@node9/proxy 1.6.0 → 1.7.0

package/README.md

@@ -32,10 +32,6 @@ While others try to _guess_ if a prompt is malicious (Semantic Security), Node9
 
 **AIs are literal.** When you ask an agent to "Fix my disk space," it might decide to run `docker system prune -af`.
 
-<p align="center">
-  <img src="https://github.com/user-attachments/assets/afae9caa-0605-4cac-929a-c14198383169" width="100%">
-</p>
-
 **With Node9, the interaction looks like this:**
 
 1. **🤖 AI attempts a "Nuke":** `Bash("docker system prune -af --volumes")`

package/dist/cli.js

@@ -799,7 +799,7 @@ var init_config = __esm({
     DEFAULT_CONFIG = {
       version: "1.0",
       settings: {
-        mode: "audit",
+        mode: "standard",
         autoStartDaemon: true,
         enableUndo: true,
         // 🔥 ALWAYS TRUE BY DEFAULT for the safety net
@@ -3198,6 +3198,7 @@ async function authorizeHeadless(toolName, args, meta, options) {
       await notifyActivity({
         id: actId,
         tool: toolName,
+        args,
         ts: actTs,
         status: result.approved ? "allow" : result.blockedByLabel?.includes("DLP") ? "dlp" : result.blockedByLabel?.includes("Taint") ? "taint" : "block",
         label: result.blockedByLabel,
@@ -5476,6 +5477,7 @@ var init_session_counters = __esm({
       _blocked = 0;
       _dlpHits = 0;
       _wouldBlock = 0;
+      _estimatedCost = 0;
       _lastRuleHit = null;
       _lastBlockedTool = null;
       incrementAllowed() {
@@ -5490,6 +5492,10 @@ var init_session_counters = __esm({
       incrementWouldBlock() {
         this._wouldBlock++;
       }
+      addCost(amount) {
+        if (!isFinite(amount) || amount < 0) return;
+        this._estimatedCost += amount;
+      }
       recordRuleHit(label) {
         this._lastRuleHit = label;
       }
@@ -5502,6 +5508,7 @@ var init_session_counters = __esm({
           blocked: this._blocked,
           dlpHits: this._dlpHits,
           wouldBlock: this._wouldBlock,
+          estimatedCost: this._estimatedCost,
           lastRuleHit: this._lastRuleHit,
           lastBlockedTool: this._lastBlockedTool
         };
@@ -5511,6 +5518,7 @@ var init_session_counters = __esm({
         this._blocked = 0;
         this._dlpHits = 0;
         this._wouldBlock = 0;
+        this._estimatedCost = 0;
         this._lastRuleHit = null;
         this._lastBlockedTool = null;
       }
@@ -5735,15 +5743,38 @@ function openBrowser(url) {
   } catch {
   }
 }
+function estimateToolCost(tool, args) {
+  const a = args ?? {};
+  const t = tool.toLowerCase().replace(/[^a-z_]/g, "_");
+  if (t.includes("read") || t === "glob" || t === "grep") {
+    const filePath = a.file_path ?? a.path;
+    if (filePath) {
+      try {
+        const bytes = import_fs13.default.statSync(filePath).size;
+        return bytes / BYTES_PER_TOKEN / 1e6 * INPUT_PRICE_PER_1M;
+      } catch {
+      }
+    }
+  }
+  if (t.includes("write")) {
+    const content = a.content ?? "";
+    return String(content).length / BYTES_PER_TOKEN / 1e6 * OUTPUT_PRICE_PER_1M;
+  }
+  if (t.includes("edit") || t === "str_replace_based_edit_tool") {
+    const newStr = a.new_string ?? "";
+    return String(newStr).length / BYTES_PER_TOKEN / 1e6 * OUTPUT_PRICE_PER_1M;
+  }
+  return void 0;
+}
 function broadcast(event, data) {
   if (event === "activity") {
     activityRing.push({ event, data });
     if (activityRing.length > ACTIVITY_RING_SIZE) activityRing.shift();
   } else if (event === "activity-result") {
-    const { id, status, label } = data;
+    const { id, status, label, costEstimate } = data;
     for (let i = activityRing.length - 1; i >= 0; i--) {
       if (activityRing[i].data.id === id) {
-        Object.assign(activityRing[i].data, { status, label });
+        Object.assign(activityRing[i].data, { status, label, costEstimate });
         break;
       }
     }
@@ -5845,10 +5876,13 @@ function startActivitySocket() {
             sessionCounters.incrementBlocked();
             sessionCounters.recordBlockedTool(data.tool);
           }
+          const costEstimate = data.status === "allow" ? estimateToolCost(data.tool, data.args) : void 0;
+          if (costEstimate != null && costEstimate > 0) sessionCounters.addCost(costEstimate);
           broadcast("activity-result", {
             id: data.id,
             status: data.status,
-            label: data.label
+            label: data.label,
+            costEstimate
           });
         }
       } catch {
@@ -5865,7 +5899,7 @@ function startActivitySocket() {
     }
   });
 }
-var import_net2, import_fs13, import_path16, import_os11, import_child_process3, import_crypto5, homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, suggestions, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, SECRET_KEY_RE, WRITE_TOOL_NAMES;
+var import_net2, import_fs13, import_path16, import_os11, import_child_process3, import_crypto5, homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, suggestions, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, SECRET_KEY_RE, INPUT_PRICE_PER_1M, OUTPUT_PRICE_PER_1M, BYTES_PER_TOKEN, WRITE_TOOL_NAMES;
 var init_state2 = __esm({
   "src/daemon/state.ts"() {
     "use strict";
@@ -5909,6 +5943,9 @@ var init_state2 = __esm({
     ACTIVITY_RING_SIZE = 100;
     activityRing = [];
     SECRET_KEY_RE = /password|secret|token|key|apikey|credential|auth/i;
+    INPUT_PRICE_PER_1M = 3;
+    OUTPUT_PRICE_PER_1M = 15;
+    BYTES_PER_TOKEN = 4;
     WRITE_TOOL_NAMES = /* @__PURE__ */ new Set([
       "write",
       "write_file",
@@ -6366,7 +6403,8 @@ data: ${JSON.stringify(item.data)}
             allowed: counters.allowed,
             blocked: counters.blocked,
             dlpHits: counters.dlpHits,
-            wouldBlock: counters.wouldBlock
+            wouldBlock: counters.wouldBlock,
+            estimatedCost: counters.estimatedCost
           },
           taintedCount: taintStore.list().length,
           lastRuleHit: counters.lastRuleHit,
@@ -6498,6 +6536,7 @@ data: ${JSON.stringify(item.data)}
     }
     if (req.method === "POST" && pathname === "/events/clear") {
       activityRing.length = 0;
+      sessionCounters.reset();
       res.writeHead(200, { "Content-Type": "application/json" });
       return res.end(JSON.stringify({ ok: true }));
     }
@@ -6811,7 +6850,7 @@ function formatBase(activity) {
   const time = new Date(activity.ts).toLocaleTimeString([], { hour12: false });
   const icon = getIcon(activity.tool);
   const toolName = activity.tool.slice(0, 16).padEnd(16);
-  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ");
+  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ").replaceAll(import_os21.default.homedir(), "~");
   const argsPreview = argsStr.length > 70 ? argsStr.slice(0, 70) + "\u2026" : argsStr;
   return `${import_chalk17.default.gray(time)} ${icon} ${import_chalk17.default.white.bold(toolName)} ${import_chalk17.default.dim(argsPreview)}`;
 }
@@ -6825,11 +6864,13 @@ function renderResult(activity, result) {
   } else {
     status = import_chalk17.default.red("\u2717 BLOCK");
   }
+  const cost = result.costEstimate ?? activity.costEstimate;
+  const costSuffix = cost == null ? "" : import_chalk17.default.dim(`  ~$${cost >= 1e-3 ? cost.toFixed(3) : "0.000"}`);
   if (process.stdout.isTTY) {
     import_readline5.default.clearLine(process.stdout, 0);
     import_readline5.default.cursorTo(process.stdout, 0);
   }
-  console.log(`${base}  ${status}`);
+  console.log(`${base}  ${status}${costSuffix}`);
 }
 function renderPending(activity) {
   if (!process.stdout.isTTY) return;
@@ -6958,6 +6999,39 @@ function buildRecoveryCardLines(req) {
     ``
   ];
 }
+function readApproversFromDisk() {
+  const configPath = import_path28.default.join(import_os21.default.homedir(), ".node9", "config.json");
+  try {
+    const raw = JSON.parse(import_fs25.default.readFileSync(configPath, "utf-8"));
+    const settings = raw.settings ?? {};
+    return settings.approvers ?? {};
+  } catch {
+    return {};
+  }
+}
+function approverStatusLine() {
+  const a = readApproversFromDisk();
+  const fmt = (label, key) => {
+    const on = a[key] !== false;
+    return `[${key[0]}]${label.slice(1)} ${on ? import_chalk17.default.green("\u2713") : import_chalk17.default.dim("\u2717")}`;
+  };
+  return `${fmt("native", "native")}  ${fmt("browser", "browser")}  ${fmt("cloud", "cloud")}  ${fmt("terminal", "terminal")}`;
+}
+function toggleApprover(channel) {
+  const configPath = import_path28.default.join(import_os21.default.homedir(), ".node9", "config.json");
+  try {
+    const raw = JSON.parse(import_fs25.default.readFileSync(configPath, "utf-8"));
+    const settings = raw.settings ?? {};
+    const approvers = settings.approvers ?? {};
+    approvers[channel] = approvers[channel] === false;
+    settings.approvers = approvers;
+    raw.settings = settings;
+    import_fs25.default.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
+  } catch (err2) {
+    process.stderr.write(`[node9] toggleApprover failed: ${String(err2)}
+`);
+  }
+}
 async function startTail(options = {}) {
   const port = await ensureDaemon();
   if (options.clear) {
@@ -7004,6 +7078,44 @@ async function startTail(options = {}) {
   const localAllowCounts = /* @__PURE__ */ new Map();
   const canApprove = process.stdout.isTTY && process.stdin.isTTY;
   if (canApprove) import_readline5.default.emitKeypressEvents(process.stdin);
+  let idleKeypressHandler = null;
+  function enterIdleMode() {
+    if (!canApprove || idleKeypressHandler !== null) return;
+    try {
+      process.stdin.setRawMode(true);
+    } catch {
+      return;
+    }
+    process.stdin.resume();
+    idleKeypressHandler = (_str, key) => {
+      const name = key?.name ?? "";
+      if (key?.ctrl && name === "c") {
+        process.kill(process.pid, "SIGINT");
+        return;
+      }
+      if (name === "q") {
+        process.kill(process.pid, "SIGINT");
+        return;
+      }
+      const channel = name === "n" ? "native" : name === "b" ? "browser" : name === "c" ? "cloud" : name === "t" ? "terminal" : null;
+      if (channel) {
+        toggleApprover(channel);
+        console.log(import_chalk17.default.dim(`  Approvers: ${approverStatusLine()}`));
+      }
+    };
+    process.stdin.on("keypress", idleKeypressHandler);
+  }
+  function exitIdleMode() {
+    if (idleKeypressHandler) {
+      process.stdin.removeListener("keypress", idleKeypressHandler);
+      idleKeypressHandler = null;
+    }
+    try {
+      process.stdin.setRawMode(false);
+    } catch {
+    }
+    process.stdin.pause();
+  }
   function clearCard() {
     if (cardLineCount > 0) {
       import_readline5.default.moveCursor(process.stdout, 0, -cardLineCount);
@@ -7022,10 +7134,12 @@ async function startTail(options = {}) {
   }
   function showNextCard() {
     if (cardActive || approvalQueue.length === 0 || !canApprove) return;
+    exitIdleMode();
     try {
       process.stdin.setRawMode(true);
     } catch {
       cardActive = false;
+      enterIdleMode();
       return;
     }
     cardActive = true;
@@ -7037,12 +7151,8 @@ async function startTail(options = {}) {
       const handler = onKeypress;
       onKeypress = null;
       if (handler) process.stdin.removeListener("keypress", handler);
-      try {
-        process.stdin.setRawMode(false);
-      } catch {
-      }
-      process.stdin.pause();
       cancelActiveCard = null;
+      enterIdleMode();
     };
     const settle = (action) => {
       if (settled) return;
@@ -7169,18 +7279,16 @@ async function startTail(options = {}) {
   console.log(import_chalk17.default.cyan.bold(`
 \u{1F6F0}\uFE0F  Node9 tail  `) + import_chalk17.default.dim(`\u2192 ${dashboardUrl}`));
   if (canApprove) {
-    console.log(
-      import_chalk17.default.dim("Interactive approvals: [\u21B5/y] Allow  [n] Deny  [a] Always Allow  [t] Trust 30m")
-    );
+    console.log(import_chalk17.default.dim("Card: [\u21B5/y] Allow  [n] Deny  [a] Always  [t] Trust 30m"));
+    console.log(import_chalk17.default.dim(`Approvers (toggle): ${approverStatusLine()}  [q] quit`));
   }
   if (options.history) {
-    console.log(import_chalk17.default.dim("Showing history + live events. Press Ctrl+C to exit.\n"));
+    console.log(import_chalk17.default.dim("Showing history + live events.\n"));
   } else {
-    console.log(
-      import_chalk17.default.dim("Showing live events only. Use --history to include past. Press Ctrl+C to exit.\n")
-    );
+    console.log(import_chalk17.default.dim("Showing live events only. Use --history to include past.\n"));
   }
   process.on("SIGINT", () => {
+    exitIdleMode();
     clearCard();
     process.stdout.write(SHOW_CURSOR);
     if (process.stdout.isTTY) {
@@ -7196,6 +7304,7 @@ async function startTail(options = {}) {
       console.error(import_chalk17.default.red(`Failed to connect: HTTP ${res.statusCode}`));
       process.exit(1);
     }
+    if (canApprove) enterIdleMode();
     let currentEvent = "";
     let currentData = "";
     res.on("error", () => {
@@ -7589,6 +7698,11 @@ function renderSecurityLine(status) {
       parts.push(color(RED2, `\u{1F6A8} ${status.session.dlpHits} dlp`));
     }
   }
+  if (status.session.estimatedCost > 0) {
+    const cost = status.session.estimatedCost;
+    const costStr = cost >= 0.01 ? `$${cost.toFixed(2)}` : cost >= 1e-3 ? `$${cost.toFixed(3)}` : "<$0.001";
+    parts.push(color(DIM, `~${costStr}`));
+  }
   if (status.taintedCount > 0) {
     parts.push(color(YELLOW2, `\u{1F4A7} ${status.taintedCount} tainted`));
   }
@@ -8621,6 +8735,9 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
       if (filesRes.status === 0) {
         capturedFiles = filesRes.stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
       }
+      if (capturedFiles.length === 0) {
+        return prevEntry.hash;
+      }
       const diffRes = (0, import_child_process8.spawnSync)("git", ["diff", prevEntry.hash, commitHash], {
         env: shadowEnv,
         timeout: GIT_TIMEOUT
@@ -9817,25 +9934,79 @@ var import_chalk11 = __toESM(require("chalk"));
 var import_fs23 = __toESM(require("fs"));
 var import_path25 = __toESM(require("path"));
 var import_os19 = __toESM(require("os"));
+var import_https = __toESM(require("https"));
 init_core();
+function fireTelemetryPing(agents) {
+  try {
+    const body = JSON.stringify({
+      event: "init_completed",
+      agents_detected: agents,
+      os: process.platform,
+      node9_version: process.env.npm_package_version ?? "unknown"
+    });
+    const req = import_https.default.request(
+      {
+        hostname: "api.node9.ai",
+        path: "/api/v1/telemetry",
+        method: "POST",
+        headers: { "Content-Type": "application/json", "Content-Length": Buffer.byteLength(body) },
+        timeout: 3e3
+      },
+      (res) => {
+        res.resume();
+      }
+    );
+    req.on("error", () => {
+    });
+    req.on("timeout", () => {
+      req.destroy();
+    });
+    req.end(body);
+  } catch {
+  }
+}
 function registerInitCommand(program2) {
   program2.command("init").description("Set up Node9: create config and wire all detected AI agents").option("--force", "Overwrite existing config").option("-m, --mode <mode>", "Set initial security mode (standard, strict, audit)", "standard").option("--skip-setup", "Only create config \u2014 do not wire AI agents").action(async (options) => {
     console.log(import_chalk11.default.cyan.bold("\n\u{1F6E1}\uFE0F  Node9 Init\n"));
+    let chosenMode = options.mode.toLowerCase();
+    if (!["standard", "strict", "audit"].includes(chosenMode)) {
+      chosenMode = DEFAULT_CONFIG.settings.mode;
+    }
+    {
+      const { confirm: confirm3 } = await import("@inquirer/prompts");
+      const enableShields = await confirm3({
+        message: "Enable recommended safety shields? (blocks rm -rf, SQL drops, pipe-to-shell)",
+        default: true
+      });
+      if (enableShields) chosenMode = "standard";
+      console.log("");
+    }
     const configPath = import_path25.default.join(import_os19.default.homedir(), ".node9", "config.json");
     if (import_fs23.default.existsSync(configPath) && !options.force) {
-      console.log(import_chalk11.default.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
+      try {
+        const existing = JSON.parse(import_fs23.default.readFileSync(configPath, "utf-8"));
+        const settings = existing.settings ?? {};
+        if (settings.mode !== chosenMode) {
+          settings.mode = chosenMode;
+          existing.settings = settings;
+          import_fs23.default.writeFileSync(configPath, JSON.stringify(existing, null, 2) + "\n");
+          console.log(import_chalk11.default.green(`\u2705 Mode updated: ${chosenMode}`));
+        } else {
+          console.log(import_chalk11.default.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
+        }
+      } catch {
+        console.log(import_chalk11.default.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
+      }
     } else {
-      const requestedMode = options.mode.toLowerCase();
-      const safeMode = ["standard", "strict", "audit"].includes(requestedMode) ? requestedMode : DEFAULT_CONFIG.settings.mode;
       const configToSave = {
         ...DEFAULT_CONFIG,
-        settings: { ...DEFAULT_CONFIG.settings, mode: safeMode }
+        settings: { ...DEFAULT_CONFIG.settings, mode: chosenMode }
       };
       const dir = import_path25.default.dirname(configPath);
       if (!import_fs23.default.existsSync(dir)) import_fs23.default.mkdirSync(dir, { recursive: true });
-      import_fs23.default.writeFileSync(configPath, JSON.stringify(configToSave, null, 2));
+      import_fs23.default.writeFileSync(configPath, JSON.stringify(configToSave, null, 2) + "\n");
       console.log(import_chalk11.default.green(`\u2705 Config created: ${configPath}`));
-      console.log(import_chalk11.default.gray(`   Mode: ${safeMode}`));
+      console.log(import_chalk11.default.gray(`   Mode: ${chosenMode}`));
     }
     if (options.skipSetup) return;
     console.log("");
@@ -9862,14 +10033,20 @@ function registerInitCommand(program2) {
       else if (agent === "cursor") await setupCursor();
       console.log("");
     }
-    if (detected.claude) {
-      setupHud();
-      console.log(import_chalk11.default.green("\u2705 node9 HUD added to Claude Code statusline"));
-      console.log(import_chalk11.default.gray("   Restart Claude Code to activate the security statusline."));
+    {
+      const { confirm: confirm3 } = await import("@inquirer/prompts");
+      const sendTelemetry = await confirm3({
+        message: "Send anonymous usage stats to help improve node9? (no code, no args)",
+        default: true
+      });
+      if (sendTelemetry) fireTelemetryPing(found);
       console.log("");
     }
     console.log(import_chalk11.default.green.bold("\u{1F6E1}\uFE0F  Node9 is ready!"));
-    console.log(import_chalk11.default.gray("   Run: node9 daemon start"));
+    console.log("");
+    console.log(import_chalk11.default.white("  Start watching:  ") + import_chalk11.default.cyan("node9 tail"));
+    console.log(import_chalk11.default.white("  Browser view:    ") + import_chalk11.default.cyan("node9 daemon --openui"));
+    console.log(import_chalk11.default.white("  Cloud dashboard: ") + import_chalk11.default.cyan("node9.ai"));
   });
 }
 
@@ -10475,6 +10652,30 @@ var TOOLS = [
       required: ["service"]
     }
   },
+  {
+    name: "node9_approver_list",
+    description: "List all node9 approver channels and their current enabled/disabled state. Approvers are the channels through which node9 asks a human to approve risky tool calls. Channels: native (OS popup), browser (web UI), cloud (team policy server), terminal (stdin).",
+    inputSchema: { type: "object", properties: {}, required: [] }
+  },
+  {
+    name: "node9_approver_set",
+    description: "Enable or disable a specific node9 approver channel in the global config (~/.node9/config.json). Use this to turn individual channels on or off without touching other settings. Channels: native, browser, cloud, terminal. WARNING: disabling all approvers means node9 cannot prompt for human approval \u2014 use with care.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        channel: {
+          type: "string",
+          enum: ["native", "browser", "cloud", "terminal"],
+          description: "Approver channel to configure."
+        },
+        enabled: {
+          type: "boolean",
+          description: "true to enable the channel, false to disable it."
+        }
+      },
+      required: ["channel", "enabled"]
+    }
+  },
   {
     name: "node9_undo_list",
     description: "List the node9 snapshot history. Each entry shows the git hash, tool that triggered it, a short summary, affected files, working directory, and timestamp. Use this to find a hash before calling node9_undo_revert.",
@@ -10580,6 +10781,61 @@ function handleShieldEnable(args) {
   const shield = getShield(name);
   return `Shield "${name}" enabled \u2014 ${shield.smartRules.length} smart rule${shield.smartRules.length === 1 ? "" : "s"} now active.`;
 }
+var GLOBAL_CONFIG_PATH2 = import_path27.default.join(import_os20.default.homedir(), ".node9", "config.json");
+var APPROVER_CHANNELS = ["native", "browser", "cloud", "terminal"];
+function readGlobalConfigRaw() {
+  try {
+    if (import_fs24.default.existsSync(GLOBAL_CONFIG_PATH2)) {
+      return JSON.parse(import_fs24.default.readFileSync(GLOBAL_CONFIG_PATH2, "utf-8"));
+    }
+  } catch {
+  }
+  return {};
+}
+function writeGlobalConfigRaw(data) {
+  const dir = import_path27.default.dirname(GLOBAL_CONFIG_PATH2);
+  if (!import_fs24.default.existsSync(dir)) import_fs24.default.mkdirSync(dir, { recursive: true });
+  import_fs24.default.writeFileSync(GLOBAL_CONFIG_PATH2, JSON.stringify(data, null, 2) + "\n");
+}
+function handleApproverList() {
+  const config = getConfig();
+  const approvers = config.settings.approvers;
+  const lines = ["Approver channels:\n"];
+  for (const ch of APPROVER_CHANNELS) {
+    const on = approvers[ch];
+    lines.push(`  ${on ? "[enabled] " : "[disabled]"} ${ch}`);
+  }
+  const enabledCount = APPROVER_CHANNELS.filter((ch) => approvers[ch]).length;
+  if (enabledCount === 0) {
+    lines.push("\nWARNING: all approver channels are disabled \u2014 node9 cannot prompt for approval.");
+  }
+  return lines.join("\n");
+}
+function handleApproverSet(args) {
+  const channel = args.channel;
+  const enabled = args.enabled;
+  if (!channel || !APPROVER_CHANNELS.includes(channel)) {
+    throw new Error(
+      `Invalid channel: "${channel}". Must be one of: ${APPROVER_CHANNELS.join(", ")}.`
+    );
+  }
+  if (typeof enabled !== "boolean") {
+    throw new Error("enabled must be a boolean (true or false).");
+  }
+  const raw = readGlobalConfigRaw();
+  const settings = raw.settings ?? {};
+  const approvers = settings.approvers ?? {};
+  approvers[channel] = enabled;
+  settings.approvers = approvers;
+  raw.settings = settings;
+  writeGlobalConfigRaw(raw);
+  const currentApprovers = getConfig().settings.approvers;
+  const anyEnabled = APPROVER_CHANNELS.some(
+    (ch) => ch === channel ? enabled : currentApprovers[ch]
+  );
+  const suffix = anyEnabled ? "" : "\nWARNING: all approver channels are now disabled \u2014 node9 cannot prompt for approval.";
+  return `Approver channel "${channel}" ${enabled ? "enabled" : "disabled"} in ~/.node9/config.json.${suffix}`;
+}
 function handleUndoList() {
   const history = getSnapshotHistory();
   if (history.length === 0) {
@@ -10653,6 +10909,10 @@ function runMcpServer() {
           text = handleShieldList();
         } else if (toolName === "node9_shield_enable") {
           text = handleShieldEnable(toolArgs);
+        } else if (toolName === "node9_approver_list") {
+          text = handleApproverList();
+        } else if (toolName === "node9_approver_set") {
+          text = handleApproverSet(toolArgs);
         } else if (toolName === "node9_undo_list") {
           text = handleUndoList();
         } else if (toolName === "node9_undo_revert") {

package/dist/cli.mjs

@@ -777,7 +777,7 @@ var init_config = __esm({
     DEFAULT_CONFIG = {
       version: "1.0",
       settings: {
-        mode: "audit",
+        mode: "standard",
         autoStartDaemon: true,
         enableUndo: true,
         // 🔥 ALWAYS TRUE BY DEFAULT for the safety net
@@ -3176,6 +3176,7 @@ async function authorizeHeadless(toolName, args, meta, options) {
       await notifyActivity({
         id: actId,
         tool: toolName,
+        args,
         ts: actTs,
         status: result.approved ? "allow" : result.blockedByLabel?.includes("DLP") ? "dlp" : result.blockedByLabel?.includes("Taint") ? "taint" : "block",
         label: result.blockedByLabel,
@@ -5453,6 +5454,7 @@ var init_session_counters = __esm({
       _blocked = 0;
       _dlpHits = 0;
       _wouldBlock = 0;
+      _estimatedCost = 0;
       _lastRuleHit = null;
       _lastBlockedTool = null;
       incrementAllowed() {
@@ -5467,6 +5469,10 @@ var init_session_counters = __esm({
       incrementWouldBlock() {
         this._wouldBlock++;
       }
+      addCost(amount) {
+        if (!isFinite(amount) || amount < 0) return;
+        this._estimatedCost += amount;
+      }
       recordRuleHit(label) {
         this._lastRuleHit = label;
       }
@@ -5479,6 +5485,7 @@ var init_session_counters = __esm({
           blocked: this._blocked,
           dlpHits: this._dlpHits,
           wouldBlock: this._wouldBlock,
+          estimatedCost: this._estimatedCost,
           lastRuleHit: this._lastRuleHit,
           lastBlockedTool: this._lastBlockedTool
         };
@@ -5488,6 +5495,7 @@ var init_session_counters = __esm({
         this._blocked = 0;
         this._dlpHits = 0;
         this._wouldBlock = 0;
+        this._estimatedCost = 0;
         this._lastRuleHit = null;
         this._lastBlockedTool = null;
       }
@@ -5718,15 +5726,38 @@ function openBrowser(url) {
   } catch {
   }
 }
+function estimateToolCost(tool, args) {
+  const a = args ?? {};
+  const t = tool.toLowerCase().replace(/[^a-z_]/g, "_");
+  if (t.includes("read") || t === "glob" || t === "grep") {
+    const filePath = a.file_path ?? a.path;
+    if (filePath) {
+      try {
+        const bytes = fs13.statSync(filePath).size;
+        return bytes / BYTES_PER_TOKEN / 1e6 * INPUT_PRICE_PER_1M;
+      } catch {
+      }
+    }
+  }
+  if (t.includes("write")) {
+    const content = a.content ?? "";
+    return String(content).length / BYTES_PER_TOKEN / 1e6 * OUTPUT_PRICE_PER_1M;
+  }
+  if (t.includes("edit") || t === "str_replace_based_edit_tool") {
+    const newStr = a.new_string ?? "";
+    return String(newStr).length / BYTES_PER_TOKEN / 1e6 * OUTPUT_PRICE_PER_1M;
+  }
+  return void 0;
+}
 function broadcast(event, data) {
   if (event === "activity") {
     activityRing.push({ event, data });
     if (activityRing.length > ACTIVITY_RING_SIZE) activityRing.shift();
   } else if (event === "activity-result") {
-    const { id, status, label } = data;
+    const { id, status, label, costEstimate } = data;
     for (let i = activityRing.length - 1; i >= 0; i--) {
       if (activityRing[i].data.id === id) {
-        Object.assign(activityRing[i].data, { status, label });
+        Object.assign(activityRing[i].data, { status, label, costEstimate });
         break;
       }
     }
@@ -5828,10 +5859,13 @@ function startActivitySocket() {
             sessionCounters.incrementBlocked();
             sessionCounters.recordBlockedTool(data.tool);
           }
+          const costEstimate = data.status === "allow" ? estimateToolCost(data.tool, data.args) : void 0;
+          if (costEstimate != null && costEstimate > 0) sessionCounters.addCost(costEstimate);
           broadcast("activity-result", {
             id: data.id,
             status: data.status,
-            label: data.label
+            label: data.label,
+            costEstimate
           });
         }
       } catch {
@@ -5848,7 +5882,7 @@ function startActivitySocket() {
     }
   });
 }
-var homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, suggestions, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, SECRET_KEY_RE, WRITE_TOOL_NAMES;
+var homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, suggestions, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, SECRET_KEY_RE, INPUT_PRICE_PER_1M, OUTPUT_PRICE_PER_1M, BYTES_PER_TOKEN, WRITE_TOOL_NAMES;
 var init_state2 = __esm({
   "src/daemon/state.ts"() {
     "use strict";
@@ -5886,6 +5920,9 @@ var init_state2 = __esm({
     ACTIVITY_RING_SIZE = 100;
     activityRing = [];
     SECRET_KEY_RE = /password|secret|token|key|apikey|credential|auth/i;
+    INPUT_PRICE_PER_1M = 3;
+    OUTPUT_PRICE_PER_1M = 15;
+    BYTES_PER_TOKEN = 4;
     WRITE_TOOL_NAMES = /* @__PURE__ */ new Set([
       "write",
       "write_file",
@@ -6349,7 +6386,8 @@ data: ${JSON.stringify(item.data)}
             allowed: counters.allowed,
             blocked: counters.blocked,
             dlpHits: counters.dlpHits,
-            wouldBlock: counters.wouldBlock
+            wouldBlock: counters.wouldBlock,
+            estimatedCost: counters.estimatedCost
           },
           taintedCount: taintStore.list().length,
           lastRuleHit: counters.lastRuleHit,
@@ -6481,6 +6519,7 @@ data: ${JSON.stringify(item.data)}
     }
     if (req.method === "POST" && pathname === "/events/clear") {
       activityRing.length = 0;
+      sessionCounters.reset();
       res.writeHead(200, { "Content-Type": "application/json" });
       return res.end(JSON.stringify({ ok: true }));
     }
@@ -6793,7 +6832,7 @@ function formatBase(activity) {
   const time = new Date(activity.ts).toLocaleTimeString([], { hour12: false });
   const icon = getIcon(activity.tool);
   const toolName = activity.tool.slice(0, 16).padEnd(16);
-  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ");
+  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ").replaceAll(os21.homedir(), "~");
   const argsPreview = argsStr.length > 70 ? argsStr.slice(0, 70) + "\u2026" : argsStr;
   return `${chalk17.gray(time)} ${icon} ${chalk17.white.bold(toolName)} ${chalk17.dim(argsPreview)}`;
 }
@@ -6807,11 +6846,13 @@ function renderResult(activity, result) {
   } else {
     status = chalk17.red("\u2717 BLOCK");
   }
+  const cost = result.costEstimate ?? activity.costEstimate;
+  const costSuffix = cost == null ? "" : chalk17.dim(`  ~$${cost >= 1e-3 ? cost.toFixed(3) : "0.000"}`);
   if (process.stdout.isTTY) {
     readline5.clearLine(process.stdout, 0);
     readline5.cursorTo(process.stdout, 0);
   }
-  console.log(`${base}  ${status}`);
+  console.log(`${base}  ${status}${costSuffix}`);
 }
 function renderPending(activity) {
   if (!process.stdout.isTTY) return;
@@ -6940,6 +6981,39 @@ function buildRecoveryCardLines(req) {
     ``
   ];
 }
+function readApproversFromDisk() {
+  const configPath = path28.join(os21.homedir(), ".node9", "config.json");
+  try {
+    const raw = JSON.parse(fs25.readFileSync(configPath, "utf-8"));
+    const settings = raw.settings ?? {};
+    return settings.approvers ?? {};
+  } catch {
+    return {};
+  }
+}
+function approverStatusLine() {
+  const a = readApproversFromDisk();
+  const fmt = (label, key) => {
+    const on = a[key] !== false;
+    return `[${key[0]}]${label.slice(1)} ${on ? chalk17.green("\u2713") : chalk17.dim("\u2717")}`;
+  };
+  return `${fmt("native", "native")}  ${fmt("browser", "browser")}  ${fmt("cloud", "cloud")}  ${fmt("terminal", "terminal")}`;
+}
+function toggleApprover(channel) {
+  const configPath = path28.join(os21.homedir(), ".node9", "config.json");
+  try {
+    const raw = JSON.parse(fs25.readFileSync(configPath, "utf-8"));
+    const settings = raw.settings ?? {};
+    const approvers = settings.approvers ?? {};
+    approvers[channel] = approvers[channel] === false;
+    settings.approvers = approvers;
+    raw.settings = settings;
+    fs25.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
+  } catch (err2) {
+    process.stderr.write(`[node9] toggleApprover failed: ${String(err2)}
+`);
+  }
+}
 async function startTail(options = {}) {
   const port = await ensureDaemon();
   if (options.clear) {
@@ -6986,6 +7060,44 @@ async function startTail(options = {}) {
   const localAllowCounts = /* @__PURE__ */ new Map();
   const canApprove = process.stdout.isTTY && process.stdin.isTTY;
   if (canApprove) readline5.emitKeypressEvents(process.stdin);
+  let idleKeypressHandler = null;
+  function enterIdleMode() {
+    if (!canApprove || idleKeypressHandler !== null) return;
+    try {
+      process.stdin.setRawMode(true);
+    } catch {
+      return;
+    }
+    process.stdin.resume();
+    idleKeypressHandler = (_str, key) => {
+      const name = key?.name ?? "";
+      if (key?.ctrl && name === "c") {
+        process.kill(process.pid, "SIGINT");
+        return;
+      }
+      if (name === "q") {
+        process.kill(process.pid, "SIGINT");
+        return;
+      }
+      const channel = name === "n" ? "native" : name === "b" ? "browser" : name === "c" ? "cloud" : name === "t" ? "terminal" : null;
+      if (channel) {
+        toggleApprover(channel);
+        console.log(chalk17.dim(`  Approvers: ${approverStatusLine()}`));
+      }
+    };
+    process.stdin.on("keypress", idleKeypressHandler);
+  }
+  function exitIdleMode() {
+    if (idleKeypressHandler) {
+      process.stdin.removeListener("keypress", idleKeypressHandler);
+      idleKeypressHandler = null;
+    }
+    try {
+      process.stdin.setRawMode(false);
+    } catch {
+    }
+    process.stdin.pause();
+  }
   function clearCard() {
     if (cardLineCount > 0) {
       readline5.moveCursor(process.stdout, 0, -cardLineCount);
@@ -7004,10 +7116,12 @@ async function startTail(options = {}) {
   }
   function showNextCard() {
     if (cardActive || approvalQueue.length === 0 || !canApprove) return;
+    exitIdleMode();
     try {
       process.stdin.setRawMode(true);
     } catch {
       cardActive = false;
+      enterIdleMode();
       return;
     }
     cardActive = true;
@@ -7019,12 +7133,8 @@ async function startTail(options = {}) {
       const handler = onKeypress;
       onKeypress = null;
       if (handler) process.stdin.removeListener("keypress", handler);
-      try {
-        process.stdin.setRawMode(false);
-      } catch {
-      }
-      process.stdin.pause();
       cancelActiveCard = null;
+      enterIdleMode();
     };
     const settle = (action) => {
       if (settled) return;
@@ -7151,18 +7261,16 @@ async function startTail(options = {}) {
   console.log(chalk17.cyan.bold(`
 \u{1F6F0}\uFE0F  Node9 tail  `) + chalk17.dim(`\u2192 ${dashboardUrl}`));
   if (canApprove) {
-    console.log(
-      chalk17.dim("Interactive approvals: [\u21B5/y] Allow  [n] Deny  [a] Always Allow  [t] Trust 30m")
-    );
+    console.log(chalk17.dim("Card: [\u21B5/y] Allow  [n] Deny  [a] Always  [t] Trust 30m"));
+    console.log(chalk17.dim(`Approvers (toggle): ${approverStatusLine()}  [q] quit`));
   }
   if (options.history) {
-    console.log(chalk17.dim("Showing history + live events. Press Ctrl+C to exit.\n"));
+    console.log(chalk17.dim("Showing history + live events.\n"));
   } else {
-    console.log(
-      chalk17.dim("Showing live events only. Use --history to include past. Press Ctrl+C to exit.\n")
-    );
+    console.log(chalk17.dim("Showing live events only. Use --history to include past.\n"));
   }
   process.on("SIGINT", () => {
+    exitIdleMode();
     clearCard();
     process.stdout.write(SHOW_CURSOR);
     if (process.stdout.isTTY) {
@@ -7178,6 +7286,7 @@ async function startTail(options = {}) {
       console.error(chalk17.red(`Failed to connect: HTTP ${res.statusCode}`));
       process.exit(1);
     }
+    if (canApprove) enterIdleMode();
     let currentEvent = "";
     let currentData = "";
     res.on("error", () => {
@@ -7568,6 +7677,11 @@ function renderSecurityLine(status) {
       parts.push(color(RED2, `\u{1F6A8} ${status.session.dlpHits} dlp`));
     }
   }
+  if (status.session.estimatedCost > 0) {
+    const cost = status.session.estimatedCost;
+    const costStr = cost >= 0.01 ? `$${cost.toFixed(2)}` : cost >= 1e-3 ? `$${cost.toFixed(3)}` : "<$0.001";
+    parts.push(color(DIM, `~${costStr}`));
+  }
   if (status.taintedCount > 0) {
     parts.push(color(YELLOW2, `\u{1F4A7} ${status.taintedCount} tainted`));
   }
@@ -8596,6 +8710,9 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
       if (filesRes.status === 0) {
         capturedFiles = filesRes.stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
       }
+      if (capturedFiles.length === 0) {
+        return prevEntry.hash;
+      }
       const diffRes = spawnSync4("git", ["diff", prevEntry.hash, commitHash], {
         env: shadowEnv,
         timeout: GIT_TIMEOUT
@@ -9793,24 +9910,78 @@ import chalk11 from "chalk";
 import fs23 from "fs";
 import path25 from "path";
 import os19 from "os";
+import https from "https";
+function fireTelemetryPing(agents) {
+  try {
+    const body = JSON.stringify({
+      event: "init_completed",
+      agents_detected: agents,
+      os: process.platform,
+      node9_version: process.env.npm_package_version ?? "unknown"
+    });
+    const req = https.request(
+      {
+        hostname: "api.node9.ai",
+        path: "/api/v1/telemetry",
+        method: "POST",
+        headers: { "Content-Type": "application/json", "Content-Length": Buffer.byteLength(body) },
+        timeout: 3e3
+      },
+      (res) => {
+        res.resume();
+      }
+    );
+    req.on("error", () => {
+    });
+    req.on("timeout", () => {
+      req.destroy();
+    });
+    req.end(body);
+  } catch {
+  }
+}
 function registerInitCommand(program2) {
   program2.command("init").description("Set up Node9: create config and wire all detected AI agents").option("--force", "Overwrite existing config").option("-m, --mode <mode>", "Set initial security mode (standard, strict, audit)", "standard").option("--skip-setup", "Only create config \u2014 do not wire AI agents").action(async (options) => {
     console.log(chalk11.cyan.bold("\n\u{1F6E1}\uFE0F  Node9 Init\n"));
+    let chosenMode = options.mode.toLowerCase();
+    if (!["standard", "strict", "audit"].includes(chosenMode)) {
+      chosenMode = DEFAULT_CONFIG.settings.mode;
+    }
+    {
+      const { confirm: confirm3 } = await import("@inquirer/prompts");
+      const enableShields = await confirm3({
+        message: "Enable recommended safety shields? (blocks rm -rf, SQL drops, pipe-to-shell)",
+        default: true
+      });
+      if (enableShields) chosenMode = "standard";
+      console.log("");
+    }
     const configPath = path25.join(os19.homedir(), ".node9", "config.json");
     if (fs23.existsSync(configPath) && !options.force) {
-      console.log(chalk11.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
+      try {
+        const existing = JSON.parse(fs23.readFileSync(configPath, "utf-8"));
+        const settings = existing.settings ?? {};
+        if (settings.mode !== chosenMode) {
+          settings.mode = chosenMode;
+          existing.settings = settings;
+          fs23.writeFileSync(configPath, JSON.stringify(existing, null, 2) + "\n");
+          console.log(chalk11.green(`\u2705 Mode updated: ${chosenMode}`));
+        } else {
+          console.log(chalk11.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
+        }
+      } catch {
+        console.log(chalk11.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
+      }
     } else {
-      const requestedMode = options.mode.toLowerCase();
-      const safeMode = ["standard", "strict", "audit"].includes(requestedMode) ? requestedMode : DEFAULT_CONFIG.settings.mode;
       const configToSave = {
         ...DEFAULT_CONFIG,
-        settings: { ...DEFAULT_CONFIG.settings, mode: safeMode }
+        settings: { ...DEFAULT_CONFIG.settings, mode: chosenMode }
       };
       const dir = path25.dirname(configPath);
       if (!fs23.existsSync(dir)) fs23.mkdirSync(dir, { recursive: true });
-      fs23.writeFileSync(configPath, JSON.stringify(configToSave, null, 2));
+      fs23.writeFileSync(configPath, JSON.stringify(configToSave, null, 2) + "\n");
       console.log(chalk11.green(`\u2705 Config created: ${configPath}`));
-      console.log(chalk11.gray(`   Mode: ${safeMode}`));
+      console.log(chalk11.gray(`   Mode: ${chosenMode}`));
     }
     if (options.skipSetup) return;
     console.log("");
@@ -9837,14 +10008,20 @@ function registerInitCommand(program2) {
       else if (agent === "cursor") await setupCursor();
       console.log("");
     }
-    if (detected.claude) {
-      setupHud();
-      console.log(chalk11.green("\u2705 node9 HUD added to Claude Code statusline"));
-      console.log(chalk11.gray("   Restart Claude Code to activate the security statusline."));
+    {
+      const { confirm: confirm3 } = await import("@inquirer/prompts");
+      const sendTelemetry = await confirm3({
+        message: "Send anonymous usage stats to help improve node9? (no code, no args)",
+        default: true
+      });
+      if (sendTelemetry) fireTelemetryPing(found);
       console.log("");
     }
     console.log(chalk11.green.bold("\u{1F6E1}\uFE0F  Node9 is ready!"));
-    console.log(chalk11.gray("   Run: node9 daemon start"));
+    console.log("");
+    console.log(chalk11.white("  Start watching:  ") + chalk11.cyan("node9 tail"));
+    console.log(chalk11.white("  Browser view:    ") + chalk11.cyan("node9 daemon --openui"));
+    console.log(chalk11.white("  Cloud dashboard: ") + chalk11.cyan("node9.ai"));
   });
 }
 
@@ -10450,6 +10627,30 @@ var TOOLS = [
       required: ["service"]
     }
   },
+  {
+    name: "node9_approver_list",
+    description: "List all node9 approver channels and their current enabled/disabled state. Approvers are the channels through which node9 asks a human to approve risky tool calls. Channels: native (OS popup), browser (web UI), cloud (team policy server), terminal (stdin).",
+    inputSchema: { type: "object", properties: {}, required: [] }
+  },
+  {
+    name: "node9_approver_set",
+    description: "Enable or disable a specific node9 approver channel in the global config (~/.node9/config.json). Use this to turn individual channels on or off without touching other settings. Channels: native, browser, cloud, terminal. WARNING: disabling all approvers means node9 cannot prompt for human approval \u2014 use with care.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        channel: {
+          type: "string",
+          enum: ["native", "browser", "cloud", "terminal"],
+          description: "Approver channel to configure."
+        },
+        enabled: {
+          type: "boolean",
+          description: "true to enable the channel, false to disable it."
+        }
+      },
+      required: ["channel", "enabled"]
+    }
+  },
   {
     name: "node9_undo_list",
     description: "List the node9 snapshot history. Each entry shows the git hash, tool that triggered it, a short summary, affected files, working directory, and timestamp. Use this to find a hash before calling node9_undo_revert.",
@@ -10555,6 +10756,61 @@ function handleShieldEnable(args) {
   const shield = getShield(name);
   return `Shield "${name}" enabled \u2014 ${shield.smartRules.length} smart rule${shield.smartRules.length === 1 ? "" : "s"} now active.`;
 }
+var GLOBAL_CONFIG_PATH2 = path27.join(os20.homedir(), ".node9", "config.json");
+var APPROVER_CHANNELS = ["native", "browser", "cloud", "terminal"];
+function readGlobalConfigRaw() {
+  try {
+    if (fs24.existsSync(GLOBAL_CONFIG_PATH2)) {
+      return JSON.parse(fs24.readFileSync(GLOBAL_CONFIG_PATH2, "utf-8"));
+    }
+  } catch {
+  }
+  return {};
+}
+function writeGlobalConfigRaw(data) {
+  const dir = path27.dirname(GLOBAL_CONFIG_PATH2);
+  if (!fs24.existsSync(dir)) fs24.mkdirSync(dir, { recursive: true });
+  fs24.writeFileSync(GLOBAL_CONFIG_PATH2, JSON.stringify(data, null, 2) + "\n");
+}
+function handleApproverList() {
+  const config = getConfig();
+  const approvers = config.settings.approvers;
+  const lines = ["Approver channels:\n"];
+  for (const ch of APPROVER_CHANNELS) {
+    const on = approvers[ch];
+    lines.push(`  ${on ? "[enabled] " : "[disabled]"} ${ch}`);
+  }
+  const enabledCount = APPROVER_CHANNELS.filter((ch) => approvers[ch]).length;
+  if (enabledCount === 0) {
+    lines.push("\nWARNING: all approver channels are disabled \u2014 node9 cannot prompt for approval.");
+  }
+  return lines.join("\n");
+}
+function handleApproverSet(args) {
+  const channel = args.channel;
+  const enabled = args.enabled;
+  if (!channel || !APPROVER_CHANNELS.includes(channel)) {
+    throw new Error(
+      `Invalid channel: "${channel}". Must be one of: ${APPROVER_CHANNELS.join(", ")}.`
+    );
+  }
+  if (typeof enabled !== "boolean") {
+    throw new Error("enabled must be a boolean (true or false).");
+  }
+  const raw = readGlobalConfigRaw();
+  const settings = raw.settings ?? {};
+  const approvers = settings.approvers ?? {};
+  approvers[channel] = enabled;
+  settings.approvers = approvers;
+  raw.settings = settings;
+  writeGlobalConfigRaw(raw);
+  const currentApprovers = getConfig().settings.approvers;
+  const anyEnabled = APPROVER_CHANNELS.some(
+    (ch) => ch === channel ? enabled : currentApprovers[ch]
+  );
+  const suffix = anyEnabled ? "" : "\nWARNING: all approver channels are now disabled \u2014 node9 cannot prompt for approval.";
+  return `Approver channel "${channel}" ${enabled ? "enabled" : "disabled"} in ~/.node9/config.json.${suffix}`;
+}
 function handleUndoList() {
   const history = getSnapshotHistory();
   if (history.length === 0) {
@@ -10628,6 +10884,10 @@ function runMcpServer() {
           text = handleShieldList();
         } else if (toolName === "node9_shield_enable") {
           text = handleShieldEnable(toolArgs);
+        } else if (toolName === "node9_approver_list") {
+          text = handleApproverList();
+        } else if (toolName === "node9_approver_set") {
+          text = handleApproverSet(toolArgs);
         } else if (toolName === "node9_undo_list") {
           text = handleUndoList();
         } else if (toolName === "node9_undo_revert") {

package/dist/index.js

@@ -517,7 +517,7 @@ var DANGEROUS_WORDS = [
 var DEFAULT_CONFIG = {
   version: "1.0",
   settings: {
-    mode: "audit",
+    mode: "standard",
     autoStartDaemon: true,
     enableUndo: true,
     // 🔥 ALWAYS TRUE BY DEFAULT for the safety net
@@ -2721,6 +2721,7 @@ async function authorizeHeadless(toolName, args, meta, options) {
       await notifyActivity({
         id: actId,
         tool: toolName,
+        args,
         ts: actTs,
         status: result.approved ? "allow" : result.blockedByLabel?.includes("DLP") ? "dlp" : result.blockedByLabel?.includes("Taint") ? "taint" : "block",
         label: result.blockedByLabel,

package/dist/index.mjs

@@ -487,7 +487,7 @@ var DANGEROUS_WORDS = [
 var DEFAULT_CONFIG = {
   version: "1.0",
   settings: {
-    mode: "audit",
+    mode: "standard",
     autoStartDaemon: true,
     enableUndo: true,
     // 🔥 ALWAYS TRUE BY DEFAULT for the safety net
@@ -2691,6 +2691,7 @@ async function authorizeHeadless(toolName, args, meta, options) {
       await notifyActivity({
         id: actId,
         tool: toolName,
+        args,
         ts: actTs,
         status: result.approved ? "allow" : result.blockedByLabel?.includes("DLP") ? "dlp" : result.blockedByLabel?.includes("Taint") ? "taint" : "block",
         label: result.blockedByLabel,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@node9/proxy",
-  "version": "1.6.0",
+  "version": "1.7.0",
   "description": "The Sudo Command for AI Agents. Execution Security for Claude Code & MCP.",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",