@spacebar_ai/moldclaw-core 2026.3.14 → 2026.3.16

package/dist/node-cli-kH16TQI7.js

@@ -1,2498 +0,0 @@
-import "./redact-fatrROh9.js";
-import "./errors-DOJWZqNo.js";
-import "./unhandled-rejections-CTvNvnT0.js";
-import "./logger-BFfIIIKH.js";
-import { _ as resolveStateDir } from "./paths-D6AgsMTU.js";
-import "./tmp-moldclaw-dir-DWF-d8qD.js";
-import { r as theme, t as colorize } from "./theme-BSXzMzAA.js";
-import "./globals-DESrFYmC.js";
-import { m as defaultRuntime } from "./subsystem-S4LNMNHd.js";
-import "./ansi-BPhP6LBZ.js";
-import "./boolean-D8Ha5nYV.js";
-import "./env-Dgex_t9p.js";
-import "./warning-filter-gJuwHM7C.js";
-import "./utils-rjVNXUns.js";
-import { t as formatDocsLink } from "./links-C5I443Xb.js";
-import "./setup-binary-Fw3cCSWL.js";
-import { Gd as formatExecCommand, Kd as resolveSystemRunCommandRequest, Zd as normalizeSystemRunApprovalPlan, df as resolveExecSafeBinRuntimePolicy, lf as isInterpreterLikeSafeBin, lh as getMachineDisplayName, tl as withTimeout } from "./auth-profiles-BJcHzwPy.js";
-import "./model-selection-DfA4esOK.js";
-import { i as resolveAgentConfig } from "./agent-scope-DA7O8MVG.js";
-import "./boundary-file-read-Y1cMjPlu.js";
-import { n as sameFileIdentity } from "./safe-open-sync-BlMTEZMw.js";
-import { a as logWarn } from "./logger-wrbK9-ju.js";
-import "./exec-CoBTyh8B.js";
-import "./workspace-CxNKYS0V.js";
-import { Bt as normalizeExecutableToken, Ht as unwrapKnownDispatchWrapperInvocation, Kt as resolveInlineCommandMatch, Mt as resolveCommandResolutionFromArgv, Nt as resolveExecutableFromPathEnv, Pt as POSIX_SHELL_WRAPPERS, Ut as unwrapKnownShellMultiplexerInvocation, Wt as POSIX_INLINE_COMMAND_FLAGS, s as loadConfig, vt as analyzeArgvCommand, wt as resolvePlannedSegmentArgv } from "./io-DcoxdH6t.js";
-import { a as sanitizeSystemRunEnvOverrides, i as sanitizeHostExecEnv } from "./host-env-security-xy11yVnm.js";
-import "./safe-text-BcUvBreN.js";
-import { n as VERSION } from "./version-rW_3ob2o.js";
-import "./env-substitution-C9xZMTDL.js";
-import "./config-state-D1JkXt39.js";
-import "./network-mode-CE-ihBf6.js";
-import { t as splitShellArgs } from "./shell-argv-C1FHz2HS.js";
-import "./registry-DcDGl2X7.js";
-import "./manifest-registry-_0xclaVY.js";
-import "./ip-w605xvSx.js";
-import "./zod-schema.core-CWxzqcUs.js";
-import "./config-CkD8DJ7L.js";
-import "./audit-fs-SjcfoPO7.js";
-import "./resolve-3ErMOltL.js";
-import "./provider-web-search-BR7etTjJ.js";
-import "./text-runtime-CgEQ9Y9_.js";
-import "./workspace-dirs-L1_QQ9mB.js";
-import { n as resolveBrowserConfig } from "./config-BbxrRaLf.js";
-import { t as formatCliCommand } from "./command-format-DIDjlImI.js";
-import "./tailnet-KyAU6tj_.js";
-import "./net-B_Iq_SVP.js";
-import "./credentials-D5uBf_C5.js";
-import { _ as startBrowserControlServiceFromConfig, f as redactCdpUrl, g as createBrowserControlContext, h as createBrowserRouteDispatcher } from "./routes-BNDsNO_e.js";
-import "./frontmatter-BTDAgsA3.js";
-import "./env-overrides-BHxqjYZG.js";
-import "./path-alias-guards-B3ZKrId1.js";
-import "./skills-B4h1k-SP.js";
-import { r as writeJsonAtomic } from "./json-files-BhLX9wE7.js";
-import "./ports-BVwQuCIR.js";
-import "./ports-lsof-DiY6GaAf.js";
-import "./ssh-tunnel-BaHTFPzH.js";
-import "./image-ops-Uw4rEShL.js";
-import "./fs-safe-Da4H0IOU.js";
-import { t as detectMime } from "./mime-_IkgFMS2.js";
-import "./server-middleware-BPq4bu3A.js";
-import { _ as GATEWAY_CLIENT_MODES, v as GATEWAY_CLIENT_NAMES } from "./message-channel-CKeDAoOT.js";
-import "./resolve-route-IkBfMjBz.js";
-import "./internal-hooks-0x1JiQ5f.js";
-import "./lazy-runtime-DdzFA4b9.js";
-import "./config-schema-GQ6uWjXe.js";
-import { nn as loadOrCreateDeviceIdentity, u as GatewayClient } from "./method-scopes-D-Q9dvbj.js";
-import "./session-cost-usage-B-57mlS8.js";
-import "./paths-CDWV-9nX.js";
-import "./routing-3o2D0ix4.js";
-import "./send-Cm9v3uhF.js";
-import { E as evaluateShellAllowlist, T as evaluateExecAllowlist, _ as recordAllowlistUse, b as resolveExecApprovals, f as normalizeExecApprovals, g as readExecApprovalsSnapshot, j as requestJsonlSocket, k as resolveAllowAlwaysPatterns, o as addAllowlistEntry, s as ensureExecApprovals, u as mergeExecApprovalsSocketDefaults, w as saveExecApprovals, y as requiresExecApproval } from "./node-resolve-DfOpQmxm.js";
-import "./provider-stream-gVymYPmd.js";
-import "./identity-file-DM4N5_7H.js";
-import "./provider-models-BA3hqqPq.js";
-import "./secret-file-Bjh19aoH.js";
-import "./logging-BdFqMomc.js";
-import "./runtime-env-CT-voxYE.js";
-import "./registry-xhgvU89y.js";
-import "./provider-onboard-CBC3kdk_.js";
-import "./model-definitions-DwehIMlw.js";
-import "./diagnostic-vMghIesG.js";
-import "./message-hook-mappers-DORrSLHM.js";
-import "./json-store-DlpyvQXN.js";
-import "./call-CoaQYq7c.js";
-import "./multimodal-BWF8MRkz.js";
-import "./memory-search-BBG2BKIh.js";
-import "./query-expansion-8R79qExs.js";
-import "./search-manager-CfizyEMk.js";
-import "./core-EKuk2FxR.js";
-import "./issue-format-i6sEuV4a.js";
-import "./logging-S-5LPdfQ.js";
-import "./note-z78_JyNp.js";
-import "./state-paths-C7dX__ql.js";
-import "./config-value-Dh8m-CFf.js";
-import "./command-secret-targets-CO_lZ_ZZ.js";
-import "./brave-BG5Yopn8.js";
-import "./provider-usage-DzuzbNBv.js";
-import "./perplexity-Brhpb45X.js";
-import { _ as resolveNodeWindowsTaskName, c as formatNodeServiceDescription, g as resolveNodeSystemdServiceName, h as resolveNodeLaunchAgentLabel } from "./constants-WvU01Mp_.js";
-import "./restart-stale-pids-CN9ElYwR.js";
-import "./delivery-queue-DLjFP-0C.js";
-import "./pairing-token-ANLRyJSu.js";
-import "./accounts-BCaV8MsT.js";
-import "./process-runtime-CicRKAFe.js";
-import "./audit-BqRK9OSj.js";
-import "./cli-runtime-DtIDS2w7.js";
-import "./cli-utils-FHeUZLsT.js";
-import { t as formatHelpExamples } from "./help-format-1yV2Xzq7.js";
-import "./progress-BQSTKUhd.js";
-import { n as resolveGatewayConnectionAuth } from "./gateway-runtime-C76hUmUV.js";
-import { i as resolveNodeProgramArguments, n as resolveDaemonInstallRuntimeInputs, t as emitDaemonInstallRuntimeWarning } from "./daemon-install-plan.shared-B0aOTaiV.js";
-import { c as buildNodeServiceEnvironment } from "./runtime-paths-DPdaWILN.js";
-import "./runtime-guard-CcWejJVQ.js";
-import { r as isGatewayDaemonRuntime, t as DEFAULT_GATEWAY_DAEMON_RUNTIME } from "./daemon-runtime-BPknjyQD.js";
-import "./runtime-parse-BmC9qo9I.js";
-import "./launchd-C1YgvbKp.js";
-import "./service-DLhEn8sS.js";
-import "./systemd-BD-XXrY3.js";
-import { f as buildDaemonServiceSnapshot, h as installDaemonServiceAndEmit, n as createDaemonInstallActionContext, r as failIfNixDaemonInstallMode, t as createCliStatusTextStyles, u as resolveRuntimeStatusColor } from "./shared-DMm9TCU6.js";
-import { c as buildPlatformRuntimeLogHints, l as buildPlatformServiceStartHints, u as formatRuntimeStatus } from "./systemd-hints-LWwXTYeY.js";
-import { t as parsePort } from "./parse-port-BZ2l6YzE.js";
-import { i as runServiceUninstall, r as runServiceStop, t as runServiceRestart } from "./lifecycle-core-Ctz36PdQ.js";
-import { t as ensuremoldClawCliOnPath } from "./path-env-JKt31Dxc.js";
-import { i as NODE_SYSTEM_RUN_COMMANDS, n as NODE_EXEC_APPROVALS_COMMANDS, t as NODE_BROWSER_PROXY_COMMAND } from "./node-commands-CJPr3qAo.js";
-import { t as resolveNodeService } from "./node-service-DnHU1_vE.js";
-import fs from "node:fs";
-import path from "node:path";
-import { spawn, spawnSync } from "node:child_process";
-import fs$1 from "node:fs/promises";
-import crypto from "node:crypto";
-//#region src/node-host/config.ts
-const NODE_HOST_FILE = "node.json";
-function resolveNodeHostConfigPath() {
-	return path.join(resolveStateDir(), NODE_HOST_FILE);
-}
-function normalizeConfig(config) {
-	const base = {
-		version: 1,
-		nodeId: "",
-		token: config?.token,
-		displayName: config?.displayName,
-		gateway: config?.gateway
-	};
-	if (config?.version === 1 && typeof config.nodeId === "string") base.nodeId = config.nodeId.trim();
-	if (!base.nodeId) base.nodeId = crypto.randomUUID();
-	return base;
-}
-async function loadNodeHostConfig() {
-	const filePath = resolveNodeHostConfigPath();
-	try {
-		const raw = await fs$1.readFile(filePath, "utf8");
-		return normalizeConfig(JSON.parse(raw));
-	} catch {
-		return null;
-	}
-}
-async function saveNodeHostConfig(config) {
-	await writeJsonAtomic(resolveNodeHostConfigPath(), config, { mode: 384 });
-}
-async function ensureNodeHostConfig() {
-	const normalized = normalizeConfig(await loadNodeHostConfig());
-	await saveNodeHostConfig(normalized);
-	return normalized;
-}
-//#endregion
-//#region src/infra/exec-host.ts
-async function requestExecHostViaSocket(params) {
-	const { socketPath, token, request } = params;
-	if (!socketPath || !token) return null;
-	const timeoutMs = params.timeoutMs ?? 2e4;
-	const requestJson = JSON.stringify(request);
-	const nonce = crypto.randomBytes(16).toString("hex");
-	const ts = Date.now();
-	const hmac = crypto.createHmac("sha256", token).update(`${nonce}:${ts}:${requestJson}`).digest("hex");
-	return await requestJsonlSocket({
-		socketPath,
-		payload: JSON.stringify({
-			type: "exec",
-			id: crypto.randomUUID(),
-			nonce,
-			ts,
-			hmac,
-			requestJson
-		}),
-		timeoutMs,
-		accept: (value) => {
-			const msg = value;
-			if (msg?.type !== "exec-res") return;
-			if (msg.ok === true && msg.payload) return {
-				ok: true,
-				payload: msg.payload
-			};
-			if (msg.ok === false && msg.error) return {
-				ok: false,
-				error: msg.error
-			};
-			return null;
-		}
-	});
-}
-//#endregion
-//#region src/node-host/invoke-browser.ts
-const BROWSER_PROXY_MAX_FILE_BYTES = 10 * 1024 * 1024;
-const DEFAULT_BROWSER_PROXY_TIMEOUT_MS = 2e4;
-const BROWSER_PROXY_STATUS_TIMEOUT_MS = 750;
-function normalizeProfileAllowlist(raw) {
-	return Array.isArray(raw) ? raw.map((entry) => entry.trim()).filter(Boolean) : [];
-}
-function resolveBrowserProxyConfig() {
-	const proxy = loadConfig().nodeHost?.browserProxy;
-	const allowProfiles = normalizeProfileAllowlist(proxy?.allowProfiles);
-	return {
-		enabled: proxy?.enabled !== false,
-		allowProfiles
-	};
-}
-let browserControlReady = null;
-async function ensureBrowserControlService() {
-	if (browserControlReady) return browserControlReady;
-	browserControlReady = (async () => {
-		const cfg = loadConfig();
-		if (!resolveBrowserConfig(cfg.browser, cfg).enabled) throw new Error("browser control disabled");
-		if (!await startBrowserControlServiceFromConfig()) throw new Error("browser control disabled");
-	})();
-	return browserControlReady;
-}
-function isProfileAllowed(params) {
-	const { allowProfiles, profile } = params;
-	if (!allowProfiles.length) return true;
-	if (!profile) return false;
-	return allowProfiles.includes(profile.trim());
-}
-function collectBrowserProxyPaths(payload) {
-	const paths = /* @__PURE__ */ new Set();
-	const obj = typeof payload === "object" && payload !== null ? payload : null;
-	if (!obj) return [];
-	if (typeof obj.path === "string" && obj.path.trim()) paths.add(obj.path.trim());
-	if (typeof obj.imagePath === "string" && obj.imagePath.trim()) paths.add(obj.imagePath.trim());
-	const download = obj.download;
-	if (download && typeof download === "object") {
-		const dlPath = download.path;
-		if (typeof dlPath === "string" && dlPath.trim()) paths.add(dlPath.trim());
-	}
-	return [...paths];
-}
-async function readBrowserProxyFile(filePath) {
-	const stat = await fs$1.stat(filePath).catch(() => null);
-	if (!stat || !stat.isFile()) return null;
-	if (stat.size > BROWSER_PROXY_MAX_FILE_BYTES) throw new Error(`browser proxy file exceeds ${Math.round(BROWSER_PROXY_MAX_FILE_BYTES / (1024 * 1024))}MB`);
-	const buffer = await fs$1.readFile(filePath);
-	const mimeType = await detectMime({
-		buffer,
-		filePath
-	});
-	return {
-		path: filePath,
-		base64: buffer.toString("base64"),
-		mimeType
-	};
-}
-function decodeParams$1(raw) {
-	if (!raw) throw new Error("INVALID_REQUEST: paramsJSON required");
-	return JSON.parse(raw);
-}
-function resolveBrowserProxyTimeout(timeoutMs) {
-	return typeof timeoutMs === "number" && Number.isFinite(timeoutMs) ? Math.max(1, Math.floor(timeoutMs)) : DEFAULT_BROWSER_PROXY_TIMEOUT_MS;
-}
-function isBrowserProxyTimeoutError(err) {
-	return String(err).includes("browser proxy request timed out");
-}
-function isWsBackedBrowserProxyPath(path) {
-	return path === "/act" || path === "/navigate" || path === "/pdf" || path === "/screenshot" || path === "/snapshot";
-}
-async function readBrowserProxyStatus(params) {
-	const query = params.profile ? { profile: params.profile } : {};
-	try {
-		const response = await withTimeout((signal) => params.dispatcher.dispatch({
-			method: "GET",
-			path: "/",
-			query,
-			signal
-		}), BROWSER_PROXY_STATUS_TIMEOUT_MS, "browser proxy status");
-		if (response.status >= 400 || !response.body || typeof response.body !== "object") return null;
-		const body = response.body;
-		return {
-			running: body.running,
-			transport: body.transport,
-			cdpHttp: body.cdpHttp,
-			cdpReady: body.cdpReady,
-			cdpUrl: body.cdpUrl
-		};
-	} catch {
-		return null;
-	}
-}
-function formatBrowserProxyTimeoutMessage(params) {
-	const parts = [`browser proxy timed out for ${params.method} ${params.path} after ${params.timeoutMs}ms`, params.wsBacked ? "ws-backed browser action" : "browser action"];
-	if (params.profile) parts.push(`profile=${params.profile}`);
-	if (params.status) {
-		const statusParts = [
-			`running=${String(params.status.running)}`,
-			`cdpHttp=${String(params.status.cdpHttp)}`,
-			`cdpReady=${String(params.status.cdpReady)}`
-		];
-		if (typeof params.status.transport === "string" && params.status.transport.trim()) statusParts.push(`transport=${params.status.transport}`);
-		if (typeof params.status.cdpUrl === "string" && params.status.cdpUrl.trim()) statusParts.push(`cdpUrl=${redactCdpUrl(params.status.cdpUrl)}`);
-		parts.push(`status(${statusParts.join(", ")})`);
-	}
-	return parts.join("; ");
-}
-async function runBrowserProxyCommand(paramsJSON) {
-	const params = decodeParams$1(paramsJSON);
-	const pathValue = typeof params.path === "string" ? params.path.trim() : "";
-	if (!pathValue) throw new Error("INVALID_REQUEST: path required");
-	const proxyConfig = resolveBrowserProxyConfig();
-	if (!proxyConfig.enabled) throw new Error("UNAVAILABLE: node browser proxy disabled");
-	await ensureBrowserControlService();
-	const cfg = loadConfig();
-	const resolved = resolveBrowserConfig(cfg.browser, cfg);
-	const requestedProfile = typeof params.profile === "string" ? params.profile.trim() : "";
-	const allowedProfiles = proxyConfig.allowProfiles;
-	if (allowedProfiles.length > 0) {
-		if (pathValue !== "/profiles") {
-			if (!isProfileAllowed({
-				allowProfiles: allowedProfiles,
-				profile: requestedProfile || resolved.defaultProfile
-			})) throw new Error("INVALID_REQUEST: browser profile not allowed");
-		} else if (requestedProfile) {
-			if (!isProfileAllowed({
-				allowProfiles: allowedProfiles,
-				profile: requestedProfile
-			})) throw new Error("INVALID_REQUEST: browser profile not allowed");
-		}
-	}
-	const method = typeof params.method === "string" ? params.method.toUpperCase() : "GET";
-	const path = pathValue.startsWith("/") ? pathValue : `/${pathValue}`;
-	const body = params.body;
-	const timeoutMs = resolveBrowserProxyTimeout(params.timeoutMs);
-	const query = {};
-	if (requestedProfile) query.profile = requestedProfile;
-	const rawQuery = params.query ?? {};
-	for (const [key, value] of Object.entries(rawQuery)) {
-		if (value === void 0 || value === null) continue;
-		query[key] = typeof value === "string" ? value : String(value);
-	}
-	const dispatcher = createBrowserRouteDispatcher(createBrowserControlContext());
-	let response;
-	try {
-		response = await withTimeout((signal) => dispatcher.dispatch({
-			method: method === "DELETE" ? "DELETE" : method === "POST" ? "POST" : "GET",
-			path,
-			query,
-			body,
-			signal
-		}), timeoutMs, "browser proxy request");
-	} catch (err) {
-		if (!isBrowserProxyTimeoutError(err)) throw err;
-		const profileForStatus = requestedProfile || resolved.defaultProfile;
-		const status = await readBrowserProxyStatus({
-			dispatcher,
-			profile: path === "/profiles" ? void 0 : profileForStatus
-		});
-		throw new Error(formatBrowserProxyTimeoutMessage({
-			method,
-			path,
-			profile: path === "/profiles" ? void 0 : profileForStatus || void 0,
-			timeoutMs,
-			wsBacked: isWsBackedBrowserProxyPath(path),
-			status
-		}), { cause: err });
-	}
-	if (response.status >= 400) {
-		const message = response.body && typeof response.body === "object" && "error" in response.body ? String(response.body.error) : `HTTP ${response.status}`;
-		throw new Error(message);
-	}
-	const result = response.body;
-	if (allowedProfiles.length > 0 && path === "/profiles") {
-		const obj = typeof result === "object" && result !== null ? result : {};
-		obj.profiles = (Array.isArray(obj.profiles) ? obj.profiles : []).filter((entry) => {
-			if (!entry || typeof entry !== "object") return false;
-			const name = entry.name;
-			return typeof name === "string" && allowedProfiles.includes(name);
-		});
-	}
-	let files;
-	const paths = collectBrowserProxyPaths(result);
-	if (paths.length > 0) {
-		const loaded = await Promise.all(paths.map(async (p) => {
-			try {
-				const file = await readBrowserProxyFile(p);
-				if (!file) throw new Error("file not found");
-				return file;
-			} catch (err) {
-				throw new Error(`browser proxy file read failed for ${p}: ${String(err)}`, { cause: err });
-			}
-		}));
-		if (loaded.length > 0) files = loaded;
-	}
-	const payload = files ? {
-		result,
-		files
-	} : { result };
-	return JSON.stringify(payload);
-}
-//#endregion
-//#region src/node-host/exec-policy.ts
-function resolveExecApprovalDecision(value) {
-	if (value === "allow-once" || value === "allow-always") return value;
-	return null;
-}
-function formatSystemRunAllowlistMissMessage(params) {
-	if (params?.windowsShellWrapperBlocked) return "SYSTEM_RUN_DENIED: allowlist miss (Windows shell wrappers like cmd.exe /c require approval; approve once/always or run with --ask on-miss|always)";
-	if (params?.shellWrapperBlocked) return "SYSTEM_RUN_DENIED: allowlist miss (shell wrappers like sh/bash/zsh -c require approval; approve once/always or run with --ask on-miss|always)";
-	return "SYSTEM_RUN_DENIED: allowlist miss";
-}
-function evaluateSystemRunPolicy(params) {
-	const shellWrapperBlocked = params.security === "allowlist" && params.shellWrapperInvocation;
-	const windowsShellWrapperBlocked = shellWrapperBlocked && params.isWindows && params.cmdInvocation;
-	const analysisOk = shellWrapperBlocked ? false : params.analysisOk;
-	const allowlistSatisfied = shellWrapperBlocked ? false : params.allowlistSatisfied;
-	const approvedByAsk = params.approvalDecision !== null || params.approved === true;
-	if (params.security === "deny") return {
-		allowed: false,
-		eventReason: "security=deny",
-		errorMessage: "SYSTEM_RUN_DISABLED: security=deny",
-		analysisOk,
-		allowlistSatisfied,
-		shellWrapperBlocked,
-		windowsShellWrapperBlocked,
-		requiresAsk: false,
-		approvalDecision: params.approvalDecision,
-		approvedByAsk
-	};
-	const requiresAsk = requiresExecApproval({
-		ask: params.ask,
-		security: params.security,
-		analysisOk,
-		allowlistSatisfied
-	});
-	if (requiresAsk && !approvedByAsk) return {
-		allowed: false,
-		eventReason: "approval-required",
-		errorMessage: "SYSTEM_RUN_DENIED: approval required",
-		analysisOk,
-		allowlistSatisfied,
-		shellWrapperBlocked,
-		windowsShellWrapperBlocked,
-		requiresAsk,
-		approvalDecision: params.approvalDecision,
-		approvedByAsk
-	};
-	if (params.security === "allowlist" && (!analysisOk || !allowlistSatisfied) && !approvedByAsk) return {
-		allowed: false,
-		eventReason: "allowlist-miss",
-		errorMessage: formatSystemRunAllowlistMissMessage({
-			shellWrapperBlocked,
-			windowsShellWrapperBlocked
-		}),
-		analysisOk,
-		allowlistSatisfied,
-		shellWrapperBlocked,
-		windowsShellWrapperBlocked,
-		requiresAsk,
-		approvalDecision: params.approvalDecision,
-		approvedByAsk
-	};
-	return {
-		allowed: true,
-		analysisOk,
-		allowlistSatisfied,
-		shellWrapperBlocked,
-		windowsShellWrapperBlocked,
-		requiresAsk,
-		approvalDecision: params.approvalDecision,
-		approvedByAsk
-	};
-}
-//#endregion
-//#region src/node-host/invoke-system-run-allowlist.ts
-function evaluateSystemRunAllowlist(params) {
-	if (params.shellCommand) {
-		const allowlistEval = evaluateShellAllowlist({
-			command: params.shellCommand,
-			allowlist: params.approvals.allowlist,
-			safeBins: params.safeBins,
-			safeBinProfiles: params.safeBinProfiles,
-			cwd: params.cwd,
-			env: params.env,
-			trustedSafeBinDirs: params.trustedSafeBinDirs,
-			skillBins: params.skillBins,
-			autoAllowSkills: params.autoAllowSkills,
-			platform: process.platform
-		});
-		return {
-			analysisOk: allowlistEval.analysisOk,
-			allowlistMatches: allowlistEval.allowlistMatches,
-			allowlistSatisfied: params.security === "allowlist" && allowlistEval.analysisOk ? allowlistEval.allowlistSatisfied : false,
-			segments: allowlistEval.segments
-		};
-	}
-	const analysis = analyzeArgvCommand({
-		argv: params.argv,
-		cwd: params.cwd,
-		env: params.env
-	});
-	const allowlistEval = evaluateExecAllowlist({
-		analysis,
-		allowlist: params.approvals.allowlist,
-		safeBins: params.safeBins,
-		safeBinProfiles: params.safeBinProfiles,
-		cwd: params.cwd,
-		trustedSafeBinDirs: params.trustedSafeBinDirs,
-		skillBins: params.skillBins,
-		autoAllowSkills: params.autoAllowSkills
-	});
-	return {
-		analysisOk: analysis.ok,
-		allowlistMatches: allowlistEval.allowlistMatches,
-		allowlistSatisfied: params.security === "allowlist" && analysis.ok ? allowlistEval.allowlistSatisfied : false,
-		segments: analysis.segments
-	};
-}
-function resolvePlannedAllowlistArgv(params) {
-	if (params.security !== "allowlist" || params.policy.approvedByAsk || params.shellCommand || !params.policy.analysisOk || !params.policy.allowlistSatisfied || params.segments.length !== 1) return;
-	const plannedAllowlistArgv = resolvePlannedSegmentArgv(params.segments[0]);
-	return plannedAllowlistArgv && plannedAllowlistArgv.length > 0 ? plannedAllowlistArgv : null;
-}
-function resolveSystemRunExecArgv(params) {
-	let execArgv = params.plannedAllowlistArgv ?? params.argv;
-	if (params.security === "allowlist" && params.isWindows && !params.policy.approvedByAsk && params.shellCommand && params.policy.analysisOk && params.policy.allowlistSatisfied && params.segments.length === 1 && params.segments[0]?.argv.length > 0) execArgv = params.segments[0].argv;
-	return execArgv;
-}
-function applyOutputTruncation(result) {
-	if (!result.truncated) return;
-	const suffix = "... (truncated)";
-	if (result.stderr.trim().length > 0) result.stderr = `${result.stderr}\n${suffix}`;
-	else result.stdout = `${result.stdout}\n${suffix}`;
-}
-//#endregion
-//#region src/node-host/invoke-system-run-plan.ts
-const MUTABLE_ARGV1_INTERPRETER_PATTERNS = [
-	/^(?:node|nodejs)$/,
-	/^perl$/,
-	/^php$/,
-	/^python(?:\d+(?:\.\d+)*)?$/,
-	/^ruby$/
-];
-const GENERIC_MUTABLE_SCRIPT_RUNNERS = new Set([
-	"esno",
-	"jiti",
-	"ts-node",
-	"ts-node-esm",
-	"tsx",
-	"vite-node"
-]);
-const BUN_SUBCOMMANDS = new Set([
-	"add",
-	"audit",
-	"completions",
-	"create",
-	"exec",
-	"help",
-	"init",
-	"install",
-	"link",
-	"outdated",
-	"patch",
-	"pm",
-	"publish",
-	"remove",
-	"repl",
-	"run",
-	"test",
-	"unlink",
-	"update",
-	"upgrade",
-	"x"
-]);
-const BUN_OPTIONS_WITH_VALUE = new Set([
-	"--backend",
-	"--bunfig",
-	"--conditions",
-	"--config",
-	"--console-depth",
-	"--cwd",
-	"--define",
-	"--elide-lines",
-	"--env-file",
-	"--extension-order",
-	"--filter",
-	"--hot",
-	"--inspect",
-	"--inspect-brk",
-	"--inspect-wait",
-	"--install",
-	"--jsx-factory",
-	"--jsx-fragment",
-	"--jsx-import-source",
-	"--loader",
-	"--origin",
-	"--port",
-	"--preload",
-	"--smol",
-	"--tsconfig-override",
-	"-c",
-	"-e",
-	"-p",
-	"-r"
-]);
-const DENO_RUN_OPTIONS_WITH_VALUE = new Set([
-	"--cached-only",
-	"--cert",
-	"--config",
-	"--env-file",
-	"--ext",
-	"--harmony-import-attributes",
-	"--import-map",
-	"--inspect",
-	"--inspect-brk",
-	"--inspect-wait",
-	"--location",
-	"--log-level",
-	"--lock",
-	"--node-modules-dir",
-	"--no-check",
-	"--preload",
-	"--reload",
-	"--seed",
-	"--strace-ops",
-	"--unstable-bare-node-builtins",
-	"--v8-flags",
-	"--watch",
-	"--watch-exclude",
-	"-L"
-]);
-const NODE_OPTIONS_WITH_FILE_VALUE = new Set([
-	"-r",
-	"--experimental-loader",
-	"--import",
-	"--loader",
-	"--require"
-]);
-const RUBY_UNSAFE_APPROVAL_FLAGS = new Set([
-	"-I",
-	"-r",
-	"--require"
-]);
-const PERL_UNSAFE_APPROVAL_FLAGS = new Set([
-	"-I",
-	"-M",
-	"-m"
-]);
-const POSIX_SHELL_OPTIONS_WITH_VALUE = new Set([
-	"--init-file",
-	"--rcfile",
-	"--startup-script",
-	"-o"
-]);
-const NPM_EXEC_OPTIONS_WITH_VALUE = new Set([
-	"--cache",
-	"--package",
-	"--prefix",
-	"--script-shell",
-	"--userconfig",
-	"--workspace",
-	"-p",
-	"-w"
-]);
-const NPM_EXEC_FLAG_OPTIONS = new Set([
-	"--no",
-	"--quiet",
-	"--ws",
-	"--workspaces",
-	"--yes",
-	"-q",
-	"-y"
-]);
-const PNPM_OPTIONS_WITH_VALUE = new Set([
-	"--config",
-	"--dir",
-	"--filter",
-	"--reporter",
-	"--stream",
-	"--test-pattern",
-	"--workspace-concurrency",
-	"-C"
-]);
-const PNPM_FLAG_OPTIONS = new Set([
-	"--aggregate-output",
-	"--color",
-	"--recursive",
-	"--silent",
-	"--workspace-root",
-	"-r"
-]);
-function normalizeString(value) {
-	if (typeof value !== "string") return null;
-	const trimmed = value.trim();
-	return trimmed ? trimmed : null;
-}
-function pathComponentsFromRootSync(targetPath) {
-	const absolute = path.resolve(targetPath);
-	const parts = [];
-	let cursor = absolute;
-	while (true) {
-		parts.unshift(cursor);
-		const parent = path.dirname(cursor);
-		if (parent === cursor) return parts;
-		cursor = parent;
-	}
-}
-function isWritableByCurrentProcessSync(candidate) {
-	try {
-		fs.accessSync(candidate, fs.constants.W_OK);
-		return true;
-	} catch {
-		return false;
-	}
-}
-function hasMutableSymlinkPathComponentSync(targetPath) {
-	for (const component of pathComponentsFromRootSync(targetPath)) try {
-		if (!fs.lstatSync(component).isSymbolicLink()) continue;
-		if (isWritableByCurrentProcessSync(path.dirname(component))) return true;
-	} catch {
-		return true;
-	}
-	return false;
-}
-function shouldPinExecutableForApproval(params) {
-	if (params.shellCommand !== null) return false;
-	return (params.wrapperChain?.length ?? 0) === 0;
-}
-function hashFileContentsSync(filePath) {
-	return crypto.createHash("sha256").update(fs.readFileSync(filePath)).digest("hex");
-}
-function looksLikePathToken(token) {
-	return token.startsWith(".") || token.startsWith("/") || token.startsWith("\\") || token.includes("/") || token.includes("\\") || path.extname(token).length > 0;
-}
-function resolvesToExistingFileSync(rawOperand, cwd) {
-	if (!rawOperand) return false;
-	try {
-		return fs.statSync(path.resolve(cwd ?? process.cwd(), rawOperand)).isFile();
-	} catch {
-		return false;
-	}
-}
-function unwrapArgvForMutableOperand(argv) {
-	let current = argv;
-	let baseIndex = 0;
-	while (true) {
-		const dispatchUnwrap = unwrapKnownDispatchWrapperInvocation(current);
-		if (dispatchUnwrap.kind === "unwrapped") {
-			baseIndex += current.length - dispatchUnwrap.argv.length;
-			current = dispatchUnwrap.argv;
-			continue;
-		}
-		const shellMultiplexerUnwrap = unwrapKnownShellMultiplexerInvocation(current);
-		if (shellMultiplexerUnwrap.kind === "unwrapped") {
-			baseIndex += current.length - shellMultiplexerUnwrap.argv.length;
-			current = shellMultiplexerUnwrap.argv;
-			continue;
-		}
-		const packageManagerUnwrap = unwrapKnownPackageManagerExecInvocation(current);
-		if (packageManagerUnwrap) {
-			baseIndex += current.length - packageManagerUnwrap.length;
-			current = packageManagerUnwrap;
-			continue;
-		}
-		return {
-			argv: current,
-			baseIndex
-		};
-	}
-}
-function unwrapKnownPackageManagerExecInvocation(argv) {
-	switch (normalizePackageManagerExecToken(argv[0] ?? "")) {
-		case "npm": return unwrapNpmExecInvocation(argv);
-		case "npx":
-		case "bunx": return unwrapDirectPackageExecInvocation(argv);
-		case "pnpm": return unwrapPnpmExecInvocation(argv);
-		default: return null;
-	}
-}
-function normalizePackageManagerExecToken(token) {
-	const normalized = normalizeExecutableToken(token);
-	if (!normalized) return normalized;
-	return normalized.replace(/\.(?:c|m)?js$/i, "");
-}
-function unwrapPnpmExecInvocation(argv) {
-	let idx = 1;
-	while (idx < argv.length) {
-		const token = argv[idx]?.trim() ?? "";
-		if (!token) {
-			idx += 1;
-			continue;
-		}
-		if (token === "--") {
-			idx += 1;
-			continue;
-		}
-		if (!token.startsWith("-")) {
-			if (token === "exec") {
-				if (idx + 1 >= argv.length) return null;
-				const tail = argv.slice(idx + 1);
-				return tail[0] === "--" ? tail.length > 1 ? tail.slice(1) : null : tail;
-			}
-			if (token === "node") {
-				const tail = argv.slice(idx + 1);
-				return ["node", ...tail[0] === "--" ? tail.slice(1) : tail];
-			}
-			return null;
-		}
-		const [flag] = token.toLowerCase().split("=", 2);
-		if (PNPM_OPTIONS_WITH_VALUE.has(flag)) {
-			idx += token.includes("=") ? 1 : 2;
-			continue;
-		}
-		if (PNPM_FLAG_OPTIONS.has(flag)) {
-			idx += 1;
-			continue;
-		}
-		return null;
-	}
-	return null;
-}
-function unwrapDirectPackageExecInvocation(argv) {
-	let idx = 1;
-	while (idx < argv.length) {
-		const token = argv[idx]?.trim() ?? "";
-		if (!token) {
-			idx += 1;
-			continue;
-		}
-		if (!token.startsWith("-")) return argv.slice(idx);
-		const [flag] = token.toLowerCase().split("=", 2);
-		if (flag === "-c" || flag === "--call") return null;
-		if (NPM_EXEC_OPTIONS_WITH_VALUE.has(flag)) {
-			idx += token.includes("=") ? 1 : 2;
-			continue;
-		}
-		if (NPM_EXEC_FLAG_OPTIONS.has(flag)) {
-			idx += 1;
-			continue;
-		}
-		return null;
-	}
-	return null;
-}
-function unwrapNpmExecInvocation(argv) {
-	let idx = 1;
-	while (idx < argv.length) {
-		const token = argv[idx]?.trim() ?? "";
-		if (!token) {
-			idx += 1;
-			continue;
-		}
-		if (!token.startsWith("-")) {
-			if (token !== "exec") return null;
-			idx += 1;
-			break;
-		}
-		if ((token === "-C" || token === "--prefix" || token === "--userconfig") && !token.includes("=")) {
-			idx += 2;
-			continue;
-		}
-		idx += 1;
-	}
-	if (idx >= argv.length) return null;
-	const tail = argv.slice(idx);
-	if (tail[0] === "--") return tail.length > 1 ? tail.slice(1) : null;
-	return unwrapDirectPackageExecInvocation(["npx", ...tail]);
-}
-function resolvePosixShellScriptOperandIndex(argv) {
-	if (resolveInlineCommandMatch(argv, POSIX_INLINE_COMMAND_FLAGS, { allowCombinedC: true }).valueTokenIndex !== null) return null;
-	let afterDoubleDash = false;
-	for (let i = 1; i < argv.length; i += 1) {
-		const token = argv[i]?.trim() ?? "";
-		if (!token) continue;
-		if (token === "-") return null;
-		if (!afterDoubleDash && token === "--") {
-			afterDoubleDash = true;
-			continue;
-		}
-		if (!afterDoubleDash && token === "-s") return null;
-		if (!afterDoubleDash && token.startsWith("-")) {
-			const [flag] = token.toLowerCase().split("=", 2);
-			if (POSIX_SHELL_OPTIONS_WITH_VALUE.has(flag)) {
-				if (!token.includes("=")) i += 1;
-				continue;
-			}
-			continue;
-		}
-		return i;
-	}
-	return null;
-}
-function resolveOptionFilteredFileOperandIndex(params) {
-	let afterDoubleDash = false;
-	for (let i = params.startIndex; i < params.argv.length; i += 1) {
-		const token = params.argv[i]?.trim() ?? "";
-		if (!token) continue;
-		if (afterDoubleDash) return resolvesToExistingFileSync(token, params.cwd) ? i : null;
-		if (token === "--") {
-			afterDoubleDash = true;
-			continue;
-		}
-		if (token === "-") return null;
-		if (token.startsWith("-")) {
-			if (!token.includes("=") && params.optionsWithValue?.has(token)) i += 1;
-			continue;
-		}
-		return resolvesToExistingFileSync(token, params.cwd) ? i : null;
-	}
-	return null;
-}
-function resolveOptionFilteredPositionalIndex(params) {
-	let afterDoubleDash = false;
-	for (let i = params.startIndex; i < params.argv.length; i += 1) {
-		const token = params.argv[i]?.trim() ?? "";
-		if (!token) continue;
-		if (afterDoubleDash) return i;
-		if (token === "--") {
-			afterDoubleDash = true;
-			continue;
-		}
-		if (token === "-") return null;
-		if (token.startsWith("-")) {
-			if (!token.includes("=") && params.optionsWithValue?.has(token)) i += 1;
-			continue;
-		}
-		return i;
-	}
-	return null;
-}
-function collectExistingFileOperandIndexes(params) {
-	let afterDoubleDash = false;
-	const hits = [];
-	for (let i = params.startIndex; i < params.argv.length; i += 1) {
-		const token = params.argv[i]?.trim() ?? "";
-		if (!token) continue;
-		if (afterDoubleDash) {
-			if (resolvesToExistingFileSync(token, params.cwd)) hits.push(i);
-			continue;
-		}
-		if (token === "--") {
-			afterDoubleDash = true;
-			continue;
-		}
-		if (token === "-") return {
-			hits: [],
-			sawOptionValueFile: false
-		};
-		if (token.startsWith("-")) {
-			const [flag, inlineValue] = token.split("=", 2);
-			if (params.optionsWithFileValue?.has(flag.toLowerCase())) {
-				if (inlineValue && resolvesToExistingFileSync(inlineValue, params.cwd)) {
-					hits.push(i);
-					return {
-						hits,
-						sawOptionValueFile: true
-					};
-				}
-				const nextToken = params.argv[i + 1]?.trim() ?? "";
-				if (!inlineValue && nextToken && resolvesToExistingFileSync(nextToken, params.cwd)) {
-					hits.push(i + 1);
-					return {
-						hits,
-						sawOptionValueFile: true
-					};
-				}
-			}
-			continue;
-		}
-		if (resolvesToExistingFileSync(token, params.cwd)) hits.push(i);
-	}
-	return {
-		hits,
-		sawOptionValueFile: false
-	};
-}
-function resolveGenericInterpreterScriptOperandIndex(params) {
-	const collection = collectExistingFileOperandIndexes({
-		argv: params.argv,
-		startIndex: 1,
-		cwd: params.cwd,
-		optionsWithFileValue: params.optionsWithFileValue
-	});
-	if (collection.sawOptionValueFile) return null;
-	return collection.hits.length === 1 ? collection.hits[0] : null;
-}
-function resolveBunScriptOperandIndex(params) {
-	const directIndex = resolveOptionFilteredPositionalIndex({
-		argv: params.argv,
-		startIndex: 1,
-		optionsWithValue: BUN_OPTIONS_WITH_VALUE
-	});
-	if (directIndex === null) return null;
-	const directToken = params.argv[directIndex]?.trim() ?? "";
-	if (directToken === "run") return resolveOptionFilteredFileOperandIndex({
-		argv: params.argv,
-		startIndex: directIndex + 1,
-		cwd: params.cwd,
-		optionsWithValue: BUN_OPTIONS_WITH_VALUE
-	});
-	if (BUN_SUBCOMMANDS.has(directToken)) return null;
-	if (!looksLikePathToken(directToken)) return null;
-	return directIndex;
-}
-function resolveDenoRunScriptOperandIndex(params) {
-	if ((params.argv[1]?.trim() ?? "") !== "run") return null;
-	return resolveOptionFilteredFileOperandIndex({
-		argv: params.argv,
-		startIndex: 2,
-		cwd: params.cwd,
-		optionsWithValue: DENO_RUN_OPTIONS_WITH_VALUE
-	});
-}
-function hasRubyUnsafeApprovalFlag(argv) {
-	let afterDoubleDash = false;
-	for (let i = 1; i < argv.length; i += 1) {
-		const token = argv[i]?.trim() ?? "";
-		if (!token) continue;
-		if (afterDoubleDash) return false;
-		if (token === "--") {
-			afterDoubleDash = true;
-			continue;
-		}
-		if (token === "-I" || token === "-r") return true;
-		if (token.startsWith("-I") || token.startsWith("-r")) return true;
-		if (RUBY_UNSAFE_APPROVAL_FLAGS.has(token.toLowerCase())) return true;
-	}
-	return false;
-}
-function hasPerlUnsafeApprovalFlag(argv) {
-	let afterDoubleDash = false;
-	for (let i = 1; i < argv.length; i += 1) {
-		const token = argv[i]?.trim() ?? "";
-		if (!token) continue;
-		if (afterDoubleDash) return false;
-		if (token === "--") {
-			afterDoubleDash = true;
-			continue;
-		}
-		if (token === "-I" || token === "-M" || token === "-m") return true;
-		if (token.startsWith("-I") || token.startsWith("-M") || token.startsWith("-m")) return true;
-		if (PERL_UNSAFE_APPROVAL_FLAGS.has(token)) return true;
-	}
-	return false;
-}
-function isMutableScriptRunner(executable) {
-	return GENERIC_MUTABLE_SCRIPT_RUNNERS.has(executable) || isInterpreterLikeSafeBin(executable);
-}
-function resolveMutableFileOperandIndex(argv, cwd) {
-	const unwrapped = unwrapArgvForMutableOperand(argv);
-	const executable = normalizeExecutableToken(unwrapped.argv[0] ?? "");
-	if (!executable) return null;
-	if (POSIX_SHELL_WRAPPERS.has(executable)) {
-		const shellIndex = resolvePosixShellScriptOperandIndex(unwrapped.argv);
-		return shellIndex === null ? null : unwrapped.baseIndex + shellIndex;
-	}
-	if (MUTABLE_ARGV1_INTERPRETER_PATTERNS.some((pattern) => pattern.test(executable))) {
-		const operand = unwrapped.argv[1]?.trim() ?? "";
-		if (operand && operand !== "-" && !operand.startsWith("-")) return unwrapped.baseIndex + 1;
-	}
-	if (executable === "bun") {
-		const bunIndex = resolveBunScriptOperandIndex({
-			argv: unwrapped.argv,
-			cwd
-		});
-		if (bunIndex !== null) return unwrapped.baseIndex + bunIndex;
-	}
-	if (executable === "deno") {
-		const denoIndex = resolveDenoRunScriptOperandIndex({
-			argv: unwrapped.argv,
-			cwd
-		});
-		if (denoIndex !== null) return unwrapped.baseIndex + denoIndex;
-	}
-	if (executable === "ruby" && hasRubyUnsafeApprovalFlag(unwrapped.argv)) return null;
-	if (executable === "perl" && hasPerlUnsafeApprovalFlag(unwrapped.argv)) return null;
-	if (!isMutableScriptRunner(executable)) return null;
-	const genericIndex = resolveGenericInterpreterScriptOperandIndex({
-		argv: unwrapped.argv,
-		cwd,
-		optionsWithFileValue: executable === "node" || executable === "nodejs" ? NODE_OPTIONS_WITH_FILE_VALUE : void 0
-	});
-	return genericIndex === null ? null : unwrapped.baseIndex + genericIndex;
-}
-function shellPayloadNeedsStableBinding(shellCommand, cwd) {
-	const argv = splitShellArgs(shellCommand);
-	if (!argv || argv.length === 0) return false;
-	const snapshot = resolveMutableFileOperandSnapshotSync({
-		argv,
-		cwd,
-		shellCommand: null
-	});
-	if (!snapshot.ok) return true;
-	if (snapshot.snapshot) return true;
-	return resolvesToExistingFileSync(argv[0]?.trim() ?? "", cwd);
-}
-function requiresStableInterpreterApprovalBindingWithShellCommand(params) {
-	if (params.shellCommand !== null) return shellPayloadNeedsStableBinding(params.shellCommand, params.cwd);
-	const executable = normalizeExecutableToken(unwrapArgvForMutableOperand(params.argv).argv[0] ?? "");
-	if (!executable) return false;
-	if (POSIX_SHELL_WRAPPERS.has(executable)) return false;
-	return isMutableScriptRunner(executable);
-}
-function resolveMutableFileOperandSnapshotSync(params) {
-	const argvIndex = resolveMutableFileOperandIndex(params.argv, params.cwd);
-	if (argvIndex === null) {
-		if (requiresStableInterpreterApprovalBindingWithShellCommand({
-			argv: params.argv,
-			shellCommand: params.shellCommand,
-			cwd: params.cwd
-		})) return {
-			ok: false,
-			message: "SYSTEM_RUN_DENIED: approval cannot safely bind this interpreter/runtime command"
-		};
-		return {
-			ok: true,
-			snapshot: null
-		};
-	}
-	const rawOperand = params.argv[argvIndex]?.trim();
-	if (!rawOperand) return {
-		ok: false,
-		message: "SYSTEM_RUN_DENIED: approval requires a stable script operand"
-	};
-	const resolvedPath = path.resolve(params.cwd ?? process.cwd(), rawOperand);
-	let realPath;
-	let stat;
-	try {
-		realPath = fs.realpathSync(resolvedPath);
-		stat = fs.statSync(realPath);
-	} catch {
-		return {
-			ok: false,
-			message: "SYSTEM_RUN_DENIED: approval requires an existing script operand"
-		};
-	}
-	if (!stat.isFile()) return {
-		ok: false,
-		message: "SYSTEM_RUN_DENIED: approval requires a file script operand"
-	};
-	return {
-		ok: true,
-		snapshot: {
-			argvIndex,
-			path: realPath,
-			sha256: hashFileContentsSync(realPath)
-		}
-	};
-}
-function resolveCanonicalApprovalCwdSync(cwd) {
-	const requestedCwd = path.resolve(cwd);
-	let cwdLstat;
-	let cwdStat;
-	let cwdReal;
-	let cwdRealStat;
-	try {
-		cwdLstat = fs.lstatSync(requestedCwd);
-		cwdStat = fs.statSync(requestedCwd);
-		cwdReal = fs.realpathSync(requestedCwd);
-		cwdRealStat = fs.statSync(cwdReal);
-	} catch {
-		return {
-			ok: false,
-			message: "SYSTEM_RUN_DENIED: approval requires an existing canonical cwd"
-		};
-	}
-	if (!cwdStat.isDirectory()) return {
-		ok: false,
-		message: "SYSTEM_RUN_DENIED: approval requires cwd to be a directory"
-	};
-	if (hasMutableSymlinkPathComponentSync(requestedCwd)) return {
-		ok: false,
-		message: "SYSTEM_RUN_DENIED: approval requires canonical cwd (no symlink path components)"
-	};
-	if (cwdLstat.isSymbolicLink()) return {
-		ok: false,
-		message: "SYSTEM_RUN_DENIED: approval requires canonical cwd (no symlink cwd)"
-	};
-	if (!sameFileIdentity(cwdStat, cwdLstat) || !sameFileIdentity(cwdStat, cwdRealStat) || !sameFileIdentity(cwdLstat, cwdRealStat)) return {
-		ok: false,
-		message: "SYSTEM_RUN_DENIED: approval cwd identity mismatch"
-	};
-	return {
-		ok: true,
-		snapshot: {
-			cwd: cwdReal,
-			stat: cwdStat
-		}
-	};
-}
-function revalidateApprovedCwdSnapshot(params) {
-	const current = resolveCanonicalApprovalCwdSync(params.snapshot.cwd);
-	if (!current.ok) return false;
-	return sameFileIdentity(params.snapshot.stat, current.snapshot.stat);
-}
-function revalidateApprovedMutableFileOperand(params) {
-	const operand = params.argv[params.snapshot.argvIndex]?.trim();
-	if (!operand) return false;
-	const resolvedPath = path.resolve(params.cwd ?? process.cwd(), operand);
-	let realPath;
-	try {
-		realPath = fs.realpathSync(resolvedPath);
-	} catch {
-		return false;
-	}
-	if (realPath !== params.snapshot.path) return false;
-	try {
-		return hashFileContentsSync(realPath) === params.snapshot.sha256;
-	} catch {
-		return false;
-	}
-}
-function hardenApprovedExecutionPaths(params) {
-	if (!params.approvedByAsk) return {
-		ok: true,
-		argv: params.argv,
-		argvChanged: false,
-		cwd: params.cwd,
-		approvedCwdSnapshot: void 0
-	};
-	let hardenedCwd = params.cwd;
-	let approvedCwdSnapshot;
-	if (hardenedCwd) {
-		const canonicalCwd = resolveCanonicalApprovalCwdSync(hardenedCwd);
-		if (!canonicalCwd.ok) return canonicalCwd;
-		hardenedCwd = canonicalCwd.snapshot.cwd;
-		approvedCwdSnapshot = canonicalCwd.snapshot;
-	}
-	if (params.argv.length === 0) return {
-		ok: true,
-		argv: params.argv,
-		argvChanged: false,
-		cwd: hardenedCwd,
-		approvedCwdSnapshot
-	};
-	const resolution = resolveCommandResolutionFromArgv(params.argv, hardenedCwd);
-	if (!shouldPinExecutableForApproval({
-		shellCommand: params.shellCommand,
-		wrapperChain: resolution?.wrapperChain
-	})) return {
-		ok: true,
-		argv: params.argv,
-		argvChanged: false,
-		cwd: hardenedCwd,
-		approvedCwdSnapshot
-	};
-	const pinnedExecutable = resolution?.resolvedRealPath ?? resolution?.resolvedPath;
-	if (!pinnedExecutable) return {
-		ok: false,
-		message: "SYSTEM_RUN_DENIED: approval requires a stable executable path"
-	};
-	if (pinnedExecutable === params.argv[0]) return {
-		ok: true,
-		argv: params.argv,
-		argvChanged: false,
-		cwd: hardenedCwd,
-		approvedCwdSnapshot
-	};
-	const argv = [...params.argv];
-	argv[0] = pinnedExecutable;
-	return {
-		ok: true,
-		argv,
-		argvChanged: true,
-		cwd: hardenedCwd,
-		approvedCwdSnapshot
-	};
-}
-function buildSystemRunApprovalPlan(params) {
-	const command = resolveSystemRunCommandRequest({
-		command: params.command,
-		rawCommand: params.rawCommand
-	});
-	if (!command.ok) return {
-		ok: false,
-		message: command.message
-	};
-	if (command.argv.length === 0) return {
-		ok: false,
-		message: "command required"
-	};
-	const hardening = hardenApprovedExecutionPaths({
-		approvedByAsk: true,
-		argv: command.argv,
-		shellCommand: command.shellPayload,
-		cwd: normalizeString(params.cwd) ?? void 0
-	});
-	if (!hardening.ok) return {
-		ok: false,
-		message: hardening.message
-	};
-	const commandText = formatExecCommand(hardening.argv);
-	const commandPreview = command.previewText?.trim() && command.previewText.trim() !== commandText ? command.previewText.trim() : null;
-	const mutableFileOperand = resolveMutableFileOperandSnapshotSync({
-		argv: hardening.argv,
-		cwd: hardening.cwd,
-		shellCommand: command.shellPayload
-	});
-	if (!mutableFileOperand.ok) return {
-		ok: false,
-		message: mutableFileOperand.message
-	};
-	return {
-		ok: true,
-		plan: {
-			argv: hardening.argv,
-			cwd: hardening.cwd ?? null,
-			commandText,
-			commandPreview,
-			agentId: normalizeString(params.agentId),
-			sessionKey: normalizeString(params.sessionKey),
-			mutableFileOperand: mutableFileOperand.snapshot ?? void 0
-		}
-	};
-}
-//#endregion
-//#region src/node-host/invoke-system-run.ts
-const safeBinTrustedDirWarningCache = /* @__PURE__ */ new Set();
-const APPROVAL_CWD_DRIFT_DENIED_MESSAGE = "SYSTEM_RUN_DENIED: approval cwd changed before execution";
-const APPROVAL_SCRIPT_OPERAND_BINDING_DENIED_MESSAGE = "SYSTEM_RUN_DENIED: approval missing script operand binding";
-const APPROVAL_SCRIPT_OPERAND_DRIFT_DENIED_MESSAGE = "SYSTEM_RUN_DENIED: approval script operand changed before execution";
-function warnWritableTrustedDirOnce(message) {
-	if (safeBinTrustedDirWarningCache.has(message)) return;
-	safeBinTrustedDirWarningCache.add(message);
-	logWarn(message);
-}
-function normalizeDeniedReason(reason) {
-	switch (reason) {
-		case "security=deny":
-		case "approval-required":
-		case "allowlist-miss":
-		case "execution-plan-miss":
-		case "companion-unavailable":
-		case "permission:screenRecording": return reason;
-		default: return "approval-required";
-	}
-}
-async function sendSystemRunDenied(opts, execution, params) {
-	await opts.sendNodeEvent(opts.client, "exec.denied", opts.buildExecEventPayload({
-		sessionKey: execution.sessionKey,
-		runId: execution.runId,
-		host: "node",
-		command: execution.commandText,
-		reason: params.reason,
-		suppressNotifyOnExit: execution.suppressNotifyOnExit
-	}));
-	await opts.sendInvokeResult({
-		ok: false,
-		error: {
-			code: "UNAVAILABLE",
-			message: params.message
-		}
-	});
-}
-async function sendSystemRunCompleted(opts, execution, result, payloadJSON) {
-	await opts.sendExecFinishedEvent({
-		sessionKey: execution.sessionKey,
-		runId: execution.runId,
-		commandText: execution.commandText,
-		result,
-		suppressNotifyOnExit: execution.suppressNotifyOnExit
-	});
-	await opts.sendInvokeResult({
-		ok: true,
-		payloadJSON
-	});
-}
-async function parseSystemRunPhase(opts) {
-	const command = resolveSystemRunCommandRequest({
-		command: opts.params.command,
-		rawCommand: opts.params.rawCommand
-	});
-	if (!command.ok) {
-		await opts.sendInvokeResult({
-			ok: false,
-			error: {
-				code: "INVALID_REQUEST",
-				message: command.message
-			}
-		});
-		return null;
-	}
-	if (command.argv.length === 0) {
-		await opts.sendInvokeResult({
-			ok: false,
-			error: {
-				code: "INVALID_REQUEST",
-				message: "command required"
-			}
-		});
-		return null;
-	}
-	const shellPayload = command.shellPayload;
-	const commandText = command.commandText;
-	const approvalPlan = opts.params.systemRunPlan === void 0 ? null : normalizeSystemRunApprovalPlan(opts.params.systemRunPlan);
-	if (opts.params.systemRunPlan !== void 0 && !approvalPlan) {
-		await opts.sendInvokeResult({
-			ok: false,
-			error: {
-				code: "INVALID_REQUEST",
-				message: "systemRunPlan invalid"
-			}
-		});
-		return null;
-	}
-	const agentId = opts.params.agentId?.trim() || void 0;
-	const sessionKey = opts.params.sessionKey?.trim() || "node";
-	const runId = opts.params.runId?.trim() || crypto.randomUUID();
-	const suppressNotifyOnExit = opts.params.suppressNotifyOnExit === true;
-	const envOverrides = sanitizeSystemRunEnvOverrides({
-		overrides: opts.params.env ?? void 0,
-		shellWrapper: shellPayload !== null
-	});
-	return {
-		argv: command.argv,
-		shellPayload,
-		commandText,
-		commandPreview: command.previewText,
-		approvalPlan,
-		agentId,
-		sessionKey,
-		runId,
-		execution: {
-			sessionKey,
-			runId,
-			commandText,
-			suppressNotifyOnExit
-		},
-		approvalDecision: resolveExecApprovalDecision(opts.params.approvalDecision),
-		envOverrides,
-		env: opts.sanitizeEnv(envOverrides),
-		cwd: opts.params.cwd?.trim() || void 0,
-		timeoutMs: opts.params.timeoutMs ?? void 0,
-		needsScreenRecording: opts.params.needsScreenRecording === true,
-		approved: opts.params.approved === true,
-		suppressNotifyOnExit
-	};
-}
-async function evaluateSystemRunPolicyPhase(opts, parsed) {
-	const cfg = loadConfig();
-	const agentExec = parsed.agentId ? resolveAgentConfig(cfg, parsed.agentId)?.tools?.exec : void 0;
-	const configuredSecurity = opts.resolveExecSecurity(agentExec?.security ?? cfg.tools?.exec?.security);
-	const configuredAsk = opts.resolveExecAsk(agentExec?.ask ?? cfg.tools?.exec?.ask);
-	const approvals = resolveExecApprovals(parsed.agentId, {
-		security: configuredSecurity,
-		ask: configuredAsk
-	});
-	const security = approvals.agent.security;
-	const ask = approvals.agent.ask;
-	const autoAllowSkills = approvals.agent.autoAllowSkills;
-	const { safeBins, safeBinProfiles, trustedSafeBinDirs } = resolveExecSafeBinRuntimePolicy({
-		global: cfg.tools?.exec,
-		local: agentExec,
-		onWarning: warnWritableTrustedDirOnce
-	});
-	const bins = autoAllowSkills ? await opts.skillBins.current() : [];
-	let { analysisOk, allowlistMatches, allowlistSatisfied, segments } = evaluateSystemRunAllowlist({
-		shellCommand: parsed.shellPayload,
-		argv: parsed.argv,
-		approvals,
-		security,
-		safeBins,
-		safeBinProfiles,
-		trustedSafeBinDirs,
-		cwd: parsed.cwd,
-		env: parsed.env,
-		skillBins: bins,
-		autoAllowSkills
-	});
-	const isWindows = process.platform === "win32";
-	const cmdInvocation = parsed.shellPayload ? opts.isCmdExeInvocation(segments[0]?.argv ?? []) : opts.isCmdExeInvocation(parsed.argv);
-	const policy = evaluateSystemRunPolicy({
-		security,
-		ask,
-		analysisOk,
-		allowlistSatisfied,
-		approvalDecision: parsed.approvalDecision,
-		approved: parsed.approved,
-		isWindows,
-		cmdInvocation,
-		shellWrapperInvocation: parsed.shellPayload !== null
-	});
-	analysisOk = policy.analysisOk;
-	allowlistSatisfied = policy.allowlistSatisfied;
-	if (!policy.allowed) {
-		await sendSystemRunDenied(opts, parsed.execution, {
-			reason: policy.eventReason,
-			message: policy.errorMessage
-		});
-		return null;
-	}
-	if (security === "allowlist" && parsed.shellPayload && !policy.approvedByAsk) {
-		await sendSystemRunDenied(opts, parsed.execution, {
-			reason: "approval-required",
-			message: "SYSTEM_RUN_DENIED: approval required"
-		});
-		return null;
-	}
-	const hardenedPaths = hardenApprovedExecutionPaths({
-		approvedByAsk: policy.approvedByAsk,
-		argv: parsed.argv,
-		shellCommand: parsed.shellPayload,
-		cwd: parsed.cwd
-	});
-	if (!hardenedPaths.ok) {
-		await sendSystemRunDenied(opts, parsed.execution, {
-			reason: "approval-required",
-			message: hardenedPaths.message
-		});
-		return null;
-	}
-	const approvedCwdSnapshot = policy.approvedByAsk ? hardenedPaths.approvedCwdSnapshot : void 0;
-	if (policy.approvedByAsk && hardenedPaths.cwd && !approvedCwdSnapshot) {
-		await sendSystemRunDenied(opts, parsed.execution, {
-			reason: "approval-required",
-			message: APPROVAL_CWD_DRIFT_DENIED_MESSAGE
-		});
-		return null;
-	}
-	const plannedAllowlistArgv = resolvePlannedAllowlistArgv({
-		security,
-		shellCommand: parsed.shellPayload,
-		policy,
-		segments
-	});
-	if (plannedAllowlistArgv === null) {
-		await sendSystemRunDenied(opts, parsed.execution, {
-			reason: "execution-plan-miss",
-			message: "SYSTEM_RUN_DENIED: execution plan mismatch"
-		});
-		return null;
-	}
-	return {
-		...parsed,
-		argv: hardenedPaths.argv,
-		cwd: hardenedPaths.cwd,
-		approvals,
-		security,
-		policy,
-		allowlistMatches,
-		analysisOk,
-		allowlistSatisfied,
-		segments,
-		plannedAllowlistArgv: plannedAllowlistArgv ?? void 0,
-		isWindows,
-		approvedCwdSnapshot
-	};
-}
-async function executeSystemRunPhase(opts, phase) {
-	if (phase.approvedCwdSnapshot && !revalidateApprovedCwdSnapshot({ snapshot: phase.approvedCwdSnapshot })) {
-		logWarn(`security: system.run approval cwd drift blocked (runId=${phase.runId})`);
-		await sendSystemRunDenied(opts, phase.execution, {
-			reason: "approval-required",
-			message: APPROVAL_CWD_DRIFT_DENIED_MESSAGE
-		});
-		return;
-	}
-	const expectedMutableFileOperand = phase.approvalPlan ? resolveMutableFileOperandSnapshotSync({
-		argv: phase.argv,
-		cwd: phase.cwd,
-		shellCommand: phase.shellPayload
-	}) : null;
-	if (expectedMutableFileOperand && !expectedMutableFileOperand.ok) {
-		logWarn(`security: system.run approval script binding blocked (runId=${phase.runId})`);
-		await sendSystemRunDenied(opts, phase.execution, {
-			reason: "approval-required",
-			message: expectedMutableFileOperand.message
-		});
-		return;
-	}
-	if (expectedMutableFileOperand?.snapshot && !phase.approvalPlan?.mutableFileOperand) {
-		logWarn(`security: system.run approval script binding missing (runId=${phase.runId})`);
-		await sendSystemRunDenied(opts, phase.execution, {
-			reason: "approval-required",
-			message: APPROVAL_SCRIPT_OPERAND_BINDING_DENIED_MESSAGE
-		});
-		return;
-	}
-	if (phase.approvalPlan?.mutableFileOperand && !revalidateApprovedMutableFileOperand({
-		snapshot: phase.approvalPlan.mutableFileOperand,
-		argv: phase.argv,
-		cwd: phase.cwd
-	})) {
-		logWarn(`security: system.run approval script drift blocked (runId=${phase.runId})`);
-		await sendSystemRunDenied(opts, phase.execution, {
-			reason: "approval-required",
-			message: APPROVAL_SCRIPT_OPERAND_DRIFT_DENIED_MESSAGE
-		});
-		return;
-	}
-	if (opts.preferMacAppExecHost) {
-		const execRequest = {
-			command: phase.plannedAllowlistArgv ?? phase.argv,
-			rawCommand: phase.commandText || null,
-			cwd: phase.cwd ?? null,
-			env: phase.envOverrides ?? null,
-			timeoutMs: phase.timeoutMs ?? null,
-			needsScreenRecording: phase.needsScreenRecording,
-			agentId: phase.agentId ?? null,
-			sessionKey: phase.sessionKey ?? null,
-			approvalDecision: phase.approvalDecision
-		};
-		const response = await opts.runViaMacAppExecHost({
-			approvals: phase.approvals,
-			request: execRequest
-		});
-		if (!response) {
-			if (opts.execHostEnforced || !opts.execHostFallbackAllowed) {
-				await sendSystemRunDenied(opts, phase.execution, {
-					reason: "companion-unavailable",
-					message: "COMPANION_APP_UNAVAILABLE: macOS app exec host unreachable"
-				});
-				return;
-			}
-		} else if (!response.ok) {
-			await sendSystemRunDenied(opts, phase.execution, {
-				reason: normalizeDeniedReason(response.error.reason),
-				message: response.error.message
-			});
-			return;
-		} else {
-			const result = response.payload;
-			await sendSystemRunCompleted(opts, phase.execution, result, JSON.stringify(result));
-			return;
-		}
-	}
-	if (phase.policy.approvalDecision === "allow-always" && phase.security === "allowlist") {
-		if (phase.policy.analysisOk) {
-			const patterns = resolveAllowAlwaysPatterns({
-				segments: phase.segments,
-				cwd: phase.cwd,
-				env: phase.env,
-				platform: process.platform
-			});
-			for (const pattern of patterns) if (pattern) addAllowlistEntry(phase.approvals.file, phase.agentId, pattern);
-		}
-	}
-	if (phase.allowlistMatches.length > 0) {
-		const seen = /* @__PURE__ */ new Set();
-		for (const match of phase.allowlistMatches) {
-			if (!match?.pattern || seen.has(match.pattern)) continue;
-			seen.add(match.pattern);
-			recordAllowlistUse(phase.approvals.file, phase.agentId, match, phase.commandText, phase.segments[0]?.resolution?.resolvedPath);
-		}
-	}
-	if (phase.needsScreenRecording) {
-		await sendSystemRunDenied(opts, phase.execution, {
-			reason: "permission:screenRecording",
-			message: "PERMISSION_MISSING: screenRecording"
-		});
-		return;
-	}
-	const execArgv = resolveSystemRunExecArgv({
-		plannedAllowlistArgv: phase.plannedAllowlistArgv,
-		argv: phase.argv,
-		security: phase.security,
-		isWindows: phase.isWindows,
-		policy: phase.policy,
-		shellCommand: phase.shellPayload,
-		segments: phase.segments
-	});
-	const result = await opts.runCommand(execArgv, phase.cwd, phase.env, phase.timeoutMs);
-	applyOutputTruncation(result);
-	await sendSystemRunCompleted(opts, phase.execution, result, JSON.stringify({
-		exitCode: result.exitCode,
-		timedOut: result.timedOut,
-		success: result.success,
-		stdout: result.stdout,
-		stderr: result.stderr,
-		error: result.error ?? null
-	}));
-}
-async function handleSystemRunInvoke(opts) {
-	const parsed = await parseSystemRunPhase(opts);
-	if (!parsed) return;
-	const policyPhase = await evaluateSystemRunPolicyPhase(opts, parsed);
-	if (!policyPhase) return;
-	await executeSystemRunPhase(opts, policyPhase);
-}
-//#endregion
-//#region src/node-host/invoke.ts
-const OUTPUT_CAP = 2e5;
-const OUTPUT_EVENT_TAIL = 2e4;
-const DEFAULT_NODE_PATH$1 = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin";
-const WINDOWS_CODEPAGE_ENCODING_MAP = {
-	65001: "utf-8",
-	54936: "gb18030",
-	936: "gbk",
-	950: "big5",
-	932: "shift_jis",
-	949: "euc-kr",
-	1252: "windows-1252"
-};
-let cachedWindowsConsoleEncoding;
-const execHostEnforced = process.env.MOLDCLAW_NODE_EXEC_HOST?.trim().toLowerCase() === "app";
-const execHostFallbackAllowed = process.env.MOLDCLAW_NODE_EXEC_FALLBACK?.trim().toLowerCase() !== "0";
-const preferMacAppExecHost = process.platform === "darwin" && execHostEnforced;
-function resolveExecSecurity(value) {
-	return value === "deny" || value === "allowlist" || value === "full" ? value : "allowlist";
-}
-function isCmdExeInvocation(argv) {
-	const token = argv[0]?.trim();
-	if (!token) return false;
-	const base = path.win32.basename(token).toLowerCase();
-	return base === "cmd.exe" || base === "cmd";
-}
-function resolveExecAsk(value) {
-	return value === "off" || value === "on-miss" || value === "always" ? value : "on-miss";
-}
-function sanitizeEnv(overrides) {
-	return sanitizeHostExecEnv({
-		overrides,
-		blockPathOverrides: true
-	});
-}
-function truncateOutput(raw, maxChars) {
-	if (raw.length <= maxChars) return {
-		text: raw,
-		truncated: false
-	};
-	return {
-		text: `... (truncated) ${raw.slice(raw.length - maxChars)}`,
-		truncated: true
-	};
-}
-function parseWindowsCodePage(raw) {
-	if (!raw) return null;
-	const match = raw.match(/\b(\d{3,5})\b/);
-	if (!match?.[1]) return null;
-	const codePage = Number.parseInt(match[1], 10);
-	if (!Number.isFinite(codePage) || codePage <= 0) return null;
-	return codePage;
-}
-function resolveWindowsConsoleEncoding() {
-	if (process.platform !== "win32") return null;
-	if (cachedWindowsConsoleEncoding !== void 0) return cachedWindowsConsoleEncoding;
-	try {
-		const result = spawnSync("cmd.exe", [
-			"/d",
-			"/s",
-			"/c",
-			"chcp"
-		], {
-			windowsHide: true,
-			encoding: "utf8",
-			stdio: [
-				"ignore",
-				"pipe",
-				"pipe"
-			]
-		});
-		const codePage = parseWindowsCodePage(`${result.stdout ?? ""}\n${result.stderr ?? ""}`);
-		cachedWindowsConsoleEncoding = codePage !== null ? WINDOWS_CODEPAGE_ENCODING_MAP[codePage] ?? null : null;
-	} catch {
-		cachedWindowsConsoleEncoding = null;
-	}
-	return cachedWindowsConsoleEncoding;
-}
-function decodeCapturedOutputBuffer(params) {
-	const utf8 = params.buffer.toString("utf8");
-	if ((params.platform ?? process.platform) !== "win32") return utf8;
-	const encoding = params.windowsEncoding ?? resolveWindowsConsoleEncoding();
-	if (!encoding || encoding.toLowerCase() === "utf-8") return utf8;
-	try {
-		return new TextDecoder(encoding).decode(params.buffer);
-	} catch {
-		return utf8;
-	}
-}
-function redactExecApprovals(file) {
-	const socketPath = file.socket?.path?.trim();
-	return {
-		...file,
-		socket: socketPath ? { path: socketPath } : void 0
-	};
-}
-function requireExecApprovalsBaseHash(params, snapshot) {
-	if (!snapshot.exists) return;
-	if (!snapshot.hash) throw new Error("INVALID_REQUEST: exec approvals base hash unavailable; reload and retry");
-	const baseHash = typeof params.baseHash === "string" ? params.baseHash.trim() : "";
-	if (!baseHash) throw new Error("INVALID_REQUEST: exec approvals base hash required; reload and retry");
-	if (baseHash !== snapshot.hash) throw new Error("INVALID_REQUEST: exec approvals changed; reload and retry");
-}
-async function runCommand(argv, cwd, env, timeoutMs) {
-	return await new Promise((resolve) => {
-		const stdoutChunks = [];
-		const stderrChunks = [];
-		let outputLen = 0;
-		let truncated = false;
-		let timedOut = false;
-		let settled = false;
-		const windowsEncoding = resolveWindowsConsoleEncoding();
-		const child = spawn(argv[0], argv.slice(1), {
-			cwd,
-			env,
-			stdio: [
-				"ignore",
-				"pipe",
-				"pipe"
-			],
-			windowsHide: true
-		});
-		const onChunk = (chunk, target) => {
-			if (outputLen >= OUTPUT_CAP) {
-				truncated = true;
-				return;
-			}
-			const remaining = OUTPUT_CAP - outputLen;
-			const slice = chunk.length > remaining ? chunk.subarray(0, remaining) : chunk;
-			outputLen += slice.length;
-			if (target === "stdout") stdoutChunks.push(slice);
-			else stderrChunks.push(slice);
-			if (chunk.length > remaining) truncated = true;
-		};
-		child.stdout?.on("data", (chunk) => onChunk(chunk, "stdout"));
-		child.stderr?.on("data", (chunk) => onChunk(chunk, "stderr"));
-		let timer;
-		if (timeoutMs && timeoutMs > 0) timer = setTimeout(() => {
-			timedOut = true;
-			try {
-				child.kill("SIGKILL");
-			} catch {}
-		}, timeoutMs);
-		const finalize = (exitCode, error) => {
-			if (settled) return;
-			settled = true;
-			if (timer) clearTimeout(timer);
-			const stdout = decodeCapturedOutputBuffer({
-				buffer: Buffer.concat(stdoutChunks),
-				windowsEncoding
-			});
-			const stderr = decodeCapturedOutputBuffer({
-				buffer: Buffer.concat(stderrChunks),
-				windowsEncoding
-			});
-			resolve({
-				exitCode,
-				timedOut,
-				success: exitCode === 0 && !timedOut && !error,
-				stdout,
-				stderr,
-				error: error ?? null,
-				truncated
-			});
-		};
-		child.on("error", (err) => {
-			finalize(void 0, err.message);
-		});
-		child.on("exit", (code) => {
-			finalize(code === null ? void 0 : code, null);
-		});
-	});
-}
-function resolveEnvPath(env) {
-	return (env?.PATH ?? env?.Path ?? process.env.PATH ?? process.env.Path ?? DEFAULT_NODE_PATH$1).split(path.delimiter).filter(Boolean);
-}
-function resolveExecutable(bin, env) {
-	if (bin.includes("/") || bin.includes("\\")) return null;
-	const extensions = process.platform === "win32" ? (process.env.PATHEXT ?? process.env.PathExt ?? ".EXE;.CMD;.BAT;.COM").split(";").map((ext) => ext.toLowerCase()) : [""];
-	for (const dir of resolveEnvPath(env)) for (const ext of extensions) {
-		const candidate = path.join(dir, bin + ext);
-		if (fs.existsSync(candidate)) return candidate;
-	}
-	return null;
-}
-async function handleSystemWhich(params, env) {
-	const bins = params.bins.map((bin) => bin.trim()).filter(Boolean);
-	const found = {};
-	for (const bin of bins) {
-		const path = resolveExecutable(bin, env);
-		if (path) found[bin] = path;
-	}
-	return { bins: found };
-}
-function buildExecEventPayload(payload) {
-	if (!payload.output) return payload;
-	const trimmed = payload.output.trim();
-	if (!trimmed) return payload;
-	const { text } = truncateOutput(trimmed, OUTPUT_EVENT_TAIL);
-	return {
-		...payload,
-		output: text
-	};
-}
-async function sendExecFinishedEvent(params) {
-	const combined = [
-		params.result.stdout,
-		params.result.stderr,
-		params.result.error
-	].filter(Boolean).join("\n");
-	await sendNodeEvent(params.client, "exec.finished", buildExecEventPayload({
-		sessionKey: params.sessionKey,
-		runId: params.runId,
-		host: "node",
-		command: params.commandText,
-		exitCode: params.result.exitCode ?? void 0,
-		timedOut: params.result.timedOut,
-		success: params.result.success,
-		output: combined,
-		suppressNotifyOnExit: params.suppressNotifyOnExit
-	}));
-}
-async function runViaMacAppExecHost(params) {
-	const { approvals, request } = params;
-	return await requestExecHostViaSocket({
-		socketPath: approvals.socketPath,
-		token: approvals.token,
-		request
-	});
-}
-async function sendJsonPayloadResult(client, frame, payload) {
-	await sendInvokeResult(client, frame, {
-		ok: true,
-		payloadJSON: JSON.stringify(payload)
-	});
-}
-async function sendRawPayloadResult(client, frame, payloadJSON) {
-	await sendInvokeResult(client, frame, {
-		ok: true,
-		payloadJSON
-	});
-}
-async function sendErrorResult(client, frame, code, message) {
-	await sendInvokeResult(client, frame, {
-		ok: false,
-		error: {
-			code,
-			message
-		}
-	});
-}
-async function sendInvalidRequestResult(client, frame, err) {
-	await sendErrorResult(client, frame, "INVALID_REQUEST", String(err));
-}
-async function handleInvoke(frame, client, skillBins) {
-	const command = String(frame.command ?? "");
-	if (command === "system.execApprovals.get") {
-		try {
-			ensureExecApprovals();
-			const snapshot = readExecApprovalsSnapshot();
-			await sendJsonPayloadResult(client, frame, {
-				path: snapshot.path,
-				exists: snapshot.exists,
-				hash: snapshot.hash,
-				file: redactExecApprovals(snapshot.file)
-			});
-		} catch (err) {
-			const message = String(err);
-			await sendErrorResult(client, frame, message.toLowerCase().includes("timed out") ? "TIMEOUT" : "INVALID_REQUEST", message);
-		}
-		return;
-	}
-	if (command === "system.execApprovals.set") {
-		try {
-			const params = decodeParams(frame.paramsJSON);
-			if (!params.file || typeof params.file !== "object") throw new Error("INVALID_REQUEST: exec approvals file required");
-			ensureExecApprovals();
-			const snapshot = readExecApprovalsSnapshot();
-			requireExecApprovalsBaseHash(params, snapshot);
-			saveExecApprovals(mergeExecApprovalsSocketDefaults({
-				normalized: normalizeExecApprovals(params.file),
-				current: snapshot.file
-			}));
-			const nextSnapshot = readExecApprovalsSnapshot();
-			await sendJsonPayloadResult(client, frame, {
-				path: nextSnapshot.path,
-				exists: nextSnapshot.exists,
-				hash: nextSnapshot.hash,
-				file: redactExecApprovals(nextSnapshot.file)
-			});
-		} catch (err) {
-			await sendInvalidRequestResult(client, frame, err);
-		}
-		return;
-	}
-	if (command === "system.which") {
-		try {
-			const params = decodeParams(frame.paramsJSON);
-			if (!Array.isArray(params.bins)) throw new Error("INVALID_REQUEST: bins required");
-			await sendJsonPayloadResult(client, frame, await handleSystemWhich(params, sanitizeEnv(void 0)));
-		} catch (err) {
-			await sendInvalidRequestResult(client, frame, err);
-		}
-		return;
-	}
-	if (command === "browser.proxy") {
-		try {
-			await sendRawPayloadResult(client, frame, await runBrowserProxyCommand(frame.paramsJSON));
-		} catch (err) {
-			await sendInvalidRequestResult(client, frame, err);
-		}
-		return;
-	}
-	if (command === "system.run.prepare") {
-		try {
-			const prepared = buildSystemRunApprovalPlan(decodeParams(frame.paramsJSON));
-			if (!prepared.ok) {
-				await sendErrorResult(client, frame, "INVALID_REQUEST", prepared.message);
-				return;
-			}
-			await sendJsonPayloadResult(client, frame, { plan: prepared.plan });
-		} catch (err) {
-			await sendInvalidRequestResult(client, frame, err);
-		}
-		return;
-	}
-	if (command !== "system.run") {
-		await sendErrorResult(client, frame, "UNAVAILABLE", "command not supported");
-		return;
-	}
-	let params;
-	try {
-		params = decodeParams(frame.paramsJSON);
-	} catch (err) {
-		await sendInvalidRequestResult(client, frame, err);
-		return;
-	}
-	if (!Array.isArray(params.command) || params.command.length === 0) {
-		await sendErrorResult(client, frame, "INVALID_REQUEST", "command required");
-		return;
-	}
-	await handleSystemRunInvoke({
-		client,
-		params,
-		skillBins,
-		execHostEnforced,
-		execHostFallbackAllowed,
-		resolveExecSecurity,
-		resolveExecAsk,
-		isCmdExeInvocation,
-		sanitizeEnv,
-		runCommand,
-		runViaMacAppExecHost,
-		sendNodeEvent,
-		buildExecEventPayload,
-		sendInvokeResult: async (result) => {
-			await sendInvokeResult(client, frame, result);
-		},
-		sendExecFinishedEvent: async ({ sessionKey, runId, commandText, result }) => {
-			await sendExecFinishedEvent({
-				client,
-				sessionKey,
-				runId,
-				commandText,
-				result
-			});
-		},
-		preferMacAppExecHost
-	});
-}
-function decodeParams(raw) {
-	if (!raw) throw new Error("INVALID_REQUEST: paramsJSON required");
-	return JSON.parse(raw);
-}
-function coerceNodeInvokePayload(payload) {
-	if (!payload || typeof payload !== "object") return null;
-	const obj = payload;
-	const id = typeof obj.id === "string" ? obj.id.trim() : "";
-	const nodeId = typeof obj.nodeId === "string" ? obj.nodeId.trim() : "";
-	const command = typeof obj.command === "string" ? obj.command.trim() : "";
-	if (!id || !nodeId || !command) return null;
-	return {
-		id,
-		nodeId,
-		command,
-		paramsJSON: typeof obj.paramsJSON === "string" ? obj.paramsJSON : obj.params !== void 0 ? JSON.stringify(obj.params) : null,
-		timeoutMs: typeof obj.timeoutMs === "number" ? obj.timeoutMs : null,
-		idempotencyKey: typeof obj.idempotencyKey === "string" ? obj.idempotencyKey : null
-	};
-}
-async function sendInvokeResult(client, frame, result) {
-	try {
-		await client.request("node.invoke.result", buildNodeInvokeResultParams(frame, result));
-	} catch {}
-}
-function buildNodeInvokeResultParams(frame, result) {
-	const params = {
-		id: frame.id,
-		nodeId: frame.nodeId,
-		ok: result.ok
-	};
-	if (result.payload !== void 0) params.payload = result.payload;
-	if (typeof result.payloadJSON === "string") params.payloadJSON = result.payloadJSON;
-	if (result.error) params.error = result.error;
-	return params;
-}
-async function sendNodeEvent(client, event, payload) {
-	try {
-		await client.request("node.event", {
-			event,
-			payloadJSON: payload ? JSON.stringify(payload) : null
-		});
-	} catch {}
-}
-//#endregion
-//#region src/node-host/runner.ts
-const DEFAULT_NODE_PATH = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin";
-function resolveExecutablePathFromEnv(bin, pathEnv) {
-	if (bin.includes("/") || bin.includes("\\")) return null;
-	return resolveExecutableFromPathEnv(bin, pathEnv) ?? null;
-}
-function resolveSkillBinTrustEntries(bins, pathEnv) {
-	const trustEntries = [];
-	const seen = /* @__PURE__ */ new Set();
-	for (const bin of bins) {
-		const name = bin.trim();
-		if (!name) continue;
-		const resolvedPath = resolveExecutablePathFromEnv(name, pathEnv);
-		if (!resolvedPath) continue;
-		const key = `${name}\u0000${resolvedPath}`;
-		if (seen.has(key)) continue;
-		seen.add(key);
-		trustEntries.push({
-			name,
-			resolvedPath
-		});
-	}
-	return trustEntries.toSorted((left, right) => left.name.localeCompare(right.name) || left.resolvedPath.localeCompare(right.resolvedPath));
-}
-var SkillBinsCache = class {
-	constructor(fetch, pathEnv) {
-		this.bins = [];
-		this.lastRefresh = 0;
-		this.ttlMs = 9e4;
-		this.fetch = fetch;
-		this.pathEnv = pathEnv;
-	}
-	async current(force = false) {
-		if (force || Date.now() - this.lastRefresh > this.ttlMs) await this.refresh();
-		return this.bins;
-	}
-	async refresh() {
-		try {
-			this.bins = resolveSkillBinTrustEntries(await this.fetch(), this.pathEnv);
-			this.lastRefresh = Date.now();
-		} catch {
-			if (!this.lastRefresh) this.bins = [];
-		}
-	}
-};
-function ensureNodePathEnv() {
-	ensuremoldClawCliOnPath({ pathEnv: process.env.PATH ?? "" });
-	const current = process.env.PATH ?? "";
-	if (current.trim()) return current;
-	process.env.PATH = DEFAULT_NODE_PATH;
-	return DEFAULT_NODE_PATH;
-}
-async function resolveNodeHostGatewayCredentials(params) {
-	return await resolveGatewayConnectionAuth({
-		config: (params.config.gateway?.mode === "remote" ? "remote" : "local") === "local" ? buildNodeHostLocalAuthConfig(params.config) : params.config,
-		env: params.env,
-		includeLegacyEnv: false,
-		localTokenPrecedence: "env-first",
-		localPasswordPrecedence: "env-first",
-		remoteTokenPrecedence: "env-first",
-		remotePasswordPrecedence: "env-first"
-	});
-}
-function buildNodeHostLocalAuthConfig(config) {
-	if (!config.gateway?.remote?.token && !config.gateway?.remote?.password) return config;
-	const nextConfig = structuredClone(config);
-	if (nextConfig.gateway?.remote) {
-		nextConfig.gateway.remote.token = void 0;
-		nextConfig.gateway.remote.password = void 0;
-	}
-	return nextConfig;
-}
-async function runNodeHost(opts) {
-	const config = await ensureNodeHostConfig();
-	const nodeId = opts.nodeId?.trim() || config.nodeId;
-	if (nodeId !== config.nodeId) config.nodeId = nodeId;
-	const displayName = opts.displayName?.trim() || config.displayName || await getMachineDisplayName();
-	config.displayName = displayName;
-	const gateway = {
-		host: opts.gatewayHost,
-		port: opts.gatewayPort,
-		tls: opts.gatewayTls ?? loadConfig().gateway?.tls?.enabled ?? false,
-		tlsFingerprint: opts.gatewayTlsFingerprint
-	};
-	config.gateway = gateway;
-	await saveNodeHostConfig(config);
-	const cfg = loadConfig();
-	const resolvedBrowser = resolveBrowserConfig(cfg.browser, cfg);
-	const browserProxyEnabled = cfg.nodeHost?.browserProxy?.enabled !== false && resolvedBrowser.enabled;
-	const { token, password } = await resolveNodeHostGatewayCredentials({
-		config: cfg,
-		env: process.env
-	});
-	const host = gateway.host ?? "127.0.0.1";
-	const port = gateway.port ?? 28789;
-	const url = `${gateway.tls ? "wss" : "ws"}://${host}:${port}`;
-	const pathEnv = ensureNodePathEnv();
-	const client = new GatewayClient({
-		url,
-		token: token || void 0,
-		password: password || void 0,
-		instanceId: nodeId,
-		clientName: GATEWAY_CLIENT_NAMES.NODE_HOST,
-		clientDisplayName: displayName,
-		clientVersion: VERSION,
-		platform: process.platform,
-		mode: GATEWAY_CLIENT_MODES.NODE,
-		role: "node",
-		scopes: [],
-		caps: ["system", ...browserProxyEnabled ? ["browser"] : []],
-		commands: [
-			...NODE_SYSTEM_RUN_COMMANDS,
-			...NODE_EXEC_APPROVALS_COMMANDS,
-			...browserProxyEnabled ? [NODE_BROWSER_PROXY_COMMAND] : []
-		],
-		pathEnv,
-		permissions: void 0,
-		deviceIdentity: loadOrCreateDeviceIdentity(),
-		tlsFingerprint: gateway.tlsFingerprint,
-		onEvent: (evt) => {
-			if (evt.event !== "node.invoke.request") return;
-			const payload = coerceNodeInvokePayload(evt.payload);
-			if (!payload) return;
-			handleInvoke(payload, client, skillBins);
-		},
-		onConnectError: (err) => {
-			console.error(`node host gateway connect failed: ${err.message}`);
-		},
-		onClose: (code, reason) => {
-			console.error(`node host gateway closed (${code}): ${reason}`);
-		}
-	});
-	const skillBins = new SkillBinsCache(async () => {
-		const res = await client.request("skills.bins", {});
-		return Array.isArray(res?.bins) ? res.bins.map((bin) => String(bin)) : [];
-	}, pathEnv);
-	client.start();
-	await new Promise(() => {});
-}
-//#endregion
-//#region src/commands/node-daemon-install-helpers.ts
-async function buildNodeInstallPlan(params) {
-	const { devMode, nodePath } = await resolveDaemonInstallRuntimeInputs({
-		env: params.env,
-		runtime: params.runtime,
-		devMode: params.devMode,
-		nodePath: params.nodePath
-	});
-	const { programArguments, workingDirectory } = await resolveNodeProgramArguments({
-		host: params.host,
-		port: params.port,
-		tls: params.tls,
-		tlsFingerprint: params.tlsFingerprint,
-		nodeId: params.nodeId,
-		displayName: params.displayName,
-		dev: devMode,
-		runtime: params.runtime,
-		nodePath
-	});
-	await emitDaemonInstallRuntimeWarning({
-		env: params.env,
-		runtime: params.runtime,
-		programArguments,
-		warn: params.warn,
-		title: "Node daemon runtime"
-	});
-	const environment = buildNodeServiceEnvironment({ env: params.env });
-	return {
-		programArguments,
-		workingDirectory,
-		environment,
-		description: formatNodeServiceDescription({ version: environment.MOLDCLAW_SERVICE_VERSION })
-	};
-}
-//#endregion
-//#region src/commands/node-daemon-runtime.ts
-const DEFAULT_NODE_DAEMON_RUNTIME = DEFAULT_GATEWAY_DAEMON_RUNTIME;
-function isNodeDaemonRuntime(value) {
-	return isGatewayDaemonRuntime(value);
-}
-//#endregion
-//#region src/cli/node-cli/daemon.ts
-function renderNodeServiceStartHints() {
-	return buildPlatformServiceStartHints({
-		installCommand: formatCliCommand("moldclaw node install"),
-		startCommand: formatCliCommand("moldclaw node start"),
-		launchAgentPlistPath: `~/Library/LaunchAgents/${resolveNodeLaunchAgentLabel()}.plist`,
-		systemdServiceName: resolveNodeSystemdServiceName(),
-		windowsTaskName: resolveNodeWindowsTaskName()
-	});
-}
-function buildNodeRuntimeHints(env = process.env) {
-	return buildPlatformRuntimeLogHints({
-		env,
-		systemdServiceName: resolveNodeSystemdServiceName(),
-		windowsTaskName: resolveNodeWindowsTaskName()
-	});
-}
-function resolveNodeDefaults(opts, config) {
-	const host = opts.host?.trim() || config?.gateway?.host || "127.0.0.1";
-	const portOverride = parsePort(opts.port);
-	if (opts.port !== void 0 && portOverride === null) return {
-		host,
-		port: null
-	};
-	return {
-		host,
-		port: portOverride ?? config?.gateway?.port ?? 28789
-	};
-}
-async function runNodeDaemonInstall(opts) {
-	const { json, stdout, warnings, emit, fail } = createDaemonInstallActionContext(opts.json);
-	if (failIfNixDaemonInstallMode(fail)) return;
-	const config = await loadNodeHostConfig();
-	const { host, port } = resolveNodeDefaults(opts, config);
-	if (!Number.isFinite(port ?? NaN) || (port ?? 0) <= 0) {
-		fail("Invalid port");
-		return;
-	}
-	const runtimeRaw = opts.runtime ? String(opts.runtime) : DEFAULT_NODE_DAEMON_RUNTIME;
-	if (!isNodeDaemonRuntime(runtimeRaw)) {
-		fail("Invalid --runtime (use \"node\" or \"bun\")");
-		return;
-	}
-	const service = resolveNodeService();
-	let loaded = false;
-	try {
-		loaded = await service.isLoaded({ env: process.env });
-	} catch (err) {
-		fail(`Node service check failed: ${String(err)}`);
-		return;
-	}
-	if (loaded && !opts.force) {
-		emit({
-			ok: true,
-			result: "already-installed",
-			message: `Node service already ${service.loadedText}.`,
-			service: buildDaemonServiceSnapshot(service, loaded),
-			warnings: warnings.length ? warnings : void 0
-		});
-		if (!json) {
-			defaultRuntime.log(`Node service already ${service.loadedText}.`);
-			defaultRuntime.log(`Reinstall with: ${formatCliCommand("moldclaw node install --force")}`);
-		}
-		return;
-	}
-	const tlsFingerprint = opts.tlsFingerprint?.trim() || config?.gateway?.tlsFingerprint;
-	const tls = Boolean(opts.tls) || Boolean(tlsFingerprint) || Boolean(config?.gateway?.tls);
-	const { programArguments, workingDirectory, environment, description } = await buildNodeInstallPlan({
-		env: process.env,
-		host,
-		port: port ?? 28789,
-		tls,
-		tlsFingerprint: tlsFingerprint || void 0,
-		nodeId: opts.nodeId,
-		displayName: opts.displayName,
-		runtime: runtimeRaw,
-		warn: (message) => {
-			if (json) warnings.push(message);
-			else defaultRuntime.log(message);
-		}
-	});
-	await installDaemonServiceAndEmit({
-		serviceNoun: "Node",
-		service,
-		warnings,
-		emit,
-		fail,
-		install: async () => {
-			await service.install({
-				env: process.env,
-				stdout,
-				programArguments,
-				workingDirectory,
-				environment,
-				description
-			});
-		}
-	});
-}
-async function runNodeDaemonUninstall(opts = {}) {
-	return await runServiceUninstall({
-		serviceNoun: "Node",
-		service: resolveNodeService(),
-		opts,
-		stopBeforeUninstall: false,
-		assertNotLoadedAfterUninstall: false
-	});
-}
-async function runNodeDaemonRestart(opts = {}) {
-	await runServiceRestart({
-		serviceNoun: "Node",
-		service: resolveNodeService(),
-		renderStartHints: renderNodeServiceStartHints,
-		opts
-	});
-}
-async function runNodeDaemonStop(opts = {}) {
-	return await runServiceStop({
-		serviceNoun: "Node",
-		service: resolveNodeService(),
-		opts
-	});
-}
-async function runNodeDaemonStatus(opts = {}) {
-	const json = Boolean(opts.json);
-	const service = resolveNodeService();
-	const [loaded, command, runtime] = await Promise.all([
-		service.isLoaded({ env: process.env }).catch(() => false),
-		service.readCommand(process.env).catch(() => null),
-		service.readRuntime(process.env).catch((err) => ({
-			status: "unknown",
-			detail: String(err)
-		}))
-	]);
-	const payload = { service: {
-		...buildDaemonServiceSnapshot(service, loaded),
-		command,
-		runtime
-	} };
-	if (json) {
-		defaultRuntime.log(JSON.stringify(payload, null, 2));
-		return;
-	}
-	const { rich, label, accent, infoText, okText, warnText, errorText } = createCliStatusTextStyles();
-	const serviceStatus = loaded ? okText(service.loadedText) : warnText(service.notLoadedText);
-	defaultRuntime.log(`${label("Service:")} ${accent(service.label)} (${serviceStatus})`);
-	if (command?.programArguments?.length) defaultRuntime.log(`${label("Command:")} ${infoText(command.programArguments.join(" "))}`);
-	if (command?.sourcePath) defaultRuntime.log(`${label("Service file:")} ${infoText(command.sourcePath)}`);
-	if (command?.workingDirectory) defaultRuntime.log(`${label("Working dir:")} ${infoText(command.workingDirectory)}`);
-	const runtimeLine = formatRuntimeStatus(runtime);
-	if (runtimeLine) {
-		const runtimeColor = resolveRuntimeStatusColor(runtime?.status);
-		defaultRuntime.log(`${label("Runtime:")} ${colorize(rich, runtimeColor, runtimeLine)}`);
-	}
-	if (!loaded) {
-		defaultRuntime.log("");
-		for (const hint of renderNodeServiceStartHints()) defaultRuntime.log(`${warnText("Start with:")} ${infoText(hint)}`);
-		return;
-	}
-	const baseEnv = {
-		...process.env,
-		...command?.environment ?? void 0
-	};
-	const hintEnv = {
-		...baseEnv,
-		MOLDCLAW_LOG_PREFIX: baseEnv.MOLDCLAW_LOG_PREFIX ?? "node"
-	};
-	if (runtime?.missingUnit) {
-		defaultRuntime.error(errorText("Service unit not found."));
-		for (const hint of buildNodeRuntimeHints(hintEnv)) defaultRuntime.error(errorText(hint));
-		return;
-	}
-	if (runtime?.status === "stopped") {
-		defaultRuntime.error(errorText("Service is loaded but not running."));
-		for (const hint of buildNodeRuntimeHints(hintEnv)) defaultRuntime.error(errorText(hint));
-	}
-}
-//#endregion
-//#region src/cli/node-cli/register.ts
-function parsePortWithFallback(value, fallback) {
-	return parsePort(value) ?? fallback;
-}
-function registerNodeCli(program) {
-	const node = program.command("node").description("Run and manage the headless node host service").addHelpText("after", () => `\n${theme.heading("Examples:")}\n${formatHelpExamples([
-		["moldclaw node run --host 127.0.0.1 --port 28789", "Run the node host in the foreground."],
-		["moldclaw node status", "Check node host service status."],
-		["moldclaw node install", "Install the node host service."],
-		["moldclaw node restart", "Restart the installed node host service."]
-	])}\n\n${theme.muted("Docs:")} ${formatDocsLink("/cli/node", "docs.moldclaw.ai/cli/node")}\n`);
-	node.command("run").description("Run the headless node host (foreground)").option("--host <host>", "Gateway host").option("--port <port>", "Gateway port").option("--tls", "Use TLS for the gateway connection", false).option("--tls-fingerprint <sha256>", "Expected TLS certificate fingerprint (sha256)").option("--node-id <id>", "Override node id (clears pairing token)").option("--display-name <name>", "Override node display name").action(async (opts) => {
-		const existing = await loadNodeHostConfig();
-		await runNodeHost({
-			gatewayHost: opts.host?.trim() || existing?.gateway?.host || "127.0.0.1",
-			gatewayPort: parsePortWithFallback(opts.port, existing?.gateway?.port ?? 28789),
-			gatewayTls: Boolean(opts.tls) || Boolean(opts.tlsFingerprint),
-			gatewayTlsFingerprint: opts.tlsFingerprint,
-			nodeId: opts.nodeId,
-			displayName: opts.displayName
-		});
-	});
-	node.command("status").description("Show node host status").option("--json", "Output JSON", false).action(async (opts) => {
-		await runNodeDaemonStatus(opts);
-	});
-	node.command("install").description("Install the node host service (launchd/systemd/schtasks)").option("--host <host>", "Gateway host").option("--port <port>", "Gateway port").option("--tls", "Use TLS for the gateway connection", false).option("--tls-fingerprint <sha256>", "Expected TLS certificate fingerprint (sha256)").option("--node-id <id>", "Override node id (clears pairing token)").option("--display-name <name>", "Override node display name").option("--runtime <runtime>", "Service runtime (node|bun). Default: node").option("--force", "Reinstall/overwrite if already installed", false).option("--json", "Output JSON", false).action(async (opts) => {
-		await runNodeDaemonInstall(opts);
-	});
-	node.command("uninstall").description("Uninstall the node host service (launchd/systemd/schtasks)").option("--json", "Output JSON", false).action(async (opts) => {
-		await runNodeDaemonUninstall(opts);
-	});
-	node.command("stop").description("Stop the node host service (launchd/systemd/schtasks)").option("--json", "Output JSON", false).action(async (opts) => {
-		await runNodeDaemonStop(opts);
-	});
-	node.command("restart").description("Restart the node host service (launchd/systemd/schtasks)").option("--json", "Output JSON", false).action(async (opts) => {
-		await runNodeDaemonRestart(opts);
-	});
-}
-//#endregion
-export { registerNodeCli };