wouldBlock} would-block`));
+    }
+  } else {
+    parts.push(`${dim("|")} ${color(GREEN2, `\u2705 ${status.session.allowed} allowed`)}`);
+    if (status.session.blocked > 0) {
+      parts.push(color(RED2, `\u{1F6D1} ${status.session.blocked} blocked`));
+    }
+    if (status.session.dlpHits > 0) {
+      parts.push(color(RED2, `\u{1F6A8} ${status.session.dlpHits} dlp`));
+    }
+  }
+  if (status.taintedCount > 0) {
+    parts.push(color(YELLOW2, `\u{1F4A7} ${status.taintedCount} tainted`));
+  }
+  if (status.lastRuleHit) {
+    const ruleName = status.lastRuleHit.replace(/^Smart Rule:\s*/i, "");
+    parts.push(color(CYAN2, `\u26A1 ${ruleName}`));
+  }
+  return parts.join("  ");
+}
+function renderContextLine(stdin) {
+  const cw = stdin.context_window;
+  if (!cw) return null;
+  const parts = [];
+  const modelName = typeof stdin.model === "string" ? stdin.model : stdin.model?.display_name ?? "";
+  if (modelName) {
+    parts.push(color(CYAN2, modelName));
+  }
+  const usedPct = cw.used_percentage ?? (cw.current_usage && cw.context_window_size ? Math.round(
+    ((cw.current_usage.input_tokens ?? 0) + (cw.current_usage.output_tokens ?? 0)) / cw.context_window_size * 100
+  ) : null);
+  if (usedPct !== null) {
+    const bar = progressBar(usedPct);
+    parts.push(`${dim("\u2502")} ctx ${bar} ${usedPct}%`);
+  }
+  const rl = stdin.rate_limits;
+  if (rl?.five_hour?.used_percentage !== void 0) {
+    const pct = Math.round(rl.five_hour.used_percentage);
+    const bar = progressBar(pct, 60, 80);
+    const left = formatTimeLeft(rl.five_hour.resets_at);
+    parts.push(`${dim("\u2502")} 5h ${bar} ${pct}%${left}`);
+  }
+  if (rl?.seven_day?.used_percentage !== void 0) {
+    const pct = Math.round(rl.seven_day.used_percentage);
+    const bar = progressBar(pct, 60, 80);
+    parts.push(`${dim("\u2502")} 7d ${bar} ${pct}%`);
+  }
+  if (parts.length === 0) return null;
+  return parts.join("  ");
+}
+async function main() {
+  try {
+    const [stdin, daemonStatus2] = await Promise.all([readStdin(), queryDaemon()]);
+    if (!daemonStatus2) {
+      renderOffline();
+      return;
+    }
+    process.stdout.write(renderSecurityLine(daemonStatus2) + "\n");
+    const ctxLine = renderContextLine(stdin);
+    if (ctxLine) {
+      process.stdout.write(ctxLine + "\n");
+    }
+    const showEnvCounts = (() => {
+      try {
+        const cwd = stdin.cwd ?? process.cwd();
+        for (const configPath of [
+          import_path26.default.join(cwd, "node9.config.json"),
+          import_path26.default.join(import_os21.default.homedir(), ".node9", "config.json")
+        ]) {
+          if (!import_fs25.default.existsSync(configPath)) continue;
+          const cfg = JSON.parse(import_fs25.default.readFileSync(configPath, "utf-8"));
+          const hud = cfg.settings?.hud;
+          if (hud && "showEnvironmentCounts" in hud) return hud.showEnvironmentCounts !== false;
+        }
+      } catch {
+      }
+      return true;
+    })();
+    if (showEnvCounts) {
+      const envLine = renderEnvironmentLine(countConfigs(stdin.cwd));
+      if (envLine) {
+        process.stdout.write(envLine + "\n");
+      }
+    }
+  } catch {
+    renderOffline();
+  }
+}
+var import_fs25, import_path26, import_os21, import_http3, RESET2, BOLD2, DIM, RED2, GREEN2, YELLOW2, BLUE, MAGENTA, CYAN2, WHITE, BAR_FILLED, BAR_EMPTY, BAR_WIDTH;
+var init_hud = __esm({
+  "src/cli/hud.ts"() {
+    "use strict";
+    import_fs25 = __toESM(require("fs"));
+    import_path26 = __toESM(require("path"));
+    import_os21 = __toESM(require("os"));
+    import_http3 = __toESM(require("http"));
+    init_daemon();
+    RESET2 = "\x1B[0m";
+    BOLD2 = "\x1B[1m";
+    DIM = "\x1B[2m";
+    RED2 = "\x1B[31m";
+    GREEN2 = "\x1B[32m";
+    YELLOW2 = "\x1B[33m";
+    BLUE = "\x1B[34m";
+    MAGENTA = "\x1B[35m";
+    CYAN2 = "\x1B[36m";
+    WHITE = "\x1B[37m";
+    BAR_FILLED = "\u2588";
+    BAR_EMPTY = "\u2591";
+    BAR_WIDTH = 10;
   }
 });
@@ -6967,8 +7631,8 @@ init_core();
 // src/setup.ts
 var import_fs11 = __toESM(require("fs"));
-var import_path14 = __toESM(require("path"));
-var import_os11 = __toESM(require("os"));
+var import_path13 = __toESM(require("path"));
+var import_os10 = __toESM(require("os"));
 var import_chalk = __toESM(require("chalk"));
 var import_prompts = require("@inquirer/prompts");
 function printDaemonTip() {
@@ -6993,7 +7657,7 @@ function readJson(filePath) {
   return null;
 }
 function writeJson(filePath, data) {
-  const dir = import_path14.default.dirname(filePath);
+  const dir = import_path13.default.dirname(filePath);
   if (!import_fs11.default.existsSync(dir)) import_fs11.default.mkdirSync(dir, { recursive: true });
   import_fs11.default.writeFileSync(filePath, JSON.stringify(data, null, 2) + "\n");
 }
@@ -7002,9 +7666,9 @@ function isNode9Hook(cmd) {
   return /(?:^|[\s/\\])node9 (?:check|log)/.test(cmd) || /(?:^|[\s/\\])cli\.js (?:check|log)/.test(cmd);
 }
 function teardownClaude() {
-  const homeDir2 = import_os11.default.homedir();
-  const hooksPath = import_path14.default.join(homeDir2, ".claude", "settings.json");
-  const mcpPath = import_path14.default.join(homeDir2, ".claude.json");
+  const homeDir2 = import_os10.default.homedir();
+  const hooksPath = import_path13.default.join(homeDir2, ".claude", "settings.json");
+  const mcpPath = import_path13.default.join(homeDir2, ".claude.json");
   let changed = false;
   const settings = readJson(hooksPath);
   if (settings?.hooks) {
@@ -7052,8 +7716,8 @@ function teardownClaude() {
   }
 }
 function teardownGemini() {
-  const homeDir2 = import_os11.default.homedir();
-  const settingsPath = import_path14.default.join(homeDir2, ".gemini", "settings.json");
+  const homeDir2 = import_os10.default.homedir();
+  const settingsPath = import_path13.default.join(homeDir2, ".gemini", "settings.json");
   const settings = readJson(settingsPath);
   if (!settings) {
     console.log(import_chalk.default.blue("  \u2139\uFE0F  ~/.gemini/settings.json not found \u2014 nothing to remove"));
@@ -7091,8 +7755,8 @@ function teardownGemini() {
   }
 }
 function teardownCursor() {
-  const homeDir2 = import_os11.default.homedir();
-  const mcpPath = import_path14.default.join(homeDir2, ".cursor", "mcp.json");
+  const homeDir2 = import_os10.default.homedir();
+  const mcpPath = import_path13.default.join(homeDir2, ".cursor", "mcp.json");
   const mcpConfig = readJson(mcpPath);
   if (!mcpConfig?.mcpServers) {
     console.log(import_chalk.default.blue("  \u2139\uFE0F  ~/.cursor/mcp.json not found \u2014 nothing to remove"));
@@ -7118,9 +7782,9 @@ function teardownCursor() {
   }
 }
 async function setupClaude() {
-  const homeDir2 = import_os11.default.homedir();
-  const mcpPath = import_path14.default.join(homeDir2, ".claude.json");
-  const hooksPath = import_path14.default.join(homeDir2, ".claude", "settings.json");
+  const homeDir2 = import_os10.default.homedir();
+  const mcpPath = import_path13.default.join(homeDir2, ".claude.json");
+  const hooksPath = import_path13.default.join(homeDir2, ".claude", "settings.json");
   const claudeConfig = readJson(mcpPath) ?? {};
   const settings = readJson(hooksPath) ?? {};
   const servers = claudeConfig.mcpServers ?? {};
@@ -7194,8 +7858,8 @@ async function setupClaude() {
   }
 }
 async function setupGemini() {
-  const homeDir2 = import_os11.default.homedir();
-  const settingsPath = import_path14.default.join(homeDir2, ".gemini", "settings.json");
+  const homeDir2 = import_os10.default.homedir();
+  const settingsPath = import_path13.default.join(homeDir2, ".gemini", "settings.json");
   const settings = readJson(settingsPath) ?? {};
   const servers = settings.mcpServers ?? {};
   let anythingChanged = false;
@@ -7276,7 +7940,7 @@ async function setupGemini() {
     printDaemonTip();
   }
 }
-function detectAgents(homeDir2 = import_os11.default.homedir()) {
+function detectAgents(homeDir2 = import_os10.default.homedir()) {
   const exists = (p) => {
     try {
       return import_fs11.default.existsSync(p);
@@ -7290,14 +7954,14 @@ function detectAgents(homeDir2 = import_os11.default.homedir()) {
     }
   };
   return {
-    claude: exists(import_path14.default.join(homeDir2, ".claude")) || exists(import_path14.default.join(homeDir2, ".claude.json")),
-    gemini: exists(import_path14.default.join(homeDir2, ".gemini")),
-    cursor: exists(import_path14.default.join(homeDir2, ".cursor"))
+    claude: exists(import_path13.default.join(homeDir2, ".claude")) || exists(import_path13.default.join(homeDir2, ".claude.json")),
+    gemini: exists(import_path13.default.join(homeDir2, ".gemini")),
+    cursor: exists(import_path13.default.join(homeDir2, ".cursor"))
   };
 }
 async function setupCursor() {
-  const homeDir2 = import_os11.default.homedir();
-  const mcpPath = import_path14.default.join(homeDir2, ".cursor", "mcp.json");
+  const homeDir2 = import_os10.default.homedir();
+  const mcpPath = import_path13.default.join(homeDir2, ".cursor", "mcp.json");
   const mcpConfig = readJson(mcpPath) ?? {};
   const servers = mcpConfig.mcpServers ?? {};
   let anythingChanged = false;
@@ -7350,11 +8014,57 @@ async function setupCursor() {
     printDaemonTip();
   }
 }
+function setupHud() {
+  const homeDir2 = import_os10.default.homedir();
+  const hooksPath = import_path13.default.join(homeDir2, ".claude", "settings.json");
+  const settings = readJson(hooksPath) ?? {};
+  const hudCommand = fullPathCommand("hud");
+  const statusLineObj = { type: "command", command: hudCommand };
+  const existing = settings.statusLine;
+  const existingCommand = typeof existing === "object" ? existing?.command : existing;
+  if (existingCommand === hudCommand) {
+    console.log(import_chalk.default.blue("\u2139\uFE0F  node9 HUD is already configured in ~/.claude/settings.json"));
+    console.log(import_chalk.default.gray("   Restart Claude Code to activate."));
+    return;
+  }
+  if (existing && existingCommand !== hudCommand) {
+    console.log(
+      import_chalk.default.yellow(
+        `  \u26A0\uFE0F  statusLine is already set to: "${existingCommand}"
+     Overwriting with node9 HUD.`
+      )
+    );
+  }
+  settings.statusLine = statusLineObj;
+  writeJson(hooksPath, settings);
+  console.log(import_chalk.default.green.bold("\u2705 node9 HUD added to Claude Code statusline"));
+  console.log(import_chalk.default.gray("   Settings: ~/.claude/settings.json"));
+  console.log(import_chalk.default.gray("   Restart Claude Code to activate."));
+}
+function teardownHud() {
+  const homeDir2 = import_os10.default.homedir();
+  const hooksPath = import_path13.default.join(homeDir2, ".claude", "settings.json");
+  const settings = readJson(hooksPath);
+  if (!settings) {
+    console.log(import_chalk.default.blue("  \u2139\uFE0F  ~/.claude/settings.json not found \u2014 nothing to remove"));
+    return;
+  }
+  const existing = settings.statusLine;
+  const existingCommand = typeof existing === "object" ? existing?.command : existing;
+  if (!existingCommand || !String(existingCommand).includes("node9")) {
+    console.log(import_chalk.default.blue("  \u2139\uFE0F  node9 HUD not found in ~/.claude/settings.json"));
+    return;
+  }
+  delete settings.statusLine;
+  writeJson(hooksPath, settings);
+  console.log(import_chalk.default.green("  \u2705 node9 HUD removed from ~/.claude/settings.json"));
+  console.log(import_chalk.default.gray("   Restart Claude Code for changes to take effect."));
+}
 // src/cli.ts
 init_daemon2();
 var import_chalk17 = __toESM(require("chalk"));
-var import_fs25 = __toESM(require("fs"));
+var import_fs26 = __toESM(require("fs"));
 var import_path27 = __toESM(require("path"));
 var import_os22 = __toESM(require("os"));
 var import_prompts3 = require("@inquirer/prompts");
@@ -7387,7 +8097,7 @@ var import_execa2 = require("execa");
 init_orchestrator();
 // src/policy/negotiation.ts
-function buildNegotiationMessage(blockedByLabel, isHumanDecision, humanReason) {
+function buildNegotiationMessage(blockedByLabel, isHumanDecision, humanReason, recoveryCommand) {
   if (isHumanDecision) {
     return `NODE9: The human user rejected this action.
 REASON: ${humanReason || "No specific reason provided."}
@@ -7443,10 +8153,11 @@ INSTRUCTION: Inform the user this action is pending approval. Wait for them to a
 INSTRUCTION: Do NOT use "${rule}". Find a read-only or non-destructive alternative.
 Do NOT attempt to bypass this rule.`;
   }
+  const recovery = recoveryCommand ? `
+REQUIRED ACTION: Run \`${recoveryCommand}\` first, then retry your original command.` : "\n- Pivot to a non-destructive or read-only alternative.";
   return `NODE9: Action blocked by security policy [${blockedByLabel}].
 INSTRUCTIONS:
-- Do NOT retry this exact command or attempt to bypass the rule.
-- Pivot to a non-destructive or read-only alternative.
+- Do NOT retry this exact command or attempt to bypass the rule.${recovery}
 - Inform the user which security rule was triggered and ask how to proceed.`;
 }
@@ -7578,8 +8289,8 @@ async function autoStartDaemonAndWait() {
 // src/cli/commands/check.ts
 var import_chalk5 = __toESM(require("chalk"));
 var import_fs18 = __toESM(require("fs"));
-var import_path20 = __toESM(require("path"));
-var import_os15 = __toESM(require("os"));
+var import_path19 = __toESM(require("path"));
+var import_os14 = __toESM(require("os"));
 init_orchestrator();
 init_daemon();
 init_config();
@@ -7589,10 +8300,10 @@ init_policy();
 var import_child_process8 = require("child_process");
 var import_crypto7 = __toESM(require("crypto"));
 var import_fs17 = __toESM(require("fs"));
-var import_path19 = __toESM(require("path"));
-var import_os14 = __toESM(require("os"));
-var SNAPSHOT_STACK_PATH = import_path19.default.join(import_os14.default.homedir(), ".node9", "snapshots.json");
-var UNDO_LATEST_PATH = import_path19.default.join(import_os14.default.homedir(), ".node9", "undo_latest.txt");
+var import_path18 = __toESM(require("path"));
+var import_os13 = __toESM(require("os"));
+var SNAPSHOT_STACK_PATH = import_path18.default.join(import_os13.default.homedir(), ".node9", "snapshots.json");
+var UNDO_LATEST_PATH = import_path18.default.join(import_os13.default.homedir(), ".node9", "undo_latest.txt");
 var MAX_SNAPSHOTS = 10;
 var GIT_TIMEOUT = 15e3;
 function readStack() {
@@ -7604,7 +8315,7 @@ function readStack() {
   return [];
 }
 function writeStack(stack) {
-  const dir = import_path19.default.dirname(SNAPSHOT_STACK_PATH);
+  const dir = import_path18.default.dirname(SNAPSHOT_STACK_PATH);
   if (!import_fs17.default.existsSync(dir)) import_fs17.default.mkdirSync(dir, { recursive: true });
   import_fs17.default.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
 }
@@ -7632,14 +8343,14 @@ function normalizeCwdForHash(cwd) {
 }
 function getShadowRepoDir(cwd) {
   const hash = import_crypto7.default.createHash("sha256").update(normalizeCwdForHash(cwd)).digest("hex").slice(0, 16);
-  return import_path19.default.join(import_os14.default.homedir(), ".node9", "snapshots", hash);
+  return import_path18.default.join(import_os13.default.homedir(), ".node9", "snapshots", hash);
 }
 function cleanOrphanedIndexFiles(shadowDir) {
   try {
     const cutoff = Date.now() - 6e4;
     for (const f of import_fs17.default.readdirSync(shadowDir)) {
       if (f.startsWith("index_")) {
-        const fp = import_path19.default.join(shadowDir, f);
+        const fp = import_path18.default.join(shadowDir, f);
         try {
           if (import_fs17.default.statSync(fp).mtimeMs < cutoff) import_fs17.default.unlinkSync(fp);
         } catch {
@@ -7653,7 +8364,7 @@ function writeShadowExcludes(shadowDir, ignorePaths) {
   const hardcoded = [".git", ".node9"];
   const lines = [...hardcoded, ...ignorePaths].join("\n");
   try {
-    import_fs17.default.writeFileSync(import_path19.default.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
+    import_fs17.default.writeFileSync(import_path18.default.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
   } catch {
   }
 }
@@ -7666,7 +8377,7 @@ function ensureShadowRepo(shadowDir, cwd) {
     timeout: 3e3
   });
   if (check.status === 0) {
-    const ptPath = import_path19.default.join(shadowDir, "project-path.txt");
+    const ptPath = import_path18.default.join(shadowDir, "project-path.txt");
     try {
       const stored = import_fs17.default.readFileSync(ptPath, "utf8").trim();
       if (stored === normalizedCwd) return true;
@@ -7693,7 +8404,7 @@ function ensureShadowRepo(shadowDir, cwd) {
       console.error("[Node9] git init --bare failed:", init.stderr?.toString());
     return false;
   }
-  const configFile = import_path19.default.join(shadowDir, "config");
+  const configFile = import_path18.default.join(shadowDir, "config");
   (0, import_child_process8.spawnSync)("git", ["config", "--file", configFile, "core.untrackedCache", "true"], {
     timeout: 3e3
   });
@@ -7701,7 +8412,7 @@ function ensureShadowRepo(shadowDir, cwd) {
     timeout: 3e3
   });
   try {
-    import_fs17.default.writeFileSync(import_path19.default.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
+    import_fs17.default.writeFileSync(import_path18.default.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
   } catch {
   }
   return true;
@@ -7724,7 +8435,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
     const shadowDir = getShadowRepoDir(cwd);
     if (!ensureShadowRepo(shadowDir, cwd)) return null;
     writeShadowExcludes(shadowDir, ignorePaths);
-    indexFile = import_path19.default.join(shadowDir, `index_${process.pid}_${Date.now()}`);
+    indexFile = import_path18.default.join(shadowDir, `index_${process.pid}_${Date.now()}`);
     const shadowEnv = {
       ...process.env,
       GIT_DIR: shadowDir,
@@ -7833,7 +8544,7 @@ function applyUndo(hash, cwd) {
       timeout: GIT_TIMEOUT
     }).stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
     for (const file of [...tracked, ...untracked]) {
-      const fullPath = import_path19.default.join(dir, file);
+      const fullPath = import_path18.default.join(dir, file);
       if (!snapshotFiles.has(file) && import_fs17.default.existsSync(fullPath)) {
         import_fs17.default.unlinkSync(fullPath);
       }
@@ -7859,7 +8570,7 @@ function registerCheckCommand(program2) {
         } catch (err) {
           const tempConfig = getConfig();
           if (process.env.NODE9_DEBUG === "1" || tempConfig.settings.enableHookLogDebug) {
-            const logPath = import_path20.default.join(import_os15.default.homedir(), ".node9", "hook-debug.log");
+            const logPath = import_path19.default.join(import_os14.default.homedir(), ".node9", "hook-debug.log");
             const errMsg = err instanceof Error ? err.message : String(err);
             import_fs18.default.appendFileSync(
               logPath,
@@ -7872,9 +8583,9 @@ RAW: ${raw}
         }
         const config = getConfig(payload.cwd || void 0);
         if (process.env.NODE9_DEBUG === "1" || config.settings.enableHookLogDebug) {
-          const logPath = import_path20.default.join(import_os15.default.homedir(), ".node9", "hook-debug.log");
-          if (!import_fs18.default.existsSync(import_path20.default.dirname(logPath)))
-            import_fs18.default.mkdirSync(import_path20.default.dirname(logPath), { recursive: true });
+          const logPath = import_path19.default.join(import_os14.default.homedir(), ".node9", "hook-debug.log");
+          if (!import_fs18.default.existsSync(import_path19.default.dirname(logPath)))
+            import_fs18.default.mkdirSync(import_path19.default.dirname(logPath), { recursive: true });
           import_fs18.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
 `);
         }
@@ -7900,6 +8611,8 @@ RAW: ${raw}
             }
             writeTty(import_chalk5.default.gray(`   Triggered by: ${blockedByContext}`));
             if (result2?.changeHint) writeTty(import_chalk5.default.cyan(`   To change:  ${result2.changeHint}`));
+            if (result2?.recoveryCommand)
+              writeTty(import_chalk5.default.green(`   \u{1F4A1} Run:      ${result2.recoveryCommand}`));
             writeTty("");
           } catch {
           } finally {
@@ -7912,7 +8625,8 @@ RAW: ${raw}
           const aiFeedbackMessage = buildNegotiationMessage(
             blockedByContext,
             isHumanDecision,
-            msg
+            msg,
+            result2?.recoveryCommand
           );
           process.stdout.write(
             JSON.stringify({
@@ -7936,7 +8650,7 @@ RAW: ${raw}
         if (shouldSnapshot(toolName, toolInput, config)) {
           await createShadowSnapshot(toolName, toolInput, config.policy.snapshot.ignorePaths);
         }
-        const safeCwdForAuth = typeof payload.cwd === "string" && import_path20.default.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+        const safeCwdForAuth = typeof payload.cwd === "string" && import_path19.default.isAbsolute(payload.cwd) ? payload.cwd : void 0;
         const result = await authorizeHeadless(toolName, toolInput, meta, {
           cwd: safeCwdForAuth
         });
@@ -7980,7 +8694,7 @@ RAW: ${raw}
         });
       } catch (err) {
         if (process.env.NODE9_DEBUG === "1") {
-          const logPath = import_path20.default.join(import_os15.default.homedir(), ".node9", "hook-debug.log");
+          const logPath = import_path19.default.join(import_os14.default.homedir(), ".node9", "hook-debug.log");
           const errMsg = err instanceof Error ? err.message : String(err);
           import_fs18.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
 `);
@@ -8017,8 +8731,8 @@ RAW: ${raw}
 // src/cli/commands/log.ts
 var import_fs19 = __toESM(require("fs"));
-var import_path21 = __toESM(require("path"));
-var import_os16 = __toESM(require("os"));
+var import_path20 = __toESM(require("path"));
+var import_os15 = __toESM(require("os"));
 init_audit();
 init_config();
 init_policy();
@@ -8062,6 +8776,20 @@ function containsShellMetachar(token) {
 }
 // src/cli/commands/log.ts
+var TEST_COMMAND_RE = /(?:^|\s)(npm\s+(?:run\s+)?test|npx\s+(?:vitest|jest|mocha)|yarn\s+(?:run\s+)?test|pnpm\s+(?:run\s+)?test|vitest|jest|mocha|pytest|py\.test|cargo\s+test|go\s+test|bundle\s+exec\s+rspec|rspec|phpunit|dotnet\s+test)\b/i;
+function detectTestResult(command, output) {
+  if (!TEST_COMMAND_RE.test(command)) return null;
+  const out = output.toLowerCase();
+  if (/\b(tests?\s+passed|all\s+tests?\s+passed|passing|test\s+suites?.*passed|ok\b|\d+\s+passed)/i.test(
+    out
+  ) && !/\b(fail|error|failed)\b/.test(out)) {
+    return "pass";
+  }
+  if (/\b(tests?\s+failed|failing|failed|error|assertion\s+error|\d+\s+failed)\b/i.test(out)) {
+    return "fail";
+  }
+  return null;
+}
 function sanitize3(value) {
   return value.replace(/[\x00-\x1F\x7F]/g, "");
 }
@@ -8080,9 +8808,9 @@ function registerLogCommand(program2) {
           decision: "allowed",
           source: "post-hook"
         };
-        const logPath = import_path21.default.join(import_os16.default.homedir(), ".node9", "audit.log");
-        if (!import_fs19.default.existsSync(import_path21.default.dirname(logPath)))
-          import_fs19.default.mkdirSync(import_path21.default.dirname(logPath), { recursive: true });
+        const logPath = import_path20.default.join(import_os15.default.homedir(), ".node9", "audit.log");
+        if (!import_fs19.default.existsSync(import_path20.default.dirname(logPath)))
+          import_fs19.default.mkdirSync(import_path20.default.dirname(logPath), { recursive: true });
         import_fs19.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
         if ((tool === "Bash" || tool === "bash") && isDaemonRunning()) {
           const command = typeof rawInput === "object" && rawInput !== null && "command" in rawInput && typeof rawInput.command === "string" ? rawInput.command : null;
@@ -8093,7 +8821,22 @@ function registerLogCommand(program2) {
             }
           }
         }
-        const safeCwd = typeof payload.cwd === "string" && import_path21.default.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+        if ((tool === "Bash" || tool === "bash") && isDaemonRunning()) {
+          const bashCommand = typeof rawInput === "object" && rawInput !== null && "command" in rawInput && typeof rawInput.command === "string" ? rawInput.command : null;
+          const output = payload.tool_response?.output ?? "";
+          if (bashCommand && output) {
+            const testResult = detectTestResult(bashCommand, output);
+            if (testResult) {
+              await notifyActivitySocket({
+                id: "test-result",
+                ts: Date.now(),
+                tool,
+                status: testResult === "pass" ? "test_pass" : "test_fail"
+              });
+            }
+          }
+        }
+        const safeCwd = typeof payload.cwd === "string" && import_path20.default.isAbsolute(payload.cwd) ? payload.cwd : void 0;
         const config = getConfig(safeCwd);
         if (shouldSnapshot(tool, {}, config)) {
           await createShadowSnapshot("unknown", {}, config.policy.snapshot.ignorePaths);
@@ -8102,7 +8845,7 @@ function registerLogCommand(program2) {
         const msg = err instanceof Error ? err.message : String(err);
         process.stderr.write(`[Node9] audit log error: ${msg}
 `);
-        const debugPath = import_path21.default.join(import_os16.default.homedir(), ".node9", "hook-debug.log");
+        const debugPath = import_path20.default.join(import_os15.default.homedir(), ".node9", "hook-debug.log");
         try {
           import_fs19.default.appendFileSync(debugPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] LOG_ERROR: ${msg}
 `);
@@ -8409,13 +9152,13 @@ function registerConfigShowCommand(program2) {
 // src/cli/commands/doctor.ts
 var import_chalk7 = __toESM(require("chalk"));
 var import_fs20 = __toESM(require("fs"));
-var import_path22 = __toESM(require("path"));
-var import_os17 = __toESM(require("os"));
+var import_path21 = __toESM(require("path"));
+var import_os16 = __toESM(require("os"));
 var import_child_process9 = require("child_process");
 init_daemon();
 function registerDoctorCommand(program2, version2) {
   program2.command("doctor").description("Check that Node9 is installed and configured correctly").action(() => {
-    const homeDir2 = import_os17.default.homedir();
+    const homeDir2 = import_os16.default.homedir();
     let failures = 0;
     function pass(msg) {
       console.log(import_chalk7.default.green("  \u2705 ") + msg);
@@ -8464,7 +9207,7 @@ function registerDoctorCommand(program2, version2) {
       );
     }
     section("Configuration");
-    const globalConfigPath = import_path22.default.join(homeDir2, ".node9", "config.json");
+    const globalConfigPath = import_path21.default.join(homeDir2, ".node9", "config.json");
     if (import_fs20.default.existsSync(globalConfigPath)) {
       try {
         JSON.parse(import_fs20.default.readFileSync(globalConfigPath, "utf-8"));
@@ -8475,7 +9218,7 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("~/.node9/config.json not found (using defaults)", "Run: node9 init");
     }
-    const projectConfigPath = import_path22.default.join(process.cwd(), "node9.config.json");
+    const projectConfigPath = import_path21.default.join(process.cwd(), "node9.config.json");
     if (import_fs20.default.existsSync(projectConfigPath)) {
       try {
         JSON.parse(import_fs20.default.readFileSync(projectConfigPath, "utf-8"));
@@ -8487,7 +9230,7 @@ function registerDoctorCommand(program2, version2) {
         );
       }
     }
-    const credsPath = import_path22.default.join(homeDir2, ".node9", "credentials.json");
+    const credsPath = import_path21.default.join(homeDir2, ".node9", "credentials.json");
     if (import_fs20.default.existsSync(credsPath)) {
       pass("Cloud credentials found (~/.node9/credentials.json)");
     } else {
@@ -8497,7 +9240,7 @@ function registerDoctorCommand(program2, version2) {
       );
     }
     section("Agent Hooks");
-    const claudeSettingsPath = import_path22.default.join(homeDir2, ".claude", "settings.json");
+    const claudeSettingsPath = import_path21.default.join(homeDir2, ".claude", "settings.json");
     if (import_fs20.default.existsSync(claudeSettingsPath)) {
       try {
         const cs = JSON.parse(import_fs20.default.readFileSync(claudeSettingsPath, "utf-8"));
@@ -8516,7 +9259,7 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("Claude Code \u2014 not configured", "Run: node9 setup claude");
     }
-    const geminiSettingsPath = import_path22.default.join(homeDir2, ".gemini", "settings.json");
+    const geminiSettingsPath = import_path21.default.join(homeDir2, ".gemini", "settings.json");
     if (import_fs20.default.existsSync(geminiSettingsPath)) {
       try {
         const gs = JSON.parse(import_fs20.default.readFileSync(geminiSettingsPath, "utf-8"));
@@ -8535,7 +9278,7 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("Gemini CLI  \u2014 not configured", "Run: node9 setup gemini  (skip if not using Gemini)");
     }
-    const cursorHooksPath = import_path22.default.join(homeDir2, ".cursor", "hooks.json");
+    const cursorHooksPath = import_path21.default.join(homeDir2, ".cursor", "hooks.json");
     if (import_fs20.default.existsSync(cursorHooksPath)) {
       try {
         const cur = JSON.parse(import_fs20.default.readFileSync(cursorHooksPath, "utf-8"));
@@ -8577,8 +9320,8 @@ function registerDoctorCommand(program2, version2) {
 // src/cli/commands/audit.ts
 var import_chalk8 = __toESM(require("chalk"));
 var import_fs21 = __toESM(require("fs"));
-var import_path23 = __toESM(require("path"));
-var import_os18 = __toESM(require("os"));
+var import_path22 = __toESM(require("path"));
+var import_os17 = __toESM(require("os"));
 function formatRelativeTime(timestamp) {
   const diff = Date.now() - new Date(timestamp).getTime();
   const sec = Math.floor(diff / 1e3);
@@ -8591,7 +9334,7 @@ function formatRelativeTime(timestamp) {
 }
 function registerAuditCommand(program2) {
   program2.command("audit").description("View local execution audit log").option("--tail <n>", "Number of entries to show", "20").option("--tool <pattern>", "Filter by tool name (substring match)").option("--deny", "Show only denied actions").option("--json", "Output raw JSON").action((options) => {
-    const logPath = import_path23.default.join(import_os18.default.homedir(), ".node9", "audit.log");
+    const logPath = import_path22.default.join(import_os17.default.homedir(), ".node9", "audit.log");
     if (!import_fs21.default.existsSync(logPath)) {
       console.log(
         import_chalk8.default.yellow("No audit logs found. Run node9 with an agent to generate entries.")
@@ -8717,8 +9460,8 @@ function registerDaemonCommand(program2) {
 // src/cli/commands/status.ts
 var import_chalk10 = __toESM(require("chalk"));
 var import_fs22 = __toESM(require("fs"));
-var import_path24 = __toESM(require("path"));
-var import_os19 = __toESM(require("os"));
+var import_path23 = __toESM(require("path"));
+var import_os18 = __toESM(require("os"));
 init_core();
 init_daemon();
 function readJson2(filePath) {
@@ -8788,8 +9531,8 @@ function registerStatusCommand(program2) {
     console.log("");
     const modeLabel = settings.mode === "audit" ? import_chalk10.default.blue("audit") : settings.mode === "strict" ? import_chalk10.default.red("strict") : import_chalk10.default.white("standard");
     console.log(`  Mode:    ${modeLabel}`);
-    const projectConfig = import_path24.default.join(process.cwd(), "node9.config.json");
-    const globalConfig = import_path24.default.join(import_os19.default.homedir(), ".node9", "config.json");
+    const projectConfig = import_path23.default.join(process.cwd(), "node9.config.json");
+    const globalConfig = import_path23.default.join(import_os18.default.homedir(), ".node9", "config.json");
     console.log(
       `  Local:   ${import_fs22.default.existsSync(projectConfig) ? import_chalk10.default.green("Active (node9.config.json)") : import_chalk10.default.gray("Not present")}`
     );
@@ -8801,15 +9544,15 @@ function registerStatusCommand(program2) {
         `  Sandbox: ${import_chalk10.default.green(`${mergedConfig.policy.sandboxPaths.length} safe zones active`)}`
       );
     }
-    const homeDir2 = import_os19.default.homedir();
+    const homeDir2 = import_os18.default.homedir();
     const claudeSettings = readJson2(
-      import_path24.default.join(homeDir2, ".claude", "settings.json")
+      import_path23.default.join(homeDir2, ".claude", "settings.json")
     );
-    const claudeConfig = readJson2(import_path24.default.join(homeDir2, ".claude.json"));
+    const claudeConfig = readJson2(import_path23.default.join(homeDir2, ".claude.json"));
     const geminiSettings = readJson2(
-      import_path24.default.join(homeDir2, ".gemini", "settings.json")
+      import_path23.default.join(homeDir2, ".gemini", "settings.json")
     );
-    const cursorConfig = readJson2(import_path24.default.join(homeDir2, ".cursor", "mcp.json"));
+    const cursorConfig = readJson2(import_path23.default.join(homeDir2, ".cursor", "mcp.json"));
     const agentFound = claudeSettings || claudeConfig || geminiSettings || cursorConfig;
     if (agentFound) {
       console.log("");
@@ -8869,13 +9612,13 @@ function registerStatusCommand(program2) {
 // src/cli/commands/init.ts
 var import_chalk11 = __toESM(require("chalk"));
 var import_fs23 = __toESM(require("fs"));
-var import_path25 = __toESM(require("path"));
-var import_os20 = __toESM(require("os"));
+var import_path24 = __toESM(require("path"));
+var import_os19 = __toESM(require("os"));
 init_core();
 function registerInitCommand(program2) {
   program2.command("init").description("Set up Node9: create config and wire all detected AI agents").option("--force", "Overwrite existing config").option("-m, --mode <mode>", "Set initial security mode (standard, strict, audit)", "standard").option("--skip-setup", "Only create config \u2014 do not wire AI agents").action(async (options) => {
     console.log(import_chalk11.default.cyan.bold("\n\u{1F6E1}\uFE0F  Node9 Init\n"));
-    const configPath = import_path25.default.join(import_os20.default.homedir(), ".node9", "config.json");
+    const configPath = import_path24.default.join(import_os19.default.homedir(), ".node9", "config.json");
     if (import_fs23.default.existsSync(configPath) && !options.force) {
       console.log(import_chalk11.default.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
     } else {
@@ -8885,7 +9628,7 @@ function registerInitCommand(program2) {
         ...DEFAULT_CONFIG,
         settings: { ...DEFAULT_CONFIG.settings, mode: safeMode }
       };
-      const dir = import_path25.default.dirname(configPath);
+      const dir = import_path24.default.dirname(configPath);
       if (!import_fs23.default.existsSync(dir)) import_fs23.default.mkdirSync(dir, { recursive: true });
       import_fs23.default.writeFileSync(configPath, JSON.stringify(configToSave, null, 2));
       console.log(import_chalk11.default.green(`\u2705 Config created: ${configPath}`));
@@ -9343,20 +10086,20 @@ function registerTrustCommand(program2) {
 // src/cli.ts
 var { version } = JSON.parse(
-  import_fs25.default.readFileSync(import_path27.default.join(__dirname, "../package.json"), "utf-8")
+  import_fs26.default.readFileSync(import_path27.default.join(__dirname, "../package.json"), "utf-8")
 );
 var program = new import_commander.Command();
 program.name("node9").description("The Sudo Command for AI Agents").version(version);
 program.command("login").argument("<apiKey>").option("--local", "Save key for audit/logging only \u2014 local config still controls all decisions").option("--profile <name>", 'Save as a named profile (default: "default")').action((apiKey, options) => {
   const DEFAULT_API_URL = "https://api.node9.ai/api/v1/intercept";
   const credPath = import_path27.default.join(import_os22.default.homedir(), ".node9", "credentials.json");
-  if (!import_fs25.default.existsSync(import_path27.default.dirname(credPath)))
-    import_fs25.default.mkdirSync(import_path27.default.dirname(credPath), { recursive: true });
+  if (!import_fs26.default.existsSync(import_path27.default.dirname(credPath)))
+    import_fs26.default.mkdirSync(import_path27.default.dirname(credPath), { recursive: true });
   const profileName = options.profile || "default";
   let existingCreds = {};
   try {
-    if (import_fs25.default.existsSync(credPath)) {
-      const raw = JSON.parse(import_fs25.default.readFileSync(credPath, "utf-8"));
+    if (import_fs26.default.existsSync(credPath)) {
+      const raw = JSON.parse(import_fs26.default.readFileSync(credPath, "utf-8"));
       if (raw.apiKey) {
         existingCreds = {
           default: { apiKey: raw.apiKey, apiUrl: raw.apiUrl || DEFAULT_API_URL }
@@ -9368,13 +10111,13 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
   } catch {
   }
   existingCreds[profileName] = { apiKey, apiUrl: DEFAULT_API_URL };
-  import_fs25.default.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
+  import_fs26.default.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
   if (profileName === "default") {
     const configPath = import_path27.default.join(import_os22.default.homedir(), ".node9", "config.json");
     let config = {};
     try {
-      if (import_fs25.default.existsSync(configPath))
-        config = JSON.parse(import_fs25.default.readFileSync(configPath, "utf-8"));
+      if (import_fs26.default.existsSync(configPath))
+        config = JSON.parse(import_fs26.default.readFileSync(configPath, "utf-8"));
     } catch {
     }
     if (!config.settings || typeof config.settings !== "object") config.settings = {};
@@ -9389,9 +10132,9 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
       approvers.cloud = false;
     }
     s.approvers = approvers;
-    if (!import_fs25.default.existsSync(import_path27.default.dirname(configPath)))
-      import_fs25.default.mkdirSync(import_path27.default.dirname(configPath), { recursive: true });
-    import_fs25.default.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
+    if (!import_fs26.default.existsSync(import_path27.default.dirname(configPath)))
+      import_fs26.default.mkdirSync(import_path27.default.dirname(configPath), { recursive: true });
+    import_fs26.default.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
   }
   if (options.profile && profileName !== "default") {
     console.log(import_chalk17.default.green(`\u2705 Profile "${profileName}" saved`));
@@ -9404,14 +10147,15 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
     console.log(import_chalk17.default.gray(`   Team policy enforced for all calls via Node9 cloud.`));
   }
 });
-program.command("addto").description("Integrate Node9 with an AI agent").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor").argument("<target>", "The agent to protect: claude | gemini | cursor").action(async (target) => {
+program.command("addto").description("Integrate Node9 with an AI agent").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  hud").argument("<target>", "The agent to protect: claude | gemini | cursor | hud").action(async (target) => {
   if (target === "gemini") return await setupGemini();
   if (target === "claude") return await setupClaude();
   if (target === "cursor") return await setupCursor();
-  console.error(import_chalk17.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor`));
+  if (target === "hud") return setupHud();
+  console.error(import_chalk17.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`));
   process.exit(1);
 });
-program.command("setup").description('Alias for "addto" \u2014 integrate Node9 with an AI agent').addHelpText("after", "\n  Supported targets:  claude  gemini  cursor").argument("[target]", "The agent to protect: claude | gemini | cursor").action(async (target) => {
+program.command("setup").description('Alias for "addto" \u2014 integrate Node9 with an AI agent').addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  hud").argument("[target]", "The agent to protect: claude | gemini | cursor | hud").action(async (target) => {
   if (!target) {
     console.log(import_chalk17.default.cyan("\n\u{1F6E1}\uFE0F  Node9 Setup \u2014 integrate with your AI agent\n"));
     console.log("  Usage:  " + import_chalk17.default.white("node9 setup <target>") + "\n");
@@ -9419,6 +10163,9 @@ program.command("setup").description('Alias for "addto" \u2014 integrate Node9 w
     console.log("    " + import_chalk17.default.green("claude") + "   \u2014 Claude Code (hook mode)");
     console.log("    " + import_chalk17.default.green("gemini") + "   \u2014 Gemini CLI (hook mode)");
     console.log("    " + import_chalk17.default.green("cursor") + "   \u2014 Cursor (hook mode)");
+    process.stdout.write(
+      "    " + import_chalk17.default.green("hud") + "     \u2014 Claude Code security statusline\n"
+    );
     console.log("");
     return;
   }
@@ -9426,7 +10173,8 @@ program.command("setup").description('Alias for "addto" \u2014 integrate Node9 w
   if (t === "gemini") return await setupGemini();
   if (t === "claude") return await setupClaude();
   if (t === "cursor") return await setupCursor();
-  console.error(import_chalk17.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor`));
+  if (t === "hud") return setupHud();
+  console.error(import_chalk17.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`));
   process.exit(1);
 });
 program.command("removefrom").description("Remove Node9 hooks from an AI agent configuration").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor").argument("<target>", "The agent to remove from: claude | gemini | cursor").action((target) => {
@@ -9434,8 +10182,11 @@ program.command("removefrom").description("Remove Node9 hooks from an AI agent c
   if (target === "claude") fn = teardownClaude;
   else if (target === "gemini") fn = teardownGemini;
   else if (target === "cursor") fn = teardownCursor;
+  else if (target === "hud") fn = teardownHud;
   else {
-    console.error(import_chalk17.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor`));
+    console.error(
+      import_chalk17.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`)
+    );
     process.exit(1);
   }
   console.log(import_chalk17.default.cyan(`
@@ -9478,14 +10229,14 @@ program.command("uninstall").description("Remove all Node9 hooks and optionally
   }
   if (options.purge) {
     const node9Dir = import_path27.default.join(import_os22.default.homedir(), ".node9");
-    if (import_fs25.default.existsSync(node9Dir)) {
+    if (import_fs26.default.existsSync(node9Dir)) {
       const confirmed = await (0, import_prompts3.confirm)({
         message: `Permanently delete ${node9Dir} (config, audit log, credentials)?`,
         default: false
       });
       if (confirmed) {
-        import_fs25.default.rmSync(node9Dir, { recursive: true });
-        if (import_fs25.default.existsSync(node9Dir)) {
+        import_fs26.default.rmSync(node9Dir, { recursive: true });
+        if (import_fs26.default.existsSync(node9Dir)) {
           console.error(
             import_chalk17.default.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
           );
@@ -9601,6 +10352,10 @@ registerWatchCommand(program);
 registerMcpGatewayCommand(program);
 registerCheckCommand(program);
 registerLogCommand(program);
+program.command("hud").description("Render node9 security statusline (spawned by Claude Code statusLine)").action(async () => {
+  const { main: main2 } = await Promise.resolve().then(() => (init_hud(), hud_exports));
+  await main2();
+});
 program.command("pause").description("Temporarily disable Node9 protection for a set duration").option("-d, --duration <duration>", "How long to pause (e.g. 15m, 1h, 30s)", "15m").action((options) => {
   const ms = parseDuration(options.duration);
   if (ms === null) {
@@ -9699,7 +10454,7 @@ if (process.argv[2] !== "daemon") {
       if (process.env.NODE9_DEBUG === "1" || getConfig().settings.enableHookLogDebug) {
         const logPath = import_path27.default.join(import_os22.default.homedir(), ".node9", "hook-debug.log");
         const msg = reason instanceof Error ? reason.message : String(reason);
-        import_fs25.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
+        import_fs26.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
 `);
       }
       process.exit(0);