@node9/proxy 1.5.4 → 1.6.0

package/dist/cli.mjs

@@ -139,8 +139,8 @@ function sanitizeConfig(raw) {
     }
   }
   const lines = result.error.issues.map((issue) => {
-    const path30 = issue.path.length > 0 ? issue.path.join(".") : "root";
-    return `  \u2022 ${path30}: ${issue.message}`;
+    const path31 = issue.path.length > 0 ? issue.path.join(".") : "root";
+    return `  \u2022 ${path31}: ${issue.message}`;
   });
   return {
     sanitized,
@@ -297,9 +297,9 @@ function readShieldsFile() {
       (e) => typeof e === "string" && e.length > 0 && e in SHIELDS
     ) : [];
     return { active, overrides: validateOverrides(parsed.overrides) };
-  } catch (err) {
-    if (err.code !== "ENOENT") {
-      process.stderr.write(`[node9] Warning: could not read shields state: ${String(err)}
+  } catch (err2) {
+    if (err2.code !== "ENOENT") {
+      process.stderr.write(`[node9] Warning: could not read shields state: ${String(err2)}
 `);
     }
     return { active: [] };
@@ -714,8 +714,8 @@ function tryLoadConfig(filePath) {
   let raw;
   try {
     raw = JSON.parse(fs3.readFileSync(filePath, "utf-8"));
-  } catch (err) {
-    const msg = err instanceof Error ? err.message : String(err);
+  } catch (err2) {
+    const msg = err2 instanceof Error ? err2.message : String(err2);
     process.stderr.write(
       `
 \u26A0\uFE0F  Node9: Failed to parse ${filePath}
@@ -1043,10 +1043,10 @@ function getCompiledRegex(pattern, flags = "") {
     regexCache.set(key, cached);
     return cached;
   }
-  const err = validateRegex(pattern);
-  if (err) {
+  const err2 = validateRegex(pattern);
+  if (err2) {
     if (process.env.NODE9_DEBUG === "1")
-      console.error(`[Node9] Regex blocked: ${err} \u2014 pattern: "${pattern}"`);
+      console.error(`[Node9] Regex blocked: ${err2} \u2014 pattern: "${pattern}"`);
     return null;
   }
   try {
@@ -1081,8 +1081,8 @@ function scanFilePath(filePath, cwd = process.cwd()) {
   try {
     const absolute = path4.resolve(cwd, filePath);
     resolved = fs4.realpathSync.native(absolute);
-  } catch (err) {
-    const code = err.code;
+  } catch (err2) {
+    const code = err2.code;
     if (code === "ENOENT" || code === "ENOTDIR") {
       resolved = path4.resolve(cwd, filePath);
     } else {
@@ -1757,9 +1757,9 @@ function matchesPattern(text, patterns) {
   const withoutDotSlash = text.replace(/^\.\//, "");
   return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
 }
-function getNestedValue(obj, path30) {
+function getNestedValue(obj, path31) {
   if (!obj || typeof obj !== "object") return null;
-  return path30.split(".").reduce((prev, curr) => prev?.[curr], obj);
+  return path31.split(".").reduce((prev, curr) => prev?.[curr], obj);
 }
 function shouldSnapshot(toolName, args, config) {
   if (!config.settings.enableUndo) return false;
@@ -2409,9 +2409,9 @@ function writeTrustSession(toolName, durationMs) {
     trust.entries = trust.entries.filter((e) => e.tool !== toolName && e.expiry > now);
     trust.entries.push({ tool: toolName, expiry: now + durationMs });
     atomicWriteSync(TRUST_FILE, JSON.stringify(trust, null, 2));
-  } catch (err) {
+  } catch (err2) {
     if (process.env.NODE9_DEBUG === "1") {
-      console.error("[Node9 Trust Error]:", err);
+      console.error("[Node9 Trust Error]:", err2);
     }
   }
 }
@@ -2610,13 +2610,13 @@ async function checkTaint(paths) {
       signal: AbortSignal.timeout(2e3)
     });
     return await res.json();
-  } catch (err) {
+  } catch (err2) {
     try {
       const { appendToLog: appendToLog2, HOOK_DEBUG_LOG: HOOK_DEBUG_LOG2 } = await Promise.resolve().then(() => (init_audit(), audit_exports));
       appendToLog2(HOOK_DEBUG_LOG2, {
         ts: (/* @__PURE__ */ new Date()).toISOString(),
         event: "checkTaint-error",
-        error: String(err),
+        error: String(err2),
         paths
       });
     } catch {
@@ -3109,10 +3109,10 @@ async function resolveNode9SaaS(requestId, creds, approved, decidedBy) {
 `
       );
     }
-  } catch (err) {
+  } catch (err2) {
     fs10.appendFileSync(
       HOOK_DEBUG_LOG,
-      `[resolve-cloud] PATCH failed for ${requestId}: ${err.message}
+      `[resolve-cloud] PATCH failed for ${requestId}: ${err2.message}
 `
     );
   }
@@ -3479,10 +3479,10 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
             blockedBy: cloudResult.approved ? void 0 : "team-policy",
             blockedByLabel: "Organization Policy (SaaS)"
           };
-        } catch (err) {
-          const error = err;
-          if (error.name === "AbortError" || error.message?.includes("Aborted")) throw err;
-          throw err;
+        } catch (err2) {
+          const error = err2;
+          if (error.name === "AbortError" || error.message?.includes("Aborted")) throw err2;
+          throw err2;
         }
       })()
     );
@@ -3575,10 +3575,10 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
       }
     };
     for (const p of racePromises) {
-      p.then(finish).catch((err) => {
-        if (err.name === "AbortError" || err.message?.includes("canceled") || err.message?.includes("Aborted"))
+      p.then(finish).catch((err2) => {
+        if (err2.name === "AbortError" || err2.message?.includes("canceled") || err2.message?.includes("Aborted"))
           return;
-        if (err.message === "Abandoned") {
+        if (err2.message === "Abandoned") {
           finish({
             approved: false,
             reason: "Browser dashboard closed without making a decision.",
@@ -5598,21 +5598,21 @@ function atomicWriteSync2(filePath, data, options) {
   const tmpPath = `${filePath}.${randomUUID3()}.tmp`;
   try {
     fs13.writeFileSync(tmpPath, data, options);
-  } catch (err) {
+  } catch (err2) {
     try {
       fs13.unlinkSync(tmpPath);
     } catch {
     }
-    throw err;
+    throw err2;
   }
   try {
     fs13.renameSync(tmpPath, filePath);
-  } catch (err) {
+  } catch (err2) {
     try {
       fs13.unlinkSync(tmpPath);
     } catch {
     }
-    throw err;
+    throw err2;
   }
 }
 function redactArgs(value) {
@@ -5791,6 +5791,16 @@ function startActivitySocket() {
           sessionHistory.recordTestFail(data.ts);
           return;
         }
+        if (data.status === "snapshot") {
+          broadcast("snapshot", {
+            hash: data.hash,
+            tool: data.tool,
+            argsSummary: data.argsSummary,
+            fileCount: data.fileCount,
+            ts: data.ts
+          });
+          return;
+        }
         if (data.status === "pending") {
           broadcast("activity", {
             id: data.id,
@@ -5922,21 +5932,21 @@ function patchConfig(configPath, patch) {
   const tmp = configPath + ".node9-tmp";
   try {
     fs14.writeFileSync(tmp, JSON.stringify(config, null, 2), { mode: 384 });
-  } catch (err) {
+  } catch (err2) {
     try {
       fs14.unlinkSync(tmp);
     } catch {
     }
-    throw err;
+    throw err2;
   }
   try {
     fs14.renameSync(tmp, configPath);
-  } catch (err) {
+  } catch (err2) {
     try {
       fs14.unlinkSync(tmp);
     } catch {
     }
-    throw err;
+    throw err2;
   }
 }
 var GLOBAL_CONFIG_PATH;
@@ -6191,11 +6201,11 @@ data: ${JSON.stringify(item.data)}
             e.earlyDecision = decision;
             e.earlyReason = result.reason;
           }
-        }).catch((err) => {
+        }).catch((err2) => {
           const e = pending.get(id);
           if (!e) return;
           clearTimeout(e.timer);
-          const reason = err?.reason || "No response \u2014 request timed out";
+          const reason = err2?.reason || "No response \u2014 request timed out";
           if (e.waiter) e.waiter("deny", reason);
           else {
             e.earlyDecision = "deny";
@@ -6322,8 +6332,8 @@ data: ${JSON.stringify(item.data)}
         const s = getGlobalSettings();
         res.writeHead(200, { "Content-Type": "application/json" });
         return res.end(JSON.stringify({ ...s, autoStarted }));
-      } catch (err) {
-        console.error(chalk2.red("[node9 daemon] GET /settings failed:"), err);
+      } catch (err2) {
+        console.error(chalk2.red("[node9 daemon] GET /settings failed:"), err2);
         res.writeHead(500, { "Content-Type": "application/json" });
         return res.end(JSON.stringify({ error: "internal" }));
       }
@@ -6347,8 +6357,8 @@ data: ${JSON.stringify(item.data)}
         };
         res.writeHead(200, { "Content-Type": "application/json" });
         return res.end(JSON.stringify(status));
-      } catch (err) {
-        console.error(chalk2.red("[node9 daemon] GET /status failed:"), err);
+      } catch (err2) {
+        console.error(chalk2.red("[node9 daemon] GET /status failed:"), err2);
         res.writeHead(500, { "Content-Type": "application/json" });
         return res.end(JSON.stringify({ error: "internal" }));
       }
@@ -6388,8 +6398,8 @@ data: ${JSON.stringify(item.data)}
         const s = getGlobalSettings();
         res.writeHead(200, { "Content-Type": "application/json" });
         return res.end(JSON.stringify({ hasKey: hasStoredSlackKey(), enabled: s.slackEnabled }));
-      } catch (err) {
-        console.error(chalk2.red("[node9 daemon] GET /slack-status failed:"), err);
+      } catch (err2) {
+        console.error(chalk2.red("[node9 daemon] GET /slack-status failed:"), err2);
         res.writeHead(500, { "Content-Type": "application/json" });
         return res.end(JSON.stringify({ error: "internal" }));
       }
@@ -6549,10 +6559,10 @@ data: ${JSON.stringify(item.data)}
         broadcast("suggestion:resolved", { id, status: "applied" });
         res.writeHead(200, { "Content-Type": "application/json" });
         return res.end(JSON.stringify({ ok: true }));
-      } catch (err) {
-        console.error(chalk2.red("[node9 daemon] POST /suggestions/:id/apply failed:"), err);
+      } catch (err2) {
+        console.error(chalk2.red("[node9 daemon] POST /suggestions/:id/apply failed:"), err2);
         res.writeHead(500, { "Content-Type": "application/json" });
-        return res.end(JSON.stringify({ error: String(err) }));
+        return res.end(JSON.stringify({ error: String(err2) }));
       }
     }
     if (req.method === "POST" && pathname.startsWith("/suggestions/") && pathname.endsWith("/dismiss")) {
@@ -6767,10 +6777,10 @@ __export(tail_exports, {
 });
 import http2 from "http";
 import chalk17 from "chalk";
-import fs24 from "fs";
-import os20 from "os";
-import path27 from "path";
-import readline4 from "readline";
+import fs25 from "fs";
+import os21 from "os";
+import path28 from "path";
+import readline5 from "readline";
 import { spawn as spawn9, execSync as execSync3 } from "child_process";
 function getIcon(tool) {
   const t = tool.toLowerCase();
@@ -6798,8 +6808,8 @@ function renderResult(activity, result) {
     status = chalk17.red("\u2717 BLOCK");
   }
   if (process.stdout.isTTY) {
-    readline4.clearLine(process.stdout, 0);
-    readline4.cursorTo(process.stdout, 0);
+    readline5.clearLine(process.stdout, 0);
+    readline5.cursorTo(process.stdout, 0);
   }
   console.log(`${base}  ${status}`);
 }
@@ -6809,9 +6819,9 @@ function renderPending(activity) {
 }
 async function ensureDaemon() {
   let pidPort = null;
-  if (fs24.existsSync(PID_FILE)) {
+  if (fs25.existsSync(PID_FILE)) {
     try {
-      const { port } = JSON.parse(fs24.readFileSync(PID_FILE, "utf-8"));
+      const { port } = JSON.parse(fs25.readFileSync(PID_FILE, "utf-8"));
       pidPort = port;
     } catch {
       console.error(chalk17.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
@@ -6948,7 +6958,7 @@ async function startTail(options = {}) {
           res.resume();
         }
       );
-      req2.once("error", (err) => resolve({ ok: false, code: err.code }));
+      req2.once("error", (err2) => resolve({ ok: false, code: err2.code }));
       req2.setTimeout(2e3, () => {
         resolve({ ok: false, code: "ETIMEDOUT" });
         req2.destroy();
@@ -6975,10 +6985,10 @@ async function startTail(options = {}) {
   let cancelActiveCard = null;
   const localAllowCounts = /* @__PURE__ */ new Map();
   const canApprove = process.stdout.isTTY && process.stdin.isTTY;
-  if (canApprove) readline4.emitKeypressEvents(process.stdin);
+  if (canApprove) readline5.emitKeypressEvents(process.stdin);
   function clearCard() {
     if (cardLineCount > 0) {
-      readline4.moveCursor(process.stdout, 0, -cardLineCount);
+      readline5.moveCursor(process.stdout, 0, -cardLineCount);
       process.stdout.write(ERASE_DOWN);
       cardLineCount = 0;
     }
@@ -7054,11 +7064,11 @@ async function startTail(options = {}) {
       } else {
         httpDecision = action;
       }
-      postDecisionHttp(req2.id, httpDecision, csrfToken, port, httpOpts).catch((err) => {
+      postDecisionHttp(req2.id, httpDecision, csrfToken, port, httpOpts).catch((err2) => {
         try {
-          fs24.appendFileSync(
-            path27.join(os20.homedir(), ".node9", "hook-debug.log"),
-            `[tail] POST /decision failed: ${String(err)}
+          fs25.appendFileSync(
+            path28.join(os21.homedir(), ".node9", "hook-debug.log"),
+            `[tail] POST /decision failed: ${String(err2)}
 `
           );
         } catch {
@@ -7156,8 +7166,8 @@ async function startTail(options = {}) {
     clearCard();
     process.stdout.write(SHOW_CURSOR);
     if (process.stdout.isTTY) {
-      readline4.clearLine(process.stdout, 0);
-      readline4.cursorTo(process.stdout, 0);
+      readline5.clearLine(process.stdout, 0);
+      readline5.cursorTo(process.stdout, 0);
     }
     console.log(chalk17.dim("\n\u{1F6F0}\uFE0F  Disconnected."));
     process.exit(0);
@@ -7172,7 +7182,7 @@ async function startTail(options = {}) {
     let currentData = "";
     res.on("error", () => {
     });
-    const rl = readline4.createInterface({ input: res, crlfDelay: Infinity });
+    const rl = readline5.createInterface({ input: res, crlfDelay: Infinity });
     rl.on("error", () => {
     });
     rl.on("line", (line) => {
@@ -7192,8 +7202,8 @@ async function startTail(options = {}) {
       clearCard();
       process.stdout.write(SHOW_CURSOR);
       if (process.stdout.isTTY) {
-        readline4.clearLine(process.stdout, 0);
-        readline4.cursorTo(process.stdout, 0);
+        readline5.clearLine(process.stdout, 0);
+        readline5.cursorTo(process.stdout, 0);
       }
       console.log(chalk17.red("\n\u274C Daemon disconnected."));
       process.exit(1);
@@ -7271,6 +7281,18 @@ async function startTail(options = {}) {
       const slowTool = /bash|shell|query|sql|agent/i.test(data.tool);
       if (slowTool) renderPending(data);
     }
+    if (event === "snapshot") {
+      const time = new Date(data.ts).toLocaleTimeString([], { hour12: false });
+      const hash = data.hash ?? "";
+      const summary = data.argsSummary ?? data.tool;
+      const fileCount = data.fileCount ?? 0;
+      const files = fileCount > 0 ? chalk17.dim(` \xB7 ${fileCount} file${fileCount === 1 ? "" : "s"}`) : "";
+      process.stdout.write(
+        `${chalk17.dim(time)}  ${chalk17.cyan("\u{1F4F8} snapshot")}  ${chalk17.dim(hash)}  ${summary}${files}
+`
+      );
+      return;
+    }
     if (event === "activity-result") {
       const original = activityPending.get(data.id);
       if (original) {
@@ -7279,8 +7301,8 @@ async function startTail(options = {}) {
       }
     }
   }
-  req.on("error", (err) => {
-    const msg = err.code === "ECONNREFUSED" ? "Daemon is not running. Start it with: node9 daemon start" : err.message;
+  req.on("error", (err2) => {
+    const msg = err2.code === "ECONNREFUSED" ? "Daemon is not running. Start it with: node9 daemon start" : err2.message;
     console.error(chalk17.red(`
 \u274C ${msg}`));
     process.exit(1);
@@ -7293,7 +7315,7 @@ var init_tail = __esm({
     init_daemon2();
     init_daemon();
     init_core();
-    PID_FILE = path27.join(os20.homedir(), ".node9", "daemon.pid");
+    PID_FILE = path28.join(os21.homedir(), ".node9", "daemon.pid");
     ICONS = {
       bash: "\u{1F4BB}",
       shell: "\u{1F4BB}",
@@ -7332,9 +7354,9 @@ __export(hud_exports, {
   main: () => main,
   renderEnvironmentLine: () => renderEnvironmentLine
 });
-import fs25 from "fs";
-import path28 from "path";
-import os21 from "os";
+import fs26 from "fs";
+import path29 from "path";
+import os22 from "os";
 import http3 from "http";
 async function readStdin() {
   const chunks = [];
@@ -7410,9 +7432,9 @@ function formatTimeLeft(resetsAt) {
   return ` (${m}m left)`;
 }
 function safeReadJson(filePath) {
-  if (!fs25.existsSync(filePath)) return null;
+  if (!fs26.existsSync(filePath)) return null;
   try {
-    return JSON.parse(fs25.readFileSync(filePath, "utf-8"));
+    return JSON.parse(fs26.readFileSync(filePath, "utf-8"));
   } catch {
     return null;
   }
@@ -7433,12 +7455,12 @@ function countHooksInFile(filePath) {
   return Object.keys(cfg.hooks).length;
 }
 function countRulesInDir(rulesDir) {
-  if (!fs25.existsSync(rulesDir)) return 0;
+  if (!fs26.existsSync(rulesDir)) return 0;
   let count = 0;
   try {
-    for (const entry of fs25.readdirSync(rulesDir, { withFileTypes: true })) {
+    for (const entry of fs26.readdirSync(rulesDir, { withFileTypes: true })) {
       if (entry.isDirectory()) {
-        count += countRulesInDir(path28.join(rulesDir, entry.name));
+        count += countRulesInDir(path29.join(rulesDir, entry.name));
       } else if (entry.isFile() && entry.name.endsWith(".md")) {
         count++;
       }
@@ -7449,46 +7471,46 @@ function countRulesInDir(rulesDir) {
 }
 function isSamePath(a, b) {
   try {
-    return path28.resolve(a) === path28.resolve(b);
+    return path29.resolve(a) === path29.resolve(b);
   } catch {
     return false;
   }
 }
 function countConfigs(cwd) {
-  const homeDir2 = os21.homedir();
-  const claudeDir = path28.join(homeDir2, ".claude");
+  const homeDir2 = os22.homedir();
+  const claudeDir = path29.join(homeDir2, ".claude");
   let claudeMdCount = 0;
   let rulesCount = 0;
   let hooksCount = 0;
   const userMcpServers = /* @__PURE__ */ new Set();
   const projectMcpServers = /* @__PURE__ */ new Set();
-  if (fs25.existsSync(path28.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
-  rulesCount += countRulesInDir(path28.join(claudeDir, "rules"));
-  const userSettings = path28.join(claudeDir, "settings.json");
+  if (fs26.existsSync(path29.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
+  rulesCount += countRulesInDir(path29.join(claudeDir, "rules"));
+  const userSettings = path29.join(claudeDir, "settings.json");
   for (const name of getMcpServerNames(userSettings)) userMcpServers.add(name);
   hooksCount += countHooksInFile(userSettings);
-  const userClaudeJson = path28.join(homeDir2, ".claude.json");
+  const userClaudeJson = path29.join(homeDir2, ".claude.json");
   for (const name of getMcpServerNames(userClaudeJson)) userMcpServers.add(name);
   for (const name of getDisabledMcpServers(userClaudeJson, "disabledMcpServers")) {
     userMcpServers.delete(name);
   }
   if (cwd) {
-    if (fs25.existsSync(path28.join(cwd, "CLAUDE.md"))) claudeMdCount++;
-    if (fs25.existsSync(path28.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
-    const projectClaudeDir = path28.join(cwd, ".claude");
+    if (fs26.existsSync(path29.join(cwd, "CLAUDE.md"))) claudeMdCount++;
+    if (fs26.existsSync(path29.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
+    const projectClaudeDir = path29.join(cwd, ".claude");
     const overlapsUserScope = isSamePath(projectClaudeDir, claudeDir);
     if (!overlapsUserScope) {
-      if (fs25.existsSync(path28.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
-      rulesCount += countRulesInDir(path28.join(projectClaudeDir, "rules"));
-      const projSettings = path28.join(projectClaudeDir, "settings.json");
+      if (fs26.existsSync(path29.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
+      rulesCount += countRulesInDir(path29.join(projectClaudeDir, "rules"));
+      const projSettings = path29.join(projectClaudeDir, "settings.json");
       for (const name of getMcpServerNames(projSettings)) projectMcpServers.add(name);
       hooksCount += countHooksInFile(projSettings);
     }
-    if (fs25.existsSync(path28.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
-    const localSettings = path28.join(projectClaudeDir, "settings.local.json");
+    if (fs26.existsSync(path29.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
+    const localSettings = path29.join(projectClaudeDir, "settings.local.json");
     for (const name of getMcpServerNames(localSettings)) projectMcpServers.add(name);
     hooksCount += countHooksInFile(localSettings);
-    const mcpJsonServers = getMcpServerNames(path28.join(cwd, ".mcp.json"));
+    const mcpJsonServers = getMcpServerNames(path29.join(cwd, ".mcp.json"));
     const disabledMcpJson = getDisabledMcpServers(localSettings, "disabledMcpjsonServers");
     for (const name of disabledMcpJson) mcpJsonServers.delete(name);
     for (const name of mcpJsonServers) projectMcpServers.add(name);
@@ -7601,11 +7623,11 @@ async function main() {
       try {
         const cwd = stdin.cwd ?? process.cwd();
         for (const configPath of [
-          path28.join(cwd, "node9.config.json"),
-          path28.join(os21.homedir(), ".node9", "config.json")
+          path29.join(cwd, "node9.config.json"),
+          path29.join(os22.homedir(), ".node9", "config.json")
         ]) {
-          if (!fs25.existsSync(configPath)) continue;
-          const cfg = JSON.parse(fs25.readFileSync(configPath, "utf-8"));
+          if (!fs26.existsSync(configPath)) continue;
+          const cfg = JSON.parse(fs26.readFileSync(configPath, "utf-8"));
           const hud = cfg.settings?.hud;
           if (hud && "showEnvironmentCounts" in hud) return hud.showEnvironmentCounts !== false;
         }
@@ -7654,6 +7676,16 @@ import path14 from "path";
 import os10 from "os";
 import chalk from "chalk";
 import { confirm } from "@inquirer/prompts";
+var NODE9_MCP_SERVER_ENTRY = { command: "node9", args: ["mcp-server"] };
+function hasNode9McpServer(servers) {
+  const entry = servers["node9"];
+  return !!entry && entry.command === "node9" && Array.isArray(entry.args) && entry.args[0] === "mcp-server";
+}
+function removeNode9McpServer(servers) {
+  if (!hasNode9McpServer(servers)) return false;
+  delete servers["node9"];
+  return true;
+}
 function printDaemonTip() {
   console.log(
     chalk.cyan("\n   \u{1F4A1} Node9 will protect you automatically using Native OS popups.") + chalk.white("\n      To view your history or manage persistent rules, run:") + chalk.green("\n      node9 daemon --openui")
@@ -7711,6 +7743,10 @@ function teardownClaude() {
   const claudeConfig = readJson(mcpPath);
   if (claudeConfig?.mcpServers) {
     let mcpChanged = false;
+    if (removeNode9McpServer(claudeConfig.mcpServers)) {
+      mcpChanged = true;
+      console.log(chalk.green("  \u2705 Removed node9 MCP server entry from ~/.claude.json"));
+    }
     for (const [name, server] of Object.entries(claudeConfig.mcpServers)) {
       if (server.command === "node9" && Array.isArray(server.args) && server.args.length > 0) {
         const [originalCmd, ...originalArgs] = server.args;
@@ -7754,6 +7790,10 @@ function teardownGemini() {
     }
   }
   if (settings.mcpServers) {
+    if (removeNode9McpServer(settings.mcpServers)) {
+      changed = true;
+      console.log(chalk.green("  \u2705 Removed node9 MCP server entry from ~/.gemini/settings.json"));
+    }
     for (const [name, server] of Object.entries(settings.mcpServers)) {
       if (server.command === "node9" && Array.isArray(server.args) && server.args.length > 0) {
         const [originalCmd, ...originalArgs] = server.args;
@@ -7782,6 +7822,10 @@ function teardownCursor() {
     return;
   }
   let changed = false;
+  if (removeNode9McpServer(mcpConfig.mcpServers)) {
+    changed = true;
+    console.log(chalk.green("  \u2705 Removed node9 MCP server entry from ~/.cursor/mcp.json"));
+  }
   for (const [name, server] of Object.entries(mcpConfig.mcpServers)) {
     if (server.command === "node9" && Array.isArray(server.args) && server.args.length > 0) {
       const [originalCmd, ...originalArgs] = server.args;
@@ -7807,6 +7851,7 @@ async function setupClaude() {
   const claudeConfig = readJson(mcpPath) ?? {};
   const settings = readJson(hooksPath) ?? {};
   const servers = claudeConfig.mcpServers ?? {};
+  let hooksChanged = false;
   let anythingChanged = false;
   if (!settings.hooks) settings.hooks = {};
   const hasPreHook = settings.hooks.PreToolUse?.some(
@@ -7819,6 +7864,7 @@ async function setupClaude() {
       hooks: [{ type: "command", command: fullPathCommand("check"), timeout: 60 }]
     });
     console.log(chalk.green("  \u2705 PreToolUse hook added  \u2192 node9 check"));
+    hooksChanged = true;
     anythingChanged = true;
   }
   const hasPostHook = settings.hooks.PostToolUse?.some(
@@ -7831,9 +7877,17 @@ async function setupClaude() {
       hooks: [{ type: "command", command: fullPathCommand("log"), timeout: 600 }]
     });
     console.log(chalk.green("  \u2705 PostToolUse hook added \u2192 node9 log"));
+    hooksChanged = true;
     anythingChanged = true;
   }
-  if (anythingChanged) {
+  if (!hasNode9McpServer(servers)) {
+    servers["node9"] = NODE9_MCP_SERVER_ENTRY;
+    claudeConfig.mcpServers = servers;
+    writeJson(mcpPath, claudeConfig);
+    console.log(chalk.green("  \u2705 node9 MCP server added   \u2192 node9 mcp-server"));
+    anythingChanged = true;
+  }
+  if (hooksChanged) {
     writeJson(hooksPath, settings);
     console.log("");
   }
@@ -7881,6 +7935,7 @@ async function setupGemini() {
   const settingsPath = path14.join(homeDir2, ".gemini", "settings.json");
   const settings = readJson(settingsPath) ?? {};
   const servers = settings.mcpServers ?? {};
+  let hooksChanged = false;
   let anythingChanged = false;
   if (!settings.hooks) settings.hooks = {};
   const hasBeforeHook = Array.isArray(settings.hooks.BeforeTool) && settings.hooks.BeforeTool.some(
@@ -7901,6 +7956,7 @@ async function setupGemini() {
       ]
     });
     console.log(chalk.green("  \u2705 BeforeTool hook added \u2192 node9 check"));
+    hooksChanged = true;
     anythingChanged = true;
   }
   const hasAfterHook = Array.isArray(settings.hooks.AfterTool) && settings.hooks.AfterTool.some(
@@ -7914,9 +7970,17 @@ async function setupGemini() {
       hooks: [{ name: "node9-log", type: "command", command: fullPathCommand("log") }]
     });
     console.log(chalk.green("  \u2705 AfterTool hook added  \u2192 node9 log"));
+    hooksChanged = true;
     anythingChanged = true;
   }
-  if (anythingChanged) {
+  if (!hasNode9McpServer(servers)) {
+    servers["node9"] = NODE9_MCP_SERVER_ENTRY;
+    settings.mcpServers = servers;
+    console.log(chalk.green("  \u2705 node9 MCP server added   \u2192 node9 mcp-server"));
+    hooksChanged = true;
+    anythingChanged = true;
+  }
+  if (hooksChanged) {
     writeJson(settingsPath, settings);
     console.log("");
   }
@@ -7963,10 +8027,10 @@ function detectAgents(homeDir2 = os10.homedir()) {
   const exists = (p) => {
     try {
       return fs11.existsSync(p);
-    } catch (err) {
-      const code = err.code;
+    } catch (err2) {
+      const code = err2.code;
       if (code !== "ENOENT") {
-        process.stderr.write(`[node9] detectAgents: cannot access ${p}: ${code ?? String(err)}
+        process.stderr.write(`[node9] detectAgents: cannot access ${p}: ${code ?? String(err2)}
 `);
       }
       return false;
@@ -7984,6 +8048,13 @@ async function setupCursor() {
   const mcpConfig = readJson(mcpPath) ?? {};
   const servers = mcpConfig.mcpServers ?? {};
   let anythingChanged = false;
+  if (!hasNode9McpServer(servers)) {
+    servers["node9"] = NODE9_MCP_SERVER_ENTRY;
+    mcpConfig.mcpServers = servers;
+    writeJson(mcpPath, mcpConfig);
+    console.log(chalk.green("  \u2705 node9 MCP server added   \u2192 node9 mcp-server"));
+    anythingChanged = true;
+  }
   const serversToWrap = [];
   for (const [name, server] of Object.entries(servers)) {
     if (!server.command || server.command === "node9") continue;
@@ -8083,9 +8154,9 @@ function teardownHud() {
 // src/cli.ts
 init_daemon2();
 import chalk18 from "chalk";
-import fs26 from "fs";
-import path29 from "path";
-import os22 from "os";
+import fs27 from "fs";
+import path30 from "path";
+import os23 from "os";
 import { confirm as confirm2 } from "@inquirer/prompts";
 
 // src/utils/duration.ts
@@ -8320,8 +8391,29 @@ import os14 from "os";
 import { spawnSync as spawnSync4, spawn as spawn5 } from "child_process";
 import crypto2 from "crypto";
 import fs17 from "fs";
+import net3 from "net";
 import path19 from "path";
 import os13 from "os";
+var ACTIVITY_SOCKET_PATH3 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path19.join(os13.tmpdir(), "node9-activity.sock");
+function notifySnapshotTaken(hash, tool, argsSummary, fileCount) {
+  try {
+    const payload = JSON.stringify({
+      status: "snapshot",
+      hash,
+      tool,
+      argsSummary,
+      fileCount,
+      ts: Date.now()
+    });
+    const sock = net3.createConnection(ACTIVITY_SOCKET_PATH3);
+    sock.on("connect", () => {
+      sock.end(payload);
+    });
+    sock.on("error", () => {
+    });
+  } catch {
+  }
+}
 var SNAPSHOT_STACK_PATH = path19.join(os13.homedir(), ".node9", "snapshots.json");
 var UNDO_LATEST_PATH = path19.join(os13.homedir(), ".node9", "undo_latest.txt");
 var MAX_SNAPSHOTS = 10;
@@ -8541,13 +8633,15 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
     }
     if (cwdCount > MAX_SNAPSHOTS) stack.splice(oldestCwdIdx, 1);
     writeStack(stack);
+    const entry = stack[stack.length - 1];
+    notifySnapshotTaken(commitHash.slice(0, 7), tool, entry.argsSummary, capturedFiles.length);
     fs17.writeFileSync(UNDO_LATEST_PATH, commitHash);
     if (shouldGc) {
       spawn5("git", ["gc", "--auto"], { env: shadowEnv, detached: true, stdio: "ignore" }).unref();
     }
     return commitHash;
-  } catch (err) {
-    if (process.env.NODE9_DEBUG === "1") console.error("[Node9 Undo Engine Error]:", err);
+  } catch (err2) {
+    if (process.env.NODE9_DEBUG === "1") console.error("[Node9 Undo Engine Error]:", err2);
     return null;
   } finally {
     if (indexFile) {
@@ -8651,11 +8745,11 @@ function registerCheckCommand(program2) {
         let payload = JSON.parse(raw);
         try {
           payload = JSON.parse(raw);
-        } catch (err) {
+        } catch (err2) {
           const tempConfig = getConfig();
           if (process.env.NODE9_DEBUG === "1" || tempConfig.settings.enableHookLogDebug) {
             const logPath = path20.join(os14.homedir(), ".node9", "hook-debug.log");
-            const errMsg = err instanceof Error ? err.message : String(err);
+            const errMsg = err2 instanceof Error ? err2.message : String(err2);
             fs18.appendFileSync(
               logPath,
               `[${(/* @__PURE__ */ new Date()).toISOString()}] JSON_PARSE_ERROR: ${errMsg}
@@ -8776,10 +8870,10 @@ RAW: ${raw}
           ...result,
           blockedByLabel: result.blockedByLabel
         });
-      } catch (err) {
+      } catch (err2) {
         if (process.env.NODE9_DEBUG === "1") {
           const logPath = path20.join(os14.homedir(), ".node9", "hook-debug.log");
-          const errMsg = err instanceof Error ? err.message : String(err);
+          const errMsg = err2 instanceof Error ? err2.message : String(err2);
           fs18.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
 `);
         }
@@ -8925,8 +9019,8 @@ function registerLogCommand(program2) {
         if (shouldSnapshot(tool, {}, config)) {
           await createShadowSnapshot("unknown", {}, config.policy.snapshot.ignorePaths);
         }
-      } catch (err) {
-        const msg = err instanceof Error ? err.message : String(err);
+      } catch (err2) {
+        const msg = err2 instanceof Error ? err2.message : String(err2);
         process.stderr.write(`[Node9] audit log error: ${msg}
 `);
         const debugPath = path21.join(os15.homedir(), ".node9", "hook-debug.log");
@@ -10312,6 +10406,264 @@ function registerMcpGatewayCommand(program2) {
   });
 }
 
+// src/mcp-server/index.ts
+import readline4 from "readline";
+import fs24 from "fs";
+import os20 from "os";
+import path27 from "path";
+init_core();
+init_daemon();
+init_shields();
+function ok(id, result) {
+  return JSON.stringify({ jsonrpc: "2.0", id: id ?? null, result });
+}
+function err(id, code, message) {
+  return JSON.stringify({ jsonrpc: "2.0", id: id ?? null, error: { code, message } });
+}
+var TOOLS = [
+  {
+    name: "node9_status",
+    description: "Show the current node9 protection status: mode, daemon state, undo engine, pause state, active shields, and whether agent hooks are wired. Use this to understand what protection is active before doing risky work.",
+    inputSchema: { type: "object", properties: {}, required: [] }
+  },
+  {
+    name: "node9_config_get",
+    description: "Read the current node9 configuration: security mode, approver channels, timeouts, DLP settings, and the number of active smart rules. Returns the merged config (env > cloud > project > global > defaults).",
+    inputSchema: { type: "object", properties: {}, required: [] }
+  },
+  {
+    name: "node9_shield_list",
+    description: "List all available node9 shields and which ones are currently active. Shields are pre-packaged rule sets for specific services (postgres, aws, github, filesystem).",
+    inputSchema: { type: "object", properties: {}, required: [] }
+  },
+  {
+    name: "node9_shield_enable",
+    description: "Enable a node9 shield for a specific service. Shields only add protection \u2014 they cannot be used to weaken or bypass node9. Use node9_shield_list to see available shield names.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        service: {
+          type: "string",
+          description: 'Shield name to enable (e.g. "postgres", "aws", "github", "filesystem").'
+        }
+      },
+      required: ["service"]
+    }
+  },
+  {
+    name: "node9_undo_list",
+    description: "List the node9 snapshot history. Each entry shows the git hash, tool that triggered it, a short summary, affected files, working directory, and timestamp. Use this to find a hash before calling node9_undo_revert.",
+    inputSchema: { type: "object", properties: {}, required: [] }
+  },
+  {
+    name: "node9_undo_revert",
+    description: "Revert the working directory to a specific node9 snapshot. Call node9_undo_list first to find the hash you want to restore. WARNING: this overwrites current files \u2014 any unsaved work will be lost.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        hash: {
+          type: "string",
+          description: "The full git commit hash from node9_undo_list."
+        },
+        cwd: {
+          type: "string",
+          description: "Absolute path to the project directory. Defaults to process.cwd()."
+        }
+      },
+      required: ["hash"]
+    }
+  }
+];
+function handleStatus() {
+  const config = getConfig();
+  const settings = config.settings;
+  const paused = checkPause();
+  const daemonUp = isDaemonRunning();
+  const activeShields = readActiveShields();
+  const lines = [];
+  lines.push(`Mode: ${settings.mode}`);
+  lines.push(`Daemon: ${daemonUp ? "running" : "stopped"}`);
+  lines.push(`Undo engine: ${settings.enableUndo ? "enabled" : "disabled"}`);
+  if (paused.paused) {
+    const until = paused.expiresAt ? new Date(paused.expiresAt).toLocaleTimeString() : "indefinitely";
+    lines.push(`PAUSED until ${until} \u2014 all tool calls currently allowed`);
+  } else {
+    lines.push(`Pause state: not paused`);
+  }
+  lines.push(`Active shields: ${activeShields.length > 0 ? activeShields.join(", ") : "none"}`);
+  lines.push(`Smart rules: ${config.policy.smartRules.length} loaded`);
+  lines.push(`DLP: ${config.policy.dlp?.enabled !== false ? "enabled" : "disabled"}`);
+  const projectConfig = path27.join(process.cwd(), "node9.config.json");
+  const globalConfig = path27.join(os20.homedir(), ".node9", "config.json");
+  lines.push(
+    `Project config (node9.config.json): ${fs24.existsSync(projectConfig) ? "present" : "not found"}`
+  );
+  lines.push(
+    `Global config (~/.node9/config.json): ${fs24.existsSync(globalConfig) ? "present" : "not found"}`
+  );
+  return lines.join("\n");
+}
+function handleConfigGet() {
+  const config = getConfig();
+  const s = config.settings;
+  const lines = [
+    `mode: ${s.mode}`,
+    `enableUndo: ${s.enableUndo}`,
+    `flightRecorder: ${s.flightRecorder}`,
+    `approvalTimeoutMs: ${s.approvalTimeoutMs}`,
+    `approvers:`,
+    `  native:   ${s.approvers.native}`,
+    `  browser:  ${s.approvers.browser}`,
+    `  cloud:    ${s.approvers.cloud}`,
+    `  terminal: ${s.approvers.terminal}`,
+    `dlp.enabled: ${config.policy.dlp?.enabled !== false}`,
+    `dlp.scanIgnoredTools: ${config.policy.dlp?.scanIgnoredTools !== false}`,
+    `smartRules: ${config.policy.smartRules.length} active`,
+    `sandboxPaths: ${config.policy.sandboxPaths.length > 0 ? config.policy.sandboxPaths.join(", ") : "none"}`
+  ];
+  return lines.join("\n");
+}
+function handleShieldList() {
+  const all = listShields();
+  const active = new Set(readActiveShields());
+  if (all.length === 0) return "No shields available.";
+  const lines = all.map((shield) => {
+    const on = active.has(shield.name);
+    const ruleCount = shield.smartRules.length;
+    return `${on ? "[active]" : "[off]   "} ${shield.name.padEnd(12)} \u2014 ${shield.description ?? ""} (${ruleCount} rule${ruleCount === 1 ? "" : "s"})`;
+  });
+  lines.unshift(`${active.size} of ${all.length} shields active:
+`);
+  return lines.join("\n");
+}
+function handleShieldEnable(args) {
+  const service = args.service;
+  if (typeof service !== "string" || !service) {
+    throw new Error("service is required");
+  }
+  const name = resolveShieldName(service);
+  if (!name) {
+    throw new Error(
+      `Unknown shield: "${service}". Run node9_shield_list to see available shields.`
+    );
+  }
+  const active = readActiveShields();
+  if (active.includes(name)) {
+    return `Shield "${name}" is already active.`;
+  }
+  writeActiveShields([...active, name]);
+  const shield = getShield(name);
+  return `Shield "${name}" enabled \u2014 ${shield.smartRules.length} smart rule${shield.smartRules.length === 1 ? "" : "s"} now active.`;
+}
+function handleUndoList() {
+  const history = getSnapshotHistory();
+  if (history.length === 0) {
+    return "No snapshots found. Node9 captures snapshots automatically before file edits.";
+  }
+  const lines = history.slice().reverse().map((entry, i) => {
+    const date = new Date(entry.timestamp).toLocaleString();
+    const files = entry.files?.length ? `${entry.files.length} file(s)` : "unknown files";
+    const summary = entry.argsSummary ? ` \u2014 ${entry.argsSummary}` : "";
+    return `[${i + 1}] ${entry.hash.slice(0, 7)}  ${date}  ${entry.tool}${summary}  (${files})  cwd: ${entry.cwd}
+    full hash: ${entry.hash}`;
+  });
+  return lines.join("\n\n");
+}
+function handleUndoRevert(args) {
+  const hash = args.hash;
+  if (typeof hash !== "string" || !hash) {
+    throw new Error("hash is required and must be a non-empty string");
+  }
+  if (!/^[0-9a-f]{7,40}$/i.test(hash)) {
+    throw new Error(`Invalid hash format: ${hash}`);
+  }
+  const cwd = typeof args.cwd === "string" && args.cwd ? args.cwd : process.cwd();
+  const success = applyUndo(hash, cwd);
+  if (!success) {
+    throw new Error(
+      `Revert failed for hash ${hash}. The snapshot may not exist for this directory, or git encountered an error.`
+    );
+  }
+  return `Successfully reverted to snapshot ${hash.slice(0, 7)} in ${cwd}.`;
+}
+function runMcpServer() {
+  const rl = readline4.createInterface({ input: process.stdin, terminal: false });
+  rl.on("line", (line) => {
+    let msg;
+    try {
+      msg = JSON.parse(line);
+    } catch {
+      process.stdout.write(err(null, -32700, "Parse error") + "\n");
+      return;
+    }
+    const { method, id, params } = msg;
+    if (method === "initialize") {
+      process.stdout.write(
+        ok(id, {
+          protocolVersion: "2024-11-05",
+          serverInfo: { name: "node9", version: "1.0.0" },
+          capabilities: { tools: {} }
+        }) + "\n"
+      );
+      return;
+    }
+    if (id === void 0 || id === null) {
+      return;
+    }
+    if (method === "tools/list") {
+      process.stdout.write(ok(id, { tools: TOOLS }) + "\n");
+      return;
+    }
+    if (method === "tools/call") {
+      const p = params ?? {};
+      const toolName = p.name;
+      const toolArgs = p.arguments ?? {};
+      try {
+        let text;
+        if (toolName === "node9_status") {
+          text = handleStatus();
+        } else if (toolName === "node9_config_get") {
+          text = handleConfigGet();
+        } else if (toolName === "node9_shield_list") {
+          text = handleShieldList();
+        } else if (toolName === "node9_shield_enable") {
+          text = handleShieldEnable(toolArgs);
+        } else if (toolName === "node9_undo_list") {
+          text = handleUndoList();
+        } else if (toolName === "node9_undo_revert") {
+          text = handleUndoRevert(toolArgs);
+        } else {
+          process.stdout.write(err(id, -32601, `Unknown tool: ${toolName}`) + "\n");
+          return;
+        }
+        process.stdout.write(ok(id, { content: [{ type: "text", text }] }) + "\n");
+      } catch (e) {
+        const message = e instanceof Error ? e.message : String(e);
+        process.stdout.write(
+          ok(id, {
+            content: [{ type: "text", text: `Error: ${message}` }],
+            isError: true
+          }) + "\n"
+        );
+      }
+      return;
+    }
+    process.stdout.write(err(id, -32601, `Method not found: ${method}`) + "\n");
+  });
+  rl.on("close", () => {
+    process.exit(0);
+  });
+}
+
+// src/cli/commands/mcp-server.ts
+function registerMcpServerCommand(program2) {
+  program2.command("mcp-server").description(
+    "Run the Node9 MCP server \u2014 exposes node9 tools (undo, rules, \u2026) to Claude, Cursor, and Gemini"
+  ).action(() => {
+    runMcpServer();
+  });
+}
+
 // src/cli/commands/trust.ts
 init_trusted_hosts();
 import chalk16 from "chalk";
@@ -10369,20 +10721,20 @@ function registerTrustCommand(program2) {
 
 // src/cli.ts
 var { version } = JSON.parse(
-  fs26.readFileSync(path29.join(__dirname, "../package.json"), "utf-8")
+  fs27.readFileSync(path30.join(__dirname, "../package.json"), "utf-8")
 );
 var program = new Command();
 program.name("node9").description("The Sudo Command for AI Agents").version(version);
 program.command("login").argument("<apiKey>").option("--local", "Save key for audit/logging only \u2014 local config still controls all decisions").option("--profile <name>", 'Save as a named profile (default: "default")').action((apiKey, options) => {
   const DEFAULT_API_URL = "https://api.node9.ai/api/v1/intercept";
-  const credPath = path29.join(os22.homedir(), ".node9", "credentials.json");
-  if (!fs26.existsSync(path29.dirname(credPath)))
-    fs26.mkdirSync(path29.dirname(credPath), { recursive: true });
+  const credPath = path30.join(os23.homedir(), ".node9", "credentials.json");
+  if (!fs27.existsSync(path30.dirname(credPath)))
+    fs27.mkdirSync(path30.dirname(credPath), { recursive: true });
   const profileName = options.profile || "default";
   let existingCreds = {};
   try {
-    if (fs26.existsSync(credPath)) {
-      const raw = JSON.parse(fs26.readFileSync(credPath, "utf-8"));
+    if (fs27.existsSync(credPath)) {
+      const raw = JSON.parse(fs27.readFileSync(credPath, "utf-8"));
       if (raw.apiKey) {
         existingCreds = {
           default: { apiKey: raw.apiKey, apiUrl: raw.apiUrl || DEFAULT_API_URL }
@@ -10394,13 +10746,13 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
   } catch {
   }
   existingCreds[profileName] = { apiKey, apiUrl: DEFAULT_API_URL };
-  fs26.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
+  fs27.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
   if (profileName === "default") {
-    const configPath = path29.join(os22.homedir(), ".node9", "config.json");
+    const configPath = path30.join(os23.homedir(), ".node9", "config.json");
     let config = {};
     try {
-      if (fs26.existsSync(configPath))
-        config = JSON.parse(fs26.readFileSync(configPath, "utf-8"));
+      if (fs27.existsSync(configPath))
+        config = JSON.parse(fs27.readFileSync(configPath, "utf-8"));
     } catch {
     }
     if (!config.settings || typeof config.settings !== "object") config.settings = {};
@@ -10415,9 +10767,9 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
       approvers.cloud = false;
     }
     s.approvers = approvers;
-    if (!fs26.existsSync(path29.dirname(configPath)))
-      fs26.mkdirSync(path29.dirname(configPath), { recursive: true });
-    fs26.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
+    if (!fs27.existsSync(path30.dirname(configPath)))
+      fs27.mkdirSync(path30.dirname(configPath), { recursive: true });
+    fs27.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
   }
   if (options.profile && profileName !== "default") {
     console.log(chalk18.green(`\u2705 Profile "${profileName}" saved`));
@@ -10477,8 +10829,8 @@ program.command("removefrom").description("Remove Node9 hooks from an AI agent c
 `));
   try {
     fn();
-  } catch (err) {
-    console.error(chalk18.red(`  \u26A0\uFE0F  Failed: ${err instanceof Error ? err.message : String(err)}`));
+  } catch (err2) {
+    console.error(chalk18.red(`  \u26A0\uFE0F  Failed: ${err2 instanceof Error ? err2.message : String(err2)}`));
     process.exit(1);
   }
   console.log(chalk18.gray("\n  Restart the agent for changes to take effect."));
@@ -10501,25 +10853,25 @@ program.command("uninstall").description("Remove all Node9 hooks and optionally
   ]) {
     try {
       fn();
-    } catch (err) {
+    } catch (err2) {
       teardownFailed = true;
       console.error(
         chalk18.red(
-          `  \u26A0\uFE0F  Failed to remove ${label} hooks: ${err instanceof Error ? err.message : String(err)}`
+          `  \u26A0\uFE0F  Failed to remove ${label} hooks: ${err2 instanceof Error ? err2.message : String(err2)}`
         )
       );
     }
   }
   if (options.purge) {
-    const node9Dir = path29.join(os22.homedir(), ".node9");
-    if (fs26.existsSync(node9Dir)) {
+    const node9Dir = path30.join(os23.homedir(), ".node9");
+    if (fs27.existsSync(node9Dir)) {
       const confirmed = await confirm2({
         message: `Permanently delete ${node9Dir} (config, audit log, credentials)?`,
         default: false
       });
       if (confirmed) {
-        fs26.rmSync(node9Dir, { recursive: true });
-        if (fs26.existsSync(node9Dir)) {
+        fs27.rmSync(node9Dir, { recursive: true });
+        if (fs27.existsSync(node9Dir)) {
           console.error(
             chalk18.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
           );
@@ -10626,13 +10978,14 @@ program.command("tail").description("Stream live agent activity to the terminal"
   const { startTail: startTail2 } = await Promise.resolve().then(() => (init_tail(), tail_exports));
   try {
     await startTail2(options);
-  } catch (err) {
-    console.error(chalk18.red(`\u274C ${err instanceof Error ? err.message : String(err)}`));
+  } catch (err2) {
+    console.error(chalk18.red(`\u274C ${err2 instanceof Error ? err2.message : String(err2)}`));
     process.exit(1);
   }
 });
 registerWatchCommand(program);
 registerMcpGatewayCommand(program);
+registerMcpServerCommand(program);
 registerCheckCommand(program);
 registerLogCommand(program);
 program.command("hud").description("Render node9 security statusline (spawned by Claude Code statusLine)").action(async () => {
@@ -10735,9 +11088,9 @@ if (process.argv[2] !== "daemon") {
     const isCheckHook = process.argv[2] === "check";
     if (isCheckHook) {
       if (process.env.NODE9_DEBUG === "1" || getConfig().settings.enableHookLogDebug) {
-        const logPath = path29.join(os22.homedir(), ".node9", "hook-debug.log");
+        const logPath = path30.join(os23.homedir(), ".node9", "hook-debug.log");
         const msg = reason instanceof Error ? reason.message : String(reason);
-        fs26.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
+        fs27.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
 `);
       }
       process.exit(0);