@node9/proxy 1.5.2 → 1.5.3

package/dist/cli.mjs

@@ -191,12 +191,21 @@ var init_config_schema = __esm({
       verdict: z.enum(["allow", "review", "block"], {
         errorMap: () => ({ message: "verdict must be one of: allow, review, block" })
       }),
-      reason: z.string().optional()
+      reason: z.string().optional(),
+      // Unknown predicate names are filtered out rather than failing the whole rule.
+      // Failing the whole z.array() would cause sanitizeConfig to drop the entire
+      // `policy` top-level key, silently disabling ALL smart rules in the config.
+      dependsOnState: z.array(z.string()).transform(
+        (arr) => arr.filter(
+          (p) => p === "no_test_passed_since_last_edit"
+        )
+      ).optional(),
+      recoveryCommand: z.string().optional()
     });
     ConfigFileSchema = z.object({
       version: z.string().optional(),
       settings: z.object({
-        mode: z.enum(["standard", "strict", "audit"]).optional(),
+        mode: z.enum(["standard", "strict", "audit", "observe"]).optional(),
         autoStartDaemon: z.boolean().optional(),
         enableUndo: z.boolean().optional(),
         enableHookLogDebug: z.boolean().optional(),
@@ -626,12 +635,17 @@ function getConfig(cwd) {
     if (s.approvalTimeoutSeconds !== void 0 && s.approvalTimeoutMs === void 0)
       mergedSettings.approvalTimeoutMs = s.approvalTimeoutSeconds * 1e3;
     if (s.environment !== void 0) mergedSettings.environment = s.environment;
+    if (s.hud !== void 0) mergedSettings.hud = { ...mergedSettings.hud, ...s.hud };
     if (p.sandboxPaths) mergedPolicy.sandboxPaths.push(...p.sandboxPaths);
     if (p.ignoredTools) mergedPolicy.ignoredTools.push(...p.ignoredTools);
     if (p.dangerousWords) mergedPolicy.dangerousWords = [...p.dangerousWords];
     if (p.toolInspection)
       mergedPolicy.toolInspection = { ...mergedPolicy.toolInspection, ...p.toolInspection };
-    if (p.smartRules) mergedPolicy.smartRules.push(...p.smartRules);
+    if (p.smartRules) {
+      const defaultBlocks = mergedPolicy.smartRules.filter((r) => r.verdict === "block");
+      const defaultNonBlocks = mergedPolicy.smartRules.filter((r) => r.verdict !== "block");
+      mergedPolicy.smartRules = [...defaultBlocks, ...p.smartRules, ...defaultNonBlocks];
+    }
     if (p.snapshot) {
       const s2 = p.snapshot;
       if (s2.tools) mergedPolicy.snapshot.tools.push(...s2.tools);
@@ -1893,7 +1907,13 @@ async function evaluatePolicy(toolName, args, agent, cwd) {
         blockedByLabel: `Smart Rule: ${matchedRule.name ?? matchedRule.tool}`,
         reason: matchedRule.reason,
         tier: 2,
-        ruleName: matchedRule.name ?? matchedRule.tool
+        ruleName: matchedRule.name ?? matchedRule.tool,
+        ...matchedRule.verdict === "block" && matchedRule.dependsOnState?.length && {
+          dependsOnStatePredicates: matchedRule.dependsOnState
+        },
+        ...matchedRule.verdict === "block" && matchedRule.recoveryCommand && {
+          recoveryCommand: matchedRule.recoveryCommand
+        }
       };
     }
   }
@@ -2416,9 +2436,38 @@ var init_state = __esm({
 
 // src/auth/daemon.ts
 import fs9 from "fs";
+import net from "net";
 import path10 from "path";
 import os8 from "os";
 import { spawnSync } from "child_process";
+function notifyActivitySocket(data) {
+  return new Promise((resolve) => {
+    try {
+      const payload = JSON.stringify(data);
+      const sock = net.createConnection(ACTIVITY_SOCKET_PATH);
+      sock.on("connect", () => {
+        sock.on("close", resolve);
+        sock.end(payload);
+      });
+      sock.on("error", resolve);
+    } catch {
+      resolve();
+    }
+  });
+}
+async function checkStatePredicates(predicates) {
+  if (predicates.length === 0) return {};
+  try {
+    const qs = predicates.map(encodeURIComponent).join(",");
+    const res = await fetch(`http://${DAEMON_HOST}:${DAEMON_PORT}/state/check?predicates=${qs}`, {
+      signal: AbortSignal.timeout(100)
+    });
+    if (!res.ok) return null;
+    return await res.json();
+  } catch {
+    return null;
+  }
+}
 function getInternalToken() {
   try {
     const pidFile = path10.join(os8.homedir(), ".node9", "daemon.pid");
@@ -2452,7 +2501,7 @@ function isDaemonRunning() {
     return false;
   }
 }
-async function registerDaemonEntry(toolName, args, meta, riskMetadata, activityId, cwd) {
+async function registerDaemonEntry(toolName, args, meta, riskMetadata, activityId, cwd, recoveryCommand, skipBackgroundAuth, viewOnly) {
   const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
   const ctrl = new AbortController();
   const timer = setTimeout(() => ctrl.abort(), 5e3);
@@ -2470,7 +2519,10 @@ async function registerDaemonEntry(toolName, args, meta, riskMetadata, activityI
         // activity-result as the CLI used for the pending activity event.
         activityId,
         ...riskMetadata && { riskMetadata },
-        ...cwd && { cwd }
+        ...cwd && { cwd },
+        ...recoveryCommand && { recoveryCommand },
+        ...skipBackgroundAuth && { skipBackgroundAuth: true },
+        ...viewOnly && { viewOnly: true }
       }),
       signal: ctrl.signal
     });
@@ -2490,10 +2542,10 @@ async function waitForDaemonDecision(id, signal) {
   try {
     const waitRes = await fetch(`${base}/wait/${id}`, { signal: waitCtrl.signal });
     if (!waitRes.ok) return { decision: "deny" };
-    const { decision, source } = await waitRes.json();
+    const { decision, source, reason } = await waitRes.json();
     if (decision === "allow") return { decision: "allow", source };
     if (decision === "abandoned") return { decision: "abandoned", source };
-    return { decision: "deny", source };
+    return { decision: "deny", source, reason };
   } finally {
     clearTimeout(waitTimer);
     if (signal) signal.removeEventListener("abort", onAbort);
@@ -2579,10 +2631,11 @@ async function resolveViaDaemon(id, decision, internalToken, source) {
     signal: AbortSignal.timeout(3e3)
   });
 }
-var DAEMON_PORT, DAEMON_HOST;
+var ACTIVITY_SOCKET_PATH, DAEMON_PORT, DAEMON_HOST;
 var init_daemon = __esm({
   "src/auth/daemon.ts"() {
     "use strict";
+    ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path10.join(os8.tmpdir(), "node9-activity.sock");
     DAEMON_PORT = 7391;
     DAEMON_HOST = "127.0.0.1";
   }
@@ -3036,9 +3089,6 @@ var init_cloud = __esm({
 });
 
 // src/auth/orchestrator.ts
-import net from "net";
-import path13 from "path";
-import os10 from "os";
 import { randomUUID } from "crypto";
 function isWriteTool(toolName) {
   const t = toolName.toLowerCase().replace(/[^a-z_]/g, "_");
@@ -3075,19 +3125,7 @@ function isNetworkTool(toolName, args) {
   return false;
 }
 function notifyActivity(data) {
-  return new Promise((resolve) => {
-    try {
-      const payload = JSON.stringify(data);
-      const sock = net.createConnection(ACTIVITY_SOCKET_PATH);
-      sock.on("connect", () => {
-        sock.on("close", resolve);
-        sock.end(payload);
-      });
-      sock.on("error", resolve);
-    } catch {
-      resolve();
-    }
-  });
+  return notifyActivitySocket(data);
 }
 async function authorizeHeadless(toolName, args, meta, options) {
   if (!options?.calledFromDaemon) {
@@ -3104,7 +3142,9 @@ async function authorizeHeadless(toolName, args, meta, options) {
         tool: toolName,
         ts: actTs,
         status: result.approved ? "allow" : result.blockedByLabel?.includes("DLP") ? "dlp" : result.blockedByLabel?.includes("Taint") ? "taint" : "block",
-        label: result.blockedByLabel
+        label: result.blockedByLabel,
+        ruleHit: result.ruleHit,
+        observeWouldBlock: result.observeWouldBlock
       });
     }
     return result;
@@ -3131,10 +3171,12 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
     appendHookDebug(toolName, args, meta, hashAuditArgs);
   }
   const isManual = meta?.agent === "Terminal";
+  const isObserveMode = config.settings.mode === "observe";
   let explainableLabel = "Local Config";
   let policyMatchedField;
   let policyMatchedWord;
   let riskMetadata;
+  let statefulRecoveryCommand;
   let taintWarning = null;
   if (isNetworkTool(toolName, args)) {
     const filePaths = extractFilePaths(toolName, args);
@@ -3155,10 +3197,26 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
     if (dlpMatch) {
       const dlpReason = `\u{1F6A8} DATA LOSS PREVENTION: ${dlpMatch.patternName} detected in field "${dlpMatch.fieldPath}" (${dlpMatch.redactedSample})`;
       if (dlpMatch.severity === "block") {
-        if (!isManual) appendLocalAudit(toolName, args, "deny", "dlp-block", meta, true);
+        if (!isManual)
+          appendLocalAudit(
+            toolName,
+            args,
+            "deny",
+            isObserveMode ? "observe-mode-dlp-would-block" : "dlp-block",
+            meta,
+            true
+          );
         if (isWriteTool(toolName) && filePath) {
           await notifyTaint(filePath, `DLP:${dlpMatch.patternName}`);
         }
+        if (isObserveMode) {
+          return {
+            approved: true,
+            checkedBy: "audit",
+            observeWouldBlock: true,
+            blockedByLabel: "\u{1F6A8} Node9 DLP (Secret Detected)"
+          };
+        }
         return {
           approved: false,
           reason: dlpReason,
@@ -3171,6 +3229,31 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
       explainableLabel = "\u{1F6A8} Node9 DLP (Credential Review)";
     }
   }
+  if (isObserveMode) {
+    if (!isIgnoredTool(toolName)) {
+      const policyResult = await evaluatePolicy(toolName, args, meta?.agent, options?.cwd);
+      const wouldBlock = policyResult.decision === "block";
+      if (!isManual)
+        appendLocalAudit(
+          toolName,
+          args,
+          "allow",
+          wouldBlock ? "observe-mode-would-block" : "observe-mode",
+          meta,
+          hashAuditArgs
+        );
+      return {
+        approved: true,
+        checkedBy: "audit",
+        ...wouldBlock && {
+          observeWouldBlock: true,
+          blockedByLabel: policyResult.blockedByLabel,
+          ruleHit: policyResult.ruleName
+        }
+      };
+    }
+    return { approved: true, checkedBy: "audit" };
+  }
   if (config.settings.mode === "audit") {
     if (!isIgnoredTool(toolName)) {
       const policyResult = await evaluatePolicy(toolName, args, meta?.agent, options?.cwd);
@@ -3198,14 +3281,34 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
       return { approved: true, checkedBy: "local-policy" };
     }
     if (policyResult.decision === "block") {
-      if (!isManual)
-        appendLocalAudit(toolName, args, "deny", "smart-rule-block", meta, hashAuditArgs);
-      return {
-        approved: false,
-        reason: policyResult.reason ?? "Action explicitly blocked by Smart Policy.",
-        blockedBy: "local-config",
-        blockedByLabel: policyResult.blockedByLabel
-      };
+      if (policyResult.dependsOnStatePredicates?.length) {
+        const stateResults = await checkStatePredicates(policyResult.dependsOnStatePredicates);
+        const predicatesMet = stateResults !== null && policyResult.dependsOnStatePredicates.every((p) => stateResults[p] === true);
+        if (stateResults === null && !isManual) {
+          appendToLog(HOOK_DEBUG_LOG, {
+            ts: (/* @__PURE__ */ new Date()).toISOString(),
+            event: "state-check-fail-open",
+            tool: toolName,
+            rule: policyResult.ruleName,
+            predicates: policyResult.dependsOnStatePredicates,
+            reason: "daemon unreachable or /state/check timed out \u2014 block rule downgraded to review"
+          });
+        }
+        if (predicatesMet && policyResult.recoveryCommand) {
+          statefulRecoveryCommand = policyResult.recoveryCommand;
+        }
+      } else {
+        if (!isManual)
+          appendLocalAudit(toolName, args, "deny", "smart-rule-block", meta, hashAuditArgs);
+        return {
+          approved: false,
+          reason: policyResult.reason ?? "Action explicitly blocked by Smart Policy.",
+          blockedBy: "local-config",
+          blockedByLabel: policyResult.blockedByLabel,
+          ruleHit: policyResult.ruleName,
+          ...policyResult.recoveryCommand && { recoveryCommand: policyResult.recoveryCommand }
+        };
+      }
     }
     explainableLabel = policyResult.blockedByLabel || "Local Config";
     policyMatchedField = policyResult.matchedField;
@@ -3312,7 +3415,8 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
           meta,
           riskMetadata,
           options?.activityId,
-          options?.cwd
+          options?.cwd,
+          statefulRecoveryCommand
         );
         daemonEntryId = entry.id;
         daemonAllowCount = entry.allowCount;
@@ -3373,20 +3477,26 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
   if (daemonEntryId && (approvers.browser || approvers.terminal)) {
     racePromises.push(
       (async () => {
-        const { decision: daemonDecision, source: decisionSource } = await waitForDaemonDecision(
-          daemonEntryId,
-          signal
-        );
+        const {
+          decision: daemonDecision,
+          source: decisionSource,
+          reason: daemonReason
+        } = await waitForDaemonDecision(daemonEntryId, signal);
         if (daemonDecision === "abandoned") throw new Error("Abandoned");
         const isApproved = daemonDecision === "allow";
-        const src = decisionSource === "terminal" || decisionSource === "browser" ? decisionSource : approvers.browser ? "browser" : "terminal";
+        const isRedirect = decisionSource === "terminal-redirect";
+        const src = decisionSource === "terminal" || decisionSource === "terminal-redirect" || decisionSource === "browser" ? decisionSource === "browser" ? "browser" : "terminal" : approvers.browser ? "browser" : "terminal";
         const via = src === "terminal" ? "Terminal (node9 tail)" : "Browser Dashboard";
         return {
           approved: isApproved,
-          reason: isApproved ? void 0 : `The human user rejected this action via the Node9 ${via}.`,
+          reason: isApproved ? void 0 : (
+            // Use the redirect reason from the tail when choice [2] was selected;
+            // otherwise fall back to the generic rejection message.
+            isRedirect && daemonReason || `The human user rejected this action via the Node9 ${via}.`
+          ),
           checkedBy: isApproved ? "daemon" : void 0,
           blockedBy: isApproved ? void 0 : "local-decision",
-          blockedByLabel: `User Decision (${via})`,
+          blockedByLabel: isRedirect ? "Steered Redirect (Terminal)" : `User Decision (${via})`,
           decisionSource: src
         };
       })()
@@ -3461,7 +3571,7 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
   }
   return finalResult;
 }
-var WRITE_TOOLS, ACTIVITY_SOCKET_PATH;
+var WRITE_TOOLS;
 var init_orchestrator = __esm({
   "src/auth/orchestrator.ts"() {
     "use strict";
@@ -3485,7 +3595,6 @@ var init_orchestrator = __esm({
       "notebook_edit",
       "notebookedit"
     ]);
-    ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path13.join(os10.tmpdir(), "node9-activity.sock");
   }
 });
 
@@ -5213,7 +5322,7 @@ var init_suggestion_tracker = __esm({
 
 // src/daemon/taint-store.ts
 import fs12 from "fs";
-import path15 from "path";
+import path14 from "path";
 var DEFAULT_TTL_MS, TaintStore;
 var init_taint_store = __esm({
   "src/daemon/taint-store.ts"() {
@@ -5282,20 +5391,121 @@ var init_taint_store = __esm({
       /** Resolve to absolute path, falling back to path.resolve if file doesn't exist yet. */
       _resolve(filePath) {
         try {
-          return fs12.realpathSync.native(path15.resolve(filePath));
+          return fs12.realpathSync.native(path14.resolve(filePath));
         } catch {
-          return path15.resolve(filePath);
+          return path14.resolve(filePath);
         }
       }
     };
   }
 });
 
+// src/daemon/session-counters.ts
+var SessionCounters, sessionCounters;
+var init_session_counters = __esm({
+  "src/daemon/session-counters.ts"() {
+    "use strict";
+    SessionCounters = class {
+      _allowed = 0;
+      _blocked = 0;
+      _dlpHits = 0;
+      _wouldBlock = 0;
+      _lastRuleHit = null;
+      _lastBlockedTool = null;
+      incrementAllowed() {
+        this._allowed++;
+      }
+      incrementBlocked() {
+        this._blocked++;
+      }
+      incrementDlpHits() {
+        this._dlpHits++;
+      }
+      incrementWouldBlock() {
+        this._wouldBlock++;
+      }
+      recordRuleHit(label) {
+        this._lastRuleHit = label;
+      }
+      recordBlockedTool(toolName) {
+        this._lastBlockedTool = toolName;
+      }
+      get() {
+        return {
+          allowed: this._allowed,
+          blocked: this._blocked,
+          dlpHits: this._dlpHits,
+          wouldBlock: this._wouldBlock,
+          lastRuleHit: this._lastRuleHit,
+          lastBlockedTool: this._lastBlockedTool
+        };
+      }
+      reset() {
+        this._allowed = 0;
+        this._blocked = 0;
+        this._dlpHits = 0;
+        this._wouldBlock = 0;
+        this._lastRuleHit = null;
+        this._lastBlockedTool = null;
+      }
+    };
+    sessionCounters = new SessionCounters();
+  }
+});
+
+// src/daemon/session-history.ts
+var SessionHistory, sessionHistory;
+var init_session_history = __esm({
+  "src/daemon/session-history.ts"() {
+    "use strict";
+    SessionHistory = class {
+      lastEditAt = null;
+      lastTestPassAt = null;
+      lastTestFailAt = null;
+      recordEdit(ts = Date.now()) {
+        this.lastEditAt = ts;
+      }
+      recordTestPass(ts = Date.now()) {
+        this.lastTestPassAt = ts;
+      }
+      recordTestFail(ts = Date.now()) {
+        this.lastTestFailAt = ts;
+      }
+      /**
+       * Returns true when the named predicate is currently satisfied.
+       * Unknown predicates always return false (fail-open: don't block on unknown state).
+       */
+      checkPredicate(name) {
+        switch (name) {
+          case "no_test_passed_since_last_edit":
+            if (this.lastEditAt === null) return false;
+            return this.lastTestPassAt === null || this.lastTestPassAt < this.lastEditAt;
+          default:
+            return false;
+        }
+      }
+      getSnapshot() {
+        return {
+          lastEditAt: this.lastEditAt,
+          lastTestPassAt: this.lastTestPassAt,
+          lastTestFailAt: this.lastTestFailAt
+        };
+      }
+      reset() {
+        this.lastEditAt = null;
+        this.lastTestPassAt = null;
+        this.lastTestFailAt = null;
+      }
+    };
+    sessionHistory = new SessionHistory();
+  }
+});
+
 // src/daemon/state.ts
 import net2 from "net";
 import fs13 from "fs";
-import path16 from "path";
-import os12 from "os";
+import path15 from "path";
+import os11 from "os";
 import { spawn as spawn2 } from "child_process";
 import { randomUUID as randomUUID3 } from "crypto";
 function loadInsightCounts() {
@@ -5340,7 +5550,7 @@ function markRejectionHandlerRegistered() {
   daemonRejectionHandlerRegistered = true;
 }
 function atomicWriteSync2(filePath, data, options) {
-  const dir = path16.dirname(filePath);
+  const dir = path15.dirname(filePath);
   if (!fs13.existsSync(dir)) fs13.mkdirSync(dir, { recursive: true });
   const tmpPath = `${filePath}.${randomUUID3()}.tmp`;
   try {
@@ -5380,7 +5590,7 @@ function appendAuditLog(data) {
       decision: data.decision,
       source: "daemon"
     };
-    const dir = path16.dirname(AUDIT_LOG_FILE);
+    const dir = path15.dirname(AUDIT_LOG_FILE);
     if (!fs13.existsSync(dir)) fs13.mkdirSync(dir, { recursive: true });
     fs13.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
   } catch {
@@ -5529,6 +5739,14 @@ function startActivitySocket() {
     socket.on("end", () => {
       try {
         const data = JSON.parse(Buffer.concat(chunks).toString());
+        if (data.status === "test_pass") {
+          sessionHistory.recordTestPass(data.ts);
+          return;
+        }
+        if (data.status === "test_fail") {
+          sessionHistory.recordTestFail(data.ts);
+          return;
+        }
         if (data.status === "pending") {
           broadcast("activity", {
             id: data.id,
@@ -5538,6 +5756,24 @@ function startActivitySocket() {
             status: "pending"
           });
         } else {
+          if (data.status === "allow") {
+            sessionCounters.incrementAllowed();
+            if (data.observeWouldBlock) sessionCounters.incrementWouldBlock();
+            if (WRITE_TOOL_NAMES.has(data.tool.toLowerCase().replace(/[^a-z_]/g, "_"))) {
+              sessionHistory.recordEdit(data.ts);
+            }
+          } else if (data.status === "block") {
+            sessionCounters.incrementBlocked();
+            sessionCounters.recordBlockedTool(data.tool);
+            if (data.ruleHit) sessionCounters.recordRuleHit(data.ruleHit);
+          } else if (data.status === "dlp") {
+            sessionCounters.incrementBlocked();
+            sessionCounters.incrementDlpHits();
+            sessionCounters.recordBlockedTool(data.tool);
+          } else if (data.status === "taint") {
+            sessionCounters.incrementBlocked();
+            sessionCounters.recordBlockedTool(data.tool);
+          }
           broadcast("activity-result", {
             id: data.id,
             status: data.status,
@@ -5558,21 +5794,23 @@ function startActivitySocket() {
     }
   });
 }
-var homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, suggestions, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, SECRET_KEY_RE;
+var homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, suggestions, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, SECRET_KEY_RE, WRITE_TOOL_NAMES;
 var init_state2 = __esm({
   "src/daemon/state.ts"() {
     "use strict";
     init_daemon();
     init_suggestion_tracker();
     init_taint_store();
-    homeDir = os12.homedir();
-    DAEMON_PID_FILE = path16.join(homeDir, ".node9", "daemon.pid");
-    DECISIONS_FILE = path16.join(homeDir, ".node9", "decisions.json");
-    AUDIT_LOG_FILE = path16.join(homeDir, ".node9", "audit.log");
-    TRUST_FILE2 = path16.join(homeDir, ".node9", "trust.json");
-    GLOBAL_CONFIG_FILE = path16.join(homeDir, ".node9", "config.json");
-    CREDENTIALS_FILE = path16.join(homeDir, ".node9", "credentials.json");
-    INSIGHT_COUNTS_FILE = path16.join(homeDir, ".node9", "insight-counts.json");
+    init_session_counters();
+    init_session_history();
+    homeDir = os11.homedir();
+    DAEMON_PID_FILE = path15.join(homeDir, ".node9", "daemon.pid");
+    DECISIONS_FILE = path15.join(homeDir, ".node9", "decisions.json");
+    AUDIT_LOG_FILE = path15.join(homeDir, ".node9", "audit.log");
+    TRUST_FILE2 = path15.join(homeDir, ".node9", "trust.json");
+    GLOBAL_CONFIG_FILE = path15.join(homeDir, ".node9", "config.json");
+    CREDENTIALS_FILE = path15.join(homeDir, ".node9", "credentials.json");
+    INSIGHT_COUNTS_FILE = path15.join(homeDir, ".node9", "insight-counts.json");
     pending = /* @__PURE__ */ new Map();
     sseClients = /* @__PURE__ */ new Set();
     suggestionTracker = new SuggestionTracker(3);
@@ -5590,17 +5828,28 @@ var init_state2 = __esm({
       "2h": 2 * 60 * 6e4
     };
     autoStarted = process.env.NODE9_AUTO_STARTED === "1";
-    ACTIVITY_SOCKET_PATH2 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path16.join(os12.tmpdir(), "node9-activity.sock");
+    ACTIVITY_SOCKET_PATH2 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path15.join(os11.tmpdir(), "node9-activity.sock");
     ACTIVITY_RING_SIZE = 100;
     activityRing = [];
     SECRET_KEY_RE = /password|secret|token|key|apikey|credential|auth/i;
+    WRITE_TOOL_NAMES = /* @__PURE__ */ new Set([
+      "write",
+      "write_file",
+      "create_file",
+      "edit",
+      "multiedit",
+      "str_replace_based_edit_tool",
+      "replace",
+      "notebook_edit",
+      "notebookedit"
+    ]);
   }
 });
 
 // src/config/patch.ts
 import fs14 from "fs";
-import path17 from "path";
-import os13 from "os";
+import path16 from "path";
+import os12 from "os";
 function patchConfig(configPath, patch) {
   let config = {};
   try {
@@ -5624,7 +5873,7 @@ function patchConfig(configPath, patch) {
       ignored.push(patch.toolName);
     }
   }
-  const dir = path17.dirname(configPath);
+  const dir = path16.dirname(configPath);
   fs14.mkdirSync(dir, { recursive: true });
   const tmp = configPath + ".node9-tmp";
   try {
@@ -5650,14 +5899,14 @@ var GLOBAL_CONFIG_PATH;
 var init_patch = __esm({
   "src/config/patch.ts"() {
     "use strict";
-    GLOBAL_CONFIG_PATH = path17.join(os13.homedir(), ".node9", "config.json");
+    GLOBAL_CONFIG_PATH = path16.join(os12.homedir(), ".node9", "config.json");
   }
 });
 
 // src/daemon/server.ts
 import http from "http";
 import fs15 from "fs";
-import path18 from "path";
+import path17 from "path";
 import { randomUUID as randomUUID4 } from "crypto";
 import { spawnSync as spawnSync2 } from "child_process";
 import chalk2 from "chalk";
@@ -5723,6 +5972,8 @@ data: ${JSON.stringify({
             toolName: e.toolName,
             args: e.args,
             riskMetadata: e.riskMetadata,
+            ...e.recoveryCommand && { recoveryCommand: e.recoveryCommand },
+            ...e.viewOnly && { viewOnly: true },
             slackDelegated: e.slackDelegated,
             timestamp: e.timestamp,
             agent: e.agent,
@@ -5788,6 +6039,9 @@ data: ${JSON.stringify(item.data)}
           agent,
           mcpServer,
           riskMetadata,
+          recoveryCommand,
+          skipBackgroundAuth = false,
+          viewOnly = false,
           fromCLI = false,
           activityId,
           cwd
@@ -5798,6 +6052,8 @@ data: ${JSON.stringify(item.data)}
           toolName,
           args,
           riskMetadata: riskMetadata ?? void 0,
+          ...typeof recoveryCommand === "string" && recoveryCommand && { recoveryCommand },
+          ...viewOnly && { viewOnly: true },
           agent: typeof agent === "string" ? agent : void 0,
           mcpServer: typeof mcpServer === "string" ? mcpServer : void 0,
           slackDelegated: !!slackDelegated,
@@ -5832,7 +6088,7 @@ data: ${JSON.stringify(item.data)}
             status: "pending"
           });
         }
-        const projectCwd = typeof cwd === "string" && path18.isAbsolute(cwd) ? cwd : void 0;
+        const projectCwd = typeof cwd === "string" && path17.isAbsolute(cwd) ? cwd : void 0;
         const projectConfig = getConfig(projectCwd);
         const browserEnabled = projectConfig.settings.approvers?.browser !== false;
         const terminalEnabled = projectConfig.settings.approvers?.terminal !== false;
@@ -5842,6 +6098,8 @@ data: ${JSON.stringify(item.data)}
             toolName,
             args,
             riskMetadata: entry.riskMetadata,
+            ...entry.recoveryCommand && { recoveryCommand: entry.recoveryCommand },
+            ...entry.viewOnly && { viewOnly: true },
             slackDelegated: entry.slackDelegated,
             agent: entry.agent,
             mcpServer: entry.mcpServer,
@@ -5858,7 +6116,7 @@ data: ${JSON.stringify(item.data)}
         }
         res.writeHead(200, { "Content-Type": "application/json" });
         res.end(JSON.stringify({ id, allowCount: (insightCounts.get(toolName) ?? 0) + 1 }));
-        if (slackDelegated) return;
+        if (slackDelegated || skipBackgroundAuth) return;
         authorizeHeadless(
           toolName,
           args,
@@ -5997,7 +6255,7 @@ data: ${JSON.stringify(item.data)}
           saveInsightCounts();
           suggestionTracker.resetTool(entry.toolName);
         }
-        const VALID_SOURCES = /* @__PURE__ */ new Set(["terminal", "browser", "native"]);
+        const VALID_SOURCES = /* @__PURE__ */ new Set(["terminal", "browser", "native", "terminal-redirect"]);
         if (source && VALID_SOURCES.has(source)) entry.decisionSource = source;
         if (entry.waiter) {
           entry.waiter(resolvedDecision, reason);
@@ -6026,6 +6284,41 @@ data: ${JSON.stringify(item.data)}
         return res.end(JSON.stringify({ error: "internal" }));
       }
     }
+    if (req.method === "GET" && pathname === "/status") {
+      try {
+        const s = getGlobalSettings();
+        const counters = sessionCounters.get();
+        const mode = s.mode ?? "standard";
+        const status = {
+          mode,
+          session: {
+            allowed: counters.allowed,
+            blocked: counters.blocked,
+            dlpHits: counters.dlpHits,
+            wouldBlock: counters.wouldBlock
+          },
+          taintedCount: taintStore.list().length,
+          lastRuleHit: counters.lastRuleHit,
+          lastBlockedTool: counters.lastBlockedTool
+        };
+        res.writeHead(200, { "Content-Type": "application/json" });
+        return res.end(JSON.stringify(status));
+      } catch (err) {
+        console.error(chalk2.red("[node9 daemon] GET /status failed:"), err);
+        res.writeHead(500, { "Content-Type": "application/json" });
+        return res.end(JSON.stringify({ error: "internal" }));
+      }
+    }
+    if (req.method === "GET" && pathname === "/state/check") {
+      const predicatesParam = reqUrl.searchParams.get("predicates") ?? "";
+      const predicates = predicatesParam.split(",").filter(Boolean);
+      const results = {};
+      for (const p of predicates) {
+        results[p] = sessionHistory.checkPredicate(p);
+      }
+      res.writeHead(200, { "Content-Type": "application/json" });
+      return res.end(JSON.stringify(results));
+    }
     if (req.method === "POST" && pathname === "/settings") {
       if (!validToken(req)) return res.writeHead(403).end();
       try {
@@ -6183,8 +6476,8 @@ data: ${JSON.stringify(item.data)}
         const body = await readBody(req);
         const data = body ? JSON.parse(body) : {};
         const configPath = data.configPath ?? GLOBAL_CONFIG_PATH;
-        const node9Dir = path18.dirname(GLOBAL_CONFIG_PATH);
-        if (!path18.resolve(configPath).startsWith(node9Dir + path18.sep)) {
+        const node9Dir = path17.dirname(GLOBAL_CONFIG_PATH);
+        if (!path17.resolve(configPath).startsWith(node9Dir + path17.sep)) {
           res.writeHead(400, { "Content-Type": "application/json" });
           return res.end(
             JSON.stringify({ error: "configPath must be within the node9 config directory" })
@@ -6431,8 +6724,8 @@ __export(tail_exports, {
 import http2 from "http";
 import chalk16 from "chalk";
 import fs24 from "fs";
-import os21 from "os";
-import path26 from "path";
+import os20 from "os";
+import path25 from "path";
 import readline3 from "readline";
 import { spawn as spawn9, execSync as execSync3 } from "child_process";
 function getIcon(tool) {
@@ -6510,9 +6803,10 @@ async function ensureDaemon() {
 }
 function postDecisionHttp(id, decision, csrfToken, port, opts) {
   return new Promise((resolve, reject) => {
-    const bodyObj = { decision, source: "terminal" };
+    const bodyObj = { decision, source: opts?.source ?? "terminal" };
     if (opts?.persist) bodyObj.persist = true;
     if (opts?.trustDuration) bodyObj.trustDuration = opts.trustDuration;
+    if (opts?.reason) bodyObj.reason = opts.reason;
     const body = JSON.stringify(bodyObj);
     const req = http2.request(
       {
@@ -6537,6 +6831,9 @@ function postDecisionHttp(id, decision, csrfToken, port, opts) {
   });
 }
 function buildCardLines(req, localCount = 0) {
+  if (req.recoveryCommand) {
+    return buildRecoveryCardLines(req);
+  }
   const argsStr = JSON.stringify(req.args ?? {}).replace(/\s+/g, " ");
   const argsPreview = argsStr.length > 60 ? argsStr.slice(0, 60) + "\u2026" : argsStr;
   const tierLabel = req.riskMetadata?.tier != null ? req.riskMetadata.tier <= 2 ? `${YELLOW}\u26A0  Tier ${req.riskMetadata.tier}` : `${RED}\u{1F6D1} Tier ${req.riskMetadata.tier}` : `${YELLOW}\u26A0  Review`;
@@ -6564,6 +6861,31 @@ function buildCardLines(req, localCount = 0) {
   );
   return lines;
 }
+function buildRecoveryCardLines(req) {
+  const argsObj = req.args;
+  const command = typeof argsObj?.command === "string" ? argsObj.command : JSON.stringify(req.args ?? {}).replace(/\s+/g, " ").slice(0, 60);
+  const ruleName = req.riskMetadata?.ruleName?.replace(/^Smart Rule:\s*/i, "") ?? "policy rule";
+  const recoveryCommand = req.recoveryCommand;
+  const interactiveLines = req.viewOnly ? [`  ${GRAY}\u2192 Awaiting decision from interactive terminal...${RESET}`] : [
+    `  ${BOLD}${GREEN}[1]${RESET} Allow anyway  ${GRAY}(override policy)${RESET}`,
+    `  ${BOLD}${YELLOW}[2]${RESET} Redirect AI: "Run '${recoveryCommand}' first, then retry"`,
+    `  ${BOLD}${RED}[3]${RESET} Deny & stop  ${GRAY}(hard block)${RESET}`,
+    ``,
+    `  ${GRAY}[Timeout: auto-deny]${RESET}`,
+    `  Select [1-3]: `
+  ];
+  return [
+    ``,
+    `${BOLD}${CYAN}${DIVIDER}${RESET}`,
+    `\u{1F6E1}\uFE0F  ${BOLD}NODE9 STATE GUARD:${RESET} '${BOLD}${command}${RESET}'`,
+    `${YELLOW}\u26A0\uFE0F  Rule: ${ruleName}${RESET}`,
+    `${CYAN}${DIVIDER}${RESET}`,
+    ...!req.viewOnly ? [`${BOLD}What would you like to do?${RESET}`, ``] : [],
+    ...interactiveLines,
+    `${CYAN}${DIVIDER}${RESET}`,
+    ``
+  ];
+}
 async function startTail(options = {}) {
   const port = await ensureDaemon();
   if (options.clear) {
@@ -6662,14 +6984,14 @@ async function startTail(options = {}) {
           localAllowCounts.get(req2.toolName) ?? 0
         )
       );
-      const decisionStamp = action === "always-allow" ? chalk16.yellow("\u2605 ALWAYS ALLOW") : action === "trust" ? chalk16.cyan("\u23F1 TRUST 30m") : action === "allow" ? chalk16.green("\u2713 ALLOWED") : chalk16.red("\u2717 DENIED");
+      const decisionStamp = action === "always-allow" ? chalk16.yellow("\u2605 ALWAYS ALLOW") : action === "trust" ? chalk16.cyan("\u23F1 TRUST 30m") : action === "allow" ? chalk16.green("\u2713 ALLOWED") : action === "redirect" ? chalk16.yellow("\u21A9 REDIRECT AI") : chalk16.red("\u2717 DENIED");
       stampedLines.push(`  ${BOLD}\u2192${RESET} ${decisionStamp} ${GRAY}(terminal)${RESET}`, ``);
       for (const line of stampedLines) process.stdout.write(line + "\n");
       process.stdout.write(SHOW_CURSOR);
       cardLineCount = 0;
       if (action === "allow" || action === "always-allow" || action === "trust") {
         localAllowCounts.set(req2.toolName, (localAllowCounts.get(req2.toolName) ?? 0) + 1);
-      } else if (action === "deny") {
+      } else if (action === "deny" || action === "redirect") {
         localAllowCounts.delete(req2.toolName);
       }
       let httpDecision;
@@ -6680,13 +7002,18 @@ async function startTail(options = {}) {
       } else if (action === "trust") {
         httpDecision = "trust";
         httpOpts = { trustDuration: "30m" };
+      } else if (action === "redirect") {
+        httpDecision = "deny";
+        const recoveryCommand = req2.recoveryCommand ?? "the required pre-condition";
+        const redirectReason = `USER INTERVENTION: I am blocking this ${req2.toolName} because the required pre-condition has not been met. Please execute \`${recoveryCommand}\`. If it passes, you are then authorized to run \`${req2.toolName}\`.`;
+        httpOpts = { reason: redirectReason, source: "terminal-redirect" };
       } else {
         httpDecision = action;
       }
       postDecisionHttp(req2.id, httpDecision, csrfToken, port, httpOpts).catch((err) => {
         try {
           fs24.appendFileSync(
-            path26.join(os21.homedir(), ".node9", "hook-debug.log"),
+            path25.join(os20.homedir(), ".node9", "hook-debug.log"),
             `[tail] POST /decision failed: ${String(err)}
 `
           );
@@ -6718,17 +7045,34 @@ async function startTail(options = {}) {
       cardActive = false;
       showNextCard();
     };
+    if (req2.viewOnly) {
+      process.stdin.resume();
+      onKeypress = () => {
+      };
+      process.stdin.on("keypress", onKeypress);
+      return;
+    }
     process.stdin.resume();
     onKeypress = (_str, key) => {
       const name = key?.name ?? "";
-      if (name === "y" || name === "return") {
-        settle("allow");
-      } else if (name === "n" || name === "d" || key?.ctrl && name === "c") {
-        settle("deny");
-      } else if (name === "a") {
-        settle("always-allow");
-      } else if (name === "t") {
-        settle("trust");
+      if (req2.recoveryCommand) {
+        if (name === "1") {
+          settle("allow");
+        } else if (name === "2") {
+          settle("redirect");
+        } else if (name === "3" || key?.ctrl && name === "c") {
+          settle("deny");
+        }
+      } else {
+        if (name === "y" || name === "return") {
+          settle("allow");
+        } else if (name === "n" || name === "d" || key?.ctrl && name === "c") {
+          settle("deny");
+        } else if (name === "a") {
+          settle("always-allow");
+        } else if (name === "t") {
+          settle("trust");
+        }
       }
     };
     process.stdin.on("keypress", onKeypress);
@@ -6898,14 +7242,14 @@ async function startTail(options = {}) {
     process.exit(1);
   });
 }
-var PID_FILE, ICONS, RESET, BOLD, RED, YELLOW, CYAN, GRAY, GREEN, HIDE_CURSOR, SHOW_CURSOR, ERASE_DOWN;
+var PID_FILE, ICONS, RESET, BOLD, RED, YELLOW, CYAN, GRAY, GREEN, HIDE_CURSOR, SHOW_CURSOR, ERASE_DOWN, DIVIDER;
 var init_tail = __esm({
   "src/tui/tail.ts"() {
     "use strict";
     init_daemon2();
     init_daemon();
     init_core();
-    PID_FILE = path26.join(os21.homedir(), ".node9", "daemon.pid");
+    PID_FILE = path25.join(os20.homedir(), ".node9", "daemon.pid");
     ICONS = {
       bash: "\u{1F4BB}",
       shell: "\u{1F4BB}",
@@ -6933,6 +7277,326 @@ var init_tail = __esm({
     HIDE_CURSOR = "\x1B[?25l";
     SHOW_CURSOR = "\x1B[?25h";
     ERASE_DOWN = "\x1B[J";
+    DIVIDER = "\u2500".repeat(60);
+  }
+});
+
+// src/cli/hud.ts
+var hud_exports = {};
+__export(hud_exports, {
+  countConfigs: () => countConfigs,
+  main: () => main,
+  renderEnvironmentLine: () => renderEnvironmentLine
+});
+import fs25 from "fs";
+import path26 from "path";
+import os21 from "os";
+import http3 from "http";
+async function readStdin() {
+  const chunks = [];
+  for await (const chunk of process.stdin) {
+    chunks.push(chunk);
+  }
+  const raw = Buffer.concat(chunks).toString("utf-8").trim();
+  if (!raw) return {};
+  try {
+    return JSON.parse(raw);
+  } catch {
+    return {};
+  }
+}
+function queryDaemon() {
+  return new Promise((resolve) => {
+    const timeout = setTimeout(() => resolve(null), 50);
+    try {
+      const req = http3.get(
+        `http://${DAEMON_HOST}:${DAEMON_PORT}/status`,
+        { timeout: 50 },
+        (res) => {
+          const chunks = [];
+          res.on("data", (c) => chunks.push(c));
+          res.on("end", () => {
+            clearTimeout(timeout);
+            try {
+              resolve(JSON.parse(Buffer.concat(chunks).toString()));
+            } catch {
+              resolve(null);
+            }
+          });
+        }
+      );
+      req.on("error", () => {
+        clearTimeout(timeout);
+        resolve(null);
+      });
+      req.on("timeout", () => {
+        clearTimeout(timeout);
+        req.destroy();
+        resolve(null);
+      });
+    } catch {
+      clearTimeout(timeout);
+      resolve(null);
+    }
+  });
+}
+function dim(s) {
+  return `${DIM}${s}${RESET2}`;
+}
+function bold(s) {
+  return `${BOLD2}${s}${RESET2}`;
+}
+function color(c, s) {
+  return `${c}${s}${RESET2}`;
+}
+function progressBar(pct, warnAt = 70, critAt = 85) {
+  const filled = Math.round(Math.min(pct, 100) / 100 * BAR_WIDTH);
+  const bar = BAR_FILLED.repeat(filled) + BAR_EMPTY.repeat(BAR_WIDTH - filled);
+  const c = pct >= critAt ? RED2 : pct >= warnAt ? YELLOW2 : GREEN2;
+  return `${c}${bar}${RESET2}`;
+}
+function formatTimeLeft(resetsAt) {
+  if (!resetsAt) return "";
+  const ms = new Date(resetsAt).getTime() - Date.now();
+  if (ms <= 0) return "";
+  const totalMin = Math.ceil(ms / 6e4);
+  const h = Math.floor(totalMin / 60);
+  const m = totalMin % 60;
+  if (h > 0) return ` (${h}h ${m}m left)`;
+  return ` (${m}m left)`;
+}
+function safeReadJson(filePath) {
+  if (!fs25.existsSync(filePath)) return null;
+  try {
+    return JSON.parse(fs25.readFileSync(filePath, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+function getMcpServerNames(filePath) {
+  const cfg = safeReadJson(filePath);
+  if (!cfg || typeof cfg.mcpServers !== "object" || cfg.mcpServers === null) return /* @__PURE__ */ new Set();
+  return new Set(Object.keys(cfg.mcpServers));
+}
+function getDisabledMcpServers(filePath, key) {
+  const cfg = safeReadJson(filePath);
+  if (!cfg || !Array.isArray(cfg[key])) return /* @__PURE__ */ new Set();
+  return new Set(cfg[key].filter((s) => typeof s === "string"));
+}
+function countHooksInFile(filePath) {
+  const cfg = safeReadJson(filePath);
+  if (!cfg || typeof cfg.hooks !== "object" || cfg.hooks === null) return 0;
+  return Object.keys(cfg.hooks).length;
+}
+function countRulesInDir(rulesDir) {
+  if (!fs25.existsSync(rulesDir)) return 0;
+  let count = 0;
+  try {
+    for (const entry of fs25.readdirSync(rulesDir, { withFileTypes: true })) {
+      if (entry.isDirectory()) {
+        count += countRulesInDir(path26.join(rulesDir, entry.name));
+      } else if (entry.isFile() && entry.name.endsWith(".md")) {
+        count++;
+      }
+    }
+  } catch {
+  }
+  return count;
+}
+function isSamePath(a, b) {
+  try {
+    return path26.resolve(a) === path26.resolve(b);
+  } catch {
+    return false;
+  }
+}
+function countConfigs(cwd) {
+  const homeDir2 = os21.homedir();
+  const claudeDir = path26.join(homeDir2, ".claude");
+  let claudeMdCount = 0;
+  let rulesCount = 0;
+  let hooksCount = 0;
+  const userMcpServers = /* @__PURE__ */ new Set();
+  const projectMcpServers = /* @__PURE__ */ new Set();
+  if (fs25.existsSync(path26.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
+  rulesCount += countRulesInDir(path26.join(claudeDir, "rules"));
+  const userSettings = path26.join(claudeDir, "settings.json");
+  for (const name of getMcpServerNames(userSettings)) userMcpServers.add(name);
+  hooksCount += countHooksInFile(userSettings);
+  const userClaudeJson = path26.join(homeDir2, ".claude.json");
+  for (const name of getMcpServerNames(userClaudeJson)) userMcpServers.add(name);
+  for (const name of getDisabledMcpServers(userClaudeJson, "disabledMcpServers")) {
+    userMcpServers.delete(name);
+  }
+  if (cwd) {
+    if (fs25.existsSync(path26.join(cwd, "CLAUDE.md"))) claudeMdCount++;
+    if (fs25.existsSync(path26.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
+    const projectClaudeDir = path26.join(cwd, ".claude");
+    const overlapsUserScope = isSamePath(projectClaudeDir, claudeDir);
+    if (!overlapsUserScope) {
+      if (fs25.existsSync(path26.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
+      rulesCount += countRulesInDir(path26.join(projectClaudeDir, "rules"));
+      const projSettings = path26.join(projectClaudeDir, "settings.json");
+      for (const name of getMcpServerNames(projSettings)) projectMcpServers.add(name);
+      hooksCount += countHooksInFile(projSettings);
+    }
+    if (fs25.existsSync(path26.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
+    const localSettings = path26.join(projectClaudeDir, "settings.local.json");
+    for (const name of getMcpServerNames(localSettings)) projectMcpServers.add(name);
+    hooksCount += countHooksInFile(localSettings);
+    const mcpJsonServers = getMcpServerNames(path26.join(cwd, ".mcp.json"));
+    const disabledMcpJson = getDisabledMcpServers(localSettings, "disabledMcpjsonServers");
+    for (const name of disabledMcpJson) mcpJsonServers.delete(name);
+    for (const name of mcpJsonServers) projectMcpServers.add(name);
+  }
+  return {
+    claudeMdCount,
+    rulesCount,
+    mcpCount: userMcpServers.size + projectMcpServers.size,
+    hooksCount
+  };
+}
+function renderEnvironmentLine(counts) {
+  const { claudeMdCount, rulesCount, mcpCount, hooksCount } = counts;
+  if (claudeMdCount === 0 && rulesCount === 0 && mcpCount === 0 && hooksCount === 0) return null;
+  const parts = [
+    `${claudeMdCount} CLAUDE.md`,
+    `${rulesCount} rules`,
+    `${mcpCount} MCPs`,
+    `${hooksCount} hooks`
+  ];
+  return color(DIM, parts.join(` ${dim("|")} `));
+}
+function renderOffline() {
+  process.stdout.write(`${color(BLUE, "\u{1F6E1}")} ${bold("node9")} ${dim("|")} ${dim("offline")}
+`);
+}
+function renderSecurityLine(status) {
+  const parts = [];
+  parts.push(`${color(BLUE, "\u{1F6E1}")} ${bold("node9")}`);
+  const modeColors = {
+    standard: GREEN2,
+    strict: RED2,
+    observe: MAGENTA,
+    audit: YELLOW2
+  };
+  const modeIcon = {
+    standard: "",
+    strict: "",
+    observe: "\u{1F441} ",
+    audit: ""
+  };
+  const mc = modeColors[status.mode] ?? WHITE;
+  parts.push(`${dim("|")} ${color(mc, modeIcon[status.mode] ?? "")}${color(mc, status.mode)}`);
+  if (status.mode === "observe") {
+    parts.push(`${dim("|")} ${color(GREEN2, `\u2705 ${status.session.allowed} passed`)}`);
+    if (status.session.wouldBlock > 0) {
+      parts.push(color(YELLOW2, `\u26A0 ${status.session.wouldBlock} would-block`));
+    }
+  } else {
+    parts.push(`${dim("|")} ${color(GREEN2, `\u2705 ${status.session.allowed} allowed`)}`);
+    if (status.session.blocked > 0) {
+      parts.push(color(RED2, `\u{1F6D1} ${status.session.blocked} blocked`));
+    }
+    if (status.session.dlpHits > 0) {
+      parts.push(color(RED2, `\u{1F6A8} ${status.session.dlpHits} dlp`));
+    }
+  }
+  if (status.taintedCount > 0) {
+    parts.push(color(YELLOW2, `\u{1F4A7} ${status.taintedCount} tainted`));
+  }
+  if (status.lastRuleHit) {
+    const ruleName = status.lastRuleHit.replace(/^Smart Rule:\s*/i, "");
+    parts.push(color(CYAN2, `\u26A1 ${ruleName}`));
+  }
+  return parts.join("  ");
+}
+function renderContextLine(stdin) {
+  const cw = stdin.context_window;
+  if (!cw) return null;
+  const parts = [];
+  const modelName = typeof stdin.model === "string" ? stdin.model : stdin.model?.display_name ?? "";
+  if (modelName) {
+    parts.push(color(CYAN2, modelName));
+  }
+  const usedPct = cw.used_percentage ?? (cw.current_usage && cw.context_window_size ? Math.round(
+    ((cw.current_usage.input_tokens ?? 0) + (cw.current_usage.output_tokens ?? 0)) / cw.context_window_size * 100
+  ) : null);
+  if (usedPct !== null) {
+    const bar = progressBar(usedPct);
+    parts.push(`${dim("\u2502")} ctx ${bar} ${usedPct}%`);
+  }
+  const rl = stdin.rate_limits;
+  if (rl?.five_hour?.used_percentage !== void 0) {
+    const pct = Math.round(rl.five_hour.used_percentage);
+    const bar = progressBar(pct, 60, 80);
+    const left = formatTimeLeft(rl.five_hour.resets_at);
+    parts.push(`${dim("\u2502")} 5h ${bar} ${pct}%${left}`);
+  }
+  if (rl?.seven_day?.used_percentage !== void 0) {
+    const pct = Math.round(rl.seven_day.used_percentage);
+    const bar = progressBar(pct, 60, 80);
+    parts.push(`${dim("\u2502")} 7d ${bar} ${pct}%`);
+  }
+  if (parts.length === 0) return null;
+  return parts.join("  ");
+}
+async function main() {
+  try {
+    const [stdin, daemonStatus2] = await Promise.all([readStdin(), queryDaemon()]);
+    if (!daemonStatus2) {
+      renderOffline();
+      return;
+    }
+    process.stdout.write(renderSecurityLine(daemonStatus2) + "\n");
+    const ctxLine = renderContextLine(stdin);
+    if (ctxLine) {
+      process.stdout.write(ctxLine + "\n");
+    }
+    const showEnvCounts = (() => {
+      try {
+        const cwd = stdin.cwd ?? process.cwd();
+        for (const configPath of [
+          path26.join(cwd, "node9.config.json"),
+          path26.join(os21.homedir(), ".node9", "config.json")
+        ]) {
+          if (!fs25.existsSync(configPath)) continue;
+          const cfg = JSON.parse(fs25.readFileSync(configPath, "utf-8"));
+          const hud = cfg.settings?.hud;
+          if (hud && "showEnvironmentCounts" in hud) return hud.showEnvironmentCounts !== false;
+        }
+      } catch {
+      }
+      return true;
+    })();
+    if (showEnvCounts) {
+      const envLine = renderEnvironmentLine(countConfigs(stdin.cwd));
+      if (envLine) {
+        process.stdout.write(envLine + "\n");
+      }
+    }
+  } catch {
+    renderOffline();
+  }
+}
+var RESET2, BOLD2, DIM, RED2, GREEN2, YELLOW2, BLUE, MAGENTA, CYAN2, WHITE, BAR_FILLED, BAR_EMPTY, BAR_WIDTH;
+var init_hud = __esm({
+  "src/cli/hud.ts"() {
+    "use strict";
+    init_daemon();
+    RESET2 = "\x1B[0m";
+    BOLD2 = "\x1B[1m";
+    DIM = "\x1B[2m";
+    RED2 = "\x1B[31m";
+    GREEN2 = "\x1B[32m";
+    YELLOW2 = "\x1B[33m";
+    BLUE = "\x1B[34m";
+    MAGENTA = "\x1B[35m";
+    CYAN2 = "\x1B[36m";
+    WHITE = "\x1B[37m";
+    BAR_FILLED = "\u2588";
+    BAR_EMPTY = "\u2591";
+    BAR_WIDTH = 10;
   }
 });
 
@@ -6942,8 +7606,8 @@ import { Command } from "commander";
 
 // src/setup.ts
 import fs11 from "fs";
-import path14 from "path";
-import os11 from "os";
+import path13 from "path";
+import os10 from "os";
 import chalk from "chalk";
 import { confirm } from "@inquirer/prompts";
 function printDaemonTip() {
@@ -6968,7 +7632,7 @@ function readJson(filePath) {
   return null;
 }
 function writeJson(filePath, data) {
-  const dir = path14.dirname(filePath);
+  const dir = path13.dirname(filePath);
   if (!fs11.existsSync(dir)) fs11.mkdirSync(dir, { recursive: true });
   fs11.writeFileSync(filePath, JSON.stringify(data, null, 2) + "\n");
 }
@@ -6977,9 +7641,9 @@ function isNode9Hook(cmd) {
   return /(?:^|[\s/\\])node9 (?:check|log)/.test(cmd) || /(?:^|[\s/\\])cli\.js (?:check|log)/.test(cmd);
 }
 function teardownClaude() {
-  const homeDir2 = os11.homedir();
-  const hooksPath = path14.join(homeDir2, ".claude", "settings.json");
-  const mcpPath = path14.join(homeDir2, ".claude.json");
+  const homeDir2 = os10.homedir();
+  const hooksPath = path13.join(homeDir2, ".claude", "settings.json");
+  const mcpPath = path13.join(homeDir2, ".claude.json");
   let changed = false;
   const settings = readJson(hooksPath);
   if (settings?.hooks) {
@@ -7027,8 +7691,8 @@ function teardownClaude() {
   }
 }
 function teardownGemini() {
-  const homeDir2 = os11.homedir();
-  const settingsPath = path14.join(homeDir2, ".gemini", "settings.json");
+  const homeDir2 = os10.homedir();
+  const settingsPath = path13.join(homeDir2, ".gemini", "settings.json");
   const settings = readJson(settingsPath);
   if (!settings) {
     console.log(chalk.blue("  \u2139\uFE0F  ~/.gemini/settings.json not found \u2014 nothing to remove"));
@@ -7066,8 +7730,8 @@ function teardownGemini() {
   }
 }
 function teardownCursor() {
-  const homeDir2 = os11.homedir();
-  const mcpPath = path14.join(homeDir2, ".cursor", "mcp.json");
+  const homeDir2 = os10.homedir();
+  const mcpPath = path13.join(homeDir2, ".cursor", "mcp.json");
   const mcpConfig = readJson(mcpPath);
   if (!mcpConfig?.mcpServers) {
     console.log(chalk.blue("  \u2139\uFE0F  ~/.cursor/mcp.json not found \u2014 nothing to remove"));
@@ -7093,9 +7757,9 @@ function teardownCursor() {
   }
 }
 async function setupClaude() {
-  const homeDir2 = os11.homedir();
-  const mcpPath = path14.join(homeDir2, ".claude.json");
-  const hooksPath = path14.join(homeDir2, ".claude", "settings.json");
+  const homeDir2 = os10.homedir();
+  const mcpPath = path13.join(homeDir2, ".claude.json");
+  const hooksPath = path13.join(homeDir2, ".claude", "settings.json");
   const claudeConfig = readJson(mcpPath) ?? {};
   const settings = readJson(hooksPath) ?? {};
   const servers = claudeConfig.mcpServers ?? {};
@@ -7169,8 +7833,8 @@ async function setupClaude() {
   }
 }
 async function setupGemini() {
-  const homeDir2 = os11.homedir();
-  const settingsPath = path14.join(homeDir2, ".gemini", "settings.json");
+  const homeDir2 = os10.homedir();
+  const settingsPath = path13.join(homeDir2, ".gemini", "settings.json");
   const settings = readJson(settingsPath) ?? {};
   const servers = settings.mcpServers ?? {};
   let anythingChanged = false;
@@ -7251,7 +7915,7 @@ async function setupGemini() {
     printDaemonTip();
   }
 }
-function detectAgents(homeDir2 = os11.homedir()) {
+function detectAgents(homeDir2 = os10.homedir()) {
   const exists = (p) => {
     try {
       return fs11.existsSync(p);
@@ -7265,14 +7929,14 @@ function detectAgents(homeDir2 = os11.homedir()) {
     }
   };
   return {
-    claude: exists(path14.join(homeDir2, ".claude")) || exists(path14.join(homeDir2, ".claude.json")),
-    gemini: exists(path14.join(homeDir2, ".gemini")),
-    cursor: exists(path14.join(homeDir2, ".cursor"))
+    claude: exists(path13.join(homeDir2, ".claude")) || exists(path13.join(homeDir2, ".claude.json")),
+    gemini: exists(path13.join(homeDir2, ".gemini")),
+    cursor: exists(path13.join(homeDir2, ".cursor"))
   };
 }
 async function setupCursor() {
-  const homeDir2 = os11.homedir();
-  const mcpPath = path14.join(homeDir2, ".cursor", "mcp.json");
+  const homeDir2 = os10.homedir();
+  const mcpPath = path13.join(homeDir2, ".cursor", "mcp.json");
   const mcpConfig = readJson(mcpPath) ?? {};
   const servers = mcpConfig.mcpServers ?? {};
   let anythingChanged = false;
@@ -7325,11 +7989,57 @@ async function setupCursor() {
     printDaemonTip();
   }
 }
+function setupHud() {
+  const homeDir2 = os10.homedir();
+  const hooksPath = path13.join(homeDir2, ".claude", "settings.json");
+  const settings = readJson(hooksPath) ?? {};
+  const hudCommand = fullPathCommand("hud");
+  const statusLineObj = { type: "command", command: hudCommand };
+  const existing = settings.statusLine;
+  const existingCommand = typeof existing === "object" ? existing?.command : existing;
+  if (existingCommand === hudCommand) {
+    console.log(chalk.blue("\u2139\uFE0F  node9 HUD is already configured in ~/.claude/settings.json"));
+    console.log(chalk.gray("   Restart Claude Code to activate."));
+    return;
+  }
+  if (existing && existingCommand !== hudCommand) {
+    console.log(
+      chalk.yellow(
+        `  \u26A0\uFE0F  statusLine is already set to: "${existingCommand}"
+     Overwriting with node9 HUD.`
+      )
+    );
+  }
+  settings.statusLine = statusLineObj;
+  writeJson(hooksPath, settings);
+  console.log(chalk.green.bold("\u2705 node9 HUD added to Claude Code statusline"));
+  console.log(chalk.gray("   Settings: ~/.claude/settings.json"));
+  console.log(chalk.gray("   Restart Claude Code to activate."));
+}
+function teardownHud() {
+  const homeDir2 = os10.homedir();
+  const hooksPath = path13.join(homeDir2, ".claude", "settings.json");
+  const settings = readJson(hooksPath);
+  if (!settings) {
+    console.log(chalk.blue("  \u2139\uFE0F  ~/.claude/settings.json not found \u2014 nothing to remove"));
+    return;
+  }
+  const existing = settings.statusLine;
+  const existingCommand = typeof existing === "object" ? existing?.command : existing;
+  if (!existingCommand || !String(existingCommand).includes("node9")) {
+    console.log(chalk.blue("  \u2139\uFE0F  node9 HUD not found in ~/.claude/settings.json"));
+    return;
+  }
+  delete settings.statusLine;
+  writeJson(hooksPath, settings);
+  console.log(chalk.green("  \u2705 node9 HUD removed from ~/.claude/settings.json"));
+  console.log(chalk.gray("   Restart Claude Code for changes to take effect."));
+}
 
 // src/cli.ts
 init_daemon2();
 import chalk17 from "chalk";
-import fs25 from "fs";
+import fs26 from "fs";
 import path27 from "path";
 import os22 from "os";
 import { confirm as confirm3 } from "@inquirer/prompts";
@@ -7362,7 +8072,7 @@ import { execa } from "execa";
 import { parseCommandString } from "execa";
 
 // src/policy/negotiation.ts
-function buildNegotiationMessage(blockedByLabel, isHumanDecision, humanReason) {
+function buildNegotiationMessage(blockedByLabel, isHumanDecision, humanReason, recoveryCommand) {
   if (isHumanDecision) {
     return `NODE9: The human user rejected this action.
 REASON: ${humanReason || "No specific reason provided."}
@@ -7418,10 +8128,11 @@ INSTRUCTION: Inform the user this action is pending approval. Wait for them to a
 INSTRUCTION: Do NOT use "${rule}". Find a read-only or non-destructive alternative.
 Do NOT attempt to bypass this rule.`;
   }
+  const recovery = recoveryCommand ? `
+REQUIRED ACTION: Run \`${recoveryCommand}\` first, then retry your original command.` : "\n- Pivot to a non-destructive or read-only alternative.";
   return `NODE9: Action blocked by security policy [${blockedByLabel}].
 INSTRUCTIONS:
-- Do NOT retry this exact command or attempt to bypass the rule.
-- Pivot to a non-destructive or read-only alternative.
+- Do NOT retry this exact command or attempt to bypass the rule.${recovery}
 - Inform the user which security rule was triggered and ask how to proceed.`;
 }
 
@@ -7557,17 +8268,17 @@ init_config();
 init_policy();
 import chalk5 from "chalk";
 import fs18 from "fs";
-import path20 from "path";
-import os15 from "os";
+import path19 from "path";
+import os14 from "os";
 
 // src/undo.ts
 import { spawnSync as spawnSync4, spawn as spawn5 } from "child_process";
 import crypto2 from "crypto";
 import fs17 from "fs";
-import path19 from "path";
-import os14 from "os";
-var SNAPSHOT_STACK_PATH = path19.join(os14.homedir(), ".node9", "snapshots.json");
-var UNDO_LATEST_PATH = path19.join(os14.homedir(), ".node9", "undo_latest.txt");
+import path18 from "path";
+import os13 from "os";
+var SNAPSHOT_STACK_PATH = path18.join(os13.homedir(), ".node9", "snapshots.json");
+var UNDO_LATEST_PATH = path18.join(os13.homedir(), ".node9", "undo_latest.txt");
 var MAX_SNAPSHOTS = 10;
 var GIT_TIMEOUT = 15e3;
 function readStack() {
@@ -7579,7 +8290,7 @@ function readStack() {
   return [];
 }
 function writeStack(stack) {
-  const dir = path19.dirname(SNAPSHOT_STACK_PATH);
+  const dir = path18.dirname(SNAPSHOT_STACK_PATH);
   if (!fs17.existsSync(dir)) fs17.mkdirSync(dir, { recursive: true });
   fs17.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
 }
@@ -7607,14 +8318,14 @@ function normalizeCwdForHash(cwd) {
 }
 function getShadowRepoDir(cwd) {
   const hash = crypto2.createHash("sha256").update(normalizeCwdForHash(cwd)).digest("hex").slice(0, 16);
-  return path19.join(os14.homedir(), ".node9", "snapshots", hash);
+  return path18.join(os13.homedir(), ".node9", "snapshots", hash);
 }
 function cleanOrphanedIndexFiles(shadowDir) {
   try {
     const cutoff = Date.now() - 6e4;
     for (const f of fs17.readdirSync(shadowDir)) {
       if (f.startsWith("index_")) {
-        const fp = path19.join(shadowDir, f);
+        const fp = path18.join(shadowDir, f);
         try {
           if (fs17.statSync(fp).mtimeMs < cutoff) fs17.unlinkSync(fp);
         } catch {
@@ -7628,7 +8339,7 @@ function writeShadowExcludes(shadowDir, ignorePaths) {
   const hardcoded = [".git", ".node9"];
   const lines = [...hardcoded, ...ignorePaths].join("\n");
   try {
-    fs17.writeFileSync(path19.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
+    fs17.writeFileSync(path18.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
   } catch {
   }
 }
@@ -7641,7 +8352,7 @@ function ensureShadowRepo(shadowDir, cwd) {
     timeout: 3e3
   });
   if (check.status === 0) {
-    const ptPath = path19.join(shadowDir, "project-path.txt");
+    const ptPath = path18.join(shadowDir, "project-path.txt");
     try {
       const stored = fs17.readFileSync(ptPath, "utf8").trim();
       if (stored === normalizedCwd) return true;
@@ -7668,7 +8379,7 @@ function ensureShadowRepo(shadowDir, cwd) {
       console.error("[Node9] git init --bare failed:", init.stderr?.toString());
     return false;
   }
-  const configFile = path19.join(shadowDir, "config");
+  const configFile = path18.join(shadowDir, "config");
   spawnSync4("git", ["config", "--file", configFile, "core.untrackedCache", "true"], {
     timeout: 3e3
   });
@@ -7676,7 +8387,7 @@ function ensureShadowRepo(shadowDir, cwd) {
     timeout: 3e3
   });
   try {
-    fs17.writeFileSync(path19.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
+    fs17.writeFileSync(path18.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
   } catch {
   }
   return true;
@@ -7699,7 +8410,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
     const shadowDir = getShadowRepoDir(cwd);
     if (!ensureShadowRepo(shadowDir, cwd)) return null;
     writeShadowExcludes(shadowDir, ignorePaths);
-    indexFile = path19.join(shadowDir, `index_${process.pid}_${Date.now()}`);
+    indexFile = path18.join(shadowDir, `index_${process.pid}_${Date.now()}`);
     const shadowEnv = {
       ...process.env,
       GIT_DIR: shadowDir,
@@ -7808,7 +8519,7 @@ function applyUndo(hash, cwd) {
       timeout: GIT_TIMEOUT
     }).stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
     for (const file of [...tracked, ...untracked]) {
-      const fullPath = path19.join(dir, file);
+      const fullPath = path18.join(dir, file);
       if (!snapshotFiles.has(file) && fs17.existsSync(fullPath)) {
         fs17.unlinkSync(fullPath);
       }
@@ -7834,7 +8545,7 @@ function registerCheckCommand(program2) {
         } catch (err) {
           const tempConfig = getConfig();
           if (process.env.NODE9_DEBUG === "1" || tempConfig.settings.enableHookLogDebug) {
-            const logPath = path20.join(os15.homedir(), ".node9", "hook-debug.log");
+            const logPath = path19.join(os14.homedir(), ".node9", "hook-debug.log");
             const errMsg = err instanceof Error ? err.message : String(err);
             fs18.appendFileSync(
               logPath,
@@ -7847,9 +8558,9 @@ RAW: ${raw}
         }
         const config = getConfig(payload.cwd || void 0);
         if (process.env.NODE9_DEBUG === "1" || config.settings.enableHookLogDebug) {
-          const logPath = path20.join(os15.homedir(), ".node9", "hook-debug.log");
-          if (!fs18.existsSync(path20.dirname(logPath)))
-            fs18.mkdirSync(path20.dirname(logPath), { recursive: true });
+          const logPath = path19.join(os14.homedir(), ".node9", "hook-debug.log");
+          if (!fs18.existsSync(path19.dirname(logPath)))
+            fs18.mkdirSync(path19.dirname(logPath), { recursive: true });
           fs18.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
 `);
         }
@@ -7875,6 +8586,8 @@ RAW: ${raw}
             }
             writeTty(chalk5.gray(`   Triggered by: ${blockedByContext}`));
             if (result2?.changeHint) writeTty(chalk5.cyan(`   To change:  ${result2.changeHint}`));
+            if (result2?.recoveryCommand)
+              writeTty(chalk5.green(`   \u{1F4A1} Run:      ${result2.recoveryCommand}`));
             writeTty("");
           } catch {
           } finally {
@@ -7887,7 +8600,8 @@ RAW: ${raw}
           const aiFeedbackMessage = buildNegotiationMessage(
             blockedByContext,
             isHumanDecision,
-            msg
+            msg,
+            result2?.recoveryCommand
           );
           process.stdout.write(
             JSON.stringify({
@@ -7911,7 +8625,7 @@ RAW: ${raw}
         if (shouldSnapshot(toolName, toolInput, config)) {
           await createShadowSnapshot(toolName, toolInput, config.policy.snapshot.ignorePaths);
         }
-        const safeCwdForAuth = typeof payload.cwd === "string" && path20.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+        const safeCwdForAuth = typeof payload.cwd === "string" && path19.isAbsolute(payload.cwd) ? payload.cwd : void 0;
         const result = await authorizeHeadless(toolName, toolInput, meta, {
           cwd: safeCwdForAuth
         });
@@ -7955,7 +8669,7 @@ RAW: ${raw}
         });
       } catch (err) {
         if (process.env.NODE9_DEBUG === "1") {
-          const logPath = path20.join(os15.homedir(), ".node9", "hook-debug.log");
+          const logPath = path19.join(os14.homedir(), ".node9", "hook-debug.log");
           const errMsg = err instanceof Error ? err.message : String(err);
           fs18.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
 `);
@@ -7995,8 +8709,8 @@ init_audit();
 init_config();
 init_policy();
 import fs19 from "fs";
-import path21 from "path";
-import os16 from "os";
+import path20 from "path";
+import os15 from "os";
 init_daemon();
 
 // src/utils/cp-mv-parser.ts
@@ -8037,6 +8751,20 @@ function containsShellMetachar(token) {
 }
 
 // src/cli/commands/log.ts
+var TEST_COMMAND_RE = /(?:^|\s)(npm\s+(?:run\s+)?test|npx\s+(?:vitest|jest|mocha)|yarn\s+(?:run\s+)?test|pnpm\s+(?:run\s+)?test|vitest|jest|mocha|pytest|py\.test|cargo\s+test|go\s+test|bundle\s+exec\s+rspec|rspec|phpunit|dotnet\s+test)\b/i;
+function detectTestResult(command, output) {
+  if (!TEST_COMMAND_RE.test(command)) return null;
+  const out = output.toLowerCase();
+  if (/\b(tests?\s+passed|all\s+tests?\s+passed|passing|test\s+suites?.*passed|ok\b|\d+\s+passed)/i.test(
+    out
+  ) && !/\b(fail|error|failed)\b/.test(out)) {
+    return "pass";
+  }
+  if (/\b(tests?\s+failed|failing|failed|error|assertion\s+error|\d+\s+failed)\b/i.test(out)) {
+    return "fail";
+  }
+  return null;
+}
 function sanitize3(value) {
   return value.replace(/[\x00-\x1F\x7F]/g, "");
 }
@@ -8055,9 +8783,9 @@ function registerLogCommand(program2) {
           decision: "allowed",
           source: "post-hook"
         };
-        const logPath = path21.join(os16.homedir(), ".node9", "audit.log");
-        if (!fs19.existsSync(path21.dirname(logPath)))
-          fs19.mkdirSync(path21.dirname(logPath), { recursive: true });
+        const logPath = path20.join(os15.homedir(), ".node9", "audit.log");
+        if (!fs19.existsSync(path20.dirname(logPath)))
+          fs19.mkdirSync(path20.dirname(logPath), { recursive: true });
         fs19.appendFileSync(logPath, JSON.stringify(entry) + "\n");
         if ((tool === "Bash" || tool === "bash") && isDaemonRunning()) {
           const command = typeof rawInput === "object" && rawInput !== null && "command" in rawInput && typeof rawInput.command === "string" ? rawInput.command : null;
@@ -8068,7 +8796,22 @@ function registerLogCommand(program2) {
             }
           }
         }
-        const safeCwd = typeof payload.cwd === "string" && path21.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+        if ((tool === "Bash" || tool === "bash") && isDaemonRunning()) {
+          const bashCommand = typeof rawInput === "object" && rawInput !== null && "command" in rawInput && typeof rawInput.command === "string" ? rawInput.command : null;
+          const output = payload.tool_response?.output ?? "";
+          if (bashCommand && output) {
+            const testResult = detectTestResult(bashCommand, output);
+            if (testResult) {
+              await notifyActivitySocket({
+                id: "test-result",
+                ts: Date.now(),
+                tool,
+                status: testResult === "pass" ? "test_pass" : "test_fail"
+              });
+            }
+          }
+        }
+        const safeCwd = typeof payload.cwd === "string" && path20.isAbsolute(payload.cwd) ? payload.cwd : void 0;
         const config = getConfig(safeCwd);
         if (shouldSnapshot(tool, {}, config)) {
           await createShadowSnapshot("unknown", {}, config.policy.snapshot.ignorePaths);
@@ -8077,7 +8820,7 @@ function registerLogCommand(program2) {
         const msg = err instanceof Error ? err.message : String(err);
         process.stderr.write(`[Node9] audit log error: ${msg}
 `);
-        const debugPath = path21.join(os16.homedir(), ".node9", "hook-debug.log");
+        const debugPath = path20.join(os15.homedir(), ".node9", "hook-debug.log");
         try {
           fs19.appendFileSync(debugPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] LOG_ERROR: ${msg}
 `);
@@ -8385,12 +9128,12 @@ function registerConfigShowCommand(program2) {
 init_daemon();
 import chalk7 from "chalk";
 import fs20 from "fs";
-import path22 from "path";
-import os17 from "os";
+import path21 from "path";
+import os16 from "os";
 import { execSync as execSync2 } from "child_process";
 function registerDoctorCommand(program2, version2) {
   program2.command("doctor").description("Check that Node9 is installed and configured correctly").action(() => {
-    const homeDir2 = os17.homedir();
+    const homeDir2 = os16.homedir();
     let failures = 0;
     function pass(msg) {
       console.log(chalk7.green("  \u2705 ") + msg);
@@ -8439,7 +9182,7 @@ function registerDoctorCommand(program2, version2) {
       );
     }
     section("Configuration");
-    const globalConfigPath = path22.join(homeDir2, ".node9", "config.json");
+    const globalConfigPath = path21.join(homeDir2, ".node9", "config.json");
     if (fs20.existsSync(globalConfigPath)) {
       try {
         JSON.parse(fs20.readFileSync(globalConfigPath, "utf-8"));
@@ -8450,7 +9193,7 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("~/.node9/config.json not found (using defaults)", "Run: node9 init");
     }
-    const projectConfigPath = path22.join(process.cwd(), "node9.config.json");
+    const projectConfigPath = path21.join(process.cwd(), "node9.config.json");
     if (fs20.existsSync(projectConfigPath)) {
       try {
         JSON.parse(fs20.readFileSync(projectConfigPath, "utf-8"));
@@ -8462,7 +9205,7 @@ function registerDoctorCommand(program2, version2) {
         );
       }
     }
-    const credsPath = path22.join(homeDir2, ".node9", "credentials.json");
+    const credsPath = path21.join(homeDir2, ".node9", "credentials.json");
     if (fs20.existsSync(credsPath)) {
       pass("Cloud credentials found (~/.node9/credentials.json)");
     } else {
@@ -8472,7 +9215,7 @@ function registerDoctorCommand(program2, version2) {
       );
     }
     section("Agent Hooks");
-    const claudeSettingsPath = path22.join(homeDir2, ".claude", "settings.json");
+    const claudeSettingsPath = path21.join(homeDir2, ".claude", "settings.json");
     if (fs20.existsSync(claudeSettingsPath)) {
       try {
         const cs = JSON.parse(fs20.readFileSync(claudeSettingsPath, "utf-8"));
@@ -8491,7 +9234,7 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("Claude Code \u2014 not configured", "Run: node9 setup claude");
     }
-    const geminiSettingsPath = path22.join(homeDir2, ".gemini", "settings.json");
+    const geminiSettingsPath = path21.join(homeDir2, ".gemini", "settings.json");
     if (fs20.existsSync(geminiSettingsPath)) {
       try {
         const gs = JSON.parse(fs20.readFileSync(geminiSettingsPath, "utf-8"));
@@ -8510,7 +9253,7 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("Gemini CLI  \u2014 not configured", "Run: node9 setup gemini  (skip if not using Gemini)");
     }
-    const cursorHooksPath = path22.join(homeDir2, ".cursor", "hooks.json");
+    const cursorHooksPath = path21.join(homeDir2, ".cursor", "hooks.json");
     if (fs20.existsSync(cursorHooksPath)) {
       try {
         const cur = JSON.parse(fs20.readFileSync(cursorHooksPath, "utf-8"));
@@ -8552,8 +9295,8 @@ function registerDoctorCommand(program2, version2) {
 // src/cli/commands/audit.ts
 import chalk8 from "chalk";
 import fs21 from "fs";
-import path23 from "path";
-import os18 from "os";
+import path22 from "path";
+import os17 from "os";
 function formatRelativeTime(timestamp) {
   const diff = Date.now() - new Date(timestamp).getTime();
   const sec = Math.floor(diff / 1e3);
@@ -8566,7 +9309,7 @@ function formatRelativeTime(timestamp) {
 }
 function registerAuditCommand(program2) {
   program2.command("audit").description("View local execution audit log").option("--tail <n>", "Number of entries to show", "20").option("--tool <pattern>", "Filter by tool name (substring match)").option("--deny", "Show only denied actions").option("--json", "Output raw JSON").action((options) => {
-    const logPath = path23.join(os18.homedir(), ".node9", "audit.log");
+    const logPath = path22.join(os17.homedir(), ".node9", "audit.log");
     if (!fs21.existsSync(logPath)) {
       console.log(
         chalk8.yellow("No audit logs found. Run node9 with an agent to generate entries.")
@@ -8694,8 +9437,8 @@ init_core();
 init_daemon();
 import chalk10 from "chalk";
 import fs22 from "fs";
-import path24 from "path";
-import os19 from "os";
+import path23 from "path";
+import os18 from "os";
 function readJson2(filePath) {
   try {
     if (fs22.existsSync(filePath)) return JSON.parse(fs22.readFileSync(filePath, "utf-8"));
@@ -8763,8 +9506,8 @@ function registerStatusCommand(program2) {
     console.log("");
     const modeLabel = settings.mode === "audit" ? chalk10.blue("audit") : settings.mode === "strict" ? chalk10.red("strict") : chalk10.white("standard");
     console.log(`  Mode:    ${modeLabel}`);
-    const projectConfig = path24.join(process.cwd(), "node9.config.json");
-    const globalConfig = path24.join(os19.homedir(), ".node9", "config.json");
+    const projectConfig = path23.join(process.cwd(), "node9.config.json");
+    const globalConfig = path23.join(os18.homedir(), ".node9", "config.json");
     console.log(
       `  Local:   ${fs22.existsSync(projectConfig) ? chalk10.green("Active (node9.config.json)") : chalk10.gray("Not present")}`
     );
@@ -8776,15 +9519,15 @@ function registerStatusCommand(program2) {
         `  Sandbox: ${chalk10.green(`${mergedConfig.policy.sandboxPaths.length} safe zones active`)}`
       );
     }
-    const homeDir2 = os19.homedir();
+    const homeDir2 = os18.homedir();
     const claudeSettings = readJson2(
-      path24.join(homeDir2, ".claude", "settings.json")
+      path23.join(homeDir2, ".claude", "settings.json")
     );
-    const claudeConfig = readJson2(path24.join(homeDir2, ".claude.json"));
+    const claudeConfig = readJson2(path23.join(homeDir2, ".claude.json"));
     const geminiSettings = readJson2(
-      path24.join(homeDir2, ".gemini", "settings.json")
+      path23.join(homeDir2, ".gemini", "settings.json")
     );
-    const cursorConfig = readJson2(path24.join(homeDir2, ".cursor", "mcp.json"));
+    const cursorConfig = readJson2(path23.join(homeDir2, ".cursor", "mcp.json"));
     const agentFound = claudeSettings || claudeConfig || geminiSettings || cursorConfig;
     if (agentFound) {
       console.log("");
@@ -8845,12 +9588,12 @@ function registerStatusCommand(program2) {
 init_core();
 import chalk11 from "chalk";
 import fs23 from "fs";
-import path25 from "path";
-import os20 from "os";
+import path24 from "path";
+import os19 from "os";
 function registerInitCommand(program2) {
   program2.command("init").description("Set up Node9: create config and wire all detected AI agents").option("--force", "Overwrite existing config").option("-m, --mode <mode>", "Set initial security mode (standard, strict, audit)", "standard").option("--skip-setup", "Only create config \u2014 do not wire AI agents").action(async (options) => {
     console.log(chalk11.cyan.bold("\n\u{1F6E1}\uFE0F  Node9 Init\n"));
-    const configPath = path25.join(os20.homedir(), ".node9", "config.json");
+    const configPath = path24.join(os19.homedir(), ".node9", "config.json");
     if (fs23.existsSync(configPath) && !options.force) {
       console.log(chalk11.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
     } else {
@@ -8860,7 +9603,7 @@ function registerInitCommand(program2) {
         ...DEFAULT_CONFIG,
         settings: { ...DEFAULT_CONFIG.settings, mode: safeMode }
       };
-      const dir = path25.dirname(configPath);
+      const dir = path24.dirname(configPath);
       if (!fs23.existsSync(dir)) fs23.mkdirSync(dir, { recursive: true });
       fs23.writeFileSync(configPath, JSON.stringify(configToSave, null, 2));
       console.log(chalk11.green(`\u2705 Config created: ${configPath}`));
@@ -9318,20 +10061,20 @@ function registerTrustCommand(program2) {
 
 // src/cli.ts
 var { version } = JSON.parse(
-  fs25.readFileSync(path27.join(__dirname, "../package.json"), "utf-8")
+  fs26.readFileSync(path27.join(__dirname, "../package.json"), "utf-8")
 );
 var program = new Command();
 program.name("node9").description("The Sudo Command for AI Agents").version(version);
 program.command("login").argument("<apiKey>").option("--local", "Save key for audit/logging only \u2014 local config still controls all decisions").option("--profile <name>", 'Save as a named profile (default: "default")').action((apiKey, options) => {
   const DEFAULT_API_URL = "https://api.node9.ai/api/v1/intercept";
   const credPath = path27.join(os22.homedir(), ".node9", "credentials.json");
-  if (!fs25.existsSync(path27.dirname(credPath)))
-    fs25.mkdirSync(path27.dirname(credPath), { recursive: true });
+  if (!fs26.existsSync(path27.dirname(credPath)))
+    fs26.mkdirSync(path27.dirname(credPath), { recursive: true });
   const profileName = options.profile || "default";
   let existingCreds = {};
   try {
-    if (fs25.existsSync(credPath)) {
-      const raw = JSON.parse(fs25.readFileSync(credPath, "utf-8"));
+    if (fs26.existsSync(credPath)) {
+      const raw = JSON.parse(fs26.readFileSync(credPath, "utf-8"));
       if (raw.apiKey) {
         existingCreds = {
           default: { apiKey: raw.apiKey, apiUrl: raw.apiUrl || DEFAULT_API_URL }
@@ -9343,13 +10086,13 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
   } catch {
   }
   existingCreds[profileName] = { apiKey, apiUrl: DEFAULT_API_URL };
-  fs25.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
+  fs26.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
   if (profileName === "default") {
     const configPath = path27.join(os22.homedir(), ".node9", "config.json");
     let config = {};
     try {
-      if (fs25.existsSync(configPath))
-        config = JSON.parse(fs25.readFileSync(configPath, "utf-8"));
+      if (fs26.existsSync(configPath))
+        config = JSON.parse(fs26.readFileSync(configPath, "utf-8"));
     } catch {
     }
     if (!config.settings || typeof config.settings !== "object") config.settings = {};
@@ -9364,9 +10107,9 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
       approvers.cloud = false;
     }
     s.approvers = approvers;
-    if (!fs25.existsSync(path27.dirname(configPath)))
-      fs25.mkdirSync(path27.dirname(configPath), { recursive: true });
-    fs25.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
+    if (!fs26.existsSync(path27.dirname(configPath)))
+      fs26.mkdirSync(path27.dirname(configPath), { recursive: true });
+    fs26.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
   }
   if (options.profile && profileName !== "default") {
     console.log(chalk17.green(`\u2705 Profile "${profileName}" saved`));
@@ -9379,14 +10122,15 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
     console.log(chalk17.gray(`   Team policy enforced for all calls via Node9 cloud.`));
   }
 });
-program.command("addto").description("Integrate Node9 with an AI agent").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor").argument("<target>", "The agent to protect: claude | gemini | cursor").action(async (target) => {
+program.command("addto").description("Integrate Node9 with an AI agent").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  hud").argument("<target>", "The agent to protect: claude | gemini | cursor | hud").action(async (target) => {
   if (target === "gemini") return await setupGemini();
   if (target === "claude") return await setupClaude();
   if (target === "cursor") return await setupCursor();
-  console.error(chalk17.red(`Unknown target: "${target}". Supported: claude, gemini, cursor`));
+  if (target === "hud") return setupHud();
+  console.error(chalk17.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`));
   process.exit(1);
 });
-program.command("setup").description('Alias for "addto" \u2014 integrate Node9 with an AI agent').addHelpText("after", "\n  Supported targets:  claude  gemini  cursor").argument("[target]", "The agent to protect: claude | gemini | cursor").action(async (target) => {
+program.command("setup").description('Alias for "addto" \u2014 integrate Node9 with an AI agent').addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  hud").argument("[target]", "The agent to protect: claude | gemini | cursor | hud").action(async (target) => {
   if (!target) {
     console.log(chalk17.cyan("\n\u{1F6E1}\uFE0F  Node9 Setup \u2014 integrate with your AI agent\n"));
     console.log("  Usage:  " + chalk17.white("node9 setup <target>") + "\n");
@@ -9394,6 +10138,9 @@ program.command("setup").description('Alias for "addto" \u2014 integrate Node9 w
     console.log("    " + chalk17.green("claude") + "   \u2014 Claude Code (hook mode)");
     console.log("    " + chalk17.green("gemini") + "   \u2014 Gemini CLI (hook mode)");
     console.log("    " + chalk17.green("cursor") + "   \u2014 Cursor (hook mode)");
+    process.stdout.write(
+      "    " + chalk17.green("hud") + "     \u2014 Claude Code security statusline\n"
+    );
     console.log("");
     return;
   }
@@ -9401,7 +10148,8 @@ program.command("setup").description('Alias for "addto" \u2014 integrate Node9 w
   if (t === "gemini") return await setupGemini();
   if (t === "claude") return await setupClaude();
   if (t === "cursor") return await setupCursor();
-  console.error(chalk17.red(`Unknown target: "${target}". Supported: claude, gemini, cursor`));
+  if (t === "hud") return setupHud();
+  console.error(chalk17.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`));
   process.exit(1);
 });
 program.command("removefrom").description("Remove Node9 hooks from an AI agent configuration").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor").argument("<target>", "The agent to remove from: claude | gemini | cursor").action((target) => {
@@ -9409,8 +10157,11 @@ program.command("removefrom").description("Remove Node9 hooks from an AI agent c
   if (target === "claude") fn = teardownClaude;
   else if (target === "gemini") fn = teardownGemini;
   else if (target === "cursor") fn = teardownCursor;
+  else if (target === "hud") fn = teardownHud;
   else {
-    console.error(chalk17.red(`Unknown target: "${target}". Supported: claude, gemini, cursor`));
+    console.error(
+      chalk17.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`)
+    );
     process.exit(1);
   }
   console.log(chalk17.cyan(`
@@ -9453,14 +10204,14 @@ program.command("uninstall").description("Remove all Node9 hooks and optionally
   }
   if (options.purge) {
     const node9Dir = path27.join(os22.homedir(), ".node9");
-    if (fs25.existsSync(node9Dir)) {
+    if (fs26.existsSync(node9Dir)) {
       const confirmed = await confirm3({
         message: `Permanently delete ${node9Dir} (config, audit log, credentials)?`,
         default: false
       });
       if (confirmed) {
-        fs25.rmSync(node9Dir, { recursive: true });
-        if (fs25.existsSync(node9Dir)) {
+        fs26.rmSync(node9Dir, { recursive: true });
+        if (fs26.existsSync(node9Dir)) {
           console.error(
             chalk17.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
           );
@@ -9576,6 +10327,10 @@ registerWatchCommand(program);
 registerMcpGatewayCommand(program);
 registerCheckCommand(program);
 registerLogCommand(program);
+program.command("hud").description("Render node9 security statusline (spawned by Claude Code statusLine)").action(async () => {
+  const { main: main2 } = await Promise.resolve().then(() => (init_hud(), hud_exports));
+  await main2();
+});
 program.command("pause").description("Temporarily disable Node9 protection for a set duration").option("-d, --duration <duration>", "How long to pause (e.g. 15m, 1h, 30s)", "15m").action((options) => {
   const ms = parseDuration(options.duration);
   if (ms === null) {
@@ -9674,7 +10429,7 @@ if (process.argv[2] !== "daemon") {
       if (process.env.NODE9_DEBUG === "1" || getConfig().settings.enableHookLogDebug) {
         const logPath = path27.join(os22.homedir(), ".node9", "hook-debug.log");
         const msg = reason instanceof Error ? reason.message : String(reason);
-        fs25.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
+        fs26.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
 `);
       }
       process.exit(0);