@node9/proxy 1.5.2 → 1.5.4

package/dist/cli.mjs

@@ -139,8 +139,8 @@ function sanitizeConfig(raw) {
     }
   }
   const lines = result.error.issues.map((issue) => {
-    const path28 = issue.path.length > 0 ? issue.path.join(".") : "root";
-    return `  \u2022 ${path28}: ${issue.message}`;
+    const path30 = issue.path.length > 0 ? issue.path.join(".") : "root";
+    return `  \u2022 ${path30}: ${issue.message}`;
   });
   return {
     sanitized,
@@ -191,12 +191,21 @@ var init_config_schema = __esm({
       verdict: z.enum(["allow", "review", "block"], {
         errorMap: () => ({ message: "verdict must be one of: allow, review, block" })
       }),
-      reason: z.string().optional()
+      reason: z.string().optional(),
+      // Unknown predicate names are filtered out rather than failing the whole rule.
+      // Failing the whole z.array() would cause sanitizeConfig to drop the entire
+      // `policy` top-level key, silently disabling ALL smart rules in the config.
+      dependsOnState: z.array(z.string()).transform(
+        (arr) => arr.filter(
+          (p) => p === "no_test_passed_since_last_edit"
+        )
+      ).optional(),
+      recoveryCommand: z.string().optional()
     });
     ConfigFileSchema = z.object({
       version: z.string().optional(),
       settings: z.object({
-        mode: z.enum(["standard", "strict", "audit"]).optional(),
+        mode: z.enum(["standard", "strict", "audit", "observe"]).optional(),
         autoStartDaemon: z.boolean().optional(),
         enableUndo: z.boolean().optional(),
         enableHookLogDebug: z.boolean().optional(),
@@ -626,12 +635,17 @@ function getConfig(cwd) {
     if (s.approvalTimeoutSeconds !== void 0 && s.approvalTimeoutMs === void 0)
       mergedSettings.approvalTimeoutMs = s.approvalTimeoutSeconds * 1e3;
     if (s.environment !== void 0) mergedSettings.environment = s.environment;
+    if (s.hud !== void 0) mergedSettings.hud = { ...mergedSettings.hud, ...s.hud };
     if (p.sandboxPaths) mergedPolicy.sandboxPaths.push(...p.sandboxPaths);
     if (p.ignoredTools) mergedPolicy.ignoredTools.push(...p.ignoredTools);
     if (p.dangerousWords) mergedPolicy.dangerousWords = [...p.dangerousWords];
     if (p.toolInspection)
       mergedPolicy.toolInspection = { ...mergedPolicy.toolInspection, ...p.toolInspection };
-    if (p.smartRules) mergedPolicy.smartRules.push(...p.smartRules);
+    if (p.smartRules) {
+      const defaultBlocks = mergedPolicy.smartRules.filter((r) => r.verdict === "block");
+      const defaultNonBlocks = mergedPolicy.smartRules.filter((r) => r.verdict !== "block");
+      mergedPolicy.smartRules = [...defaultBlocks, ...p.smartRules, ...defaultNonBlocks];
+    }
     if (p.snapshot) {
       const s2 = p.snapshot;
       if (s2.tools) mergedPolicy.snapshot.tools.push(...s2.tools);
@@ -827,7 +841,9 @@ var init_config = __esm({
               {
                 field: "command",
                 op: "matches",
-                value: "rm\\b.*(-[rRfF]*[rR][rRfF]*|--recursive)"
+                // Require the recursive flag to be preceded by whitespace so that
+                // filenames containing "-r" (e.g. "ai-review.yml") don't false-positive.
+                value: "rm\\b.*\\s(-[rRfF]*[rR][rRfF]*|--recursive)(\\s|$)"
               },
               {
                 field: "command",
@@ -1741,9 +1757,9 @@ function matchesPattern(text, patterns) {
   const withoutDotSlash = text.replace(/^\.\//, "");
   return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
 }
-function getNestedValue(obj, path28) {
+function getNestedValue(obj, path30) {
   if (!obj || typeof obj !== "object") return null;
-  return path28.split(".").reduce((prev, curr) => prev?.[curr], obj);
+  return path30.split(".").reduce((prev, curr) => prev?.[curr], obj);
 }
 function shouldSnapshot(toolName, args, config) {
   if (!config.settings.enableUndo) return false;
@@ -1893,7 +1909,13 @@ async function evaluatePolicy(toolName, args, agent, cwd) {
         blockedByLabel: `Smart Rule: ${matchedRule.name ?? matchedRule.tool}`,
         reason: matchedRule.reason,
         tier: 2,
-        ruleName: matchedRule.name ?? matchedRule.tool
+        ruleName: matchedRule.name ?? matchedRule.tool,
+        ...matchedRule.verdict === "block" && matchedRule.dependsOnState?.length && {
+          dependsOnStatePredicates: matchedRule.dependsOnState
+        },
+        ...matchedRule.verdict === "block" && matchedRule.recoveryCommand && {
+          recoveryCommand: matchedRule.recoveryCommand
+        }
       };
     }
   }
@@ -2416,9 +2438,38 @@ var init_state = __esm({
 
 // src/auth/daemon.ts
 import fs9 from "fs";
+import net from "net";
 import path10 from "path";
 import os8 from "os";
 import { spawnSync } from "child_process";
+function notifyActivitySocket(data) {
+  return new Promise((resolve) => {
+    try {
+      const payload = JSON.stringify(data);
+      const sock = net.createConnection(ACTIVITY_SOCKET_PATH);
+      sock.on("connect", () => {
+        sock.on("close", resolve);
+        sock.end(payload);
+      });
+      sock.on("error", resolve);
+    } catch {
+      resolve();
+    }
+  });
+}
+async function checkStatePredicates(predicates) {
+  if (predicates.length === 0) return {};
+  try {
+    const qs = predicates.map(encodeURIComponent).join(",");
+    const res = await fetch(`http://${DAEMON_HOST}:${DAEMON_PORT}/state/check?predicates=${qs}`, {
+      signal: AbortSignal.timeout(100)
+    });
+    if (!res.ok) return null;
+    return await res.json();
+  } catch {
+    return null;
+  }
+}
 function getInternalToken() {
   try {
     const pidFile = path10.join(os8.homedir(), ".node9", "daemon.pid");
@@ -2452,7 +2503,7 @@ function isDaemonRunning() {
     return false;
   }
 }
-async function registerDaemonEntry(toolName, args, meta, riskMetadata, activityId, cwd) {
+async function registerDaemonEntry(toolName, args, meta, riskMetadata, activityId, cwd, recoveryCommand, skipBackgroundAuth, viewOnly) {
   const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
   const ctrl = new AbortController();
   const timer = setTimeout(() => ctrl.abort(), 5e3);
@@ -2470,7 +2521,10 @@ async function registerDaemonEntry(toolName, args, meta, riskMetadata, activityI
         // activity-result as the CLI used for the pending activity event.
         activityId,
         ...riskMetadata && { riskMetadata },
-        ...cwd && { cwd }
+        ...cwd && { cwd },
+        ...recoveryCommand && { recoveryCommand },
+        ...skipBackgroundAuth && { skipBackgroundAuth: true },
+        ...viewOnly && { viewOnly: true }
       }),
       signal: ctrl.signal
     });
@@ -2490,10 +2544,10 @@ async function waitForDaemonDecision(id, signal) {
   try {
     const waitRes = await fetch(`${base}/wait/${id}`, { signal: waitCtrl.signal });
     if (!waitRes.ok) return { decision: "deny" };
-    const { decision, source } = await waitRes.json();
+    const { decision, source, reason } = await waitRes.json();
     if (decision === "allow") return { decision: "allow", source };
     if (decision === "abandoned") return { decision: "abandoned", source };
-    return { decision: "deny", source };
+    return { decision: "deny", source, reason };
   } finally {
     clearTimeout(waitTimer);
     if (signal) signal.removeEventListener("abort", onAbort);
@@ -2579,10 +2633,11 @@ async function resolveViaDaemon(id, decision, internalToken, source) {
     signal: AbortSignal.timeout(3e3)
   });
 }
-var DAEMON_PORT, DAEMON_HOST;
+var ACTIVITY_SOCKET_PATH, DAEMON_PORT, DAEMON_HOST;
 var init_daemon = __esm({
   "src/auth/daemon.ts"() {
     "use strict";
+    ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path10.join(os8.tmpdir(), "node9-activity.sock");
     DAEMON_PORT = 7391;
     DAEMON_HOST = "127.0.0.1";
   }
@@ -2922,6 +2977,7 @@ var init_native = __esm({
 // src/auth/cloud.ts
 import fs10 from "fs";
 import os9 from "os";
+import path13 from "path";
 function auditLocalAllow(toolName, args, checkedBy, creds, meta) {
   return fetch(`${creds.apiUrl}/audit`, {
     method: "POST",
@@ -2946,6 +3002,33 @@ function auditLocalAllow(toolName, args, checkedBy, creds, meta) {
 async function initNode9SaaS(toolName, args, creds, meta, riskMetadata) {
   const controller = new AbortController();
   const timeout = setTimeout(() => controller.abort(), 1e4);
+  if (!creds.apiKey) throw new Error("Node9 API Key is missing");
+  let ciContext;
+  if (process.env.CI) {
+    try {
+      const ciContextPath = path13.join(os9.homedir(), ".node9", "ci-context.json");
+      const stats = fs10.statSync(ciContextPath);
+      if (stats.size > 1e4) throw new Error("ci-context.json exceeds 10 KB");
+      const raw = fs10.readFileSync(ciContextPath, "utf8");
+      const parsed = JSON.parse(raw);
+      if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
+        throw new Error("ci-context.json is not a plain object");
+      }
+      const p = parsed;
+      ciContext = {
+        tests_after: p["tests_after"],
+        files_changed: p["files_changed"],
+        issues_found: p["issues_found"],
+        issues_fixed: p["issues_fixed"],
+        github_repository: p["github_repository"],
+        github_head_ref: p["github_head_ref"],
+        iteration: p["iteration"],
+        draft_pr_number: p["draft_pr_number"],
+        draft_pr_url: p["draft_pr_url"]
+      };
+    } catch {
+    }
+  }
   try {
     const response = await fetch(creds.apiUrl, {
       method: "POST",
@@ -2960,7 +3043,8 @@ async function initNode9SaaS(toolName, args, creds, meta, riskMetadata) {
           cwd: process.cwd(),
           platform: os9.platform()
         },
-        ...riskMetadata && { riskMetadata }
+        ...riskMetadata && { riskMetadata },
+        ...ciContext && { ciContext }
       }),
       signal: controller.signal
     });
@@ -2986,12 +3070,17 @@ async function pollNode9SaaS(requestId, creds, signal) {
       });
       clearTimeout(pollTimer);
       if (!statusRes.ok) continue;
-      const { status, reason } = await statusRes.json();
+      const statusBody = await statusRes.json();
+      const { status } = statusBody;
       if (status === "APPROVED") {
-        return { approved: true, reason };
+        return { approved: true, reason: statusBody.reason };
       }
       if (status === "DENIED" || status === "AUTO_BLOCKED" || status === "TIMED_OUT") {
-        return { approved: false, reason };
+        return { approved: false, reason: statusBody.reason };
+      }
+      if (status === "FIX") {
+        const feedbackText = statusBody.feedbackText ?? statusBody.reason ?? "Run again with feedback.";
+        return { approved: false, reason: feedbackText };
       }
     } catch {
     }
@@ -3036,9 +3125,6 @@ var init_cloud = __esm({
 });
 
 // src/auth/orchestrator.ts
-import net from "net";
-import path13 from "path";
-import os10 from "os";
 import { randomUUID } from "crypto";
 function isWriteTool(toolName) {
   const t = toolName.toLowerCase().replace(/[^a-z_]/g, "_");
@@ -3075,19 +3161,7 @@ function isNetworkTool(toolName, args) {
   return false;
 }
 function notifyActivity(data) {
-  return new Promise((resolve) => {
-    try {
-      const payload = JSON.stringify(data);
-      const sock = net.createConnection(ACTIVITY_SOCKET_PATH);
-      sock.on("connect", () => {
-        sock.on("close", resolve);
-        sock.end(payload);
-      });
-      sock.on("error", resolve);
-    } catch {
-      resolve();
-    }
-  });
+  return notifyActivitySocket(data);
 }
 async function authorizeHeadless(toolName, args, meta, options) {
   if (!options?.calledFromDaemon) {
@@ -3104,7 +3178,9 @@ async function authorizeHeadless(toolName, args, meta, options) {
         tool: toolName,
         ts: actTs,
         status: result.approved ? "allow" : result.blockedByLabel?.includes("DLP") ? "dlp" : result.blockedByLabel?.includes("Taint") ? "taint" : "block",
-        label: result.blockedByLabel
+        label: result.blockedByLabel,
+        ruleHit: result.ruleHit,
+        observeWouldBlock: result.observeWouldBlock
       });
     }
     return result;
@@ -3131,10 +3207,12 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
     appendHookDebug(toolName, args, meta, hashAuditArgs);
   }
   const isManual = meta?.agent === "Terminal";
+  const isObserveMode = config.settings.mode === "observe";
   let explainableLabel = "Local Config";
   let policyMatchedField;
   let policyMatchedWord;
   let riskMetadata;
+  let statefulRecoveryCommand;
   let taintWarning = null;
   if (isNetworkTool(toolName, args)) {
     const filePaths = extractFilePaths(toolName, args);
@@ -3155,10 +3233,26 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
     if (dlpMatch) {
       const dlpReason = `\u{1F6A8} DATA LOSS PREVENTION: ${dlpMatch.patternName} detected in field "${dlpMatch.fieldPath}" (${dlpMatch.redactedSample})`;
       if (dlpMatch.severity === "block") {
-        if (!isManual) appendLocalAudit(toolName, args, "deny", "dlp-block", meta, true);
+        if (!isManual)
+          appendLocalAudit(
+            toolName,
+            args,
+            "deny",
+            isObserveMode ? "observe-mode-dlp-would-block" : "dlp-block",
+            meta,
+            true
+          );
         if (isWriteTool(toolName) && filePath) {
           await notifyTaint(filePath, `DLP:${dlpMatch.patternName}`);
         }
+        if (isObserveMode) {
+          return {
+            approved: true,
+            checkedBy: "audit",
+            observeWouldBlock: true,
+            blockedByLabel: "\u{1F6A8} Node9 DLP (Secret Detected)"
+          };
+        }
         return {
           approved: false,
           reason: dlpReason,
@@ -3171,6 +3265,31 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
       explainableLabel = "\u{1F6A8} Node9 DLP (Credential Review)";
     }
   }
+  if (isObserveMode) {
+    if (!isIgnoredTool(toolName)) {
+      const policyResult = await evaluatePolicy(toolName, args, meta?.agent, options?.cwd);
+      const wouldBlock = policyResult.decision === "block";
+      if (!isManual)
+        appendLocalAudit(
+          toolName,
+          args,
+          "allow",
+          wouldBlock ? "observe-mode-would-block" : "observe-mode",
+          meta,
+          hashAuditArgs
+        );
+      return {
+        approved: true,
+        checkedBy: "audit",
+        ...wouldBlock && {
+          observeWouldBlock: true,
+          blockedByLabel: policyResult.blockedByLabel,
+          ruleHit: policyResult.ruleName
+        }
+      };
+    }
+    return { approved: true, checkedBy: "audit" };
+  }
   if (config.settings.mode === "audit") {
     if (!isIgnoredTool(toolName)) {
       const policyResult = await evaluatePolicy(toolName, args, meta?.agent, options?.cwd);
@@ -3193,19 +3312,46 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
     const policyResult = await evaluatePolicy(toolName, args, meta?.agent);
     if (policyResult.decision === "allow") {
       if (approvers.cloud && creds?.apiKey)
-        auditLocalAllow(toolName, args, "local-policy", creds, meta);
+        await auditLocalAllow(toolName, args, "local-policy", creds, meta);
       if (!isManual) appendLocalAudit(toolName, args, "allow", "local-policy", meta, hashAuditArgs);
       return { approved: true, checkedBy: "local-policy" };
     }
     if (policyResult.decision === "block") {
-      if (!isManual)
-        appendLocalAudit(toolName, args, "deny", "smart-rule-block", meta, hashAuditArgs);
-      return {
-        approved: false,
-        reason: policyResult.reason ?? "Action explicitly blocked by Smart Policy.",
-        blockedBy: "local-config",
-        blockedByLabel: policyResult.blockedByLabel
-      };
+      if (policyResult.dependsOnStatePredicates?.length) {
+        const stateResults = await checkStatePredicates(policyResult.dependsOnStatePredicates);
+        const predicatesMet = stateResults !== null && policyResult.dependsOnStatePredicates.every((p) => stateResults[p] === true);
+        if (stateResults === null && !isManual) {
+          appendToLog(HOOK_DEBUG_LOG, {
+            ts: (/* @__PURE__ */ new Date()).toISOString(),
+            event: "state-check-fail-open",
+            tool: toolName,
+            rule: policyResult.ruleName,
+            predicates: policyResult.dependsOnStatePredicates,
+            reason: "daemon unreachable or /state/check timed out \u2014 block rule downgraded to review"
+          });
+        }
+        if (predicatesMet && policyResult.recoveryCommand) {
+          statefulRecoveryCommand = policyResult.recoveryCommand;
+        }
+      } else if (isDaemonRunning() && !isTestEnv2) {
+        if (!isManual)
+          appendLocalAudit(toolName, args, "deny", "smart-rule-block", meta, hashAuditArgs);
+        if (approvers.cloud && creds?.apiKey)
+          auditLocalAllow(toolName, args, "smart-rule-block", creds, meta);
+      } else {
+        if (!isManual)
+          appendLocalAudit(toolName, args, "deny", "smart-rule-block", meta, hashAuditArgs);
+        if (approvers.cloud && creds?.apiKey)
+          auditLocalAllow(toolName, args, "smart-rule-block", creds, meta);
+        return {
+          approved: false,
+          reason: policyResult.reason ?? "Action explicitly blocked by Smart Policy.",
+          blockedBy: "local-config",
+          blockedByLabel: policyResult.blockedByLabel,
+          ruleHit: policyResult.ruleName,
+          ...policyResult.recoveryCommand && { recoveryCommand: policyResult.recoveryCommand }
+        };
+      }
     }
     explainableLabel = policyResult.blockedByLabel || "Local Config";
     policyMatchedField = policyResult.matchedField;
@@ -3312,7 +3458,8 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
           meta,
           riskMetadata,
           options?.activityId,
-          options?.cwd
+          options?.cwd,
+          statefulRecoveryCommand
         );
         daemonEntryId = entry.id;
         daemonAllowCount = entry.allowCount;
@@ -3373,20 +3520,26 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
   if (daemonEntryId && (approvers.browser || approvers.terminal)) {
     racePromises.push(
       (async () => {
-        const { decision: daemonDecision, source: decisionSource } = await waitForDaemonDecision(
-          daemonEntryId,
-          signal
-        );
+        const {
+          decision: daemonDecision,
+          source: decisionSource,
+          reason: daemonReason
+        } = await waitForDaemonDecision(daemonEntryId, signal);
         if (daemonDecision === "abandoned") throw new Error("Abandoned");
         const isApproved = daemonDecision === "allow";
-        const src = decisionSource === "terminal" || decisionSource === "browser" ? decisionSource : approvers.browser ? "browser" : "terminal";
+        const isRedirect = decisionSource === "terminal-redirect";
+        const src = decisionSource === "terminal" || decisionSource === "terminal-redirect" || decisionSource === "browser" ? decisionSource === "browser" ? "browser" : "terminal" : approvers.browser ? "browser" : "terminal";
         const via = src === "terminal" ? "Terminal (node9 tail)" : "Browser Dashboard";
         return {
           approved: isApproved,
-          reason: isApproved ? void 0 : `The human user rejected this action via the Node9 ${via}.`,
+          reason: isApproved ? void 0 : (
+            // Use the redirect reason from the tail when choice [2] was selected;
+            // otherwise fall back to the generic rejection message.
+            isRedirect && daemonReason || `The human user rejected this action via the Node9 ${via}.`
+          ),
           checkedBy: isApproved ? "daemon" : void 0,
           blockedBy: isApproved ? void 0 : "local-decision",
-          blockedByLabel: `User Decision (${via})`,
+          blockedByLabel: isRedirect ? "Steered Redirect (Terminal)" : `User Decision (${via})`,
           decisionSource: src
         };
       })()
@@ -3461,7 +3614,7 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
   }
   return finalResult;
 }
-var WRITE_TOOLS, ACTIVITY_SOCKET_PATH;
+var WRITE_TOOLS;
 var init_orchestrator = __esm({
   "src/auth/orchestrator.ts"() {
     "use strict";
@@ -3485,7 +3638,6 @@ var init_orchestrator = __esm({
       "notebook_edit",
       "notebookedit"
     ]);
-    ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path13.join(os10.tmpdir(), "node9-activity.sock");
   }
 });
 
@@ -5291,11 +5443,112 @@ var init_taint_store = __esm({
   }
 });
 
+// src/daemon/session-counters.ts
+var SessionCounters, sessionCounters;
+var init_session_counters = __esm({
+  "src/daemon/session-counters.ts"() {
+    "use strict";
+    SessionCounters = class {
+      _allowed = 0;
+      _blocked = 0;
+      _dlpHits = 0;
+      _wouldBlock = 0;
+      _lastRuleHit = null;
+      _lastBlockedTool = null;
+      incrementAllowed() {
+        this._allowed++;
+      }
+      incrementBlocked() {
+        this._blocked++;
+      }
+      incrementDlpHits() {
+        this._dlpHits++;
+      }
+      incrementWouldBlock() {
+        this._wouldBlock++;
+      }
+      recordRuleHit(label) {
+        this._lastRuleHit = label;
+      }
+      recordBlockedTool(toolName) {
+        this._lastBlockedTool = toolName;
+      }
+      get() {
+        return {
+          allowed: this._allowed,
+          blocked: this._blocked,
+          dlpHits: this._dlpHits,
+          wouldBlock: this._wouldBlock,
+          lastRuleHit: this._lastRuleHit,
+          lastBlockedTool: this._lastBlockedTool
+        };
+      }
+      reset() {
+        this._allowed = 0;
+        this._blocked = 0;
+        this._dlpHits = 0;
+        this._wouldBlock = 0;
+        this._lastRuleHit = null;
+        this._lastBlockedTool = null;
+      }
+    };
+    sessionCounters = new SessionCounters();
+  }
+});
+
+// src/daemon/session-history.ts
+var SessionHistory, sessionHistory;
+var init_session_history = __esm({
+  "src/daemon/session-history.ts"() {
+    "use strict";
+    SessionHistory = class {
+      lastEditAt = null;
+      lastTestPassAt = null;
+      lastTestFailAt = null;
+      recordEdit(ts = Date.now()) {
+        this.lastEditAt = ts;
+      }
+      recordTestPass(ts = Date.now()) {
+        this.lastTestPassAt = ts;
+      }
+      recordTestFail(ts = Date.now()) {
+        this.lastTestFailAt = ts;
+      }
+      /**
+       * Returns true when the named predicate is currently satisfied.
+       * Unknown predicates always return false (fail-open: don't block on unknown state).
+       */
+      checkPredicate(name) {
+        switch (name) {
+          case "no_test_passed_since_last_edit":
+            if (this.lastEditAt === null) return false;
+            return this.lastTestPassAt === null || this.lastTestPassAt < this.lastEditAt;
+          default:
+            return false;
+        }
+      }
+      getSnapshot() {
+        return {
+          lastEditAt: this.lastEditAt,
+          lastTestPassAt: this.lastTestPassAt,
+          lastTestFailAt: this.lastTestFailAt
+        };
+      }
+      reset() {
+        this.lastEditAt = null;
+        this.lastTestPassAt = null;
+        this.lastTestFailAt = null;
+      }
+    };
+    sessionHistory = new SessionHistory();
+  }
+});
+
 // src/daemon/state.ts
 import net2 from "net";
 import fs13 from "fs";
 import path16 from "path";
-import os12 from "os";
+import os11 from "os";
 import { spawn as spawn2 } from "child_process";
 import { randomUUID as randomUUID3 } from "crypto";
 function loadInsightCounts() {
@@ -5458,6 +5711,7 @@ function readBody(req) {
   });
 }
 function openBrowser(url) {
+  if (process.env.NODE9_TESTING === "1") return;
   try {
     const args = process.platform === "darwin" ? ["open", url] : process.platform === "win32" ? ["cmd", "/c", "start", "", url] : ["xdg-open", url];
     spawn2(args[0], args.slice(1), { detached: true, stdio: "ignore" }).unref();
@@ -5529,6 +5783,14 @@ function startActivitySocket() {
     socket.on("end", () => {
       try {
         const data = JSON.parse(Buffer.concat(chunks).toString());
+        if (data.status === "test_pass") {
+          sessionHistory.recordTestPass(data.ts);
+          return;
+        }
+        if (data.status === "test_fail") {
+          sessionHistory.recordTestFail(data.ts);
+          return;
+        }
         if (data.status === "pending") {
           broadcast("activity", {
             id: data.id,
@@ -5538,6 +5800,24 @@ function startActivitySocket() {
             status: "pending"
           });
         } else {
+          if (data.status === "allow") {
+            sessionCounters.incrementAllowed();
+            if (data.observeWouldBlock) sessionCounters.incrementWouldBlock();
+            if (WRITE_TOOL_NAMES.has(data.tool.toLowerCase().replace(/[^a-z_]/g, "_"))) {
+              sessionHistory.recordEdit(data.ts);
+            }
+          } else if (data.status === "block") {
+            sessionCounters.incrementBlocked();
+            sessionCounters.recordBlockedTool(data.tool);
+            if (data.ruleHit) sessionCounters.recordRuleHit(data.ruleHit);
+          } else if (data.status === "dlp") {
+            sessionCounters.incrementBlocked();
+            sessionCounters.incrementDlpHits();
+            sessionCounters.recordBlockedTool(data.tool);
+          } else if (data.status === "taint") {
+            sessionCounters.incrementBlocked();
+            sessionCounters.recordBlockedTool(data.tool);
+          }
           broadcast("activity-result", {
             id: data.id,
             status: data.status,
@@ -5558,14 +5838,16 @@ function startActivitySocket() {
     }
   });
 }
-var homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, suggestions, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, SECRET_KEY_RE;
+var homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, suggestions, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, SECRET_KEY_RE, WRITE_TOOL_NAMES;
 var init_state2 = __esm({
   "src/daemon/state.ts"() {
     "use strict";
     init_daemon();
     init_suggestion_tracker();
     init_taint_store();
-    homeDir = os12.homedir();
+    init_session_counters();
+    init_session_history();
+    homeDir = os11.homedir();
     DAEMON_PID_FILE = path16.join(homeDir, ".node9", "daemon.pid");
     DECISIONS_FILE = path16.join(homeDir, ".node9", "decisions.json");
     AUDIT_LOG_FILE = path16.join(homeDir, ".node9", "audit.log");
@@ -5590,17 +5872,28 @@ var init_state2 = __esm({
       "2h": 2 * 60 * 6e4
     };
     autoStarted = process.env.NODE9_AUTO_STARTED === "1";
-    ACTIVITY_SOCKET_PATH2 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path16.join(os12.tmpdir(), "node9-activity.sock");
+    ACTIVITY_SOCKET_PATH2 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path16.join(os11.tmpdir(), "node9-activity.sock");
     ACTIVITY_RING_SIZE = 100;
     activityRing = [];
     SECRET_KEY_RE = /password|secret|token|key|apikey|credential|auth/i;
+    WRITE_TOOL_NAMES = /* @__PURE__ */ new Set([
+      "write",
+      "write_file",
+      "create_file",
+      "edit",
+      "multiedit",
+      "str_replace_based_edit_tool",
+      "replace",
+      "notebook_edit",
+      "notebookedit"
+    ]);
   }
 });
 
 // src/config/patch.ts
 import fs14 from "fs";
 import path17 from "path";
-import os13 from "os";
+import os12 from "os";
 function patchConfig(configPath, patch) {
   let config = {};
   try {
@@ -5650,7 +5943,7 @@ var GLOBAL_CONFIG_PATH;
 var init_patch = __esm({
   "src/config/patch.ts"() {
     "use strict";
-    GLOBAL_CONFIG_PATH = path17.join(os13.homedir(), ".node9", "config.json");
+    GLOBAL_CONFIG_PATH = path17.join(os12.homedir(), ".node9", "config.json");
   }
 });
 
@@ -5723,6 +6016,8 @@ data: ${JSON.stringify({
             toolName: e.toolName,
             args: e.args,
             riskMetadata: e.riskMetadata,
+            ...e.recoveryCommand && { recoveryCommand: e.recoveryCommand },
+            ...e.viewOnly && { viewOnly: true },
             slackDelegated: e.slackDelegated,
             timestamp: e.timestamp,
             agent: e.agent,
@@ -5788,6 +6083,9 @@ data: ${JSON.stringify(item.data)}
           agent,
           mcpServer,
           riskMetadata,
+          recoveryCommand,
+          skipBackgroundAuth = false,
+          viewOnly = false,
           fromCLI = false,
           activityId,
           cwd
@@ -5798,6 +6096,8 @@ data: ${JSON.stringify(item.data)}
           toolName,
           args,
           riskMetadata: riskMetadata ?? void 0,
+          ...typeof recoveryCommand === "string" && recoveryCommand && { recoveryCommand },
+          ...viewOnly && { viewOnly: true },
           agent: typeof agent === "string" ? agent : void 0,
           mcpServer: typeof mcpServer === "string" ? mcpServer : void 0,
           slackDelegated: !!slackDelegated,
@@ -5842,6 +6142,8 @@ data: ${JSON.stringify(item.data)}
             toolName,
             args,
             riskMetadata: entry.riskMetadata,
+            ...entry.recoveryCommand && { recoveryCommand: entry.recoveryCommand },
+            ...entry.viewOnly && { viewOnly: true },
             slackDelegated: entry.slackDelegated,
             agent: entry.agent,
             mcpServer: entry.mcpServer,
@@ -5858,7 +6160,7 @@ data: ${JSON.stringify(item.data)}
         }
         res.writeHead(200, { "Content-Type": "application/json" });
         res.end(JSON.stringify({ id, allowCount: (insightCounts.get(toolName) ?? 0) + 1 }));
-        if (slackDelegated) return;
+        if (slackDelegated || skipBackgroundAuth) return;
         authorizeHeadless(
           toolName,
           args,
@@ -5997,7 +6299,7 @@ data: ${JSON.stringify(item.data)}
           saveInsightCounts();
           suggestionTracker.resetTool(entry.toolName);
         }
-        const VALID_SOURCES = /* @__PURE__ */ new Set(["terminal", "browser", "native"]);
+        const VALID_SOURCES = /* @__PURE__ */ new Set(["terminal", "browser", "native", "terminal-redirect"]);
         if (source && VALID_SOURCES.has(source)) entry.decisionSource = source;
         if (entry.waiter) {
           entry.waiter(resolvedDecision, reason);
@@ -6026,6 +6328,41 @@ data: ${JSON.stringify(item.data)}
         return res.end(JSON.stringify({ error: "internal" }));
       }
     }
+    if (req.method === "GET" && pathname === "/status") {
+      try {
+        const s = getGlobalSettings();
+        const counters = sessionCounters.get();
+        const mode = s.mode ?? "standard";
+        const status = {
+          mode,
+          session: {
+            allowed: counters.allowed,
+            blocked: counters.blocked,
+            dlpHits: counters.dlpHits,
+            wouldBlock: counters.wouldBlock
+          },
+          taintedCount: taintStore.list().length,
+          lastRuleHit: counters.lastRuleHit,
+          lastBlockedTool: counters.lastBlockedTool
+        };
+        res.writeHead(200, { "Content-Type": "application/json" });
+        return res.end(JSON.stringify(status));
+      } catch (err) {
+        console.error(chalk2.red("[node9 daemon] GET /status failed:"), err);
+        res.writeHead(500, { "Content-Type": "application/json" });
+        return res.end(JSON.stringify({ error: "internal" }));
+      }
+    }
+    if (req.method === "GET" && pathname === "/state/check") {
+      const predicatesParam = reqUrl.searchParams.get("predicates") ?? "";
+      const predicates = predicatesParam.split(",").filter(Boolean);
+      const results = {};
+      for (const p of predicates) {
+        results[p] = sessionHistory.checkPredicate(p);
+      }
+      res.writeHead(200, { "Content-Type": "application/json" });
+      return res.end(JSON.stringify(results));
+    }
     if (req.method === "POST" && pathname === "/settings") {
       if (!validToken(req)) return res.writeHead(403).end();
       try {
@@ -6429,11 +6766,11 @@ __export(tail_exports, {
   startTail: () => startTail
 });
 import http2 from "http";
-import chalk16 from "chalk";
+import chalk17 from "chalk";
 import fs24 from "fs";
-import os21 from "os";
-import path26 from "path";
-import readline3 from "readline";
+import os20 from "os";
+import path27 from "path";
+import readline4 from "readline";
 import { spawn as spawn9, execSync as execSync3 } from "child_process";
 function getIcon(tool) {
   const t = tool.toLowerCase();
@@ -6448,27 +6785,27 @@ function formatBase(activity) {
   const toolName = activity.tool.slice(0, 16).padEnd(16);
   const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ");
   const argsPreview = argsStr.length > 70 ? argsStr.slice(0, 70) + "\u2026" : argsStr;
-  return `${chalk16.gray(time)} ${icon} ${chalk16.white.bold(toolName)} ${chalk16.dim(argsPreview)}`;
+  return `${chalk17.gray(time)} ${icon} ${chalk17.white.bold(toolName)} ${chalk17.dim(argsPreview)}`;
 }
 function renderResult(activity, result) {
   const base = formatBase(activity);
   let status;
   if (result.status === "allow") {
-    status = chalk16.green("\u2713 ALLOW");
+    status = chalk17.green("\u2713 ALLOW");
   } else if (result.status === "dlp") {
-    status = chalk16.bgRed.white.bold(" \u{1F6E1}\uFE0F  DLP ");
+    status = chalk17.bgRed.white.bold(" \u{1F6E1}\uFE0F  DLP ");
   } else {
-    status = chalk16.red("\u2717 BLOCK");
+    status = chalk17.red("\u2717 BLOCK");
   }
   if (process.stdout.isTTY) {
-    readline3.clearLine(process.stdout, 0);
-    readline3.cursorTo(process.stdout, 0);
+    readline4.clearLine(process.stdout, 0);
+    readline4.cursorTo(process.stdout, 0);
   }
   console.log(`${base}  ${status}`);
 }
 function renderPending(activity) {
   if (!process.stdout.isTTY) return;
-  process.stdout.write(`${formatBase(activity)}  ${chalk16.yellow("\u25CF \u2026")}\r`);
+  process.stdout.write(`${formatBase(activity)}  ${chalk17.yellow("\u25CF \u2026")}\r`);
 }
 async function ensureDaemon() {
   let pidPort = null;
@@ -6477,7 +6814,7 @@ async function ensureDaemon() {
       const { port } = JSON.parse(fs24.readFileSync(PID_FILE, "utf-8"));
       pidPort = port;
     } catch {
-      console.error(chalk16.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
+      console.error(chalk17.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
     }
   }
   const checkPort = pidPort ?? DAEMON_PORT;
@@ -6488,7 +6825,7 @@ async function ensureDaemon() {
     if (res.ok) return checkPort;
   } catch {
   }
-  console.log(chalk16.dim("\u{1F6E1}\uFE0F  Starting Node9 daemon..."));
+  console.log(chalk17.dim("\u{1F6E1}\uFE0F  Starting Node9 daemon..."));
   const child = spawn9(process.execPath, [process.argv[1], "daemon"], {
     detached: true,
     stdio: "ignore",
@@ -6505,14 +6842,15 @@ async function ensureDaemon() {
     } catch {
     }
   }
-  console.error(chalk16.red("\u274C Daemon failed to start. Try: node9 daemon start"));
+  console.error(chalk17.red("\u274C Daemon failed to start. Try: node9 daemon start"));
   process.exit(1);
 }
 function postDecisionHttp(id, decision, csrfToken, port, opts) {
   return new Promise((resolve, reject) => {
-    const bodyObj = { decision, source: "terminal" };
+    const bodyObj = { decision, source: opts?.source ?? "terminal" };
     if (opts?.persist) bodyObj.persist = true;
     if (opts?.trustDuration) bodyObj.trustDuration = opts.trustDuration;
+    if (opts?.reason) bodyObj.reason = opts.reason;
     const body = JSON.stringify(bodyObj);
     const req = http2.request(
       {
@@ -6537,33 +6875,61 @@ function postDecisionHttp(id, decision, csrfToken, port, opts) {
   });
 }
 function buildCardLines(req, localCount = 0) {
+  if (req.recoveryCommand) {
+    return buildRecoveryCardLines(req);
+  }
   const argsStr = JSON.stringify(req.args ?? {}).replace(/\s+/g, " ");
   const argsPreview = argsStr.length > 60 ? argsStr.slice(0, 60) + "\u2026" : argsStr;
   const tierLabel = req.riskMetadata?.tier != null ? req.riskMetadata.tier <= 2 ? `${YELLOW}\u26A0  Tier ${req.riskMetadata.tier}` : `${RED}\u{1F6D1} Tier ${req.riskMetadata.tier}` : `${YELLOW}\u26A0  Review`;
   const blockedBy = req.riskMetadata?.blockedByLabel ?? "Policy rule";
   const lines = [
     ``,
-    `${BOLD}${CYAN}\u2554\u2550\u2550 Node9 Approval Required \u2550\u2550\u2557${RESET}`,
-    `${CYAN}\u2551${RESET} Tool:    ${BOLD}${req.toolName}${RESET}`,
-    `${CYAN}\u2551${RESET} Reason:  ${tierLabel} \u2014 ${blockedBy}${RESET}`
+    `${BOLD2}${CYAN}\u2554\u2550\u2550 Node9 Approval Required \u2550\u2550\u2557${RESET2}`,
+    `${CYAN}\u2551${RESET2} Tool:    ${BOLD2}${req.toolName}${RESET2}`,
+    `${CYAN}\u2551${RESET2} Reason:  ${tierLabel} \u2014 ${blockedBy}${RESET2}`
   ];
   if (req.riskMetadata?.ruleName && blockedBy.includes("Taint")) {
-    lines.push(`${CYAN}\u2551${RESET} ${YELLOW}\u26A0  ${req.riskMetadata.ruleName}${RESET}`);
+    lines.push(`${CYAN}\u2551${RESET2} ${YELLOW}\u26A0  ${req.riskMetadata.ruleName}${RESET2}`);
   }
-  lines.push(`${CYAN}\u2551${RESET} Args:    ${GRAY}${argsPreview}${RESET}`);
+  lines.push(`${CYAN}\u2551${RESET2} Args:    ${GRAY}${argsPreview}${RESET2}`);
   if (localCount >= 2) {
     lines.push(
-      `${CYAN}\u2551${RESET} ${YELLOW}\u{1F4A1}${RESET} Approved ${localCount}\xD7 before \u2014 ${BOLD}[a]${RESET}${YELLOW} creates a permanent rule${RESET}`
+      `${CYAN}\u2551${RESET2} ${YELLOW}\u{1F4A1}${RESET2} Approved ${localCount}\xD7 before \u2014 ${BOLD2}[a]${RESET2}${YELLOW} creates a permanent rule${RESET2}`
     );
   }
   lines.push(
-    `${CYAN}\u255A${RESET}`,
+    `${CYAN}\u255A${RESET2}`,
     ``,
-    `  ${BOLD}${GREEN}[\u21B5/y]${RESET} Allow   ${BOLD}${RED}[n]${RESET} Deny   ${BOLD}${YELLOW}[a]${RESET} Always Allow   ${BOLD}${CYAN}[t]${RESET} Trust 30m`,
+    `  ${BOLD2}${GREEN}[\u21B5/y]${RESET2} Allow   ${BOLD2}${RED}[n]${RESET2} Deny   ${BOLD2}${YELLOW}[a]${RESET2} Always Allow   ${BOLD2}${CYAN}[t]${RESET2} Trust 30m`,
     ``
   );
   return lines;
 }
+function buildRecoveryCardLines(req) {
+  const argsObj = req.args;
+  const command = typeof argsObj?.command === "string" ? argsObj.command : JSON.stringify(req.args ?? {}).replace(/\s+/g, " ").slice(0, 60);
+  const ruleName = req.riskMetadata?.ruleName?.replace(/^Smart Rule:\s*/i, "") ?? "policy rule";
+  const recoveryCommand = req.recoveryCommand;
+  const interactiveLines = req.viewOnly ? [`  ${GRAY}\u2192 Awaiting decision from interactive terminal...${RESET2}`] : [
+    `  ${BOLD2}${GREEN}[1]${RESET2} Allow anyway  ${GRAY}(override policy)${RESET2}`,
+    `  ${BOLD2}${YELLOW}[2]${RESET2} Redirect AI: "Run '${recoveryCommand}' first, then retry"`,
+    `  ${BOLD2}${RED}[3]${RESET2} Deny & stop  ${GRAY}(hard block)${RESET2}`,
+    ``,
+    `  ${GRAY}[Timeout: auto-deny]${RESET2}`,
+    `  Select [1-3]: `
+  ];
+  return [
+    ``,
+    `${BOLD2}${CYAN}${DIVIDER}${RESET2}`,
+    `\u{1F6E1}\uFE0F  ${BOLD2}NODE9 STATE GUARD:${RESET2} '${BOLD2}${command}${RESET2}'`,
+    `${YELLOW}\u26A0\uFE0F  Rule: ${ruleName}${RESET2}`,
+    `${CYAN}${DIVIDER}${RESET2}`,
+    ...!req.viewOnly ? [`${BOLD2}What would you like to do?${RESET2}`, ``] : [],
+    ...interactiveLines,
+    `${CYAN}${DIVIDER}${RESET2}`,
+    ``
+  ];
+}
 async function startTail(options = {}) {
   const port = await ensureDaemon();
   if (options.clear) {
@@ -6590,7 +6956,7 @@ async function startTail(options = {}) {
       req2.end();
     });
     if (result.ok) {
-      console.log(chalk16.green("\u2713 Flight Recorder buffer cleared."));
+      console.log(chalk17.green("\u2713 Flight Recorder buffer cleared."));
     } else if (result.code === "ECONNREFUSED") {
       throw new Error("Daemon is not running. Start it with: node9 daemon start");
     } else if (result.code === "ETIMEDOUT") {
@@ -6609,10 +6975,10 @@ async function startTail(options = {}) {
   let cancelActiveCard = null;
   const localAllowCounts = /* @__PURE__ */ new Map();
   const canApprove = process.stdout.isTTY && process.stdin.isTTY;
-  if (canApprove) readline3.emitKeypressEvents(process.stdin);
+  if (canApprove) readline4.emitKeypressEvents(process.stdin);
   function clearCard() {
     if (cardLineCount > 0) {
-      readline3.moveCursor(process.stdout, 0, -cardLineCount);
+      readline4.moveCursor(process.stdout, 0, -cardLineCount);
       process.stdout.write(ERASE_DOWN);
       cardLineCount = 0;
     }
@@ -6662,14 +7028,14 @@ async function startTail(options = {}) {
           localAllowCounts.get(req2.toolName) ?? 0
         )
       );
-      const decisionStamp = action === "always-allow" ? chalk16.yellow("\u2605 ALWAYS ALLOW") : action === "trust" ? chalk16.cyan("\u23F1 TRUST 30m") : action === "allow" ? chalk16.green("\u2713 ALLOWED") : chalk16.red("\u2717 DENIED");
-      stampedLines.push(`  ${BOLD}\u2192${RESET} ${decisionStamp} ${GRAY}(terminal)${RESET}`, ``);
+      const decisionStamp = action === "always-allow" ? chalk17.yellow("\u2605 ALWAYS ALLOW") : action === "trust" ? chalk17.cyan("\u23F1 TRUST 30m") : action === "allow" ? chalk17.green("\u2713 ALLOWED") : action === "redirect" ? chalk17.yellow("\u21A9 REDIRECT AI") : chalk17.red("\u2717 DENIED");
+      stampedLines.push(`  ${BOLD2}\u2192${RESET2} ${decisionStamp} ${GRAY}(terminal)${RESET2}`, ``);
       for (const line of stampedLines) process.stdout.write(line + "\n");
       process.stdout.write(SHOW_CURSOR);
       cardLineCount = 0;
       if (action === "allow" || action === "always-allow" || action === "trust") {
         localAllowCounts.set(req2.toolName, (localAllowCounts.get(req2.toolName) ?? 0) + 1);
-      } else if (action === "deny") {
+      } else if (action === "deny" || action === "redirect") {
         localAllowCounts.delete(req2.toolName);
       }
       let httpDecision;
@@ -6680,13 +7046,18 @@ async function startTail(options = {}) {
       } else if (action === "trust") {
         httpDecision = "trust";
         httpOpts = { trustDuration: "30m" };
+      } else if (action === "redirect") {
+        httpDecision = "deny";
+        const recoveryCommand = req2.recoveryCommand ?? "the required pre-condition";
+        const redirectReason = `USER INTERVENTION: I am blocking this ${req2.toolName} because the required pre-condition has not been met. Please execute \`${recoveryCommand}\`. If it passes, you are then authorized to run \`${req2.toolName}\`.`;
+        httpOpts = { reason: redirectReason, source: "terminal-redirect" };
       } else {
         httpDecision = action;
       }
       postDecisionHttp(req2.id, httpDecision, csrfToken, port, httpOpts).catch((err) => {
         try {
           fs24.appendFileSync(
-            path26.join(os21.homedir(), ".node9", "hook-debug.log"),
+            path27.join(os20.homedir(), ".node9", "hook-debug.log"),
             `[tail] POST /decision failed: ${String(err)}
 `
           );
@@ -6708,8 +7079,8 @@ async function startTail(options = {}) {
       );
       const stampedLines = buildCardLines(req2, priorCount);
       if (externalDecision) {
-        const source = externalDecision === "allow" ? chalk16.green("\u2713 ALLOWED") : chalk16.red("\u2717 DENIED");
-        stampedLines.push(`  ${BOLD}\u2192${RESET} ${source} ${GRAY}(external)${RESET}`, ``);
+        const source = externalDecision === "allow" ? chalk17.green("\u2713 ALLOWED") : chalk17.red("\u2717 DENIED");
+        stampedLines.push(`  ${BOLD2}\u2192${RESET2} ${source} ${GRAY}(external)${RESET2}`, ``);
       }
       for (const line of stampedLines) process.stdout.write(line + "\n");
       process.stdout.write(SHOW_CURSOR);
@@ -6718,17 +7089,34 @@ async function startTail(options = {}) {
       cardActive = false;
       showNextCard();
     };
+    if (req2.viewOnly) {
+      process.stdin.resume();
+      onKeypress = () => {
+      };
+      process.stdin.on("keypress", onKeypress);
+      return;
+    }
     process.stdin.resume();
     onKeypress = (_str, key) => {
       const name = key?.name ?? "";
-      if (name === "y" || name === "return") {
-        settle("allow");
-      } else if (name === "n" || name === "d" || key?.ctrl && name === "c") {
-        settle("deny");
-      } else if (name === "a") {
-        settle("always-allow");
-      } else if (name === "t") {
-        settle("trust");
+      if (req2.recoveryCommand) {
+        if (name === "1") {
+          settle("allow");
+        } else if (name === "2") {
+          settle("redirect");
+        } else if (name === "3" || key?.ctrl && name === "c") {
+          settle("deny");
+        }
+      } else {
+        if (name === "y" || name === "return") {
+          settle("allow");
+        } else if (name === "n" || name === "d" || key?.ctrl && name === "c") {
+          settle("deny");
+        } else if (name === "a") {
+          settle("always-allow");
+        } else if (name === "t") {
+          settle("trust");
+        }
       }
     };
     process.stdin.on("keypress", onKeypress);
@@ -6750,41 +7138,41 @@ async function startTail(options = {}) {
     }
   } catch {
   }
-  console.log(chalk16.cyan.bold(`
-\u{1F6F0}\uFE0F  Node9 tail  `) + chalk16.dim(`\u2192 ${dashboardUrl}`));
+  console.log(chalk17.cyan.bold(`
+\u{1F6F0}\uFE0F  Node9 tail  `) + chalk17.dim(`\u2192 ${dashboardUrl}`));
   if (canApprove) {
     console.log(
-      chalk16.dim("Interactive approvals: [\u21B5/y] Allow  [n] Deny  [a] Always Allow  [t] Trust 30m")
+      chalk17.dim("Interactive approvals: [\u21B5/y] Allow  [n] Deny  [a] Always Allow  [t] Trust 30m")
     );
   }
   if (options.history) {
-    console.log(chalk16.dim("Showing history + live events. Press Ctrl+C to exit.\n"));
+    console.log(chalk17.dim("Showing history + live events. Press Ctrl+C to exit.\n"));
   } else {
     console.log(
-      chalk16.dim("Showing live events only. Use --history to include past. Press Ctrl+C to exit.\n")
+      chalk17.dim("Showing live events only. Use --history to include past. Press Ctrl+C to exit.\n")
     );
   }
   process.on("SIGINT", () => {
     clearCard();
     process.stdout.write(SHOW_CURSOR);
     if (process.stdout.isTTY) {
-      readline3.clearLine(process.stdout, 0);
-      readline3.cursorTo(process.stdout, 0);
+      readline4.clearLine(process.stdout, 0);
+      readline4.cursorTo(process.stdout, 0);
     }
-    console.log(chalk16.dim("\n\u{1F6F0}\uFE0F  Disconnected."));
+    console.log(chalk17.dim("\n\u{1F6F0}\uFE0F  Disconnected."));
     process.exit(0);
   });
   const sseUrl = `http://127.0.0.1:${port}/events?capabilities=input`;
   const req = http2.get(sseUrl, (res) => {
     if (res.statusCode !== 200) {
-      console.error(chalk16.red(`Failed to connect: HTTP ${res.statusCode}`));
+      console.error(chalk17.red(`Failed to connect: HTTP ${res.statusCode}`));
       process.exit(1);
     }
     let currentEvent = "";
     let currentData = "";
     res.on("error", () => {
     });
-    const rl = readline3.createInterface({ input: res, crlfDelay: Infinity });
+    const rl = readline4.createInterface({ input: res, crlfDelay: Infinity });
     rl.on("error", () => {
     });
     rl.on("line", (line) => {
@@ -6804,10 +7192,10 @@ async function startTail(options = {}) {
       clearCard();
       process.stdout.write(SHOW_CURSOR);
       if (process.stdout.isTTY) {
-        readline3.clearLine(process.stdout, 0);
-        readline3.cursorTo(process.stdout, 0);
+        readline4.clearLine(process.stdout, 0);
+        readline4.cursorTo(process.stdout, 0);
       }
-      console.log(chalk16.red("\n\u274C Daemon disconnected."));
+      console.log(chalk17.red("\n\u274C Daemon disconnected."));
       process.exit(1);
     });
   });
@@ -6893,19 +7281,19 @@ async function startTail(options = {}) {
   }
   req.on("error", (err) => {
     const msg = err.code === "ECONNREFUSED" ? "Daemon is not running. Start it with: node9 daemon start" : err.message;
-    console.error(chalk16.red(`
+    console.error(chalk17.red(`
 \u274C ${msg}`));
     process.exit(1);
   });
 }
-var PID_FILE, ICONS, RESET, BOLD, RED, YELLOW, CYAN, GRAY, GREEN, HIDE_CURSOR, SHOW_CURSOR, ERASE_DOWN;
+var PID_FILE, ICONS, RESET2, BOLD2, RED, YELLOW, CYAN, GRAY, GREEN, HIDE_CURSOR, SHOW_CURSOR, ERASE_DOWN, DIVIDER;
 var init_tail = __esm({
   "src/tui/tail.ts"() {
     "use strict";
     init_daemon2();
     init_daemon();
     init_core();
-    PID_FILE = path26.join(os21.homedir(), ".node9", "daemon.pid");
+    PID_FILE = path27.join(os20.homedir(), ".node9", "daemon.pid");
     ICONS = {
       bash: "\u{1F4BB}",
       shell: "\u{1F4BB}",
@@ -6923,8 +7311,8 @@ var init_tail = __esm({
       delete: "\u{1F5D1}\uFE0F",
       web: "\u{1F310}"
     };
-    RESET = "\x1B[0m";
-    BOLD = "\x1B[1m";
+    RESET2 = "\x1B[0m";
+    BOLD2 = "\x1B[1m";
     RED = "\x1B[31m";
     YELLOW = "\x1B[33m";
     CYAN = "\x1B[36m";
@@ -6933,6 +7321,326 @@ var init_tail = __esm({
     HIDE_CURSOR = "\x1B[?25l";
     SHOW_CURSOR = "\x1B[?25h";
     ERASE_DOWN = "\x1B[J";
+    DIVIDER = "\u2500".repeat(60);
+  }
+});
+
+// src/cli/hud.ts
+var hud_exports = {};
+__export(hud_exports, {
+  countConfigs: () => countConfigs,
+  main: () => main,
+  renderEnvironmentLine: () => renderEnvironmentLine
+});
+import fs25 from "fs";
+import path28 from "path";
+import os21 from "os";
+import http3 from "http";
+async function readStdin() {
+  const chunks = [];
+  for await (const chunk of process.stdin) {
+    chunks.push(chunk);
+  }
+  const raw = Buffer.concat(chunks).toString("utf-8").trim();
+  if (!raw) return {};
+  try {
+    return JSON.parse(raw);
+  } catch {
+    return {};
+  }
+}
+function queryDaemon() {
+  return new Promise((resolve) => {
+    const timeout = setTimeout(() => resolve(null), 50);
+    try {
+      const req = http3.get(
+        `http://${DAEMON_HOST}:${DAEMON_PORT}/status`,
+        { timeout: 50 },
+        (res) => {
+          const chunks = [];
+          res.on("data", (c) => chunks.push(c));
+          res.on("end", () => {
+            clearTimeout(timeout);
+            try {
+              resolve(JSON.parse(Buffer.concat(chunks).toString()));
+            } catch {
+              resolve(null);
+            }
+          });
+        }
+      );
+      req.on("error", () => {
+        clearTimeout(timeout);
+        resolve(null);
+      });
+      req.on("timeout", () => {
+        clearTimeout(timeout);
+        req.destroy();
+        resolve(null);
+      });
+    } catch {
+      clearTimeout(timeout);
+      resolve(null);
+    }
+  });
+}
+function dim(s) {
+  return `${DIM}${s}${RESET3}`;
+}
+function bold(s) {
+  return `${BOLD3}${s}${RESET3}`;
+}
+function color(c, s) {
+  return `${c}${s}${RESET3}`;
+}
+function progressBar(pct, warnAt = 70, critAt = 85) {
+  const filled = Math.round(Math.min(pct, 100) / 100 * BAR_WIDTH);
+  const bar = BAR_FILLED.repeat(filled) + BAR_EMPTY.repeat(BAR_WIDTH - filled);
+  const c = pct >= critAt ? RED2 : pct >= warnAt ? YELLOW2 : GREEN2;
+  return `${c}${bar}${RESET3}`;
+}
+function formatTimeLeft(resetsAt) {
+  if (!resetsAt) return "";
+  const ms = new Date(resetsAt).getTime() - Date.now();
+  if (ms <= 0) return "";
+  const totalMin = Math.ceil(ms / 6e4);
+  const h = Math.floor(totalMin / 60);
+  const m = totalMin % 60;
+  if (h > 0) return ` (${h}h ${m}m left)`;
+  return ` (${m}m left)`;
+}
+function safeReadJson(filePath) {
+  if (!fs25.existsSync(filePath)) return null;
+  try {
+    return JSON.parse(fs25.readFileSync(filePath, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+function getMcpServerNames(filePath) {
+  const cfg = safeReadJson(filePath);
+  if (!cfg || typeof cfg.mcpServers !== "object" || cfg.mcpServers === null) return /* @__PURE__ */ new Set();
+  return new Set(Object.keys(cfg.mcpServers));
+}
+function getDisabledMcpServers(filePath, key) {
+  const cfg = safeReadJson(filePath);
+  if (!cfg || !Array.isArray(cfg[key])) return /* @__PURE__ */ new Set();
+  return new Set(cfg[key].filter((s) => typeof s === "string"));
+}
+function countHooksInFile(filePath) {
+  const cfg = safeReadJson(filePath);
+  if (!cfg || typeof cfg.hooks !== "object" || cfg.hooks === null) return 0;
+  return Object.keys(cfg.hooks).length;
+}
+function countRulesInDir(rulesDir) {
+  if (!fs25.existsSync(rulesDir)) return 0;
+  let count = 0;
+  try {
+    for (const entry of fs25.readdirSync(rulesDir, { withFileTypes: true })) {
+      if (entry.isDirectory()) {
+        count += countRulesInDir(path28.join(rulesDir, entry.name));
+      } else if (entry.isFile() && entry.name.endsWith(".md")) {
+        count++;
+      }
+    }
+  } catch {
+  }
+  return count;
+}
+function isSamePath(a, b) {
+  try {
+    return path28.resolve(a) === path28.resolve(b);
+  } catch {
+    return false;
+  }
+}
+function countConfigs(cwd) {
+  const homeDir2 = os21.homedir();
+  const claudeDir = path28.join(homeDir2, ".claude");
+  let claudeMdCount = 0;
+  let rulesCount = 0;
+  let hooksCount = 0;
+  const userMcpServers = /* @__PURE__ */ new Set();
+  const projectMcpServers = /* @__PURE__ */ new Set();
+  if (fs25.existsSync(path28.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
+  rulesCount += countRulesInDir(path28.join(claudeDir, "rules"));
+  const userSettings = path28.join(claudeDir, "settings.json");
+  for (const name of getMcpServerNames(userSettings)) userMcpServers.add(name);
+  hooksCount += countHooksInFile(userSettings);
+  const userClaudeJson = path28.join(homeDir2, ".claude.json");
+  for (const name of getMcpServerNames(userClaudeJson)) userMcpServers.add(name);
+  for (const name of getDisabledMcpServers(userClaudeJson, "disabledMcpServers")) {
+    userMcpServers.delete(name);
+  }
+  if (cwd) {
+    if (fs25.existsSync(path28.join(cwd, "CLAUDE.md"))) claudeMdCount++;
+    if (fs25.existsSync(path28.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
+    const projectClaudeDir = path28.join(cwd, ".claude");
+    const overlapsUserScope = isSamePath(projectClaudeDir, claudeDir);
+    if (!overlapsUserScope) {
+      if (fs25.existsSync(path28.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
+      rulesCount += countRulesInDir(path28.join(projectClaudeDir, "rules"));
+      const projSettings = path28.join(projectClaudeDir, "settings.json");
+      for (const name of getMcpServerNames(projSettings)) projectMcpServers.add(name);
+      hooksCount += countHooksInFile(projSettings);
+    }
+    if (fs25.existsSync(path28.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
+    const localSettings = path28.join(projectClaudeDir, "settings.local.json");
+    for (const name of getMcpServerNames(localSettings)) projectMcpServers.add(name);
+    hooksCount += countHooksInFile(localSettings);
+    const mcpJsonServers = getMcpServerNames(path28.join(cwd, ".mcp.json"));
+    const disabledMcpJson = getDisabledMcpServers(localSettings, "disabledMcpjsonServers");
+    for (const name of disabledMcpJson) mcpJsonServers.delete(name);
+    for (const name of mcpJsonServers) projectMcpServers.add(name);
+  }
+  return {
+    claudeMdCount,
+    rulesCount,
+    mcpCount: userMcpServers.size + projectMcpServers.size,
+    hooksCount
+  };
+}
+function renderEnvironmentLine(counts) {
+  const { claudeMdCount, rulesCount, mcpCount, hooksCount } = counts;
+  if (claudeMdCount === 0 && rulesCount === 0 && mcpCount === 0 && hooksCount === 0) return null;
+  const parts = [
+    `${claudeMdCount} CLAUDE.md`,
+    `${rulesCount} rules`,
+    `${mcpCount} MCPs`,
+    `${hooksCount} hooks`
+  ];
+  return color(DIM, parts.join(` ${dim("|")} `));
+}
+function renderOffline() {
+  process.stdout.write(`${color(BLUE, "\u{1F6E1}")} ${bold("node9")} ${dim("|")} ${dim("offline")}
+`);
+}
+function renderSecurityLine(status) {
+  const parts = [];
+  parts.push(`${color(BLUE, "\u{1F6E1}")} ${bold("node9")}`);
+  const modeColors = {
+    standard: GREEN2,
+    strict: RED2,
+    observe: MAGENTA,
+    audit: YELLOW2
+  };
+  const modeIcon = {
+    standard: "",
+    strict: "",
+    observe: "\u{1F441} ",
+    audit: ""
+  };
+  const mc = modeColors[status.mode] ?? WHITE;
+  parts.push(`${dim("|")} ${color(mc, modeIcon[status.mode] ?? "")}${color(mc, status.mode)}`);
+  if (status.mode === "observe") {
+    parts.push(`${dim("|")} ${color(GREEN2, `\u2705 ${status.session.allowed} passed`)}`);
+    if (status.session.wouldBlock > 0) {
+      parts.push(color(YELLOW2, `\u26A0 ${status.session.wouldBlock} would-block`));
+    }
+  } else {
+    parts.push(`${dim("|")} ${color(GREEN2, `\u2705 ${status.session.allowed} allowed`)}`);
+    if (status.session.blocked > 0) {
+      parts.push(color(RED2, `\u{1F6D1} ${status.session.blocked} blocked`));
+    }
+    if (status.session.dlpHits > 0) {
+      parts.push(color(RED2, `\u{1F6A8} ${status.session.dlpHits} dlp`));
+    }
+  }
+  if (status.taintedCount > 0) {
+    parts.push(color(YELLOW2, `\u{1F4A7} ${status.taintedCount} tainted`));
+  }
+  if (status.lastRuleHit) {
+    const ruleName = status.lastRuleHit.replace(/^Smart Rule:\s*/i, "");
+    parts.push(color(CYAN2, `\u26A1 ${ruleName}`));
+  }
+  return parts.join("  ");
+}
+function renderContextLine(stdin) {
+  const cw = stdin.context_window;
+  if (!cw) return null;
+  const parts = [];
+  const modelName = typeof stdin.model === "string" ? stdin.model : stdin.model?.display_name ?? "";
+  if (modelName) {
+    parts.push(color(CYAN2, modelName));
+  }
+  const usedPct = cw.used_percentage ?? (cw.current_usage && cw.context_window_size ? Math.round(
+    ((cw.current_usage.input_tokens ?? 0) + (cw.current_usage.output_tokens ?? 0)) / cw.context_window_size * 100
+  ) : null);
+  if (usedPct !== null) {
+    const bar = progressBar(usedPct);
+    parts.push(`${dim("\u2502")} ctx ${bar} ${usedPct}%`);
+  }
+  const rl = stdin.rate_limits;
+  if (rl?.five_hour?.used_percentage !== void 0) {
+    const pct = Math.round(rl.five_hour.used_percentage);
+    const bar = progressBar(pct, 60, 80);
+    const left = formatTimeLeft(rl.five_hour.resets_at);
+    parts.push(`${dim("\u2502")} 5h ${bar} ${pct}%${left}`);
+  }
+  if (rl?.seven_day?.used_percentage !== void 0) {
+    const pct = Math.round(rl.seven_day.used_percentage);
+    const bar = progressBar(pct, 60, 80);
+    parts.push(`${dim("\u2502")} 7d ${bar} ${pct}%`);
+  }
+  if (parts.length === 0) return null;
+  return parts.join("  ");
+}
+async function main() {
+  try {
+    const [stdin, daemonStatus2] = await Promise.all([readStdin(), queryDaemon()]);
+    if (!daemonStatus2) {
+      renderOffline();
+      return;
+    }
+    process.stdout.write(renderSecurityLine(daemonStatus2) + "\n");
+    const ctxLine = renderContextLine(stdin);
+    if (ctxLine) {
+      process.stdout.write(ctxLine + "\n");
+    }
+    const showEnvCounts = (() => {
+      try {
+        const cwd = stdin.cwd ?? process.cwd();
+        for (const configPath of [
+          path28.join(cwd, "node9.config.json"),
+          path28.join(os21.homedir(), ".node9", "config.json")
+        ]) {
+          if (!fs25.existsSync(configPath)) continue;
+          const cfg = JSON.parse(fs25.readFileSync(configPath, "utf-8"));
+          const hud = cfg.settings?.hud;
+          if (hud && "showEnvironmentCounts" in hud) return hud.showEnvironmentCounts !== false;
+        }
+      } catch {
+      }
+      return true;
+    })();
+    if (showEnvCounts) {
+      const envLine = renderEnvironmentLine(countConfigs(stdin.cwd));
+      if (envLine) {
+        process.stdout.write(envLine + "\n");
+      }
+    }
+  } catch {
+    renderOffline();
+  }
+}
+var RESET3, BOLD3, DIM, RED2, GREEN2, YELLOW2, BLUE, MAGENTA, CYAN2, WHITE, BAR_FILLED, BAR_EMPTY, BAR_WIDTH;
+var init_hud = __esm({
+  "src/cli/hud.ts"() {
+    "use strict";
+    init_daemon();
+    RESET3 = "\x1B[0m";
+    BOLD3 = "\x1B[1m";
+    DIM = "\x1B[2m";
+    RED2 = "\x1B[31m";
+    GREEN2 = "\x1B[32m";
+    YELLOW2 = "\x1B[33m";
+    BLUE = "\x1B[34m";
+    MAGENTA = "\x1B[35m";
+    CYAN2 = "\x1B[36m";
+    WHITE = "\x1B[37m";
+    BAR_FILLED = "\u2588";
+    BAR_EMPTY = "\u2591";
+    BAR_WIDTH = 10;
   }
 });
 
@@ -6943,7 +7651,7 @@ import { Command } from "commander";
 // src/setup.ts
 import fs11 from "fs";
 import path14 from "path";
-import os11 from "os";
+import os10 from "os";
 import chalk from "chalk";
 import { confirm } from "@inquirer/prompts";
 function printDaemonTip() {
@@ -6977,7 +7685,7 @@ function isNode9Hook(cmd) {
   return /(?:^|[\s/\\])node9 (?:check|log)/.test(cmd) || /(?:^|[\s/\\])cli\.js (?:check|log)/.test(cmd);
 }
 function teardownClaude() {
-  const homeDir2 = os11.homedir();
+  const homeDir2 = os10.homedir();
   const hooksPath = path14.join(homeDir2, ".claude", "settings.json");
   const mcpPath = path14.join(homeDir2, ".claude.json");
   let changed = false;
@@ -7027,7 +7735,7 @@ function teardownClaude() {
   }
 }
 function teardownGemini() {
-  const homeDir2 = os11.homedir();
+  const homeDir2 = os10.homedir();
   const settingsPath = path14.join(homeDir2, ".gemini", "settings.json");
   const settings = readJson(settingsPath);
   if (!settings) {
@@ -7066,7 +7774,7 @@ function teardownGemini() {
   }
 }
 function teardownCursor() {
-  const homeDir2 = os11.homedir();
+  const homeDir2 = os10.homedir();
   const mcpPath = path14.join(homeDir2, ".cursor", "mcp.json");
   const mcpConfig = readJson(mcpPath);
   if (!mcpConfig?.mcpServers) {
@@ -7093,7 +7801,7 @@ function teardownCursor() {
   }
 }
 async function setupClaude() {
-  const homeDir2 = os11.homedir();
+  const homeDir2 = os10.homedir();
   const mcpPath = path14.join(homeDir2, ".claude.json");
   const hooksPath = path14.join(homeDir2, ".claude", "settings.json");
   const claudeConfig = readJson(mcpPath) ?? {};
@@ -7169,7 +7877,7 @@ async function setupClaude() {
   }
 }
 async function setupGemini() {
-  const homeDir2 = os11.homedir();
+  const homeDir2 = os10.homedir();
   const settingsPath = path14.join(homeDir2, ".gemini", "settings.json");
   const settings = readJson(settingsPath) ?? {};
   const servers = settings.mcpServers ?? {};
@@ -7251,7 +7959,7 @@ async function setupGemini() {
     printDaemonTip();
   }
 }
-function detectAgents(homeDir2 = os11.homedir()) {
+function detectAgents(homeDir2 = os10.homedir()) {
   const exists = (p) => {
     try {
       return fs11.existsSync(p);
@@ -7271,7 +7979,7 @@ function detectAgents(homeDir2 = os11.homedir()) {
   };
 }
 async function setupCursor() {
-  const homeDir2 = os11.homedir();
+  const homeDir2 = os10.homedir();
   const mcpPath = path14.join(homeDir2, ".cursor", "mcp.json");
   const mcpConfig = readJson(mcpPath) ?? {};
   const servers = mcpConfig.mcpServers ?? {};
@@ -7325,14 +8033,60 @@ async function setupCursor() {
     printDaemonTip();
   }
 }
+function setupHud() {
+  const homeDir2 = os10.homedir();
+  const hooksPath = path14.join(homeDir2, ".claude", "settings.json");
+  const settings = readJson(hooksPath) ?? {};
+  const hudCommand = fullPathCommand("hud");
+  const statusLineObj = { type: "command", command: hudCommand };
+  const existing = settings.statusLine;
+  const existingCommand = typeof existing === "object" ? existing?.command : existing;
+  if (existingCommand === hudCommand) {
+    console.log(chalk.blue("\u2139\uFE0F  node9 HUD is already configured in ~/.claude/settings.json"));
+    console.log(chalk.gray("   Restart Claude Code to activate."));
+    return;
+  }
+  if (existing && existingCommand !== hudCommand) {
+    console.log(
+      chalk.yellow(
+        `  \u26A0\uFE0F  statusLine is already set to: "${existingCommand}"
+     Overwriting with node9 HUD.`
+      )
+    );
+  }
+  settings.statusLine = statusLineObj;
+  writeJson(hooksPath, settings);
+  console.log(chalk.green.bold("\u2705 node9 HUD added to Claude Code statusline"));
+  console.log(chalk.gray("   Settings: ~/.claude/settings.json"));
+  console.log(chalk.gray("   Restart Claude Code to activate."));
+}
+function teardownHud() {
+  const homeDir2 = os10.homedir();
+  const hooksPath = path14.join(homeDir2, ".claude", "settings.json");
+  const settings = readJson(hooksPath);
+  if (!settings) {
+    console.log(chalk.blue("  \u2139\uFE0F  ~/.claude/settings.json not found \u2014 nothing to remove"));
+    return;
+  }
+  const existing = settings.statusLine;
+  const existingCommand = typeof existing === "object" ? existing?.command : existing;
+  if (!existingCommand || !String(existingCommand).includes("node9")) {
+    console.log(chalk.blue("  \u2139\uFE0F  node9 HUD not found in ~/.claude/settings.json"));
+    return;
+  }
+  delete settings.statusLine;
+  writeJson(hooksPath, settings);
+  console.log(chalk.green("  \u2705 node9 HUD removed from ~/.claude/settings.json"));
+  console.log(chalk.gray("   Restart Claude Code for changes to take effect."));
+}
 
 // src/cli.ts
 init_daemon2();
-import chalk17 from "chalk";
-import fs25 from "fs";
-import path27 from "path";
+import chalk18 from "chalk";
+import fs26 from "fs";
+import path29 from "path";
 import os22 from "os";
-import { confirm as confirm3 } from "@inquirer/prompts";
+import { confirm as confirm2 } from "@inquirer/prompts";
 
 // src/utils/duration.ts
 function parseDuration(str) {
@@ -7362,7 +8116,7 @@ import { execa } from "execa";
 import { parseCommandString } from "execa";
 
 // src/policy/negotiation.ts
-function buildNegotiationMessage(blockedByLabel, isHumanDecision, humanReason) {
+function buildNegotiationMessage(blockedByLabel, isHumanDecision, humanReason, recoveryCommand) {
   if (isHumanDecision) {
     return `NODE9: The human user rejected this action.
 REASON: ${humanReason || "No specific reason provided."}
@@ -7418,10 +8172,11 @@ INSTRUCTION: Inform the user this action is pending approval. Wait for them to a
 INSTRUCTION: Do NOT use "${rule}". Find a read-only or non-destructive alternative.
 Do NOT attempt to bypass this rule.`;
   }
+  const recovery = recoveryCommand ? `
+REQUIRED ACTION: Run \`${recoveryCommand}\` first, then retry your original command.` : "\n- Pivot to a non-destructive or read-only alternative.";
   return `NODE9: Action blocked by security policy [${blockedByLabel}].
 INSTRUCTIONS:
-- Do NOT retry this exact command or attempt to bypass the rule.
-- Pivot to a non-destructive or read-only alternative.
+- Do NOT retry this exact command or attempt to bypass the rule.${recovery}
 - Inform the user which security rule was triggered and ask how to proceed.`;
 }
 
@@ -7522,6 +8277,7 @@ function openBrowserLocal() {
   }
 }
 async function autoStartDaemonAndWait() {
+  if (process.env.NODE9_TESTING === "1") return false;
   try {
     const child = spawn4(process.execPath, [process.argv[1], "daemon"], {
       detached: true,
@@ -7558,16 +8314,16 @@ init_policy();
 import chalk5 from "chalk";
 import fs18 from "fs";
 import path20 from "path";
-import os15 from "os";
+import os14 from "os";
 
 // src/undo.ts
 import { spawnSync as spawnSync4, spawn as spawn5 } from "child_process";
 import crypto2 from "crypto";
 import fs17 from "fs";
 import path19 from "path";
-import os14 from "os";
-var SNAPSHOT_STACK_PATH = path19.join(os14.homedir(), ".node9", "snapshots.json");
-var UNDO_LATEST_PATH = path19.join(os14.homedir(), ".node9", "undo_latest.txt");
+import os13 from "os";
+var SNAPSHOT_STACK_PATH = path19.join(os13.homedir(), ".node9", "snapshots.json");
+var UNDO_LATEST_PATH = path19.join(os13.homedir(), ".node9", "undo_latest.txt");
 var MAX_SNAPSHOTS = 10;
 var GIT_TIMEOUT = 15e3;
 function readStack() {
@@ -7583,16 +8339,33 @@ function writeStack(stack) {
   if (!fs17.existsSync(dir)) fs17.mkdirSync(dir, { recursive: true });
   fs17.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
 }
+function extractFilePath(args) {
+  if (!args || typeof args !== "object") return null;
+  const a = args;
+  const fp = a.file_path ?? a.path ?? a.filename;
+  return typeof fp === "string" ? fp : null;
+}
 function buildArgsSummary(tool, args) {
+  const filePath = extractFilePath(args);
+  if (filePath) return filePath;
   if (!args || typeof args !== "object") return "";
   const a = args;
-  const filePath = a.file_path ?? a.path ?? a.filename;
-  if (typeof filePath === "string") return filePath;
   const cmd = a.command ?? a.cmd;
   if (typeof cmd === "string") return cmd.slice(0, 80);
   const sql = a.sql ?? a.query;
   if (typeof sql === "string") return sql.slice(0, 80);
-  return tool;
+  return "";
+}
+function findProjectRoot(filePath) {
+  let dir = path19.dirname(filePath);
+  while (true) {
+    if (fs17.existsSync(path19.join(dir, ".git")) || fs17.existsSync(path19.join(dir, "package.json"))) {
+      return dir;
+    }
+    const parent = path19.dirname(dir);
+    if (parent === dir) return process.cwd();
+    dir = parent;
+  }
 }
 function normalizeCwdForHash(cwd) {
   let normalized;
@@ -7607,7 +8380,7 @@ function normalizeCwdForHash(cwd) {
 }
 function getShadowRepoDir(cwd) {
   const hash = crypto2.createHash("sha256").update(normalizeCwdForHash(cwd)).digest("hex").slice(0, 16);
-  return path19.join(os14.homedir(), ".node9", "snapshots", hash);
+  return path19.join(os13.homedir(), ".node9", "snapshots", hash);
 }
 function cleanOrphanedIndexFiles(shadowDir) {
   try {
@@ -7663,9 +8436,9 @@ function ensureShadowRepo(shadowDir, cwd) {
   } catch {
   }
   const init = spawnSync4("git", ["init", "--bare", shadowDir], { timeout: 5e3 });
-  if (init.status !== 0) {
-    if (process.env.NODE9_DEBUG === "1")
-      console.error("[Node9] git init --bare failed:", init.stderr?.toString());
+  if (init.status !== 0 || init.error) {
+    const reason = init.error ? init.error.message : init.stderr?.toString();
+    if (process.env.NODE9_DEBUG === "1") console.error("[Node9] git init --bare failed:", reason);
     return false;
   }
   const configFile = path19.join(shadowDir, "config");
@@ -7695,7 +8468,9 @@ function buildGitEnv(cwd) {
 async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = []) {
   let indexFile = null;
   try {
-    const cwd = process.cwd();
+    const rawFilePath = extractFilePath(args);
+    const absFilePath = rawFilePath && path19.isAbsolute(rawFilePath) ? rawFilePath : null;
+    const cwd = absFilePath ? findProjectRoot(absFilePath) : process.cwd();
     const shadowDir = getShadowRepoDir(cwd);
     if (!ensureShadowRepo(shadowDir, cwd)) return null;
     writeShadowExcludes(shadowDir, ignorePaths);
@@ -7718,15 +8493,53 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
     const commitHash = commitRes.stdout?.toString().trim();
     if (!commitHash || commitRes.status !== 0) return null;
     const stack = readStack();
+    const prevEntry = [...stack].reverse().find((e) => e.cwd === cwd);
+    let capturedFiles = [];
+    let capturedDiff = null;
+    if (prevEntry) {
+      const filesRes = spawnSync4("git", ["diff", "--name-only", prevEntry.hash, commitHash], {
+        env: shadowEnv,
+        timeout: GIT_TIMEOUT
+      });
+      if (filesRes.status === 0) {
+        capturedFiles = filesRes.stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
+      }
+      const diffRes = spawnSync4("git", ["diff", prevEntry.hash, commitHash], {
+        env: shadowEnv,
+        timeout: GIT_TIMEOUT
+      });
+      if (diffRes.status === 0) {
+        capturedDiff = diffRes.stdout?.toString() || null;
+      }
+    } else {
+      const filesRes = spawnSync4("git", ["ls-tree", "-r", "--name-only", commitHash], {
+        env: shadowEnv,
+        timeout: GIT_TIMEOUT
+      });
+      if (filesRes.status === 0) {
+        capturedFiles = filesRes.stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
+      }
+      capturedDiff = null;
+    }
     stack.push({
       hash: commitHash,
       tool,
       argsSummary: buildArgsSummary(tool, args),
+      files: capturedFiles,
+      diff: capturedDiff,
       cwd,
       timestamp: Date.now()
     });
     const shouldGc = stack.length % 5 === 0;
-    if (stack.length > MAX_SNAPSHOTS) stack.splice(0, stack.length - MAX_SNAPSHOTS);
+    let cwdCount = 0;
+    let oldestCwdIdx = -1;
+    for (let i = 0; i < stack.length; i++) {
+      if (stack[i].cwd === cwd) {
+        if (oldestCwdIdx === -1) oldestCwdIdx = i;
+        cwdCount++;
+      }
+    }
+    if (cwdCount > MAX_SNAPSHOTS) stack.splice(oldestCwdIdx, 1);
     writeStack(stack);
     fs17.writeFileSync(UNDO_LATEST_PATH, commitHash);
     if (shouldGc) {
@@ -7782,14 +8595,21 @@ function applyUndo(hash, cwd) {
       env,
       timeout: GIT_TIMEOUT
     });
-    if (restore.status !== 0) return false;
+    if (restore.status !== 0 || restore.error) {
+      if (process.env.NODE9_DEBUG === "1") {
+        const msg = restore.error ? restore.error.message : restore.stderr?.toString();
+        console.error("[Node9] git restore failed:", msg);
+      }
+      return false;
+    }
     const lsTree = spawnSync4("git", ["ls-tree", "-r", "--name-only", hash], {
       cwd: dir,
       env,
       timeout: GIT_TIMEOUT
     });
     if (lsTree.status !== 0) {
-      process.stderr.write(`[Node9] applyUndo: git ls-tree failed for hash ${hash}
+      const errorMsg = lsTree.stderr?.toString() || "Unknown git error";
+      process.stderr.write(`[Node9] applyUndo: git ls-tree failed for hash ${hash}: ${errorMsg}
 `);
       return false;
     }
@@ -7834,7 +8654,7 @@ function registerCheckCommand(program2) {
         } catch (err) {
           const tempConfig = getConfig();
           if (process.env.NODE9_DEBUG === "1" || tempConfig.settings.enableHookLogDebug) {
-            const logPath = path20.join(os15.homedir(), ".node9", "hook-debug.log");
+            const logPath = path20.join(os14.homedir(), ".node9", "hook-debug.log");
             const errMsg = err instanceof Error ? err.message : String(err);
             fs18.appendFileSync(
               logPath,
@@ -7847,7 +8667,7 @@ RAW: ${raw}
         }
         const config = getConfig(payload.cwd || void 0);
         if (process.env.NODE9_DEBUG === "1" || config.settings.enableHookLogDebug) {
-          const logPath = path20.join(os15.homedir(), ".node9", "hook-debug.log");
+          const logPath = path20.join(os14.homedir(), ".node9", "hook-debug.log");
           if (!fs18.existsSync(path20.dirname(logPath)))
             fs18.mkdirSync(path20.dirname(logPath), { recursive: true });
           fs18.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
@@ -7875,6 +8695,8 @@ RAW: ${raw}
             }
             writeTty(chalk5.gray(`   Triggered by: ${blockedByContext}`));
             if (result2?.changeHint) writeTty(chalk5.cyan(`   To change:  ${result2.changeHint}`));
+            if (result2?.recoveryCommand)
+              writeTty(chalk5.green(`   \u{1F4A1} Run:      ${result2.recoveryCommand}`));
             writeTty("");
           } catch {
           } finally {
@@ -7887,7 +8709,8 @@ RAW: ${raw}
           const aiFeedbackMessage = buildNegotiationMessage(
             blockedByContext,
             isHumanDecision,
-            msg
+            msg,
+            result2?.recoveryCommand
           );
           process.stdout.write(
             JSON.stringify({
@@ -7955,7 +8778,7 @@ RAW: ${raw}
         });
       } catch (err) {
         if (process.env.NODE9_DEBUG === "1") {
-          const logPath = path20.join(os15.homedir(), ".node9", "hook-debug.log");
+          const logPath = path20.join(os14.homedir(), ".node9", "hook-debug.log");
           const errMsg = err instanceof Error ? err.message : String(err);
           fs18.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
 `);
@@ -7996,7 +8819,7 @@ init_config();
 init_policy();
 import fs19 from "fs";
 import path21 from "path";
-import os16 from "os";
+import os15 from "os";
 init_daemon();
 
 // src/utils/cp-mv-parser.ts
@@ -8037,6 +8860,20 @@ function containsShellMetachar(token) {
 }
 
 // src/cli/commands/log.ts
+var TEST_COMMAND_RE = /(?:^|\s)(npm\s+(?:run\s+)?test|npx\s+(?:vitest|jest|mocha)|yarn\s+(?:run\s+)?test|pnpm\s+(?:run\s+)?test|vitest|jest|mocha|pytest|py\.test|cargo\s+test|go\s+test|bundle\s+exec\s+rspec|rspec|phpunit|dotnet\s+test)\b/i;
+function detectTestResult(command, output) {
+  if (!TEST_COMMAND_RE.test(command)) return null;
+  const out = output.toLowerCase();
+  if (/\b(tests?\s+passed|all\s+tests?\s+passed|passing|test\s+suites?.*passed|ok\b|\d+\s+passed)/i.test(
+    out
+  ) && !/\b(fail|error|failed)\b/.test(out)) {
+    return "pass";
+  }
+  if (/\b(tests?\s+failed|failing|failed|error|assertion\s+error|\d+\s+failed)\b/i.test(out)) {
+    return "fail";
+  }
+  return null;
+}
 function sanitize3(value) {
   return value.replace(/[\x00-\x1F\x7F]/g, "");
 }
@@ -8055,7 +8892,7 @@ function registerLogCommand(program2) {
           decision: "allowed",
           source: "post-hook"
         };
-        const logPath = path21.join(os16.homedir(), ".node9", "audit.log");
+        const logPath = path21.join(os15.homedir(), ".node9", "audit.log");
         if (!fs19.existsSync(path21.dirname(logPath)))
           fs19.mkdirSync(path21.dirname(logPath), { recursive: true });
         fs19.appendFileSync(logPath, JSON.stringify(entry) + "\n");
@@ -8068,6 +8905,21 @@ function registerLogCommand(program2) {
             }
           }
         }
+        if ((tool === "Bash" || tool === "bash") && isDaemonRunning()) {
+          const bashCommand = typeof rawInput === "object" && rawInput !== null && "command" in rawInput && typeof rawInput.command === "string" ? rawInput.command : null;
+          const output = payload.tool_response?.output ?? "";
+          if (bashCommand && output) {
+            const testResult = detectTestResult(bashCommand, output);
+            if (testResult) {
+              await notifyActivitySocket({
+                id: "test-result",
+                ts: Date.now(),
+                tool,
+                status: testResult === "pass" ? "test_pass" : "test_fail"
+              });
+            }
+          }
+        }
         const safeCwd = typeof payload.cwd === "string" && path21.isAbsolute(payload.cwd) ? payload.cwd : void 0;
         const config = getConfig(safeCwd);
         if (shouldSnapshot(tool, {}, config)) {
@@ -8077,7 +8929,7 @@ function registerLogCommand(program2) {
         const msg = err instanceof Error ? err.message : String(err);
         process.stderr.write(`[Node9] audit log error: ${msg}
 `);
-        const debugPath = path21.join(os16.homedir(), ".node9", "hook-debug.log");
+        const debugPath = path21.join(os15.homedir(), ".node9", "hook-debug.log");
         try {
           fs19.appendFileSync(debugPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] LOG_ERROR: ${msg}
 `);
@@ -8386,11 +9238,11 @@ init_daemon();
 import chalk7 from "chalk";
 import fs20 from "fs";
 import path22 from "path";
-import os17 from "os";
+import os16 from "os";
 import { execSync as execSync2 } from "child_process";
 function registerDoctorCommand(program2, version2) {
   program2.command("doctor").description("Check that Node9 is installed and configured correctly").action(() => {
-    const homeDir2 = os17.homedir();
+    const homeDir2 = os16.homedir();
     let failures = 0;
     function pass(msg) {
       console.log(chalk7.green("  \u2705 ") + msg);
@@ -8553,7 +9405,7 @@ function registerDoctorCommand(program2, version2) {
 import chalk8 from "chalk";
 import fs21 from "fs";
 import path23 from "path";
-import os18 from "os";
+import os17 from "os";
 function formatRelativeTime(timestamp) {
   const diff = Date.now() - new Date(timestamp).getTime();
   const sec = Math.floor(diff / 1e3);
@@ -8566,7 +9418,7 @@ function formatRelativeTime(timestamp) {
 }
 function registerAuditCommand(program2) {
   program2.command("audit").description("View local execution audit log").option("--tail <n>", "Number of entries to show", "20").option("--tool <pattern>", "Filter by tool name (substring match)").option("--deny", "Show only denied actions").option("--json", "Output raw JSON").action((options) => {
-    const logPath = path23.join(os18.homedir(), ".node9", "audit.log");
+    const logPath = path23.join(os17.homedir(), ".node9", "audit.log");
     if (!fs21.existsSync(logPath)) {
       console.log(
         chalk8.yellow("No audit logs found. Run node9 with an agent to generate entries.")
@@ -8695,7 +9547,7 @@ init_daemon();
 import chalk10 from "chalk";
 import fs22 from "fs";
 import path24 from "path";
-import os19 from "os";
+import os18 from "os";
 function readJson2(filePath) {
   try {
     if (fs22.existsSync(filePath)) return JSON.parse(fs22.readFileSync(filePath, "utf-8"));
@@ -8764,7 +9616,7 @@ function registerStatusCommand(program2) {
     const modeLabel = settings.mode === "audit" ? chalk10.blue("audit") : settings.mode === "strict" ? chalk10.red("strict") : chalk10.white("standard");
     console.log(`  Mode:    ${modeLabel}`);
     const projectConfig = path24.join(process.cwd(), "node9.config.json");
-    const globalConfig = path24.join(os19.homedir(), ".node9", "config.json");
+    const globalConfig = path24.join(os18.homedir(), ".node9", "config.json");
     console.log(
       `  Local:   ${fs22.existsSync(projectConfig) ? chalk10.green("Active (node9.config.json)") : chalk10.gray("Not present")}`
     );
@@ -8776,7 +9628,7 @@ function registerStatusCommand(program2) {
         `  Sandbox: ${chalk10.green(`${mergedConfig.policy.sandboxPaths.length} safe zones active`)}`
       );
     }
-    const homeDir2 = os19.homedir();
+    const homeDir2 = os18.homedir();
     const claudeSettings = readJson2(
       path24.join(homeDir2, ".claude", "settings.json")
     );
@@ -8846,11 +9698,11 @@ init_core();
 import chalk11 from "chalk";
 import fs23 from "fs";
 import path25 from "path";
-import os20 from "os";
+import os19 from "os";
 function registerInitCommand(program2) {
   program2.command("init").description("Set up Node9: create config and wire all detected AI agents").option("--force", "Overwrite existing config").option("-m, --mode <mode>", "Set initial security mode (standard, strict, audit)", "standard").option("--skip-setup", "Only create config \u2014 do not wire AI agents").action(async (options) => {
     console.log(chalk11.cyan.bold("\n\u{1F6E1}\uFE0F  Node9 Init\n"));
-    const configPath = path25.join(os20.homedir(), ".node9", "config.json");
+    const configPath = path25.join(os19.homedir(), ".node9", "config.json");
     if (fs23.existsSync(configPath) && !options.force) {
       console.log(chalk11.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
     } else {
@@ -8891,107 +9743,306 @@ function registerInitCommand(program2) {
       else if (agent === "cursor") await setupCursor();
       console.log("");
     }
+    if (detected.claude) {
+      setupHud();
+      console.log(chalk11.green("\u2705 node9 HUD added to Claude Code statusline"));
+      console.log(chalk11.gray("   Restart Claude Code to activate the security statusline."));
+      console.log("");
+    }
     console.log(chalk11.green.bold("\u{1F6E1}\uFE0F  Node9 is ready!"));
     console.log(chalk11.gray("   Run: node9 daemon start"));
   });
 }
 
 // src/cli/commands/undo.ts
+import path26 from "path";
+import chalk13 from "chalk";
+
+// src/tui/undo-navigator.ts
+import readline2 from "readline";
 import chalk12 from "chalk";
-import { confirm as confirm2 } from "@inquirer/prompts";
+var RESET = "\x1B[0m";
+var BOLD = "\x1B[1m";
+var CLEAR_SCREEN = "\x1B[2J\x1B[H";
+var SESSION_GAP_MS = 6e4;
+function formatAge(timestamp) {
+  const age = Math.round((Date.now() - timestamp) / 1e3);
+  if (age < 60) return `${age}s ago`;
+  if (age < 3600) return `${Math.round(age / 60)}m ago`;
+  if (age < 86400) return `${Math.round(age / 3600)}h ago`;
+  return `${Math.round(age / 86400)}d ago`;
+}
+function renderDiff(raw) {
+  const lines = raw.split("\n").filter(
+    (l) => !l.startsWith("diff --git") && !l.startsWith("index ") && !l.startsWith("Binary")
+  );
+  for (const line of lines) {
+    if (line.startsWith("+++") || line.startsWith("---")) {
+      process.stdout.write(chalk12.bold(line) + "\n");
+    } else if (line.startsWith("+")) {
+      process.stdout.write(chalk12.green(line) + "\n");
+    } else if (line.startsWith("-")) {
+      process.stdout.write(chalk12.red(line) + "\n");
+    } else if (line.startsWith("@@")) {
+      process.stdout.write(chalk12.cyan(line) + "\n");
+    } else {
+      process.stdout.write(chalk12.gray(line) + "\n");
+    }
+  }
+}
+function isSessionBoundary(entries, idx) {
+  if (idx <= 0) return false;
+  return entries[idx - 1].timestamp - entries[idx].timestamp > SESSION_GAP_MS;
+}
+function sessionStart(entries, idx) {
+  let i = idx;
+  while (i > 0 && !isSessionBoundary(entries, i)) i--;
+  return i;
+}
+function render(entries, idx) {
+  const entry = entries[idx];
+  const total = entries.length;
+  const step = idx + 1;
+  process.stdout.write(CLEAR_SCREEN);
+  process.stdout.write(
+    chalk12.magenta.bold(`\u23EA  Node9 Undo`) + chalk12.gray(`  \u2500\u2500  step ${step} of ${total}`) + (entry.files?.length ? chalk12.gray(
+      `  \u2500\u2500  ${entry.files.slice(0, 2).join(", ")}${entry.files.length > 2 ? ` +${entry.files.length - 2} more` : ""}`
+    ) : "") + "\n\n"
+  );
+  process.stdout.write(
+    `  ${BOLD}Tool:${RESET}  ${chalk12.cyan(entry.tool)}` + (entry.argsSummary ? chalk12.gray("  \u2192  " + entry.argsSummary) : "") + "\n"
+  );
+  process.stdout.write(`  ${BOLD}When:${RESET}  ${chalk12.gray(formatAge(entry.timestamp))}
+`);
+  process.stdout.write(`  ${BOLD}Dir: ${RESET}  ${chalk12.gray(entry.cwd)}
+`);
+  if (entry.files && entry.files.length > 0) {
+    process.stdout.write(`  ${BOLD}Files:${RESET} ${chalk12.gray(entry.files.join(", "))}
+`);
+  }
+  if (idx < total - 1 && isSessionBoundary(entries, idx + 1)) {
+    process.stdout.write(chalk12.gray("\n  \u2500\u2500 session boundary above \u2500\u2500\n"));
+  }
+  process.stdout.write("\n");
+  const diff = entry.diff ?? computeUndoDiff(entry.hash, entry.cwd);
+  if (diff) {
+    renderDiff(diff);
+  } else {
+    process.stdout.write(
+      chalk12.gray("  (no diff \u2014 working tree may already match this snapshot)\n")
+    );
+  }
+  process.stdout.write("\n");
+  process.stdout.write(
+    chalk12.gray("  ") + (idx < total - 1 ? chalk12.white("[\u2190] older") : chalk12.gray("[\u2190] older")) + chalk12.gray("   ") + (idx > 0 ? chalk12.white("[\u2192] newer") : chalk12.gray("[\u2192] newer")) + chalk12.gray("   ") + chalk12.green("[\u21B5] restore here") + chalk12.gray("   ") + chalk12.yellow("[s] session start") + chalk12.gray("   ") + chalk12.gray("[q] quit") + "\n"
+  );
+}
+async function runUndoNavigator(entries) {
+  if (entries.length === 0) return { restored: false };
+  const display = [...entries].reverse();
+  let idx = 0;
+  if (!process.stdout.isTTY || !process.stdin.isTTY) {
+    render(display, idx);
+    return { restored: false };
+  }
+  readline2.emitKeypressEvents(process.stdin);
+  return new Promise((resolve) => {
+    let done = false;
+    render(display, idx);
+    try {
+      process.stdin.setRawMode(true);
+    } catch {
+      resolve({ restored: false });
+      return;
+    }
+    process.stdin.resume();
+    const cleanup = () => {
+      process.stdin.removeListener("keypress", onKeypress);
+      try {
+        process.stdin.setRawMode(false);
+      } catch {
+      }
+      process.stdin.pause();
+    };
+    const onKeypress = (_str, key) => {
+      if (done) return;
+      const name = key?.name ?? "";
+      if (name === "left" || name === "h") {
+        if (idx < display.length - 1) {
+          idx++;
+          render(display, idx);
+        }
+      } else if (name === "right" || name === "l") {
+        if (idx > 0) {
+          idx--;
+          render(display, idx);
+        }
+      } else if (name === "s") {
+        const start = sessionStart(display, idx);
+        if (start !== idx) {
+          idx = start;
+          render(display, idx);
+        }
+      } else if (name === "return" || name === "y") {
+        done = true;
+        cleanup();
+        process.stdout.write(CLEAR_SCREEN);
+        const entry = display[idx];
+        process.stdout.write(chalk12.magenta.bold("\n\u23EA  Restoring snapshot...\n\n"));
+        if (applyUndo(entry.hash, entry.cwd)) {
+          process.stdout.write(chalk12.green("\u2705  Reverted successfully.\n\n"));
+          resolve({ restored: true });
+        } else {
+          process.stdout.write(chalk12.red("\u274C  Undo failed.\n\n"));
+          resolve({ restored: false });
+        }
+      } else if (name === "q" || key?.ctrl && name === "c") {
+        done = true;
+        cleanup();
+        process.stdout.write(CLEAR_SCREEN);
+        process.stdout.write(chalk12.gray("\nCancelled.\n\n"));
+        resolve({ restored: false });
+      }
+    };
+    process.stdin.on("keypress", onKeypress);
+  });
+}
+
+// src/cli/commands/undo.ts
+function findMatchingCwd(startDir, history) {
+  const cwds = new Set(history.map((e) => e.cwd));
+  let dir = startDir;
+  while (true) {
+    if (cwds.has(dir)) return dir;
+    const parent = path26.dirname(dir);
+    if (parent === dir) return null;
+    dir = parent;
+  }
+}
+function formatAge2(timestamp) {
+  const age = Math.round((Date.now() - timestamp) / 1e3);
+  if (age < 60) return `${age}s ago`;
+  if (age < 3600) return `${Math.round(age / 60)}m ago`;
+  if (age < 86400) return `${Math.round(age / 3600)}h ago`;
+  return `${Math.round(age / 86400)}d ago`;
+}
 function registerUndoCommand(program2) {
   program2.command("undo").description(
-    "Revert files to a pre-AI snapshot. Shows a diff and asks for confirmation before reverting. Use --steps N to go back N actions, --all to include snapshots from other directories."
-  ).option("--steps <n>", "Number of snapshots to go back (default: 1)", "1").option("--all", "Show snapshots from all directories, not just the current one").action(async (options) => {
-    const steps = Math.max(1, parseInt(options.steps, 10) || 1);
+    "Browse and restore pre-AI snapshots. Arrow keys to navigate, Enter to restore. Use --steps N to go back N actions non-interactively, --list to print history."
+  ).option("--steps <n>", "Non-interactive: restore N steps back (default: 1)").option("--list", "Print snapshot history as a table and exit").option("--all", "Include snapshots from all directories, not just the current one").action(async (options) => {
     const allHistory = getSnapshotHistory();
-    const history = options.all ? allHistory : allHistory.filter((s) => s.cwd === process.cwd());
+    const matchedCwd = options.all ? null : findMatchingCwd(process.cwd(), allHistory);
+    const history = options.all ? allHistory : allHistory.filter((s) => s.cwd === matchedCwd);
     if (history.length === 0) {
       if (!options.all && allHistory.length > 0) {
         console.log(
-          chalk12.yellow(
+          chalk13.yellow(
             `
 \u2139\uFE0F  No snapshots found for the current directory (${process.cwd()}).
-    Run ${chalk12.cyan("node9 undo --all")} to see snapshots from all projects.
+    Run ${chalk13.cyan("node9 undo --all")} to see snapshots from all projects.
 `
           )
         );
       } else {
-        console.log(chalk12.yellow("\n\u2139\uFE0F  No undo snapshots found.\n"));
+        console.log(chalk13.yellow("\n\u2139\uFE0F  No undo snapshots found.\n"));
       }
       return;
     }
-    const idx = history.length - steps;
-    if (idx < 0) {
+    if (options.list) {
+      console.log(chalk13.magenta.bold("\n\u23EA  Snapshot History\n"));
       console.log(
-        chalk12.yellow(
-          `
-\u2139\uFE0F  Only ${history.length} snapshot(s) available, cannot go back ${steps}.
-`
+        chalk13.gray(
+          `  ${"#".padEnd(3)}  ${"File / Command".padEnd(30)}  ${"Tool".padEnd(8)}  ${"When".padEnd(10)}  Dir`
         )
       );
+      console.log(chalk13.gray("  " + "\u2500".repeat(80)));
+      const display = [...history].reverse();
+      let prevTs = null;
+      for (let i = 0; i < display.length; i++) {
+        const e = display[i];
+        const isGap = prevTs !== null && prevTs - e.timestamp > 6e4;
+        if (isGap) console.log(chalk13.gray("  \u2500\u2500 earlier \u2500\u2500"));
+        const label = (e.argsSummary || e.files?.[0] || "\u2014").slice(0, 30).padEnd(30);
+        const tool = e.tool.slice(0, 8).padEnd(8);
+        const when = formatAge2(e.timestamp).padEnd(10);
+        const dir = e.cwd.length > 30 ? "\u2026" + e.cwd.slice(-29) : e.cwd;
+        console.log(
+          chalk13.white(
+            `  ${String(i + 1).padEnd(3)}  ${label}  ${chalk13.cyan(tool)}  ${chalk13.gray(when)}  ${chalk13.gray(dir)}`
+          )
+        );
+        prevTs = e.timestamp;
+      }
+      console.log("");
       return;
     }
-    const snapshot = history[idx];
-    const age = Math.round((Date.now() - snapshot.timestamp) / 1e3);
-    const ageStr = age < 60 ? `${age}s ago` : age < 3600 ? `${Math.round(age / 60)}m ago` : `${Math.round(age / 3600)}h ago`;
-    console.log(
-      chalk12.magenta.bold(`
+    if (options.steps !== void 0) {
+      const steps = Math.max(1, parseInt(options.steps, 10) || 1);
+      const idx = history.length - steps;
+      if (idx < 0) {
+        console.log(
+          chalk13.yellow(
+            `
+\u2139\uFE0F  Only ${history.length} snapshot(s) available, cannot go back ${steps}.
+`
+          )
+        );
+        return;
+      }
+      const snapshot = history[idx];
+      const ageStr = formatAge2(snapshot.timestamp);
+      console.log(
+        chalk13.magenta.bold(`
 \u23EA  Node9 Undo${steps > 1 ? ` (${steps} steps back)` : ""}`)
-    );
-    console.log(
-      chalk12.white(
-        `    Tool:  ${chalk12.cyan(snapshot.tool)}${snapshot.argsSummary ? chalk12.gray(" \u2192 " + snapshot.argsSummary) : ""}`
-      )
-    );
-    console.log(chalk12.white(`    When:  ${chalk12.gray(ageStr)}`));
-    console.log(chalk12.white(`    Dir:   ${chalk12.gray(snapshot.cwd)}`));
-    if (steps > 1)
+      );
       console.log(
-        chalk12.yellow(`    Note:  This will also undo the ${steps - 1} action(s) after it.`)
+        chalk13.white(
+          `    Tool:  ${chalk13.cyan(snapshot.tool)}${snapshot.argsSummary ? chalk13.gray(" \u2192 " + snapshot.argsSummary) : ""}`
+        )
       );
-    console.log("");
-    const diff = computeUndoDiff(snapshot.hash, snapshot.cwd);
-    if (diff) {
-      const lines = diff.split("\n");
-      for (const line of lines) {
-        if (line.startsWith("+++") || line.startsWith("---")) {
-          console.log(chalk12.bold(line));
-        } else if (line.startsWith("+")) {
-          console.log(chalk12.green(line));
-        } else if (line.startsWith("-")) {
-          console.log(chalk12.red(line));
-        } else if (line.startsWith("@@")) {
-          console.log(chalk12.cyan(line));
-        } else {
-          console.log(chalk12.gray(line));
+      console.log(chalk13.white(`    When:  ${chalk13.gray(ageStr)}`));
+      console.log(chalk13.white(`    Dir:   ${chalk13.gray(snapshot.cwd)}`));
+      if (steps > 1)
+        console.log(
+          chalk13.yellow(`    Note:  This will also undo the ${steps - 1} action(s) after it.`)
+        );
+      console.log("");
+      const diff = snapshot.diff ?? computeUndoDiff(snapshot.hash, snapshot.cwd);
+      if (diff) {
+        const lines = diff.split("\n").filter((l) => !l.startsWith("diff --git") && !l.startsWith("index "));
+        for (const line of lines) {
+          if (line.startsWith("+++") || line.startsWith("---")) console.log(chalk13.bold(line));
+          else if (line.startsWith("+")) console.log(chalk13.green(line));
+          else if (line.startsWith("-")) console.log(chalk13.red(line));
+          else if (line.startsWith("@@")) console.log(chalk13.cyan(line));
+          else console.log(chalk13.gray(line));
         }
+        console.log("");
+      } else {
+        console.log(
+          chalk13.gray("    (no diff available \u2014 working tree may already match snapshot)\n")
+        );
       }
-      console.log("");
-    } else {
-      console.log(
-        chalk12.gray("    (no diff available \u2014 working tree may already match snapshot)\n")
-      );
-    }
-    const proceed = await confirm2({
-      message: `Revert to this snapshot?`,
-      default: false
-    });
-    if (proceed) {
-      if (applyUndo(snapshot.hash, snapshot.cwd)) {
-        console.log(chalk12.green("\n\u2705 Reverted successfully.\n"));
+      const { confirm: confirm3 } = await import("@inquirer/prompts");
+      const proceed = await confirm3({ message: `Revert to this snapshot?`, default: false });
+      if (proceed) {
+        if (applyUndo(snapshot.hash, snapshot.cwd)) {
+          console.log(chalk13.green("\n\u2705 Reverted successfully.\n"));
+        } else {
+          console.error(chalk13.red("\n\u274C Undo failed. Ensure you are in a Git repository.\n"));
+        }
       } else {
-        console.error(chalk12.red("\n\u274C Undo failed. Ensure you are in a Git repository.\n"));
+        console.log(chalk13.gray("\nCancelled.\n"));
       }
-    } else {
-      console.log(chalk12.gray("\nCancelled.\n"));
+      return;
     }
+    await runUndoNavigator(history);
   });
 }
 
 // src/cli/commands/watch.ts
 init_daemon();
-import chalk13 from "chalk";
+import chalk14 from "chalk";
 import { spawn as spawn7, spawnSync as spawnSync5 } from "child_process";
 function registerWatchCommand(program2) {
   program2.command("watch").description("Run a command under Node9 watch mode (daemon stays alive for the session)").argument("<command>", "Command to run").argument("[args...]", "Arguments for the command").action(async (cmd, args) => {
@@ -9007,7 +10058,7 @@ function registerWatchCommand(program2) {
         throw new Error("not running");
       }
     } catch {
-      console.error(chalk13.dim("\u{1F6E1}\uFE0F  Starting Node9 daemon (watch mode)..."));
+      console.error(chalk14.dim("\u{1F6E1}\uFE0F  Starting Node9 daemon (watch mode)..."));
       const child = spawn7(process.execPath, [process.argv[1], "daemon"], {
         detached: true,
         stdio: "ignore",
@@ -9029,12 +10080,12 @@ function registerWatchCommand(program2) {
         }
       }
       if (!ready) {
-        console.error(chalk13.red("\u274C Daemon failed to start. Try: node9 daemon start"));
+        console.error(chalk14.red("\u274C Daemon failed to start. Try: node9 daemon start"));
         process.exit(1);
       }
     }
     console.error(
-      chalk13.cyan.bold("\u{1F6E1}\uFE0F  Node9 watch") + chalk13.dim(` \u2192 localhost:${port}`) + chalk13.dim(
+      chalk14.cyan.bold("\u{1F6E1}\uFE0F  Node9 watch") + chalk14.dim(` \u2192 localhost:${port}`) + chalk14.dim(
         "\n   Tip: run `node9 tail` in another terminal to review and approve AI actions.\n"
       )
     );
@@ -9043,7 +10094,7 @@ function registerWatchCommand(program2) {
       env: { ...process.env, NODE9_WATCH_MODE: "1" }
     });
     if (result.error) {
-      console.error(chalk13.red(`\u274C Failed to run command: ${result.error.message}`));
+      console.error(chalk14.red(`\u274C Failed to run command: ${result.error.message}`));
       process.exit(1);
     }
     process.exit(result.status ?? 0);
@@ -9052,8 +10103,8 @@ function registerWatchCommand(program2) {
 
 // src/mcp-gateway/index.ts
 init_orchestrator();
-import readline2 from "readline";
-import chalk14 from "chalk";
+import readline3 from "readline";
+import chalk15 from "chalk";
 import { spawn as spawn8 } from "child_process";
 import { execa as execa2 } from "execa";
 init_provenance();
@@ -9116,13 +10167,13 @@ async function runMcpGateway(upstreamCommand) {
   const prov = checkProvenance(executable);
   if (prov.trustLevel === "suspect") {
     console.error(
-      chalk14.red(
+      chalk15.red(
         `\u26A0\uFE0F  Node9: Upstream MCP server binary is suspect \u2014 ${prov.reason} (${prov.resolvedPath})`
       )
     );
-    console.error(chalk14.red("   Verify this binary is trusted before proceeding."));
+    console.error(chalk15.red("   Verify this binary is trusted before proceeding."));
   }
-  console.error(chalk14.green(`\u{1F680} Node9 MCP Gateway: Monitoring [${upstreamCommand}]`));
+  console.error(chalk15.green(`\u{1F680} Node9 MCP Gateway: Monitoring [${upstreamCommand}]`));
   const UPSTREAM_INJECTOR_VARS = /* @__PURE__ */ new Set([
     "NODE_OPTIONS",
     "NODE_PATH",
@@ -9150,7 +10201,7 @@ async function runMcpGateway(upstreamCommand) {
   let authPending = false;
   let deferredExitCode = null;
   let deferredStdinEnd = false;
-  const agentIn = readline2.createInterface({ input: process.stdin, terminal: false });
+  const agentIn = readline3.createInterface({ input: process.stdin, terminal: false });
   agentIn.on("line", async (line) => {
     let message;
     try {
@@ -9186,10 +10237,10 @@ async function runMcpGateway(upstreamCommand) {
           mcpServer
         });
         if (!result.approved) {
-          console.error(chalk14.red(`
+          console.error(chalk15.red(`
 \u{1F6D1} Node9 MCP Gateway: Action Blocked`));
-          console.error(chalk14.gray(`   Tool: ${toolName}`));
-          console.error(chalk14.gray(`   Reason: ${result.reason ?? "Security Policy"}
+          console.error(chalk15.gray(`   Tool: ${toolName}`));
+          console.error(chalk15.gray(`   Reason: ${result.reason ?? "Security Policy"}
 `));
           const blockedByLabel = result.blockedByLabel ?? result.reason ?? "Security Policy";
           const isHumanDecision = blockedByLabel.toLowerCase().includes("user") || blockedByLabel.toLowerCase().includes("daemon") || blockedByLabel.toLowerCase().includes("decision");
@@ -9263,7 +10314,7 @@ function registerMcpGatewayCommand(program2) {
 
 // src/cli/commands/trust.ts
 init_trusted_hosts();
-import chalk15 from "chalk";
+import chalk16 from "chalk";
 function isValidHost(host) {
   return /^(\*\.)?[a-z0-9][a-z0-9.-]*\.[a-z]{2,}$/.test(host);
 }
@@ -9273,44 +10324,44 @@ function registerTrustCommand(program2) {
     const normalized = normalizeHost(host.trim());
     if (!isValidHost(normalized)) {
       console.error(
-        chalk15.red(`
+        chalk16.red(`
 \u274C Invalid host: "${host}"
-`) + chalk15.gray("   Use an FQDN like api.mycompany.com or *.mycompany.com\n")
+`) + chalk16.gray("   Use an FQDN like api.mycompany.com or *.mycompany.com\n")
       );
       process.exit(1);
     }
     addTrustedHost(normalized);
-    console.log(chalk15.green(`
+    console.log(chalk16.green(`
 \u2705 ${normalized} added to trusted hosts.`));
     console.log(
-      chalk15.gray("   Pipe-chain blocks to this host: critical \u2192 review, high \u2192 allow\n")
+      chalk16.gray("   Pipe-chain blocks to this host: critical \u2192 review, high \u2192 allow\n")
     );
   });
   trustCmd.command("remove <host>").description("Remove a trusted host").action((host) => {
     const normalized = normalizeHost(host.trim());
     const removed = removeTrustedHost(normalized);
     if (!removed) {
-      console.error(chalk15.yellow(`
+      console.error(chalk16.yellow(`
 \u26A0\uFE0F  "${normalized}" is not in the trusted hosts list.
 `));
       process.exit(1);
     }
-    console.log(chalk15.green(`
+    console.log(chalk16.green(`
 \u2705 ${normalized} removed from trusted hosts.
 `));
   });
   trustCmd.command("list").description("Show all trusted hosts").action(() => {
     const hosts = readTrustedHosts();
     if (hosts.length === 0) {
-      console.log(chalk15.gray("\n  No trusted hosts configured.\n"));
-      console.log(`  Add one: ${chalk15.cyan("node9 trust add api.mycompany.com")}
+      console.log(chalk16.gray("\n  No trusted hosts configured.\n"));
+      console.log(`  Add one: ${chalk16.cyan("node9 trust add api.mycompany.com")}
 `);
       return;
     }
-    console.log(chalk15.bold("\n\u{1F513} Trusted Hosts\n"));
+    console.log(chalk16.bold("\n\u{1F513} Trusted Hosts\n"));
     for (const entry of hosts) {
       const date = new Date(entry.addedAt).toLocaleDateString();
-      console.log(`  ${chalk15.cyan(entry.host.padEnd(40))} ${chalk15.gray(`added ${date}`)}`);
+      console.log(`  ${chalk16.cyan(entry.host.padEnd(40))} ${chalk16.gray(`added ${date}`)}`);
     }
     console.log("");
   });
@@ -9318,20 +10369,20 @@ function registerTrustCommand(program2) {
 
 // src/cli.ts
 var { version } = JSON.parse(
-  fs25.readFileSync(path27.join(__dirname, "../package.json"), "utf-8")
+  fs26.readFileSync(path29.join(__dirname, "../package.json"), "utf-8")
 );
 var program = new Command();
 program.name("node9").description("The Sudo Command for AI Agents").version(version);
 program.command("login").argument("<apiKey>").option("--local", "Save key for audit/logging only \u2014 local config still controls all decisions").option("--profile <name>", 'Save as a named profile (default: "default")').action((apiKey, options) => {
   const DEFAULT_API_URL = "https://api.node9.ai/api/v1/intercept";
-  const credPath = path27.join(os22.homedir(), ".node9", "credentials.json");
-  if (!fs25.existsSync(path27.dirname(credPath)))
-    fs25.mkdirSync(path27.dirname(credPath), { recursive: true });
+  const credPath = path29.join(os22.homedir(), ".node9", "credentials.json");
+  if (!fs26.existsSync(path29.dirname(credPath)))
+    fs26.mkdirSync(path29.dirname(credPath), { recursive: true });
   const profileName = options.profile || "default";
   let existingCreds = {};
   try {
-    if (fs25.existsSync(credPath)) {
-      const raw = JSON.parse(fs25.readFileSync(credPath, "utf-8"));
+    if (fs26.existsSync(credPath)) {
+      const raw = JSON.parse(fs26.readFileSync(credPath, "utf-8"));
       if (raw.apiKey) {
         existingCreds = {
           default: { apiKey: raw.apiKey, apiUrl: raw.apiUrl || DEFAULT_API_URL }
@@ -9343,13 +10394,13 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
   } catch {
   }
   existingCreds[profileName] = { apiKey, apiUrl: DEFAULT_API_URL };
-  fs25.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
+  fs26.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
   if (profileName === "default") {
-    const configPath = path27.join(os22.homedir(), ".node9", "config.json");
+    const configPath = path29.join(os22.homedir(), ".node9", "config.json");
     let config = {};
     try {
-      if (fs25.existsSync(configPath))
-        config = JSON.parse(fs25.readFileSync(configPath, "utf-8"));
+      if (fs26.existsSync(configPath))
+        config = JSON.parse(fs26.readFileSync(configPath, "utf-8"));
     } catch {
     }
     if (!config.settings || typeof config.settings !== "object") config.settings = {};
@@ -9364,36 +10415,40 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
       approvers.cloud = false;
     }
     s.approvers = approvers;
-    if (!fs25.existsSync(path27.dirname(configPath)))
-      fs25.mkdirSync(path27.dirname(configPath), { recursive: true });
-    fs25.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
+    if (!fs26.existsSync(path29.dirname(configPath)))
+      fs26.mkdirSync(path29.dirname(configPath), { recursive: true });
+    fs26.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
   }
   if (options.profile && profileName !== "default") {
-    console.log(chalk17.green(`\u2705 Profile "${profileName}" saved`));
-    console.log(chalk17.gray(`   Switch to it per-session:  NODE9_PROFILE=${profileName} claude`));
+    console.log(chalk18.green(`\u2705 Profile "${profileName}" saved`));
+    console.log(chalk18.gray(`   Switch to it per-session:  NODE9_PROFILE=${profileName} claude`));
   } else if (options.local) {
-    console.log(chalk17.green(`\u2705 Privacy mode \u{1F6E1}\uFE0F`));
-    console.log(chalk17.gray(`   All decisions stay on this machine.`));
+    console.log(chalk18.green(`\u2705 Privacy mode \u{1F6E1}\uFE0F`));
+    console.log(chalk18.gray(`   All decisions stay on this machine.`));
   } else {
-    console.log(chalk17.green(`\u2705 Logged in \u2014 agent mode`));
-    console.log(chalk17.gray(`   Team policy enforced for all calls via Node9 cloud.`));
+    console.log(chalk18.green(`\u2705 Logged in \u2014 agent mode`));
+    console.log(chalk18.gray(`   Team policy enforced for all calls via Node9 cloud.`));
   }
 });
-program.command("addto").description("Integrate Node9 with an AI agent").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor").argument("<target>", "The agent to protect: claude | gemini | cursor").action(async (target) => {
+program.command("addto").description("Integrate Node9 with an AI agent").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  hud").argument("<target>", "The agent to protect: claude | gemini | cursor | hud").action(async (target) => {
   if (target === "gemini") return await setupGemini();
   if (target === "claude") return await setupClaude();
   if (target === "cursor") return await setupCursor();
-  console.error(chalk17.red(`Unknown target: "${target}". Supported: claude, gemini, cursor`));
+  if (target === "hud") return setupHud();
+  console.error(chalk18.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`));
   process.exit(1);
 });
-program.command("setup").description('Alias for "addto" \u2014 integrate Node9 with an AI agent').addHelpText("after", "\n  Supported targets:  claude  gemini  cursor").argument("[target]", "The agent to protect: claude | gemini | cursor").action(async (target) => {
+program.command("setup").description('Alias for "addto" \u2014 integrate Node9 with an AI agent').addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  hud").argument("[target]", "The agent to protect: claude | gemini | cursor | hud").action(async (target) => {
   if (!target) {
-    console.log(chalk17.cyan("\n\u{1F6E1}\uFE0F  Node9 Setup \u2014 integrate with your AI agent\n"));
-    console.log("  Usage:  " + chalk17.white("node9 setup <target>") + "\n");
+    console.log(chalk18.cyan("\n\u{1F6E1}\uFE0F  Node9 Setup \u2014 integrate with your AI agent\n"));
+    console.log("  Usage:  " + chalk18.white("node9 setup <target>") + "\n");
     console.log("  Targets:");
-    console.log("    " + chalk17.green("claude") + "   \u2014 Claude Code (hook mode)");
-    console.log("    " + chalk17.green("gemini") + "   \u2014 Gemini CLI (hook mode)");
-    console.log("    " + chalk17.green("cursor") + "   \u2014 Cursor (hook mode)");
+    console.log("    " + chalk18.green("claude") + "   \u2014 Claude Code (hook mode)");
+    console.log("    " + chalk18.green("gemini") + "   \u2014 Gemini CLI (hook mode)");
+    console.log("    " + chalk18.green("cursor") + "   \u2014 Cursor (hook mode)");
+    process.stdout.write(
+      "    " + chalk18.green("hud") + "     \u2014 Claude Code security statusline\n"
+    );
     console.log("");
     return;
   }
@@ -9401,7 +10456,8 @@ program.command("setup").description('Alias for "addto" \u2014 integrate Node9 w
   if (t === "gemini") return await setupGemini();
   if (t === "claude") return await setupClaude();
   if (t === "cursor") return await setupCursor();
-  console.error(chalk17.red(`Unknown target: "${target}". Supported: claude, gemini, cursor`));
+  if (t === "hud") return setupHud();
+  console.error(chalk18.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`));
   process.exit(1);
 });
 program.command("removefrom").description("Remove Node9 hooks from an AI agent configuration").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor").argument("<target>", "The agent to remove from: claude | gemini | cursor").action((target) => {
@@ -9409,31 +10465,34 @@ program.command("removefrom").description("Remove Node9 hooks from an AI agent c
   if (target === "claude") fn = teardownClaude;
   else if (target === "gemini") fn = teardownGemini;
   else if (target === "cursor") fn = teardownCursor;
+  else if (target === "hud") fn = teardownHud;
   else {
-    console.error(chalk17.red(`Unknown target: "${target}". Supported: claude, gemini, cursor`));
+    console.error(
+      chalk18.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`)
+    );
     process.exit(1);
   }
-  console.log(chalk17.cyan(`
+  console.log(chalk18.cyan(`
 \u{1F6E1}\uFE0F  Node9: removing hooks from ${target}...
 `));
   try {
     fn();
   } catch (err) {
-    console.error(chalk17.red(`  \u26A0\uFE0F  Failed: ${err instanceof Error ? err.message : String(err)}`));
+    console.error(chalk18.red(`  \u26A0\uFE0F  Failed: ${err instanceof Error ? err.message : String(err)}`));
     process.exit(1);
   }
-  console.log(chalk17.gray("\n  Restart the agent for changes to take effect."));
+  console.log(chalk18.gray("\n  Restart the agent for changes to take effect."));
 });
 program.command("uninstall").description("Remove all Node9 hooks and optionally delete config files").option("--purge", "Also delete ~/.node9/ directory (config, audit log, credentials)").action(async (options) => {
-  console.log(chalk17.cyan("\n\u{1F6E1}\uFE0F  Node9 Uninstall\n"));
-  console.log(chalk17.bold("Stopping daemon..."));
+  console.log(chalk18.cyan("\n\u{1F6E1}\uFE0F  Node9 Uninstall\n"));
+  console.log(chalk18.bold("Stopping daemon..."));
   try {
     stopDaemon();
-    console.log(chalk17.green("  \u2705 Daemon stopped"));
+    console.log(chalk18.green("  \u2705 Daemon stopped"));
   } catch {
-    console.log(chalk17.blue("  \u2139\uFE0F  Daemon was not running"));
+    console.log(chalk18.blue("  \u2139\uFE0F  Daemon was not running"));
   }
-  console.log(chalk17.bold("\nRemoving hooks..."));
+  console.log(chalk18.bold("\nRemoving hooks..."));
   let teardownFailed = false;
   for (const [label, fn] of [
     ["Claude", teardownClaude],
@@ -9445,45 +10504,45 @@ program.command("uninstall").description("Remove all Node9 hooks and optionally
     } catch (err) {
       teardownFailed = true;
       console.error(
-        chalk17.red(
+        chalk18.red(
           `  \u26A0\uFE0F  Failed to remove ${label} hooks: ${err instanceof Error ? err.message : String(err)}`
         )
       );
     }
   }
   if (options.purge) {
-    const node9Dir = path27.join(os22.homedir(), ".node9");
-    if (fs25.existsSync(node9Dir)) {
-      const confirmed = await confirm3({
+    const node9Dir = path29.join(os22.homedir(), ".node9");
+    if (fs26.existsSync(node9Dir)) {
+      const confirmed = await confirm2({
         message: `Permanently delete ${node9Dir} (config, audit log, credentials)?`,
         default: false
       });
       if (confirmed) {
-        fs25.rmSync(node9Dir, { recursive: true });
-        if (fs25.existsSync(node9Dir)) {
+        fs26.rmSync(node9Dir, { recursive: true });
+        if (fs26.existsSync(node9Dir)) {
           console.error(
-            chalk17.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
+            chalk18.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
           );
         } else {
-          console.log(chalk17.green("\n  \u2705 Deleted ~/.node9/ (config, audit log, credentials)"));
+          console.log(chalk18.green("\n  \u2705 Deleted ~/.node9/ (config, audit log, credentials)"));
         }
       } else {
-        console.log(chalk17.yellow("\n  Skipped \u2014 ~/.node9/ was not deleted."));
+        console.log(chalk18.yellow("\n  Skipped \u2014 ~/.node9/ was not deleted."));
       }
     } else {
-      console.log(chalk17.blue("\n  \u2139\uFE0F  ~/.node9/ not found \u2014 nothing to delete"));
+      console.log(chalk18.blue("\n  \u2139\uFE0F  ~/.node9/ not found \u2014 nothing to delete"));
     }
   } else {
     console.log(
-      chalk17.gray("\n  ~/.node9/ kept \u2014 run with --purge to delete config and audit log")
+      chalk18.gray("\n  ~/.node9/ kept \u2014 run with --purge to delete config and audit log")
     );
   }
   if (teardownFailed) {
-    console.error(chalk17.red("\n  \u26A0\uFE0F  Some hooks could not be removed \u2014 see errors above."));
+    console.error(chalk18.red("\n  \u26A0\uFE0F  Some hooks could not be removed \u2014 see errors above."));
     process.exit(1);
   }
-  console.log(chalk17.green.bold("\n\u{1F6E1}\uFE0F  Node9 removed. Run: npm uninstall -g @node9/proxy"));
-  console.log(chalk17.gray("   Restart any open AI agent sessions for changes to take effect.\n"));
+  console.log(chalk18.green.bold("\n\u{1F6E1}\uFE0F  Node9 removed. Run: npm uninstall -g @node9/proxy"));
+  console.log(chalk18.gray("   Restart any open AI agent sessions for changes to take effect.\n"));
 });
 registerDoctorCommand(program, version);
 program.command("explain").description(
@@ -9496,7 +10555,7 @@ program.command("explain").description(
       try {
         args = JSON.parse(trimmed);
       } catch {
-        console.error(chalk17.red(`
+        console.error(chalk18.red(`
 \u274C Invalid JSON: ${trimmed}
 `));
         process.exit(1);
@@ -9507,54 +10566,54 @@ program.command("explain").description(
   }
   const result = await explainPolicy(tool, args);
   console.log("");
-  console.log(chalk17.cyan.bold("\u{1F6E1}\uFE0F  Node9 Explain"));
+  console.log(chalk18.cyan.bold("\u{1F6E1}\uFE0F  Node9 Explain"));
   console.log("");
-  console.log(`   ${chalk17.bold("Tool:")}    ${chalk17.white(result.tool)}`);
+  console.log(`   ${chalk18.bold("Tool:")}    ${chalk18.white(result.tool)}`);
   if (argsRaw) {
     const preview = argsRaw.length > 80 ? argsRaw.slice(0, 77) + "\u2026" : argsRaw;
-    console.log(`   ${chalk17.bold("Input:")}   ${chalk17.gray(preview)}`);
+    console.log(`   ${chalk18.bold("Input:")}   ${chalk18.gray(preview)}`);
   }
   console.log("");
-  console.log(chalk17.bold("Config Sources (Waterfall):"));
+  console.log(chalk18.bold("Config Sources (Waterfall):"));
   for (const tier of result.waterfall) {
-    const num = chalk17.gray(`  ${tier.tier}.`);
+    const num = chalk18.gray(`  ${tier.tier}.`);
     const label = tier.label.padEnd(16);
     let statusStr;
     if (tier.tier === 1) {
-      statusStr = chalk17.gray(tier.note ?? "");
+      statusStr = chalk18.gray(tier.note ?? "");
     } else if (tier.status === "active") {
-      const loc = tier.path ? chalk17.gray(tier.path) : "";
-      const note = tier.note ? chalk17.gray(`(${tier.note})`) : "";
-      statusStr = chalk17.green("\u2713 active") + (loc ? "  " + loc : "") + (note ? "  " + note : "");
+      const loc = tier.path ? chalk18.gray(tier.path) : "";
+      const note = tier.note ? chalk18.gray(`(${tier.note})`) : "";
+      statusStr = chalk18.green("\u2713 active") + (loc ? "  " + loc : "") + (note ? "  " + note : "");
     } else {
-      statusStr = chalk17.gray("\u25CB " + (tier.note ?? "not found"));
+      statusStr = chalk18.gray("\u25CB " + (tier.note ?? "not found"));
     }
-    console.log(`${num} ${chalk17.white(label)} ${statusStr}`);
+    console.log(`${num} ${chalk18.white(label)} ${statusStr}`);
   }
   console.log("");
-  console.log(chalk17.bold("Policy Evaluation:"));
+  console.log(chalk18.bold("Policy Evaluation:"));
   for (const step of result.steps) {
     const isFinal = step.isFinal;
     let icon;
-    if (step.outcome === "allow") icon = chalk17.green("  \u2705");
-    else if (step.outcome === "review") icon = chalk17.red("  \u{1F534}");
-    else if (step.outcome === "skip") icon = chalk17.gray("  \u2500 ");
-    else icon = chalk17.gray("  \u25CB ");
+    if (step.outcome === "allow") icon = chalk18.green("  \u2705");
+    else if (step.outcome === "review") icon = chalk18.red("  \u{1F534}");
+    else if (step.outcome === "skip") icon = chalk18.gray("  \u2500 ");
+    else icon = chalk18.gray("  \u25CB ");
     const name = step.name.padEnd(18);
-    const nameStr = isFinal ? chalk17.white.bold(name) : chalk17.white(name);
-    const detail = isFinal ? chalk17.white(step.detail) : chalk17.gray(step.detail);
-    const arrow = isFinal ? chalk17.yellow("  \u2190 STOP") : "";
+    const nameStr = isFinal ? chalk18.white.bold(name) : chalk18.white(name);
+    const detail = isFinal ? chalk18.white(step.detail) : chalk18.gray(step.detail);
+    const arrow = isFinal ? chalk18.yellow("  \u2190 STOP") : "";
     console.log(`${icon} ${nameStr} ${detail}${arrow}`);
   }
   console.log("");
   if (result.decision === "allow") {
-    console.log(chalk17.green.bold("  Decision: \u2705 ALLOW") + chalk17.gray("  \u2014 no approval needed"));
+    console.log(chalk18.green.bold("  Decision: \u2705 ALLOW") + chalk18.gray("  \u2014 no approval needed"));
   } else {
     console.log(
-      chalk17.red.bold("  Decision: \u{1F534} REVIEW") + chalk17.gray("  \u2014 human approval required")
+      chalk18.red.bold("  Decision: \u{1F534} REVIEW") + chalk18.gray("  \u2014 human approval required")
     );
     if (result.blockedByLabel) {
-      console.log(chalk17.gray(`  Reason:   ${result.blockedByLabel}`));
+      console.log(chalk18.gray(`  Reason:   ${result.blockedByLabel}`));
     }
   }
   console.log("");
@@ -9568,7 +10627,7 @@ program.command("tail").description("Stream live agent activity to the terminal"
   try {
     await startTail2(options);
   } catch (err) {
-    console.error(chalk17.red(`\u274C ${err instanceof Error ? err.message : String(err)}`));
+    console.error(chalk18.red(`\u274C ${err instanceof Error ? err.message : String(err)}`));
     process.exit(1);
   }
 });
@@ -9576,11 +10635,15 @@ registerWatchCommand(program);
 registerMcpGatewayCommand(program);
 registerCheckCommand(program);
 registerLogCommand(program);
+program.command("hud").description("Render node9 security statusline (spawned by Claude Code statusLine)").action(async () => {
+  const { main: main2 } = await Promise.resolve().then(() => (init_hud(), hud_exports));
+  await main2();
+});
 program.command("pause").description("Temporarily disable Node9 protection for a set duration").option("-d, --duration <duration>", "How long to pause (e.g. 15m, 1h, 30s)", "15m").action((options) => {
   const ms = parseDuration(options.duration);
   if (ms === null) {
     console.error(
-      chalk17.red(`
+      chalk18.red(`
 \u274C  Invalid duration: "${options.duration}". Use format like 15m, 1h, 30s.
 `)
     );
@@ -9588,20 +10651,20 @@ program.command("pause").description("Temporarily disable Node9 protection for a
   }
   pauseNode9(ms, options.duration);
   const expiresAt = new Date(Date.now() + ms).toLocaleTimeString();
-  console.log(chalk17.yellow(`
+  console.log(chalk18.yellow(`
 \u23F8  Node9 paused until ${expiresAt}`));
-  console.log(chalk17.gray(`   All tool calls will be allowed without review.`));
-  console.log(chalk17.gray(`   Run "node9 resume" to re-enable early.
+  console.log(chalk18.gray(`   All tool calls will be allowed without review.`));
+  console.log(chalk18.gray(`   Run "node9 resume" to re-enable early.
 `));
 });
 program.command("resume").description("Re-enable Node9 protection immediately").action(() => {
   const { paused } = checkPause();
   if (!paused) {
-    console.log(chalk17.gray("\nNode9 is already active \u2014 nothing to resume.\n"));
+    console.log(chalk18.gray("\nNode9 is already active \u2014 nothing to resume.\n"));
     return;
   }
   resumeNode9();
-  console.log(chalk17.green("\n\u25B6  Node9 resumed \u2014 protection is active.\n"));
+  console.log(chalk18.green("\n\u25B6  Node9 resumed \u2014 protection is active.\n"));
 });
 var HOOK_BASED_AGENTS = {
   claude: "claude",
@@ -9614,15 +10677,15 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
     if (HOOK_BASED_AGENTS[firstArg2] !== void 0) {
       const target = HOOK_BASED_AGENTS[firstArg2];
       console.error(
-        chalk17.yellow(`
+        chalk18.yellow(`
 \u26A0\uFE0F  Node9 proxy mode does not support "${target}" directly.`)
       );
-      console.error(chalk17.white(`
+      console.error(chalk18.white(`
    "${target}" uses its own hook system. Use:`));
       console.error(
-        chalk17.green(`     node9 addto ${target}   `) + chalk17.gray("# one-time setup")
+        chalk18.green(`     node9 addto ${target}   `) + chalk18.gray("# one-time setup")
       );
-      console.error(chalk17.green(`     ${target}              `) + chalk17.gray("# run normally"));
+      console.error(chalk18.green(`     ${target}              `) + chalk18.gray("# run normally"));
       process.exit(1);
     }
     const runArgs = firstArg2 === "shell" ? commandArgs.slice(1) : commandArgs;
@@ -9639,12 +10702,12 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
       }
     );
     if (result.noApprovalMechanism && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON && getConfig().settings.autoStartDaemon) {
-      console.error(chalk17.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically..."));
+      console.error(chalk18.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically..."));
       const daemonReady = await autoStartDaemonAndWait();
       if (daemonReady) result = await authorizeHeadless("shell", { command: fullCommand });
     }
     if (result.noApprovalMechanism && process.stdout.isTTY) {
-      const approved = await confirm3({
+      const approved = await confirm2({
         message: `\u{1F6E1}\uFE0F  Node9: Allow "${fullCommand}"?`,
         default: false
       });
@@ -9652,12 +10715,12 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
     }
     if (!result.approved) {
       console.error(
-        chalk17.red(`
+        chalk18.red(`
 \u274C Node9 Blocked: ${result.reason || "Dangerous command detected."}`)
       );
       process.exit(1);
     }
-    console.error(chalk17.green("\n\u2705 Approved \u2014 running command...\n"));
+    console.error(chalk18.green("\n\u2705 Approved \u2014 running command...\n"));
     await runProxy(fullCommand);
   } else {
     program.help();
@@ -9672,9 +10735,9 @@ if (process.argv[2] !== "daemon") {
     const isCheckHook = process.argv[2] === "check";
     if (isCheckHook) {
       if (process.env.NODE9_DEBUG === "1" || getConfig().settings.enableHookLogDebug) {
-        const logPath = path27.join(os22.homedir(), ".node9", "hook-debug.log");
+        const logPath = path29.join(os22.homedir(), ".node9", "hook-debug.log");
         const msg = reason instanceof Error ? reason.message : String(reason);
-        fs25.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
+        fs26.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
 `);
       }
       process.exit(0);