@pixelzx/genesis 2026.5.3-5 → 2026.5.5

package/dist/node-cli-BFrdTPdH.js

@@ -0,0 +1,2506 @@
+import { a as normalizeLowercaseStringOrEmpty, c as normalizeOptionalString, o as normalizeNullableString } from "./string-coerce-C1IzJjqi.js";
+import { n as defaultRuntime } from "./runtime-CQ7eH0le.js";
+import { t as formatDocsLink } from "./links-DmsJCU7L.js";
+import { r as theme, t as colorize } from "./theme-BrRleVfL.js";
+import { t as formatCliCommand } from "./command-format-DAeUlu7u.js";
+import { c as sanitizeSystemRunEnvOverrides, o as sanitizeHostExecEnv, t as inspectHostExecEnvOverrides } from "./host-env-security-Bin-AhM4.js";
+import { _ as resolveNodeSystemdServiceName, g as resolveNodeLaunchAgentLabel, u as formatNodeServiceDescription, v as resolveNodeWindowsTaskName } from "./paths-Dk_PxD7g.js";
+import { a as resolveNodeProgramArguments, n as resolveDaemonInstallRuntimeInputs, r as resolveDaemonNodeBinDir, t as emitDaemonInstallRuntimeWarning } from "./daemon-install-plan.shared-BQxPrU7X.js";
+import { n as VERSION } from "./version-BoqlEm3e.js";
+import { s as buildNodeServiceEnvironment } from "./runtime-paths-CYF3ghl0.js";
+import { r as isGatewayDaemonRuntime, t as DEFAULT_GATEWAY_DAEMON_RUNTIME } from "./daemon-runtime-BFK5T_3J.js";
+import { a as logWarn } from "./logger-DxTAquCB.js";
+import { t as sameFileIdentity } from "./file-identity-DBd-elc3.js";
+import { a as loadConfig } from "./io-h8M_Z0Lj.js";
+import { c as normalizeAgentId } from "./session-key-EpIbK3Oz.js";
+import { A as unwrapKnownShellMultiplexerInvocation, L as unwrapKnownDispatchWrapperInvocation, N as resolveInlineCommandMatch, O as isShellWrapperInvocation, P as extractEnvAssignmentKeysFromDispatchWrappers, R as normalizeExecutableToken, S as POSIX_SHELL_WRAPPERS, d as resolveApprovalAuditCandidatePath, j as POSIX_INLINE_COMMAND_FLAGS, k as resolveShellWrapperTransportArgv, p as resolveCommandResolutionFromArgv, y as resolveExecutableFromPathEnv } from "./exec-safe-bin-trust-D3m9TQoQ.js";
+import { d as resolveRuntimeStatusColor, h as installDaemonServiceAndEmit, n as createDaemonInstallActionContext, p as buildDaemonServiceSnapshot, r as failIfNixDaemonInstallMode, t as createCliStatusTextStyles } from "./shared-BdZN5DvO.js";
+import { n as buildPlatformServiceStartHints, r as formatRuntimeStatus, t as buildPlatformRuntimeLogHints } from "./runtime-hints-U-UR-C6L.js";
+import { t as parsePort } from "./parse-port-OVyfw_Ty.js";
+import "./config-B3ZoZd5V.js";
+import { t as GatewayClient } from "./client-CrPccv7a.js";
+import { n as loadOrCreateDeviceIdentity } from "./device-identity-CqT162U8.js";
+import { i as GATEWAY_CLIENT_NAMES, r as GATEWAY_CLIENT_MODES } from "./client-info-CfESmEX1.js";
+import { i as runServiceUninstall, r as runServiceStop, t as runServiceRestart } from "./lifecycle-core-BpdZi2zv.js";
+import { i as NODE_SYSTEM_RUN_COMMANDS, n as NODE_EXEC_APPROVALS_COMMANDS } from "./node-commands-gl3_egiE.js";
+import { a as getActivePluginRegistry } from "./runtime-Sn8KleIb.js";
+import { t as getMachineDisplayName } from "./machine-name-C0HO_9mJ.js";
+import { t as splitShellArgs } from "./shell-argv-CYZYGBfB.js";
+import { _ as resolvePlannedSegmentArgv, c as describeInterpreterInlineEval, d as analyzeArgvCommand, l as detectInterpreterInlineEvalArgv, n as evaluateShellAllowlist, t as evaluateExecAllowlist } from "./exec-approvals-allowlist-BNwpLnkv.js";
+import { r as resolveExecSafeBinRuntimePolicy, t as isInterpreterLikeSafeBin } from "./exec-safe-bin-runtime-policy-9WKan9iE.js";
+import { C as requiresExecApproval, E as resolveExecApprovals, M as requestJsonlSocket, a as addDurableCommandApproval, b as recordAllowlistMatchesUse, d as mergeExecApprovalsSocketDefaults, j as saveExecApprovals, o as ensureExecApprovals, p as normalizeExecApprovals, s as hasDurableExecApproval, v as persistAllowAlwaysPatterns, y as readExecApprovalsSnapshot } from "./exec-approvals-BD-zKkI1.js";
+import { t as resolveGatewayConnectionAuth } from "./connection-auth-ClOE-Fdq.js";
+import { t as formatHelpExamples } from "./help-format-DM-hbV3N.js";
+import { n as resolveSystemRunCommandRequest, s as normalizeSystemRunApprovalPlan, t as formatExecCommand } from "./system-run-command-DpmKt0vV.js";
+import { t as ensureGenesisCliOnPath } from "./path-env-4eKek7HW.js";
+import { n as loadNodeHostConfig, r as saveNodeHostConfig, t as ensureNodeHostConfig } from "./config-2LFRVjdy.js";
+import { t as resolveNodeService } from "./node-service-CijQCPXW.js";
+import fs from "node:fs";
+import path from "node:path";
+import { spawn, spawnSync } from "node:child_process";
+import crypto from "node:crypto";
+//#region src/infra/exec-host.ts
+async function requestExecHostViaSocket(params) {
+	const { socketPath, token, request } = params;
+	if (!socketPath || !token) return null;
+	const timeoutMs = params.timeoutMs ?? 2e4;
+	const requestJson = JSON.stringify(request);
+	const nonce = crypto.randomBytes(16).toString("hex");
+	const ts = Date.now();
+	const hmac = crypto.createHmac("sha256", token).update(`${nonce}:${ts}:${requestJson}`).digest("hex");
+	return await requestJsonlSocket({
+		socketPath,
+		requestLine: JSON.stringify({
+			type: "exec",
+			id: crypto.randomUUID(),
+			nonce,
+			ts,
+			hmac,
+			requestJson
+		}),
+		timeoutMs,
+		accept: (value) => {
+			const msg = value;
+			if (msg?.type !== "exec-res") return;
+			if (msg.ok === true && msg.payload) return {
+				ok: true,
+				payload: msg.payload
+			};
+			if (msg.ok === false && msg.error) return {
+				ok: false,
+				error: msg.error
+			};
+			return null;
+		}
+	});
+}
+//#endregion
+//#region src/node-host/exec-policy.ts
+function resolveExecApprovalDecision(value) {
+	if (value === "allow-once" || value === "allow-always") return value;
+	return null;
+}
+function formatSystemRunAllowlistMissMessage(params) {
+	if (params?.windowsShellWrapperBlocked) return "SYSTEM_RUN_DENIED: allowlist miss (Windows shell wrappers like cmd.exe /c require approval; approve once/always or run with --ask on-miss|always)";
+	if (params?.shellWrapperBlocked) return "SYSTEM_RUN_DENIED: allowlist miss (shell wrappers like sh/bash/zsh -c require approval; approve once/always or run with --ask on-miss|always)";
+	return "SYSTEM_RUN_DENIED: allowlist miss";
+}
+function evaluateSystemRunPolicy(params) {
+	const windowsShellWrapperBlocked = params.security === "allowlist" && params.shellWrapperInvocation && params.isWindows && params.cmdInvocation;
+	const shellWrapperBlocked = windowsShellWrapperBlocked;
+	const analysisOk = shellWrapperBlocked ? false : params.analysisOk;
+	const allowlistSatisfied = shellWrapperBlocked ? false : params.allowlistSatisfied;
+	const approvedByAsk = params.approvalDecision !== null || params.approved === true;
+	if (params.security === "deny") return {
+		allowed: false,
+		eventReason: "security=deny",
+		errorMessage: "SYSTEM_RUN_DISABLED: security=deny",
+		analysisOk,
+		allowlistSatisfied,
+		shellWrapperBlocked,
+		windowsShellWrapperBlocked,
+		requiresAsk: false,
+		approvalDecision: params.approvalDecision,
+		approvedByAsk
+	};
+	const requiresAsk = requiresExecApproval({
+		ask: params.ask,
+		security: params.security,
+		analysisOk,
+		allowlistSatisfied,
+		durableApprovalSatisfied: params.durableApprovalSatisfied
+	});
+	if (requiresAsk && !approvedByAsk) return {
+		allowed: false,
+		eventReason: "approval-required",
+		errorMessage: "SYSTEM_RUN_DENIED: approval required",
+		analysisOk,
+		allowlistSatisfied,
+		shellWrapperBlocked,
+		windowsShellWrapperBlocked,
+		requiresAsk,
+		approvalDecision: params.approvalDecision,
+		approvedByAsk
+	};
+	if (params.security === "allowlist" && (!analysisOk || !allowlistSatisfied) && !approvedByAsk) {
+		if (params.durableApprovalSatisfied) return {
+			allowed: true,
+			analysisOk,
+			allowlistSatisfied,
+			shellWrapperBlocked,
+			windowsShellWrapperBlocked,
+			requiresAsk,
+			approvalDecision: params.approvalDecision,
+			approvedByAsk
+		};
+		return {
+			allowed: false,
+			eventReason: "allowlist-miss",
+			errorMessage: formatSystemRunAllowlistMissMessage({
+				shellWrapperBlocked,
+				windowsShellWrapperBlocked
+			}),
+			analysisOk,
+			allowlistSatisfied,
+			shellWrapperBlocked,
+			windowsShellWrapperBlocked,
+			requiresAsk,
+			approvalDecision: params.approvalDecision,
+			approvedByAsk
+		};
+	}
+	return {
+		allowed: true,
+		analysisOk,
+		allowlistSatisfied,
+		shellWrapperBlocked,
+		windowsShellWrapperBlocked,
+		requiresAsk,
+		approvalDecision: params.approvalDecision,
+		approvedByAsk
+	};
+}
+//#endregion
+//#region src/node-host/invoke-system-run-allowlist.ts
+function evaluateSystemRunAllowlist(params) {
+	if (params.shellCommand) {
+		const allowlistEval = evaluateShellAllowlist({
+			command: params.shellCommand,
+			allowlist: params.approvals.allowlist,
+			safeBins: params.safeBins,
+			safeBinProfiles: params.safeBinProfiles,
+			cwd: params.cwd,
+			env: params.env,
+			trustedSafeBinDirs: params.trustedSafeBinDirs,
+			skillBins: params.skillBins,
+			autoAllowSkills: params.autoAllowSkills,
+			platform: process.platform
+		});
+		return {
+			analysisOk: allowlistEval.analysisOk,
+			allowlistMatches: allowlistEval.allowlistMatches,
+			allowlistSatisfied: params.security === "allowlist" && allowlistEval.analysisOk ? allowlistEval.allowlistSatisfied : false,
+			segments: allowlistEval.segments,
+			segmentAllowlistEntries: allowlistEval.segmentAllowlistEntries
+		};
+	}
+	const analysis = analyzeArgvCommand({
+		argv: params.argv,
+		cwd: params.cwd,
+		env: params.env
+	});
+	const allowlistEval = evaluateExecAllowlist({
+		analysis,
+		allowlist: params.approvals.allowlist,
+		safeBins: params.safeBins,
+		safeBinProfiles: params.safeBinProfiles,
+		cwd: params.cwd,
+		trustedSafeBinDirs: params.trustedSafeBinDirs,
+		skillBins: params.skillBins,
+		autoAllowSkills: params.autoAllowSkills
+	});
+	return {
+		analysisOk: analysis.ok,
+		allowlistMatches: allowlistEval.allowlistMatches,
+		allowlistSatisfied: params.security === "allowlist" && analysis.ok ? allowlistEval.allowlistSatisfied : false,
+		segments: analysis.segments,
+		segmentAllowlistEntries: allowlistEval.segmentAllowlistEntries
+	};
+}
+function resolvePlannedAllowlistArgv(params) {
+	if (params.security !== "allowlist" || params.policy.approvedByAsk || params.shellCommand || !params.policy.analysisOk || !params.policy.allowlistSatisfied || params.segments.length !== 1) return;
+	const plannedAllowlistArgv = resolvePlannedSegmentArgv(params.segments[0]);
+	return plannedAllowlistArgv && plannedAllowlistArgv.length > 0 ? plannedAllowlistArgv : null;
+}
+function resolveSystemRunExecArgv(params) {
+	let execArgv = params.plannedAllowlistArgv ?? params.argv;
+	if (params.security === "allowlist" && params.isWindows && !params.policy.approvedByAsk && params.shellCommand && params.policy.analysisOk && params.policy.allowlistSatisfied && params.segments.length === 1 && params.segments[0]?.argv.length > 0) execArgv = params.segments[0].argv;
+	return execArgv;
+}
+function applyOutputTruncation(result) {
+	if (!result.truncated) return;
+	const suffix = "... (truncated)";
+	if (result.stderr.trim().length > 0) result.stderr = `${result.stderr}\n${suffix}`;
+	else result.stdout = `${result.stdout}\n${suffix}`;
+}
+//#endregion
+//#region src/node-host/invoke-system-run-plan.ts
+const MUTABLE_ARGV1_INTERPRETER_PATTERNS = [
+	/^(?:node|nodejs)$/,
+	/^perl$/,
+	/^php$/,
+	/^python(?:\d+(?:\.\d+)*)?$/,
+	/^ruby$/
+];
+const GENERIC_MUTABLE_SCRIPT_RUNNERS = new Set([
+	"esno",
+	"jiti",
+	"ts-node",
+	"ts-node-esm",
+	"tsx",
+	"vite-node"
+]);
+const OPAQUE_MUTABLE_SCRIPT_RUNNERS = new Set(["busybox", "toybox"]);
+const BUN_SUBCOMMANDS = new Set([
+	"add",
+	"audit",
+	"completions",
+	"create",
+	"exec",
+	"help",
+	"init",
+	"install",
+	"link",
+	"outdated",
+	"patch",
+	"pm",
+	"publish",
+	"remove",
+	"repl",
+	"run",
+	"test",
+	"unlink",
+	"update",
+	"upgrade",
+	"x"
+]);
+const BUN_OPTIONS_WITH_VALUE = new Set([
+	"--backend",
+	"--bunfig",
+	"--conditions",
+	"--config",
+	"--console-depth",
+	"--cwd",
+	"--define",
+	"--elide-lines",
+	"--env-file",
+	"--extension-order",
+	"--filter",
+	"--hot",
+	"--inspect",
+	"--inspect-brk",
+	"--inspect-wait",
+	"--install",
+	"--jsx-factory",
+	"--jsx-fragment",
+	"--jsx-import-source",
+	"--loader",
+	"--origin",
+	"--port",
+	"--preload",
+	"--smol",
+	"--tsconfig-override",
+	"-c",
+	"-e",
+	"-p",
+	"-r"
+]);
+const DENO_RUN_OPTIONS_WITH_VALUE = new Set([
+	"--cached-only",
+	"--cert",
+	"--config",
+	"--env-file",
+	"--ext",
+	"--harmony-import-attributes",
+	"--import-map",
+	"--inspect",
+	"--inspect-brk",
+	"--inspect-wait",
+	"--location",
+	"--log-level",
+	"--lock",
+	"--node-modules-dir",
+	"--no-check",
+	"--preload",
+	"--reload",
+	"--seed",
+	"--strace-ops",
+	"--unstable-bare-node-builtins",
+	"--v8-flags",
+	"--watch",
+	"--watch-exclude",
+	"-L"
+]);
+const NODE_OPTIONS_WITH_FILE_VALUE = new Set([
+	"-r",
+	"--experimental-loader",
+	"--import",
+	"--loader",
+	"--require"
+]);
+const RUBY_UNSAFE_APPROVAL_FLAGS = new Set([
+	"-I",
+	"-r",
+	"--require"
+]);
+const PERL_UNSAFE_APPROVAL_FLAGS = new Set([
+	"-I",
+	"-M",
+	"-m"
+]);
+function normalizeOptionFlag(token) {
+	return normalizeLowercaseStringOrEmpty(token.split("=", 1)[0]);
+}
+function readTrimmedArgToken(argv, index) {
+	return normalizeNullableString(argv[index]) ?? "";
+}
+const POSIX_SHELL_OPTIONS_WITH_VALUE = new Set([
+	"--init-file",
+	"--rcfile",
+	"--startup-script",
+	"-o"
+]);
+const NPM_EXEC_OPTIONS_WITH_VALUE = new Set([
+	"--cache",
+	"--package",
+	"--prefix",
+	"--script-shell",
+	"--userconfig",
+	"--workspace",
+	"-p",
+	"-w"
+]);
+const NPM_EXEC_FLAG_OPTIONS = new Set([
+	"--no",
+	"--quiet",
+	"--ws",
+	"--workspaces",
+	"--yes",
+	"-q",
+	"-y"
+]);
+const PNPM_OPTIONS_WITH_VALUE = new Set([
+	"--config",
+	"--dir",
+	"--filter",
+	"--reporter",
+	"--stream",
+	"--test-pattern",
+	"--workspace-concurrency",
+	"-C"
+]);
+const PNPM_FLAG_OPTIONS = new Set([
+	"--aggregate-output",
+	"--color",
+	"--parallel",
+	"--recursive",
+	"--silent",
+	"--workspace-root",
+	"-r",
+	"-s",
+	"-w"
+]);
+const PNPM_DLX_OPTIONS_WITH_VALUE = new Set([
+	"--allow-build",
+	"--package",
+	"-p"
+]);
+function pathComponentsFromRootSync(targetPath) {
+	const absolute = path.resolve(targetPath);
+	const parts = [];
+	let cursor = absolute;
+	while (true) {
+		parts.unshift(cursor);
+		const parent = path.dirname(cursor);
+		if (parent === cursor) return parts;
+		cursor = parent;
+	}
+}
+function isOwnedByCurrentProcessSync(candidate) {
+	if (process.platform === "win32" || typeof process.getuid !== "function") return false;
+	try {
+		return fs.statSync(candidate).uid === process.getuid();
+	} catch {
+		return false;
+	}
+}
+function isMutableByCurrentProcessSync(candidate) {
+	try {
+		fs.accessSync(candidate, fs.constants.W_OK);
+		return true;
+	} catch {
+		return isOwnedByCurrentProcessSync(candidate);
+	}
+}
+function hasMutableSymlinkPathComponentSync(targetPath) {
+	for (const component of pathComponentsFromRootSync(targetPath)) try {
+		if (!fs.lstatSync(component).isSymbolicLink()) continue;
+		if (isMutableByCurrentProcessSync(path.dirname(component))) return true;
+	} catch {
+		return true;
+	}
+	return false;
+}
+function pathLooksMutableForShellPayloadSync(targetPath) {
+	if (isMutableByCurrentProcessSync(targetPath) || isMutableByCurrentProcessSync(path.dirname(targetPath)) || hasMutableSymlinkPathComponentSync(targetPath)) return true;
+	let realPath;
+	try {
+		realPath = fs.realpathSync(targetPath);
+	} catch {
+		return true;
+	}
+	return isMutableByCurrentProcessSync(realPath) || isMutableByCurrentProcessSync(path.dirname(realPath)) || hasMutableSymlinkPathComponentSync(realPath);
+}
+function shouldPinExecutableForApproval(params) {
+	if (params.shellCommand !== null) return false;
+	return (params.wrapperChain?.length ?? 0) === 0;
+}
+function hashFileContentsSync(filePath) {
+	return crypto.createHash("sha256").update(fs.readFileSync(filePath)).digest("hex");
+}
+function looksLikePathToken(token) {
+	return token.startsWith(".") || token.startsWith("/") || token.startsWith("\\") || token.includes("/") || token.includes("\\") || path.extname(token).length > 0;
+}
+function resolvesToExistingFileSync(rawOperand, cwd) {
+	if (!rawOperand) return false;
+	try {
+		return fs.statSync(path.resolve(cwd ?? process.cwd(), rawOperand)).isFile();
+	} catch {
+		return false;
+	}
+}
+function isKnownBinaryExecutableHeader(buffer) {
+	if (buffer.length >= 4 && buffer.subarray(0, 4).equals(Buffer.from([
+		127,
+		69,
+		76,
+		70
+	]))) return true;
+	if (buffer.length >= 4 && (buffer.subarray(0, 4).equals(Buffer.from([
+		254,
+		237,
+		250,
+		206
+	])) || buffer.subarray(0, 4).equals(Buffer.from([
+		206,
+		250,
+		237,
+		254
+	])) || buffer.subarray(0, 4).equals(Buffer.from([
+		254,
+		237,
+		250,
+		207
+	])) || buffer.subarray(0, 4).equals(Buffer.from([
+		207,
+		250,
+		237,
+		254
+	])) || buffer.subarray(0, 4).equals(Buffer.from([
+		202,
+		254,
+		186,
+		190
+	])) || buffer.subarray(0, 4).equals(Buffer.from([
+		190,
+		186,
+		254,
+		202
+	])) || buffer.subarray(0, 4).equals(Buffer.from([
+		202,
+		254,
+		186,
+		191
+	])) || buffer.subarray(0, 4).equals(Buffer.from([
+		191,
+		186,
+		254,
+		202
+	])))) return true;
+	if (buffer.length < 64 || !buffer.subarray(0, 2).equals(Buffer.from([77, 90]))) return false;
+	const peOffset = buffer.readUInt32LE(60);
+	return peOffset >= 0 && peOffset <= buffer.length - 4 && buffer.subarray(peOffset, peOffset + 4).equals(Buffer.from([
+		80,
+		69,
+		0,
+		0
+	]));
+}
+function isLikelyScriptLikePathSync(targetPath) {
+	let stat;
+	try {
+		stat = fs.statSync(targetPath);
+	} catch {
+		return true;
+	}
+	if (!stat.isFile()) return true;
+	let header;
+	try {
+		const fd = fs.openSync(targetPath, "r");
+		try {
+			header = Buffer.alloc(1024);
+			const bytesRead = fs.readSync(fd, header, 0, header.length, 0);
+			header = header.subarray(0, bytesRead);
+		} finally {
+			fs.closeSync(fd);
+		}
+	} catch {
+		return true;
+	}
+	if (header.length === 0) return true;
+	if (header.subarray(0, 2).equals(Buffer.from("#!"))) return true;
+	if (isKnownBinaryExecutableHeader(header)) return false;
+	return true;
+}
+function unwrapArgvForMutableOperand(argv) {
+	let current = argv;
+	let baseIndex = 0;
+	let opaqueMultiplexerSeen = false;
+	while (true) {
+		const dispatchUnwrap = unwrapKnownDispatchWrapperInvocation(current);
+		if (dispatchUnwrap.kind === "unwrapped") {
+			baseIndex += current.length - dispatchUnwrap.argv.length;
+			current = dispatchUnwrap.argv;
+			continue;
+		}
+		const shellMultiplexerUnwrap = unwrapKnownShellMultiplexerInvocation(current);
+		if (shellMultiplexerUnwrap.kind === "unwrapped") {
+			if (OPAQUE_MUTABLE_SCRIPT_RUNNERS.has(shellMultiplexerUnwrap.wrapper)) opaqueMultiplexerSeen = true;
+			baseIndex += current.length - shellMultiplexerUnwrap.argv.length;
+			current = shellMultiplexerUnwrap.argv;
+			continue;
+		}
+		const packageManagerUnwrap = unwrapKnownPackageManagerExecInvocation(current);
+		if (packageManagerUnwrap) {
+			baseIndex += current.length - packageManagerUnwrap.length;
+			current = packageManagerUnwrap;
+			continue;
+		}
+		return {
+			argv: current,
+			baseIndex,
+			opaqueMultiplexerSeen
+		};
+	}
+}
+function unwrapKnownPackageManagerExecInvocation(argv) {
+	switch (normalizePackageManagerExecToken(argv[0] ?? "")) {
+		case "npm": return unwrapNpmExecInvocation(argv);
+		case "npx":
+		case "bunx": return unwrapDirectPackageExecInvocation(argv);
+		case "pnpm": return unwrapPnpmExecInvocation(argv);
+		default: return null;
+	}
+}
+function normalizePackageManagerExecToken(token) {
+	const normalized = normalizeExecutableToken(token);
+	if (!normalized) return normalized;
+	return normalized.replace(/\.(?:c|m)?js$/i, "");
+}
+function unwrapPnpmExecInvocation(argv) {
+	let idx = 1;
+	while (idx < argv.length) {
+		const token = readTrimmedArgToken(argv, idx);
+		if (!token) {
+			idx += 1;
+			continue;
+		}
+		if (token === "--") {
+			idx += 1;
+			continue;
+		}
+		if (!token.startsWith("-")) {
+			if (token === "exec") {
+				if (idx + 1 >= argv.length) return null;
+				const tail = argv.slice(idx + 1);
+				return tail[0] === "--" ? tail.length > 1 ? tail.slice(1) : null : tail;
+			}
+			if (token === "dlx") return unwrapPnpmDlxInvocation(argv.slice(idx + 1));
+			if (token === "node") {
+				const tail = argv.slice(idx + 1);
+				return ["node", ...tail[0] === "--" ? tail.slice(1) : tail];
+			}
+			return null;
+		}
+		const flag = normalizeOptionFlag(token);
+		if (PNPM_OPTIONS_WITH_VALUE.has(flag) || PNPM_DLX_OPTIONS_WITH_VALUE.has(flag)) {
+			idx += token.includes("=") ? 1 : 2;
+			continue;
+		}
+		if (PNPM_FLAG_OPTIONS.has(flag)) {
+			idx += 1;
+			continue;
+		}
+		return null;
+	}
+	return null;
+}
+function unwrapPnpmDlxInvocation(argv) {
+	let idx = 0;
+	while (idx < argv.length) {
+		const token = readTrimmedArgToken(argv, idx);
+		if (!token) {
+			idx += 1;
+			continue;
+		}
+		if (token === "--") {
+			const tail = argv.slice(idx + 1);
+			return tail.length > 0 ? tail : null;
+		}
+		if (!token.startsWith("-")) return argv.slice(idx);
+		const flag = normalizeOptionFlag(token);
+		if (flag === "-c" || flag === "--shell-mode") return null;
+		if (PNPM_OPTIONS_WITH_VALUE.has(flag) || PNPM_DLX_OPTIONS_WITH_VALUE.has(flag)) {
+			idx += token.includes("=") ? 1 : 2;
+			continue;
+		}
+		if (PNPM_FLAG_OPTIONS.has(flag)) {
+			idx += 1;
+			continue;
+		}
+		return null;
+	}
+	return null;
+}
+function unwrapDirectPackageExecInvocation(argv) {
+	let idx = 1;
+	while (idx < argv.length) {
+		const token = readTrimmedArgToken(argv, idx);
+		if (!token) {
+			idx += 1;
+			continue;
+		}
+		if (!token.startsWith("-")) return argv.slice(idx);
+		const flag = normalizeOptionFlag(token);
+		if (flag === "-c" || flag === "--call") return null;
+		if (NPM_EXEC_OPTIONS_WITH_VALUE.has(flag)) {
+			idx += token.includes("=") ? 1 : 2;
+			continue;
+		}
+		if (NPM_EXEC_FLAG_OPTIONS.has(flag)) {
+			idx += 1;
+			continue;
+		}
+		return null;
+	}
+	return null;
+}
+function unwrapNpmExecInvocation(argv) {
+	let idx = 1;
+	while (idx < argv.length) {
+		const token = readTrimmedArgToken(argv, idx);
+		if (!token) {
+			idx += 1;
+			continue;
+		}
+		if (!token.startsWith("-")) {
+			if (token !== "exec") return null;
+			idx += 1;
+			break;
+		}
+		if ((token === "-C" || token === "--prefix" || token === "--userconfig") && !token.includes("=")) {
+			idx += 2;
+			continue;
+		}
+		idx += 1;
+	}
+	if (idx >= argv.length) return null;
+	const tail = argv.slice(idx);
+	if (tail[0] === "--") return tail.length > 1 ? tail.slice(1) : null;
+	return unwrapDirectPackageExecInvocation(["npx", ...tail]);
+}
+function resolvePosixShellScriptOperandIndex(argv) {
+	if (resolveInlineCommandMatch(argv, POSIX_INLINE_COMMAND_FLAGS, { allowCombinedC: true }).valueTokenIndex !== null) return null;
+	let afterDoubleDash = false;
+	for (let i = 1; i < argv.length; i += 1) {
+		const token = readTrimmedArgToken(argv, i);
+		if (!token) continue;
+		if (token === "-") return null;
+		if (!afterDoubleDash && token === "--") {
+			afterDoubleDash = true;
+			continue;
+		}
+		if (!afterDoubleDash && token === "-s") return null;
+		if (!afterDoubleDash && token.startsWith("-")) {
+			const flag = normalizeOptionFlag(token);
+			if (POSIX_SHELL_OPTIONS_WITH_VALUE.has(flag)) {
+				if (!token.includes("=")) i += 1;
+				continue;
+			}
+			continue;
+		}
+		return i;
+	}
+	return null;
+}
+function resolveOptionFilteredFileOperandIndex(params) {
+	let afterDoubleDash = false;
+	for (let i = params.startIndex; i < params.argv.length; i += 1) {
+		const token = readTrimmedArgToken(params.argv, i);
+		if (!token) continue;
+		if (afterDoubleDash) return resolvesToExistingFileSync(token, params.cwd) ? i : null;
+		if (token === "--") {
+			afterDoubleDash = true;
+			continue;
+		}
+		if (token === "-") return null;
+		if (token.startsWith("-")) {
+			if (!token.includes("=") && params.optionsWithValue?.has(token)) i += 1;
+			continue;
+		}
+		return resolvesToExistingFileSync(token, params.cwd) ? i : null;
+	}
+	return null;
+}
+function resolveOptionFilteredPositionalIndex(params) {
+	let afterDoubleDash = false;
+	for (let i = params.startIndex; i < params.argv.length; i += 1) {
+		const token = readTrimmedArgToken(params.argv, i);
+		if (!token) continue;
+		if (afterDoubleDash) return i;
+		if (token === "--") {
+			afterDoubleDash = true;
+			continue;
+		}
+		if (token === "-") return null;
+		if (token.startsWith("-")) {
+			if (!token.includes("=") && params.optionsWithValue?.has(token)) i += 1;
+			continue;
+		}
+		return i;
+	}
+	return null;
+}
+function collectExistingFileOperandIndexes(params) {
+	let afterDoubleDash = false;
+	const hits = [];
+	for (let i = params.startIndex; i < params.argv.length; i += 1) {
+		const token = readTrimmedArgToken(params.argv, i);
+		if (!token) continue;
+		if (afterDoubleDash) {
+			if (resolvesToExistingFileSync(token, params.cwd)) hits.push(i);
+			continue;
+		}
+		if (token === "--") {
+			afterDoubleDash = true;
+			continue;
+		}
+		if (token === "-") return {
+			hits: [],
+			sawOptionValueFile: false
+		};
+		if (token.startsWith("-")) {
+			const [flag, inlineValue] = token.split("=", 2);
+			if (params.optionsWithFileValue?.has(normalizeLowercaseStringOrEmpty(flag))) {
+				if (inlineValue && resolvesToExistingFileSync(inlineValue, params.cwd)) {
+					hits.push(i);
+					return {
+						hits,
+						sawOptionValueFile: true
+					};
+				}
+				const nextToken = readTrimmedArgToken(params.argv, i + 1);
+				if (!inlineValue && nextToken && resolvesToExistingFileSync(nextToken, params.cwd)) {
+					hits.push(i + 1);
+					return {
+						hits,
+						sawOptionValueFile: true
+					};
+				}
+			}
+			continue;
+		}
+		if (resolvesToExistingFileSync(token, params.cwd)) hits.push(i);
+	}
+	return {
+		hits,
+		sawOptionValueFile: false
+	};
+}
+function resolveGenericInterpreterScriptOperandIndex(params) {
+	const collection = collectExistingFileOperandIndexes({
+		argv: params.argv,
+		startIndex: 1,
+		cwd: params.cwd,
+		optionsWithFileValue: params.optionsWithFileValue
+	});
+	if (collection.sawOptionValueFile) return null;
+	return collection.hits.length === 1 ? collection.hits[0] : null;
+}
+function resolveBunScriptOperandIndex(params) {
+	const directIndex = resolveOptionFilteredPositionalIndex({
+		argv: params.argv,
+		startIndex: 1,
+		optionsWithValue: BUN_OPTIONS_WITH_VALUE
+	});
+	if (directIndex === null) return null;
+	const directToken = readTrimmedArgToken(params.argv, directIndex);
+	if (directToken === "run") return resolveOptionFilteredFileOperandIndex({
+		argv: params.argv,
+		startIndex: directIndex + 1,
+		cwd: params.cwd,
+		optionsWithValue: BUN_OPTIONS_WITH_VALUE
+	});
+	if (BUN_SUBCOMMANDS.has(directToken)) return null;
+	if (!looksLikePathToken(directToken)) return null;
+	return directIndex;
+}
+function resolveDenoRunScriptOperandIndex(params) {
+	if (readTrimmedArgToken(params.argv, 1) !== "run") return null;
+	return resolveOptionFilteredFileOperandIndex({
+		argv: params.argv,
+		startIndex: 2,
+		cwd: params.cwd,
+		optionsWithValue: DENO_RUN_OPTIONS_WITH_VALUE
+	});
+}
+function hasRubyUnsafeApprovalFlag(argv) {
+	let afterDoubleDash = false;
+	for (let i = 1; i < argv.length; i += 1) {
+		const token = readTrimmedArgToken(argv, i);
+		if (!token) continue;
+		if (afterDoubleDash) return false;
+		if (token === "--") {
+			afterDoubleDash = true;
+			continue;
+		}
+		if (token === "-I" || token === "-r") return true;
+		if (token.startsWith("-I") || token.startsWith("-r")) return true;
+		if (RUBY_UNSAFE_APPROVAL_FLAGS.has(normalizeLowercaseStringOrEmpty(token))) return true;
+	}
+	return false;
+}
+function hasPerlUnsafeApprovalFlag(argv) {
+	let afterDoubleDash = false;
+	for (let i = 1; i < argv.length; i += 1) {
+		const token = readTrimmedArgToken(argv, i);
+		if (!token) continue;
+		if (afterDoubleDash) return false;
+		if (token === "--") {
+			afterDoubleDash = true;
+			continue;
+		}
+		if (token === "-I" || token === "-M" || token === "-m") return true;
+		if (token.startsWith("-I") || token.startsWith("-M") || token.startsWith("-m")) return true;
+		if (PERL_UNSAFE_APPROVAL_FLAGS.has(token)) return true;
+	}
+	return false;
+}
+function isMutableScriptRunner(executable) {
+	return GENERIC_MUTABLE_SCRIPT_RUNNERS.has(executable) || OPAQUE_MUTABLE_SCRIPT_RUNNERS.has(executable) || isInterpreterLikeSafeBin(executable);
+}
+function resolveMutableFileOperandIndex(argv, cwd) {
+	const unwrapped = unwrapArgvForMutableOperand(argv);
+	const executable = normalizeExecutableToken(unwrapped.argv[0] ?? "");
+	if (!executable) return null;
+	if (unwrapped.opaqueMultiplexerSeen || OPAQUE_MUTABLE_SCRIPT_RUNNERS.has(executable)) return null;
+	if (POSIX_SHELL_WRAPPERS.has(executable)) {
+		const shellIndex = resolvePosixShellScriptOperandIndex(unwrapped.argv);
+		return shellIndex === null ? null : unwrapped.baseIndex + shellIndex;
+	}
+	if (MUTABLE_ARGV1_INTERPRETER_PATTERNS.some((pattern) => pattern.test(executable))) {
+		const operand = readTrimmedArgToken(unwrapped.argv, 1);
+		if (operand && operand !== "-" && !operand.startsWith("-")) return unwrapped.baseIndex + 1;
+	}
+	if (executable === "bun") {
+		const bunIndex = resolveBunScriptOperandIndex({
+			argv: unwrapped.argv,
+			cwd
+		});
+		if (bunIndex !== null) return unwrapped.baseIndex + bunIndex;
+	}
+	if (executable === "deno") {
+		const denoIndex = resolveDenoRunScriptOperandIndex({
+			argv: unwrapped.argv,
+			cwd
+		});
+		if (denoIndex !== null) return unwrapped.baseIndex + denoIndex;
+	}
+	if (executable === "ruby" && hasRubyUnsafeApprovalFlag(unwrapped.argv)) return null;
+	if (executable === "perl" && hasPerlUnsafeApprovalFlag(unwrapped.argv)) return null;
+	if (!isMutableScriptRunner(executable)) return null;
+	const genericIndex = resolveGenericInterpreterScriptOperandIndex({
+		argv: unwrapped.argv,
+		cwd,
+		optionsWithFileValue: executable === "node" || executable === "nodejs" ? NODE_OPTIONS_WITH_FILE_VALUE : void 0
+	});
+	return genericIndex === null ? null : unwrapped.baseIndex + genericIndex;
+}
+function shellPayloadNeedsStableBinding(shellCommand, cwd) {
+	const argv = splitShellArgs(shellCommand);
+	if (!argv || argv.length === 0) return false;
+	const snapshot = resolveMutableFileOperandSnapshotSync({
+		argv,
+		cwd,
+		shellCommand: null
+	});
+	if (!snapshot.ok) return true;
+	if (snapshot.snapshot) return true;
+	const firstToken = readTrimmedArgToken(argv, 0);
+	if (!resolvesToExistingFileSync(firstToken, cwd)) return false;
+	if (!path.isAbsolute(firstToken)) return true;
+	const resolvedPath = path.resolve(cwd ?? process.cwd(), firstToken);
+	if (pathLooksMutableForShellPayloadSync(resolvedPath)) return true;
+	return isLikelyScriptLikePathSync(resolvedPath);
+}
+function requiresStableInterpreterApprovalBindingWithShellCommand(params) {
+	const unwrapped = unwrapArgvForMutableOperand(params.argv);
+	if (unwrapped.opaqueMultiplexerSeen) return true;
+	if (params.shellCommand !== null) return shellPayloadNeedsStableBinding(params.shellCommand, params.cwd);
+	if (pnpmDlxInvocationNeedsFailClosedBinding(params.argv, params.cwd)) return true;
+	const executable = normalizeExecutableToken(unwrapped.argv[0] ?? "");
+	if (!executable) return false;
+	if (POSIX_SHELL_WRAPPERS.has(executable)) return false;
+	return isMutableScriptRunner(executable);
+}
+function pnpmDlxInvocationNeedsFailClosedBinding(argv, cwd) {
+	if (normalizePackageManagerExecToken(argv[0] ?? "") !== "pnpm") return false;
+	let idx = 1;
+	while (idx < argv.length) {
+		const token = readTrimmedArgToken(argv, idx);
+		if (!token) {
+			idx += 1;
+			continue;
+		}
+		if (token === "--") {
+			idx += 1;
+			continue;
+		}
+		if (!token.startsWith("-")) {
+			if (token !== "dlx") return false;
+			return pnpmDlxTailNeedsFailClosedBinding(argv.slice(idx + 1), cwd);
+		}
+		const flag = normalizeOptionFlag(token);
+		if (PNPM_OPTIONS_WITH_VALUE.has(flag) || PNPM_DLX_OPTIONS_WITH_VALUE.has(flag)) {
+			idx += token.includes("=") ? 1 : 2;
+			continue;
+		}
+		if (PNPM_FLAG_OPTIONS.has(flag)) {
+			idx += 1;
+			continue;
+		}
+		return true;
+	}
+	return false;
+}
+function pnpmDlxTailNeedsFailClosedBinding(argv, cwd) {
+	let idx = 0;
+	while (idx < argv.length) {
+		const token = readTrimmedArgToken(argv, idx);
+		if (!token) {
+			idx += 1;
+			continue;
+		}
+		if (token === "--") return pnpmDlxTailMayNeedStableBinding(argv.slice(idx + 1), cwd);
+		if (!token.startsWith("-")) return pnpmDlxTailMayNeedStableBinding(argv.slice(idx), cwd);
+		const flag = normalizeOptionFlag(token);
+		if (flag === "-c" || flag === "--shell-mode") return false;
+		if (PNPM_OPTIONS_WITH_VALUE.has(flag) || PNPM_DLX_OPTIONS_WITH_VALUE.has(flag)) {
+			idx += token.includes("=") ? 1 : 2;
+			continue;
+		}
+		if (PNPM_FLAG_OPTIONS.has(flag)) {
+			idx += 1;
+			continue;
+		}
+		return true;
+	}
+	return true;
+}
+function pnpmDlxTailMayNeedStableBinding(argv, cwd) {
+	const snapshot = resolveMutableFileOperandSnapshotSync({
+		argv,
+		cwd,
+		shellCommand: null
+	});
+	return snapshot.ok && snapshot.snapshot !== null;
+}
+function resolveMutableFileOperandSnapshotSync(params) {
+	const argvIndex = resolveMutableFileOperandIndex(params.argv, params.cwd);
+	if (argvIndex === null) {
+		if (requiresStableInterpreterApprovalBindingWithShellCommand({
+			argv: params.argv,
+			shellCommand: params.shellCommand,
+			cwd: params.cwd
+		})) return {
+			ok: false,
+			message: "SYSTEM_RUN_DENIED: approval cannot safely bind this interpreter/runtime command"
+		};
+		return {
+			ok: true,
+			snapshot: null
+		};
+	}
+	const rawOperand = readTrimmedArgToken(params.argv, argvIndex);
+	if (!rawOperand) return {
+		ok: false,
+		message: "SYSTEM_RUN_DENIED: approval requires a stable script operand"
+	};
+	const resolvedPath = path.resolve(params.cwd ?? process.cwd(), rawOperand);
+	let realPath;
+	let stat;
+	try {
+		realPath = fs.realpathSync(resolvedPath);
+		stat = fs.statSync(realPath);
+	} catch {
+		return {
+			ok: false,
+			message: "SYSTEM_RUN_DENIED: approval requires an existing script operand"
+		};
+	}
+	if (!stat.isFile()) return {
+		ok: false,
+		message: "SYSTEM_RUN_DENIED: approval requires a file script operand"
+	};
+	return {
+		ok: true,
+		snapshot: {
+			argvIndex,
+			path: realPath,
+			sha256: hashFileContentsSync(realPath)
+		}
+	};
+}
+function resolveCanonicalApprovalCwdSync(cwd) {
+	const requestedCwd = path.resolve(cwd);
+	let cwdLstat;
+	let cwdStat;
+	let cwdReal;
+	let cwdRealStat;
+	try {
+		cwdLstat = fs.lstatSync(requestedCwd);
+		cwdStat = fs.statSync(requestedCwd);
+		cwdReal = fs.realpathSync(requestedCwd);
+		cwdRealStat = fs.statSync(cwdReal);
+	} catch {
+		return {
+			ok: false,
+			message: "SYSTEM_RUN_DENIED: approval requires an existing canonical cwd"
+		};
+	}
+	if (!cwdStat.isDirectory()) return {
+		ok: false,
+		message: "SYSTEM_RUN_DENIED: approval requires cwd to be a directory"
+	};
+	if (hasMutableSymlinkPathComponentSync(requestedCwd)) return {
+		ok: false,
+		message: "SYSTEM_RUN_DENIED: approval requires canonical cwd (no symlink path components)"
+	};
+	if (cwdLstat.isSymbolicLink()) return {
+		ok: false,
+		message: "SYSTEM_RUN_DENIED: approval requires canonical cwd (no symlink cwd)"
+	};
+	if (!sameFileIdentity(cwdStat, cwdLstat) || !sameFileIdentity(cwdStat, cwdRealStat) || !sameFileIdentity(cwdLstat, cwdRealStat)) return {
+		ok: false,
+		message: "SYSTEM_RUN_DENIED: approval cwd identity mismatch"
+	};
+	return {
+		ok: true,
+		snapshot: {
+			cwd: cwdReal,
+			stat: cwdStat
+		}
+	};
+}
+function revalidateApprovedCwdSnapshot(params) {
+	const current = resolveCanonicalApprovalCwdSync(params.snapshot.cwd);
+	if (!current.ok) return false;
+	return sameFileIdentity(params.snapshot.stat, current.snapshot.stat);
+}
+function revalidateApprovedMutableFileOperand(params) {
+	const operand = params.argv[params.snapshot.argvIndex]?.trim();
+	if (!operand) return false;
+	const resolvedPath = path.resolve(params.cwd ?? process.cwd(), operand);
+	let realPath;
+	try {
+		realPath = fs.realpathSync(resolvedPath);
+	} catch {
+		return false;
+	}
+	if (realPath !== params.snapshot.path) return false;
+	try {
+		return hashFileContentsSync(realPath) === params.snapshot.sha256;
+	} catch {
+		return false;
+	}
+}
+function hardenApprovedExecutionPaths(params) {
+	if (!params.approvedByAsk) return {
+		ok: true,
+		argv: params.argv,
+		argvChanged: false,
+		cwd: params.cwd,
+		approvedCwdSnapshot: void 0
+	};
+	let hardenedCwd = params.cwd;
+	let approvedCwdSnapshot;
+	if (hardenedCwd) {
+		const canonicalCwd = resolveCanonicalApprovalCwdSync(hardenedCwd);
+		if (!canonicalCwd.ok) return canonicalCwd;
+		hardenedCwd = canonicalCwd.snapshot.cwd;
+		approvedCwdSnapshot = canonicalCwd.snapshot;
+	}
+	if (params.argv.length === 0) return {
+		ok: true,
+		argv: params.argv,
+		argvChanged: false,
+		cwd: hardenedCwd,
+		approvedCwdSnapshot
+	};
+	const resolution = resolveCommandResolutionFromArgv(params.argv, hardenedCwd);
+	if (!shouldPinExecutableForApproval({
+		shellCommand: params.shellCommand,
+		wrapperChain: resolution?.wrapperChain
+	})) return {
+		ok: true,
+		argv: params.argv,
+		argvChanged: false,
+		cwd: hardenedCwd,
+		approvedCwdSnapshot
+	};
+	const pinnedExecutable = resolution?.execution.resolvedRealPath ?? resolution?.execution.resolvedPath;
+	if (!pinnedExecutable) return {
+		ok: false,
+		message: "SYSTEM_RUN_DENIED: approval requires a stable executable path"
+	};
+	if (pinnedExecutable === params.argv[0]) return {
+		ok: true,
+		argv: params.argv,
+		argvChanged: false,
+		cwd: hardenedCwd,
+		approvedCwdSnapshot
+	};
+	const argv = [...params.argv];
+	argv[0] = pinnedExecutable;
+	return {
+		ok: true,
+		argv,
+		argvChanged: true,
+		cwd: hardenedCwd,
+		approvedCwdSnapshot
+	};
+}
+function buildSystemRunApprovalPlan(params) {
+	const command = resolveSystemRunCommandRequest({
+		command: params.command,
+		rawCommand: params.rawCommand
+	});
+	if (!command.ok) return {
+		ok: false,
+		message: command.message
+	};
+	if (command.argv.length === 0) return {
+		ok: false,
+		message: "command required"
+	};
+	const hardening = hardenApprovedExecutionPaths({
+		approvedByAsk: true,
+		argv: command.argv,
+		shellCommand: command.shellPayload,
+		cwd: normalizeNullableString(params.cwd) ?? void 0
+	});
+	if (!hardening.ok) return {
+		ok: false,
+		message: hardening.message
+	};
+	const commandText = formatExecCommand(hardening.argv);
+	const commandPreview = command.previewText?.trim() && command.previewText.trim() !== commandText ? command.previewText.trim() : null;
+	const mutableFileOperand = resolveMutableFileOperandSnapshotSync({
+		argv: hardening.argv,
+		cwd: hardening.cwd,
+		shellCommand: command.shellPayload
+	});
+	if (!mutableFileOperand.ok) return {
+		ok: false,
+		message: mutableFileOperand.message
+	};
+	return {
+		ok: true,
+		plan: {
+			argv: hardening.argv,
+			cwd: hardening.cwd ?? null,
+			commandText,
+			commandPreview,
+			agentId: normalizeNullableString(params.agentId),
+			sessionKey: normalizeNullableString(params.sessionKey),
+			mutableFileOperand: mutableFileOperand.snapshot ?? void 0
+		}
+	};
+}
+//#endregion
+//#region src/node-host/invoke-system-run.ts
+const safeBinTrustedDirWarningCache = /* @__PURE__ */ new Set();
+const APPROVAL_CWD_DRIFT_DENIED_MESSAGE = "SYSTEM_RUN_DENIED: approval cwd changed before execution";
+const APPROVAL_SCRIPT_OPERAND_BINDING_DENIED_MESSAGE = "SYSTEM_RUN_DENIED: approval missing script operand binding";
+const APPROVAL_SCRIPT_OPERAND_DRIFT_DENIED_MESSAGE = "SYSTEM_RUN_DENIED: approval script operand changed before execution";
+function warnWritableTrustedDirOnce(message) {
+	if (safeBinTrustedDirWarningCache.has(message)) return;
+	safeBinTrustedDirWarningCache.add(message);
+	logWarn(message);
+}
+function normalizeDeniedReason(reason) {
+	switch (reason) {
+		case "security=deny":
+		case "approval-required":
+		case "allowlist-miss":
+		case "execution-plan-miss":
+		case "companion-unavailable":
+		case "permission:screenRecording": return reason;
+		default: return "approval-required";
+	}
+}
+function resolveAgentExecConfig(cfg, agentId) {
+	if (!agentId) return;
+	const normalizedAgentId = normalizeAgentId(agentId);
+	return (cfg.agents?.list?.find((candidate) => candidate !== null && typeof candidate === "object" && normalizeAgentId(candidate.id) === normalizedAgentId))?.tools?.exec;
+}
+async function loadSystemRunConfig(opts) {
+	if (opts.loadConfig) return opts.loadConfig();
+	const { loadConfig } = await import("./config-D1ooXKCx.js");
+	return loadConfig();
+}
+async function sendSystemRunDenied(opts, execution, params) {
+	await opts.sendNodeEvent(opts.client, "exec.denied", opts.buildExecEventPayload({
+		sessionKey: execution.sessionKey,
+		runId: execution.runId,
+		host: "node",
+		command: execution.commandText,
+		reason: params.reason,
+		suppressNotifyOnExit: execution.suppressNotifyOnExit
+	}));
+	await opts.sendInvokeResult({
+		ok: false,
+		error: {
+			code: "UNAVAILABLE",
+			message: params.message
+		}
+	});
+}
+async function sendSystemRunCompleted(opts, execution, result, payloadJSON) {
+	await opts.sendExecFinishedEvent({
+		sessionKey: execution.sessionKey,
+		runId: execution.runId,
+		commandText: execution.commandText,
+		result,
+		suppressNotifyOnExit: execution.suppressNotifyOnExit
+	});
+	await opts.sendInvokeResult({
+		ok: true,
+		payloadJSON
+	});
+}
+async function parseSystemRunPhase(opts) {
+	const command = resolveSystemRunCommandRequest({
+		command: opts.params.command,
+		rawCommand: opts.params.rawCommand
+	});
+	if (!command.ok) {
+		await opts.sendInvokeResult({
+			ok: false,
+			error: {
+				code: "INVALID_REQUEST",
+				message: command.message
+			}
+		});
+		return null;
+	}
+	if (command.argv.length === 0) {
+		await opts.sendInvokeResult({
+			ok: false,
+			error: {
+				code: "INVALID_REQUEST",
+				message: "command required"
+			}
+		});
+		return null;
+	}
+	const shellPayload = command.shellPayload;
+	const shellWrapperInvocation = isShellWrapperInvocation(command.argv);
+	const commandText = command.commandText;
+	const approvalPlan = opts.params.systemRunPlan === void 0 ? null : normalizeSystemRunApprovalPlan(opts.params.systemRunPlan);
+	if (opts.params.systemRunPlan !== void 0 && !approvalPlan) {
+		await opts.sendInvokeResult({
+			ok: false,
+			error: {
+				code: "INVALID_REQUEST",
+				message: "systemRunPlan invalid"
+			}
+		});
+		return null;
+	}
+	const agentId = normalizeOptionalString(opts.params.agentId);
+	const sessionKey = normalizeOptionalString(opts.params.sessionKey) ?? "node";
+	const runId = normalizeOptionalString(opts.params.runId) ?? crypto.randomUUID();
+	const suppressNotifyOnExit = opts.params.suppressNotifyOnExit === true;
+	const envAssignmentKeys = extractEnvAssignmentKeysFromDispatchWrappers(command.argv);
+	const envAssignmentDiagnostics = inspectHostExecEnvOverrides({
+		overrides: envAssignmentKeys.length > 0 ? Object.fromEntries(envAssignmentKeys.map((key) => [key, "1"])) : void 0,
+		blockPathOverrides: true
+	});
+	if (envAssignmentDiagnostics.rejectedOverrideBlockedKeys.length > 0) {
+		await opts.sendInvokeResult({
+			ok: false,
+			error: {
+				code: "INVALID_REQUEST",
+				message: `SYSTEM_RUN_DENIED: command env assignment rejected (blocked env assignment keys: ${envAssignmentDiagnostics.rejectedOverrideBlockedKeys.join(", ")})`
+			}
+		});
+		return null;
+	}
+	const envOverrideDiagnostics = inspectHostExecEnvOverrides({
+		overrides: opts.params.env ?? void 0,
+		blockPathOverrides: true
+	});
+	if (envOverrideDiagnostics.rejectedOverrideBlockedKeys.length > 0 || envOverrideDiagnostics.rejectedOverrideInvalidKeys.length > 0) {
+		const details = [];
+		if (envOverrideDiagnostics.rejectedOverrideBlockedKeys.length > 0) details.push(`blocked override keys: ${envOverrideDiagnostics.rejectedOverrideBlockedKeys.join(", ")}`);
+		if (envOverrideDiagnostics.rejectedOverrideInvalidKeys.length > 0) details.push(`invalid non-portable override keys: ${envOverrideDiagnostics.rejectedOverrideInvalidKeys.join(", ")}`);
+		await opts.sendInvokeResult({
+			ok: false,
+			error: {
+				code: "INVALID_REQUEST",
+				message: `SYSTEM_RUN_DENIED: environment override rejected (${details.join("; ")})`
+			}
+		});
+		return null;
+	}
+	const envOverrides = sanitizeSystemRunEnvOverrides({
+		overrides: opts.params.env ?? void 0,
+		shellWrapper: shellWrapperInvocation
+	});
+	return {
+		argv: command.argv,
+		shellPayload,
+		shellWrapperInvocation,
+		commandText,
+		commandPreview: command.previewText,
+		approvalPlan,
+		agentId,
+		sessionKey,
+		runId,
+		execution: {
+			sessionKey,
+			runId,
+			commandText,
+			suppressNotifyOnExit
+		},
+		approvalDecision: resolveExecApprovalDecision(opts.params.approvalDecision),
+		envOverrides,
+		env: opts.sanitizeEnv(envOverrides),
+		cwd: normalizeOptionalString(opts.params.cwd),
+		timeoutMs: opts.params.timeoutMs ?? void 0,
+		needsScreenRecording: opts.params.needsScreenRecording === true,
+		approved: opts.params.approved === true,
+		suppressNotifyOnExit
+	};
+}
+async function evaluateSystemRunPolicyPhase(opts, parsed) {
+	const cfg = await loadSystemRunConfig(opts);
+	const agentExec = resolveAgentExecConfig(cfg, parsed.agentId);
+	const configuredSecurity = opts.resolveExecSecurity(agentExec?.security ?? cfg.tools?.exec?.security);
+	const configuredAsk = opts.resolveExecAsk(agentExec?.ask ?? cfg.tools?.exec?.ask);
+	const approvals = resolveExecApprovals(parsed.agentId, {
+		security: configuredSecurity,
+		ask: configuredAsk
+	});
+	const security = approvals.agent.security;
+	const ask = approvals.agent.ask;
+	const autoAllowSkills = approvals.agent.autoAllowSkills;
+	const { safeBins, safeBinProfiles, trustedSafeBinDirs } = resolveExecSafeBinRuntimePolicy({
+		global: cfg.tools?.exec,
+		local: agentExec,
+		onWarning: warnWritableTrustedDirOnce
+	});
+	const bins = autoAllowSkills ? await opts.skillBins.current() : [];
+	let { analysisOk, allowlistMatches, allowlistSatisfied, segments, segmentAllowlistEntries } = evaluateSystemRunAllowlist({
+		shellCommand: parsed.shellPayload,
+		argv: parsed.argv,
+		approvals,
+		security,
+		safeBins,
+		safeBinProfiles,
+		trustedSafeBinDirs,
+		cwd: parsed.cwd,
+		env: parsed.env,
+		skillBins: bins,
+		autoAllowSkills
+	});
+	const strictInlineEval = agentExec?.strictInlineEval === true || cfg.tools?.exec?.strictInlineEval === true;
+	const inlineEvalHit = strictInlineEval ? segments.map((segment) => detectInterpreterInlineEvalArgv(segment.resolution?.effectiveArgv ?? segment.argv)).find((entry) => entry !== null) ?? null : null;
+	const isWindows = process.platform === "win32";
+	const cmdDetectionArgv = resolveShellWrapperTransportArgv(parsed.argv) ?? parsed.argv;
+	const cmdInvocation = opts.isCmdExeInvocation(cmdDetectionArgv);
+	const durableApprovalSatisfied = hasDurableExecApproval({
+		analysisOk,
+		segmentAllowlistEntries,
+		allowlist: approvals.allowlist,
+		commandText: parsed.commandText
+	});
+	const inlineEvalExecutableTrusted = inlineEvalHit !== null && segmentAllowlistEntries.some((entry) => entry?.source === "allow-always");
+	const policy = evaluateSystemRunPolicy({
+		security,
+		ask,
+		analysisOk,
+		allowlistSatisfied,
+		durableApprovalSatisfied: durableApprovalSatisfied || inlineEvalExecutableTrusted,
+		approvalDecision: parsed.approvalDecision,
+		approved: parsed.approved,
+		isWindows,
+		cmdInvocation,
+		shellWrapperInvocation: parsed.shellPayload !== null
+	});
+	analysisOk = policy.analysisOk;
+	allowlistSatisfied = policy.allowlistSatisfied;
+	if (inlineEvalHit !== null && !policy.approvedByAsk && (policy.allowed ? true : policy.eventReason !== "security=deny")) {
+		await sendSystemRunDenied(opts, parsed.execution, {
+			reason: "approval-required",
+			message: `SYSTEM_RUN_DENIED: approval required (${describeInterpreterInlineEval(inlineEvalHit)} requires explicit approval in strictInlineEval mode)`
+		});
+		return null;
+	}
+	if (!policy.allowed) {
+		await sendSystemRunDenied(opts, parsed.execution, {
+			reason: policy.eventReason,
+			message: policy.errorMessage
+		});
+		return null;
+	}
+	if (policy.shellWrapperBlocked && !policy.approvedByAsk && !durableApprovalSatisfied) {
+		await sendSystemRunDenied(opts, parsed.execution, {
+			reason: "approval-required",
+			message: "SYSTEM_RUN_DENIED: approval required"
+		});
+		return null;
+	}
+	const hardenedPaths = hardenApprovedExecutionPaths({
+		approvedByAsk: policy.approvedByAsk,
+		argv: parsed.argv,
+		shellCommand: parsed.shellPayload,
+		cwd: parsed.cwd
+	});
+	if (!hardenedPaths.ok) {
+		await sendSystemRunDenied(opts, parsed.execution, {
+			reason: "approval-required",
+			message: hardenedPaths.message
+		});
+		return null;
+	}
+	const approvedCwdSnapshot = policy.approvedByAsk ? hardenedPaths.approvedCwdSnapshot : void 0;
+	if (policy.approvedByAsk && hardenedPaths.cwd && !approvedCwdSnapshot) {
+		await sendSystemRunDenied(opts, parsed.execution, {
+			reason: "approval-required",
+			message: APPROVAL_CWD_DRIFT_DENIED_MESSAGE
+		});
+		return null;
+	}
+	const plannedAllowlistArgv = resolvePlannedAllowlistArgv({
+		security,
+		shellCommand: parsed.shellPayload,
+		policy,
+		segments
+	});
+	if (plannedAllowlistArgv === null) {
+		await sendSystemRunDenied(opts, parsed.execution, {
+			reason: "execution-plan-miss",
+			message: "SYSTEM_RUN_DENIED: execution plan mismatch"
+		});
+		return null;
+	}
+	return {
+		...parsed,
+		argv: hardenedPaths.argv,
+		cwd: hardenedPaths.cwd,
+		approvals,
+		security,
+		policy,
+		durableApprovalSatisfied,
+		strictInlineEval,
+		inlineEvalHit,
+		allowlistMatches,
+		analysisOk,
+		allowlistSatisfied,
+		segments,
+		plannedAllowlistArgv: plannedAllowlistArgv ?? void 0,
+		isWindows,
+		approvedCwdSnapshot
+	};
+}
+async function executeSystemRunPhase(opts, phase) {
+	if (phase.approvedCwdSnapshot && !revalidateApprovedCwdSnapshot({ snapshot: phase.approvedCwdSnapshot })) {
+		logWarn(`security: system.run approval cwd drift blocked (runId=${phase.runId})`);
+		await sendSystemRunDenied(opts, phase.execution, {
+			reason: "approval-required",
+			message: APPROVAL_CWD_DRIFT_DENIED_MESSAGE
+		});
+		return;
+	}
+	const expectedMutableFileOperand = phase.approvalPlan ? resolveMutableFileOperandSnapshotSync({
+		argv: phase.argv,
+		cwd: phase.cwd,
+		shellCommand: phase.shellPayload
+	}) : null;
+	if (expectedMutableFileOperand && !expectedMutableFileOperand.ok) {
+		logWarn(`security: system.run approval script binding blocked (runId=${phase.runId})`);
+		await sendSystemRunDenied(opts, phase.execution, {
+			reason: "approval-required",
+			message: expectedMutableFileOperand.message
+		});
+		return;
+	}
+	if (expectedMutableFileOperand?.snapshot && !phase.approvalPlan?.mutableFileOperand) {
+		logWarn(`security: system.run approval script binding missing (runId=${phase.runId})`);
+		await sendSystemRunDenied(opts, phase.execution, {
+			reason: "approval-required",
+			message: APPROVAL_SCRIPT_OPERAND_BINDING_DENIED_MESSAGE
+		});
+		return;
+	}
+	if (phase.approvalPlan?.mutableFileOperand && !revalidateApprovedMutableFileOperand({
+		snapshot: phase.approvalPlan.mutableFileOperand,
+		argv: phase.argv,
+		cwd: phase.cwd
+	})) {
+		logWarn(`security: system.run approval script drift blocked (runId=${phase.runId})`);
+		await sendSystemRunDenied(opts, phase.execution, {
+			reason: "approval-required",
+			message: APPROVAL_SCRIPT_OPERAND_DRIFT_DENIED_MESSAGE
+		});
+		return;
+	}
+	if (opts.preferMacAppExecHost) {
+		const execRequest = {
+			command: phase.plannedAllowlistArgv ?? phase.argv,
+			rawCommand: phase.commandText || null,
+			cwd: phase.cwd ?? null,
+			env: phase.envOverrides ?? null,
+			timeoutMs: phase.timeoutMs ?? null,
+			needsScreenRecording: phase.needsScreenRecording,
+			agentId: phase.agentId ?? null,
+			sessionKey: phase.sessionKey ?? null,
+			approvalDecision: phase.approvalDecision
+		};
+		const response = await opts.runViaMacAppExecHost({
+			approvals: phase.approvals,
+			request: execRequest
+		});
+		if (!response) {
+			if (opts.execHostEnforced || !opts.execHostFallbackAllowed) {
+				await sendSystemRunDenied(opts, phase.execution, {
+					reason: "companion-unavailable",
+					message: "COMPANION_APP_UNAVAILABLE: macOS app exec host unreachable"
+				});
+				return;
+			}
+		} else if (!response.ok) {
+			await sendSystemRunDenied(opts, phase.execution, {
+				reason: normalizeDeniedReason(response.error.reason),
+				message: response.error.message
+			});
+			return;
+		} else {
+			const result = response.payload;
+			await sendSystemRunCompleted(opts, phase.execution, result, JSON.stringify(result));
+			return;
+		}
+	}
+	if (phase.policy.approvalDecision === "allow-always" && phase.inlineEvalHit === null) {
+		if ((phase.policy.analysisOk ? persistAllowAlwaysPatterns({
+			approvals: phase.approvals.file,
+			agentId: phase.agentId,
+			segments: phase.segments,
+			cwd: phase.cwd,
+			env: phase.env,
+			platform: process.platform,
+			strictInlineEval: phase.strictInlineEval
+		}) : []).length === 0) addDurableCommandApproval(phase.approvals.file, phase.agentId, phase.commandText);
+	}
+	recordAllowlistMatchesUse({
+		approvals: phase.approvals.file,
+		agentId: phase.agentId,
+		matches: phase.allowlistMatches,
+		command: phase.commandText,
+		resolvedPath: resolveApprovalAuditCandidatePath(phase.segments[0]?.resolution ?? null, phase.cwd)
+	});
+	if (phase.needsScreenRecording) {
+		await sendSystemRunDenied(opts, phase.execution, {
+			reason: "permission:screenRecording",
+			message: "PERMISSION_MISSING: screenRecording"
+		});
+		return;
+	}
+	const execArgv = resolveSystemRunExecArgv({
+		plannedAllowlistArgv: phase.plannedAllowlistArgv,
+		argv: phase.argv,
+		security: phase.security,
+		isWindows: phase.isWindows,
+		policy: phase.policy,
+		shellCommand: phase.shellPayload,
+		segments: phase.segments
+	});
+	const result = await opts.runCommand(execArgv, phase.cwd, phase.env, phase.timeoutMs);
+	applyOutputTruncation(result);
+	await sendSystemRunCompleted(opts, phase.execution, result, JSON.stringify({
+		exitCode: result.exitCode,
+		timedOut: result.timedOut,
+		success: result.success,
+		stdout: result.stdout,
+		stderr: result.stderr,
+		error: result.error ?? null
+	}));
+}
+async function handleSystemRunInvoke(opts) {
+	const parsed = await parseSystemRunPhase(opts);
+	if (!parsed) return;
+	const policyPhase = await evaluateSystemRunPolicyPhase(opts, parsed);
+	if (!policyPhase) return;
+	await executeSystemRunPhase(opts, policyPhase);
+}
+//#endregion
+//#region src/node-host/plugin-node-host.ts
+let pluginRegistryLoaderModulePromise;
+async function loadPluginRegistryLoaderModule() {
+	pluginRegistryLoaderModulePromise ??= import("./runtime-registry-loader-Vc33wEpr.js");
+	return await pluginRegistryLoaderModulePromise;
+}
+async function ensureNodeHostPluginRegistry(params) {
+	(await loadPluginRegistryLoaderModule()).ensurePluginRegistryLoaded({
+		scope: "all",
+		config: params.config,
+		activationSourceConfig: params.config,
+		env: params.env
+	});
+}
+function listRegisteredNodeHostCapsAndCommands() {
+	const registry = getActivePluginRegistry();
+	const caps = /* @__PURE__ */ new Set();
+	const commands = /* @__PURE__ */ new Set();
+	for (const entry of registry?.nodeHostCommands ?? []) {
+		if (entry.command.cap) caps.add(entry.command.cap);
+		commands.add(entry.command.command);
+	}
+	return {
+		caps: [...caps].toSorted((left, right) => left.localeCompare(right)),
+		commands: [...commands].toSorted((left, right) => left.localeCompare(right))
+	};
+}
+async function invokeRegisteredNodeHostCommand(command, paramsJSON) {
+	const match = (getActivePluginRegistry()?.nodeHostCommands ?? []).find((entry) => entry.command.command === command);
+	if (!match) return null;
+	return await match.command.handle(paramsJSON);
+}
+//#endregion
+//#region src/node-host/invoke.ts
+const OUTPUT_CAP = 2e5;
+const OUTPUT_EVENT_TAIL = 2e4;
+const DEFAULT_NODE_PATH$1 = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin";
+const WINDOWS_CODEPAGE_ENCODING_MAP = {
+	65001: "utf-8",
+	54936: "gb18030",
+	936: "gbk",
+	950: "big5",
+	932: "shift_jis",
+	949: "euc-kr",
+	1252: "windows-1252"
+};
+let cachedWindowsConsoleEncoding;
+const execHostEnforced = normalizeLowercaseStringOrEmpty(process.env.GENESIS_NODE_EXEC_HOST ?? "") === "app";
+const execHostFallbackAllowed = normalizeLowercaseStringOrEmpty(process.env.GENESIS_NODE_EXEC_FALLBACK ?? "") !== "0";
+const preferMacAppExecHost = process.platform === "darwin" && execHostEnforced;
+function resolveExecSecurity(value) {
+	return value === "deny" || value === "allowlist" || value === "full" ? value : "allowlist";
+}
+function isCmdExeInvocation(argv) {
+	const token = argv[0]?.trim();
+	if (!token) return false;
+	const base = normalizeLowercaseStringOrEmpty(path.win32.basename(token));
+	return base === "cmd.exe" || base === "cmd";
+}
+function resolveExecAsk(value) {
+	return value === "off" || value === "on-miss" || value === "always" ? value : "on-miss";
+}
+function sanitizeEnv(overrides) {
+	return sanitizeHostExecEnv({
+		overrides,
+		blockPathOverrides: true
+	});
+}
+function truncateOutput(raw, maxChars) {
+	if (raw.length <= maxChars) return {
+		text: raw,
+		truncated: false
+	};
+	return {
+		text: `... (truncated) ${raw.slice(raw.length - maxChars)}`,
+		truncated: true
+	};
+}
+function parseWindowsCodePage(raw) {
+	if (!raw) return null;
+	const match = raw.match(/\b(\d{3,5})\b/);
+	if (!match?.[1]) return null;
+	const codePage = Number.parseInt(match[1], 10);
+	if (!Number.isFinite(codePage) || codePage <= 0) return null;
+	return codePage;
+}
+function resolveWindowsConsoleEncoding() {
+	if (process.platform !== "win32") return null;
+	if (cachedWindowsConsoleEncoding !== void 0) return cachedWindowsConsoleEncoding;
+	try {
+		const result = spawnSync("cmd.exe", [
+			"/d",
+			"/s",
+			"/c",
+			"chcp"
+		], {
+			windowsHide: true,
+			encoding: "utf8",
+			stdio: [
+				"ignore",
+				"pipe",
+				"pipe"
+			]
+		});
+		const codePage = parseWindowsCodePage(`${result.stdout ?? ""}\n${result.stderr ?? ""}`);
+		cachedWindowsConsoleEncoding = codePage !== null ? WINDOWS_CODEPAGE_ENCODING_MAP[codePage] ?? null : null;
+	} catch {
+		cachedWindowsConsoleEncoding = null;
+	}
+	return cachedWindowsConsoleEncoding;
+}
+function decodeCapturedOutputBuffer(params) {
+	const utf8 = params.buffer.toString("utf8");
+	if ((params.platform ?? process.platform) !== "win32") return utf8;
+	const encoding = params.windowsEncoding ?? resolveWindowsConsoleEncoding();
+	if (!encoding || normalizeLowercaseStringOrEmpty(encoding) === "utf-8") return utf8;
+	try {
+		return new TextDecoder(encoding).decode(params.buffer);
+	} catch {
+		return utf8;
+	}
+}
+function redactExecApprovals(file) {
+	const socketPath = file.socket?.path?.trim();
+	return {
+		...file,
+		socket: socketPath ? { path: socketPath } : void 0
+	};
+}
+function requireExecApprovalsBaseHash(params, snapshot) {
+	if (!snapshot.exists) return;
+	if (!snapshot.hash) throw new Error("INVALID_REQUEST: exec approvals base hash unavailable; reload and retry");
+	const baseHash = typeof params.baseHash === "string" ? params.baseHash.trim() : "";
+	if (!baseHash) throw new Error("INVALID_REQUEST: exec approvals base hash required; reload and retry");
+	if (baseHash !== snapshot.hash) throw new Error("INVALID_REQUEST: exec approvals changed; reload and retry");
+}
+async function runCommand(argv, cwd, env, timeoutMs) {
+	return await new Promise((resolve) => {
+		const stdoutChunks = [];
+		const stderrChunks = [];
+		let outputLen = 0;
+		let truncated = false;
+		let timedOut = false;
+		let settled = false;
+		const windowsEncoding = resolveWindowsConsoleEncoding();
+		const child = spawn(argv[0], argv.slice(1), {
+			cwd,
+			env,
+			stdio: [
+				"ignore",
+				"pipe",
+				"pipe"
+			],
+			windowsHide: true
+		});
+		const onChunk = (chunk, target) => {
+			if (outputLen >= OUTPUT_CAP) {
+				truncated = true;
+				return;
+			}
+			const remaining = OUTPUT_CAP - outputLen;
+			const slice = chunk.length > remaining ? chunk.subarray(0, remaining) : chunk;
+			outputLen += slice.length;
+			if (target === "stdout") stdoutChunks.push(slice);
+			else stderrChunks.push(slice);
+			if (chunk.length > remaining) truncated = true;
+		};
+		child.stdout?.on("data", (chunk) => onChunk(chunk, "stdout"));
+		child.stderr?.on("data", (chunk) => onChunk(chunk, "stderr"));
+		let timer;
+		if (timeoutMs && timeoutMs > 0) timer = setTimeout(() => {
+			timedOut = true;
+			try {
+				child.kill("SIGKILL");
+			} catch {}
+		}, timeoutMs);
+		const finalize = (exitCode, error) => {
+			if (settled) return;
+			settled = true;
+			if (timer) clearTimeout(timer);
+			const stdout = decodeCapturedOutputBuffer({
+				buffer: Buffer.concat(stdoutChunks),
+				windowsEncoding
+			});
+			const stderr = decodeCapturedOutputBuffer({
+				buffer: Buffer.concat(stderrChunks),
+				windowsEncoding
+			});
+			resolve({
+				exitCode,
+				timedOut,
+				success: exitCode === 0 && !timedOut && !error,
+				stdout,
+				stderr,
+				error: error ?? null,
+				truncated
+			});
+		};
+		child.on("error", (err) => {
+			finalize(void 0, err.message);
+		});
+		child.on("exit", (code) => {
+			finalize(code === null ? void 0 : code, null);
+		});
+	});
+}
+function resolveEnvPath(env) {
+	return (env?.PATH ?? env?.Path ?? process.env.PATH ?? process.env.Path ?? DEFAULT_NODE_PATH$1).split(path.delimiter).filter(Boolean);
+}
+function resolveExecutable(bin, env) {
+	if (bin.includes("/") || bin.includes("\\")) return null;
+	const extensions = process.platform === "win32" ? (process.env.PATHEXT ?? process.env.PathExt ?? ".EXE;.CMD;.BAT;.COM").split(";").map((ext) => normalizeLowercaseStringOrEmpty(ext)) : [""];
+	for (const dir of resolveEnvPath(env)) for (const ext of extensions) {
+		const candidate = path.join(dir, bin + ext);
+		if (fs.existsSync(candidate)) return candidate;
+	}
+	return null;
+}
+async function handleSystemWhich(params, env) {
+	const bins = params.bins.map((bin) => bin.trim()).filter(Boolean);
+	const found = {};
+	for (const bin of bins) {
+		const path = resolveExecutable(bin, env);
+		if (path) found[bin] = path;
+	}
+	return { bins: found };
+}
+function buildExecEventPayload(payload) {
+	if (!payload.output) return payload;
+	const trimmed = payload.output.trim();
+	if (!trimmed) return payload;
+	const { text } = truncateOutput(trimmed, OUTPUT_EVENT_TAIL);
+	return {
+		...payload,
+		output: text
+	};
+}
+async function sendExecFinishedEvent(params) {
+	const combined = [
+		params.result.stdout,
+		params.result.stderr,
+		params.result.error
+	].filter(Boolean).join("\n");
+	await sendNodeEvent(params.client, "exec.finished", buildExecEventPayload({
+		sessionKey: params.sessionKey,
+		runId: params.runId,
+		host: "node",
+		command: params.commandText,
+		exitCode: params.result.exitCode ?? void 0,
+		timedOut: params.result.timedOut,
+		success: params.result.success,
+		output: combined,
+		suppressNotifyOnExit: params.suppressNotifyOnExit
+	}));
+}
+async function runViaMacAppExecHost(params) {
+	const { approvals, request } = params;
+	return await requestExecHostViaSocket({
+		socketPath: approvals.socketPath,
+		token: approvals.token,
+		request
+	});
+}
+async function sendJsonPayloadResult(client, frame, payload) {
+	await sendInvokeResult(client, frame, {
+		ok: true,
+		payloadJSON: JSON.stringify(payload)
+	});
+}
+async function sendRawPayloadResult(client, frame, payloadJSON) {
+	await sendInvokeResult(client, frame, {
+		ok: true,
+		payloadJSON
+	});
+}
+async function sendErrorResult(client, frame, code, message) {
+	await sendInvokeResult(client, frame, {
+		ok: false,
+		error: {
+			code,
+			message
+		}
+	});
+}
+async function sendInvalidRequestResult(client, frame, err) {
+	await sendErrorResult(client, frame, "INVALID_REQUEST", String(err));
+}
+async function handleInvoke(frame, client, skillBins) {
+	const command = frame.command ?? "";
+	if (command === "system.execApprovals.get") {
+		try {
+			ensureExecApprovals();
+			const snapshot = readExecApprovalsSnapshot();
+			await sendJsonPayloadResult(client, frame, {
+				path: snapshot.path,
+				exists: snapshot.exists,
+				hash: snapshot.hash,
+				file: redactExecApprovals(snapshot.file)
+			});
+		} catch (err) {
+			const message = String(err);
+			await sendErrorResult(client, frame, normalizeLowercaseStringOrEmpty(message).includes("timed out") ? "TIMEOUT" : "INVALID_REQUEST", message);
+		}
+		return;
+	}
+	if (command === "system.execApprovals.set") {
+		try {
+			const params = decodeParams(frame.paramsJSON);
+			if (!params.file || typeof params.file !== "object") throw new Error("INVALID_REQUEST: exec approvals file required");
+			ensureExecApprovals();
+			const snapshot = readExecApprovalsSnapshot();
+			requireExecApprovalsBaseHash(params, snapshot);
+			saveExecApprovals(mergeExecApprovalsSocketDefaults({
+				normalized: normalizeExecApprovals(params.file),
+				current: snapshot.file
+			}));
+			const nextSnapshot = readExecApprovalsSnapshot();
+			await sendJsonPayloadResult(client, frame, {
+				path: nextSnapshot.path,
+				exists: nextSnapshot.exists,
+				hash: nextSnapshot.hash,
+				file: redactExecApprovals(nextSnapshot.file)
+			});
+		} catch (err) {
+			await sendInvalidRequestResult(client, frame, err);
+		}
+		return;
+	}
+	if (command === "system.which") {
+		try {
+			const params = decodeParams(frame.paramsJSON);
+			if (!Array.isArray(params.bins)) throw new Error("INVALID_REQUEST: bins required");
+			await sendJsonPayloadResult(client, frame, await handleSystemWhich(params, sanitizeEnv(void 0)));
+		} catch (err) {
+			await sendInvalidRequestResult(client, frame, err);
+		}
+		return;
+	}
+	try {
+		const pluginNodeHostResult = await invokeRegisteredNodeHostCommand(command, frame.paramsJSON);
+		if (pluginNodeHostResult !== null) {
+			await sendRawPayloadResult(client, frame, pluginNodeHostResult);
+			return;
+		}
+	} catch (err) {
+		await sendInvalidRequestResult(client, frame, err);
+		return;
+	}
+	if (command === "system.run.prepare") {
+		try {
+			const prepared = buildSystemRunApprovalPlan(decodeParams(frame.paramsJSON));
+			if (!prepared.ok) {
+				await sendErrorResult(client, frame, "INVALID_REQUEST", prepared.message);
+				return;
+			}
+			await sendJsonPayloadResult(client, frame, { plan: prepared.plan });
+		} catch (err) {
+			await sendInvalidRequestResult(client, frame, err);
+		}
+		return;
+	}
+	if (command !== "system.run") {
+		await sendErrorResult(client, frame, "UNAVAILABLE", "command not supported");
+		return;
+	}
+	let params;
+	try {
+		params = decodeParams(frame.paramsJSON);
+	} catch (err) {
+		await sendInvalidRequestResult(client, frame, err);
+		return;
+	}
+	if (!Array.isArray(params.command) || params.command.length === 0) {
+		await sendErrorResult(client, frame, "INVALID_REQUEST", "command required");
+		return;
+	}
+	await handleSystemRunInvoke({
+		client,
+		params,
+		skillBins,
+		execHostEnforced,
+		execHostFallbackAllowed,
+		resolveExecSecurity,
+		resolveExecAsk,
+		isCmdExeInvocation,
+		sanitizeEnv,
+		runCommand,
+		runViaMacAppExecHost,
+		sendNodeEvent,
+		buildExecEventPayload,
+		sendInvokeResult: async (result) => {
+			await sendInvokeResult(client, frame, result);
+		},
+		sendExecFinishedEvent: async ({ sessionKey, runId, commandText, result }) => {
+			await sendExecFinishedEvent({
+				client,
+				sessionKey,
+				runId,
+				commandText,
+				result
+			});
+		},
+		preferMacAppExecHost
+	});
+}
+function decodeParams(raw) {
+	if (!raw) throw new Error("INVALID_REQUEST: paramsJSON required");
+	return JSON.parse(raw);
+}
+function coerceNodeInvokePayload(payload) {
+	if (!payload || typeof payload !== "object") return null;
+	const obj = payload;
+	const id = typeof obj.id === "string" ? obj.id.trim() : "";
+	const nodeId = typeof obj.nodeId === "string" ? obj.nodeId.trim() : "";
+	const command = typeof obj.command === "string" ? obj.command.trim() : "";
+	if (!id || !nodeId || !command) return null;
+	return {
+		id,
+		nodeId,
+		command,
+		paramsJSON: typeof obj.paramsJSON === "string" ? obj.paramsJSON : obj.params !== void 0 ? JSON.stringify(obj.params) : null,
+		timeoutMs: typeof obj.timeoutMs === "number" ? obj.timeoutMs : null,
+		idempotencyKey: typeof obj.idempotencyKey === "string" ? obj.idempotencyKey : null
+	};
+}
+async function sendInvokeResult(client, frame, result) {
+	try {
+		await client.request("node.invoke.result", buildNodeInvokeResultParams(frame, result));
+	} catch {}
+}
+function buildNodeInvokeResultParams(frame, result) {
+	const params = {
+		id: frame.id,
+		nodeId: frame.nodeId,
+		ok: result.ok
+	};
+	if (result.payload !== void 0) params.payload = result.payload;
+	if (typeof result.payloadJSON === "string") params.payloadJSON = result.payloadJSON;
+	if (result.error) params.error = result.error;
+	return params;
+}
+async function sendNodeEvent(client, event, payload) {
+	try {
+		await client.request("node.event", {
+			event,
+			payloadJSON: payload ? JSON.stringify(payload) : null
+		});
+	} catch {}
+}
+//#endregion
+//#region src/node-host/runner.ts
+const DEFAULT_NODE_PATH = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin";
+function writeStderrLine(message) {
+	process.stderr.write(`${message}\n`);
+}
+function resolveExecutablePathFromEnv(bin, pathEnv) {
+	if (bin.includes("/") || bin.includes("\\")) return null;
+	return resolveExecutableFromPathEnv(bin, pathEnv) ?? null;
+}
+function resolveSkillBinTrustEntries(bins, pathEnv) {
+	const trustEntries = [];
+	const seen = /* @__PURE__ */ new Set();
+	for (const bin of bins) {
+		const name = bin.trim();
+		if (!name) continue;
+		const resolvedPath = resolveExecutablePathFromEnv(name, pathEnv);
+		if (!resolvedPath) continue;
+		const key = `${name}\u0000${resolvedPath}`;
+		if (seen.has(key)) continue;
+		seen.add(key);
+		trustEntries.push({
+			name,
+			resolvedPath
+		});
+	}
+	return trustEntries.toSorted((left, right) => left.name.localeCompare(right.name) || left.resolvedPath.localeCompare(right.resolvedPath));
+}
+var SkillBinsCache = class {
+	constructor(fetch, pathEnv) {
+		this.bins = [];
+		this.lastRefresh = 0;
+		this.ttlMs = 9e4;
+		this.fetch = fetch;
+		this.pathEnv = pathEnv;
+	}
+	async current(force = false) {
+		if (force || Date.now() - this.lastRefresh > this.ttlMs) await this.refresh();
+		return this.bins;
+	}
+	async refresh() {
+		try {
+			const bins = await this.fetch();
+			this.bins = resolveSkillBinTrustEntries(bins, this.pathEnv);
+			this.lastRefresh = Date.now();
+		} catch {
+			if (!this.lastRefresh) this.bins = [];
+		}
+	}
+};
+function ensureNodePathEnv() {
+	ensureGenesisCliOnPath({ pathEnv: process.env.PATH ?? "" });
+	const current = process.env.PATH ?? "";
+	if (current.trim()) return current;
+	process.env.PATH = DEFAULT_NODE_PATH;
+	return DEFAULT_NODE_PATH;
+}
+async function resolveNodeHostGatewayCredentials(params) {
+	return await resolveGatewayConnectionAuth({
+		config: (params.config.gateway?.mode === "remote" ? "remote" : "local") === "local" ? buildNodeHostLocalAuthConfig(params.config) : params.config,
+		env: params.env,
+		localTokenPrecedence: "env-first",
+		localPasswordPrecedence: "env-first",
+		remoteTokenPrecedence: "env-first",
+		remotePasswordPrecedence: "env-first"
+	});
+}
+function buildNodeHostLocalAuthConfig(config) {
+	if (!config.gateway?.remote?.token && !config.gateway?.remote?.password) return config;
+	const nextConfig = structuredClone(config);
+	if (nextConfig.gateway?.remote) {
+		nextConfig.gateway.remote.token = void 0;
+		nextConfig.gateway.remote.password = void 0;
+	}
+	return nextConfig;
+}
+async function runNodeHost(opts) {
+	const config = await ensureNodeHostConfig();
+	const nodeId = opts.nodeId?.trim() || config.nodeId;
+	if (nodeId !== config.nodeId) config.nodeId = nodeId;
+	const displayName = opts.displayName?.trim() || config.displayName || await getMachineDisplayName();
+	config.displayName = displayName;
+	const gateway = {
+		host: opts.gatewayHost,
+		port: opts.gatewayPort,
+		tls: opts.gatewayTls ?? loadConfig().gateway?.tls?.enabled ?? false,
+		tlsFingerprint: opts.gatewayTlsFingerprint
+	};
+	config.gateway = gateway;
+	await saveNodeHostConfig(config);
+	const cfg = loadConfig();
+	await ensureNodeHostPluginRegistry({
+		config: cfg,
+		env: process.env
+	});
+	const pluginNodeHost = listRegisteredNodeHostCapsAndCommands();
+	const { token, password } = await resolveNodeHostGatewayCredentials({
+		config: cfg,
+		env: process.env
+	});
+	const host = gateway.host ?? "127.0.0.1";
+	const port = gateway.port ?? 18789;
+	const url = `${gateway.tls ? "wss" : "ws"}://${host}:${port}`;
+	const pathEnv = ensureNodePathEnv();
+	const client = new GatewayClient({
+		url,
+		token: token || void 0,
+		password: password || void 0,
+		instanceId: nodeId,
+		clientName: GATEWAY_CLIENT_NAMES.NODE_HOST,
+		clientDisplayName: displayName,
+		clientVersion: VERSION,
+		platform: process.platform,
+		mode: GATEWAY_CLIENT_MODES.NODE,
+		role: "node",
+		scopes: [],
+		caps: ["system", ...pluginNodeHost.caps],
+		commands: [
+			...NODE_SYSTEM_RUN_COMMANDS,
+			...NODE_EXEC_APPROVALS_COMMANDS,
+			...pluginNodeHost.commands
+		],
+		pathEnv,
+		permissions: void 0,
+		deviceIdentity: loadOrCreateDeviceIdentity(),
+		tlsFingerprint: gateway.tlsFingerprint,
+		onEvent: (evt) => {
+			if (evt.event !== "node.invoke.request") return;
+			const payload = coerceNodeInvokePayload(evt.payload);
+			if (!payload) return;
+			handleInvoke(payload, client, skillBins);
+		},
+		onConnectError: (err) => {
+			writeStderrLine(`node host gateway connect failed: ${err.message}`);
+		},
+		onClose: (code, reason) => {
+			writeStderrLine(`node host gateway closed (${code}): ${reason}`);
+		}
+	});
+	const skillBins = new SkillBinsCache(async () => {
+		const res = await client.request("skills.bins", {});
+		return Array.isArray(res?.bins) ? res.bins.map((bin) => String(bin)) : [];
+	}, pathEnv);
+	client.start();
+	await new Promise(() => {});
+}
+//#endregion
+//#region src/commands/node-daemon-install-helpers.ts
+async function buildNodeInstallPlan(params) {
+	const { devMode, nodePath } = await resolveDaemonInstallRuntimeInputs({
+		env: params.env,
+		runtime: params.runtime,
+		devMode: params.devMode,
+		nodePath: params.nodePath
+	});
+	const { programArguments, workingDirectory } = await resolveNodeProgramArguments({
+		host: params.host,
+		port: params.port,
+		tls: params.tls,
+		tlsFingerprint: params.tlsFingerprint,
+		nodeId: params.nodeId,
+		displayName: params.displayName,
+		dev: devMode,
+		runtime: params.runtime,
+		nodePath
+	});
+	await emitDaemonInstallRuntimeWarning({
+		env: params.env,
+		runtime: params.runtime,
+		programArguments,
+		warn: params.warn,
+		title: "Node daemon runtime"
+	});
+	const environment = buildNodeServiceEnvironment({
+		env: params.env,
+		extraPathDirs: resolveDaemonNodeBinDir(nodePath)
+	});
+	return {
+		programArguments,
+		workingDirectory,
+		environment,
+		description: formatNodeServiceDescription({ version: environment.GENESIS_SERVICE_VERSION })
+	};
+}
+//#endregion
+//#region src/commands/node-daemon-runtime.ts
+const DEFAULT_NODE_DAEMON_RUNTIME = DEFAULT_GATEWAY_DAEMON_RUNTIME;
+function isNodeDaemonRuntime(value) {
+	return isGatewayDaemonRuntime(value);
+}
+//#endregion
+//#region src/cli/node-cli/daemon.ts
+function renderNodeServiceStartHints() {
+	return buildPlatformServiceStartHints({
+		installCommand: formatCliCommand("genesis node install"),
+		startCommand: formatCliCommand("genesis node start"),
+		launchAgentPlistPath: `~/Library/LaunchAgents/${resolveNodeLaunchAgentLabel()}.plist`,
+		systemdServiceName: resolveNodeSystemdServiceName(),
+		windowsTaskName: resolveNodeWindowsTaskName()
+	});
+}
+function buildNodeRuntimeHints(env = process.env) {
+	return buildPlatformRuntimeLogHints({
+		env,
+		systemdServiceName: resolveNodeSystemdServiceName(),
+		windowsTaskName: resolveNodeWindowsTaskName()
+	});
+}
+function resolveNodeDefaults(opts, config) {
+	const host = normalizeOptionalString(opts.host) || config?.gateway?.host || "127.0.0.1";
+	const portOverride = parsePort(opts.port);
+	if (opts.port !== void 0 && portOverride === null) return {
+		host,
+		port: null
+	};
+	return {
+		host,
+		port: portOverride ?? config?.gateway?.port ?? 18789
+	};
+}
+async function runNodeDaemonInstall(opts) {
+	const { json, stdout, warnings, emit, fail } = createDaemonInstallActionContext(opts.json);
+	if (failIfNixDaemonInstallMode(fail)) return;
+	const config = await loadNodeHostConfig();
+	const { host, port } = resolveNodeDefaults(opts, config);
+	if (!Number.isFinite(port ?? NaN) || (port ?? 0) <= 0) {
+		fail("Invalid port");
+		return;
+	}
+	const runtimeRaw = opts.runtime ? opts.runtime : DEFAULT_NODE_DAEMON_RUNTIME;
+	if (!isNodeDaemonRuntime(runtimeRaw)) {
+		fail("Invalid --runtime (use \"node\" or \"bun\")");
+		return;
+	}
+	const service = resolveNodeService();
+	let loaded = false;
+	try {
+		loaded = await service.isLoaded({ env: process.env });
+	} catch (err) {
+		fail(`Node service check failed: ${String(err)}`);
+		return;
+	}
+	if (loaded && !opts.force) {
+		emit({
+			ok: true,
+			result: "already-installed",
+			message: `Node service already ${service.loadedText}.`,
+			service: buildDaemonServiceSnapshot(service, loaded),
+			warnings: warnings.length ? warnings : void 0
+		});
+		if (!json) {
+			defaultRuntime.log(`Node service already ${service.loadedText}.`);
+			defaultRuntime.log(`Reinstall with: ${formatCliCommand("genesis node install --force")}`);
+		}
+		return;
+	}
+	const tlsFingerprint = normalizeOptionalString(opts.tlsFingerprint) || config?.gateway?.tlsFingerprint;
+	const tls = Boolean(opts.tls) || Boolean(tlsFingerprint) || Boolean(config?.gateway?.tls);
+	const { programArguments, workingDirectory, environment, description } = await buildNodeInstallPlan({
+		env: process.env,
+		host,
+		port: port ?? 18789,
+		tls,
+		tlsFingerprint: tlsFingerprint || void 0,
+		nodeId: opts.nodeId,
+		displayName: opts.displayName,
+		runtime: runtimeRaw,
+		warn: (message) => {
+			if (json) warnings.push(message);
+			else defaultRuntime.log(message);
+		}
+	});
+	await installDaemonServiceAndEmit({
+		serviceNoun: "Node",
+		service,
+		warnings,
+		emit,
+		fail,
+		install: async () => {
+			await service.install({
+				env: process.env,
+				stdout,
+				programArguments,
+				workingDirectory,
+				environment,
+				description
+			});
+		}
+	});
+}
+async function runNodeDaemonUninstall(opts = {}) {
+	return await runServiceUninstall({
+		serviceNoun: "Node",
+		service: resolveNodeService(),
+		opts,
+		stopBeforeUninstall: false,
+		assertNotLoadedAfterUninstall: false
+	});
+}
+async function runNodeDaemonRestart(opts = {}) {
+	await runServiceRestart({
+		serviceNoun: "Node",
+		service: resolveNodeService(),
+		renderStartHints: renderNodeServiceStartHints,
+		opts
+	});
+}
+async function runNodeDaemonStop(opts = {}) {
+	return await runServiceStop({
+		serviceNoun: "Node",
+		service: resolveNodeService(),
+		opts
+	});
+}
+async function runNodeDaemonStatus(opts = {}) {
+	const json = Boolean(opts.json);
+	const service = resolveNodeService();
+	const [loaded, command, runtime] = await Promise.all([
+		service.isLoaded({ env: process.env }).catch(() => false),
+		service.readCommand(process.env).catch(() => null),
+		service.readRuntime(process.env).catch((err) => ({
+			status: "unknown",
+			detail: String(err)
+		}))
+	]);
+	const payload = { service: {
+		...buildDaemonServiceSnapshot(service, loaded),
+		command,
+		runtime
+	} };
+	if (json) {
+		defaultRuntime.writeJson(payload);
+		return;
+	}
+	const { rich, label, accent, infoText, okText, warnText, errorText } = createCliStatusTextStyles();
+	const serviceStatus = loaded ? okText(service.loadedText) : warnText(service.notLoadedText);
+	defaultRuntime.log(`${label("Service:")} ${accent(service.label)} (${serviceStatus})`);
+	if (command?.programArguments?.length) defaultRuntime.log(`${label("Command:")} ${infoText(command.programArguments.join(" "))}`);
+	if (command?.sourcePath) defaultRuntime.log(`${label("Service file:")} ${infoText(command.sourcePath)}`);
+	if (command?.workingDirectory) defaultRuntime.log(`${label("Working dir:")} ${infoText(command.workingDirectory)}`);
+	const runtimeLine = formatRuntimeStatus(runtime);
+	if (runtimeLine) {
+		const runtimeColor = resolveRuntimeStatusColor(runtime?.status);
+		defaultRuntime.log(`${label("Runtime:")} ${colorize(rich, runtimeColor, runtimeLine)}`);
+	}
+	if (!loaded) {
+		defaultRuntime.log("");
+		for (const hint of renderNodeServiceStartHints()) defaultRuntime.log(`${warnText("Start with:")} ${infoText(hint)}`);
+		return;
+	}
+	const baseEnv = {
+		...process.env,
+		...command?.environment ?? void 0
+	};
+	const hintEnv = {
+		...baseEnv,
+		GENESIS_LOG_PREFIX: baseEnv.GENESIS_LOG_PREFIX ?? "node"
+	};
+	if (runtime?.missingUnit) {
+		defaultRuntime.error(errorText("Service unit not found."));
+		for (const hint of buildNodeRuntimeHints(hintEnv)) defaultRuntime.error(errorText(hint));
+		return;
+	}
+	if (runtime?.status === "stopped") {
+		defaultRuntime.error(errorText("Service is loaded but not running."));
+		for (const hint of buildNodeRuntimeHints(hintEnv)) defaultRuntime.error(errorText(hint));
+	}
+}
+//#endregion
+//#region src/cli/node-cli/register.ts
+function parsePortWithFallback(value, fallback) {
+	return parsePort(value) ?? fallback;
+}
+function registerNodeCli(program) {
+	const node = program.command("node").description("Run and manage the headless node host service").addHelpText("after", () => `\n${theme.heading("Examples:")}\n${formatHelpExamples([
+		["genesis node run --host 127.0.0.1 --port 18789", "Run the node host in the foreground."],
+		["genesis node status", "Check node host service status."],
+		["genesis node install", "Install the node host service."],
+		["genesis node restart", "Restart the installed node host service."]
+	])}\n\n${theme.muted("Docs:")} ${formatDocsLink("/cli/node", "docs.genesis.ai/cli/node")}\n`);
+	node.command("run").description("Run the headless node host (foreground)").option("--host <host>", "Gateway host").option("--port <port>", "Gateway port").option("--tls", "Use TLS for the gateway connection", false).option("--tls-fingerprint <sha256>", "Expected TLS certificate fingerprint (sha256)").option("--node-id <id>", "Override node id (clears pairing token)").option("--display-name <name>", "Override node display name").action(async (opts) => {
+		const existing = await loadNodeHostConfig();
+		await runNodeHost({
+			gatewayHost: normalizeOptionalString(opts.host) || existing?.gateway?.host || "127.0.0.1",
+			gatewayPort: parsePortWithFallback(opts.port, existing?.gateway?.port ?? 18789),
+			gatewayTls: Boolean(opts.tls) || Boolean(opts.tlsFingerprint),
+			gatewayTlsFingerprint: opts.tlsFingerprint,
+			nodeId: opts.nodeId,
+			displayName: opts.displayName
+		});
+	});
+	node.command("status").description("Show node host status").option("--json", "Output JSON", false).action(async (opts) => {
+		await runNodeDaemonStatus(opts);
+	});
+	node.command("install").description("Install the node host service (launchd/systemd/schtasks)").option("--host <host>", "Gateway host").option("--port <port>", "Gateway port").option("--tls", "Use TLS for the gateway connection", false).option("--tls-fingerprint <sha256>", "Expected TLS certificate fingerprint (sha256)").option("--node-id <id>", "Override node id (clears pairing token)").option("--display-name <name>", "Override node display name").option("--runtime <runtime>", "Service runtime (node|bun). Default: node").option("--force", "Reinstall/overwrite if already installed", false).option("--json", "Output JSON", false).action(async (opts) => {
+		await runNodeDaemonInstall(opts);
+	});
+	node.command("uninstall").description("Uninstall the node host service (launchd/systemd/schtasks)").option("--json", "Output JSON", false).action(async (opts) => {
+		await runNodeDaemonUninstall(opts);
+	});
+	node.command("stop").description("Stop the node host service (launchd/systemd/schtasks)").option("--json", "Output JSON", false).action(async (opts) => {
+		await runNodeDaemonStop(opts);
+	});
+	node.command("restart").description("Restart the node host service (launchd/systemd/schtasks)").option("--json", "Output JSON", false).action(async (opts) => {
+		await runNodeDaemonRestart(opts);
+	});
+}
+//#endregion
+export { registerNodeCli };