@node9/proxy 1.9.0 → 1.9.1

package/dist/cli.js

@@ -160,8 +160,8 @@ function sanitizeConfig(raw) {
     }
   }
   const lines = result.error.issues.map((issue) => {
-    const path31 = issue.path.length > 0 ? issue.path.join(".") : "root";
-    return `  \u2022 ${path31}: ${issue.message}`;
+    const path32 = issue.path.length > 0 ? issue.path.join(".") : "root";
+    return `  \u2022 ${path32}: ${issue.message}`;
   });
   return {
     sanitized,
@@ -828,7 +828,7 @@ var init_config = __esm({
               {
                 field: "command",
                 op: "matches",
-                value: "^\\s*git\\b.*\\bpush\\b.*(--force|--force-with-lease|-f\\b)",
+                value: "\\bgit\\b.*\\bpush\\b.*(--force|--force-with-lease|-f\\b)",
                 flags: "i"
               }
             ],
@@ -843,7 +843,7 @@ var init_config = __esm({
               {
                 field: "command",
                 op: "matches",
-                value: "^\\s*git\\b.*\\bpush\\b(?!.*(-f\\b|--force|--force-with-lease))",
+                value: "\\bgit\\b.*\\bpush\\b(?!.*(-f\\b|--force|--force-with-lease))",
                 flags: "i"
               }
             ],
@@ -858,7 +858,7 @@ var init_config = __esm({
               {
                 field: "command",
                 op: "matches",
-                value: "^\\s*git\\b.*(reset\\s+--hard|clean\\s+-[fdxX]|\\brebase\\b|tag\\s+-d|branch\\s+-[dD])",
+                value: "\\bgit\\b.*(reset\\s+--hard|clean\\s+-[fdxX]|\\brebase\\b|tag\\s+-d|branch\\s+-[dD])",
                 flags: "i"
               }
             ],
@@ -870,7 +870,7 @@ var init_config = __esm({
           {
             name: "review-sudo",
             tool: "bash",
-            conditions: [{ field: "command", op: "matches", value: "^\\s*sudo\\s", flags: "i" }],
+            conditions: [{ field: "command", op: "matches", value: "\\bsudo\\s", flags: "i" }],
             conditionMode: "all",
             verdict: "review",
             reason: "Command requires elevated privileges"
@@ -1691,9 +1691,9 @@ function matchesPattern(text, patterns) {
   const withoutDotSlash = text.replace(/^\.\//, "");
   return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
 }
-function getNestedValue(obj, path31) {
+function getNestedValue(obj, path32) {
   if (!obj || typeof obj !== "object") return null;
-  return path31.split(".").reduce((prev, curr) => prev?.[curr], obj);
+  return path32.split(".").reduce((prev, curr) => prev?.[curr], obj);
 }
 function shouldSnapshot(toolName, args, config) {
   if (!config.settings.enableUndo) return false;
@@ -6782,22 +6782,22 @@ function formatBase(activity) {
   const time = new Date(activity.ts).toLocaleTimeString([], { hour12: false });
   const icon = getIcon(activity.tool);
   const toolName = activity.tool.slice(0, 16).padEnd(16);
-  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ").replaceAll(import_os21.default.homedir(), "~");
+  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ").replaceAll(import_os22.default.homedir(), "~");
   const argsPreview = argsStr.length > 70 ? argsStr.slice(0, 70) + "\u2026" : argsStr;
-  return `${import_chalk17.default.gray(time)} ${icon} ${import_chalk17.default.white.bold(toolName)} ${import_chalk17.default.dim(argsPreview)}`;
+  return `${import_chalk18.default.gray(time)} ${icon} ${import_chalk18.default.white.bold(toolName)} ${import_chalk18.default.dim(argsPreview)}`;
 }
 function renderResult(activity, result) {
   const base = formatBase(activity);
   let status;
   if (result.status === "allow") {
-    status = import_chalk17.default.green("\u2713 ALLOW");
+    status = import_chalk18.default.green("\u2713 ALLOW");
   } else if (result.status === "dlp") {
-    status = import_chalk17.default.bgRed.white.bold(" \u{1F6E1}\uFE0F  DLP ");
+    status = import_chalk18.default.bgRed.white.bold(" \u{1F6E1}\uFE0F  DLP ");
   } else {
-    status = import_chalk17.default.red("\u2717 BLOCK");
+    status = import_chalk18.default.red("\u2717 BLOCK");
   }
   const cost = result.costEstimate ?? activity.costEstimate;
-  const costSuffix = cost == null ? "" : import_chalk17.default.dim(`  ~$${cost >= 1e-3 ? cost.toFixed(3) : "0.000"}`);
+  const costSuffix = cost == null ? "" : import_chalk18.default.dim(`  ~$${cost >= 1e-3 ? cost.toFixed(3) : "0.000"}`);
   if (process.stdout.isTTY) {
     import_readline5.default.clearLine(process.stdout, 0);
     import_readline5.default.cursorTo(process.stdout, 0);
@@ -6806,16 +6806,16 @@ function renderResult(activity, result) {
 }
 function renderPending(activity) {
   if (!process.stdout.isTTY) return;
-  process.stdout.write(`${formatBase(activity)}  ${import_chalk17.default.yellow("\u25CF \u2026")}\r`);
+  process.stdout.write(`${formatBase(activity)}  ${import_chalk18.default.yellow("\u25CF \u2026")}\r`);
 }
 async function ensureDaemon() {
   let pidPort = null;
-  if (import_fs25.default.existsSync(PID_FILE)) {
+  if (import_fs26.default.existsSync(PID_FILE)) {
     try {
-      const { port } = JSON.parse(import_fs25.default.readFileSync(PID_FILE, "utf-8"));
+      const { port } = JSON.parse(import_fs26.default.readFileSync(PID_FILE, "utf-8"));
       pidPort = port;
     } catch {
-      console.error(import_chalk17.default.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
+      console.error(import_chalk18.default.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
     }
   }
   const checkPort = pidPort ?? DAEMON_PORT;
@@ -6826,7 +6826,7 @@ async function ensureDaemon() {
     if (res.ok) return checkPort;
   } catch {
   }
-  console.log(import_chalk17.default.dim("\u{1F6E1}\uFE0F  Starting Node9 daemon..."));
+  console.log(import_chalk18.default.dim("\u{1F6E1}\uFE0F  Starting Node9 daemon..."));
   const child = (0, import_child_process14.spawn)(process.execPath, [process.argv[1], "daemon"], {
     detached: true,
     stdio: "ignore",
@@ -6843,7 +6843,7 @@ async function ensureDaemon() {
     } catch {
     }
   }
-  console.error(import_chalk17.default.red("\u274C Daemon failed to start. Try: node9 daemon start"));
+  console.error(import_chalk18.default.red("\u274C Daemon failed to start. Try: node9 daemon start"));
   process.exit(1);
 }
 function postDecisionHttp(id, decision, csrfToken, port, opts) {
@@ -6932,9 +6932,9 @@ function buildRecoveryCardLines(req) {
   ];
 }
 function readApproversFromDisk() {
-  const configPath = import_path28.default.join(import_os21.default.homedir(), ".node9", "config.json");
+  const configPath = import_path29.default.join(import_os22.default.homedir(), ".node9", "config.json");
   try {
-    const raw = JSON.parse(import_fs25.default.readFileSync(configPath, "utf-8"));
+    const raw = JSON.parse(import_fs26.default.readFileSync(configPath, "utf-8"));
     const settings = raw.settings ?? {};
     return settings.approvers ?? {};
   } catch {
@@ -6945,20 +6945,20 @@ function approverStatusLine() {
   const a = readApproversFromDisk();
   const fmt = (label, key) => {
     const on = a[key] !== false;
-    return `[${key[0]}]${label.slice(1)} ${on ? import_chalk17.default.green("\u2713") : import_chalk17.default.dim("\u2717")}`;
+    return `[${key[0]}]${label.slice(1)} ${on ? import_chalk18.default.green("\u2713") : import_chalk18.default.dim("\u2717")}`;
   };
   return `${fmt("native", "native")}  ${fmt("browser", "browser")}  ${fmt("cloud", "cloud")}  ${fmt("terminal", "terminal")}`;
 }
 function toggleApprover(channel) {
-  const configPath = import_path28.default.join(import_os21.default.homedir(), ".node9", "config.json");
+  const configPath = import_path29.default.join(import_os22.default.homedir(), ".node9", "config.json");
   try {
-    const raw = JSON.parse(import_fs25.default.readFileSync(configPath, "utf-8"));
+    const raw = JSON.parse(import_fs26.default.readFileSync(configPath, "utf-8"));
     const settings = raw.settings ?? {};
     const approvers = settings.approvers ?? {};
     approvers[channel] = approvers[channel] === false;
     settings.approvers = approvers;
     raw.settings = settings;
-    import_fs25.default.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
+    import_fs26.default.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
   } catch (err2) {
     process.stderr.write(`[node9] toggleApprover failed: ${String(err2)}
 `);
@@ -6990,7 +6990,7 @@ async function startTail(options = {}) {
       req2.end();
     });
     if (result.ok) {
-      console.log(import_chalk17.default.green("\u2713 Flight Recorder buffer cleared."));
+      console.log(import_chalk18.default.green("\u2713 Flight Recorder buffer cleared."));
     } else if (result.code === "ECONNREFUSED") {
       throw new Error("Daemon is not running. Start it with: node9 daemon start");
     } else if (result.code === "ETIMEDOUT") {
@@ -7034,7 +7034,7 @@ async function startTail(options = {}) {
       const channel = name === "n" ? "native" : name === "b" ? "browser" : name === "c" ? "cloud" : name === "t" ? "terminal" : null;
       if (channel) {
         toggleApprover(channel);
-        console.log(import_chalk17.default.dim(`  Approvers: ${approverStatusLine()}`));
+        console.log(import_chalk18.default.dim(`  Approvers: ${approverStatusLine()}`));
       }
     };
     process.stdin.on("keypress", idleKeypressHandler);
@@ -7100,7 +7100,7 @@ async function startTail(options = {}) {
           localAllowCounts.get(req2.toolName) ?? 0
         )
       );
-      const decisionStamp = action === "always-allow" ? import_chalk17.default.yellow("\u2605 ALWAYS ALLOW") : action === "trust" ? import_chalk17.default.cyan("\u23F1 TRUST 30m") : action === "allow" ? import_chalk17.default.green("\u2713 ALLOWED") : action === "redirect" ? import_chalk17.default.yellow("\u21A9 REDIRECT AI") : import_chalk17.default.red("\u2717 DENIED");
+      const decisionStamp = action === "always-allow" ? import_chalk18.default.yellow("\u2605 ALWAYS ALLOW") : action === "trust" ? import_chalk18.default.cyan("\u23F1 TRUST 30m") : action === "allow" ? import_chalk18.default.green("\u2713 ALLOWED") : action === "redirect" ? import_chalk18.default.yellow("\u21A9 REDIRECT AI") : import_chalk18.default.red("\u2717 DENIED");
       stampedLines.push(`  ${BOLD2}\u2192${RESET2} ${decisionStamp} ${GRAY}(terminal)${RESET2}`, ``);
       for (const line of stampedLines) process.stdout.write(line + "\n");
       process.stdout.write(SHOW_CURSOR);
@@ -7128,8 +7128,8 @@ async function startTail(options = {}) {
       }
       postDecisionHttp(req2.id, httpDecision, csrfToken, port, httpOpts).catch((err2) => {
         try {
-          import_fs25.default.appendFileSync(
-            import_path28.default.join(import_os21.default.homedir(), ".node9", "hook-debug.log"),
+          import_fs26.default.appendFileSync(
+            import_path29.default.join(import_os22.default.homedir(), ".node9", "hook-debug.log"),
             `[tail] POST /decision failed: ${String(err2)}
 `
           );
@@ -7151,7 +7151,7 @@ async function startTail(options = {}) {
       );
       const stampedLines = buildCardLines(req2, priorCount);
       if (externalDecision) {
-        const source = externalDecision === "allow" ? import_chalk17.default.green("\u2713 ALLOWED") : import_chalk17.default.red("\u2717 DENIED");
+        const source = externalDecision === "allow" ? import_chalk18.default.green("\u2713 ALLOWED") : import_chalk18.default.red("\u2717 DENIED");
         stampedLines.push(`  ${BOLD2}\u2192${RESET2} ${source} ${GRAY}(external)${RESET2}`, ``);
       }
       for (const line of stampedLines) process.stdout.write(line + "\n");
@@ -7210,16 +7210,16 @@ async function startTail(options = {}) {
     }
   } catch {
   }
-  console.log(import_chalk17.default.cyan.bold(`
-\u{1F6F0}\uFE0F  Node9 tail  `) + import_chalk17.default.dim(`\u2192 ${dashboardUrl}`));
+  console.log(import_chalk18.default.cyan.bold(`
+\u{1F6F0}\uFE0F  Node9 tail  `) + import_chalk18.default.dim(`\u2192 ${dashboardUrl}`));
   if (canApprove) {
-    console.log(import_chalk17.default.dim("Card: [\u21B5/y] Allow  [n] Deny  [a] Always  [t] Trust 30m"));
-    console.log(import_chalk17.default.dim(`Approvers (toggle): ${approverStatusLine()}  [q] quit`));
+    console.log(import_chalk18.default.dim("Card: [\u21B5/y] Allow  [n] Deny  [a] Always  [t] Trust 30m"));
+    console.log(import_chalk18.default.dim(`Approvers (toggle): ${approverStatusLine()}  [q] quit`));
   }
   if (options.history) {
-    console.log(import_chalk17.default.dim("Showing history + live events.\n"));
+    console.log(import_chalk18.default.dim("Showing history + live events.\n"));
   } else {
-    console.log(import_chalk17.default.dim("Showing live events only. Use --history to include past.\n"));
+    console.log(import_chalk18.default.dim("Showing live events only. Use --history to include past.\n"));
   }
   process.on("SIGINT", () => {
     exitIdleMode();
@@ -7229,13 +7229,13 @@ async function startTail(options = {}) {
       import_readline5.default.clearLine(process.stdout, 0);
       import_readline5.default.cursorTo(process.stdout, 0);
     }
-    console.log(import_chalk17.default.dim("\n\u{1F6F0}\uFE0F  Disconnected."));
+    console.log(import_chalk18.default.dim("\n\u{1F6F0}\uFE0F  Disconnected."));
     process.exit(0);
   });
   const sseUrl = `http://127.0.0.1:${port}/events?capabilities=input`;
   const req = import_http2.default.get(sseUrl, (res) => {
     if (res.statusCode !== 200) {
-      console.error(import_chalk17.default.red(`Failed to connect: HTTP ${res.statusCode}`));
+      console.error(import_chalk18.default.red(`Failed to connect: HTTP ${res.statusCode}`));
       process.exit(1);
     }
     if (canApprove) enterIdleMode();
@@ -7266,7 +7266,7 @@ async function startTail(options = {}) {
         import_readline5.default.clearLine(process.stdout, 0);
         import_readline5.default.cursorTo(process.stdout, 0);
       }
-      console.log(import_chalk17.default.red("\n\u274C Daemon disconnected."));
+      console.log(import_chalk18.default.red("\n\u274C Daemon disconnected."));
       process.exit(1);
     });
   });
@@ -7358,9 +7358,9 @@ async function startTail(options = {}) {
       const hash = data.hash ?? "";
       const summary = data.argsSummary ?? data.tool;
       const fileCount = data.fileCount ?? 0;
-      const files = fileCount > 0 ? import_chalk17.default.dim(` \xB7 ${fileCount} file${fileCount === 1 ? "" : "s"}`) : "";
+      const files = fileCount > 0 ? import_chalk18.default.dim(` \xB7 ${fileCount} file${fileCount === 1 ? "" : "s"}`) : "";
       process.stdout.write(
-        `${import_chalk17.default.dim(time)}  ${import_chalk17.default.cyan("\u{1F4F8} snapshot")}  ${import_chalk17.default.dim(hash)}  ${summary}${files}
+        `${import_chalk18.default.dim(time)}  ${import_chalk18.default.cyan("\u{1F4F8} snapshot")}  ${import_chalk18.default.dim(hash)}  ${summary}${files}
 `
       );
       return;
@@ -7377,26 +7377,26 @@ async function startTail(options = {}) {
   }
   req.on("error", (err2) => {
     const msg = err2.code === "ECONNREFUSED" ? "Daemon is not running. Start it with: node9 daemon start" : err2.message;
-    console.error(import_chalk17.default.red(`
+    console.error(import_chalk18.default.red(`
 \u274C ${msg}`));
     process.exit(1);
   });
 }
-var import_http2, import_chalk17, import_fs25, import_os21, import_path28, import_readline5, import_child_process14, PID_FILE, ICONS, RESET2, BOLD2, RED, YELLOW, CYAN, GRAY, GREEN, HIDE_CURSOR, SHOW_CURSOR, ERASE_DOWN, DIVIDER;
+var import_http2, import_chalk18, import_fs26, import_os22, import_path29, import_readline5, import_child_process14, PID_FILE, ICONS, RESET2, BOLD2, RED, YELLOW, CYAN, GRAY, GREEN, HIDE_CURSOR, SHOW_CURSOR, ERASE_DOWN, DIVIDER;
 var init_tail = __esm({
   "src/tui/tail.ts"() {
     "use strict";
     import_http2 = __toESM(require("http"));
-    import_chalk17 = __toESM(require("chalk"));
-    import_fs25 = __toESM(require("fs"));
-    import_os21 = __toESM(require("os"));
-    import_path28 = __toESM(require("path"));
+    import_chalk18 = __toESM(require("chalk"));
+    import_fs26 = __toESM(require("fs"));
+    import_os22 = __toESM(require("os"));
+    import_path29 = __toESM(require("path"));
     import_readline5 = __toESM(require("readline"));
     import_child_process14 = require("child_process");
     init_daemon2();
     init_daemon();
     init_core();
-    PID_FILE = import_path28.default.join(import_os21.default.homedir(), ".node9", "daemon.pid");
+    PID_FILE = import_path29.default.join(import_os22.default.homedir(), ".node9", "daemon.pid");
     ICONS = {
       bash: "\u{1F4BB}",
       shell: "\u{1F4BB}",
@@ -7509,9 +7509,9 @@ function formatTimeLeft(resetsAt) {
   return ` (${m}m left)`;
 }
 function safeReadJson(filePath) {
-  if (!import_fs26.default.existsSync(filePath)) return null;
+  if (!import_fs27.default.existsSync(filePath)) return null;
   try {
-    return JSON.parse(import_fs26.default.readFileSync(filePath, "utf-8"));
+    return JSON.parse(import_fs27.default.readFileSync(filePath, "utf-8"));
   } catch {
     return null;
   }
@@ -7532,12 +7532,12 @@ function countHooksInFile(filePath) {
   return Object.keys(cfg.hooks).length;
 }
 function countRulesInDir(rulesDir) {
-  if (!import_fs26.default.existsSync(rulesDir)) return 0;
+  if (!import_fs27.default.existsSync(rulesDir)) return 0;
   let count = 0;
   try {
-    for (const entry of import_fs26.default.readdirSync(rulesDir, { withFileTypes: true })) {
+    for (const entry of import_fs27.default.readdirSync(rulesDir, { withFileTypes: true })) {
       if (entry.isDirectory()) {
-        count += countRulesInDir(import_path29.default.join(rulesDir, entry.name));
+        count += countRulesInDir(import_path30.default.join(rulesDir, entry.name));
       } else if (entry.isFile() && entry.name.endsWith(".md")) {
         count++;
       }
@@ -7548,46 +7548,46 @@ function countRulesInDir(rulesDir) {
 }
 function isSamePath(a, b) {
   try {
-    return import_path29.default.resolve(a) === import_path29.default.resolve(b);
+    return import_path30.default.resolve(a) === import_path30.default.resolve(b);
   } catch {
     return false;
   }
 }
 function countConfigs(cwd) {
-  const homeDir2 = import_os22.default.homedir();
-  const claudeDir = import_path29.default.join(homeDir2, ".claude");
+  const homeDir2 = import_os23.default.homedir();
+  const claudeDir = import_path30.default.join(homeDir2, ".claude");
   let claudeMdCount = 0;
   let rulesCount = 0;
   let hooksCount = 0;
   const userMcpServers = /* @__PURE__ */ new Set();
   const projectMcpServers = /* @__PURE__ */ new Set();
-  if (import_fs26.default.existsSync(import_path29.default.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
-  rulesCount += countRulesInDir(import_path29.default.join(claudeDir, "rules"));
-  const userSettings = import_path29.default.join(claudeDir, "settings.json");
+  if (import_fs27.default.existsSync(import_path30.default.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
+  rulesCount += countRulesInDir(import_path30.default.join(claudeDir, "rules"));
+  const userSettings = import_path30.default.join(claudeDir, "settings.json");
   for (const name of getMcpServerNames(userSettings)) userMcpServers.add(name);
   hooksCount += countHooksInFile(userSettings);
-  const userClaudeJson = import_path29.default.join(homeDir2, ".claude.json");
+  const userClaudeJson = import_path30.default.join(homeDir2, ".claude.json");
   for (const name of getMcpServerNames(userClaudeJson)) userMcpServers.add(name);
   for (const name of getDisabledMcpServers(userClaudeJson, "disabledMcpServers")) {
     userMcpServers.delete(name);
   }
   if (cwd) {
-    if (import_fs26.default.existsSync(import_path29.default.join(cwd, "CLAUDE.md"))) claudeMdCount++;
-    if (import_fs26.default.existsSync(import_path29.default.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
-    const projectClaudeDir = import_path29.default.join(cwd, ".claude");
+    if (import_fs27.default.existsSync(import_path30.default.join(cwd, "CLAUDE.md"))) claudeMdCount++;
+    if (import_fs27.default.existsSync(import_path30.default.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
+    const projectClaudeDir = import_path30.default.join(cwd, ".claude");
     const overlapsUserScope = isSamePath(projectClaudeDir, claudeDir);
     if (!overlapsUserScope) {
-      if (import_fs26.default.existsSync(import_path29.default.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
-      rulesCount += countRulesInDir(import_path29.default.join(projectClaudeDir, "rules"));
-      const projSettings = import_path29.default.join(projectClaudeDir, "settings.json");
+      if (import_fs27.default.existsSync(import_path30.default.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
+      rulesCount += countRulesInDir(import_path30.default.join(projectClaudeDir, "rules"));
+      const projSettings = import_path30.default.join(projectClaudeDir, "settings.json");
       for (const name of getMcpServerNames(projSettings)) projectMcpServers.add(name);
       hooksCount += countHooksInFile(projSettings);
     }
-    if (import_fs26.default.existsSync(import_path29.default.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
-    const localSettings = import_path29.default.join(projectClaudeDir, "settings.local.json");
+    if (import_fs27.default.existsSync(import_path30.default.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
+    const localSettings = import_path30.default.join(projectClaudeDir, "settings.local.json");
     for (const name of getMcpServerNames(localSettings)) projectMcpServers.add(name);
     hooksCount += countHooksInFile(localSettings);
-    const mcpJsonServers = getMcpServerNames(import_path29.default.join(cwd, ".mcp.json"));
+    const mcpJsonServers = getMcpServerNames(import_path30.default.join(cwd, ".mcp.json"));
     const disabledMcpJson = getDisabledMcpServers(localSettings, "disabledMcpjsonServers");
     for (const name of disabledMcpJson) mcpJsonServers.delete(name);
     for (const name of mcpJsonServers) projectMcpServers.add(name);
@@ -7620,12 +7620,12 @@ function readActiveShieldsHud() {
     return shieldsCache.value;
   }
   try {
-    const shieldsPath = import_path29.default.join(import_os22.default.homedir(), ".node9", "shields.json");
-    if (!import_fs26.default.existsSync(shieldsPath)) {
+    const shieldsPath = import_path30.default.join(import_os23.default.homedir(), ".node9", "shields.json");
+    if (!import_fs27.default.existsSync(shieldsPath)) {
       shieldsCache = { value: [], ts: now };
       return [];
     }
-    const parsed = JSON.parse(import_fs26.default.readFileSync(shieldsPath, "utf-8"));
+    const parsed = JSON.parse(import_fs27.default.readFileSync(shieldsPath, "utf-8"));
     if (!Array.isArray(parsed.active)) {
       shieldsCache = { value: [], ts: now };
       return [];
@@ -7727,17 +7727,17 @@ function renderContextLine(stdin) {
 async function main() {
   try {
     const [stdin, daemonStatus2] = await Promise.all([readStdin(), queryDaemon()]);
-    if (import_fs26.default.existsSync(import_path29.default.join(import_os22.default.homedir(), ".node9", "hud-debug"))) {
+    if (import_fs27.default.existsSync(import_path30.default.join(import_os23.default.homedir(), ".node9", "hud-debug"))) {
       try {
-        const logPath = import_path29.default.join(import_os22.default.homedir(), ".node9", "hud-debug.log");
+        const logPath = import_path30.default.join(import_os23.default.homedir(), ".node9", "hud-debug.log");
         const MAX_LOG_SIZE = 10 * 1024 * 1024;
         let size = 0;
         try {
-          size = import_fs26.default.statSync(logPath).size;
+          size = import_fs27.default.statSync(logPath).size;
         } catch {
         }
         if (size < MAX_LOG_SIZE) {
-          import_fs26.default.appendFileSync(
+          import_fs27.default.appendFileSync(
             logPath,
             JSON.stringify({ ts: (/* @__PURE__ */ new Date()).toISOString(), stdin }) + "\n"
           );
@@ -7758,11 +7758,11 @@ async function main() {
       try {
         const cwd = stdin.cwd ?? process.cwd();
         for (const configPath of [
-          import_path29.default.join(cwd, "node9.config.json"),
-          import_path29.default.join(import_os22.default.homedir(), ".node9", "config.json")
+          import_path30.default.join(cwd, "node9.config.json"),
+          import_path30.default.join(import_os23.default.homedir(), ".node9", "config.json")
         ]) {
-          if (!import_fs26.default.existsSync(configPath)) continue;
-          const cfg = JSON.parse(import_fs26.default.readFileSync(configPath, "utf-8"));
+          if (!import_fs27.default.existsSync(configPath)) continue;
+          const cfg = JSON.parse(import_fs27.default.readFileSync(configPath, "utf-8"));
           const hud = cfg.settings?.hud;
           if (hud && "showEnvironmentCounts" in hud) return hud.showEnvironmentCounts !== false;
         }
@@ -7780,13 +7780,13 @@ async function main() {
     renderOffline();
   }
 }
-var import_fs26, import_path29, import_os22, import_http3, RESET3, BOLD3, DIM, RED2, GREEN2, YELLOW2, BLUE, MAGENTA, CYAN2, WHITE, BAR_FILLED, BAR_EMPTY, BAR_WIDTH, shieldsCache, SHIELDS_CACHE_TTL_MS;
+var import_fs27, import_path30, import_os23, import_http3, RESET3, BOLD3, DIM, RED2, GREEN2, YELLOW2, BLUE, MAGENTA, CYAN2, WHITE, BAR_FILLED, BAR_EMPTY, BAR_WIDTH, shieldsCache, SHIELDS_CACHE_TTL_MS;
 var init_hud = __esm({
   "src/cli/hud.ts"() {
     "use strict";
-    import_fs26 = __toESM(require("fs"));
-    import_path29 = __toESM(require("path"));
-    import_os22 = __toESM(require("os"));
+    import_fs27 = __toESM(require("fs"));
+    import_path30 = __toESM(require("path"));
+    import_os23 = __toESM(require("os"));
     import_http3 = __toESM(require("http"));
     init_daemon();
     RESET3 = "\x1B[0m";
@@ -8395,10 +8395,10 @@ function teardownHud() {
 
 // src/cli.ts
 init_daemon2();
-var import_chalk18 = __toESM(require("chalk"));
-var import_fs27 = __toESM(require("fs"));
-var import_path30 = __toESM(require("path"));
-var import_os23 = __toESM(require("os"));
+var import_chalk19 = __toESM(require("chalk"));
+var import_fs28 = __toESM(require("fs"));
+var import_path31 = __toESM(require("path"));
+var import_os24 = __toESM(require("os"));
 var import_prompts2 = require("@inquirer/prompts");
 
 // src/utils/duration.ts
@@ -10288,11 +10288,17 @@ function registerInitCommand(program2) {
       if (sendTelemetry) fireTelemetryPing(found);
       console.log("");
     }
-    console.log(import_chalk11.default.green.bold("\u{1F6E1}\uFE0F  Node9 is ready!"));
+    const agentList = found.join(", ");
+    console.log(import_chalk11.default.green.bold(`\u{1F6E1}\uFE0F  Node9 is protecting ${agentList}!`));
+    console.log("");
+    console.log(import_chalk11.default.white("  Watch live:  ") + import_chalk11.default.cyan("node9 tail"));
+    console.log(import_chalk11.default.white("  Local UI:    ") + import_chalk11.default.cyan("node9 daemon --openui"));
     console.log("");
-    console.log(import_chalk11.default.white("  Start watching:  ") + import_chalk11.default.cyan("node9 tail"));
-    console.log(import_chalk11.default.white("  Browser view:    ") + import_chalk11.default.cyan("node9 daemon --openui"));
-    console.log(import_chalk11.default.white("  Cloud dashboard: ") + import_chalk11.default.cyan("node9.ai"));
+    console.log(import_chalk11.default.gray("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
+    console.log(
+      import_chalk11.default.white("  Team dashboard + full audit trail \u2192 ") + import_chalk11.default.cyan.bold("https://node9.ai")
+    );
+    console.log(import_chalk11.default.gray("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
   });
 }
 
@@ -10650,6 +10656,90 @@ var import_child_process13 = require("child_process");
 var import_execa3 = require("execa");
 init_orchestrator();
 init_provenance();
+
+// src/mcp-pin.ts
+var import_fs24 = __toESM(require("fs"));
+var import_path27 = __toESM(require("path"));
+var import_os20 = __toESM(require("os"));
+var import_crypto8 = __toESM(require("crypto"));
+function getPinsFilePath() {
+  return import_path27.default.join(import_os20.default.homedir(), ".node9", "mcp-pins.json");
+}
+function hashToolDefinitions(tools) {
+  const sorted = [...tools].sort((a, b) => {
+    const nameA = a.name ?? "";
+    const nameB = b.name ?? "";
+    return nameA.localeCompare(nameB);
+  });
+  const canonical = JSON.stringify(sorted);
+  return import_crypto8.default.createHash("sha256").update(canonical).digest("hex");
+}
+function getServerKey(upstreamCommand) {
+  return import_crypto8.default.createHash("sha256").update(upstreamCommand).digest("hex").slice(0, 16);
+}
+function readMcpPinsSafe() {
+  const filePath = getPinsFilePath();
+  try {
+    const raw = import_fs24.default.readFileSync(filePath, "utf-8");
+    if (!raw.trim()) {
+      return { ok: false, reason: "corrupt", detail: "empty file" };
+    }
+    const parsed = JSON.parse(raw);
+    if (!parsed.servers || typeof parsed.servers !== "object" || Array.isArray(parsed.servers)) {
+      return { ok: false, reason: "corrupt", detail: "invalid structure: missing servers object" };
+    }
+    return { ok: true, pins: { servers: parsed.servers } };
+  } catch (err2) {
+    if (err2.code === "ENOENT") {
+      return { ok: false, reason: "missing" };
+    }
+    return { ok: false, reason: "corrupt", detail: String(err2) };
+  }
+}
+function readMcpPins() {
+  const result = readMcpPinsSafe();
+  if (result.ok) return result.pins;
+  if (result.reason === "missing") return { servers: {} };
+  throw new Error(`[node9] MCP pin file is corrupt: ${result.detail}`);
+}
+function writeMcpPins(data) {
+  const filePath = getPinsFilePath();
+  import_fs24.default.mkdirSync(import_path27.default.dirname(filePath), { recursive: true });
+  const tmp = `${filePath}.${import_crypto8.default.randomBytes(6).toString("hex")}.tmp`;
+  import_fs24.default.writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 384 });
+  import_fs24.default.renameSync(tmp, filePath);
+}
+function checkPin(serverKey, currentHash) {
+  const result = readMcpPinsSafe();
+  if (!result.ok) {
+    if (result.reason === "missing") return "new";
+    return "corrupt";
+  }
+  const entry = result.pins.servers[serverKey];
+  if (!entry) return "new";
+  return entry.toolsHash === currentHash ? "match" : "mismatch";
+}
+function updatePin(serverKey, label, toolsHash, toolNames) {
+  const pins = readMcpPins();
+  pins.servers[serverKey] = {
+    label,
+    toolsHash,
+    toolNames,
+    toolCount: toolNames.length,
+    pinnedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  writeMcpPins(pins);
+}
+function removePin(serverKey) {
+  const pins = readMcpPins();
+  delete pins.servers[serverKey];
+  writeMcpPins(pins);
+}
+function clearAllPins() {
+  writeMcpPins({ servers: {} });
+}
+
+// src/mcp-gateway/index.ts
 function sanitize4(value) {
   return value.replace(/[\x00-\x1F\x7F]/g, "");
 }
@@ -10743,6 +10833,10 @@ async function runMcpGateway(upstreamCommand) {
   let authPending = false;
   let deferredExitCode = null;
   let deferredStdinEnd = false;
+  const pendingToolsListIds = /* @__PURE__ */ new Set();
+  const serverKey = getServerKey(upstreamCommand);
+  let pinState = "pending";
+  const pendingToolCalls = [];
   const agentIn = import_readline3.default.createInterface({ input: process.stdin, terminal: false });
   agentIn.on("line", async (line) => {
     let message;
@@ -10765,8 +10859,43 @@ async function runMcpGateway(upstreamCommand) {
       child.stdin.write(line + "\n");
       return;
     }
+    if (message.method === "tools/list" && message.id !== void 0 && message.id !== null) {
+      pendingToolsListIds.add(message.id);
+    }
     if (message.method === "tools/call" || message.method === "call_tool" || message.method === "use_tool") {
-      agentIn.pause();
+      if (pinState === "quarantined") {
+        if (message.id === void 0 || message.id === null) return;
+        const errorResponse = {
+          jsonrpc: "2.0",
+          id: message.id,
+          error: {
+            code: RPC_SERVER_ERROR,
+            message: `Node9 Security: This MCP session is quarantined due to a tool definition mismatch or corrupt pin state. The human operator must review and approve changes before tool calls are allowed. Run: node9 mcp pin update ${serverKey}`,
+            data: { reason: "pin-quarantine", serverKey, pinState }
+          }
+        };
+        process.stdout.write(JSON.stringify(errorResponse) + "\n");
+        return;
+      }
+      if (pinState === "pending") {
+        if (pendingToolsListIds.size > 0) {
+          pendingToolCalls.push(line);
+          return;
+        }
+        if (message.id === void 0 || message.id === null) return;
+        const errorResponse = {
+          jsonrpc: "2.0",
+          id: message.id,
+          error: {
+            code: RPC_SERVER_ERROR,
+            message: "Node9 Security: Tool calls are blocked until MCP tool definitions have been verified. The client must issue a tools/list request before calling tools.",
+            data: { reason: "pin-quarantine", serverKey, pinState }
+          }
+        };
+        process.stdout.write(JSON.stringify(errorResponse) + "\n");
+        return;
+      }
+      if (!deferredStdinEnd) agentIn.pause();
       authPending = true;
       try {
         const toolName = sanitize4(
@@ -10828,9 +10957,100 @@ async function runMcpGateway(upstreamCommand) {
     }
     child.stdin.write(line + "\n");
   });
-  child.stdout.pipe(process.stdout);
+  function drainPendingToolCalls() {
+    if (pendingToolCalls.length === 0) {
+      if (deferredStdinEnd && !authPending) child.stdin.end();
+      return;
+    }
+    const lines = pendingToolCalls.splice(0);
+    for (const queuedLine of lines) {
+      agentIn.emit("line", queuedLine);
+    }
+    if (deferredStdinEnd && !authPending) child.stdin.end();
+  }
+  const upstreamOut = import_readline3.default.createInterface({ input: child.stdout, terminal: false });
+  upstreamOut.on("line", (line) => {
+    let parsed;
+    try {
+      parsed = JSON.parse(line);
+    } catch {
+    }
+    if (!parsed) {
+      process.stdout.write(line + "\n");
+      return;
+    }
+    if (parsed.id !== void 0 && pendingToolsListIds.has(parsed.id)) {
+      pendingToolsListIds.delete(parsed.id);
+      if (parsed.result && Array.isArray(parsed.result.tools)) {
+        const tools = parsed.result.tools;
+        const currentHash = hashToolDefinitions(tools);
+        const pinStatus = checkPin(serverKey, currentHash);
+        if (pinStatus === "new") {
+          const toolNames = tools.map((t) => t.name ?? "unknown").sort();
+          updatePin(serverKey, upstreamCommand, currentHash, toolNames);
+          pinState = "validated";
+          console.error(
+            import_chalk15.default.green(
+              `\u{1F512} Node9: Pinned ${toolNames.length} tool definition(s) for this MCP server`
+            )
+          );
+          process.stdout.write(line + "\n");
+          drainPendingToolCalls();
+        } else if (pinStatus === "match") {
+          pinState = "validated";
+          process.stdout.write(line + "\n");
+          drainPendingToolCalls();
+        } else if (pinStatus === "corrupt") {
+          pinState = "quarantined";
+          console.error(
+            import_chalk15.default.red("\n\u{1F6A8} Node9: MCP pin file is corrupt or unreadable \u2014 session quarantined!")
+          );
+          console.error(import_chalk15.default.red("   Tool calls are blocked until the pin file is repaired."));
+          console.error(
+            import_chalk15.default.yellow(`   Run: node9 mcp pin reset  (to clear and re-pin on next connect)
+`)
+          );
+          const errorResponse = {
+            jsonrpc: "2.0",
+            id: parsed.id,
+            error: {
+              code: RPC_SERVER_ERROR,
+              message: "Node9 Security: MCP pin file is corrupt or unreadable. Tool definitions cannot be verified. Session quarantined. The human operator must repair or reset the pin file. Run: node9 mcp pin reset",
+              data: { reason: "pin-file-corrupt", serverKey }
+            }
+          };
+          process.stdout.write(JSON.stringify(errorResponse) + "\n");
+          drainPendingToolCalls();
+        } else {
+          pinState = "quarantined";
+          console.error(
+            import_chalk15.default.red("\n\u{1F6A8} Node9: MCP tool definitions have changed since last verified!")
+          );
+          console.error(
+            import_chalk15.default.red("   This could indicate a supply chain attack (tool poisoning / rug pull).")
+          );
+          console.error(import_chalk15.default.red("   Session quarantined \u2014 all tool calls blocked."));
+          console.error(import_chalk15.default.yellow(`   Run: node9 mcp pin update ${serverKey}
+`));
+          const errorResponse = {
+            jsonrpc: "2.0",
+            id: parsed.id,
+            error: {
+              code: RPC_SERVER_ERROR,
+              message: `Node9 Security: MCP server tool definitions have changed since they were last pinned. This could indicate a supply chain attack (tool poisoning / rug pull). Session quarantined \u2014 all tool calls are blocked. The human operator must review and approve the changes. Run: node9 mcp pin update ${serverKey}`,
+              data: { reason: "tool-pin-mismatch", serverKey }
+            }
+          };
+          process.stdout.write(JSON.stringify(errorResponse) + "\n");
+          drainPendingToolCalls();
+        }
+        return;
+      }
+    }
+    process.stdout.write(line + "\n");
+  });
   process.stdin.on("close", () => {
-    if (authPending) {
+    if (authPending || pendingToolCalls.length > 0) {
       deferredStdinEnd = true;
     } else {
       child.stdin.end();
@@ -10859,9 +11079,9 @@ function registerMcpGatewayCommand(program2) {
 
 // src/mcp-server/index.ts
 var import_readline4 = __toESM(require("readline"));
-var import_fs24 = __toESM(require("fs"));
-var import_os20 = __toESM(require("os"));
-var import_path27 = __toESM(require("path"));
+var import_fs25 = __toESM(require("fs"));
+var import_os21 = __toESM(require("os"));
+var import_path28 = __toESM(require("path"));
 init_core();
 init_daemon();
 init_shields();
@@ -10961,6 +11181,60 @@ var TOOLS = [
       },
       required: ["hash"]
     }
+  },
+  {
+    name: "node9_audit_get",
+    description: "Read recent entries from the node9 audit log (~/.node9/audit.log). Each entry shows timestamp, tool name, decision (allow/block/review), and agent. Use this to review what AI actions have been taken recently.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        limit: {
+          type: "number",
+          description: "Number of recent entries to return (default: 20, max: 100)."
+        }
+      },
+      required: []
+    }
+  },
+  {
+    name: "node9_policy_get",
+    description: "Show all active smart rules in detail \u2014 name, tool, verdict, conditions, and reason. Includes default rules, shield rules, and any custom project rules. Use this to understand exactly what is being blocked or reviewed.",
+    inputSchema: { type: "object", properties: {}, required: [] }
+  },
+  {
+    name: "node9_rule_add",
+    description: 'Add a new protective smart rule to the global node9 config (~/.node9/config.json). Rules can block or send dangerous commands for human review based on regex conditions. IMPORTANT: only "block" and "review" verdicts are permitted \u2014 "allow" rules are never accepted because they would weaken node9 security. Rules can only be added, never removed.',
+    inputSchema: {
+      type: "object",
+      properties: {
+        name: {
+          type: "string",
+          description: 'Unique rule name (e.g. "block-drop-prod-db").'
+        },
+        tool: {
+          type: "string",
+          description: 'Tool to match \u2014 "bash", "*", or a specific tool name.'
+        },
+        field: {
+          type: "string",
+          description: 'Field to inspect \u2014 "command" for bash, "sql" for database tools.'
+        },
+        pattern: {
+          type: "string",
+          description: "Regex pattern to match against the field."
+        },
+        verdict: {
+          type: "string",
+          enum: ["block", "review"],
+          description: 'Action to take when the rule matches. Only "block" or "review" are allowed.'
+        },
+        reason: {
+          type: "string",
+          description: "Human-readable explanation shown when the rule triggers."
+        }
+      },
+      required: ["name", "tool", "field", "pattern", "verdict", "reason"]
+    }
   }
 ];
 function handleStatus() {
@@ -10982,13 +11256,13 @@ function handleStatus() {
   lines.push(`Active shields: ${activeShields.length > 0 ? activeShields.join(", ") : "none"}`);
   lines.push(`Smart rules: ${config.policy.smartRules.length} loaded`);
   lines.push(`DLP: ${config.policy.dlp?.enabled !== false ? "enabled" : "disabled"}`);
-  const projectConfig = import_path27.default.join(process.cwd(), "node9.config.json");
-  const globalConfig = import_path27.default.join(import_os20.default.homedir(), ".node9", "config.json");
+  const projectConfig = import_path28.default.join(process.cwd(), "node9.config.json");
+  const globalConfig = import_path28.default.join(import_os21.default.homedir(), ".node9", "config.json");
   lines.push(
-    `Project config (node9.config.json): ${import_fs24.default.existsSync(projectConfig) ? "present" : "not found"}`
+    `Project config (node9.config.json): ${import_fs25.default.existsSync(projectConfig) ? "present" : "not found"}`
   );
   lines.push(
-    `Global config (~/.node9/config.json): ${import_fs24.default.existsSync(globalConfig) ? "present" : "not found"}`
+    `Global config (~/.node9/config.json): ${import_fs25.default.existsSync(globalConfig) ? "present" : "not found"}`
   );
   return lines.join("\n");
 }
@@ -11062,21 +11336,21 @@ function handleShieldDisable(args) {
   writeActiveShields(active.filter((s) => s !== name));
   return `Shield "${name}" disabled.`;
 }
-var GLOBAL_CONFIG_PATH2 = import_path27.default.join(import_os20.default.homedir(), ".node9", "config.json");
+var GLOBAL_CONFIG_PATH2 = import_path28.default.join(import_os21.default.homedir(), ".node9", "config.json");
 var APPROVER_CHANNELS = ["native", "browser", "cloud", "terminal"];
 function readGlobalConfigRaw() {
   try {
-    if (import_fs24.default.existsSync(GLOBAL_CONFIG_PATH2)) {
-      return JSON.parse(import_fs24.default.readFileSync(GLOBAL_CONFIG_PATH2, "utf-8"));
+    if (import_fs25.default.existsSync(GLOBAL_CONFIG_PATH2)) {
+      return JSON.parse(import_fs25.default.readFileSync(GLOBAL_CONFIG_PATH2, "utf-8"));
     }
   } catch {
   }
   return {};
 }
 function writeGlobalConfigRaw(data) {
-  const dir = import_path27.default.dirname(GLOBAL_CONFIG_PATH2);
-  if (!import_fs24.default.existsSync(dir)) import_fs24.default.mkdirSync(dir, { recursive: true });
-  import_fs24.default.writeFileSync(GLOBAL_CONFIG_PATH2, JSON.stringify(data, null, 2) + "\n");
+  const dir = import_path28.default.dirname(GLOBAL_CONFIG_PATH2);
+  if (!import_fs25.default.existsSync(dir)) import_fs25.default.mkdirSync(dir, { recursive: true });
+  import_fs25.default.writeFileSync(GLOBAL_CONFIG_PATH2, JSON.stringify(data, null, 2) + "\n");
 }
 function handleApproverList() {
   const config = getConfig();
@@ -11117,6 +11391,75 @@ function handleApproverSet(args) {
   const suffix = anyEnabled ? "" : "\nWARNING: all approver channels are now disabled \u2014 node9 cannot prompt for approval.";
   return `Approver channel "${channel}" ${enabled ? "enabled" : "disabled"} in ~/.node9/config.json.${suffix}`;
 }
+function handleAuditGet(args) {
+  const limit = Math.min(typeof args.limit === "number" ? args.limit : 20, 100);
+  const auditPath = import_path28.default.join(import_os21.default.homedir(), ".node9", "audit.log");
+  if (!import_fs25.default.existsSync(auditPath)) return "No audit log found.";
+  const lines = import_fs25.default.readFileSync(auditPath, "utf-8").trim().split("\n").filter(Boolean);
+  const recent = lines.slice(-limit);
+  const entries = recent.map((line) => {
+    try {
+      const e = JSON.parse(line);
+      return `${e.ts}  ${String(e.tool).padEnd(20)} ${String(e.decision).padEnd(8)} ${e.agent ?? ""}`;
+    } catch {
+      return line;
+    }
+  });
+  return `Last ${entries.length} audit entries:
+
+${entries.join("\n")}`;
+}
+function handlePolicyGet() {
+  const config = getConfig();
+  const rules = config.policy.smartRules;
+  if (rules.length === 0) return "No smart rules active.";
+  const lines = rules.map((r, i) => {
+    const conditions = r.conditions.map((c) => `${c.field} ${c.op} "${c.value}"`).join(` ${r.conditionMode ?? "all"} `);
+    return `[${i + 1}] ${r.name ?? "(unnamed)"}  tool:${r.tool}  verdict:${r.verdict}
+    conditions: ${conditions}
+    reason: ${r.reason ?? "\u2014"}`;
+  });
+  return `${rules.length} active smart rules:
+
+${lines.join("\n\n")}`;
+}
+function handleRuleAdd(args) {
+  const name = args.name;
+  const tool = args.tool;
+  const field = args.field;
+  const pattern = args.pattern;
+  const verdict = args.verdict;
+  const reason = args.reason;
+  if (!["block", "review"].includes(verdict)) {
+    throw new Error(
+      'verdict must be "block" or "review" \u2014 "allow" rules are not permitted as they would weaken node9 security'
+    );
+  }
+  try {
+    new RegExp(pattern);
+  } catch {
+    throw new Error(`Invalid regex pattern: ${pattern}`);
+  }
+  const raw = readGlobalConfigRaw();
+  const policy = raw.policy ?? {};
+  const smartRules = policy.smartRules ?? [];
+  const existing = smartRules.find(
+    (r) => typeof r === "object" && r !== null && r.name === name
+  );
+  if (existing) throw new Error(`A rule named "${name}" already exists.`);
+  smartRules.push({
+    name,
+    tool,
+    conditions: [{ field, op: "matches", value: pattern }],
+    conditionMode: "all",
+    verdict,
+    reason
+  });
+  policy.smartRules = smartRules;
+  raw.policy = policy;
+  writeGlobalConfigRaw(raw);
+  return `Rule "${name}" added to ~/.node9/config.json \u2014 verdict: ${verdict} when ${field} matches "${pattern}"`;
+}
 function handleUndoList() {
   const history = getSnapshotHistory();
   if (history.length === 0) {
@@ -11200,6 +11543,12 @@ function runMcpServer() {
           text = handleUndoList();
         } else if (toolName === "node9_undo_revert") {
           text = handleUndoRevert(toolArgs);
+        } else if (toolName === "node9_audit_get") {
+          text = handleAuditGet(toolArgs);
+        } else if (toolName === "node9_policy_get") {
+          text = handlePolicyGet();
+        } else if (toolName === "node9_rule_add") {
+          text = handleRuleAdd(toolArgs);
         } else {
           process.stdout.write(err(id, -32601, `Unknown tool: ${toolName}`) + "\n");
           return;
@@ -11287,22 +11636,99 @@ function registerTrustCommand(program2) {
   });
 }
 
+// src/cli/commands/mcp-pin.ts
+var import_chalk17 = __toESM(require("chalk"));
+function registerMcpPinCommand(program2) {
+  const pinCmd = program2.command("mcp").description("Manage MCP server tool definition pinning (rug pull defense)");
+  const pinSubCmd = pinCmd.command("pin").description("Manage pinned MCP server tool definitions");
+  pinSubCmd.command("list").description("Show all pinned MCP servers and their tool definition hashes").action(() => {
+    const result = readMcpPinsSafe();
+    if (!result.ok) {
+      if (result.reason === "missing") {
+        console.log(import_chalk17.default.gray("\nNo MCP servers are pinned yet."));
+        console.log(
+          import_chalk17.default.gray("Pins are created automatically when the MCP gateway first connects.\n")
+        );
+        return;
+      }
+      console.error(import_chalk17.default.red(`
+\u274C Pin file is corrupt: ${result.detail}`));
+      console.error(import_chalk17.default.yellow("   Run: node9 mcp pin reset\n"));
+      process.exit(1);
+    }
+    const entries = Object.entries(result.pins.servers);
+    if (entries.length === 0) {
+      console.log(import_chalk17.default.gray("\nNo MCP servers are pinned yet."));
+      console.log(
+        import_chalk17.default.gray("Pins are created automatically when the MCP gateway first connects.\n")
+      );
+      return;
+    }
+    console.log(import_chalk17.default.bold("\n\u{1F512} Pinned MCP Servers\n"));
+    for (const [key, entry] of entries) {
+      console.log(`  ${import_chalk17.default.cyan(key)}  ${import_chalk17.default.gray(entry.label)}`);
+      console.log(`    Tools (${entry.toolCount}): ${import_chalk17.default.white(entry.toolNames.join(", "))}`);
+      console.log(`    Hash:  ${import_chalk17.default.gray(entry.toolsHash.slice(0, 16))}...`);
+      console.log(`    Pinned: ${import_chalk17.default.gray(entry.pinnedAt)}`);
+      console.log("");
+    }
+  });
+  pinSubCmd.command("update <serverKey>").description(
+    "Remove a pin so the next gateway connection re-pins with current tool definitions"
+  ).action((serverKey) => {
+    let pins;
+    try {
+      pins = readMcpPins();
+    } catch {
+      console.error(import_chalk17.default.red("\n\u274C Pin file is corrupt."));
+      console.error(import_chalk17.default.yellow("   Run: node9 mcp pin reset\n"));
+      process.exit(1);
+    }
+    if (!pins.servers[serverKey]) {
+      console.error(import_chalk17.default.red(`
+\u274C No pin found for server key "${serverKey}"
+`));
+      console.error(`Run ${import_chalk17.default.cyan("node9 mcp pin list")} to see pinned servers.
+`);
+      process.exit(1);
+    }
+    const label = pins.servers[serverKey].label;
+    removePin(serverKey);
+    console.log(import_chalk17.default.green(`
+\u{1F513} Pin removed for ${import_chalk17.default.cyan(serverKey)}`));
+    console.log(import_chalk17.default.gray(`   Server: ${label}`));
+    console.log(import_chalk17.default.gray("   Next connection will re-pin with current tool definitions.\n"));
+  });
+  pinSubCmd.command("reset").description("Clear all MCP pins (next connection to each server will re-pin)").action(() => {
+    const result = readMcpPinsSafe();
+    if (!result.ok && result.reason === "missing") {
+      console.log(import_chalk17.default.gray("\nNo pins to clear.\n"));
+      return;
+    }
+    const count = result.ok ? Object.keys(result.pins.servers).length : "?";
+    clearAllPins();
+    console.log(import_chalk17.default.green(`
+\u{1F513} Cleared ${count} MCP pin(s).`));
+    console.log(import_chalk17.default.gray("   Next connection to each server will re-pin.\n"));
+  });
+}
+
 // src/cli.ts
 var { version } = JSON.parse(
-  import_fs27.default.readFileSync(import_path30.default.join(__dirname, "../package.json"), "utf-8")
+  import_fs28.default.readFileSync(import_path31.default.join(__dirname, "../package.json"), "utf-8")
 );
 var program = new import_commander.Command();
 program.name("node9").description("The Sudo Command for AI Agents").version(version);
 program.command("login").argument("<apiKey>").option("--local", "Save key for audit/logging only \u2014 local config still controls all decisions").option("--profile <name>", 'Save as a named profile (default: "default")').action((apiKey, options) => {
   const DEFAULT_API_URL = "https://api.node9.ai/api/v1/intercept";
-  const credPath = import_path30.default.join(import_os23.default.homedir(), ".node9", "credentials.json");
-  if (!import_fs27.default.existsSync(import_path30.default.dirname(credPath)))
-    import_fs27.default.mkdirSync(import_path30.default.dirname(credPath), { recursive: true });
+  const credPath = import_path31.default.join(import_os24.default.homedir(), ".node9", "credentials.json");
+  if (!import_fs28.default.existsSync(import_path31.default.dirname(credPath)))
+    import_fs28.default.mkdirSync(import_path31.default.dirname(credPath), { recursive: true });
   const profileName = options.profile || "default";
   let existingCreds = {};
   try {
-    if (import_fs27.default.existsSync(credPath)) {
-      const raw = JSON.parse(import_fs27.default.readFileSync(credPath, "utf-8"));
+    if (import_fs28.default.existsSync(credPath)) {
+      const raw = JSON.parse(import_fs28.default.readFileSync(credPath, "utf-8"));
       if (raw.apiKey) {
         existingCreds = {
           default: { apiKey: raw.apiKey, apiUrl: raw.apiUrl || DEFAULT_API_URL }
@@ -11314,13 +11740,13 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
   } catch {
   }
   existingCreds[profileName] = { apiKey, apiUrl: DEFAULT_API_URL };
-  import_fs27.default.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
+  import_fs28.default.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
   if (profileName === "default") {
-    const configPath = import_path30.default.join(import_os23.default.homedir(), ".node9", "config.json");
+    const configPath = import_path31.default.join(import_os24.default.homedir(), ".node9", "config.json");
     let config = {};
     try {
-      if (import_fs27.default.existsSync(configPath))
-        config = JSON.parse(import_fs27.default.readFileSync(configPath, "utf-8"));
+      if (import_fs28.default.existsSync(configPath))
+        config = JSON.parse(import_fs28.default.readFileSync(configPath, "utf-8"));
     } catch {
     }
     if (!config.settings || typeof config.settings !== "object") config.settings = {};
@@ -11335,19 +11761,19 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
       approvers.cloud = false;
     }
     s.approvers = approvers;
-    if (!import_fs27.default.existsSync(import_path30.default.dirname(configPath)))
-      import_fs27.default.mkdirSync(import_path30.default.dirname(configPath), { recursive: true });
-    import_fs27.default.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
+    if (!import_fs28.default.existsSync(import_path31.default.dirname(configPath)))
+      import_fs28.default.mkdirSync(import_path31.default.dirname(configPath), { recursive: true });
+    import_fs28.default.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
   }
   if (options.profile && profileName !== "default") {
-    console.log(import_chalk18.default.green(`\u2705 Profile "${profileName}" saved`));
-    console.log(import_chalk18.default.gray(`   Switch to it per-session:  NODE9_PROFILE=${profileName} claude`));
+    console.log(import_chalk19.default.green(`\u2705 Profile "${profileName}" saved`));
+    console.log(import_chalk19.default.gray(`   Switch to it per-session:  NODE9_PROFILE=${profileName} claude`));
   } else if (options.local) {
-    console.log(import_chalk18.default.green(`\u2705 Privacy mode \u{1F6E1}\uFE0F`));
-    console.log(import_chalk18.default.gray(`   All decisions stay on this machine.`));
+    console.log(import_chalk19.default.green(`\u2705 Privacy mode \u{1F6E1}\uFE0F`));
+    console.log(import_chalk19.default.gray(`   All decisions stay on this machine.`));
   } else {
-    console.log(import_chalk18.default.green(`\u2705 Logged in \u2014 agent mode`));
-    console.log(import_chalk18.default.gray(`   Team policy enforced for all calls via Node9 cloud.`));
+    console.log(import_chalk19.default.green(`\u2705 Logged in \u2014 agent mode`));
+    console.log(import_chalk19.default.gray(`   Team policy enforced for all calls via Node9 cloud.`));
   }
 });
 program.command("addto").description("Integrate Node9 with an AI agent").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  hud").argument("<target>", "The agent to protect: claude | gemini | cursor | hud").action(async (target) => {
@@ -11355,19 +11781,19 @@ program.command("addto").description("Integrate Node9 with an AI agent").addHelp
   if (target === "claude") return await setupClaude();
   if (target === "cursor") return await setupCursor();
   if (target === "hud") return setupHud();
-  console.error(import_chalk18.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`));
+  console.error(import_chalk19.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`));
   process.exit(1);
 });
 program.command("setup").description('Alias for "addto" \u2014 integrate Node9 with an AI agent').addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  hud").argument("[target]", "The agent to protect: claude | gemini | cursor | hud").action(async (target) => {
   if (!target) {
-    console.log(import_chalk18.default.cyan("\n\u{1F6E1}\uFE0F  Node9 Setup \u2014 integrate with your AI agent\n"));
-    console.log("  Usage:  " + import_chalk18.default.white("node9 setup <target>") + "\n");
+    console.log(import_chalk19.default.cyan("\n\u{1F6E1}\uFE0F  Node9 Setup \u2014 integrate with your AI agent\n"));
+    console.log("  Usage:  " + import_chalk19.default.white("node9 setup <target>") + "\n");
     console.log("  Targets:");
-    console.log("    " + import_chalk18.default.green("claude") + "   \u2014 Claude Code (hook mode)");
-    console.log("    " + import_chalk18.default.green("gemini") + "   \u2014 Gemini CLI (hook mode)");
-    console.log("    " + import_chalk18.default.green("cursor") + "   \u2014 Cursor (hook mode)");
+    console.log("    " + import_chalk19.default.green("claude") + "   \u2014 Claude Code (hook mode)");
+    console.log("    " + import_chalk19.default.green("gemini") + "   \u2014 Gemini CLI (hook mode)");
+    console.log("    " + import_chalk19.default.green("cursor") + "   \u2014 Cursor (hook mode)");
     process.stdout.write(
-      "    " + import_chalk18.default.green("hud") + "     \u2014 Claude Code security statusline\n"
+      "    " + import_chalk19.default.green("hud") + "     \u2014 Claude Code security statusline\n"
     );
     console.log("");
     return;
@@ -11377,7 +11803,7 @@ program.command("setup").description('Alias for "addto" \u2014 integrate Node9 w
   if (t === "claude") return await setupClaude();
   if (t === "cursor") return await setupCursor();
   if (t === "hud") return setupHud();
-  console.error(import_chalk18.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`));
+  console.error(import_chalk19.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`));
   process.exit(1);
 });
 program.command("removefrom").description("Remove Node9 hooks from an AI agent configuration").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor").argument("<target>", "The agent to remove from: claude | gemini | cursor").action((target) => {
@@ -11388,31 +11814,31 @@ program.command("removefrom").description("Remove Node9 hooks from an AI agent c
   else if (target === "hud") fn = teardownHud;
   else {
     console.error(
-      import_chalk18.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`)
+      import_chalk19.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`)
     );
     process.exit(1);
   }
-  console.log(import_chalk18.default.cyan(`
+  console.log(import_chalk19.default.cyan(`
 \u{1F6E1}\uFE0F  Node9: removing hooks from ${target}...
 `));
   try {
     fn();
   } catch (err2) {
-    console.error(import_chalk18.default.red(`  \u26A0\uFE0F  Failed: ${err2 instanceof Error ? err2.message : String(err2)}`));
+    console.error(import_chalk19.default.red(`  \u26A0\uFE0F  Failed: ${err2 instanceof Error ? err2.message : String(err2)}`));
     process.exit(1);
   }
-  console.log(import_chalk18.default.gray("\n  Restart the agent for changes to take effect."));
+  console.log(import_chalk19.default.gray("\n  Restart the agent for changes to take effect."));
 });
 program.command("uninstall").description("Remove all Node9 hooks and optionally delete config files").option("--purge", "Also delete ~/.node9/ directory (config, audit log, credentials)").action(async (options) => {
-  console.log(import_chalk18.default.cyan("\n\u{1F6E1}\uFE0F  Node9 Uninstall\n"));
-  console.log(import_chalk18.default.bold("Stopping daemon..."));
+  console.log(import_chalk19.default.cyan("\n\u{1F6E1}\uFE0F  Node9 Uninstall\n"));
+  console.log(import_chalk19.default.bold("Stopping daemon..."));
   try {
     stopDaemon();
-    console.log(import_chalk18.default.green("  \u2705 Daemon stopped"));
+    console.log(import_chalk19.default.green("  \u2705 Daemon stopped"));
   } catch {
-    console.log(import_chalk18.default.blue("  \u2139\uFE0F  Daemon was not running"));
+    console.log(import_chalk19.default.blue("  \u2139\uFE0F  Daemon was not running"));
   }
-  console.log(import_chalk18.default.bold("\nRemoving hooks..."));
+  console.log(import_chalk19.default.bold("\nRemoving hooks..."));
   let teardownFailed = false;
   for (const [label, fn] of [
     ["Claude", teardownClaude],
@@ -11424,45 +11850,45 @@ program.command("uninstall").description("Remove all Node9 hooks and optionally
     } catch (err2) {
       teardownFailed = true;
       console.error(
-        import_chalk18.default.red(
+        import_chalk19.default.red(
           `  \u26A0\uFE0F  Failed to remove ${label} hooks: ${err2 instanceof Error ? err2.message : String(err2)}`
         )
       );
     }
   }
   if (options.purge) {
-    const node9Dir = import_path30.default.join(import_os23.default.homedir(), ".node9");
-    if (import_fs27.default.existsSync(node9Dir)) {
+    const node9Dir = import_path31.default.join(import_os24.default.homedir(), ".node9");
+    if (import_fs28.default.existsSync(node9Dir)) {
       const confirmed = await (0, import_prompts2.confirm)({
         message: `Permanently delete ${node9Dir} (config, audit log, credentials)?`,
         default: false
       });
       if (confirmed) {
-        import_fs27.default.rmSync(node9Dir, { recursive: true });
-        if (import_fs27.default.existsSync(node9Dir)) {
+        import_fs28.default.rmSync(node9Dir, { recursive: true });
+        if (import_fs28.default.existsSync(node9Dir)) {
           console.error(
-            import_chalk18.default.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
+            import_chalk19.default.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
           );
         } else {
-          console.log(import_chalk18.default.green("\n  \u2705 Deleted ~/.node9/ (config, audit log, credentials)"));
+          console.log(import_chalk19.default.green("\n  \u2705 Deleted ~/.node9/ (config, audit log, credentials)"));
         }
       } else {
-        console.log(import_chalk18.default.yellow("\n  Skipped \u2014 ~/.node9/ was not deleted."));
+        console.log(import_chalk19.default.yellow("\n  Skipped \u2014 ~/.node9/ was not deleted."));
       }
     } else {
-      console.log(import_chalk18.default.blue("\n  \u2139\uFE0F  ~/.node9/ not found \u2014 nothing to delete"));
+      console.log(import_chalk19.default.blue("\n  \u2139\uFE0F  ~/.node9/ not found \u2014 nothing to delete"));
     }
   } else {
     console.log(
-      import_chalk18.default.gray("\n  ~/.node9/ kept \u2014 run with --purge to delete config and audit log")
+      import_chalk19.default.gray("\n  ~/.node9/ kept \u2014 run with --purge to delete config and audit log")
     );
   }
   if (teardownFailed) {
-    console.error(import_chalk18.default.red("\n  \u26A0\uFE0F  Some hooks could not be removed \u2014 see errors above."));
+    console.error(import_chalk19.default.red("\n  \u26A0\uFE0F  Some hooks could not be removed \u2014 see errors above."));
     process.exit(1);
   }
-  console.log(import_chalk18.default.green.bold("\n\u{1F6E1}\uFE0F  Node9 removed. Run: npm uninstall -g @node9/proxy"));
-  console.log(import_chalk18.default.gray("   Restart any open AI agent sessions for changes to take effect.\n"));
+  console.log(import_chalk19.default.green.bold("\n\u{1F6E1}\uFE0F  Node9 removed. Run: npm uninstall -g @node9/proxy"));
+  console.log(import_chalk19.default.gray("   Restart any open AI agent sessions for changes to take effect.\n"));
 });
 registerDoctorCommand(program, version);
 program.command("explain").description(
@@ -11475,7 +11901,7 @@ program.command("explain").description(
       try {
         args = JSON.parse(trimmed);
       } catch {
-        console.error(import_chalk18.default.red(`
+        console.error(import_chalk19.default.red(`
 \u274C Invalid JSON: ${trimmed}
 `));
         process.exit(1);
@@ -11486,54 +11912,54 @@ program.command("explain").description(
   }
   const result = await explainPolicy(tool, args);
   console.log("");
-  console.log(import_chalk18.default.cyan.bold("\u{1F6E1}\uFE0F  Node9 Explain"));
+  console.log(import_chalk19.default.cyan.bold("\u{1F6E1}\uFE0F  Node9 Explain"));
   console.log("");
-  console.log(`   ${import_chalk18.default.bold("Tool:")}    ${import_chalk18.default.white(result.tool)}`);
+  console.log(`   ${import_chalk19.default.bold("Tool:")}    ${import_chalk19.default.white(result.tool)}`);
   if (argsRaw) {
     const preview = argsRaw.length > 80 ? argsRaw.slice(0, 77) + "\u2026" : argsRaw;
-    console.log(`   ${import_chalk18.default.bold("Input:")}   ${import_chalk18.default.gray(preview)}`);
+    console.log(`   ${import_chalk19.default.bold("Input:")}   ${import_chalk19.default.gray(preview)}`);
   }
   console.log("");
-  console.log(import_chalk18.default.bold("Config Sources (Waterfall):"));
+  console.log(import_chalk19.default.bold("Config Sources (Waterfall):"));
   for (const tier of result.waterfall) {
-    const num = import_chalk18.default.gray(`  ${tier.tier}.`);
+    const num = import_chalk19.default.gray(`  ${tier.tier}.`);
     const label = tier.label.padEnd(16);
     let statusStr;
     if (tier.tier === 1) {
-      statusStr = import_chalk18.default.gray(tier.note ?? "");
+      statusStr = import_chalk19.default.gray(tier.note ?? "");
     } else if (tier.status === "active") {
-      const loc = tier.path ? import_chalk18.default.gray(tier.path) : "";
-      const note = tier.note ? import_chalk18.default.gray(`(${tier.note})`) : "";
-      statusStr = import_chalk18.default.green("\u2713 active") + (loc ? "  " + loc : "") + (note ? "  " + note : "");
+      const loc = tier.path ? import_chalk19.default.gray(tier.path) : "";
+      const note = tier.note ? import_chalk19.default.gray(`(${tier.note})`) : "";
+      statusStr = import_chalk19.default.green("\u2713 active") + (loc ? "  " + loc : "") + (note ? "  " + note : "");
     } else {
-      statusStr = import_chalk18.default.gray("\u25CB " + (tier.note ?? "not found"));
+      statusStr = import_chalk19.default.gray("\u25CB " + (tier.note ?? "not found"));
     }
-    console.log(`${num} ${import_chalk18.default.white(label)} ${statusStr}`);
+    console.log(`${num} ${import_chalk19.default.white(label)} ${statusStr}`);
   }
   console.log("");
-  console.log(import_chalk18.default.bold("Policy Evaluation:"));
+  console.log(import_chalk19.default.bold("Policy Evaluation:"));
   for (const step of result.steps) {
     const isFinal = step.isFinal;
     let icon;
-    if (step.outcome === "allow") icon = import_chalk18.default.green("  \u2705");
-    else if (step.outcome === "review") icon = import_chalk18.default.red("  \u{1F534}");
-    else if (step.outcome === "skip") icon = import_chalk18.default.gray("  \u2500 ");
-    else icon = import_chalk18.default.gray("  \u25CB ");
+    if (step.outcome === "allow") icon = import_chalk19.default.green("  \u2705");
+    else if (step.outcome === "review") icon = import_chalk19.default.red("  \u{1F534}");
+    else if (step.outcome === "skip") icon = import_chalk19.default.gray("  \u2500 ");
+    else icon = import_chalk19.default.gray("  \u25CB ");
     const name = step.name.padEnd(18);
-    const nameStr = isFinal ? import_chalk18.default.white.bold(name) : import_chalk18.default.white(name);
-    const detail = isFinal ? import_chalk18.default.white(step.detail) : import_chalk18.default.gray(step.detail);
-    const arrow = isFinal ? import_chalk18.default.yellow("  \u2190 STOP") : "";
+    const nameStr = isFinal ? import_chalk19.default.white.bold(name) : import_chalk19.default.white(name);
+    const detail = isFinal ? import_chalk19.default.white(step.detail) : import_chalk19.default.gray(step.detail);
+    const arrow = isFinal ? import_chalk19.default.yellow("  \u2190 STOP") : "";
     console.log(`${icon} ${nameStr} ${detail}${arrow}`);
   }
   console.log("");
   if (result.decision === "allow") {
-    console.log(import_chalk18.default.green.bold("  Decision: \u2705 ALLOW") + import_chalk18.default.gray("  \u2014 no approval needed"));
+    console.log(import_chalk19.default.green.bold("  Decision: \u2705 ALLOW") + import_chalk19.default.gray("  \u2014 no approval needed"));
   } else {
     console.log(
-      import_chalk18.default.red.bold("  Decision: \u{1F534} REVIEW") + import_chalk18.default.gray("  \u2014 human approval required")
+      import_chalk19.default.red.bold("  Decision: \u{1F534} REVIEW") + import_chalk19.default.gray("  \u2014 human approval required")
     );
     if (result.blockedByLabel) {
-      console.log(import_chalk18.default.gray(`  Reason:   ${result.blockedByLabel}`));
+      console.log(import_chalk19.default.gray(`  Reason:   ${result.blockedByLabel}`));
     }
   }
   console.log("");
@@ -11547,13 +11973,14 @@ program.command("tail").description("Stream live agent activity to the terminal"
   try {
     await startTail2(options);
   } catch (err2) {
-    console.error(import_chalk18.default.red(`\u274C ${err2 instanceof Error ? err2.message : String(err2)}`));
+    console.error(import_chalk19.default.red(`\u274C ${err2 instanceof Error ? err2.message : String(err2)}`));
     process.exit(1);
   }
 });
 registerWatchCommand(program);
 registerMcpGatewayCommand(program);
 registerMcpServerCommand(program);
+registerMcpPinCommand(program);
 registerCheckCommand(program);
 registerLogCommand(program);
 program.command("hud").description("Render node9 security statusline (spawned by Claude Code statusLine)").addHelpText(
@@ -11578,14 +12005,14 @@ Claude Code spawns this command every ~300ms and writes a JSON payload to stdin.
 Run "node9 addto claude" to register it as the statusLine.`
 ).argument("[subcommand]", 'Optional: "debug on" / "debug off" to toggle stdin logging').argument("[state]", 'on|off \u2014 used with "debug" subcommand').action(async (subcommand, state) => {
   if (subcommand === "debug") {
-    const flagFile = import_path30.default.join(import_os23.default.homedir(), ".node9", "hud-debug");
+    const flagFile = import_path31.default.join(import_os24.default.homedir(), ".node9", "hud-debug");
     if (state === "on") {
-      import_fs27.default.mkdirSync(import_path30.default.dirname(flagFile), { recursive: true });
-      import_fs27.default.writeFileSync(flagFile, "");
+      import_fs28.default.mkdirSync(import_path31.default.dirname(flagFile), { recursive: true });
+      import_fs28.default.writeFileSync(flagFile, "");
       console.log("HUD debug logging enabled \u2192 ~/.node9/hud-debug.log");
       console.log("Tail it with: tail -f ~/.node9/hud-debug.log");
     } else if (state === "off") {
-      if (import_fs27.default.existsSync(flagFile)) import_fs27.default.unlinkSync(flagFile);
+      if (import_fs28.default.existsSync(flagFile)) import_fs28.default.unlinkSync(flagFile);
       console.log("HUD debug logging disabled.");
     } else {
       console.error("Usage: node9 hud debug on|off");
@@ -11600,7 +12027,7 @@ program.command("pause").description("Temporarily disable Node9 protection for a
   const ms = parseDuration(options.duration);
   if (ms === null) {
     console.error(
-      import_chalk18.default.red(`
+      import_chalk19.default.red(`
 \u274C  Invalid duration: "${options.duration}". Use format like 15m, 1h, 30s.
 `)
     );
@@ -11608,20 +12035,20 @@ program.command("pause").description("Temporarily disable Node9 protection for a
   }
   pauseNode9(ms, options.duration);
   const expiresAt = new Date(Date.now() + ms).toLocaleTimeString();
-  console.log(import_chalk18.default.yellow(`
+  console.log(import_chalk19.default.yellow(`
 \u23F8  Node9 paused until ${expiresAt}`));
-  console.log(import_chalk18.default.gray(`   All tool calls will be allowed without review.`));
-  console.log(import_chalk18.default.gray(`   Run "node9 resume" to re-enable early.
+  console.log(import_chalk19.default.gray(`   All tool calls will be allowed without review.`));
+  console.log(import_chalk19.default.gray(`   Run "node9 resume" to re-enable early.
 `));
 });
 program.command("resume").description("Re-enable Node9 protection immediately").action(() => {
   const { paused } = checkPause();
   if (!paused) {
-    console.log(import_chalk18.default.gray("\nNode9 is already active \u2014 nothing to resume.\n"));
+    console.log(import_chalk19.default.gray("\nNode9 is already active \u2014 nothing to resume.\n"));
     return;
   }
   resumeNode9();
-  console.log(import_chalk18.default.green("\n\u25B6  Node9 resumed \u2014 protection is active.\n"));
+  console.log(import_chalk19.default.green("\n\u25B6  Node9 resumed \u2014 protection is active.\n"));
 });
 var HOOK_BASED_AGENTS = {
   claude: "claude",
@@ -11634,15 +12061,15 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
     if (HOOK_BASED_AGENTS[firstArg2] !== void 0) {
       const target = HOOK_BASED_AGENTS[firstArg2];
       console.error(
-        import_chalk18.default.yellow(`
+        import_chalk19.default.yellow(`
 \u26A0\uFE0F  Node9 proxy mode does not support "${target}" directly.`)
       );
-      console.error(import_chalk18.default.white(`
+      console.error(import_chalk19.default.white(`
    "${target}" uses its own hook system. Use:`));
       console.error(
-        import_chalk18.default.green(`     node9 addto ${target}   `) + import_chalk18.default.gray("# one-time setup")
+        import_chalk19.default.green(`     node9 addto ${target}   `) + import_chalk19.default.gray("# one-time setup")
       );
-      console.error(import_chalk18.default.green(`     ${target}              `) + import_chalk18.default.gray("# run normally"));
+      console.error(import_chalk19.default.green(`     ${target}              `) + import_chalk19.default.gray("# run normally"));
       process.exit(1);
     }
     const runArgs = firstArg2 === "shell" ? commandArgs.slice(1) : commandArgs;
@@ -11659,7 +12086,7 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
       }
     );
     if (result.noApprovalMechanism && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON && getConfig().settings.autoStartDaemon) {
-      console.error(import_chalk18.default.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically..."));
+      console.error(import_chalk19.default.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically..."));
       const daemonReady = await autoStartDaemonAndWait();
       if (daemonReady) result = await authorizeHeadless("shell", { command: fullCommand });
     }
@@ -11672,12 +12099,12 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
     }
     if (!result.approved) {
       console.error(
-        import_chalk18.default.red(`
+        import_chalk19.default.red(`
 \u274C Node9 Blocked: ${result.reason || "Dangerous command detected."}`)
       );
       process.exit(1);
     }
-    console.error(import_chalk18.default.green("\n\u2705 Approved \u2014 running command...\n"));
+    console.error(import_chalk19.default.green("\n\u2705 Approved \u2014 running command...\n"));
     await runProxy(fullCommand);
   } else {
     program.help();
@@ -11692,9 +12119,9 @@ if (process.argv[2] !== "daemon") {
     const isCheckHook = process.argv[2] === "check";
     if (isCheckHook) {
       if (process.env.NODE9_DEBUG === "1" || getConfig().settings.enableHookLogDebug) {
-        const logPath = import_path30.default.join(import_os23.default.homedir(), ".node9", "hook-debug.log");
+        const logPath = import_path31.default.join(import_os24.default.homedir(), ".node9", "hook-debug.log");
         const msg = reason instanceof Error ? reason.message : String(reason);
-        import_fs27.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
+        import_fs28.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
 `);
       }
       process.exit(0);