@node9/proxy 1.9.2 → 1.10.0

package/dist/cli.js

@@ -76,6 +76,11 @@ __export(audit_exports, {
   appendToLog: () => appendToLog,
   redactSecrets: () => redactSecrets
 });
+function isTestCall(toolName, args) {
+  if (toolName !== "Bash" && toolName !== "bash") return false;
+  const cmd = args?.command;
+  return typeof cmd === "string" && TEST_COMMAND_RE.test(cmd);
+}
 function redactSecrets(text) {
   if (!text) return text;
   let redacted = text;
@@ -111,12 +116,14 @@ function appendHookDebug(toolName, args, meta, auditHashArgsEnabled) {
 }
 function appendLocalAudit(toolName, args, decision, checkedBy, meta, auditHashArgsEnabled) {
   const argsField = auditHashArgsEnabled ? { argsHash: hashArgs(args) } : { args: args ? JSON.parse(redactSecrets(JSON.stringify(args))) : {} };
+  const testRun = isTestCall(toolName, args) ? { testRun: true } : {};
   appendToLog(LOCAL_AUDIT_LOG, {
     ts: (/* @__PURE__ */ new Date()).toISOString(),
     tool: toolName,
     ...argsField,
     decision,
     checkedBy,
+    ...testRun,
     agent: meta?.agent,
     mcpServer: meta?.mcpServer,
     hostname: import_os.default.hostname()
@@ -129,7 +136,7 @@ function appendConfigAudit(entry) {
     hostname: import_os.default.hostname()
   });
 }
-var import_fs, import_path, import_os, LOCAL_AUDIT_LOG, HOOK_DEBUG_LOG;
+var import_fs, import_path, import_os, LOCAL_AUDIT_LOG, HOOK_DEBUG_LOG, TEST_COMMAND_RE;
 var init_audit = __esm({
   "src/audit/index.ts"() {
     "use strict";
@@ -139,6 +146,7 @@ var init_audit = __esm({
     init_hasher();
     LOCAL_AUDIT_LOG = import_path.default.join(import_os.default.homedir(), ".node9", "audit.log");
     HOOK_DEBUG_LOG = import_path.default.join(import_os.default.homedir(), ".node9", "hook-debug.log");
+    TEST_COMMAND_RE = /(?:^|\s)(npm\s+(?:run\s+)?test|npx\s+(?:vitest|jest|mocha)|yarn\s+(?:run\s+)?test|pnpm\s+(?:run\s+)?test|vitest|jest|mocha|pytest|py\.test|cargo\s+test|go\s+test|bundle\s+exec\s+rspec|rspec|phpunit|dotnet\s+test)\b/i;
   }
 });
 
@@ -160,8 +168,8 @@ function sanitizeConfig(raw) {
     }
   }
   const lines = result.error.issues.map((issue) => {
-    const path32 = issue.path.length > 0 ? issue.path.join(".") : "root";
-    return `  \u2022 ${path32}: ${issue.message}`;
+    const path34 = issue.path.length > 0 ? issue.path.join(".") : "root";
+    return `  \u2022 ${path34}: ${issue.message}`;
   });
   return {
     sanitized,
@@ -214,6 +222,7 @@ var init_config_schema = __esm({
         errorMap: () => ({ message: "verdict must be one of: allow, review, block" })
       }),
       reason: import_zod.z.string().optional(),
+      description: import_zod.z.string().optional(),
       // Unknown predicate names are filtered out rather than failing the whole rule.
       // Failing the whole z.array() would cause sanitizeConfig to drop the entire
       // `policy` top-level key, silently disabling ALL smart rules in the config.
@@ -260,6 +269,11 @@ var init_config_schema = __esm({
         dlp: import_zod.z.object({
           enabled: import_zod.z.boolean().optional(),
           scanIgnoredTools: import_zod.z.boolean().optional()
+        }).optional(),
+        loopDetection: import_zod.z.object({
+          enabled: import_zod.z.boolean().optional(),
+          threshold: import_zod.z.number().min(2).optional(),
+          windowSeconds: import_zod.z.number().min(10).optional()
         }).optional()
       }).optional(),
       environments: import_zod.z.record(import_zod.z.object({ requireApproval: import_zod.z.boolean().optional() })).optional()
@@ -554,7 +568,8 @@ function getConfig(cwd) {
       onlyPaths: [...DEFAULT_CONFIG.policy.snapshot.onlyPaths],
       ignorePaths: [...DEFAULT_CONFIG.policy.snapshot.ignorePaths]
     },
-    dlp: { ...DEFAULT_CONFIG.policy.dlp }
+    dlp: { ...DEFAULT_CONFIG.policy.dlp },
+    loopDetection: { ...DEFAULT_CONFIG.policy.loopDetection }
   };
   const mergedEnvironments = { ...DEFAULT_CONFIG.environments };
   const applyLayer = (source) => {
@@ -593,6 +608,13 @@ function getConfig(cwd) {
       if (d.enabled !== void 0) mergedPolicy.dlp.enabled = d.enabled;
       if (d.scanIgnoredTools !== void 0) mergedPolicy.dlp.scanIgnoredTools = d.scanIgnoredTools;
     }
+    if (p.loopDetection) {
+      const ld = p.loopDetection;
+      if (ld.enabled !== void 0) mergedPolicy.loopDetection.enabled = ld.enabled;
+      if (ld.threshold !== void 0) mergedPolicy.loopDetection.threshold = ld.threshold;
+      if (ld.windowSeconds !== void 0)
+        mergedPolicy.loopDetection.windowSeconds = ld.windowSeconds;
+    }
     const envs = source.environments || {};
     for (const [envName, envConfig] of Object.entries(envs)) {
       if (envConfig && typeof envConfig === "object") {
@@ -791,7 +813,8 @@ var init_config = __esm({
               }
             ],
             verdict: "block",
-            reason: "Recursive delete of home directory is irreversible"
+            reason: "Recursive delete of home directory is irreversible",
+            description: "The AI wants to recursively delete your home directory. This will permanently destroy all your personal files and cannot be undone."
           },
           // ── SQL safety ────────────────────────────────────────────────────────
           {
@@ -803,7 +826,8 @@ var init_config = __esm({
             ],
             conditionMode: "all",
             verdict: "review",
-            reason: "DELETE/UPDATE without WHERE clause \u2014 would affect every row in the table"
+            reason: "DELETE/UPDATE without WHERE clause \u2014 would affect every row in the table",
+            description: "The AI is running a SQL statement that will modify every row in the table \u2014 no WHERE filter was found. This could wipe or corrupt all your data."
           },
           {
             name: "review-drop-truncate-shell",
@@ -818,7 +842,8 @@ var init_config = __esm({
             ],
             conditionMode: "all",
             verdict: "review",
-            reason: "SQL DDL destructive statement inside a shell command"
+            reason: "SQL DDL destructive statement inside a shell command",
+            description: "The AI wants to drop or truncate a database table via the shell. This permanently deletes the table structure or all its data."
           },
           // ── Git safety ────────────────────────────────────────────────────────
           {
@@ -834,7 +859,8 @@ var init_config = __esm({
             ],
             conditionMode: "all",
             verdict: "block",
-            reason: "Force push overwrites remote history and cannot be undone"
+            reason: "Force push overwrites remote history and cannot be undone",
+            description: "The AI wants to force push to a remote git branch. This rewrites shared history and can permanently destroy commits that teammates have already pulled."
           },
           {
             name: "review-git-push",
@@ -849,7 +875,8 @@ var init_config = __esm({
             ],
             conditionMode: "all",
             verdict: "review",
-            reason: "git push sends changes to a shared remote"
+            reason: "git push sends changes to a shared remote",
+            description: "The AI wants to push commits to a remote repository. Once pushed, those changes are visible to everyone with access."
           },
           {
             name: "review-git-destructive",
@@ -864,7 +891,8 @@ var init_config = __esm({
             ],
             conditionMode: "all",
             verdict: "review",
-            reason: "Destructive git operation \u2014 discards history or working-tree changes"
+            reason: "Destructive git operation \u2014 discards history or working-tree changes",
+            description: "The AI wants to run a destructive git operation (reset, rebase, clean, or branch delete) that can permanently discard commits or uncommitted work."
           },
           // ── Shell safety ──────────────────────────────────────────────────────
           {
@@ -873,7 +901,8 @@ var init_config = __esm({
             conditions: [{ field: "command", op: "matches", value: "\\bsudo\\s", flags: "i" }],
             conditionMode: "all",
             verdict: "review",
-            reason: "Command requires elevated privileges"
+            reason: "Command requires elevated privileges",
+            description: "The AI wants to run a command as root (sudo). Commands with root access can modify system files, install software, or change security settings."
           },
           {
             name: "review-curl-pipe-shell",
@@ -888,10 +917,12 @@ var init_config = __esm({
             ],
             conditionMode: "all",
             verdict: "block",
-            reason: "Piping remote script into a shell is a supply-chain attack vector"
+            reason: "Piping remote script into a shell is a supply-chain attack vector",
+            description: "The AI wants to download a script from the internet and run it immediately, without you seeing what it contains. This is one of the most common ways malware gets installed."
           }
         ],
-        dlp: { enabled: true, scanIgnoredTools: true }
+        dlp: { enabled: true, scanIgnoredTools: true },
+        loopDetection: { enabled: true, threshold: 5, windowSeconds: 120 }
       },
       environments: {}
     };
@@ -921,7 +952,8 @@ var init_config = __esm({
         tool: "*",
         conditions: [{ field: "command", op: "matches", value: "(^|&&|\\|\\||;)\\s*rm\\b" }],
         verdict: "review",
-        reason: "rm can permanently delete files \u2014 confirm the target path"
+        reason: "rm can permanently delete files \u2014 confirm the target path",
+        description: "The AI wants to delete files. Unlike moving to trash, rm is permanent \u2014 the files cannot be recovered without a backup."
       },
       // ── SQL safety (Safe by Default) ──────────────────────────────────────────
       // These rules fire when an AI calls a database tool directly (e.g. MCP postgres,
@@ -933,14 +965,16 @@ var init_config = __esm({
         tool: "*",
         conditions: [{ field: "sql", op: "matches", value: "DROP\\s+TABLE", flags: "i" }],
         verdict: "review",
-        reason: "DROP TABLE is irreversible \u2014 enable the postgres shield to block instead"
+        reason: "DROP TABLE is irreversible \u2014 enable the postgres shield to block instead",
+        description: "The AI wants to drop a database table. This permanently deletes the table and all its data \u2014 there is no undo."
       },
       {
         name: "review-truncate-sql",
         tool: "*",
         conditions: [{ field: "sql", op: "matches", value: "TRUNCATE\\s+TABLE", flags: "i" }],
         verdict: "review",
-        reason: "TRUNCATE removes all rows \u2014 enable the postgres shield to block instead"
+        reason: "TRUNCATE removes all rows \u2014 enable the postgres shield to block instead",
+        description: "The AI wants to truncate a database table, which instantly deletes every row. The table structure remains but all data is gone."
       },
       {
         name: "review-drop-column-sql",
@@ -949,7 +983,8 @@ var init_config = __esm({
           { field: "sql", op: "matches", value: "ALTER\\s+TABLE.*DROP\\s+COLUMN", flags: "i" }
         ],
         verdict: "review",
-        reason: "DROP COLUMN is irreversible \u2014 enable the postgres shield to block instead"
+        reason: "DROP COLUMN is irreversible \u2014 enable the postgres shield to block instead",
+        description: "The AI wants to drop a column from a database table. This permanently removes the column and all its data from every row."
       }
     ];
     cachedConfig = null;
@@ -1691,9 +1726,9 @@ function matchesPattern(text, patterns) {
   const withoutDotSlash = text.replace(/^\.\//, "");
   return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
 }
-function getNestedValue(obj, path32) {
+function getNestedValue(obj, path34) {
   if (!obj || typeof obj !== "object") return null;
-  return path32.split(".").reduce((prev, curr) => prev?.[curr], obj);
+  return path34.split(".").reduce((prev, curr) => prev?.[curr], obj);
 }
 function shouldSnapshot(toolName, args, config) {
   if (!config.settings.enableUndo) return false;
@@ -1844,6 +1879,9 @@ async function evaluatePolicy(toolName, args, agent, cwd) {
         reason: matchedRule.reason,
         tier: 2,
         ruleName: matchedRule.name ?? matchedRule.tool,
+        ...(matchedRule.description ?? matchedRule.reason) && {
+          ruleDescription: matchedRule.description ?? matchedRule.reason
+        },
         ...matchedRule.verdict === "block" && matchedRule.dependsOnState?.length && {
           dependsOnStatePredicates: matchedRule.dependsOnState
         },
@@ -3063,6 +3101,58 @@ var init_cloud = __esm({
   }
 });
 
+// src/loop-detector.ts
+function loopStateFile() {
+  return import_path14.default.join(import_os10.default.homedir(), ".node9", "loop-state.json");
+}
+function computeArgsHash(args) {
+  const str = JSON.stringify(args ?? "");
+  return import_crypto3.default.createHash("sha256").update(str).digest("hex").slice(0, 16);
+}
+function readState() {
+  try {
+    if (!import_fs11.default.existsSync(loopStateFile())) return [];
+    const raw = import_fs11.default.readFileSync(loopStateFile(), "utf-8");
+    const parsed = JSON.parse(raw);
+    if (!Array.isArray(parsed)) return [];
+    return parsed;
+  } catch {
+    return [];
+  }
+}
+function writeState(records) {
+  const dir = import_path14.default.dirname(loopStateFile());
+  if (!import_fs11.default.existsSync(dir)) import_fs11.default.mkdirSync(dir, { recursive: true });
+  const tmpPath = `${loopStateFile()}.${import_os10.default.hostname()}.${process.pid}.tmp`;
+  import_fs11.default.writeFileSync(tmpPath, JSON.stringify(records));
+  import_fs11.default.renameSync(tmpPath, loopStateFile());
+}
+function recordAndCheck(tool, args, threshold = 3, windowMs = 12e4) {
+  try {
+    const hash = computeArgsHash(args);
+    const now = Date.now();
+    const cutoff = now - windowMs;
+    const records = readState().filter((r) => r.ts >= cutoff);
+    records.push({ t: tool, h: hash, ts: now });
+    const count = records.filter((r) => r.t === tool && r.h === hash).length;
+    writeState(records.slice(-MAX_RECORDS));
+    return { looping: count >= threshold, count };
+  } catch {
+    return { looping: false, count: 0 };
+  }
+}
+var import_fs11, import_path14, import_os10, import_crypto3, MAX_RECORDS;
+var init_loop_detector = __esm({
+  "src/loop-detector.ts"() {
+    "use strict";
+    import_fs11 = __toESM(require("fs"));
+    import_path14 = __toESM(require("path"));
+    import_os10 = __toESM(require("os"));
+    import_crypto3 = __toESM(require("crypto"));
+    MAX_RECORDS = 500;
+  }
+});
+
 // src/auth/orchestrator.ts
 function isWriteTool(toolName) {
   const t = toolName.toLowerCase().replace(/[^a-z_]/g, "_");
@@ -3103,7 +3193,7 @@ function notifyActivity(data) {
 }
 async function authorizeHeadless(toolName, args, meta, options) {
   if (!options?.calledFromDaemon) {
-    const actId = (0, import_crypto3.randomUUID)();
+    const actId = (0, import_crypto4.randomUUID)();
     const actTs = Date.now();
     await notifyActivity({ id: actId, ts: actTs, tool: toolName, args, status: "pending" });
     const result = await _authorizeHeadlessCore(toolName, args, meta, {
@@ -3150,6 +3240,7 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
   let explainableLabel = "Local Config";
   let policyMatchedField;
   let policyMatchedWord;
+  let policyRuleDescription;
   let riskMetadata;
   let statefulRecoveryCommand;
   let localSmartRuleMatched = false;
@@ -3243,6 +3334,21 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
     return { approved: true, checkedBy: "audit" };
   }
   if (!taintWarning && !isIgnoredTool(toolName)) {
+    const ld = config.policy.loopDetection;
+    if (ld.enabled) {
+      const loopResult = recordAndCheck(toolName, args, ld.threshold, ld.windowSeconds * 1e3);
+      if (loopResult.looping) {
+        const reason = `It looks like you've called "${toolName}" ${loopResult.count} times with identical arguments in the last ${ld.windowSeconds}s. Are you stuck? Step back and reconsider your approach \u2014 what are you actually trying to accomplish, and is there a different way to get there?`;
+        if (!isManual)
+          appendLocalAudit(toolName, args, "deny", "loop-detected", meta, hashAuditArgs);
+        return {
+          approved: false,
+          reason,
+          blockedBy: "loop-detection",
+          blockedByLabel: "\u{1F504} Loop Detected"
+        };
+      }
+    }
     if (getActiveTrustSession(toolName)) {
       if (approvers.cloud && creds?.apiKey)
         await auditLocalAllow(toolName, args, "trust", creds, meta);
@@ -3289,7 +3395,8 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
           blockedBy: "local-config",
           blockedByLabel: policyResult.blockedByLabel,
           ruleHit: policyResult.ruleName,
-          ...policyResult.recoveryCommand && { recoveryCommand: policyResult.recoveryCommand }
+          ...policyResult.recoveryCommand && { recoveryCommand: policyResult.recoveryCommand },
+          ...policyResult.ruleDescription && { ruleDescription: policyResult.ruleDescription }
         };
       }
     }
@@ -3297,6 +3404,8 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
     policyMatchedField = policyResult.matchedField;
     policyMatchedWord = policyResult.matchedWord;
     if (policyResult.ruleName) localSmartRuleMatched = true;
+    if (policyResult.ruleDescription) policyRuleDescription = policyResult.ruleDescription;
+    else if (policyResult.reason) policyRuleDescription = policyResult.reason;
     riskMetadata = computeRiskMetadata(
       args,
       policyResult.tier ?? 6,
@@ -3560,13 +3669,14 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
       hashAuditArgs
     );
   }
-  return finalResult;
+  const enrichedResult = !finalResult.approved && policyRuleDescription && !finalResult.ruleDescription ? { ...finalResult, ruleDescription: policyRuleDescription } : finalResult;
+  return enrichedResult;
 }
-var import_crypto3, WRITE_TOOLS;
+var import_crypto4, WRITE_TOOLS;
 var init_orchestrator = __esm({
   "src/auth/orchestrator.ts"() {
     "use strict";
-    import_crypto3 = require("crypto");
+    import_crypto4 = require("crypto");
     init_native();
     init_context_sniper();
     init_dlp();
@@ -3576,6 +3686,7 @@ var init_orchestrator = __esm({
     init_state();
     init_daemon();
     init_cloud();
+    init_loop_detector();
     WRITE_TOOLS = /* @__PURE__ */ new Set([
       "write",
       "write_file",
@@ -5249,11 +5360,11 @@ function commonPathPrefix(paths) {
   const prefix = common.join("/").replace(/\/?$/, "/");
   return prefix.length > 1 ? prefix : null;
 }
-var import_crypto4, SuggestionTracker;
+var import_crypto5, SuggestionTracker;
 var init_suggestion_tracker = __esm({
   "src/daemon/suggestion-tracker.ts"() {
     "use strict";
-    import_crypto4 = require("crypto");
+    import_crypto5 = require("crypto");
     SuggestionTracker = class {
       events = /* @__PURE__ */ new Map();
       threshold;
@@ -5299,7 +5410,7 @@ var init_suggestion_tracker = __esm({
           }
         } : { type: "ignoredTool", toolName };
         return {
-          id: (0, import_crypto4.randomUUID)(),
+          id: (0, import_crypto5.randomUUID)(),
           toolName,
           allowCount: events.length,
           suggestedRule,
@@ -5313,12 +5424,12 @@ var init_suggestion_tracker = __esm({
 });
 
 // src/daemon/taint-store.ts
-var import_fs12, import_path15, DEFAULT_TTL_MS, TaintStore;
+var import_fs13, import_path16, DEFAULT_TTL_MS, TaintStore;
 var init_taint_store = __esm({
   "src/daemon/taint-store.ts"() {
     "use strict";
-    import_fs12 = __toESM(require("fs"));
-    import_path15 = __toESM(require("path"));
+    import_fs13 = __toESM(require("fs"));
+    import_path16 = __toESM(require("path"));
     DEFAULT_TTL_MS = 60 * 60 * 1e3;
     TaintStore = class {
       records = /* @__PURE__ */ new Map();
@@ -5383,9 +5494,9 @@ var init_taint_store = __esm({
       /** Resolve to absolute path, falling back to path.resolve if file doesn't exist yet. */
       _resolve(filePath) {
         try {
-          return import_fs12.default.realpathSync.native(import_path15.default.resolve(filePath));
+          return import_fs13.default.realpathSync.native(import_path16.default.resolve(filePath));
         } catch {
-          return import_path15.default.resolve(filePath);
+          return import_path16.default.resolve(filePath);
         }
       }
     };
@@ -5503,8 +5614,8 @@ var init_session_history = __esm({
 // src/daemon/state.ts
 function loadInsightCounts() {
   try {
-    if (!import_fs13.default.existsSync(INSIGHT_COUNTS_FILE)) return;
-    const data = JSON.parse(import_fs13.default.readFileSync(INSIGHT_COUNTS_FILE, "utf-8"));
+    if (!import_fs14.default.existsSync(INSIGHT_COUNTS_FILE)) return;
+    const data = JSON.parse(import_fs14.default.readFileSync(INSIGHT_COUNTS_FILE, "utf-8"));
     for (const [tool, count] of Object.entries(data)) {
       if (typeof count === "number" && count > 0) insightCounts.set(tool, count);
     }
@@ -5543,23 +5654,23 @@ function markRejectionHandlerRegistered() {
   daemonRejectionHandlerRegistered = true;
 }
 function atomicWriteSync2(filePath, data, options) {
-  const dir = import_path16.default.dirname(filePath);
-  if (!import_fs13.default.existsSync(dir)) import_fs13.default.mkdirSync(dir, { recursive: true });
-  const tmpPath = `${filePath}.${(0, import_crypto5.randomUUID)()}.tmp`;
+  const dir = import_path17.default.dirname(filePath);
+  if (!import_fs14.default.existsSync(dir)) import_fs14.default.mkdirSync(dir, { recursive: true });
+  const tmpPath = `${filePath}.${(0, import_crypto6.randomUUID)()}.tmp`;
   try {
-    import_fs13.default.writeFileSync(tmpPath, data, options);
+    import_fs14.default.writeFileSync(tmpPath, data, options);
   } catch (err2) {
     try {
-      import_fs13.default.unlinkSync(tmpPath);
+      import_fs14.default.unlinkSync(tmpPath);
     } catch {
     }
     throw err2;
   }
   try {
-    import_fs13.default.renameSync(tmpPath, filePath);
+    import_fs14.default.renameSync(tmpPath, filePath);
   } catch (err2) {
     try {
-      import_fs13.default.unlinkSync(tmpPath);
+      import_fs14.default.unlinkSync(tmpPath);
     } catch {
     }
     throw err2;
@@ -5583,16 +5694,16 @@ function appendAuditLog(data) {
       decision: data.decision,
       source: "daemon"
     };
-    const dir = import_path16.default.dirname(AUDIT_LOG_FILE);
-    if (!import_fs13.default.existsSync(dir)) import_fs13.default.mkdirSync(dir, { recursive: true });
-    import_fs13.default.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
+    const dir = import_path17.default.dirname(AUDIT_LOG_FILE);
+    if (!import_fs14.default.existsSync(dir)) import_fs14.default.mkdirSync(dir, { recursive: true });
+    import_fs14.default.appendFileSync(AUDIT_LOG_FILE, JSON.stringify(entry) + "\n");
   } catch {
   }
 }
 function getAuditHistory(limit = 20) {
   try {
-    if (!import_fs13.default.existsSync(AUDIT_LOG_FILE)) return [];
-    const lines = import_fs13.default.readFileSync(AUDIT_LOG_FILE, "utf-8").trim().split("\n");
+    if (!import_fs14.default.existsSync(AUDIT_LOG_FILE)) return [];
+    const lines = import_fs14.default.readFileSync(AUDIT_LOG_FILE, "utf-8").trim().split("\n");
     if (lines.length === 1 && lines[0] === "") return [];
     return lines.slice(-limit).map((l) => JSON.parse(l)).reverse();
   } catch {
@@ -5601,19 +5712,19 @@ function getAuditHistory(limit = 20) {
 }
 function getOrgName() {
   try {
-    if (import_fs13.default.existsSync(CREDENTIALS_FILE)) return "Node9 Cloud";
+    if (import_fs14.default.existsSync(CREDENTIALS_FILE)) return "Node9 Cloud";
   } catch {
   }
   return null;
 }
 function hasStoredSlackKey() {
-  return import_fs13.default.existsSync(CREDENTIALS_FILE);
+  return import_fs14.default.existsSync(CREDENTIALS_FILE);
 }
 function writeGlobalSetting(key, value) {
   let config = {};
   try {
-    if (import_fs13.default.existsSync(GLOBAL_CONFIG_FILE)) {
-      config = JSON.parse(import_fs13.default.readFileSync(GLOBAL_CONFIG_FILE, "utf-8"));
+    if (import_fs14.default.existsSync(GLOBAL_CONFIG_FILE)) {
+      config = JSON.parse(import_fs14.default.readFileSync(GLOBAL_CONFIG_FILE, "utf-8"));
     }
   } catch {
   }
@@ -5625,8 +5736,8 @@ function writeTrustEntry(toolName, durationMs) {
   try {
     let trust = { entries: [] };
     try {
-      if (import_fs13.default.existsSync(TRUST_FILE2))
-        trust = JSON.parse(import_fs13.default.readFileSync(TRUST_FILE2, "utf-8"));
+      if (import_fs14.default.existsSync(TRUST_FILE2))
+        trust = JSON.parse(import_fs14.default.readFileSync(TRUST_FILE2, "utf-8"));
     } catch {
     }
     trust.entries = trust.entries.filter((e) => e.tool !== toolName && e.expiry > Date.now());
@@ -5637,8 +5748,8 @@ function writeTrustEntry(toolName, durationMs) {
 }
 function readPersistentDecisions() {
   try {
-    if (import_fs13.default.existsSync(DECISIONS_FILE)) {
-      return JSON.parse(import_fs13.default.readFileSync(DECISIONS_FILE, "utf-8"));
+    if (import_fs14.default.existsSync(DECISIONS_FILE)) {
+      return JSON.parse(import_fs14.default.readFileSync(DECISIONS_FILE, "utf-8"));
     }
   } catch {
   }
@@ -5675,7 +5786,7 @@ function estimateToolCost(tool, args) {
     const filePath = a.file_path ?? a.path;
     if (filePath) {
       try {
-        const bytes = import_fs13.default.statSync(filePath).size;
+        const bytes = import_fs14.default.statSync(filePath).size;
         return bytes / BYTES_PER_TOKEN / 1e6 * INPUT_PRICE_PER_1M;
       } catch {
       }
@@ -5733,7 +5844,7 @@ function abandonPending() {
   });
   if (autoStarted) {
     try {
-      import_fs13.default.unlinkSync(DAEMON_PID_FILE);
+      import_fs14.default.unlinkSync(DAEMON_PID_FILE);
     } catch {
     }
     setTimeout(() => {
@@ -5744,7 +5855,7 @@ function abandonPending() {
 }
 function startActivitySocket() {
   try {
-    import_fs13.default.unlinkSync(ACTIVITY_SOCKET_PATH2);
+    import_fs14.default.unlinkSync(ACTIVITY_SOCKET_PATH2);
   } catch {
   }
   const ACTIVITY_MAX_BYTES = 1024 * 1024;
@@ -5825,34 +5936,34 @@ function startActivitySocket() {
   unixServer.listen(ACTIVITY_SOCKET_PATH2);
   process.on("exit", () => {
     try {
-      import_fs13.default.unlinkSync(ACTIVITY_SOCKET_PATH2);
+      import_fs14.default.unlinkSync(ACTIVITY_SOCKET_PATH2);
     } catch {
     }
   });
 }
-var import_net2, import_fs13, import_path16, import_os11, import_child_process3, import_crypto5, homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, suggestions, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, SECRET_KEY_RE, INPUT_PRICE_PER_1M, OUTPUT_PRICE_PER_1M, BYTES_PER_TOKEN, WRITE_TOOL_NAMES;
+var import_net2, import_fs14, import_path17, import_os12, import_child_process3, import_crypto6, homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, suggestions, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, SECRET_KEY_RE, INPUT_PRICE_PER_1M, OUTPUT_PRICE_PER_1M, BYTES_PER_TOKEN, WRITE_TOOL_NAMES;
 var init_state2 = __esm({
   "src/daemon/state.ts"() {
     "use strict";
     import_net2 = __toESM(require("net"));
-    import_fs13 = __toESM(require("fs"));
-    import_path16 = __toESM(require("path"));
-    import_os11 = __toESM(require("os"));
+    import_fs14 = __toESM(require("fs"));
+    import_path17 = __toESM(require("path"));
+    import_os12 = __toESM(require("os"));
     import_child_process3 = require("child_process");
-    import_crypto5 = require("crypto");
+    import_crypto6 = require("crypto");
     init_daemon();
     init_suggestion_tracker();
     init_taint_store();
     init_session_counters();
     init_session_history();
-    homeDir = import_os11.default.homedir();
-    DAEMON_PID_FILE = import_path16.default.join(homeDir, ".node9", "daemon.pid");
-    DECISIONS_FILE = import_path16.default.join(homeDir, ".node9", "decisions.json");
-    AUDIT_LOG_FILE = import_path16.default.join(homeDir, ".node9", "audit.log");
-    TRUST_FILE2 = import_path16.default.join(homeDir, ".node9", "trust.json");
-    GLOBAL_CONFIG_FILE = import_path16.default.join(homeDir, ".node9", "config.json");
-    CREDENTIALS_FILE = import_path16.default.join(homeDir, ".node9", "credentials.json");
-    INSIGHT_COUNTS_FILE = import_path16.default.join(homeDir, ".node9", "insight-counts.json");
+    homeDir = import_os12.default.homedir();
+    DAEMON_PID_FILE = import_path17.default.join(homeDir, ".node9", "daemon.pid");
+    DECISIONS_FILE = import_path17.default.join(homeDir, ".node9", "decisions.json");
+    AUDIT_LOG_FILE = import_path17.default.join(homeDir, ".node9", "audit.log");
+    TRUST_FILE2 = import_path17.default.join(homeDir, ".node9", "trust.json");
+    GLOBAL_CONFIG_FILE = import_path17.default.join(homeDir, ".node9", "config.json");
+    CREDENTIALS_FILE = import_path17.default.join(homeDir, ".node9", "credentials.json");
+    INSIGHT_COUNTS_FILE = import_path17.default.join(homeDir, ".node9", "insight-counts.json");
     pending = /* @__PURE__ */ new Map();
     sseClients = /* @__PURE__ */ new Set();
     suggestionTracker = new SuggestionTracker(3);
@@ -5870,7 +5981,7 @@ var init_state2 = __esm({
       "2h": 2 * 60 * 6e4
     };
     autoStarted = process.env.NODE9_AUTO_STARTED === "1";
-    ACTIVITY_SOCKET_PATH2 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path16.default.join(import_os11.default.tmpdir(), "node9-activity.sock");
+    ACTIVITY_SOCKET_PATH2 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path17.default.join(import_os12.default.tmpdir(), "node9-activity.sock");
     ACTIVITY_RING_SIZE = 100;
     activityRing = [];
     SECRET_KEY_RE = /password|secret|token|key|apikey|credential|auth/i;
@@ -5895,8 +6006,8 @@ var init_state2 = __esm({
 function patchConfig(configPath, patch) {
   let config = {};
   try {
-    if (import_fs14.default.existsSync(configPath)) {
-      config = JSON.parse(import_fs14.default.readFileSync(configPath, "utf8"));
+    if (import_fs15.default.existsSync(configPath)) {
+      config = JSON.parse(import_fs15.default.readFileSync(configPath, "utf8"));
     }
   } catch {
     throw new Error(`Cannot read config at ${configPath} \u2014 file may be corrupted`);
@@ -5915,44 +6026,44 @@ function patchConfig(configPath, patch) {
       ignored.push(patch.toolName);
     }
   }
-  const dir = import_path17.default.dirname(configPath);
-  import_fs14.default.mkdirSync(dir, { recursive: true });
+  const dir = import_path18.default.dirname(configPath);
+  import_fs15.default.mkdirSync(dir, { recursive: true });
   const tmp = configPath + ".node9-tmp";
   try {
-    import_fs14.default.writeFileSync(tmp, JSON.stringify(config, null, 2), { mode: 384 });
+    import_fs15.default.writeFileSync(tmp, JSON.stringify(config, null, 2), { mode: 384 });
   } catch (err2) {
     try {
-      import_fs14.default.unlinkSync(tmp);
+      import_fs15.default.unlinkSync(tmp);
     } catch {
     }
     throw err2;
   }
   try {
-    import_fs14.default.renameSync(tmp, configPath);
+    import_fs15.default.renameSync(tmp, configPath);
   } catch (err2) {
     try {
-      import_fs14.default.unlinkSync(tmp);
+      import_fs15.default.unlinkSync(tmp);
     } catch {
     }
     throw err2;
   }
 }
-var import_fs14, import_path17, import_os12, GLOBAL_CONFIG_PATH;
+var import_fs15, import_path18, import_os13, GLOBAL_CONFIG_PATH;
 var init_patch = __esm({
   "src/config/patch.ts"() {
     "use strict";
-    import_fs14 = __toESM(require("fs"));
-    import_path17 = __toESM(require("path"));
-    import_os12 = __toESM(require("os"));
-    GLOBAL_CONFIG_PATH = import_path17.default.join(import_os12.default.homedir(), ".node9", "config.json");
+    import_fs15 = __toESM(require("fs"));
+    import_path18 = __toESM(require("path"));
+    import_os13 = __toESM(require("os"));
+    GLOBAL_CONFIG_PATH = import_path18.default.join(import_os13.default.homedir(), ".node9", "config.json");
   }
 });
 
 // src/daemon/server.ts
 function startDaemon() {
   loadInsightCounts();
-  const csrfToken = (0, import_crypto6.randomUUID)();
-  const internalToken = (0, import_crypto6.randomUUID)();
+  const csrfToken = (0, import_crypto7.randomUUID)();
+  const internalToken = (0, import_crypto7.randomUUID)();
   const UI_HTML = UI_HTML_TEMPLATE.replace("{{CSRF_TOKEN}}", csrfToken);
   const validToken = (req) => req.headers["x-node9-token"] === csrfToken;
   const IDLE_TIMEOUT_MS = 12 * 60 * 60 * 1e3;
@@ -5965,7 +6076,7 @@ function startDaemon() {
     idleTimer = setTimeout(() => {
       if (autoStarted) {
         try {
-          import_fs15.default.unlinkSync(DAEMON_PID_FILE);
+          import_fs16.default.unlinkSync(DAEMON_PID_FILE);
         } catch {
         }
       }
@@ -6086,7 +6197,7 @@ data: ${JSON.stringify(item.data)}
           cwd,
           localSmartRuleMatched = false
         } = JSON.parse(body);
-        const id = fromCLI && typeof activityId === "string" && activityId || (0, import_crypto6.randomUUID)();
+        const id = fromCLI && typeof activityId === "string" && activityId || (0, import_crypto7.randomUUID)();
         const entry = {
           id,
           toolName,
@@ -6128,7 +6239,7 @@ data: ${JSON.stringify(item.data)}
             status: "pending"
           });
         }
-        const projectCwd = typeof cwd === "string" && import_path18.default.isAbsolute(cwd) ? cwd : void 0;
+        const projectCwd = typeof cwd === "string" && import_path19.default.isAbsolute(cwd) ? cwd : void 0;
         const projectConfig = getConfig(projectCwd);
         const browserEnabled = projectConfig.settings.approvers?.browser !== false;
         const terminalEnabled = projectConfig.settings.approvers?.terminal !== false;
@@ -6518,8 +6629,8 @@ data: ${JSON.stringify(item.data)}
         const body = await readBody(req);
         const data = body ? JSON.parse(body) : {};
         const configPath = data.configPath ?? GLOBAL_CONFIG_PATH;
-        const node9Dir = import_path18.default.dirname(GLOBAL_CONFIG_PATH);
-        if (!import_path18.default.resolve(configPath).startsWith(node9Dir + import_path18.default.sep)) {
+        const node9Dir = import_path19.default.dirname(GLOBAL_CONFIG_PATH);
+        if (!import_path19.default.resolve(configPath).startsWith(node9Dir + import_path19.default.sep)) {
           res.writeHead(400, { "Content-Type": "application/json" });
           return res.end(
             JSON.stringify({ error: "configPath must be within the node9 config directory" })
@@ -6630,14 +6741,14 @@ data: ${JSON.stringify(item.data)}
   server.on("error", (e) => {
     if (e.code === "EADDRINUSE") {
       try {
-        if (import_fs15.default.existsSync(DAEMON_PID_FILE)) {
-          const { pid } = JSON.parse(import_fs15.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
+        if (import_fs16.default.existsSync(DAEMON_PID_FILE)) {
+          const { pid } = JSON.parse(import_fs16.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
           process.kill(pid, 0);
           return process.exit(0);
         }
       } catch {
         try {
-          import_fs15.default.unlinkSync(DAEMON_PID_FILE);
+          import_fs16.default.unlinkSync(DAEMON_PID_FILE);
         } catch {
         }
         server.listen(DAEMON_PORT, DAEMON_HOST);
@@ -6696,14 +6807,14 @@ data: ${JSON.stringify(item.data)}
   }
   startActivitySocket();
 }
-var import_http, import_fs15, import_path18, import_crypto6, import_child_process4, import_chalk2;
+var import_http, import_fs16, import_path19, import_crypto7, import_child_process4, import_chalk2;
 var init_server = __esm({
   "src/daemon/server.ts"() {
     "use strict";
     import_http = __toESM(require("http"));
-    import_fs15 = __toESM(require("fs"));
-    import_path18 = __toESM(require("path"));
-    import_crypto6 = require("crypto");
+    import_fs16 = __toESM(require("fs"));
+    import_path19 = __toESM(require("path"));
+    import_crypto7 = require("crypto");
     import_child_process4 = require("child_process");
     import_chalk2 = __toESM(require("chalk"));
     init_core();
@@ -6717,24 +6828,24 @@ var init_server = __esm({
 
 // src/daemon/index.ts
 function stopDaemon() {
-  if (!import_fs16.default.existsSync(DAEMON_PID_FILE)) return console.log(import_chalk3.default.yellow("Not running."));
+  if (!import_fs17.default.existsSync(DAEMON_PID_FILE)) return console.log(import_chalk3.default.yellow("Not running."));
   try {
-    const { pid } = JSON.parse(import_fs16.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
+    const { pid } = JSON.parse(import_fs17.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
     process.kill(pid, "SIGTERM");
     console.log(import_chalk3.default.green("\u2705 Stopped."));
   } catch {
     console.log(import_chalk3.default.gray("Cleaned up stale PID file."));
   } finally {
     try {
-      import_fs16.default.unlinkSync(DAEMON_PID_FILE);
+      import_fs17.default.unlinkSync(DAEMON_PID_FILE);
     } catch {
     }
   }
 }
 function daemonStatus() {
-  if (import_fs16.default.existsSync(DAEMON_PID_FILE)) {
+  if (import_fs17.default.existsSync(DAEMON_PID_FILE)) {
     try {
-      const { pid } = JSON.parse(import_fs16.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
+      const { pid } = JSON.parse(import_fs17.default.readFileSync(DAEMON_PID_FILE, "utf-8"));
       process.kill(pid, 0);
       console.log(import_chalk3.default.green("Node9 daemon: running"));
       return;
@@ -6753,11 +6864,11 @@ function daemonStatus() {
     console.log(import_chalk3.default.yellow("Node9 daemon: not running"));
   }
 }
-var import_fs16, import_chalk3, import_child_process5;
+var import_fs17, import_chalk3, import_child_process5;
 var init_daemon2 = __esm({
   "src/daemon/index.ts"() {
     "use strict";
-    import_fs16 = __toESM(require("fs"));
+    import_fs17 = __toESM(require("fs"));
     import_chalk3 = __toESM(require("chalk"));
     import_child_process5 = require("child_process");
     init_server();
@@ -6778,44 +6889,64 @@ function getIcon(tool) {
   }
   return "\u{1F6E0}\uFE0F";
 }
+function visibleLength(s) {
+  return s.replace(/\x1B\[[0-9;]*m/g, "").length;
+}
+function wrappedLineCount(text) {
+  const cols = process.stdout.columns;
+  if (!cols) return 1;
+  const len = visibleLength(text);
+  return Math.max(1, Math.ceil(len / cols));
+}
 function formatBase(activity) {
   const time = new Date(activity.ts).toLocaleTimeString([], { hour12: false });
   const icon = getIcon(activity.tool);
   const toolName = activity.tool.slice(0, 16).padEnd(16);
-  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ").replaceAll(import_os22.default.homedir(), "~");
+  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ").replaceAll(import_os24.default.homedir(), "~");
   const argsPreview = argsStr.length > 70 ? argsStr.slice(0, 70) + "\u2026" : argsStr;
-  return `${import_chalk18.default.gray(time)} ${icon} ${import_chalk18.default.white.bold(toolName)} ${import_chalk18.default.dim(argsPreview)}`;
+  return `${import_chalk19.default.gray(time)} ${icon} ${import_chalk19.default.white.bold(toolName)} ${import_chalk19.default.dim(argsPreview)}`;
 }
 function renderResult(activity, result) {
   const base = formatBase(activity);
   let status;
   if (result.status === "allow") {
-    status = import_chalk18.default.green("\u2713 ALLOW");
+    status = import_chalk19.default.green("\u2713 ALLOW");
   } else if (result.status === "dlp") {
-    status = import_chalk18.default.bgRed.white.bold(" \u{1F6E1}\uFE0F  DLP ");
+    status = import_chalk19.default.bgRed.white.bold(" \u{1F6E1}\uFE0F  DLP ");
   } else {
-    status = import_chalk18.default.red("\u2717 BLOCK");
+    status = import_chalk19.default.red("\u2717 BLOCK");
   }
   const cost = result.costEstimate ?? activity.costEstimate;
-  const costSuffix = cost == null ? "" : import_chalk18.default.dim(`  ~$${cost >= 1e-3 ? cost.toFixed(3) : "0.000"}`);
+  const costSuffix = cost == null ? "" : import_chalk19.default.dim(`  ~$${cost >= 1e-3 ? cost.toFixed(3) : "0.000"}`);
   if (process.stdout.isTTY) {
-    import_readline5.default.clearLine(process.stdout, 0);
-    import_readline5.default.cursorTo(process.stdout, 0);
+    if (pendingShownForId === activity.id && pendingWrappedLines > 1) {
+      import_readline5.default.moveCursor(process.stdout, 0, -(pendingWrappedLines - 1));
+      import_readline5.default.cursorTo(process.stdout, 0);
+      process.stdout.write(ERASE_DOWN);
+    } else {
+      import_readline5.default.clearLine(process.stdout, 0);
+      import_readline5.default.cursorTo(process.stdout, 0);
+    }
+    pendingShownForId = null;
+    pendingWrappedLines = 0;
   }
   console.log(`${base}  ${status}${costSuffix}`);
 }
 function renderPending(activity) {
   if (!process.stdout.isTTY) return;
-  process.stdout.write(`${formatBase(activity)}  ${import_chalk18.default.yellow("\u25CF \u2026")}\r`);
+  const line = `${formatBase(activity)}  ${import_chalk19.default.yellow("\u25CF \u2026")}`;
+  pendingShownForId = activity.id;
+  pendingWrappedLines = wrappedLineCount(line);
+  process.stdout.write(`${line}\r`);
 }
 async function ensureDaemon() {
   let pidPort = null;
-  if (import_fs26.default.existsSync(PID_FILE)) {
+  if (import_fs28.default.existsSync(PID_FILE)) {
     try {
-      const { port } = JSON.parse(import_fs26.default.readFileSync(PID_FILE, "utf-8"));
+      const { port } = JSON.parse(import_fs28.default.readFileSync(PID_FILE, "utf-8"));
       pidPort = port;
     } catch {
-      console.error(import_chalk18.default.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
+      console.error(import_chalk19.default.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
     }
   }
   const checkPort = pidPort ?? DAEMON_PORT;
@@ -6826,7 +6957,7 @@ async function ensureDaemon() {
     if (res.ok) return checkPort;
   } catch {
   }
-  console.log(import_chalk18.default.dim("\u{1F6E1}\uFE0F  Starting Node9 daemon..."));
+  console.log(import_chalk19.default.dim("\u{1F6E1}\uFE0F  Starting Node9 daemon..."));
   const child = (0, import_child_process14.spawn)(process.execPath, [process.argv[1], "daemon"], {
     detached: true,
     stdio: "ignore",
@@ -6843,7 +6974,7 @@ async function ensureDaemon() {
     } catch {
     }
   }
-  console.error(import_chalk18.default.red("\u274C Daemon failed to start. Try: node9 daemon start"));
+  console.error(import_chalk19.default.red("\u274C Daemon failed to start. Try: node9 daemon start"));
   process.exit(1);
 }
 function postDecisionHttp(id, decision, csrfToken, port, opts) {
@@ -6932,9 +7063,9 @@ function buildRecoveryCardLines(req) {
   ];
 }
 function readApproversFromDisk() {
-  const configPath = import_path29.default.join(import_os22.default.homedir(), ".node9", "config.json");
+  const configPath = import_path31.default.join(import_os24.default.homedir(), ".node9", "config.json");
   try {
-    const raw = JSON.parse(import_fs26.default.readFileSync(configPath, "utf-8"));
+    const raw = JSON.parse(import_fs28.default.readFileSync(configPath, "utf-8"));
     const settings = raw.settings ?? {};
     return settings.approvers ?? {};
   } catch {
@@ -6945,20 +7076,20 @@ function approverStatusLine() {
   const a = readApproversFromDisk();
   const fmt = (label, key) => {
     const on = a[key] !== false;
-    return `[${key[0]}]${label.slice(1)} ${on ? import_chalk18.default.green("\u2713") : import_chalk18.default.dim("\u2717")}`;
+    return `[${key[0]}]${label.slice(1)} ${on ? import_chalk19.default.green("\u2713") : import_chalk19.default.dim("\u2717")}`;
   };
   return `${fmt("native", "native")}  ${fmt("browser", "browser")}  ${fmt("cloud", "cloud")}  ${fmt("terminal", "terminal")}`;
 }
 function toggleApprover(channel) {
-  const configPath = import_path29.default.join(import_os22.default.homedir(), ".node9", "config.json");
+  const configPath = import_path31.default.join(import_os24.default.homedir(), ".node9", "config.json");
   try {
-    const raw = JSON.parse(import_fs26.default.readFileSync(configPath, "utf-8"));
+    const raw = JSON.parse(import_fs28.default.readFileSync(configPath, "utf-8"));
     const settings = raw.settings ?? {};
     const approvers = settings.approvers ?? {};
     approvers[channel] = approvers[channel] === false;
     settings.approvers = approvers;
     raw.settings = settings;
-    import_fs26.default.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
+    import_fs28.default.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
   } catch (err2) {
     process.stderr.write(`[node9] toggleApprover failed: ${String(err2)}
 `);
@@ -6990,7 +7121,7 @@ async function startTail(options = {}) {
       req2.end();
     });
     if (result.ok) {
-      console.log(import_chalk18.default.green("\u2713 Flight Recorder buffer cleared."));
+      console.log(import_chalk19.default.green("\u2713 Flight Recorder buffer cleared."));
     } else if (result.code === "ECONNREFUSED") {
       throw new Error("Daemon is not running. Start it with: node9 daemon start");
     } else if (result.code === "ETIMEDOUT") {
@@ -7034,7 +7165,7 @@ async function startTail(options = {}) {
       const channel = name === "n" ? "native" : name === "b" ? "browser" : name === "c" ? "cloud" : name === "t" ? "terminal" : null;
       if (channel) {
         toggleApprover(channel);
-        console.log(import_chalk18.default.dim(`  Approvers: ${approverStatusLine()}`));
+        console.log(import_chalk19.default.dim(`  Approvers: ${approverStatusLine()}`));
       }
     };
     process.stdin.on("keypress", idleKeypressHandler);
@@ -7100,7 +7231,7 @@ async function startTail(options = {}) {
           localAllowCounts.get(req2.toolName) ?? 0
         )
       );
-      const decisionStamp = action === "always-allow" ? import_chalk18.default.yellow("\u2605 ALWAYS ALLOW") : action === "trust" ? import_chalk18.default.cyan("\u23F1 TRUST 30m") : action === "allow" ? import_chalk18.default.green("\u2713 ALLOWED") : action === "redirect" ? import_chalk18.default.yellow("\u21A9 REDIRECT AI") : import_chalk18.default.red("\u2717 DENIED");
+      const decisionStamp = action === "always-allow" ? import_chalk19.default.yellow("\u2605 ALWAYS ALLOW") : action === "trust" ? import_chalk19.default.cyan("\u23F1 TRUST 30m") : action === "allow" ? import_chalk19.default.green("\u2713 ALLOWED") : action === "redirect" ? import_chalk19.default.yellow("\u21A9 REDIRECT AI") : import_chalk19.default.red("\u2717 DENIED");
       stampedLines.push(`  ${BOLD2}\u2192${RESET2} ${decisionStamp} ${GRAY}(terminal)${RESET2}`, ``);
       for (const line of stampedLines) process.stdout.write(line + "\n");
       process.stdout.write(SHOW_CURSOR);
@@ -7128,8 +7259,8 @@ async function startTail(options = {}) {
       }
       postDecisionHttp(req2.id, httpDecision, csrfToken, port, httpOpts).catch((err2) => {
         try {
-          import_fs26.default.appendFileSync(
-            import_path29.default.join(import_os22.default.homedir(), ".node9", "hook-debug.log"),
+          import_fs28.default.appendFileSync(
+            import_path31.default.join(import_os24.default.homedir(), ".node9", "hook-debug.log"),
             `[tail] POST /decision failed: ${String(err2)}
 `
           );
@@ -7151,7 +7282,7 @@ async function startTail(options = {}) {
       );
       const stampedLines = buildCardLines(req2, priorCount);
       if (externalDecision) {
-        const source = externalDecision === "allow" ? import_chalk18.default.green("\u2713 ALLOWED") : import_chalk18.default.red("\u2717 DENIED");
+        const source = externalDecision === "allow" ? import_chalk19.default.green("\u2713 ALLOWED") : import_chalk19.default.red("\u2717 DENIED");
         stampedLines.push(`  ${BOLD2}\u2192${RESET2} ${source} ${GRAY}(external)${RESET2}`, ``);
       }
       for (const line of stampedLines) process.stdout.write(line + "\n");
@@ -7210,16 +7341,16 @@ async function startTail(options = {}) {
     }
   } catch {
   }
-  console.log(import_chalk18.default.cyan.bold(`
-\u{1F6F0}\uFE0F  Node9 tail  `) + import_chalk18.default.dim(`\u2192 ${dashboardUrl}`));
+  console.log(import_chalk19.default.cyan.bold(`
+\u{1F6F0}\uFE0F  Node9 tail  `) + import_chalk19.default.dim(`\u2192 ${dashboardUrl}`));
   if (canApprove) {
-    console.log(import_chalk18.default.dim("Card: [\u21B5/y] Allow  [n] Deny  [a] Always  [t] Trust 30m"));
-    console.log(import_chalk18.default.dim(`Approvers (toggle): ${approverStatusLine()}  [q] quit`));
+    console.log(import_chalk19.default.dim("Card: [\u21B5/y] Allow  [n] Deny  [a] Always  [t] Trust 30m"));
+    console.log(import_chalk19.default.dim(`Approvers (toggle): ${approverStatusLine()}  [q] quit`));
   }
   if (options.history) {
-    console.log(import_chalk18.default.dim("Showing history + live events.\n"));
+    console.log(import_chalk19.default.dim("Showing history + live events.\n"));
   } else {
-    console.log(import_chalk18.default.dim("Showing live events only. Use --history to include past.\n"));
+    console.log(import_chalk19.default.dim("Showing live events only. Use --history to include past.\n"));
   }
   process.on("SIGINT", () => {
     exitIdleMode();
@@ -7229,13 +7360,13 @@ async function startTail(options = {}) {
       import_readline5.default.clearLine(process.stdout, 0);
       import_readline5.default.cursorTo(process.stdout, 0);
     }
-    console.log(import_chalk18.default.dim("\n\u{1F6F0}\uFE0F  Disconnected."));
+    console.log(import_chalk19.default.dim("\n\u{1F6F0}\uFE0F  Disconnected."));
     process.exit(0);
   });
   const sseUrl = `http://127.0.0.1:${port}/events?capabilities=input`;
   const req = import_http2.default.get(sseUrl, (res) => {
     if (res.statusCode !== 200) {
-      console.error(import_chalk18.default.red(`Failed to connect: HTTP ${res.statusCode}`));
+      console.error(import_chalk19.default.red(`Failed to connect: HTTP ${res.statusCode}`));
       process.exit(1);
     }
     if (canApprove) enterIdleMode();
@@ -7266,7 +7397,7 @@ async function startTail(options = {}) {
         import_readline5.default.clearLine(process.stdout, 0);
         import_readline5.default.cursorTo(process.stdout, 0);
       }
-      console.log(import_chalk18.default.red("\n\u274C Daemon disconnected."));
+      console.log(import_chalk19.default.red("\n\u274C Daemon disconnected."));
       process.exit(1);
     });
   });
@@ -7358,9 +7489,9 @@ async function startTail(options = {}) {
       const hash = data.hash ?? "";
       const summary = data.argsSummary ?? data.tool;
       const fileCount = data.fileCount ?? 0;
-      const files = fileCount > 0 ? import_chalk18.default.dim(` \xB7 ${fileCount} file${fileCount === 1 ? "" : "s"}`) : "";
+      const files = fileCount > 0 ? import_chalk19.default.dim(` \xB7 ${fileCount} file${fileCount === 1 ? "" : "s"}`) : "";
       process.stdout.write(
-        `${import_chalk18.default.dim(time)}  ${import_chalk18.default.cyan("\u{1F4F8} snapshot")}  ${import_chalk18.default.dim(hash)}  ${summary}${files}
+        `${import_chalk19.default.dim(time)}  ${import_chalk19.default.cyan("\u{1F4F8} snapshot")}  ${import_chalk19.default.dim(hash)}  ${summary}${files}
 `
       );
       return;
@@ -7377,26 +7508,26 @@ async function startTail(options = {}) {
   }
   req.on("error", (err2) => {
     const msg = err2.code === "ECONNREFUSED" ? "Daemon is not running. Start it with: node9 daemon start" : err2.message;
-    console.error(import_chalk18.default.red(`
+    console.error(import_chalk19.default.red(`
 \u274C ${msg}`));
     process.exit(1);
   });
 }
-var import_http2, import_chalk18, import_fs26, import_os22, import_path29, import_readline5, import_child_process14, PID_FILE, ICONS, RESET2, BOLD2, RED, YELLOW, CYAN, GRAY, GREEN, HIDE_CURSOR, SHOW_CURSOR, ERASE_DOWN, DIVIDER;
+var import_http2, import_chalk19, import_fs28, import_os24, import_path31, import_readline5, import_child_process14, PID_FILE, ICONS, RESET2, BOLD2, RED, YELLOW, CYAN, GRAY, GREEN, HIDE_CURSOR, SHOW_CURSOR, ERASE_DOWN, pendingShownForId, pendingWrappedLines, DIVIDER;
 var init_tail = __esm({
   "src/tui/tail.ts"() {
     "use strict";
     import_http2 = __toESM(require("http"));
-    import_chalk18 = __toESM(require("chalk"));
-    import_fs26 = __toESM(require("fs"));
-    import_os22 = __toESM(require("os"));
-    import_path29 = __toESM(require("path"));
+    import_chalk19 = __toESM(require("chalk"));
+    import_fs28 = __toESM(require("fs"));
+    import_os24 = __toESM(require("os"));
+    import_path31 = __toESM(require("path"));
     import_readline5 = __toESM(require("readline"));
     import_child_process14 = require("child_process");
     init_daemon2();
     init_daemon();
     init_core();
-    PID_FILE = import_path29.default.join(import_os22.default.homedir(), ".node9", "daemon.pid");
+    PID_FILE = import_path31.default.join(import_os24.default.homedir(), ".node9", "daemon.pid");
     ICONS = {
       bash: "\u{1F4BB}",
       shell: "\u{1F4BB}",
@@ -7424,6 +7555,8 @@ var init_tail = __esm({
     HIDE_CURSOR = "\x1B[?25l";
     SHOW_CURSOR = "\x1B[?25h";
     ERASE_DOWN = "\x1B[J";
+    pendingShownForId = null;
+    pendingWrappedLines = 0;
     DIVIDER = "\u2500".repeat(60);
   }
 });
@@ -7492,10 +7625,10 @@ function bold(s) {
 function color(c, s) {
   return `${c}${s}${RESET3}`;
 }
-function progressBar(pct, warnAt = 70, critAt = 85) {
-  const filled = Math.round(Math.min(pct, 100) / 100 * BAR_WIDTH);
+function progressBar(pct2, warnAt = 70, critAt = 85) {
+  const filled = Math.round(Math.min(pct2, 100) / 100 * BAR_WIDTH);
   const bar = BAR_FILLED.repeat(filled) + BAR_EMPTY.repeat(BAR_WIDTH - filled);
-  const c = pct >= critAt ? RED2 : pct >= warnAt ? YELLOW2 : GREEN2;
+  const c = pct2 >= critAt ? RED2 : pct2 >= warnAt ? YELLOW2 : GREEN2;
   return `${c}${bar}${RESET3}`;
 }
 function formatTimeLeft(resetsAt) {
@@ -7509,9 +7642,9 @@ function formatTimeLeft(resetsAt) {
   return ` (${m}m left)`;
 }
 function safeReadJson(filePath) {
-  if (!import_fs27.default.existsSync(filePath)) return null;
+  if (!import_fs29.default.existsSync(filePath)) return null;
   try {
-    return JSON.parse(import_fs27.default.readFileSync(filePath, "utf-8"));
+    return JSON.parse(import_fs29.default.readFileSync(filePath, "utf-8"));
   } catch {
     return null;
   }
@@ -7532,12 +7665,12 @@ function countHooksInFile(filePath) {
   return Object.keys(cfg.hooks).length;
 }
 function countRulesInDir(rulesDir) {
-  if (!import_fs27.default.existsSync(rulesDir)) return 0;
+  if (!import_fs29.default.existsSync(rulesDir)) return 0;
   let count = 0;
   try {
-    for (const entry of import_fs27.default.readdirSync(rulesDir, { withFileTypes: true })) {
+    for (const entry of import_fs29.default.readdirSync(rulesDir, { withFileTypes: true })) {
       if (entry.isDirectory()) {
-        count += countRulesInDir(import_path30.default.join(rulesDir, entry.name));
+        count += countRulesInDir(import_path32.default.join(rulesDir, entry.name));
       } else if (entry.isFile() && entry.name.endsWith(".md")) {
         count++;
       }
@@ -7548,46 +7681,46 @@ function countRulesInDir(rulesDir) {
 }
 function isSamePath(a, b) {
   try {
-    return import_path30.default.resolve(a) === import_path30.default.resolve(b);
+    return import_path32.default.resolve(a) === import_path32.default.resolve(b);
   } catch {
     return false;
   }
 }
 function countConfigs(cwd) {
-  const homeDir2 = import_os23.default.homedir();
-  const claudeDir = import_path30.default.join(homeDir2, ".claude");
+  const homeDir2 = import_os25.default.homedir();
+  const claudeDir = import_path32.default.join(homeDir2, ".claude");
   let claudeMdCount = 0;
   let rulesCount = 0;
   let hooksCount = 0;
   const userMcpServers = /* @__PURE__ */ new Set();
   const projectMcpServers = /* @__PURE__ */ new Set();
-  if (import_fs27.default.existsSync(import_path30.default.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
-  rulesCount += countRulesInDir(import_path30.default.join(claudeDir, "rules"));
-  const userSettings = import_path30.default.join(claudeDir, "settings.json");
+  if (import_fs29.default.existsSync(import_path32.default.join(claudeDir, "CLAUDE.md"))) claudeMdCount++;
+  rulesCount += countRulesInDir(import_path32.default.join(claudeDir, "rules"));
+  const userSettings = import_path32.default.join(claudeDir, "settings.json");
   for (const name of getMcpServerNames(userSettings)) userMcpServers.add(name);
   hooksCount += countHooksInFile(userSettings);
-  const userClaudeJson = import_path30.default.join(homeDir2, ".claude.json");
+  const userClaudeJson = import_path32.default.join(homeDir2, ".claude.json");
   for (const name of getMcpServerNames(userClaudeJson)) userMcpServers.add(name);
   for (const name of getDisabledMcpServers(userClaudeJson, "disabledMcpServers")) {
     userMcpServers.delete(name);
   }
   if (cwd) {
-    if (import_fs27.default.existsSync(import_path30.default.join(cwd, "CLAUDE.md"))) claudeMdCount++;
-    if (import_fs27.default.existsSync(import_path30.default.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
-    const projectClaudeDir = import_path30.default.join(cwd, ".claude");
+    if (import_fs29.default.existsSync(import_path32.default.join(cwd, "CLAUDE.md"))) claudeMdCount++;
+    if (import_fs29.default.existsSync(import_path32.default.join(cwd, "CLAUDE.local.md"))) claudeMdCount++;
+    const projectClaudeDir = import_path32.default.join(cwd, ".claude");
     const overlapsUserScope = isSamePath(projectClaudeDir, claudeDir);
     if (!overlapsUserScope) {
-      if (import_fs27.default.existsSync(import_path30.default.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
-      rulesCount += countRulesInDir(import_path30.default.join(projectClaudeDir, "rules"));
-      const projSettings = import_path30.default.join(projectClaudeDir, "settings.json");
+      if (import_fs29.default.existsSync(import_path32.default.join(projectClaudeDir, "CLAUDE.md"))) claudeMdCount++;
+      rulesCount += countRulesInDir(import_path32.default.join(projectClaudeDir, "rules"));
+      const projSettings = import_path32.default.join(projectClaudeDir, "settings.json");
       for (const name of getMcpServerNames(projSettings)) projectMcpServers.add(name);
       hooksCount += countHooksInFile(projSettings);
     }
-    if (import_fs27.default.existsSync(import_path30.default.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
-    const localSettings = import_path30.default.join(projectClaudeDir, "settings.local.json");
+    if (import_fs29.default.existsSync(import_path32.default.join(projectClaudeDir, "CLAUDE.local.md"))) claudeMdCount++;
+    const localSettings = import_path32.default.join(projectClaudeDir, "settings.local.json");
     for (const name of getMcpServerNames(localSettings)) projectMcpServers.add(name);
     hooksCount += countHooksInFile(localSettings);
-    const mcpJsonServers = getMcpServerNames(import_path30.default.join(cwd, ".mcp.json"));
+    const mcpJsonServers = getMcpServerNames(import_path32.default.join(cwd, ".mcp.json"));
     const disabledMcpJson = getDisabledMcpServers(localSettings, "disabledMcpjsonServers");
     for (const name of disabledMcpJson) mcpJsonServers.delete(name);
     for (const name of mcpJsonServers) projectMcpServers.add(name);
@@ -7620,12 +7753,12 @@ function readActiveShieldsHud() {
     return shieldsCache.value;
   }
   try {
-    const shieldsPath = import_path30.default.join(import_os23.default.homedir(), ".node9", "shields.json");
-    if (!import_fs27.default.existsSync(shieldsPath)) {
+    const shieldsPath = import_path32.default.join(import_os25.default.homedir(), ".node9", "shields.json");
+    if (!import_fs29.default.existsSync(shieldsPath)) {
       shieldsCache = { value: [], ts: now };
       return [];
     }
-    const parsed = JSON.parse(import_fs27.default.readFileSync(shieldsPath, "utf-8"));
+    const parsed = JSON.parse(import_fs29.default.readFileSync(shieldsPath, "utf-8"));
     if (!Array.isArray(parsed.active)) {
       shieldsCache = { value: [], ts: now };
       return [];
@@ -7711,15 +7844,15 @@ function renderContextLine(stdin) {
   }
   const rl = stdin.rate_limits;
   if (rl?.five_hour?.used_percentage !== void 0) {
-    const pct = Math.round(rl.five_hour.used_percentage);
-    const bar = progressBar(pct, 60, 80);
+    const pct2 = Math.round(rl.five_hour.used_percentage);
+    const bar = progressBar(pct2, 60, 80);
     const left = formatTimeLeft(rl.five_hour.resets_at);
-    parts.push(`${dim("\u2502")} 5h ${bar} ${pct}%${left}`);
+    parts.push(`${dim("\u2502")} 5h ${bar} ${pct2}%${left}`);
   }
   if (rl?.seven_day?.used_percentage !== void 0) {
-    const pct = Math.round(rl.seven_day.used_percentage);
-    const bar = progressBar(pct, 60, 80);
-    parts.push(`${dim("\u2502")} 7d ${bar} ${pct}%`);
+    const pct2 = Math.round(rl.seven_day.used_percentage);
+    const bar = progressBar(pct2, 60, 80);
+    parts.push(`${dim("\u2502")} 7d ${bar} ${pct2}%`);
   }
   if (parts.length === 0) return null;
   return parts.join("  ");
@@ -7727,17 +7860,17 @@ function renderContextLine(stdin) {
 async function main() {
   try {
     const [stdin, daemonStatus2] = await Promise.all([readStdin(), queryDaemon()]);
-    if (import_fs27.default.existsSync(import_path30.default.join(import_os23.default.homedir(), ".node9", "hud-debug"))) {
+    if (import_fs29.default.existsSync(import_path32.default.join(import_os25.default.homedir(), ".node9", "hud-debug"))) {
       try {
-        const logPath = import_path30.default.join(import_os23.default.homedir(), ".node9", "hud-debug.log");
+        const logPath = import_path32.default.join(import_os25.default.homedir(), ".node9", "hud-debug.log");
         const MAX_LOG_SIZE = 10 * 1024 * 1024;
         let size = 0;
         try {
-          size = import_fs27.default.statSync(logPath).size;
+          size = import_fs29.default.statSync(logPath).size;
         } catch {
         }
         if (size < MAX_LOG_SIZE) {
-          import_fs27.default.appendFileSync(
+          import_fs29.default.appendFileSync(
             logPath,
             JSON.stringify({ ts: (/* @__PURE__ */ new Date()).toISOString(), stdin }) + "\n"
           );
@@ -7758,11 +7891,11 @@ async function main() {
       try {
         const cwd = stdin.cwd ?? process.cwd();
         for (const configPath of [
-          import_path30.default.join(cwd, "node9.config.json"),
-          import_path30.default.join(import_os23.default.homedir(), ".node9", "config.json")
+          import_path32.default.join(cwd, "node9.config.json"),
+          import_path32.default.join(import_os25.default.homedir(), ".node9", "config.json")
         ]) {
-          if (!import_fs27.default.existsSync(configPath)) continue;
-          const cfg = JSON.parse(import_fs27.default.readFileSync(configPath, "utf-8"));
+          if (!import_fs29.default.existsSync(configPath)) continue;
+          const cfg = JSON.parse(import_fs29.default.readFileSync(configPath, "utf-8"));
           const hud = cfg.settings?.hud;
           if (hud && "showEnvironmentCounts" in hud) return hud.showEnvironmentCounts !== false;
         }
@@ -7780,13 +7913,13 @@ async function main() {
     renderOffline();
   }
 }
-var import_fs27, import_path30, import_os23, import_http3, RESET3, BOLD3, DIM, RED2, GREEN2, YELLOW2, BLUE, MAGENTA, CYAN2, WHITE, BAR_FILLED, BAR_EMPTY, BAR_WIDTH, shieldsCache, SHIELDS_CACHE_TTL_MS;
+var import_fs29, import_path32, import_os25, import_http3, RESET3, BOLD3, DIM, RED2, GREEN2, YELLOW2, BLUE, MAGENTA, CYAN2, WHITE, BAR_FILLED, BAR_EMPTY, BAR_WIDTH, shieldsCache, SHIELDS_CACHE_TTL_MS;
 var init_hud = __esm({
   "src/cli/hud.ts"() {
     "use strict";
-    import_fs27 = __toESM(require("fs"));
-    import_path30 = __toESM(require("path"));
-    import_os23 = __toESM(require("os"));
+    import_fs29 = __toESM(require("fs"));
+    import_path32 = __toESM(require("path"));
+    import_os25 = __toESM(require("os"));
     import_http3 = __toESM(require("http"));
     init_daemon();
     RESET3 = "\x1B[0m";
@@ -7812,9 +7945,9 @@ var import_commander = require("commander");
 init_core();
 
 // src/setup.ts
-var import_fs11 = __toESM(require("fs"));
-var import_path14 = __toESM(require("path"));
-var import_os10 = __toESM(require("os"));
+var import_fs12 = __toESM(require("fs"));
+var import_path15 = __toESM(require("path"));
+var import_os11 = __toESM(require("os"));
 var import_chalk = __toESM(require("chalk"));
 var import_prompts = require("@inquirer/prompts");
 var import_smol_toml = require("smol-toml");
@@ -7842,26 +7975,26 @@ function fullPathCommand(subcommand) {
 }
 function readJson(filePath) {
   try {
-    if (import_fs11.default.existsSync(filePath)) {
-      return JSON.parse(import_fs11.default.readFileSync(filePath, "utf-8"));
+    if (import_fs12.default.existsSync(filePath)) {
+      return JSON.parse(import_fs12.default.readFileSync(filePath, "utf-8"));
     }
   } catch {
   }
   return null;
 }
 function writeJson(filePath, data) {
-  const dir = import_path14.default.dirname(filePath);
-  if (!import_fs11.default.existsSync(dir)) import_fs11.default.mkdirSync(dir, { recursive: true });
-  import_fs11.default.writeFileSync(filePath, JSON.stringify(data, null, 2) + "\n");
+  const dir = import_path15.default.dirname(filePath);
+  if (!import_fs12.default.existsSync(dir)) import_fs12.default.mkdirSync(dir, { recursive: true });
+  import_fs12.default.writeFileSync(filePath, JSON.stringify(data, null, 2) + "\n");
 }
 function isNode9Hook(cmd) {
   if (!cmd) return false;
   return /(?:^|[\s/\\])node9 (?:check|log)/.test(cmd) || /(?:^|[\s/\\])cli\.js (?:check|log)/.test(cmd);
 }
 function teardownClaude() {
-  const homeDir2 = import_os10.default.homedir();
-  const hooksPath = import_path14.default.join(homeDir2, ".claude", "settings.json");
-  const mcpPath = import_path14.default.join(homeDir2, ".claude", ".mcp.json");
+  const homeDir2 = import_os11.default.homedir();
+  const hooksPath = import_path15.default.join(homeDir2, ".claude", "settings.json");
+  const mcpPath = import_path15.default.join(homeDir2, ".claude", ".mcp.json");
   let changed = false;
   const settings = readJson(hooksPath);
   if (settings?.hooks) {
@@ -7909,8 +8042,8 @@ function teardownClaude() {
   }
 }
 function teardownGemini() {
-  const homeDir2 = import_os10.default.homedir();
-  const settingsPath = import_path14.default.join(homeDir2, ".gemini", "settings.json");
+  const homeDir2 = import_os11.default.homedir();
+  const settingsPath = import_path15.default.join(homeDir2, ".gemini", "settings.json");
   const settings = readJson(settingsPath);
   if (!settings) {
     console.log(import_chalk.default.blue("  \u2139\uFE0F  ~/.gemini/settings.json not found \u2014 nothing to remove"));
@@ -7953,8 +8086,8 @@ function teardownGemini() {
   }
 }
 function teardownCursor() {
-  const homeDir2 = import_os10.default.homedir();
-  const mcpPath = import_path14.default.join(homeDir2, ".cursor", "mcp.json");
+  const homeDir2 = import_os11.default.homedir();
+  const mcpPath = import_path15.default.join(homeDir2, ".cursor", "mcp.json");
   const mcpConfig = readJson(mcpPath);
   if (!mcpConfig?.mcpServers) {
     console.log(import_chalk.default.blue("  \u2139\uFE0F  ~/.cursor/mcp.json not found \u2014 nothing to remove"));
@@ -7985,9 +8118,9 @@ function teardownCursor() {
   }
 }
 async function setupClaude() {
-  const homeDir2 = import_os10.default.homedir();
-  const mcpPath = import_path14.default.join(homeDir2, ".claude", ".mcp.json");
-  const hooksPath = import_path14.default.join(homeDir2, ".claude", "settings.json");
+  const homeDir2 = import_os11.default.homedir();
+  const mcpPath = import_path15.default.join(homeDir2, ".claude", ".mcp.json");
+  const hooksPath = import_path15.default.join(homeDir2, ".claude", "settings.json");
   const claudeConfig = readJson(mcpPath) ?? {};
   const settings = readJson(hooksPath) ?? {};
   const servers = claudeConfig.mcpServers ?? {};
@@ -8084,8 +8217,8 @@ async function setupClaude() {
   }
 }
 async function setupGemini() {
-  const homeDir2 = import_os10.default.homedir();
-  const settingsPath = import_path14.default.join(homeDir2, ".gemini", "settings.json");
+  const homeDir2 = import_os11.default.homedir();
+  const settingsPath = import_path15.default.join(homeDir2, ".gemini", "settings.json");
   const settings = readJson(settingsPath) ?? {};
   const servers = settings.mcpServers ?? {};
   let hooksChanged = false;
@@ -8180,10 +8313,10 @@ async function setupGemini() {
     printDaemonTip();
   }
 }
-function detectAgents(homeDir2 = import_os10.default.homedir()) {
+function detectAgents(homeDir2 = import_os11.default.homedir()) {
   const exists = (p) => {
     try {
-      return import_fs11.default.existsSync(p);
+      return import_fs12.default.existsSync(p);
     } catch (err2) {
       const code = err2.code;
       if (code !== "ENOENT") {
@@ -8194,15 +8327,15 @@ function detectAgents(homeDir2 = import_os10.default.homedir()) {
     }
   };
   return {
-    claude: exists(import_path14.default.join(homeDir2, ".claude")) || exists(import_path14.default.join(homeDir2, ".claude.json")),
-    gemini: exists(import_path14.default.join(homeDir2, ".gemini")),
-    cursor: exists(import_path14.default.join(homeDir2, ".cursor")),
-    codex: exists(import_path14.default.join(homeDir2, ".codex"))
+    claude: exists(import_path15.default.join(homeDir2, ".claude")) || exists(import_path15.default.join(homeDir2, ".claude.json")),
+    gemini: exists(import_path15.default.join(homeDir2, ".gemini")),
+    cursor: exists(import_path15.default.join(homeDir2, ".cursor")),
+    codex: exists(import_path15.default.join(homeDir2, ".codex"))
   };
 }
 async function setupCursor() {
-  const homeDir2 = import_os10.default.homedir();
-  const mcpPath = import_path14.default.join(homeDir2, ".cursor", "mcp.json");
+  const homeDir2 = import_os11.default.homedir();
+  const mcpPath = import_path15.default.join(homeDir2, ".cursor", "mcp.json");
   const mcpConfig = readJson(mcpPath) ?? {};
   const servers = mcpConfig.mcpServers ?? {};
   let anythingChanged = false;
@@ -8268,21 +8401,21 @@ async function setupCursor() {
 }
 function readToml(filePath) {
   try {
-    if (import_fs11.default.existsSync(filePath)) {
-      return (0, import_smol_toml.parse)(import_fs11.default.readFileSync(filePath, "utf-8"));
+    if (import_fs12.default.existsSync(filePath)) {
+      return (0, import_smol_toml.parse)(import_fs12.default.readFileSync(filePath, "utf-8"));
     }
   } catch {
   }
   return null;
 }
 function writeToml(filePath, data) {
-  const dir = import_path14.default.dirname(filePath);
-  if (!import_fs11.default.existsSync(dir)) import_fs11.default.mkdirSync(dir, { recursive: true });
-  import_fs11.default.writeFileSync(filePath, (0, import_smol_toml.stringify)(data));
+  const dir = import_path15.default.dirname(filePath);
+  if (!import_fs12.default.existsSync(dir)) import_fs12.default.mkdirSync(dir, { recursive: true });
+  import_fs12.default.writeFileSync(filePath, (0, import_smol_toml.stringify)(data));
 }
 async function setupCodex() {
-  const homeDir2 = import_os10.default.homedir();
-  const configPath = import_path14.default.join(homeDir2, ".codex", "config.toml");
+  const homeDir2 = import_os11.default.homedir();
+  const configPath = import_path15.default.join(homeDir2, ".codex", "config.toml");
   const config = readToml(configPath) ?? {};
   const servers = config.mcp_servers ?? {};
   let anythingChanged = false;
@@ -8347,8 +8480,8 @@ async function setupCodex() {
   }
 }
 function setupHud() {
-  const homeDir2 = import_os10.default.homedir();
-  const hooksPath = import_path14.default.join(homeDir2, ".claude", "settings.json");
+  const homeDir2 = import_os11.default.homedir();
+  const hooksPath = import_path15.default.join(homeDir2, ".claude", "settings.json");
   const settings = readJson(hooksPath) ?? {};
   const hudCommand = fullPathCommand("hud");
   const statusLineObj = { type: "command", command: hudCommand };
@@ -8374,8 +8507,8 @@ function setupHud() {
   console.log(import_chalk.default.gray("   Restart Claude Code to activate."));
 }
 function teardownHud() {
-  const homeDir2 = import_os10.default.homedir();
-  const hooksPath = import_path14.default.join(homeDir2, ".claude", "settings.json");
+  const homeDir2 = import_os11.default.homedir();
+  const hooksPath = import_path15.default.join(homeDir2, ".claude", "settings.json");
   const settings = readJson(hooksPath);
   if (!settings) {
     console.log(import_chalk.default.blue("  \u2139\uFE0F  ~/.claude/settings.json not found \u2014 nothing to remove"));
@@ -8395,10 +8528,10 @@ function teardownHud() {
 
 // src/cli.ts
 init_daemon2();
-var import_chalk19 = __toESM(require("chalk"));
-var import_fs28 = __toESM(require("fs"));
-var import_path31 = __toESM(require("path"));
-var import_os24 = __toESM(require("os"));
+var import_chalk20 = __toESM(require("chalk"));
+var import_fs30 = __toESM(require("fs"));
+var import_path33 = __toESM(require("path"));
+var import_os26 = __toESM(require("os"));
 var import_prompts2 = require("@inquirer/prompts");
 
 // src/utils/duration.ts
@@ -8623,10 +8756,10 @@ async function autoStartDaemonAndWait() {
 
 // src/cli/commands/check.ts
 var import_chalk5 = __toESM(require("chalk"));
-var import_fs18 = __toESM(require("fs"));
+var import_fs19 = __toESM(require("fs"));
 var import_child_process9 = require("child_process");
-var import_path20 = __toESM(require("path"));
-var import_os14 = __toESM(require("os"));
+var import_path21 = __toESM(require("path"));
+var import_os15 = __toESM(require("os"));
 init_orchestrator();
 init_daemon();
 init_config();
@@ -8634,12 +8767,12 @@ init_policy();
 
 // src/undo.ts
 var import_child_process8 = require("child_process");
-var import_crypto7 = __toESM(require("crypto"));
-var import_fs17 = __toESM(require("fs"));
+var import_crypto8 = __toESM(require("crypto"));
+var import_fs18 = __toESM(require("fs"));
 var import_net3 = __toESM(require("net"));
-var import_path19 = __toESM(require("path"));
-var import_os13 = __toESM(require("os"));
-var ACTIVITY_SOCKET_PATH3 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path19.default.join(import_os13.default.tmpdir(), "node9-activity.sock");
+var import_path20 = __toESM(require("path"));
+var import_os14 = __toESM(require("os"));
+var ACTIVITY_SOCKET_PATH3 = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path20.default.join(import_os14.default.tmpdir(), "node9-activity.sock");
 function notifySnapshotTaken(hash, tool, argsSummary, fileCount) {
   try {
     const payload = JSON.stringify({
@@ -8659,22 +8792,22 @@ function notifySnapshotTaken(hash, tool, argsSummary, fileCount) {
   } catch {
   }
 }
-var SNAPSHOT_STACK_PATH = import_path19.default.join(import_os13.default.homedir(), ".node9", "snapshots.json");
-var UNDO_LATEST_PATH = import_path19.default.join(import_os13.default.homedir(), ".node9", "undo_latest.txt");
+var SNAPSHOT_STACK_PATH = import_path20.default.join(import_os14.default.homedir(), ".node9", "snapshots.json");
+var UNDO_LATEST_PATH = import_path20.default.join(import_os14.default.homedir(), ".node9", "undo_latest.txt");
 var MAX_SNAPSHOTS = 10;
 var GIT_TIMEOUT = 15e3;
 function readStack() {
   try {
-    if (import_fs17.default.existsSync(SNAPSHOT_STACK_PATH))
-      return JSON.parse(import_fs17.default.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
+    if (import_fs18.default.existsSync(SNAPSHOT_STACK_PATH))
+      return JSON.parse(import_fs18.default.readFileSync(SNAPSHOT_STACK_PATH, "utf-8"));
   } catch {
   }
   return [];
 }
 function writeStack(stack) {
-  const dir = import_path19.default.dirname(SNAPSHOT_STACK_PATH);
-  if (!import_fs17.default.existsSync(dir)) import_fs17.default.mkdirSync(dir, { recursive: true });
-  import_fs17.default.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
+  const dir = import_path20.default.dirname(SNAPSHOT_STACK_PATH);
+  if (!import_fs18.default.existsSync(dir)) import_fs18.default.mkdirSync(dir, { recursive: true });
+  import_fs18.default.writeFileSync(SNAPSHOT_STACK_PATH, JSON.stringify(stack, null, 2));
 }
 function extractFilePath(args) {
   if (!args || typeof args !== "object") return null;
@@ -8694,12 +8827,12 @@ function buildArgsSummary(tool, args) {
   return "";
 }
 function findProjectRoot(filePath) {
-  let dir = import_path19.default.dirname(filePath);
+  let dir = import_path20.default.dirname(filePath);
   while (true) {
-    if (import_fs17.default.existsSync(import_path19.default.join(dir, ".git")) || import_fs17.default.existsSync(import_path19.default.join(dir, "package.json"))) {
+    if (import_fs18.default.existsSync(import_path20.default.join(dir, ".git")) || import_fs18.default.existsSync(import_path20.default.join(dir, "package.json"))) {
       return dir;
     }
-    const parent = import_path19.default.dirname(dir);
+    const parent = import_path20.default.dirname(dir);
     if (parent === dir) return process.cwd();
     dir = parent;
   }
@@ -8707,7 +8840,7 @@ function findProjectRoot(filePath) {
 function normalizeCwdForHash(cwd) {
   let normalized;
   try {
-    normalized = import_fs17.default.realpathSync(cwd);
+    normalized = import_fs18.default.realpathSync(cwd);
   } catch {
     normalized = cwd;
   }
@@ -8716,17 +8849,17 @@ function normalizeCwdForHash(cwd) {
   return normalized;
 }
 function getShadowRepoDir(cwd) {
-  const hash = import_crypto7.default.createHash("sha256").update(normalizeCwdForHash(cwd)).digest("hex").slice(0, 16);
-  return import_path19.default.join(import_os13.default.homedir(), ".node9", "snapshots", hash);
+  const hash = import_crypto8.default.createHash("sha256").update(normalizeCwdForHash(cwd)).digest("hex").slice(0, 16);
+  return import_path20.default.join(import_os14.default.homedir(), ".node9", "snapshots", hash);
 }
 function cleanOrphanedIndexFiles(shadowDir) {
   try {
     const cutoff = Date.now() - 6e4;
-    for (const f of import_fs17.default.readdirSync(shadowDir)) {
+    for (const f of import_fs18.default.readdirSync(shadowDir)) {
       if (f.startsWith("index_")) {
-        const fp = import_path19.default.join(shadowDir, f);
+        const fp = import_path20.default.join(shadowDir, f);
         try {
-          if (import_fs17.default.statSync(fp).mtimeMs < cutoff) import_fs17.default.unlinkSync(fp);
+          if (import_fs18.default.statSync(fp).mtimeMs < cutoff) import_fs18.default.unlinkSync(fp);
         } catch {
         }
       }
@@ -8738,7 +8871,7 @@ function writeShadowExcludes(shadowDir, ignorePaths) {
   const hardcoded = [".git", ".node9"];
   const lines = [...hardcoded, ...ignorePaths].join("\n");
   try {
-    import_fs17.default.writeFileSync(import_path19.default.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
+    import_fs18.default.writeFileSync(import_path20.default.join(shadowDir, "info", "exclude"), lines + "\n", "utf8");
   } catch {
   }
 }
@@ -8751,25 +8884,25 @@ function ensureShadowRepo(shadowDir, cwd) {
     timeout: 3e3
   });
   if (check.status === 0) {
-    const ptPath = import_path19.default.join(shadowDir, "project-path.txt");
+    const ptPath = import_path20.default.join(shadowDir, "project-path.txt");
     try {
-      const stored = import_fs17.default.readFileSync(ptPath, "utf8").trim();
+      const stored = import_fs18.default.readFileSync(ptPath, "utf8").trim();
       if (stored === normalizedCwd) return true;
       if (process.env.NODE9_DEBUG === "1")
         console.error(
           `[Node9] Shadow repo path mismatch: stored="${stored}" expected="${normalizedCwd}" \u2014 reinitializing`
         );
-      import_fs17.default.rmSync(shadowDir, { recursive: true, force: true });
+      import_fs18.default.rmSync(shadowDir, { recursive: true, force: true });
     } catch {
       try {
-        import_fs17.default.writeFileSync(ptPath, normalizedCwd, "utf8");
+        import_fs18.default.writeFileSync(ptPath, normalizedCwd, "utf8");
       } catch {
       }
       return true;
     }
   }
   try {
-    import_fs17.default.mkdirSync(shadowDir, { recursive: true });
+    import_fs18.default.mkdirSync(shadowDir, { recursive: true });
   } catch {
   }
   const init = (0, import_child_process8.spawnSync)("git", ["init", "--bare", shadowDir], { timeout: 5e3 });
@@ -8778,7 +8911,7 @@ function ensureShadowRepo(shadowDir, cwd) {
     if (process.env.NODE9_DEBUG === "1") console.error("[Node9] git init --bare failed:", reason);
     return false;
   }
-  const configFile = import_path19.default.join(shadowDir, "config");
+  const configFile = import_path20.default.join(shadowDir, "config");
   (0, import_child_process8.spawnSync)("git", ["config", "--file", configFile, "core.untrackedCache", "true"], {
     timeout: 3e3
   });
@@ -8786,7 +8919,7 @@ function ensureShadowRepo(shadowDir, cwd) {
     timeout: 3e3
   });
   try {
-    import_fs17.default.writeFileSync(import_path19.default.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
+    import_fs18.default.writeFileSync(import_path20.default.join(shadowDir, "project-path.txt"), normalizedCwd, "utf8");
   } catch {
   }
   return true;
@@ -8806,12 +8939,12 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
   let indexFile = null;
   try {
     const rawFilePath = extractFilePath(args);
-    const absFilePath = rawFilePath && import_path19.default.isAbsolute(rawFilePath) ? rawFilePath : null;
+    const absFilePath = rawFilePath && import_path20.default.isAbsolute(rawFilePath) ? rawFilePath : null;
     const cwd = absFilePath ? findProjectRoot(absFilePath) : process.cwd();
     const shadowDir = getShadowRepoDir(cwd);
     if (!ensureShadowRepo(shadowDir, cwd)) return null;
     writeShadowExcludes(shadowDir, ignorePaths);
-    indexFile = import_path19.default.join(shadowDir, `index_${process.pid}_${Date.now()}`);
+    indexFile = import_path20.default.join(shadowDir, `index_${process.pid}_${Date.now()}`);
     const shadowEnv = {
       ...process.env,
       GIT_DIR: shadowDir,
@@ -8883,7 +9016,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
     writeStack(stack);
     const entry = stack[stack.length - 1];
     notifySnapshotTaken(commitHash.slice(0, 7), tool, entry.argsSummary, capturedFiles.length);
-    import_fs17.default.writeFileSync(UNDO_LATEST_PATH, commitHash);
+    import_fs18.default.writeFileSync(UNDO_LATEST_PATH, commitHash);
     if (shouldGc) {
       (0, import_child_process8.spawn)("git", ["gc", "--auto"], { env: shadowEnv, detached: true, stdio: "ignore" }).unref();
     }
@@ -8894,7 +9027,7 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
   } finally {
     if (indexFile) {
       try {
-        import_fs17.default.unlinkSync(indexFile);
+        import_fs18.default.unlinkSync(indexFile);
       } catch {
       }
     }
@@ -8970,9 +9103,9 @@ function applyUndo(hash, cwd) {
       timeout: GIT_TIMEOUT
     }).stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
     for (const file of [...tracked, ...untracked]) {
-      const fullPath = import_path19.default.join(dir, file);
-      if (!snapshotFiles.has(file) && import_fs17.default.existsSync(fullPath)) {
-        import_fs17.default.unlinkSync(fullPath);
+      const fullPath = import_path20.default.join(dir, file);
+      if (!snapshotFiles.has(file) && import_fs18.default.existsSync(fullPath)) {
+        import_fs18.default.unlinkSync(fullPath);
       }
     }
     return true;
@@ -8996,9 +9129,9 @@ function registerCheckCommand(program2) {
         } catch (err2) {
           const tempConfig = getConfig();
           if (process.env.NODE9_DEBUG === "1" || tempConfig.settings.enableHookLogDebug) {
-            const logPath = import_path20.default.join(import_os14.default.homedir(), ".node9", "hook-debug.log");
+            const logPath = import_path21.default.join(import_os15.default.homedir(), ".node9", "hook-debug.log");
             const errMsg = err2 instanceof Error ? err2.message : String(err2);
-            import_fs18.default.appendFileSync(
+            import_fs19.default.appendFileSync(
               logPath,
               `[${(/* @__PURE__ */ new Date()).toISOString()}] JSON_PARSE_ERROR: ${errMsg}
 RAW: ${raw}
@@ -9011,10 +9144,10 @@ RAW: ${raw}
         if (config.settings.autoStartDaemon && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON) {
           try {
             const scriptPath = process.argv[1];
-            if (typeof scriptPath !== "string" || !import_path20.default.isAbsolute(scriptPath))
+            if (typeof scriptPath !== "string" || !import_path21.default.isAbsolute(scriptPath))
               throw new Error("node9: argv[1] is not an absolute path");
-            const resolvedScript = import_fs18.default.realpathSync(scriptPath);
-            const expectedCli = import_fs18.default.realpathSync(import_path20.default.resolve(__dirname, "../../cli.js"));
+            const resolvedScript = import_fs19.default.realpathSync(scriptPath);
+            const expectedCli = import_fs19.default.realpathSync(import_path21.default.resolve(__dirname, "../../cli.js"));
             if (resolvedScript !== expectedCli)
               throw new Error(
                 "node9: daemon spawn aborted \u2014 argv[1] does not resolve to the node9 CLI"
@@ -9040,10 +9173,10 @@ RAW: ${raw}
           }
         }
         if (process.env.NODE9_DEBUG === "1" || config.settings.enableHookLogDebug) {
-          const logPath = import_path20.default.join(import_os14.default.homedir(), ".node9", "hook-debug.log");
-          if (!import_fs18.default.existsSync(import_path20.default.dirname(logPath)))
-            import_fs18.default.mkdirSync(import_path20.default.dirname(logPath), { recursive: true });
-          import_fs18.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
+          const logPath = import_path21.default.join(import_os15.default.homedir(), ".node9", "hook-debug.log");
+          if (!import_fs19.default.existsSync(import_path21.default.dirname(logPath)))
+            import_fs19.default.mkdirSync(import_path21.default.dirname(logPath), { recursive: true });
+          import_fs19.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] STDIN: ${raw}
 `);
         }
         const toolName = sanitize2(payload.tool_name ?? payload.name ?? "");
@@ -9056,8 +9189,8 @@ RAW: ${raw}
           const isHumanDecision = blockedByContext.toLowerCase().includes("user") || blockedByContext.toLowerCase().includes("daemon") || blockedByContext.toLowerCase().includes("decision");
           let ttyFd = null;
           try {
-            ttyFd = import_fs18.default.openSync("/dev/tty", "w");
-            const writeTty = (line) => import_fs18.default.writeSync(ttyFd, line + "\n");
+            ttyFd = import_fs19.default.openSync("/dev/tty", "w");
+            const writeTty = (line) => import_fs19.default.writeSync(ttyFd, line + "\n");
             if (blockedByContext.includes("DLP") || blockedByContext.includes("Secret Detected") || blockedByContext.includes("Credential Review")) {
               writeTty(import_chalk5.default.bgRed.white.bold(`
  \u{1F6A8} NODE9 DLP ALERT \u2014 CREDENTIAL DETECTED `));
@@ -9066,6 +9199,7 @@ RAW: ${raw}
               writeTty(import_chalk5.default.red(`
 \u{1F6D1} Node9 blocked "${toolName}"`));
             }
+            if (result2?.ruleDescription) writeTty(import_chalk5.default.white(`   ${result2.ruleDescription}`));
             writeTty(import_chalk5.default.gray(`   Triggered by: ${blockedByContext}`));
             if (result2?.changeHint) writeTty(import_chalk5.default.cyan(`   To change:  ${result2.changeHint}`));
             if (result2?.recoveryCommand)
@@ -9075,7 +9209,7 @@ RAW: ${raw}
           } finally {
             if (ttyFd !== null)
               try {
-                import_fs18.default.closeSync(ttyFd);
+                import_fs19.default.closeSync(ttyFd);
               } catch {
               }
           }
@@ -9107,7 +9241,7 @@ RAW: ${raw}
         if (shouldSnapshot(toolName, toolInput, config)) {
           await createShadowSnapshot(toolName, toolInput, config.policy.snapshot.ignorePaths);
         }
-        const safeCwdForAuth = typeof payload.cwd === "string" && import_path20.default.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+        const safeCwdForAuth = typeof payload.cwd === "string" && import_path21.default.isAbsolute(payload.cwd) ? payload.cwd : void 0;
         const result = await authorizeHeadless(toolName, toolInput, meta, {
           cwd: safeCwdForAuth
         });
@@ -9119,12 +9253,12 @@ RAW: ${raw}
         }
         if (result.noApprovalMechanism && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON && !process.stdout.isTTY && config.settings.autoStartDaemon) {
           try {
-            const tty = import_fs18.default.openSync("/dev/tty", "w");
-            import_fs18.default.writeSync(
+            const tty = import_fs19.default.openSync("/dev/tty", "w");
+            import_fs19.default.writeSync(
               tty,
               import_chalk5.default.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically...\n")
             );
-            import_fs18.default.closeSync(tty);
+            import_fs19.default.closeSync(tty);
           } catch {
           }
           const daemonReady = await autoStartDaemonAndWait();
@@ -9151,9 +9285,9 @@ RAW: ${raw}
         });
       } catch (err2) {
         if (process.env.NODE9_DEBUG === "1") {
-          const logPath = import_path20.default.join(import_os14.default.homedir(), ".node9", "hook-debug.log");
+          const logPath = import_path21.default.join(import_os15.default.homedir(), ".node9", "hook-debug.log");
           const errMsg = err2 instanceof Error ? err2.message : String(err2);
-          import_fs18.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
+          import_fs19.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] ERROR: ${errMsg}
 `);
         }
         process.exit(0);
@@ -9187,9 +9321,9 @@ RAW: ${raw}
 }
 
 // src/cli/commands/log.ts
-var import_fs19 = __toESM(require("fs"));
-var import_path21 = __toESM(require("path"));
-var import_os15 = __toESM(require("os"));
+var import_fs20 = __toESM(require("fs"));
+var import_path22 = __toESM(require("path"));
+var import_os16 = __toESM(require("os"));
 init_audit();
 init_config();
 init_policy();
@@ -9233,9 +9367,9 @@ function containsShellMetachar(token) {
 }
 
 // src/cli/commands/log.ts
-var TEST_COMMAND_RE = /(?:^|\s)(npm\s+(?:run\s+)?test|npx\s+(?:vitest|jest|mocha)|yarn\s+(?:run\s+)?test|pnpm\s+(?:run\s+)?test|vitest|jest|mocha|pytest|py\.test|cargo\s+test|go\s+test|bundle\s+exec\s+rspec|rspec|phpunit|dotnet\s+test)\b/i;
+var TEST_COMMAND_RE2 = /(?:^|\s)(npm\s+(?:run\s+)?test|npx\s+(?:vitest|jest|mocha)|yarn\s+(?:run\s+)?test|pnpm\s+(?:run\s+)?test|vitest|jest|mocha|pytest|py\.test|cargo\s+test|go\s+test|bundle\s+exec\s+rspec|rspec|phpunit|dotnet\s+test)\b/i;
 function detectTestResult(command, output) {
-  if (!TEST_COMMAND_RE.test(command)) return null;
+  if (!TEST_COMMAND_RE2.test(command)) return null;
   const out = output.toLowerCase();
   if (/\b(tests?\s+passed|all\s+tests?\s+passed|passing|test\s+suites?.*passed|ok\b|\d+\s+passed)/i.test(
     out
@@ -9265,10 +9399,10 @@ function registerLogCommand(program2) {
           decision: "allowed",
           source: "post-hook"
         };
-        const logPath = import_path21.default.join(import_os15.default.homedir(), ".node9", "audit.log");
-        if (!import_fs19.default.existsSync(import_path21.default.dirname(logPath)))
-          import_fs19.default.mkdirSync(import_path21.default.dirname(logPath), { recursive: true });
-        import_fs19.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
+        const logPath = import_path22.default.join(import_os16.default.homedir(), ".node9", "audit.log");
+        if (!import_fs20.default.existsSync(import_path22.default.dirname(logPath)))
+          import_fs20.default.mkdirSync(import_path22.default.dirname(logPath), { recursive: true });
+        import_fs20.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
         if ((tool === "Bash" || tool === "bash") && isDaemonRunning()) {
           const command = typeof rawInput === "object" && rawInput !== null && "command" in rawInput && typeof rawInput.command === "string" ? rawInput.command : null;
           if (command) {
@@ -9284,16 +9418,24 @@ function registerLogCommand(program2) {
           if (bashCommand && output) {
             const testResult = detectTestResult(bashCommand, output);
             if (testResult) {
-              await notifyActivitySocket({
-                id: "test-result",
-                ts: Date.now(),
+              appendToLog(LOCAL_AUDIT_LOG, {
+                ts: (/* @__PURE__ */ new Date()).toISOString(),
                 tool,
-                status: testResult === "pass" ? "test_pass" : "test_fail"
+                testResult,
+                source: "test-result"
               });
+              if (isDaemonRunning()) {
+                await notifyActivitySocket({
+                  id: "test-result",
+                  ts: Date.now(),
+                  tool,
+                  status: testResult === "pass" ? "test_pass" : "test_fail"
+                });
+              }
             }
           }
         }
-        const safeCwd = typeof payload.cwd === "string" && import_path21.default.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+        const safeCwd = typeof payload.cwd === "string" && import_path22.default.isAbsolute(payload.cwd) ? payload.cwd : void 0;
         const config = getConfig(safeCwd);
         if (shouldSnapshot(tool, {}, config)) {
           await createShadowSnapshot("unknown", {}, config.policy.snapshot.ignorePaths);
@@ -9302,9 +9444,9 @@ function registerLogCommand(program2) {
         const msg = err2 instanceof Error ? err2.message : String(err2);
         process.stderr.write(`[Node9] audit log error: ${msg}
 `);
-        const debugPath = import_path21.default.join(import_os15.default.homedir(), ".node9", "hook-debug.log");
+        const debugPath = import_path22.default.join(import_os16.default.homedir(), ".node9", "hook-debug.log");
         try {
-          import_fs19.default.appendFileSync(debugPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] LOG_ERROR: ${msg}
+          import_fs20.default.appendFileSync(debugPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] LOG_ERROR: ${msg}
 `);
         } catch {
         }
@@ -9704,14 +9846,14 @@ function registerConfigShowCommand(program2) {
 
 // src/cli/commands/doctor.ts
 var import_chalk7 = __toESM(require("chalk"));
-var import_fs20 = __toESM(require("fs"));
-var import_path22 = __toESM(require("path"));
-var import_os16 = __toESM(require("os"));
+var import_fs21 = __toESM(require("fs"));
+var import_path23 = __toESM(require("path"));
+var import_os17 = __toESM(require("os"));
 var import_child_process10 = require("child_process");
 init_daemon();
 function registerDoctorCommand(program2, version2) {
   program2.command("doctor").description("Check that Node9 is installed and configured correctly").action(() => {
-    const homeDir2 = import_os16.default.homedir();
+    const homeDir2 = import_os17.default.homedir();
     let failures = 0;
     function pass(msg) {
       console.log(import_chalk7.default.green("  \u2705 ") + msg);
@@ -9760,10 +9902,10 @@ function registerDoctorCommand(program2, version2) {
       );
     }
     section("Configuration");
-    const globalConfigPath = import_path22.default.join(homeDir2, ".node9", "config.json");
-    if (import_fs20.default.existsSync(globalConfigPath)) {
+    const globalConfigPath = import_path23.default.join(homeDir2, ".node9", "config.json");
+    if (import_fs21.default.existsSync(globalConfigPath)) {
       try {
-        JSON.parse(import_fs20.default.readFileSync(globalConfigPath, "utf-8"));
+        JSON.parse(import_fs21.default.readFileSync(globalConfigPath, "utf-8"));
         pass("~/.node9/config.json found and valid");
       } catch {
         fail("~/.node9/config.json is invalid JSON", "Run: node9 init --force");
@@ -9771,10 +9913,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("~/.node9/config.json not found (using defaults)", "Run: node9 init");
     }
-    const projectConfigPath = import_path22.default.join(process.cwd(), "node9.config.json");
-    if (import_fs20.default.existsSync(projectConfigPath)) {
+    const projectConfigPath = import_path23.default.join(process.cwd(), "node9.config.json");
+    if (import_fs21.default.existsSync(projectConfigPath)) {
       try {
-        JSON.parse(import_fs20.default.readFileSync(projectConfigPath, "utf-8"));
+        JSON.parse(import_fs21.default.readFileSync(projectConfigPath, "utf-8"));
         pass("node9.config.json found and valid (project)");
       } catch {
         fail(
@@ -9783,8 +9925,8 @@ function registerDoctorCommand(program2, version2) {
         );
       }
     }
-    const credsPath = import_path22.default.join(homeDir2, ".node9", "credentials.json");
-    if (import_fs20.default.existsSync(credsPath)) {
+    const credsPath = import_path23.default.join(homeDir2, ".node9", "credentials.json");
+    if (import_fs21.default.existsSync(credsPath)) {
       pass("Cloud credentials found (~/.node9/credentials.json)");
     } else {
       warn(
@@ -9793,10 +9935,10 @@ function registerDoctorCommand(program2, version2) {
       );
     }
     section("Agent Hooks");
-    const claudeSettingsPath = import_path22.default.join(homeDir2, ".claude", "settings.json");
-    if (import_fs20.default.existsSync(claudeSettingsPath)) {
+    const claudeSettingsPath = import_path23.default.join(homeDir2, ".claude", "settings.json");
+    if (import_fs21.default.existsSync(claudeSettingsPath)) {
       try {
-        const cs = JSON.parse(import_fs20.default.readFileSync(claudeSettingsPath, "utf-8"));
+        const cs = JSON.parse(import_fs21.default.readFileSync(claudeSettingsPath, "utf-8"));
         const hasHook = cs.hooks?.PreToolUse?.some(
           (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
         );
@@ -9812,10 +9954,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("Claude Code \u2014 not configured", "Run: node9 setup claude");
     }
-    const geminiSettingsPath = import_path22.default.join(homeDir2, ".gemini", "settings.json");
-    if (import_fs20.default.existsSync(geminiSettingsPath)) {
+    const geminiSettingsPath = import_path23.default.join(homeDir2, ".gemini", "settings.json");
+    if (import_fs21.default.existsSync(geminiSettingsPath)) {
       try {
-        const gs = JSON.parse(import_fs20.default.readFileSync(geminiSettingsPath, "utf-8"));
+        const gs = JSON.parse(import_fs21.default.readFileSync(geminiSettingsPath, "utf-8"));
         const hasHook = gs.hooks?.BeforeTool?.some(
           (m) => m.hooks.some((h) => h.command?.includes("node9") || h.command?.includes("cli.js"))
         );
@@ -9831,10 +9973,10 @@ function registerDoctorCommand(program2, version2) {
     } else {
       warn("Gemini CLI  \u2014 not configured", "Run: node9 setup gemini  (skip if not using Gemini)");
     }
-    const cursorHooksPath = import_path22.default.join(homeDir2, ".cursor", "hooks.json");
-    if (import_fs20.default.existsSync(cursorHooksPath)) {
+    const cursorHooksPath = import_path23.default.join(homeDir2, ".cursor", "hooks.json");
+    if (import_fs21.default.existsSync(cursorHooksPath)) {
       try {
-        const cur = JSON.parse(import_fs20.default.readFileSync(cursorHooksPath, "utf-8"));
+        const cur = JSON.parse(import_fs21.default.readFileSync(cursorHooksPath, "utf-8"));
         const hasHook = cur.hooks?.preToolUse?.some(
           (h) => h.command?.includes("node9") || h.command?.includes("cli.js")
         );
@@ -9872,9 +10014,9 @@ function registerDoctorCommand(program2, version2) {
 
 // src/cli/commands/audit.ts
 var import_chalk8 = __toESM(require("chalk"));
-var import_fs21 = __toESM(require("fs"));
-var import_path23 = __toESM(require("path"));
-var import_os17 = __toESM(require("os"));
+var import_fs22 = __toESM(require("fs"));
+var import_path24 = __toESM(require("path"));
+var import_os18 = __toESM(require("os"));
 function formatRelativeTime(timestamp) {
   const diff = Date.now() - new Date(timestamp).getTime();
   const sec = Math.floor(diff / 1e3);
@@ -9887,14 +10029,14 @@ function formatRelativeTime(timestamp) {
 }
 function registerAuditCommand(program2) {
   program2.command("audit").description("View local execution audit log").option("--tail <n>", "Number of entries to show", "20").option("--tool <pattern>", "Filter by tool name (substring match)").option("--deny", "Show only denied actions").option("--json", "Output raw JSON").action((options) => {
-    const logPath = import_path23.default.join(import_os17.default.homedir(), ".node9", "audit.log");
-    if (!import_fs21.default.existsSync(logPath)) {
+    const logPath = import_path24.default.join(import_os18.default.homedir(), ".node9", "audit.log");
+    if (!import_fs22.default.existsSync(logPath)) {
       console.log(
         import_chalk8.default.yellow("No audit logs found. Run node9 with an agent to generate entries.")
       );
       return;
     }
-    const raw = import_fs21.default.readFileSync(logPath, "utf-8");
+    const raw = import_fs22.default.readFileSync(logPath, "utf-8");
     const lines = raw.split("\n").filter((l) => l.trim() !== "");
     let entries = lines.flatMap((line) => {
       try {
@@ -9946,8 +10088,396 @@ function registerAuditCommand(program2) {
   });
 }
 
-// src/cli/commands/daemon-cmd.ts
+// src/cli/commands/report.ts
 var import_chalk9 = __toESM(require("chalk"));
+var import_fs23 = __toESM(require("fs"));
+var import_path25 = __toESM(require("path"));
+var import_os19 = __toESM(require("os"));
+var TEST_COMMAND_RE3 = /(?:^|\s)(npm\s+(?:run\s+)?test|npx\s+(?:vitest|jest|mocha)|yarn\s+(?:run\s+)?test|pnpm\s+(?:run\s+)?test|vitest|jest|mocha|pytest|py\.test|cargo\s+test|go\s+test|bundle\s+exec\s+rspec|rspec|phpunit|dotnet\s+test)\b/i;
+function buildTestTimestamps(allEntries) {
+  const testTs = /* @__PURE__ */ new Set();
+  for (const e of allEntries) {
+    if (e.source !== "post-hook") continue;
+    if (e.tool !== "Bash" && e.tool !== "bash") continue;
+    const cmd = e.args?.command;
+    if (typeof cmd === "string" && TEST_COMMAND_RE3.test(cmd)) {
+      testTs.add(new Date(e.ts).getTime());
+    }
+  }
+  return testTs;
+}
+function isTestEntry(entry, testTs) {
+  if (entry.tool !== "Bash" && entry.tool !== "bash") return false;
+  if (entry.testRun === true) return true;
+  const cmd = entry.args?.command;
+  if (typeof cmd === "string") return TEST_COMMAND_RE3.test(cmd);
+  const t = new Date(entry.ts).getTime();
+  for (const ts of testTs) {
+    if (Math.abs(ts - t) <= 3e3) return true;
+  }
+  return false;
+}
+function getDateRange(period) {
+  const now = /* @__PURE__ */ new Date();
+  const todayStart = new Date(now.getFullYear(), now.getMonth(), now.getDate());
+  const end = new Date(now.getFullYear(), now.getMonth(), now.getDate(), 23, 59, 59, 999);
+  switch (period) {
+    case "today":
+      return { start: todayStart, end };
+    case "7d": {
+      const s = new Date(todayStart);
+      s.setDate(s.getDate() - 6);
+      return { start: s, end };
+    }
+    case "30d": {
+      const s = new Date(todayStart);
+      s.setDate(s.getDate() - 29);
+      return { start: s, end };
+    }
+    case "month":
+      return { start: new Date(now.getFullYear(), now.getMonth(), 1), end };
+  }
+}
+function parseAuditLog(logPath) {
+  if (!import_fs23.default.existsSync(logPath)) return [];
+  const raw = import_fs23.default.readFileSync(logPath, "utf-8");
+  return raw.split("\n").flatMap((line) => {
+    if (!line.trim()) return [];
+    try {
+      return [JSON.parse(line)];
+    } catch {
+      return [];
+    }
+  });
+}
+function isAllow(decision) {
+  return decision.startsWith("allow");
+}
+function isDlp(checkedBy) {
+  return !!checkedBy?.includes("dlp");
+}
+function barStr(value, max, width) {
+  if (max === 0 || width <= 0) return "\u2591".repeat(width);
+  const filled = Math.max(1, Math.round(value / max * width));
+  return "\u2588".repeat(filled) + "\u2591".repeat(width - filled);
+}
+function colorBar(value, max, width) {
+  const s = barStr(value, max, width);
+  const filled = Math.max(1, Math.round(max > 0 ? value / max * width : 0));
+  return import_chalk9.default.cyan(s.slice(0, filled)) + import_chalk9.default.dim(s.slice(filled));
+}
+function pct(num2, total) {
+  if (total === 0) return "\u2013";
+  return Math.round(num2 / total * 100) + "%";
+}
+function fmtDate(d) {
+  const date = typeof d === "string" ? /* @__PURE__ */ new Date(d + "T12:00:00") : d;
+  return date.toLocaleDateString("en-US", { month: "short", day: "numeric" });
+}
+function num(n) {
+  return n.toLocaleString();
+}
+function fmtCost(usd) {
+  if (usd < 1e-3) return "< $0.001";
+  if (usd < 1) return "$" + usd.toFixed(4);
+  return "$" + usd.toFixed(2);
+}
+var CLAUDE_PRICING = {
+  "claude-opus-4-6": { i: 5e-6, o: 25e-6, cw: 625e-8, cr: 5e-7 },
+  "claude-opus-4-5": { i: 5e-6, o: 25e-6, cw: 625e-8, cr: 5e-7 },
+  "claude-opus-4": { i: 15e-6, o: 75e-6, cw: 1875e-8, cr: 15e-7 },
+  "claude-sonnet-4-6": { i: 3e-6, o: 15e-6, cw: 375e-8, cr: 3e-7 },
+  "claude-sonnet-4-5": { i: 3e-6, o: 15e-6, cw: 375e-8, cr: 3e-7 },
+  "claude-sonnet-4": { i: 3e-6, o: 15e-6, cw: 375e-8, cr: 3e-7 },
+  "claude-3-7-sonnet": { i: 3e-6, o: 15e-6, cw: 375e-8, cr: 3e-7 },
+  "claude-3-5-sonnet": { i: 3e-6, o: 15e-6, cw: 375e-8, cr: 3e-7 },
+  "claude-haiku-4-5": { i: 1e-6, o: 5e-6, cw: 125e-8, cr: 1e-7 },
+  "claude-3-5-haiku": { i: 8e-7, o: 4e-6, cw: 1e-6, cr: 8e-8 }
+};
+function claudeModelPrice(model) {
+  const base = model.replace(/@.*$/, "").replace(/-\d{8}$/, "");
+  for (const [key, p] of Object.entries(CLAUDE_PRICING)) {
+    if (base === key || base.startsWith(key + "-") || base.startsWith(key)) return p;
+  }
+  return null;
+}
+function loadClaudeCost(start, end) {
+  const projectsDir = import_path25.default.join(import_os19.default.homedir(), ".claude", "projects");
+  if (!import_fs23.default.existsSync(projectsDir)) return { total: 0, byDay: /* @__PURE__ */ new Map() };
+  let dirs;
+  try {
+    dirs = import_fs23.default.readdirSync(projectsDir);
+  } catch {
+    return { total: 0, byDay: /* @__PURE__ */ new Map() };
+  }
+  let total = 0;
+  const byDay = /* @__PURE__ */ new Map();
+  for (const proj of dirs) {
+    const projPath = import_path25.default.join(projectsDir, proj);
+    let files;
+    try {
+      const stat = import_fs23.default.statSync(projPath);
+      if (!stat.isDirectory()) continue;
+      files = import_fs23.default.readdirSync(projPath).filter((f) => f.endsWith(".jsonl") && !f.startsWith("agent-"));
+    } catch {
+      continue;
+    }
+    for (const file of files) {
+      try {
+        const raw = import_fs23.default.readFileSync(import_path25.default.join(projPath, file), "utf-8");
+        for (const line of raw.split("\n")) {
+          if (!line.trim()) continue;
+          let entry;
+          try {
+            entry = JSON.parse(line);
+          } catch {
+            continue;
+          }
+          if (entry.type !== "assistant") continue;
+          if (!entry.timestamp) continue;
+          const ts = new Date(entry.timestamp);
+          if (ts < start || ts > end) continue;
+          const usage = entry.message?.usage;
+          const model = entry.message?.model;
+          if (!usage || !model) continue;
+          const p = claudeModelPrice(model);
+          if (!p) continue;
+          const cost = (usage.input_tokens ?? 0) * p.i + (usage.output_tokens ?? 0) * p.o + (usage.cache_creation_input_tokens ?? 0) * p.cw + (usage.cache_read_input_tokens ?? 0) * p.cr;
+          total += cost;
+          const dateKey = entry.timestamp.slice(0, 10);
+          byDay.set(dateKey, (byDay.get(dateKey) ?? 0) + cost);
+        }
+      } catch {
+        continue;
+      }
+    }
+  }
+  return { total, byDay };
+}
+function registerReportCommand(program2) {
+  program2.command("report").description("Activity and security report \u2014 what Claude did, what was blocked").option("--period <period>", "today | 7d | 30d | month", "7d").option("--no-tests", "exclude test runner calls (npm test, vitest, pytest\u2026) from stats").action((options) => {
+    const period = ["today", "7d", "30d", "month"].includes(
+      options.period
+    ) ? options.period : "7d";
+    const logPath = import_path25.default.join(import_os19.default.homedir(), ".node9", "audit.log");
+    const allEntries = parseAuditLog(logPath);
+    if (allEntries.length === 0) {
+      console.log(
+        import_chalk9.default.yellow("\n  No audit data found. Run node9 with Claude Code to generate entries.\n")
+      );
+      return;
+    }
+    const { start, end } = getDateRange(period);
+    const { total: costUSD, byDay: costByDay } = loadClaudeCost(start, end);
+    const periodMs = end.getTime() - start.getTime();
+    const priorEnd = new Date(start.getTime() - 1);
+    const priorStart = new Date(start.getTime() - periodMs);
+    const priorEntries = allEntries.filter((e) => {
+      if (e.source === "post-hook") return false;
+      const ts = new Date(e.ts);
+      return ts >= priorStart && ts <= priorEnd;
+    });
+    const priorBlocked = priorEntries.filter((e) => !isAllow(e.decision)).length;
+    const priorBlockRate = priorEntries.length > 0 ? priorBlocked / priorEntries.length : null;
+    const excludeTests = options.tests === false;
+    const testTs = excludeTests ? buildTestTimestamps(allEntries) : /* @__PURE__ */ new Set();
+    let filteredTestCount = 0;
+    const entries = allEntries.filter((e) => {
+      if (e.source === "post-hook") return false;
+      const ts = new Date(e.ts);
+      if (ts < start || ts > end) return false;
+      if (excludeTests && isTestEntry(e, testTs)) {
+        filteredTestCount++;
+        return false;
+      }
+      return true;
+    });
+    if (entries.length === 0) {
+      console.log(import_chalk9.default.yellow(`
+  No activity for period "${period}".
+`));
+      return;
+    }
+    let allowed = 0;
+    let blocked = 0;
+    let dlpHits = 0;
+    let loopHits = 0;
+    let testPasses = 0;
+    let testFails = 0;
+    const toolMap = /* @__PURE__ */ new Map();
+    const blockMap = /* @__PURE__ */ new Map();
+    const agentMap = /* @__PURE__ */ new Map();
+    const mcpMap = /* @__PURE__ */ new Map();
+    const dailyMap = /* @__PURE__ */ new Map();
+    const hourMap = /* @__PURE__ */ new Map();
+    for (const e of entries) {
+      const allow = isAllow(e.decision);
+      const dateKey = e.ts.slice(0, 10);
+      if (allow) allowed++;
+      else blocked++;
+      if (isDlp(e.checkedBy)) dlpHits++;
+      if (e.checkedBy === "loop-detected") loopHits++;
+      const t = toolMap.get(e.tool) ?? { calls: 0, blocked: 0 };
+      t.calls++;
+      if (!allow) t.blocked++;
+      toolMap.set(e.tool, t);
+      if (!allow && e.checkedBy) {
+        blockMap.set(e.checkedBy, (blockMap.get(e.checkedBy) ?? 0) + 1);
+      }
+      if (e.agent) agentMap.set(e.agent, (agentMap.get(e.agent) ?? 0) + 1);
+      if (e.mcpServer) mcpMap.set(e.mcpServer, (mcpMap.get(e.mcpServer) ?? 0) + 1);
+      const hour = new Date(e.ts).getHours();
+      hourMap.set(hour, (hourMap.get(hour) ?? 0) + 1);
+      const d = dailyMap.get(dateKey) ?? { calls: 0, blocked: 0 };
+      d.calls++;
+      if (!allow) d.blocked++;
+      dailyMap.set(dateKey, d);
+    }
+    for (const e of allEntries) {
+      if (e.source !== "test-result") continue;
+      const ts = new Date(e.ts);
+      if (ts < start || ts > end) continue;
+      if (e.testResult === "pass") testPasses++;
+      else if (e.testResult === "fail") testFails++;
+    }
+    const total = entries.length;
+    const topTools = [...toolMap.entries()].sort((a, b) => b[1].calls - a[1].calls).slice(0, 8);
+    const topBlocks = [...blockMap.entries()].sort((a, b) => b[1] - a[1]).slice(0, 6);
+    const dailyList = [...dailyMap.entries()].sort((a, b) => a[0].localeCompare(b[0])).slice(-14);
+    const maxTool = Math.max(...topTools.map(([, v]) => v.calls), 1);
+    const maxBlock = Math.max(...topBlocks.map(([, v]) => v), 1);
+    const maxDaily = Math.max(...dailyList.map(([, v]) => v.calls), 1);
+    const W = Math.min(process.stdout.columns || 80, 100);
+    const INNER = W - 4;
+    const COL = Math.floor(INNER / 2) - 1;
+    const LABEL = 24;
+    const BAR = Math.max(6, Math.min(14, COL - LABEL - 8));
+    const TOOL_COUNT_W = Math.max(...topTools.map(([, v]) => num(v.calls).length), 1);
+    const BLOCK_COUNT_W = Math.max(...topBlocks.map(([, v]) => num(v).length), 1);
+    const line = import_chalk9.default.dim("\u2500".repeat(W - 2));
+    const periodLabel = {
+      today: "Today",
+      "7d": "Last 7 Days",
+      "30d": "Last 30 Days",
+      month: "This Month"
+    };
+    console.log("");
+    console.log(
+      "  " + import_chalk9.default.bold.cyan("\u{1F6E1} node9 Report") + import_chalk9.default.dim("  \xB7  ") + import_chalk9.default.white(periodLabel[period]) + import_chalk9.default.dim(`  ${fmtDate(start)} \u2013 ${fmtDate(end)}`) + import_chalk9.default.dim(`  ${num(total)} events`) + (excludeTests ? import_chalk9.default.dim(`  \u2013tests (\u2013${filteredTestCount})`) : "")
+    );
+    console.log("  " + line);
+    console.log("");
+    const blockLabel = blocked > 0 ? import_chalk9.default.red(`\u{1F6D1} ${num(blocked)} blocked`) : import_chalk9.default.dim("\u{1F6D1} 0 blocked");
+    const dlpLabel = dlpHits > 0 ? import_chalk9.default.yellow(`\u{1F6A8} ${dlpHits} DLP hits`) : import_chalk9.default.dim("\u{1F6A8} 0 DLP hits");
+    const loopLabel = loopHits > 0 ? import_chalk9.default.yellow(`\u{1F504} ${loopHits} loops`) : import_chalk9.default.dim("\u{1F504} 0 loops");
+    const costLabel = costUSD > 0 ? import_chalk9.default.magenta(`\u{1F4B0} ${fmtCost(costUSD)}`) : import_chalk9.default.dim("\u{1F4B0} \u2013");
+    const currentRate = total > 0 ? blocked / total : 0;
+    const trendLabel = (() => {
+      if (priorBlockRate === null) return import_chalk9.default.dim(`${pct(blocked, total)} block rate`);
+      const delta = Math.round((currentRate - priorBlockRate) * 100);
+      const arrow = delta > 0 ? import_chalk9.default.red(`\u25B2${delta}%`) : delta < 0 ? import_chalk9.default.green(`\u25BC${Math.abs(delta)}%`) : import_chalk9.default.dim("\u2013");
+      return import_chalk9.default.dim(`${pct(blocked, total)} block rate `) + arrow + import_chalk9.default.dim(" vs prior");
+    })();
+    const reads = toolMap.get("Read")?.calls ?? 0;
+    const edits = (toolMap.get("Edit")?.calls ?? 0) + (toolMap.get("Write")?.calls ?? 0);
+    const ratioLabel = reads > 0 ? import_chalk9.default.dim(`edit/read ${(edits / reads).toFixed(1)}`) : import_chalk9.default.dim("edit/read \u2013");
+    const testLabel = testPasses + testFails > 0 ? import_chalk9.default.dim("tests ") + import_chalk9.default.green(`${testPasses}\u2713`) + (testFails > 0 ? " " + import_chalk9.default.red(`${testFails}\u2717`) : "") : import_chalk9.default.dim("tests \u2013");
+    console.log(
+      "  " + import_chalk9.default.green(`\u2705 ${num(allowed)} allowed`) + "   " + blockLabel + "   " + dlpLabel + "   " + loopLabel + "   " + trendLabel + "   " + costLabel
+    );
+    console.log("  " + ratioLabel + "   " + testLabel);
+    console.log("");
+    const toolHeaderRaw = "Top Tools";
+    const blockHeaderRaw = "Top Blocks";
+    console.log(
+      "  " + import_chalk9.default.bold(toolHeaderRaw) + " ".repeat(COL - toolHeaderRaw.length) + "  " + import_chalk9.default.bold(blockHeaderRaw)
+    );
+    console.log("  " + import_chalk9.default.dim("\u2500".repeat(COL)) + "  " + import_chalk9.default.dim("\u2500".repeat(COL)));
+    const rows = Math.max(topTools.length, topBlocks.length, 1);
+    for (let i = 0; i < rows; i++) {
+      let leftStyled = " ".repeat(COL);
+      if (i < topTools.length) {
+        const [tool, { calls }] = topTools[i];
+        const label = tool.length > LABEL - 1 ? tool.slice(0, LABEL - 2) + "\u2026" : tool;
+        const countStr = num(calls).padStart(TOOL_COUNT_W);
+        const b = colorBar(calls, maxTool, BAR);
+        const rawLen = LABEL + BAR + 1 + TOOL_COUNT_W;
+        const pad = Math.max(0, COL - rawLen);
+        leftStyled = import_chalk9.default.white(label.padEnd(LABEL)) + b + " " + import_chalk9.default.white(countStr) + " ".repeat(pad);
+      }
+      let rightStyled = "";
+      if (i < topBlocks.length) {
+        const [reason, count] = topBlocks[i];
+        const label = reason.length > LABEL - 1 ? reason.slice(0, LABEL - 2) + "\u2026" : reason;
+        const countStr = num(count).padStart(BLOCK_COUNT_W);
+        const b = colorBar(count, maxBlock, BAR);
+        rightStyled = import_chalk9.default.white(label.padEnd(LABEL)) + b + " " + import_chalk9.default.red(countStr);
+      }
+      console.log("  " + leftStyled + "  " + rightStyled);
+    }
+    if (topBlocks.length === 0) {
+      console.log("  " + " ".repeat(COL) + "  " + import_chalk9.default.dim("nothing blocked \u2713"));
+    }
+    if (agentMap.size > 1) {
+      console.log("");
+      console.log("  " + import_chalk9.default.bold("Agents"));
+      console.log("  " + import_chalk9.default.dim("\u2500".repeat(Math.min(50, W - 4))));
+      const maxAgent = Math.max(...agentMap.values(), 1);
+      for (const [agent, count] of [...agentMap.entries()].sort((a, b) => b[1] - a[1])) {
+        const label = agent.slice(0, LABEL - 1);
+        const b = colorBar(count, maxAgent, BAR);
+        console.log("  " + import_chalk9.default.white(label.padEnd(LABEL)) + b + " " + import_chalk9.default.white(num(count)));
+      }
+    }
+    if (mcpMap.size > 0) {
+      console.log("");
+      console.log("  " + import_chalk9.default.bold("MCP Servers"));
+      console.log("  " + import_chalk9.default.dim("\u2500".repeat(Math.min(50, W - 4))));
+      const maxMcp = Math.max(...mcpMap.values(), 1);
+      for (const [server, count] of [...mcpMap.entries()].sort((a, b) => b[1] - a[1])) {
+        const label = server.slice(0, LABEL - 1).padEnd(LABEL);
+        const b = colorBar(count, maxMcp, BAR);
+        console.log("  " + import_chalk9.default.white(label) + b + " " + import_chalk9.default.white(num(count)));
+      }
+    }
+    if (hourMap.size > 0) {
+      const BLOCKS = " \u2581\u2582\u2583\u2584\u2585\u2586\u2587\u2588";
+      const maxHour = Math.max(...hourMap.values(), 1);
+      const bar = Array.from({ length: 24 }, (_, h) => {
+        const v = hourMap.get(h) ?? 0;
+        return BLOCKS[Math.round(v / maxHour * 8)];
+      }).join("");
+      console.log("");
+      console.log("  " + import_chalk9.default.bold("Hour of Day") + import_chalk9.default.dim("  (local, 0h \u2013 23h)"));
+      console.log("  " + import_chalk9.default.cyan(bar));
+      console.log("  " + import_chalk9.default.dim("0h" + " ".repeat(10) + "12h" + " ".repeat(7) + "23h"));
+    }
+    if (dailyList.length > 1) {
+      console.log("");
+      console.log("  " + import_chalk9.default.bold("Daily Activity"));
+      console.log("  " + import_chalk9.default.dim("\u2500".repeat(W - 2)));
+      const DAY_BAR = Math.max(8, Math.min(30, W - 36));
+      for (const [dateKey, { calls, blocked: db }] of dailyList) {
+        const label = fmtDate(dateKey).padEnd(10);
+        const b = colorBar(calls, maxDaily, DAY_BAR);
+        const dayCost = costByDay.get(dateKey);
+        const costNote = dayCost ? import_chalk9.default.magenta(`  ${fmtCost(dayCost)}`) : "";
+        const blockNote = db > 0 ? import_chalk9.default.red(`  ${db} blocked`) : "";
+        console.log(
+          "  " + import_chalk9.default.dim(label) + "  " + b + "  " + import_chalk9.default.white(num(calls)) + blockNote + costNote
+        );
+      }
+    }
+    console.log("");
+    console.log(
+      "  " + import_chalk9.default.dim("node9 audit --deny") + import_chalk9.default.dim("  \xB7  ") + import_chalk9.default.dim("node9 report --period today|7d|30d|month  --no-tests")
+    );
+    console.log("");
+  });
+}
+
+// src/cli/commands/daemon-cmd.ts
+var import_chalk10 = __toESM(require("chalk"));
 var import_child_process11 = require("child_process");
 init_daemon2();
 init_daemon();
@@ -9962,7 +10492,7 @@ function registerDaemonCommand(program2) {
       if (cmd === "status") return daemonStatus();
       if (cmd !== "start" && action !== void 0) {
         console.error(
-          import_chalk9.default.red(`Unknown daemon action: "${action}". Use: start | stop | status`)
+          import_chalk10.default.red(`Unknown daemon action: "${action}". Use: start | stop | status`)
         );
         process.exit(1);
       }
@@ -9970,7 +10500,7 @@ function registerDaemonCommand(program2) {
         process.env.NODE9_WATCH_MODE = "1";
         setTimeout(() => {
           openBrowserLocal();
-          console.log(import_chalk9.default.cyan(`\u{1F6F0}\uFE0F  Flight Recorder: http://${DAEMON_HOST}:${DAEMON_PORT}/`));
+          console.log(import_chalk10.default.cyan(`\u{1F6F0}\uFE0F  Flight Recorder: http://${DAEMON_HOST}:${DAEMON_PORT}/`));
         }, 600);
         startDaemon();
         return;
@@ -9978,7 +10508,7 @@ function registerDaemonCommand(program2) {
       if (options.openui) {
         if (isDaemonRunning()) {
           openBrowserLocal();
-          console.log(import_chalk9.default.green(`\u{1F310}  Opened browser: http://${DAEMON_HOST}:${DAEMON_PORT}/`));
+          console.log(import_chalk10.default.green(`\u{1F310}  Opened browser: http://${DAEMON_HOST}:${DAEMON_PORT}/`));
           process.exit(0);
         }
         const child = (0, import_child_process11.spawn)(process.execPath, [process.argv[1], "daemon"], {
@@ -9991,7 +10521,7 @@ function registerDaemonCommand(program2) {
           if (isDaemonRunning()) break;
         }
         openBrowserLocal();
-        console.log(import_chalk9.default.green(`
+        console.log(import_chalk10.default.green(`
 \u{1F6E1}\uFE0F  Node9 daemon started + browser opened`));
         process.exit(0);
       }
@@ -10001,7 +10531,7 @@ function registerDaemonCommand(program2) {
           stdio: "ignore"
         });
         child.unref();
-        console.log(import_chalk9.default.green(`
+        console.log(import_chalk10.default.green(`
 \u{1F6E1}\uFE0F  Node9 daemon started in background  (PID ${child.pid})`));
         process.exit(0);
       }
@@ -10011,15 +10541,15 @@ function registerDaemonCommand(program2) {
 }
 
 // src/cli/commands/status.ts
-var import_chalk10 = __toESM(require("chalk"));
-var import_fs22 = __toESM(require("fs"));
-var import_path24 = __toESM(require("path"));
-var import_os18 = __toESM(require("os"));
+var import_chalk11 = __toESM(require("chalk"));
+var import_fs24 = __toESM(require("fs"));
+var import_path26 = __toESM(require("path"));
+var import_os20 = __toESM(require("os"));
 init_core();
 init_daemon();
 function readJson2(filePath) {
   try {
-    if (import_fs22.default.existsSync(filePath)) return JSON.parse(import_fs22.default.readFileSync(filePath, "utf-8"));
+    if (import_fs24.default.existsSync(filePath)) return JSON.parse(import_fs24.default.readFileSync(filePath, "utf-8"));
   } catch {
   }
   return null;
@@ -10033,21 +10563,21 @@ function wrappedMcpServers(servers) {
   return Object.entries(servers).filter(([, s]) => s.command === "node9" && Array.isArray(s.args) && s.args.length > 0).map(([name, s]) => `${name} \u2192 ${s.args.join(" ")}`);
 }
 function printAgentSection(label, hookPairs, wrapped) {
-  console.log(import_chalk10.default.bold(`  ${label}`));
+  console.log(import_chalk11.default.bold(`  ${label}`));
   for (const { name, present } of hookPairs) {
     if (present) {
-      console.log(import_chalk10.default.green(`    \u2713 ${name}`));
+      console.log(import_chalk11.default.green(`    \u2713 ${name}`));
     } else {
-      console.log(import_chalk10.default.red(`    \u2717 ${name}`) + import_chalk10.default.gray(" (not wired)"));
+      console.log(import_chalk11.default.red(`    \u2717 ${name}`) + import_chalk11.default.gray(" (not wired)"));
     }
   }
   if (wrapped.length > 0) {
-    console.log(import_chalk10.default.cyan(`    MCP proxied:`));
+    console.log(import_chalk11.default.cyan(`    MCP proxied:`));
     for (const entry of wrapped) {
-      console.log(import_chalk10.default.gray(`      \u2022 ${entry}`));
+      console.log(import_chalk11.default.gray(`      \u2022 ${entry}`));
     }
   } else {
-    console.log(import_chalk10.default.gray(`    MCP proxied: none`));
+    console.log(import_chalk11.default.gray(`    MCP proxied: none`));
   }
 }
 function registerStatusCommand(program2) {
@@ -10058,58 +10588,58 @@ function registerStatusCommand(program2) {
     const settings = mergedConfig.settings;
     console.log("");
     if (creds && settings.approvers.cloud) {
-      console.log(import_chalk10.default.green("  \u25CF Agent mode") + import_chalk10.default.gray(" \u2014 cloud team policy enforced"));
+      console.log(import_chalk11.default.green("  \u25CF Agent mode") + import_chalk11.default.gray(" \u2014 cloud team policy enforced"));
     } else if (creds && !settings.approvers.cloud) {
       console.log(
-        import_chalk10.default.blue("  \u25CF Privacy mode \u{1F6E1}\uFE0F") + import_chalk10.default.gray(" \u2014 all decisions stay on this machine")
+        import_chalk11.default.blue("  \u25CF Privacy mode \u{1F6E1}\uFE0F") + import_chalk11.default.gray(" \u2014 all decisions stay on this machine")
       );
     } else {
       console.log(
-        import_chalk10.default.yellow("  \u25CB Privacy mode \u{1F6E1}\uFE0F") + import_chalk10.default.gray(" \u2014 no API key (Local rules only)")
+        import_chalk11.default.yellow("  \u25CB Privacy mode \u{1F6E1}\uFE0F") + import_chalk11.default.gray(" \u2014 no API key (Local rules only)")
       );
     }
     console.log("");
     if (daemonRunning) {
       console.log(
-        import_chalk10.default.green("  \u25CF Daemon running") + import_chalk10.default.gray(` \u2192 http://127.0.0.1:${DAEMON_PORT}/`)
+        import_chalk11.default.green("  \u25CF Daemon running") + import_chalk11.default.gray(` \u2192 http://127.0.0.1:${DAEMON_PORT}/`)
       );
     } else {
-      console.log(import_chalk10.default.gray("  \u25CB Daemon stopped"));
+      console.log(import_chalk11.default.gray("  \u25CB Daemon stopped"));
     }
     if (settings.enableUndo) {
       console.log(
-        import_chalk10.default.magenta("  \u25CF Undo Engine") + import_chalk10.default.gray(`    \u2192 Auto-snapshotting Git repos on AI change`)
+        import_chalk11.default.magenta("  \u25CF Undo Engine") + import_chalk11.default.gray(`    \u2192 Auto-snapshotting Git repos on AI change`)
       );
     }
     console.log("");
-    const modeLabel = settings.mode === "audit" ? import_chalk10.default.blue("audit") : settings.mode === "strict" ? import_chalk10.default.red("strict") : import_chalk10.default.white("standard");
+    const modeLabel = settings.mode === "audit" ? import_chalk11.default.blue("audit") : settings.mode === "strict" ? import_chalk11.default.red("strict") : import_chalk11.default.white("standard");
     console.log(`  Mode:    ${modeLabel}`);
-    const projectConfig = import_path24.default.join(process.cwd(), "node9.config.json");
-    const globalConfig = import_path24.default.join(import_os18.default.homedir(), ".node9", "config.json");
+    const projectConfig = import_path26.default.join(process.cwd(), "node9.config.json");
+    const globalConfig = import_path26.default.join(import_os20.default.homedir(), ".node9", "config.json");
     console.log(
-      `  Local:   ${import_fs22.default.existsSync(projectConfig) ? import_chalk10.default.green("Active (node9.config.json)") : import_chalk10.default.gray("Not present")}`
+      `  Local:   ${import_fs24.default.existsSync(projectConfig) ? import_chalk11.default.green("Active (node9.config.json)") : import_chalk11.default.gray("Not present")}`
     );
     console.log(
-      `  Global:  ${import_fs22.default.existsSync(globalConfig) ? import_chalk10.default.green("Active (~/.node9/config.json)") : import_chalk10.default.gray("Not present")}`
+      `  Global:  ${import_fs24.default.existsSync(globalConfig) ? import_chalk11.default.green("Active (~/.node9/config.json)") : import_chalk11.default.gray("Not present")}`
     );
     if (mergedConfig.policy.sandboxPaths.length > 0) {
       console.log(
-        `  Sandbox: ${import_chalk10.default.green(`${mergedConfig.policy.sandboxPaths.length} safe zones active`)}`
+        `  Sandbox: ${import_chalk11.default.green(`${mergedConfig.policy.sandboxPaths.length} safe zones active`)}`
       );
     }
-    const homeDir2 = import_os18.default.homedir();
+    const homeDir2 = import_os20.default.homedir();
     const claudeSettings = readJson2(
-      import_path24.default.join(homeDir2, ".claude", "settings.json")
+      import_path26.default.join(homeDir2, ".claude", "settings.json")
     );
-    const claudeConfig = readJson2(import_path24.default.join(homeDir2, ".claude.json"));
+    const claudeConfig = readJson2(import_path26.default.join(homeDir2, ".claude.json"));
     const geminiSettings = readJson2(
-      import_path24.default.join(homeDir2, ".gemini", "settings.json")
+      import_path26.default.join(homeDir2, ".gemini", "settings.json")
     );
-    const cursorConfig = readJson2(import_path24.default.join(homeDir2, ".cursor", "mcp.json"));
+    const cursorConfig = readJson2(import_path26.default.join(homeDir2, ".cursor", "mcp.json"));
     const agentFound = claudeSettings || claudeConfig || geminiSettings || cursorConfig;
     if (agentFound) {
       console.log("");
-      console.log(import_chalk10.default.bold("  Agent Wiring:"));
+      console.log(import_chalk11.default.bold("  Agent Wiring:"));
       console.log("");
       if (claudeSettings || claudeConfig) {
         const preHook = claudeSettings?.hooks?.PreToolUse?.some(
@@ -10155,7 +10685,7 @@ function registerStatusCommand(program2) {
       const expiresAt = pauseState.expiresAt ? new Date(pauseState.expiresAt).toLocaleTimeString() : "indefinitely";
       console.log("");
       console.log(
-        import_chalk10.default.yellow(`  \u23F8  PAUSED until ${expiresAt}`) + import_chalk10.default.gray(" \u2014 all tool calls allowed")
+        import_chalk11.default.yellow(`  \u23F8  PAUSED until ${expiresAt}`) + import_chalk11.default.gray(" \u2014 all tool calls allowed")
       );
     }
     console.log("");
@@ -10163,10 +10693,10 @@ function registerStatusCommand(program2) {
 }
 
 // src/cli/commands/init.ts
-var import_chalk11 = __toESM(require("chalk"));
-var import_fs23 = __toESM(require("fs"));
-var import_path25 = __toESM(require("path"));
-var import_os19 = __toESM(require("os"));
+var import_chalk12 = __toESM(require("chalk"));
+var import_fs25 = __toESM(require("fs"));
+var import_path27 = __toESM(require("path"));
+var import_os21 = __toESM(require("os"));
 var import_https2 = __toESM(require("https"));
 init_core();
 init_shields();
@@ -10202,7 +10732,7 @@ function fireTelemetryPing(agents) {
 }
 function registerInitCommand(program2) {
   program2.command("init").description("Set up Node9: create config and wire all detected AI agents").option("--force", "Overwrite existing config").option("-m, --mode <mode>", "Set initial security mode (standard, strict, audit)", "standard").option("--skip-setup", "Only create config \u2014 do not wire AI agents").action(async (options) => {
-    console.log(import_chalk11.default.cyan.bold("\n\u{1F6E1}\uFE0F  Node9 Init\n"));
+    console.log(import_chalk12.default.cyan.bold("\n\u{1F6E1}\uFE0F  Node9 Init\n"));
     let chosenMode = options.mode.toLowerCase();
     if (!["standard", "strict", "audit"].includes(chosenMode)) {
       chosenMode = DEFAULT_CONFIG.settings.mode;
@@ -10221,37 +10751,37 @@ function registerInitCommand(program2) {
           const hasNewShields = DEFAULT_SHIELDS.some((s) => !current.includes(s));
           if (hasNewShields) writeActiveShields(merged);
         } catch (err2) {
-          console.log(import_chalk11.default.yellow(`  \u26A0\uFE0F  Could not update shields: ${String(err2)}`));
+          console.log(import_chalk12.default.yellow(`  \u26A0\uFE0F  Could not update shields: ${String(err2)}`));
         }
       }
       console.log("");
     }
-    const configPath = import_path25.default.join(import_os19.default.homedir(), ".node9", "config.json");
-    if (import_fs23.default.existsSync(configPath) && !options.force) {
+    const configPath = import_path27.default.join(import_os21.default.homedir(), ".node9", "config.json");
+    if (import_fs25.default.existsSync(configPath) && !options.force) {
       try {
-        const existing = JSON.parse(import_fs23.default.readFileSync(configPath, "utf-8"));
+        const existing = JSON.parse(import_fs25.default.readFileSync(configPath, "utf-8"));
         const settings = existing.settings ?? {};
         if (settings.mode !== chosenMode) {
           settings.mode = chosenMode;
           existing.settings = settings;
-          import_fs23.default.writeFileSync(configPath, JSON.stringify(existing, null, 2) + "\n");
-          console.log(import_chalk11.default.green(`\u2705 Mode updated: ${chosenMode}`));
+          import_fs25.default.writeFileSync(configPath, JSON.stringify(existing, null, 2) + "\n");
+          console.log(import_chalk12.default.green(`\u2705 Mode updated: ${chosenMode}`));
         } else {
-          console.log(import_chalk11.default.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
+          console.log(import_chalk12.default.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
         }
       } catch {
-        console.log(import_chalk11.default.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
+        console.log(import_chalk12.default.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
       }
     } else {
       const configToSave = {
         ...DEFAULT_CONFIG,
         settings: { ...DEFAULT_CONFIG.settings, mode: chosenMode }
       };
-      const dir = import_path25.default.dirname(configPath);
-      if (!import_fs23.default.existsSync(dir)) import_fs23.default.mkdirSync(dir, { recursive: true });
-      import_fs23.default.writeFileSync(configPath, JSON.stringify(configToSave, null, 2) + "\n");
-      console.log(import_chalk11.default.green(`\u2705 Config created: ${configPath}`));
-      console.log(import_chalk11.default.gray(`   Mode: ${chosenMode}`));
+      const dir = import_path27.default.dirname(configPath);
+      if (!import_fs25.default.existsSync(dir)) import_fs25.default.mkdirSync(dir, { recursive: true });
+      import_fs25.default.writeFileSync(configPath, JSON.stringify(configToSave, null, 2) + "\n");
+      console.log(import_chalk12.default.green(`\u2705 Config created: ${configPath}`));
+      console.log(import_chalk12.default.gray(`   Mode: ${chosenMode}`));
     }
     if (options.skipSetup) return;
     console.log("");
@@ -10261,18 +10791,18 @@ function registerInitCommand(program2) {
     );
     if (found.length === 0) {
       console.log(
-        import_chalk11.default.gray("No AI agents detected. Install Claude Code, Gemini CLI, Cursor, or Codex")
+        import_chalk12.default.gray("No AI agents detected. Install Claude Code, Gemini CLI, Cursor, or Codex")
       );
-      console.log(import_chalk11.default.gray("then run: node9 addto <claude|gemini|cursor|codex>"));
+      console.log(import_chalk12.default.gray("then run: node9 addto <claude|gemini|cursor|codex>"));
       return;
     }
-    console.log(import_chalk11.default.bold("Detected agents:"));
+    console.log(import_chalk12.default.bold("Detected agents:"));
     for (const agent of found) {
-      console.log(import_chalk11.default.green(`  \u2713 ${agent}`));
+      console.log(import_chalk12.default.green(`  \u2713 ${agent}`));
     }
     console.log("");
     for (const agent of found) {
-      console.log(import_chalk11.default.bold(`Wiring ${agent}...`));
+      console.log(import_chalk12.default.bold(`Wiring ${agent}...`));
       if (agent === "claude") await setupClaude();
       else if (agent === "gemini") await setupGemini();
       else if (agent === "cursor") await setupCursor();
@@ -10289,26 +10819,26 @@ function registerInitCommand(program2) {
       console.log("");
     }
     const agentList = found.join(", ");
-    console.log(import_chalk11.default.green.bold(`\u{1F6E1}\uFE0F  Node9 is protecting ${agentList}!`));
+    console.log(import_chalk12.default.green.bold(`\u{1F6E1}\uFE0F  Node9 is protecting ${agentList}!`));
     console.log("");
-    console.log(import_chalk11.default.white("  Watch live:  ") + import_chalk11.default.cyan("node9 tail"));
-    console.log(import_chalk11.default.white("  Local UI:    ") + import_chalk11.default.cyan("node9 daemon --openui"));
+    console.log(import_chalk12.default.white("  Watch live:  ") + import_chalk12.default.cyan("node9 tail"));
+    console.log(import_chalk12.default.white("  Local UI:    ") + import_chalk12.default.cyan("node9 daemon --openui"));
     console.log("");
-    console.log(import_chalk11.default.gray("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
+    console.log(import_chalk12.default.gray("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
     console.log(
-      import_chalk11.default.white("  Team dashboard + full audit trail \u2192 ") + import_chalk11.default.cyan.bold("https://node9.ai")
+      import_chalk12.default.white("  Team dashboard + full audit trail \u2192 ") + import_chalk12.default.cyan.bold("https://node9.ai")
     );
-    console.log(import_chalk11.default.gray("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
+    console.log(import_chalk12.default.gray("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
   });
 }
 
 // src/cli/commands/undo.ts
-var import_path26 = __toESM(require("path"));
-var import_chalk13 = __toESM(require("chalk"));
+var import_path28 = __toESM(require("path"));
+var import_chalk14 = __toESM(require("chalk"));
 
 // src/tui/undo-navigator.ts
 var import_readline2 = __toESM(require("readline"));
-var import_chalk12 = __toESM(require("chalk"));
+var import_chalk13 = __toESM(require("chalk"));
 var RESET = "\x1B[0m";
 var BOLD = "\x1B[1m";
 var CLEAR_SCREEN = "\x1B[2J\x1B[H";
@@ -10326,15 +10856,15 @@ function renderDiff(raw) {
   );
   for (const line of lines) {
     if (line.startsWith("+++") || line.startsWith("---")) {
-      process.stdout.write(import_chalk12.default.bold(line) + "\n");
+      process.stdout.write(import_chalk13.default.bold(line) + "\n");
     } else if (line.startsWith("+")) {
-      process.stdout.write(import_chalk12.default.green(line) + "\n");
+      process.stdout.write(import_chalk13.default.green(line) + "\n");
     } else if (line.startsWith("-")) {
-      process.stdout.write(import_chalk12.default.red(line) + "\n");
+      process.stdout.write(import_chalk13.default.red(line) + "\n");
     } else if (line.startsWith("@@")) {
-      process.stdout.write(import_chalk12.default.cyan(line) + "\n");
+      process.stdout.write(import_chalk13.default.cyan(line) + "\n");
     } else {
-      process.stdout.write(import_chalk12.default.gray(line) + "\n");
+      process.stdout.write(import_chalk13.default.gray(line) + "\n");
     }
   }
 }
@@ -10353,23 +10883,23 @@ function render(entries, idx) {
   const step = idx + 1;
   process.stdout.write(CLEAR_SCREEN);
   process.stdout.write(
-    import_chalk12.default.magenta.bold(`\u23EA  Node9 Undo`) + import_chalk12.default.gray(`  \u2500\u2500  step ${step} of ${total}`) + (entry.files?.length ? import_chalk12.default.gray(
+    import_chalk13.default.magenta.bold(`\u23EA  Node9 Undo`) + import_chalk13.default.gray(`  \u2500\u2500  step ${step} of ${total}`) + (entry.files?.length ? import_chalk13.default.gray(
       `  \u2500\u2500  ${entry.files.slice(0, 2).join(", ")}${entry.files.length > 2 ? ` +${entry.files.length - 2} more` : ""}`
     ) : "") + "\n\n"
   );
   process.stdout.write(
-    `  ${BOLD}Tool:${RESET}  ${import_chalk12.default.cyan(entry.tool)}` + (entry.argsSummary ? import_chalk12.default.gray("  \u2192  " + entry.argsSummary) : "") + "\n"
+    `  ${BOLD}Tool:${RESET}  ${import_chalk13.default.cyan(entry.tool)}` + (entry.argsSummary ? import_chalk13.default.gray("  \u2192  " + entry.argsSummary) : "") + "\n"
   );
-  process.stdout.write(`  ${BOLD}When:${RESET}  ${import_chalk12.default.gray(formatAge(entry.timestamp))}
+  process.stdout.write(`  ${BOLD}When:${RESET}  ${import_chalk13.default.gray(formatAge(entry.timestamp))}
 `);
-  process.stdout.write(`  ${BOLD}Dir: ${RESET}  ${import_chalk12.default.gray(entry.cwd)}
+  process.stdout.write(`  ${BOLD}Dir: ${RESET}  ${import_chalk13.default.gray(entry.cwd)}
 `);
   if (entry.files && entry.files.length > 0) {
-    process.stdout.write(`  ${BOLD}Files:${RESET} ${import_chalk12.default.gray(entry.files.join(", "))}
+    process.stdout.write(`  ${BOLD}Files:${RESET} ${import_chalk13.default.gray(entry.files.join(", "))}
 `);
   }
   if (idx < total - 1 && isSessionBoundary(entries, idx + 1)) {
-    process.stdout.write(import_chalk12.default.gray("\n  \u2500\u2500 session boundary above \u2500\u2500\n"));
+    process.stdout.write(import_chalk13.default.gray("\n  \u2500\u2500 session boundary above \u2500\u2500\n"));
   }
   process.stdout.write("\n");
   const diff = entry.diff ?? computeUndoDiff(entry.hash, entry.cwd);
@@ -10377,12 +10907,12 @@ function render(entries, idx) {
     renderDiff(diff);
   } else {
     process.stdout.write(
-      import_chalk12.default.gray("  (no diff \u2014 working tree may already match this snapshot)\n")
+      import_chalk13.default.gray("  (no diff \u2014 working tree may already match this snapshot)\n")
     );
   }
   process.stdout.write("\n");
   process.stdout.write(
-    import_chalk12.default.gray("  ") + (idx < total - 1 ? import_chalk12.default.white("[\u2190] older") : import_chalk12.default.gray("[\u2190] older")) + import_chalk12.default.gray("   ") + (idx > 0 ? import_chalk12.default.white("[\u2192] newer") : import_chalk12.default.gray("[\u2192] newer")) + import_chalk12.default.gray("   ") + import_chalk12.default.green("[\u21B5] restore here") + import_chalk12.default.gray("   ") + import_chalk12.default.yellow("[s] session start") + import_chalk12.default.gray("   ") + import_chalk12.default.gray("[q] quit") + "\n"
+    import_chalk13.default.gray("  ") + (idx < total - 1 ? import_chalk13.default.white("[\u2190] older") : import_chalk13.default.gray("[\u2190] older")) + import_chalk13.default.gray("   ") + (idx > 0 ? import_chalk13.default.white("[\u2192] newer") : import_chalk13.default.gray("[\u2192] newer")) + import_chalk13.default.gray("   ") + import_chalk13.default.green("[\u21B5] restore here") + import_chalk13.default.gray("   ") + import_chalk13.default.yellow("[s] session start") + import_chalk13.default.gray("   ") + import_chalk13.default.gray("[q] quit") + "\n"
   );
 }
 async function runUndoNavigator(entries) {
@@ -10436,19 +10966,19 @@ async function runUndoNavigator(entries) {
         cleanup();
         process.stdout.write(CLEAR_SCREEN);
         const entry = display[idx];
-        process.stdout.write(import_chalk12.default.magenta.bold("\n\u23EA  Restoring snapshot...\n\n"));
+        process.stdout.write(import_chalk13.default.magenta.bold("\n\u23EA  Restoring snapshot...\n\n"));
         if (applyUndo(entry.hash, entry.cwd)) {
-          process.stdout.write(import_chalk12.default.green("\u2705  Reverted successfully.\n\n"));
+          process.stdout.write(import_chalk13.default.green("\u2705  Reverted successfully.\n\n"));
           resolve({ restored: true });
         } else {
-          process.stdout.write(import_chalk12.default.red("\u274C  Undo failed.\n\n"));
+          process.stdout.write(import_chalk13.default.red("\u274C  Undo failed.\n\n"));
           resolve({ restored: false });
         }
       } else if (name === "q" || key?.ctrl && name === "c") {
         done = true;
         cleanup();
         process.stdout.write(CLEAR_SCREEN);
-        process.stdout.write(import_chalk12.default.gray("\nCancelled.\n\n"));
+        process.stdout.write(import_chalk13.default.gray("\nCancelled.\n\n"));
         resolve({ restored: false });
       }
     };
@@ -10462,7 +10992,7 @@ function findMatchingCwd(startDir, history) {
   let dir = startDir;
   while (true) {
     if (cwds.has(dir)) return dir;
-    const parent = import_path26.default.dirname(dir);
+    const parent = import_path28.default.dirname(dir);
     if (parent === dir) return null;
     dir = parent;
   }
@@ -10484,39 +11014,39 @@ function registerUndoCommand(program2) {
     if (history.length === 0) {
       if (!options.all && allHistory.length > 0) {
         console.log(
-          import_chalk13.default.yellow(
+          import_chalk14.default.yellow(
             `
 \u2139\uFE0F  No snapshots found for the current directory (${process.cwd()}).
-    Run ${import_chalk13.default.cyan("node9 undo --all")} to see snapshots from all projects.
+    Run ${import_chalk14.default.cyan("node9 undo --all")} to see snapshots from all projects.
 `
           )
         );
       } else {
-        console.log(import_chalk13.default.yellow("\n\u2139\uFE0F  No undo snapshots found.\n"));
+        console.log(import_chalk14.default.yellow("\n\u2139\uFE0F  No undo snapshots found.\n"));
       }
       return;
     }
     if (options.list) {
-      console.log(import_chalk13.default.magenta.bold("\n\u23EA  Snapshot History\n"));
+      console.log(import_chalk14.default.magenta.bold("\n\u23EA  Snapshot History\n"));
       console.log(
-        import_chalk13.default.gray(
+        import_chalk14.default.gray(
           `  ${"#".padEnd(3)}  ${"File / Command".padEnd(30)}  ${"Tool".padEnd(8)}  ${"When".padEnd(10)}  Dir`
         )
       );
-      console.log(import_chalk13.default.gray("  " + "\u2500".repeat(80)));
+      console.log(import_chalk14.default.gray("  " + "\u2500".repeat(80)));
       const display = [...history].reverse();
       let prevTs = null;
       for (let i = 0; i < display.length; i++) {
         const e = display[i];
         const isGap = prevTs !== null && prevTs - e.timestamp > 6e4;
-        if (isGap) console.log(import_chalk13.default.gray("  \u2500\u2500 earlier \u2500\u2500"));
+        if (isGap) console.log(import_chalk14.default.gray("  \u2500\u2500 earlier \u2500\u2500"));
         const label = (e.argsSummary || e.files?.[0] || "\u2014").slice(0, 30).padEnd(30);
         const tool = e.tool.slice(0, 8).padEnd(8);
         const when = formatAge2(e.timestamp).padEnd(10);
         const dir = e.cwd.length > 30 ? "\u2026" + e.cwd.slice(-29) : e.cwd;
         console.log(
-          import_chalk13.default.white(
-            `  ${String(i + 1).padEnd(3)}  ${label}  ${import_chalk13.default.cyan(tool)}  ${import_chalk13.default.gray(when)}  ${import_chalk13.default.gray(dir)}`
+          import_chalk14.default.white(
+            `  ${String(i + 1).padEnd(3)}  ${label}  ${import_chalk14.default.cyan(tool)}  ${import_chalk14.default.gray(when)}  ${import_chalk14.default.gray(dir)}`
           )
         );
         prevTs = e.timestamp;
@@ -10529,7 +11059,7 @@ function registerUndoCommand(program2) {
       const idx = history.length - steps;
       if (idx < 0) {
         console.log(
-          import_chalk13.default.yellow(
+          import_chalk14.default.yellow(
             `
 \u2139\uFE0F  Only ${history.length} snapshot(s) available, cannot go back ${steps}.
 `
@@ -10540,47 +11070,47 @@ function registerUndoCommand(program2) {
       const snapshot = history[idx];
       const ageStr = formatAge2(snapshot.timestamp);
       console.log(
-        import_chalk13.default.magenta.bold(`
+        import_chalk14.default.magenta.bold(`
 \u23EA  Node9 Undo${steps > 1 ? ` (${steps} steps back)` : ""}`)
       );
       console.log(
-        import_chalk13.default.white(
-          `    Tool:  ${import_chalk13.default.cyan(snapshot.tool)}${snapshot.argsSummary ? import_chalk13.default.gray(" \u2192 " + snapshot.argsSummary) : ""}`
+        import_chalk14.default.white(
+          `    Tool:  ${import_chalk14.default.cyan(snapshot.tool)}${snapshot.argsSummary ? import_chalk14.default.gray(" \u2192 " + snapshot.argsSummary) : ""}`
         )
       );
-      console.log(import_chalk13.default.white(`    When:  ${import_chalk13.default.gray(ageStr)}`));
-      console.log(import_chalk13.default.white(`    Dir:   ${import_chalk13.default.gray(snapshot.cwd)}`));
+      console.log(import_chalk14.default.white(`    When:  ${import_chalk14.default.gray(ageStr)}`));
+      console.log(import_chalk14.default.white(`    Dir:   ${import_chalk14.default.gray(snapshot.cwd)}`));
       if (steps > 1)
         console.log(
-          import_chalk13.default.yellow(`    Note:  This will also undo the ${steps - 1} action(s) after it.`)
+          import_chalk14.default.yellow(`    Note:  This will also undo the ${steps - 1} action(s) after it.`)
         );
       console.log("");
       const diff = snapshot.diff ?? computeUndoDiff(snapshot.hash, snapshot.cwd);
       if (diff) {
         const lines = diff.split("\n").filter((l) => !l.startsWith("diff --git") && !l.startsWith("index "));
         for (const line of lines) {
-          if (line.startsWith("+++") || line.startsWith("---")) console.log(import_chalk13.default.bold(line));
-          else if (line.startsWith("+")) console.log(import_chalk13.default.green(line));
-          else if (line.startsWith("-")) console.log(import_chalk13.default.red(line));
-          else if (line.startsWith("@@")) console.log(import_chalk13.default.cyan(line));
-          else console.log(import_chalk13.default.gray(line));
+          if (line.startsWith("+++") || line.startsWith("---")) console.log(import_chalk14.default.bold(line));
+          else if (line.startsWith("+")) console.log(import_chalk14.default.green(line));
+          else if (line.startsWith("-")) console.log(import_chalk14.default.red(line));
+          else if (line.startsWith("@@")) console.log(import_chalk14.default.cyan(line));
+          else console.log(import_chalk14.default.gray(line));
         }
         console.log("");
       } else {
         console.log(
-          import_chalk13.default.gray("    (no diff available \u2014 working tree may already match snapshot)\n")
+          import_chalk14.default.gray("    (no diff available \u2014 working tree may already match snapshot)\n")
         );
       }
       const { confirm: confirm3 } = await import("@inquirer/prompts");
       const proceed = await confirm3({ message: `Revert to this snapshot?`, default: false });
       if (proceed) {
         if (applyUndo(snapshot.hash, snapshot.cwd)) {
-          console.log(import_chalk13.default.green("\n\u2705 Reverted successfully.\n"));
+          console.log(import_chalk14.default.green("\n\u2705 Reverted successfully.\n"));
         } else {
-          console.error(import_chalk13.default.red("\n\u274C Undo failed. Ensure you are in a Git repository.\n"));
+          console.error(import_chalk14.default.red("\n\u274C Undo failed. Ensure you are in a Git repository.\n"));
         }
       } else {
-        console.log(import_chalk13.default.gray("\nCancelled.\n"));
+        console.log(import_chalk14.default.gray("\nCancelled.\n"));
       }
       return;
     }
@@ -10589,7 +11119,7 @@ function registerUndoCommand(program2) {
 }
 
 // src/cli/commands/watch.ts
-var import_chalk14 = __toESM(require("chalk"));
+var import_chalk15 = __toESM(require("chalk"));
 var import_child_process12 = require("child_process");
 init_daemon();
 function registerWatchCommand(program2) {
@@ -10606,7 +11136,7 @@ function registerWatchCommand(program2) {
         throw new Error("not running");
       }
     } catch {
-      console.error(import_chalk14.default.dim("\u{1F6E1}\uFE0F  Starting Node9 daemon (watch mode)..."));
+      console.error(import_chalk15.default.dim("\u{1F6E1}\uFE0F  Starting Node9 daemon (watch mode)..."));
       const child = (0, import_child_process12.spawn)(process.execPath, [process.argv[1], "daemon"], {
         detached: true,
         stdio: "ignore",
@@ -10628,12 +11158,12 @@ function registerWatchCommand(program2) {
         }
       }
       if (!ready) {
-        console.error(import_chalk14.default.red("\u274C Daemon failed to start. Try: node9 daemon start"));
+        console.error(import_chalk15.default.red("\u274C Daemon failed to start. Try: node9 daemon start"));
         process.exit(1);
       }
     }
     console.error(
-      import_chalk14.default.cyan.bold("\u{1F6E1}\uFE0F  Node9 watch") + import_chalk14.default.dim(` \u2192 localhost:${port}`) + import_chalk14.default.dim(
+      import_chalk15.default.cyan.bold("\u{1F6E1}\uFE0F  Node9 watch") + import_chalk15.default.dim(` \u2192 localhost:${port}`) + import_chalk15.default.dim(
         "\n   Tip: run `node9 tail` in another terminal to review and approve AI actions.\n"
       )
     );
@@ -10642,7 +11172,7 @@ function registerWatchCommand(program2) {
       env: { ...process.env, NODE9_WATCH_MODE: "1" }
     });
     if (result.error) {
-      console.error(import_chalk14.default.red(`\u274C Failed to run command: ${result.error.message}`));
+      console.error(import_chalk15.default.red(`\u274C Failed to run command: ${result.error.message}`));
       process.exit(1);
     }
     process.exit(result.status ?? 0);
@@ -10651,19 +11181,19 @@ function registerWatchCommand(program2) {
 
 // src/mcp-gateway/index.ts
 var import_readline3 = __toESM(require("readline"));
-var import_chalk15 = __toESM(require("chalk"));
+var import_chalk16 = __toESM(require("chalk"));
 var import_child_process13 = require("child_process");
 var import_execa3 = require("execa");
 init_orchestrator();
 init_provenance();
 
 // src/mcp-pin.ts
-var import_fs24 = __toESM(require("fs"));
-var import_path27 = __toESM(require("path"));
-var import_os20 = __toESM(require("os"));
-var import_crypto8 = __toESM(require("crypto"));
+var import_fs26 = __toESM(require("fs"));
+var import_path29 = __toESM(require("path"));
+var import_os22 = __toESM(require("os"));
+var import_crypto9 = __toESM(require("crypto"));
 function getPinsFilePath() {
-  return import_path27.default.join(import_os20.default.homedir(), ".node9", "mcp-pins.json");
+  return import_path29.default.join(import_os22.default.homedir(), ".node9", "mcp-pins.json");
 }
 function hashToolDefinitions(tools) {
   const sorted = [...tools].sort((a, b) => {
@@ -10672,15 +11202,15 @@ function hashToolDefinitions(tools) {
     return nameA.localeCompare(nameB);
   });
   const canonical = JSON.stringify(sorted);
-  return import_crypto8.default.createHash("sha256").update(canonical).digest("hex");
+  return import_crypto9.default.createHash("sha256").update(canonical).digest("hex");
 }
 function getServerKey(upstreamCommand) {
-  return import_crypto8.default.createHash("sha256").update(upstreamCommand).digest("hex").slice(0, 16);
+  return import_crypto9.default.createHash("sha256").update(upstreamCommand).digest("hex").slice(0, 16);
 }
 function readMcpPinsSafe() {
   const filePath = getPinsFilePath();
   try {
-    const raw = import_fs24.default.readFileSync(filePath, "utf-8");
+    const raw = import_fs26.default.readFileSync(filePath, "utf-8");
     if (!raw.trim()) {
       return { ok: false, reason: "corrupt", detail: "empty file" };
     }
@@ -10704,10 +11234,10 @@ function readMcpPins() {
 }
 function writeMcpPins(data) {
   const filePath = getPinsFilePath();
-  import_fs24.default.mkdirSync(import_path27.default.dirname(filePath), { recursive: true });
-  const tmp = `${filePath}.${import_crypto8.default.randomBytes(6).toString("hex")}.tmp`;
-  import_fs24.default.writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 384 });
-  import_fs24.default.renameSync(tmp, filePath);
+  import_fs26.default.mkdirSync(import_path29.default.dirname(filePath), { recursive: true });
+  const tmp = `${filePath}.${import_crypto9.default.randomBytes(6).toString("hex")}.tmp`;
+  import_fs26.default.writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 384 });
+  import_fs26.default.renameSync(tmp, filePath);
 }
 function checkPin(serverKey, currentHash) {
   const result = readMcpPinsSafe();
@@ -10799,13 +11329,13 @@ async function runMcpGateway(upstreamCommand) {
   const prov = checkProvenance(executable);
   if (prov.trustLevel === "suspect") {
     console.error(
-      import_chalk15.default.red(
+      import_chalk16.default.red(
         `\u26A0\uFE0F  Node9: Upstream MCP server binary is suspect \u2014 ${prov.reason} (${prov.resolvedPath})`
       )
     );
-    console.error(import_chalk15.default.red("   Verify this binary is trusted before proceeding."));
+    console.error(import_chalk16.default.red("   Verify this binary is trusted before proceeding."));
   }
-  console.error(import_chalk15.default.green(`\u{1F680} Node9 MCP Gateway: Monitoring [${upstreamCommand}]`));
+  console.error(import_chalk16.default.green(`\u{1F680} Node9 MCP Gateway: Monitoring [${upstreamCommand}]`));
   const UPSTREAM_INJECTOR_VARS = /* @__PURE__ */ new Set([
     "NODE_OPTIONS",
     "NODE_PATH",
@@ -10908,10 +11438,10 @@ async function runMcpGateway(upstreamCommand) {
           mcpServer
         });
         if (!result.approved) {
-          console.error(import_chalk15.default.red(`
+          console.error(import_chalk16.default.red(`
 \u{1F6D1} Node9 MCP Gateway: Action Blocked`));
-          console.error(import_chalk15.default.gray(`   Tool: ${toolName}`));
-          console.error(import_chalk15.default.gray(`   Reason: ${result.reason ?? "Security Policy"}
+          console.error(import_chalk16.default.gray(`   Tool: ${toolName}`));
+          console.error(import_chalk16.default.gray(`   Reason: ${result.reason ?? "Security Policy"}
 `));
           const blockedByLabel = result.blockedByLabel ?? result.reason ?? "Security Policy";
           const isHumanDecision = blockedByLabel.toLowerCase().includes("user") || blockedByLabel.toLowerCase().includes("daemon") || blockedByLabel.toLowerCase().includes("decision");
@@ -10990,7 +11520,7 @@ async function runMcpGateway(upstreamCommand) {
           updatePin(serverKey, upstreamCommand, currentHash, toolNames);
           pinState = "validated";
           console.error(
-            import_chalk15.default.green(
+            import_chalk16.default.green(
               `\u{1F512} Node9: Pinned ${toolNames.length} tool definition(s) for this MCP server`
             )
           );
@@ -11003,11 +11533,11 @@ async function runMcpGateway(upstreamCommand) {
         } else if (pinStatus === "corrupt") {
           pinState = "quarantined";
           console.error(
-            import_chalk15.default.red("\n\u{1F6A8} Node9: MCP pin file is corrupt or unreadable \u2014 session quarantined!")
+            import_chalk16.default.red("\n\u{1F6A8} Node9: MCP pin file is corrupt or unreadable \u2014 session quarantined!")
           );
-          console.error(import_chalk15.default.red("   Tool calls are blocked until the pin file is repaired."));
+          console.error(import_chalk16.default.red("   Tool calls are blocked until the pin file is repaired."));
           console.error(
-            import_chalk15.default.yellow(`   Run: node9 mcp pin reset  (to clear and re-pin on next connect)
+            import_chalk16.default.yellow(`   Run: node9 mcp pin reset  (to clear and re-pin on next connect)
 `)
           );
           const errorResponse = {
@@ -11024,13 +11554,13 @@ async function runMcpGateway(upstreamCommand) {
         } else {
           pinState = "quarantined";
           console.error(
-            import_chalk15.default.red("\n\u{1F6A8} Node9: MCP tool definitions have changed since last verified!")
+            import_chalk16.default.red("\n\u{1F6A8} Node9: MCP tool definitions have changed since last verified!")
           );
           console.error(
-            import_chalk15.default.red("   This could indicate a supply chain attack (tool poisoning / rug pull).")
+            import_chalk16.default.red("   This could indicate a supply chain attack (tool poisoning / rug pull).")
           );
-          console.error(import_chalk15.default.red("   Session quarantined \u2014 all tool calls blocked."));
-          console.error(import_chalk15.default.yellow(`   Run: node9 mcp pin update ${serverKey}
+          console.error(import_chalk16.default.red("   Session quarantined \u2014 all tool calls blocked."));
+          console.error(import_chalk16.default.yellow(`   Run: node9 mcp pin update ${serverKey}
 `));
           const errorResponse = {
             jsonrpc: "2.0",
@@ -11079,9 +11609,9 @@ function registerMcpGatewayCommand(program2) {
 
 // src/mcp-server/index.ts
 var import_readline4 = __toESM(require("readline"));
-var import_fs25 = __toESM(require("fs"));
-var import_os21 = __toESM(require("os"));
-var import_path28 = __toESM(require("path"));
+var import_fs27 = __toESM(require("fs"));
+var import_os23 = __toESM(require("os"));
+var import_path30 = __toESM(require("path"));
 init_core();
 init_daemon();
 init_shields();
@@ -11256,13 +11786,13 @@ function handleStatus() {
   lines.push(`Active shields: ${activeShields.length > 0 ? activeShields.join(", ") : "none"}`);
   lines.push(`Smart rules: ${config.policy.smartRules.length} loaded`);
   lines.push(`DLP: ${config.policy.dlp?.enabled !== false ? "enabled" : "disabled"}`);
-  const projectConfig = import_path28.default.join(process.cwd(), "node9.config.json");
-  const globalConfig = import_path28.default.join(import_os21.default.homedir(), ".node9", "config.json");
+  const projectConfig = import_path30.default.join(process.cwd(), "node9.config.json");
+  const globalConfig = import_path30.default.join(import_os23.default.homedir(), ".node9", "config.json");
   lines.push(
-    `Project config (node9.config.json): ${import_fs25.default.existsSync(projectConfig) ? "present" : "not found"}`
+    `Project config (node9.config.json): ${import_fs27.default.existsSync(projectConfig) ? "present" : "not found"}`
   );
   lines.push(
-    `Global config (~/.node9/config.json): ${import_fs25.default.existsSync(globalConfig) ? "present" : "not found"}`
+    `Global config (~/.node9/config.json): ${import_fs27.default.existsSync(globalConfig) ? "present" : "not found"}`
   );
   return lines.join("\n");
 }
@@ -11336,21 +11866,21 @@ function handleShieldDisable(args) {
   writeActiveShields(active.filter((s) => s !== name));
   return `Shield "${name}" disabled.`;
 }
-var GLOBAL_CONFIG_PATH2 = import_path28.default.join(import_os21.default.homedir(), ".node9", "config.json");
+var GLOBAL_CONFIG_PATH2 = import_path30.default.join(import_os23.default.homedir(), ".node9", "config.json");
 var APPROVER_CHANNELS = ["native", "browser", "cloud", "terminal"];
 function readGlobalConfigRaw() {
   try {
-    if (import_fs25.default.existsSync(GLOBAL_CONFIG_PATH2)) {
-      return JSON.parse(import_fs25.default.readFileSync(GLOBAL_CONFIG_PATH2, "utf-8"));
+    if (import_fs27.default.existsSync(GLOBAL_CONFIG_PATH2)) {
+      return JSON.parse(import_fs27.default.readFileSync(GLOBAL_CONFIG_PATH2, "utf-8"));
     }
   } catch {
   }
   return {};
 }
 function writeGlobalConfigRaw(data) {
-  const dir = import_path28.default.dirname(GLOBAL_CONFIG_PATH2);
-  if (!import_fs25.default.existsSync(dir)) import_fs25.default.mkdirSync(dir, { recursive: true });
-  import_fs25.default.writeFileSync(GLOBAL_CONFIG_PATH2, JSON.stringify(data, null, 2) + "\n");
+  const dir = import_path30.default.dirname(GLOBAL_CONFIG_PATH2);
+  if (!import_fs27.default.existsSync(dir)) import_fs27.default.mkdirSync(dir, { recursive: true });
+  import_fs27.default.writeFileSync(GLOBAL_CONFIG_PATH2, JSON.stringify(data, null, 2) + "\n");
 }
 function handleApproverList() {
   const config = getConfig();
@@ -11393,9 +11923,9 @@ function handleApproverSet(args) {
 }
 function handleAuditGet(args) {
   const limit = Math.min(typeof args.limit === "number" ? args.limit : 20, 100);
-  const auditPath = import_path28.default.join(import_os21.default.homedir(), ".node9", "audit.log");
-  if (!import_fs25.default.existsSync(auditPath)) return "No audit log found.";
-  const lines = import_fs25.default.readFileSync(auditPath, "utf-8").trim().split("\n").filter(Boolean);
+  const auditPath = import_path30.default.join(import_os23.default.homedir(), ".node9", "audit.log");
+  if (!import_fs27.default.existsSync(auditPath)) return "No audit log found.";
+  const lines = import_fs27.default.readFileSync(auditPath, "utf-8").trim().split("\n").filter(Boolean);
   const recent = lines.slice(-limit);
   const entries = recent.map((line) => {
     try {
@@ -11582,7 +12112,7 @@ function registerMcpServerCommand(program2) {
 }
 
 // src/cli/commands/trust.ts
-var import_chalk16 = __toESM(require("chalk"));
+var import_chalk17 = __toESM(require("chalk"));
 init_trusted_hosts();
 function isValidHost(host) {
   return /^(\*\.)?[a-z0-9][a-z0-9.-]*\.[a-z]{2,}$/.test(host);
@@ -11593,51 +12123,51 @@ function registerTrustCommand(program2) {
     const normalized = normalizeHost(host.trim());
     if (!isValidHost(normalized)) {
       console.error(
-        import_chalk16.default.red(`
+        import_chalk17.default.red(`
 \u274C Invalid host: "${host}"
-`) + import_chalk16.default.gray("   Use an FQDN like api.mycompany.com or *.mycompany.com\n")
+`) + import_chalk17.default.gray("   Use an FQDN like api.mycompany.com or *.mycompany.com\n")
       );
       process.exit(1);
     }
     addTrustedHost(normalized);
-    console.log(import_chalk16.default.green(`
+    console.log(import_chalk17.default.green(`
 \u2705 ${normalized} added to trusted hosts.`));
     console.log(
-      import_chalk16.default.gray("   Pipe-chain blocks to this host: critical \u2192 review, high \u2192 allow\n")
+      import_chalk17.default.gray("   Pipe-chain blocks to this host: critical \u2192 review, high \u2192 allow\n")
     );
   });
   trustCmd.command("remove <host>").description("Remove a trusted host").action((host) => {
     const normalized = normalizeHost(host.trim());
     const removed = removeTrustedHost(normalized);
     if (!removed) {
-      console.error(import_chalk16.default.yellow(`
+      console.error(import_chalk17.default.yellow(`
 \u26A0\uFE0F  "${normalized}" is not in the trusted hosts list.
 `));
       process.exit(1);
     }
-    console.log(import_chalk16.default.green(`
+    console.log(import_chalk17.default.green(`
 \u2705 ${normalized} removed from trusted hosts.
 `));
   });
   trustCmd.command("list").description("Show all trusted hosts").action(() => {
     const hosts = readTrustedHosts();
     if (hosts.length === 0) {
-      console.log(import_chalk16.default.gray("\n  No trusted hosts configured.\n"));
-      console.log(`  Add one: ${import_chalk16.default.cyan("node9 trust add api.mycompany.com")}
+      console.log(import_chalk17.default.gray("\n  No trusted hosts configured.\n"));
+      console.log(`  Add one: ${import_chalk17.default.cyan("node9 trust add api.mycompany.com")}
 `);
       return;
     }
-    console.log(import_chalk16.default.bold("\n\u{1F513} Trusted Hosts\n"));
+    console.log(import_chalk17.default.bold("\n\u{1F513} Trusted Hosts\n"));
     for (const entry of hosts) {
       const date = new Date(entry.addedAt).toLocaleDateString();
-      console.log(`  ${import_chalk16.default.cyan(entry.host.padEnd(40))} ${import_chalk16.default.gray(`added ${date}`)}`);
+      console.log(`  ${import_chalk17.default.cyan(entry.host.padEnd(40))} ${import_chalk17.default.gray(`added ${date}`)}`);
     }
     console.log("");
   });
 }
 
 // src/cli/commands/mcp-pin.ts
-var import_chalk17 = __toESM(require("chalk"));
+var import_chalk18 = __toESM(require("chalk"));
 function registerMcpPinCommand(program2) {
   const pinCmd = program2.command("mcp").description("Manage MCP server tool definition pinning (rug pull defense)");
   const pinSubCmd = pinCmd.command("pin").description("Manage pinned MCP server tool definitions");
@@ -11645,31 +12175,31 @@ function registerMcpPinCommand(program2) {
     const result = readMcpPinsSafe();
     if (!result.ok) {
       if (result.reason === "missing") {
-        console.log(import_chalk17.default.gray("\nNo MCP servers are pinned yet."));
+        console.log(import_chalk18.default.gray("\nNo MCP servers are pinned yet."));
         console.log(
-          import_chalk17.default.gray("Pins are created automatically when the MCP gateway first connects.\n")
+          import_chalk18.default.gray("Pins are created automatically when the MCP gateway first connects.\n")
         );
         return;
       }
-      console.error(import_chalk17.default.red(`
+      console.error(import_chalk18.default.red(`
 \u274C Pin file is corrupt: ${result.detail}`));
-      console.error(import_chalk17.default.yellow("   Run: node9 mcp pin reset\n"));
+      console.error(import_chalk18.default.yellow("   Run: node9 mcp pin reset\n"));
       process.exit(1);
     }
     const entries = Object.entries(result.pins.servers);
     if (entries.length === 0) {
-      console.log(import_chalk17.default.gray("\nNo MCP servers are pinned yet."));
+      console.log(import_chalk18.default.gray("\nNo MCP servers are pinned yet."));
       console.log(
-        import_chalk17.default.gray("Pins are created automatically when the MCP gateway first connects.\n")
+        import_chalk18.default.gray("Pins are created automatically when the MCP gateway first connects.\n")
       );
       return;
     }
-    console.log(import_chalk17.default.bold("\n\u{1F512} Pinned MCP Servers\n"));
+    console.log(import_chalk18.default.bold("\n\u{1F512} Pinned MCP Servers\n"));
     for (const [key, entry] of entries) {
-      console.log(`  ${import_chalk17.default.cyan(key)}  ${import_chalk17.default.gray(entry.label)}`);
-      console.log(`    Tools (${entry.toolCount}): ${import_chalk17.default.white(entry.toolNames.join(", "))}`);
-      console.log(`    Hash:  ${import_chalk17.default.gray(entry.toolsHash.slice(0, 16))}...`);
-      console.log(`    Pinned: ${import_chalk17.default.gray(entry.pinnedAt)}`);
+      console.log(`  ${import_chalk18.default.cyan(key)}  ${import_chalk18.default.gray(entry.label)}`);
+      console.log(`    Tools (${entry.toolCount}): ${import_chalk18.default.white(entry.toolNames.join(", "))}`);
+      console.log(`    Hash:  ${import_chalk18.default.gray(entry.toolsHash.slice(0, 16))}...`);
+      console.log(`    Pinned: ${import_chalk18.default.gray(entry.pinnedAt)}`);
       console.log("");
     }
   });
@@ -11680,55 +12210,55 @@ function registerMcpPinCommand(program2) {
     try {
       pins = readMcpPins();
     } catch {
-      console.error(import_chalk17.default.red("\n\u274C Pin file is corrupt."));
-      console.error(import_chalk17.default.yellow("   Run: node9 mcp pin reset\n"));
+      console.error(import_chalk18.default.red("\n\u274C Pin file is corrupt."));
+      console.error(import_chalk18.default.yellow("   Run: node9 mcp pin reset\n"));
       process.exit(1);
     }
     if (!pins.servers[serverKey]) {
-      console.error(import_chalk17.default.red(`
+      console.error(import_chalk18.default.red(`
 \u274C No pin found for server key "${serverKey}"
 `));
-      console.error(`Run ${import_chalk17.default.cyan("node9 mcp pin list")} to see pinned servers.
+      console.error(`Run ${import_chalk18.default.cyan("node9 mcp pin list")} to see pinned servers.
 `);
       process.exit(1);
     }
     const label = pins.servers[serverKey].label;
     removePin(serverKey);
-    console.log(import_chalk17.default.green(`
-\u{1F513} Pin removed for ${import_chalk17.default.cyan(serverKey)}`));
-    console.log(import_chalk17.default.gray(`   Server: ${label}`));
-    console.log(import_chalk17.default.gray("   Next connection will re-pin with current tool definitions.\n"));
+    console.log(import_chalk18.default.green(`
+\u{1F513} Pin removed for ${import_chalk18.default.cyan(serverKey)}`));
+    console.log(import_chalk18.default.gray(`   Server: ${label}`));
+    console.log(import_chalk18.default.gray("   Next connection will re-pin with current tool definitions.\n"));
   });
   pinSubCmd.command("reset").description("Clear all MCP pins (next connection to each server will re-pin)").action(() => {
     const result = readMcpPinsSafe();
     if (!result.ok && result.reason === "missing") {
-      console.log(import_chalk17.default.gray("\nNo pins to clear.\n"));
+      console.log(import_chalk18.default.gray("\nNo pins to clear.\n"));
       return;
     }
     const count = result.ok ? Object.keys(result.pins.servers).length : "?";
     clearAllPins();
-    console.log(import_chalk17.default.green(`
+    console.log(import_chalk18.default.green(`
 \u{1F513} Cleared ${count} MCP pin(s).`));
-    console.log(import_chalk17.default.gray("   Next connection to each server will re-pin.\n"));
+    console.log(import_chalk18.default.gray("   Next connection to each server will re-pin.\n"));
   });
 }
 
 // src/cli.ts
 var { version } = JSON.parse(
-  import_fs28.default.readFileSync(import_path31.default.join(__dirname, "../package.json"), "utf-8")
+  import_fs30.default.readFileSync(import_path33.default.join(__dirname, "../package.json"), "utf-8")
 );
 var program = new import_commander.Command();
 program.name("node9").description("The Sudo Command for AI Agents").version(version);
 program.command("login").argument("<apiKey>").option("--local", "Save key for audit/logging only \u2014 local config still controls all decisions").option("--profile <name>", 'Save as a named profile (default: "default")').action((apiKey, options) => {
   const DEFAULT_API_URL = "https://api.node9.ai/api/v1/intercept";
-  const credPath = import_path31.default.join(import_os24.default.homedir(), ".node9", "credentials.json");
-  if (!import_fs28.default.existsSync(import_path31.default.dirname(credPath)))
-    import_fs28.default.mkdirSync(import_path31.default.dirname(credPath), { recursive: true });
+  const credPath = import_path33.default.join(import_os26.default.homedir(), ".node9", "credentials.json");
+  if (!import_fs30.default.existsSync(import_path33.default.dirname(credPath)))
+    import_fs30.default.mkdirSync(import_path33.default.dirname(credPath), { recursive: true });
   const profileName = options.profile || "default";
   let existingCreds = {};
   try {
-    if (import_fs28.default.existsSync(credPath)) {
-      const raw = JSON.parse(import_fs28.default.readFileSync(credPath, "utf-8"));
+    if (import_fs30.default.existsSync(credPath)) {
+      const raw = JSON.parse(import_fs30.default.readFileSync(credPath, "utf-8"));
       if (raw.apiKey) {
         existingCreds = {
           default: { apiKey: raw.apiKey, apiUrl: raw.apiUrl || DEFAULT_API_URL }
@@ -11740,13 +12270,13 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
   } catch {
   }
   existingCreds[profileName] = { apiKey, apiUrl: DEFAULT_API_URL };
-  import_fs28.default.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
+  import_fs30.default.writeFileSync(credPath, JSON.stringify(existingCreds, null, 2), { mode: 384 });
   if (profileName === "default") {
-    const configPath = import_path31.default.join(import_os24.default.homedir(), ".node9", "config.json");
+    const configPath = import_path33.default.join(import_os26.default.homedir(), ".node9", "config.json");
     let config = {};
     try {
-      if (import_fs28.default.existsSync(configPath))
-        config = JSON.parse(import_fs28.default.readFileSync(configPath, "utf-8"));
+      if (import_fs30.default.existsSync(configPath))
+        config = JSON.parse(import_fs30.default.readFileSync(configPath, "utf-8"));
     } catch {
     }
     if (!config.settings || typeof config.settings !== "object") config.settings = {};
@@ -11761,19 +12291,19 @@ program.command("login").argument("<apiKey>").option("--local", "Save key for au
       approvers.cloud = false;
     }
     s.approvers = approvers;
-    if (!import_fs28.default.existsSync(import_path31.default.dirname(configPath)))
-      import_fs28.default.mkdirSync(import_path31.default.dirname(configPath), { recursive: true });
-    import_fs28.default.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
+    if (!import_fs30.default.existsSync(import_path33.default.dirname(configPath)))
+      import_fs30.default.mkdirSync(import_path33.default.dirname(configPath), { recursive: true });
+    import_fs30.default.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
   }
   if (options.profile && profileName !== "default") {
-    console.log(import_chalk19.default.green(`\u2705 Profile "${profileName}" saved`));
-    console.log(import_chalk19.default.gray(`   Switch to it per-session:  NODE9_PROFILE=${profileName} claude`));
+    console.log(import_chalk20.default.green(`\u2705 Profile "${profileName}" saved`));
+    console.log(import_chalk20.default.gray(`   Switch to it per-session:  NODE9_PROFILE=${profileName} claude`));
   } else if (options.local) {
-    console.log(import_chalk19.default.green(`\u2705 Privacy mode \u{1F6E1}\uFE0F`));
-    console.log(import_chalk19.default.gray(`   All decisions stay on this machine.`));
+    console.log(import_chalk20.default.green(`\u2705 Privacy mode \u{1F6E1}\uFE0F`));
+    console.log(import_chalk20.default.gray(`   All decisions stay on this machine.`));
   } else {
-    console.log(import_chalk19.default.green(`\u2705 Logged in \u2014 agent mode`));
-    console.log(import_chalk19.default.gray(`   Team policy enforced for all calls via Node9 cloud.`));
+    console.log(import_chalk20.default.green(`\u2705 Logged in \u2014 agent mode`));
+    console.log(import_chalk20.default.gray(`   Team policy enforced for all calls via Node9 cloud.`));
   }
 });
 program.command("addto").description("Integrate Node9 with an AI agent").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  hud").argument("<target>", "The agent to protect: claude | gemini | cursor | hud").action(async (target) => {
@@ -11781,19 +12311,19 @@ program.command("addto").description("Integrate Node9 with an AI agent").addHelp
   if (target === "claude") return await setupClaude();
   if (target === "cursor") return await setupCursor();
   if (target === "hud") return setupHud();
-  console.error(import_chalk19.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`));
+  console.error(import_chalk20.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`));
   process.exit(1);
 });
 program.command("setup").description('Alias for "addto" \u2014 integrate Node9 with an AI agent').addHelpText("after", "\n  Supported targets:  claude  gemini  cursor  hud").argument("[target]", "The agent to protect: claude | gemini | cursor | hud").action(async (target) => {
   if (!target) {
-    console.log(import_chalk19.default.cyan("\n\u{1F6E1}\uFE0F  Node9 Setup \u2014 integrate with your AI agent\n"));
-    console.log("  Usage:  " + import_chalk19.default.white("node9 setup <target>") + "\n");
+    console.log(import_chalk20.default.cyan("\n\u{1F6E1}\uFE0F  Node9 Setup \u2014 integrate with your AI agent\n"));
+    console.log("  Usage:  " + import_chalk20.default.white("node9 setup <target>") + "\n");
     console.log("  Targets:");
-    console.log("    " + import_chalk19.default.green("claude") + "   \u2014 Claude Code (hook mode)");
-    console.log("    " + import_chalk19.default.green("gemini") + "   \u2014 Gemini CLI (hook mode)");
-    console.log("    " + import_chalk19.default.green("cursor") + "   \u2014 Cursor (hook mode)");
+    console.log("    " + import_chalk20.default.green("claude") + "   \u2014 Claude Code (hook mode)");
+    console.log("    " + import_chalk20.default.green("gemini") + "   \u2014 Gemini CLI (hook mode)");
+    console.log("    " + import_chalk20.default.green("cursor") + "   \u2014 Cursor (hook mode)");
     process.stdout.write(
-      "    " + import_chalk19.default.green("hud") + "     \u2014 Claude Code security statusline\n"
+      "    " + import_chalk20.default.green("hud") + "     \u2014 Claude Code security statusline\n"
     );
     console.log("");
     return;
@@ -11803,7 +12333,7 @@ program.command("setup").description('Alias for "addto" \u2014 integrate Node9 w
   if (t === "claude") return await setupClaude();
   if (t === "cursor") return await setupCursor();
   if (t === "hud") return setupHud();
-  console.error(import_chalk19.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`));
+  console.error(import_chalk20.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`));
   process.exit(1);
 });
 program.command("removefrom").description("Remove Node9 hooks from an AI agent configuration").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor").argument("<target>", "The agent to remove from: claude | gemini | cursor").action((target) => {
@@ -11814,31 +12344,31 @@ program.command("removefrom").description("Remove Node9 hooks from an AI agent c
   else if (target === "hud") fn = teardownHud;
   else {
     console.error(
-      import_chalk19.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`)
+      import_chalk20.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor, hud`)
     );
     process.exit(1);
   }
-  console.log(import_chalk19.default.cyan(`
+  console.log(import_chalk20.default.cyan(`
 \u{1F6E1}\uFE0F  Node9: removing hooks from ${target}...
 `));
   try {
     fn();
   } catch (err2) {
-    console.error(import_chalk19.default.red(`  \u26A0\uFE0F  Failed: ${err2 instanceof Error ? err2.message : String(err2)}`));
+    console.error(import_chalk20.default.red(`  \u26A0\uFE0F  Failed: ${err2 instanceof Error ? err2.message : String(err2)}`));
     process.exit(1);
   }
-  console.log(import_chalk19.default.gray("\n  Restart the agent for changes to take effect."));
+  console.log(import_chalk20.default.gray("\n  Restart the agent for changes to take effect."));
 });
 program.command("uninstall").description("Remove all Node9 hooks and optionally delete config files").option("--purge", "Also delete ~/.node9/ directory (config, audit log, credentials)").action(async (options) => {
-  console.log(import_chalk19.default.cyan("\n\u{1F6E1}\uFE0F  Node9 Uninstall\n"));
-  console.log(import_chalk19.default.bold("Stopping daemon..."));
+  console.log(import_chalk20.default.cyan("\n\u{1F6E1}\uFE0F  Node9 Uninstall\n"));
+  console.log(import_chalk20.default.bold("Stopping daemon..."));
   try {
     stopDaemon();
-    console.log(import_chalk19.default.green("  \u2705 Daemon stopped"));
+    console.log(import_chalk20.default.green("  \u2705 Daemon stopped"));
   } catch {
-    console.log(import_chalk19.default.blue("  \u2139\uFE0F  Daemon was not running"));
+    console.log(import_chalk20.default.blue("  \u2139\uFE0F  Daemon was not running"));
   }
-  console.log(import_chalk19.default.bold("\nRemoving hooks..."));
+  console.log(import_chalk20.default.bold("\nRemoving hooks..."));
   let teardownFailed = false;
   for (const [label, fn] of [
     ["Claude", teardownClaude],
@@ -11850,45 +12380,45 @@ program.command("uninstall").description("Remove all Node9 hooks and optionally
     } catch (err2) {
       teardownFailed = true;
       console.error(
-        import_chalk19.default.red(
+        import_chalk20.default.red(
           `  \u26A0\uFE0F  Failed to remove ${label} hooks: ${err2 instanceof Error ? err2.message : String(err2)}`
         )
       );
     }
   }
   if (options.purge) {
-    const node9Dir = import_path31.default.join(import_os24.default.homedir(), ".node9");
-    if (import_fs28.default.existsSync(node9Dir)) {
+    const node9Dir = import_path33.default.join(import_os26.default.homedir(), ".node9");
+    if (import_fs30.default.existsSync(node9Dir)) {
       const confirmed = await (0, import_prompts2.confirm)({
         message: `Permanently delete ${node9Dir} (config, audit log, credentials)?`,
         default: false
       });
       if (confirmed) {
-        import_fs28.default.rmSync(node9Dir, { recursive: true });
-        if (import_fs28.default.existsSync(node9Dir)) {
+        import_fs30.default.rmSync(node9Dir, { recursive: true });
+        if (import_fs30.default.existsSync(node9Dir)) {
           console.error(
-            import_chalk19.default.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
+            import_chalk20.default.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
           );
         } else {
-          console.log(import_chalk19.default.green("\n  \u2705 Deleted ~/.node9/ (config, audit log, credentials)"));
+          console.log(import_chalk20.default.green("\n  \u2705 Deleted ~/.node9/ (config, audit log, credentials)"));
         }
       } else {
-        console.log(import_chalk19.default.yellow("\n  Skipped \u2014 ~/.node9/ was not deleted."));
+        console.log(import_chalk20.default.yellow("\n  Skipped \u2014 ~/.node9/ was not deleted."));
       }
     } else {
-      console.log(import_chalk19.default.blue("\n  \u2139\uFE0F  ~/.node9/ not found \u2014 nothing to delete"));
+      console.log(import_chalk20.default.blue("\n  \u2139\uFE0F  ~/.node9/ not found \u2014 nothing to delete"));
     }
   } else {
     console.log(
-      import_chalk19.default.gray("\n  ~/.node9/ kept \u2014 run with --purge to delete config and audit log")
+      import_chalk20.default.gray("\n  ~/.node9/ kept \u2014 run with --purge to delete config and audit log")
     );
   }
   if (teardownFailed) {
-    console.error(import_chalk19.default.red("\n  \u26A0\uFE0F  Some hooks could not be removed \u2014 see errors above."));
+    console.error(import_chalk20.default.red("\n  \u26A0\uFE0F  Some hooks could not be removed \u2014 see errors above."));
     process.exit(1);
   }
-  console.log(import_chalk19.default.green.bold("\n\u{1F6E1}\uFE0F  Node9 removed. Run: npm uninstall -g @node9/proxy"));
-  console.log(import_chalk19.default.gray("   Restart any open AI agent sessions for changes to take effect.\n"));
+  console.log(import_chalk20.default.green.bold("\n\u{1F6E1}\uFE0F  Node9 removed. Run: npm uninstall -g @node9/proxy"));
+  console.log(import_chalk20.default.gray("   Restart any open AI agent sessions for changes to take effect.\n"));
 });
 registerDoctorCommand(program, version);
 program.command("explain").description(
@@ -11901,7 +12431,7 @@ program.command("explain").description(
       try {
         args = JSON.parse(trimmed);
       } catch {
-        console.error(import_chalk19.default.red(`
+        console.error(import_chalk20.default.red(`
 \u274C Invalid JSON: ${trimmed}
 `));
         process.exit(1);
@@ -11912,60 +12442,61 @@ program.command("explain").description(
   }
   const result = await explainPolicy(tool, args);
   console.log("");
-  console.log(import_chalk19.default.cyan.bold("\u{1F6E1}\uFE0F  Node9 Explain"));
+  console.log(import_chalk20.default.cyan.bold("\u{1F6E1}\uFE0F  Node9 Explain"));
   console.log("");
-  console.log(`   ${import_chalk19.default.bold("Tool:")}    ${import_chalk19.default.white(result.tool)}`);
+  console.log(`   ${import_chalk20.default.bold("Tool:")}    ${import_chalk20.default.white(result.tool)}`);
   if (argsRaw) {
     const preview = argsRaw.length > 80 ? argsRaw.slice(0, 77) + "\u2026" : argsRaw;
-    console.log(`   ${import_chalk19.default.bold("Input:")}   ${import_chalk19.default.gray(preview)}`);
+    console.log(`   ${import_chalk20.default.bold("Input:")}   ${import_chalk20.default.gray(preview)}`);
   }
   console.log("");
-  console.log(import_chalk19.default.bold("Config Sources (Waterfall):"));
+  console.log(import_chalk20.default.bold("Config Sources (Waterfall):"));
   for (const tier of result.waterfall) {
-    const num = import_chalk19.default.gray(`  ${tier.tier}.`);
+    const num2 = import_chalk20.default.gray(`  ${tier.tier}.`);
     const label = tier.label.padEnd(16);
     let statusStr;
     if (tier.tier === 1) {
-      statusStr = import_chalk19.default.gray(tier.note ?? "");
+      statusStr = import_chalk20.default.gray(tier.note ?? "");
     } else if (tier.status === "active") {
-      const loc = tier.path ? import_chalk19.default.gray(tier.path) : "";
-      const note = tier.note ? import_chalk19.default.gray(`(${tier.note})`) : "";
-      statusStr = import_chalk19.default.green("\u2713 active") + (loc ? "  " + loc : "") + (note ? "  " + note : "");
+      const loc = tier.path ? import_chalk20.default.gray(tier.path) : "";
+      const note = tier.note ? import_chalk20.default.gray(`(${tier.note})`) : "";
+      statusStr = import_chalk20.default.green("\u2713 active") + (loc ? "  " + loc : "") + (note ? "  " + note : "");
     } else {
-      statusStr = import_chalk19.default.gray("\u25CB " + (tier.note ?? "not found"));
+      statusStr = import_chalk20.default.gray("\u25CB " + (tier.note ?? "not found"));
     }
-    console.log(`${num} ${import_chalk19.default.white(label)} ${statusStr}`);
+    console.log(`${num2} ${import_chalk20.default.white(label)} ${statusStr}`);
   }
   console.log("");
-  console.log(import_chalk19.default.bold("Policy Evaluation:"));
+  console.log(import_chalk20.default.bold("Policy Evaluation:"));
   for (const step of result.steps) {
     const isFinal = step.isFinal;
     let icon;
-    if (step.outcome === "allow") icon = import_chalk19.default.green("  \u2705");
-    else if (step.outcome === "review") icon = import_chalk19.default.red("  \u{1F534}");
-    else if (step.outcome === "skip") icon = import_chalk19.default.gray("  \u2500 ");
-    else icon = import_chalk19.default.gray("  \u25CB ");
+    if (step.outcome === "allow") icon = import_chalk20.default.green("  \u2705");
+    else if (step.outcome === "review") icon = import_chalk20.default.red("  \u{1F534}");
+    else if (step.outcome === "skip") icon = import_chalk20.default.gray("  \u2500 ");
+    else icon = import_chalk20.default.gray("  \u25CB ");
     const name = step.name.padEnd(18);
-    const nameStr = isFinal ? import_chalk19.default.white.bold(name) : import_chalk19.default.white(name);
-    const detail = isFinal ? import_chalk19.default.white(step.detail) : import_chalk19.default.gray(step.detail);
-    const arrow = isFinal ? import_chalk19.default.yellow("  \u2190 STOP") : "";
+    const nameStr = isFinal ? import_chalk20.default.white.bold(name) : import_chalk20.default.white(name);
+    const detail = isFinal ? import_chalk20.default.white(step.detail) : import_chalk20.default.gray(step.detail);
+    const arrow = isFinal ? import_chalk20.default.yellow("  \u2190 STOP") : "";
     console.log(`${icon} ${nameStr} ${detail}${arrow}`);
   }
   console.log("");
   if (result.decision === "allow") {
-    console.log(import_chalk19.default.green.bold("  Decision: \u2705 ALLOW") + import_chalk19.default.gray("  \u2014 no approval needed"));
+    console.log(import_chalk20.default.green.bold("  Decision: \u2705 ALLOW") + import_chalk20.default.gray("  \u2014 no approval needed"));
   } else {
     console.log(
-      import_chalk19.default.red.bold("  Decision: \u{1F534} REVIEW") + import_chalk19.default.gray("  \u2014 human approval required")
+      import_chalk20.default.red.bold("  Decision: \u{1F534} REVIEW") + import_chalk20.default.gray("  \u2014 human approval required")
     );
     if (result.blockedByLabel) {
-      console.log(import_chalk19.default.gray(`  Reason:   ${result.blockedByLabel}`));
+      console.log(import_chalk20.default.gray(`  Reason:   ${result.blockedByLabel}`));
     }
   }
   console.log("");
 });
 registerInitCommand(program);
 registerAuditCommand(program);
+registerReportCommand(program);
 registerStatusCommand(program);
 registerDaemonCommand(program);
 program.command("tail").description("Stream live agent activity to the terminal").option("--history", "Replay recent history then continue live", false).option("--clear", "Clear the history buffer and exit (does not stream)", false).action(async (options) => {
@@ -11973,7 +12504,7 @@ program.command("tail").description("Stream live agent activity to the terminal"
   try {
     await startTail2(options);
   } catch (err2) {
-    console.error(import_chalk19.default.red(`\u274C ${err2 instanceof Error ? err2.message : String(err2)}`));
+    console.error(import_chalk20.default.red(`\u274C ${err2 instanceof Error ? err2.message : String(err2)}`));
     process.exit(1);
   }
 });
@@ -12005,14 +12536,14 @@ Claude Code spawns this command every ~300ms and writes a JSON payload to stdin.
 Run "node9 addto claude" to register it as the statusLine.`
 ).argument("[subcommand]", 'Optional: "debug on" / "debug off" to toggle stdin logging').argument("[state]", 'on|off \u2014 used with "debug" subcommand').action(async (subcommand, state) => {
   if (subcommand === "debug") {
-    const flagFile = import_path31.default.join(import_os24.default.homedir(), ".node9", "hud-debug");
+    const flagFile = import_path33.default.join(import_os26.default.homedir(), ".node9", "hud-debug");
     if (state === "on") {
-      import_fs28.default.mkdirSync(import_path31.default.dirname(flagFile), { recursive: true });
-      import_fs28.default.writeFileSync(flagFile, "");
+      import_fs30.default.mkdirSync(import_path33.default.dirname(flagFile), { recursive: true });
+      import_fs30.default.writeFileSync(flagFile, "");
       console.log("HUD debug logging enabled \u2192 ~/.node9/hud-debug.log");
       console.log("Tail it with: tail -f ~/.node9/hud-debug.log");
     } else if (state === "off") {
-      if (import_fs28.default.existsSync(flagFile)) import_fs28.default.unlinkSync(flagFile);
+      if (import_fs30.default.existsSync(flagFile)) import_fs30.default.unlinkSync(flagFile);
       console.log("HUD debug logging disabled.");
     } else {
       console.error("Usage: node9 hud debug on|off");
@@ -12027,7 +12558,7 @@ program.command("pause").description("Temporarily disable Node9 protection for a
   const ms = parseDuration(options.duration);
   if (ms === null) {
     console.error(
-      import_chalk19.default.red(`
+      import_chalk20.default.red(`
 \u274C  Invalid duration: "${options.duration}". Use format like 15m, 1h, 30s.
 `)
     );
@@ -12035,20 +12566,20 @@ program.command("pause").description("Temporarily disable Node9 protection for a
   }
   pauseNode9(ms, options.duration);
   const expiresAt = new Date(Date.now() + ms).toLocaleTimeString();
-  console.log(import_chalk19.default.yellow(`
+  console.log(import_chalk20.default.yellow(`
 \u23F8  Node9 paused until ${expiresAt}`));
-  console.log(import_chalk19.default.gray(`   All tool calls will be allowed without review.`));
-  console.log(import_chalk19.default.gray(`   Run "node9 resume" to re-enable early.
+  console.log(import_chalk20.default.gray(`   All tool calls will be allowed without review.`));
+  console.log(import_chalk20.default.gray(`   Run "node9 resume" to re-enable early.
 `));
 });
 program.command("resume").description("Re-enable Node9 protection immediately").action(() => {
   const { paused } = checkPause();
   if (!paused) {
-    console.log(import_chalk19.default.gray("\nNode9 is already active \u2014 nothing to resume.\n"));
+    console.log(import_chalk20.default.gray("\nNode9 is already active \u2014 nothing to resume.\n"));
     return;
   }
   resumeNode9();
-  console.log(import_chalk19.default.green("\n\u25B6  Node9 resumed \u2014 protection is active.\n"));
+  console.log(import_chalk20.default.green("\n\u25B6  Node9 resumed \u2014 protection is active.\n"));
 });
 var HOOK_BASED_AGENTS = {
   claude: "claude",
@@ -12061,15 +12592,15 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
     if (HOOK_BASED_AGENTS[firstArg2] !== void 0) {
       const target = HOOK_BASED_AGENTS[firstArg2];
       console.error(
-        import_chalk19.default.yellow(`
+        import_chalk20.default.yellow(`
 \u26A0\uFE0F  Node9 proxy mode does not support "${target}" directly.`)
       );
-      console.error(import_chalk19.default.white(`
+      console.error(import_chalk20.default.white(`
    "${target}" uses its own hook system. Use:`));
       console.error(
-        import_chalk19.default.green(`     node9 addto ${target}   `) + import_chalk19.default.gray("# one-time setup")
+        import_chalk20.default.green(`     node9 addto ${target}   `) + import_chalk20.default.gray("# one-time setup")
       );
-      console.error(import_chalk19.default.green(`     ${target}              `) + import_chalk19.default.gray("# run normally"));
+      console.error(import_chalk20.default.green(`     ${target}              `) + import_chalk20.default.gray("# run normally"));
       process.exit(1);
     }
     const runArgs = firstArg2 === "shell" ? commandArgs.slice(1) : commandArgs;
@@ -12086,7 +12617,7 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
       }
     );
     if (result.noApprovalMechanism && !isDaemonRunning() && !process.env.NODE9_NO_AUTO_DAEMON && getConfig().settings.autoStartDaemon) {
-      console.error(import_chalk19.default.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically..."));
+      console.error(import_chalk20.default.cyan("\n\u{1F6E1}\uFE0F  Node9: Starting approval daemon automatically..."));
       const daemonReady = await autoStartDaemonAndWait();
       if (daemonReady) result = await authorizeHeadless("shell", { command: fullCommand });
     }
@@ -12099,12 +12630,12 @@ program.argument("[command...]", "The agent command to run (e.g., gemini)").acti
     }
     if (!result.approved) {
       console.error(
-        import_chalk19.default.red(`
+        import_chalk20.default.red(`
 \u274C Node9 Blocked: ${result.reason || "Dangerous command detected."}`)
       );
       process.exit(1);
     }
-    console.error(import_chalk19.default.green("\n\u2705 Approved \u2014 running command...\n"));
+    console.error(import_chalk20.default.green("\n\u2705 Approved \u2014 running command...\n"));
     await runProxy(fullCommand);
   } else {
     program.help();
@@ -12119,9 +12650,9 @@ if (process.argv[2] !== "daemon") {
     const isCheckHook = process.argv[2] === "check";
     if (isCheckHook) {
       if (process.env.NODE9_DEBUG === "1" || getConfig().settings.enableHookLogDebug) {
-        const logPath = import_path31.default.join(import_os24.default.homedir(), ".node9", "hook-debug.log");
+        const logPath = import_path33.default.join(import_os26.default.homedir(), ".node9", "hook-debug.log");
         const msg = reason instanceof Error ? reason.message : String(reason);
-        import_fs28.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
+        import_fs30.default.appendFileSync(logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] UNHANDLED: ${msg}
 `);
       }
       process.exit(0);