agenttop 1.0.0

package/dist/index.js

@@ -0,0 +1,1241 @@
+#!/usr/bin/env node
+
+// src/index.tsx
+import React3 from "react";
+import { render } from "ink";
+
+// src/discovery/sessions.ts
+import { readdirSync as readdirSync2, readFileSync, statSync, openSync, readSync, closeSync } from "fs";
+import { join as join2, basename } from "path";
+import { execSync } from "child_process";
+
+// src/config.ts
+import { realpathSync, readdirSync } from "fs";
+import { homedir, platform } from "os";
+import { join } from "path";
+var resolvePath = (p) => {
+  try {
+    return realpathSync(p);
+  } catch {
+    return p;
+  }
+};
+var getUid = () => process.getuid?.() ?? 0;
+var isRoot = () => getUid() === 0;
+var getTmpDir = () => resolvePath(platform() === "darwin" ? "/private/tmp" : "/tmp");
+var getTaskDirs = (allUsers) => {
+  const tmp = getTmpDir();
+  const uid = getUid();
+  if (allUsers && isRoot()) {
+    try {
+      return readdirSync(tmp).filter((d) => d.startsWith("claude-")).filter((d) => !d.endsWith("-cwd")).map((d) => join(tmp, d));
+    } catch {
+      return [join(tmp, `claude-${uid}`)];
+    }
+  }
+  return [join(tmp, `claude-${uid}`)];
+};
+
+// src/discovery/sessions.ts
+var getClaudeProcesses = () => {
+  try {
+    const output = execSync("ps aux", { encoding: "utf-8", timeout: 5e3 });
+    return output.split("\n").filter((line) => line.includes("claude") && !line.includes("grep") && !line.includes("agenttop")).map((line) => {
+      const parts = line.trim().split(/\s+/);
+      return {
+        pid: parseInt(parts[1], 10),
+        cpu: parseFloat(parts[2]) || 0,
+        mem: parseFloat(parts[3]) || 0,
+        memKB: parseInt(parts[5], 10) || 0,
+        startTime: parts[8] || "",
+        command: parts.slice(10).join(" ")
+      };
+    }).filter((p) => !isNaN(p.pid));
+  } catch {
+    return [];
+  }
+};
+var readFirstEvent = (filePath) => {
+  try {
+    const fd = openSync(filePath, "r");
+    const buf = Buffer.alloc(16384);
+    const bytesRead = readSync(fd, buf, 0, 16384, 0);
+    closeSync(fd);
+    const line = buf.subarray(0, bytesRead).toString("utf-8").split("\n")[0];
+    if (!line) return null;
+    return JSON.parse(line);
+  } catch {
+    return null;
+  }
+};
+var readLastLines = (filePath, count) => {
+  try {
+    const content = readFileSync(filePath, "utf-8");
+    const lines = content.trim().split("\n");
+    const last = lines.slice(-count);
+    return last.map((line) => {
+      try {
+        return JSON.parse(line);
+      } catch {
+        return null;
+      }
+    }).filter((e) => e !== null);
+  } catch {
+    return [];
+  }
+};
+var discoverSessions = (allUsers) => {
+  const taskDirs = getTaskDirs(allUsers);
+  const processes = getClaudeProcesses();
+  const sessionMap = /* @__PURE__ */ new Map();
+  for (const taskDir of taskDirs) {
+    let projectDirs;
+    try {
+      projectDirs = readdirSync2(taskDir);
+    } catch {
+      continue;
+    }
+    for (const projectName of projectDirs) {
+      const projectPath = join2(taskDir, projectName);
+      let stat;
+      try {
+        stat = statSync(projectPath);
+      } catch {
+        continue;
+      }
+      if (!stat.isDirectory()) continue;
+      const tasksDir = join2(projectPath, "tasks");
+      let outputFiles;
+      try {
+        outputFiles = readdirSync2(tasksDir).filter((f) => f.endsWith(".output")).map((f) => join2(tasksDir, f));
+      } catch {
+        continue;
+      }
+      if (outputFiles.length === 0) continue;
+      const agentIds = [];
+      let sessionId = "";
+      let slug = "";
+      let cwd = "";
+      let model = "";
+      let version = "";
+      let gitBranch = "";
+      let startTime = Infinity;
+      let lastActivity = 0;
+      for (const outputFile of outputFiles) {
+        const agentId = basename(outputFile, ".output");
+        agentIds.push(agentId);
+        const firstEvent = readFirstEvent(outputFile);
+        if (firstEvent) {
+          if (!sessionId) sessionId = String(firstEvent.sessionId || "");
+          if (!slug) slug = String(firstEvent.slug || "");
+          if (!cwd) cwd = String(firstEvent.cwd || "");
+          if (!version) version = String(firstEvent.version || "");
+          if (!gitBranch) gitBranch = String(firstEvent.gitBranch || "");
+        }
+        try {
+          const fstat = statSync(outputFile);
+          const created = fstat.birthtimeMs || fstat.ctimeMs;
+          if (created < startTime) startTime = created;
+          if (fstat.mtimeMs > lastActivity) lastActivity = fstat.mtimeMs;
+        } catch {
+        }
+        const lastEvents = readLastLines(outputFile, 3);
+        for (const evt of lastEvents) {
+          if (!model && evt.type === "assistant") {
+            const content = evt.message?.content;
+            if (Array.isArray(content)) {
+              for (const block of content) {
+                if (typeof block === "object" && block !== null && "model" in block) {
+                  model = block.model;
+                }
+              }
+            }
+          }
+        }
+      }
+      if (!model) {
+        model = "unknown";
+      }
+      const matchingProcess = processes.find(
+        (p) => p.command.includes("claude") && p.command.includes(sessionId.slice(0, 8))
+      );
+      const session = {
+        sessionId,
+        slug: slug || sessionId.slice(0, 12),
+        project: projectName.replace(/-/g, "/"),
+        cwd,
+        model,
+        version,
+        gitBranch,
+        pid: matchingProcess?.pid ?? null,
+        cpu: matchingProcess?.cpu ?? 0,
+        mem: matchingProcess?.mem ?? 0,
+        memMB: matchingProcess ? Math.round(matchingProcess.memKB / 1024) : 0,
+        agentCount: agentIds.length,
+        agentIds,
+        outputFiles,
+        startTime: startTime === Infinity ? Date.now() : startTime,
+        lastActivity
+      };
+      sessionMap.set(sessionId || projectName, session);
+    }
+  }
+  return Array.from(sessionMap.values()).sort((a, b) => b.lastActivity - a.lastActivity);
+};
+
+// src/ingestion/watcher.ts
+import { watch } from "chokidar";
+
+// src/ingestion/tail.ts
+import { openSync as openSync2, readSync as readSync2, closeSync as closeSync2, statSync as statSync2 } from "fs";
+var FileTailer = class {
+  offsets = /* @__PURE__ */ new Map();
+  readNewLines(filePath) {
+    let currentSize;
+    try {
+      currentSize = statSync2(filePath).size;
+    } catch {
+      return [];
+    }
+    const lastOffset = this.offsets.get(filePath) ?? 0;
+    if (currentSize <= lastOffset) return [];
+    const bytesToRead = currentSize - lastOffset;
+    const buf = Buffer.alloc(bytesToRead);
+    let fd;
+    try {
+      fd = openSync2(filePath, "r");
+    } catch {
+      return [];
+    }
+    try {
+      readSync2(fd, buf, 0, bytesToRead, lastOffset);
+    } finally {
+      closeSync2(fd);
+    }
+    this.offsets.set(filePath, currentSize);
+    const text = buf.toString("utf-8");
+    const lines = text.split("\n").filter((l) => l.trim().length > 0);
+    return lines;
+  }
+  seekToEnd(filePath) {
+    try {
+      const size = statSync2(filePath).size;
+      this.offsets.set(filePath, size);
+    } catch {
+    }
+  }
+  reset(filePath) {
+    this.offsets.delete(filePath);
+  }
+  resetAll() {
+    this.offsets.clear();
+  }
+};
+
+// src/ingestion/parser.ts
+var parseLine = (line) => {
+  try {
+    return JSON.parse(line);
+  } catch {
+    return null;
+  }
+};
+var extractToolCalls = (event) => {
+  if (event.type !== "assistant") return [];
+  const content = event.message?.content;
+  if (!Array.isArray(content)) return [];
+  const calls = [];
+  for (const block of content) {
+    if (typeof block === "object" && block !== null && "type" in block && block.type === "tool_use") {
+      const toolBlock = block;
+      calls.push({
+        sessionId: event.sessionId,
+        agentId: event.agentId,
+        slug: event.slug || "",
+        timestamp: Date.now(),
+        toolName: toolBlock.name || "unknown",
+        toolInput: toolBlock.input || {},
+        cwd: event.cwd
+      });
+    }
+  }
+  return calls;
+};
+var extractToolResults = (event) => {
+  if (event.type !== "user") return [];
+  const content = event.message?.content;
+  if (!Array.isArray(content)) return [];
+  const results = [];
+  for (const block of content) {
+    if (typeof block === "object" && block !== null && "type" in block && block.type === "tool_result") {
+      const resultBlock = block;
+      const resultContent = resultBlock.content;
+      let text = "";
+      if (typeof resultContent === "string") {
+        text = resultContent;
+      } else if (Array.isArray(resultContent)) {
+        text = resultContent.map((c) => typeof c === "object" && c !== null ? c.text || "" : String(c)).join("\n");
+      }
+      results.push({
+        sessionId: event.sessionId,
+        agentId: event.agentId,
+        slug: event.slug || "",
+        timestamp: Date.now(),
+        toolUseId: String(resultBlock.tool_use_id || ""),
+        content: text,
+        isError: Boolean(resultBlock.is_error),
+        cwd: event.cwd
+      });
+    }
+  }
+  return results;
+};
+var parseLines = (lines) => {
+  const calls = [];
+  for (const line of lines) {
+    const event = parseLine(line);
+    if (event) {
+      calls.push(...extractToolCalls(event));
+    }
+  }
+  return calls;
+};
+var parseAllEvents = (lines) => {
+  const events = [];
+  for (const line of lines) {
+    const event = parseLine(line);
+    if (event) {
+      events.push(...extractToolCalls(event));
+      events.push(...extractToolResults(event));
+    }
+  }
+  return events;
+};
+
+// src/ingestion/watcher.ts
+var Watcher = class {
+  watcher = null;
+  tailer = new FileTailer();
+  handler;
+  securityHandler;
+  allUsers;
+  knownFiles = /* @__PURE__ */ new Set();
+  constructor(handler, allUsers, securityHandler) {
+    this.handler = handler;
+    this.allUsers = allUsers;
+    this.securityHandler = securityHandler ?? null;
+  }
+  start() {
+    const taskDirs = getTaskDirs(this.allUsers);
+    const globs = taskDirs.map((d) => `${d}/**/tasks/*.output`);
+    this.watcher = watch(globs, {
+      persistent: true,
+      ignoreInitial: false,
+      awaitWriteFinish: false,
+      usePolling: false
+    });
+    this.watcher.on("add", (filePath) => {
+      if (this.knownFiles.has(filePath)) return;
+      this.knownFiles.add(filePath);
+      this.tailer.seekToEnd(filePath);
+    });
+    this.watcher.on("change", (filePath) => {
+      const lines = this.tailer.readNewLines(filePath);
+      if (lines.length === 0) return;
+      const calls = parseLines(lines);
+      if (calls.length > 0) {
+        this.handler(calls);
+      }
+      if (this.securityHandler) {
+        const allEvents = parseAllEvents(lines);
+        if (allEvents.length > 0) {
+          this.securityHandler(allEvents);
+        }
+      }
+    });
+  }
+  stop() {
+    this.watcher?.close();
+    this.watcher = null;
+    this.tailer.resetAll();
+    this.knownFiles.clear();
+  }
+  readExisting(filePath) {
+    this.tailer.reset(filePath);
+    const lines = this.tailer.readNewLines(filePath);
+    return parseLines(lines);
+  }
+};
+
+// src/discovery/types.ts
+var isToolResult = (event) => "toolUseId" in event;
+var isToolCall = (event) => "toolName" in event;
+
+// src/analysis/rules/network.ts
+var NETWORK_PATTERNS = [
+  /\bcurl\b/,
+  /\bwget\b/,
+  /\bfetch\s*\(/,
+  /\bnc\b/,
+  /\bnetcat\b/,
+  /\bpython3?\s+-m\s+http\.server\b/,
+  /\bncat\b/,
+  /\bsocat\b/,
+  /\btelnet\b/
+];
+var LOCALHOST = /\b(localhost|127\.0\.0\.1|0\.0\.0\.0|\[::1\])\b/;
+var checkNetwork = (call) => {
+  if (call.toolName !== "Bash") return null;
+  const command = String(call.toolInput.command || "");
+  const matched = NETWORK_PATTERNS.some((p) => p.test(command));
+  if (!matched) return null;
+  const isLocal = LOCALHOST.test(command);
+  const severity = isLocal ? "info" : "warn";
+  return {
+    id: `net-${call.timestamp}-${call.agentId}`,
+    severity,
+    rule: "network",
+    message: isLocal ? `Network command to localhost: ${command.slice(0, 80)}` : `Network command to external target: ${command.slice(0, 80)}`,
+    sessionSlug: call.slug,
+    sessionId: call.sessionId,
+    event: call,
+    timestamp: call.timestamp
+  };
+};
+
+// src/analysis/rules/exfiltration.ts
+var EXFIL_PATTERNS = [
+  /base64.*\|\s*(curl|wget|nc)/,
+  /cat\s+.*\|\s*(curl|wget|nc)/,
+  /(tar|zip|gzip).*\|\s*(curl|wget|nc)/,
+  /\bcurl\b.*-d\s*@/,
+  /\bcurl\b.*--data-binary/,
+  /\bscp\b/,
+  /\brsync\b.*[^/]@/,
+  />\s*\/dev\/tcp\//
+];
+var checkExfiltration = (call) => {
+  if (call.toolName !== "Bash") return null;
+  const command = String(call.toolInput.command || "");
+  const matched = EXFIL_PATTERNS.some((p) => p.test(command));
+  if (!matched) return null;
+  return {
+    id: `exfil-${call.timestamp}-${call.agentId}`,
+    severity: "high",
+    rule: "exfiltration",
+    message: `Potential data exfiltration: ${command.slice(0, 80)}`,
+    sessionSlug: call.slug,
+    sessionId: call.sessionId,
+    event: call,
+    timestamp: call.timestamp
+  };
+};
+
+// src/analysis/rules/sensitive-files.ts
+var SENSITIVE_PATTERNS = [
+  /\.env\b/,
+  /\.env\.\w+/,
+  /\.ssh\//,
+  /id_rsa/,
+  /id_ed25519/,
+  /\.pem$/,
+  /\.key$/,
+  /credentials/i,
+  /\/etc\/shadow/,
+  /\/etc\/passwd/,
+  /\.aws\/credentials/,
+  /\.kube\/config/,
+  /\.docker\/config\.json/,
+  /\.npmrc/,
+  /\.pypirc/,
+  /\.netrc/,
+  /secrets?\.\w+/i,
+  /token\.\w+/i
+];
+var TOOLS_THAT_READ = ["Read", "Bash", "Grep", "Glob"];
+var checkSensitiveFiles = (call) => {
+  if (!TOOLS_THAT_READ.includes(call.toolName)) return null;
+  const inputs = JSON.stringify(call.toolInput);
+  const matched = SENSITIVE_PATTERNS.some((p) => p.test(inputs));
+  if (!matched) return null;
+  const target = String(call.toolInput.file_path || call.toolInput.command || call.toolInput.pattern || "").slice(0, 60);
+  return {
+    id: `sens-${call.timestamp}-${call.agentId}`,
+    severity: "warn",
+    rule: "sensitive-files",
+    message: `Accessing sensitive file: ${target}`,
+    sessionSlug: call.slug,
+    sessionId: call.sessionId,
+    event: call,
+    timestamp: call.timestamp
+  };
+};
+
+// src/analysis/rules/shell-escape.ts
+var SHELL_PATTERNS = [
+  { pattern: /\beval\s*[("']/, severity: "high", label: "eval execution" },
+  { pattern: /\bchmod\s+777\b/, severity: "high", label: "chmod 777" },
+  { pattern: /\bchmod\s+\+s\b/, severity: "critical", label: "setuid chmod" },
+  { pattern: /\bsudo\b/, severity: "high", label: "sudo usage" },
+  { pattern: /\bsu\s+-?\s*\w/, severity: "high", label: "su usage" },
+  { pattern: />\s*\/etc\//, severity: "critical", label: "writing to /etc/" },
+  { pattern: />\s*\/usr\//, severity: "critical", label: "writing to /usr/" },
+  { pattern: /--privileged/, severity: "critical", label: "privileged flag" },
+  { pattern: /\brm\s+-rf\s+\/(?!\w)/, severity: "critical", label: "rm -rf /" },
+  { pattern: /\bdd\s+.*of=\/dev\//, severity: "critical", label: "dd to device" },
+  { pattern: /\bmkfs\b/, severity: "critical", label: "filesystem format" },
+  { pattern: /\biptables\b/, severity: "high", label: "firewall modification" }
+];
+var checkShellEscape = (call) => {
+  if (call.toolName !== "Bash") return null;
+  const command = String(call.toolInput.command || "");
+  for (const rule of SHELL_PATTERNS) {
+    if (rule.pattern.test(command)) {
+      return {
+        id: `shell-${call.timestamp}-${call.agentId}`,
+        severity: rule.severity,
+        rule: "shell-escape",
+        message: `${rule.label}: ${command.slice(0, 80)}`,
+        sessionSlug: call.slug,
+        sessionId: call.sessionId,
+        event: call,
+        timestamp: call.timestamp
+      };
+    }
+  }
+  return null;
+};
+
+// src/analysis/rules/injection.ts
+var INJECTION_PATTERNS = [
+  /ignore\s+(all\s+)?previous\s+instructions/i,
+  /ignore\s+(all\s+)?prior\s+instructions/i,
+  /disregard\s+(all\s+)?previous/i,
+  /you\s+are\s+now\s+/i,
+  /new\s+instructions?\s*:/i,
+  /system\s*:\s*you/i,
+  /\bdo\s+not\s+follow\s+(your|the)\s+(original|previous)/i,
+  /override\s+(your\s+)?(instructions|rules|guidelines)/i,
+  /forget\s+(your\s+)?(instructions|rules|guidelines)/i,
+  /act\s+as\s+(if\s+)?(you\s+are|a)\s+/i,
+  /pretend\s+(you\s+are|to\s+be)\s+/i,
+  /\bAI\s+assistant\b.*\bmust\b/i,
+  /\bhuman\s*:\s*/i,
+  /\bassistant\s*:\s*/i,
+  /<\s*system\s*>/i,
+  /\[\s*INST\s*\]/i,
+  /BEGIN\s+HIDDEN\s+INSTRUCTIONS/i
+];
+var ENCODED_PATTERNS = [
+  /aWdub3JlIHByZXZpb3Vz/,
+  // base64 "ignore previous"
+  /&#x[0-9a-f]+;/i,
+  // html hex entities
+  /&#\d+;/,
+  // html decimal entities
+  /\\u[0-9a-f]{4}/i
+  // unicode escapes
+];
+var checkInjection = (event) => {
+  if (isToolCall(event)) {
+    return checkToolCallInjection(event);
+  }
+  if (isToolResult(event)) {
+    return checkToolResultInjection(event);
+  }
+  return null;
+};
+var checkToolCallInjection = (call) => {
+  const inputs = JSON.stringify(call.toolInput);
+  const matched = INJECTION_PATTERNS.some((p) => p.test(inputs));
+  if (!matched) return null;
+  return {
+    id: `inject-call-${call.timestamp}-${call.agentId}`,
+    severity: "critical",
+    rule: "injection",
+    message: `Prompt injection in ${call.toolName} input`,
+    sessionSlug: call.slug,
+    sessionId: call.sessionId,
+    event: call,
+    timestamp: call.timestamp
+  };
+};
+var checkToolResultInjection = (result) => {
+  const content = result.content;
+  if (!content || content.length < 10) return null;
+  const textPatternMatch = INJECTION_PATTERNS.some((p) => p.test(content));
+  const encodedMatch = ENCODED_PATTERNS.some((p) => p.test(content));
+  if (!textPatternMatch && !encodedMatch) return null;
+  const matchedPattern = INJECTION_PATTERNS.find((p) => p.test(content));
+  const snippet = matchedPattern ? content.match(matchedPattern)?.[0]?.slice(0, 50) || "" : "encoded pattern";
+  return {
+    id: `inject-result-${result.timestamp}-${result.agentId}`,
+    severity: "critical",
+    rule: "injection-in-result",
+    message: `Prompt injection in tool result: "${snippet}"`,
+    sessionSlug: result.slug,
+    sessionId: result.sessionId,
+    event: result,
+    timestamp: result.timestamp
+  };
+};
+
+// src/analysis/security.ts
+var toolCallRules = [
+  checkNetwork,
+  checkExfiltration,
+  checkSensitiveFiles,
+  checkShellEscape
+];
+var allEventRules = [
+  checkInjection
+];
+var SEVERITY_ORDER = {
+  info: 0,
+  warn: 1,
+  high: 2,
+  critical: 3
+};
+var DEDUP_WINDOW_MS = 3e4;
+var SecurityEngine = class {
+  recentAlerts = /* @__PURE__ */ new Map();
+  minLevel;
+  constructor(minLevel = "warn") {
+    this.minLevel = minLevel;
+  }
+  analyze(call) {
+    return this.analyzeEvent(call);
+  }
+  analyzeResult(result) {
+    return this.analyzeEvent(result);
+  }
+  analyzeEvent(event) {
+    const alerts = [];
+    if (isToolCall(event)) {
+      for (const rule of toolCallRules) {
+        const alert = rule(event);
+        if (alert) alerts.push(alert);
+      }
+    }
+    for (const rule of allEventRules) {
+      const alert = rule(event);
+      if (alert) alerts.push(alert);
+    }
+    return alerts.filter((alert) => {
+      if (SEVERITY_ORDER[alert.severity] < SEVERITY_ORDER[this.minLevel]) return false;
+      const dedupKey = `${alert.rule}-${alert.sessionId}-${alert.message.slice(0, 40)}`;
+      const lastSeen = this.recentAlerts.get(dedupKey);
+      if (lastSeen && alert.timestamp - lastSeen < DEDUP_WINDOW_MS) return false;
+      this.recentAlerts.set(dedupKey, alert.timestamp);
+      return true;
+    });
+  }
+  pruneOldAlerts() {
+    const cutoff = Date.now() - DEDUP_WINDOW_MS * 2;
+    for (const [key, ts] of this.recentAlerts) {
+      if (ts < cutoff) this.recentAlerts.delete(key);
+    }
+  }
+};
+
+// src/ui/App.tsx
+import { useState as useState5 } from "react";
+import { Box as Box5, Text as Text5, useApp, useInput, useStdout } from "ink";
+
+// src/ui/components/StatusBar.tsx
+import { useState, useEffect } from "react";
+import { Box, Text } from "ink";
+
+// src/ui/theme.ts
+var colors = {
+  primary: "#61AFEF",
+  secondary: "#98C379",
+  accent: "#C678DD",
+  warning: "#E5C07B",
+  error: "#E06C75",
+  critical: "#FF0000",
+  muted: "#5C6370",
+  text: "#ABB2BF",
+  bright: "#FFFFFF",
+  border: "#3E4451",
+  selected: "#2C313A",
+  header: "#61AFEF"
+};
+var severityColors = {
+  info: colors.muted,
+  warn: colors.warning,
+  high: colors.error,
+  critical: colors.critical
+};
+var toolColors = {
+  Bash: colors.error,
+  Read: colors.secondary,
+  Write: colors.accent,
+  Edit: colors.accent,
+  Grep: colors.primary,
+  Glob: colors.primary,
+  Task: colors.warning,
+  WebFetch: colors.warning,
+  WebSearch: colors.warning
+};
+var getToolColor = (toolName) => toolColors[toolName] || colors.text;
+
+// src/ui/components/StatusBar.tsx
+import { jsx, jsxs } from "react/jsx-runtime";
+var StatusBar = ({ sessionCount, alertCount }) => {
+  const [time, setTime] = useState(/* @__PURE__ */ new Date());
+  useEffect(() => {
+    const interval = setInterval(() => setTime(/* @__PURE__ */ new Date()), 1e3);
+    return () => clearInterval(interval);
+  }, []);
+  const timeStr = time.toLocaleTimeString("en-GB", { hour12: false });
+  return /* @__PURE__ */ jsxs(Box, { borderStyle: "single", borderColor: colors.border, paddingX: 1, justifyContent: "space-between", children: [
+    /* @__PURE__ */ jsx(Text, { color: colors.header, bold: true, children: "agenttop v1.0.0" }),
+    /* @__PURE__ */ jsxs(Text, { color: colors.text, children: [
+      sessionCount,
+      " session",
+      sessionCount !== 1 ? "s" : ""
+    ] }),
+    alertCount > 0 && /* @__PURE__ */ jsxs(Text, { color: colors.error, bold: true, children: [
+      alertCount,
+      " alert",
+      alertCount !== 1 ? "s" : ""
+    ] }),
+    /* @__PURE__ */ jsx(Text, { color: colors.muted, children: timeStr })
+  ] });
+};
+
+// src/ui/components/SessionList.tsx
+import { Box as Box2, Text as Text2 } from "ink";
+import { jsx as jsx2, jsxs as jsxs2 } from "react/jsx-runtime";
+var formatModel = (model) => {
+  if (model.includes("opus")) return "opus";
+  if (model.includes("sonnet")) return "sonnet";
+  if (model.includes("haiku")) return "haiku";
+  return model.slice(0, 8);
+};
+var formatProject = (project) => {
+  const parts = project.split("/");
+  const last = parts[parts.length - 1] || project;
+  return last.length > 18 ? last.slice(0, 17) + "\u2026" : last;
+};
+var SessionList = ({ sessions, selectedIndex, focused }) => {
+  return /* @__PURE__ */ jsxs2(Box2, { flexDirection: "column", width: 28, borderStyle: "single", borderColor: focused ? colors.primary : colors.border, children: [
+    /* @__PURE__ */ jsx2(Box2, { paddingX: 1, children: /* @__PURE__ */ jsx2(Text2, { color: colors.header, bold: true, children: "SESSIONS" }) }),
+    sessions.length === 0 && /* @__PURE__ */ jsx2(Box2, { paddingX: 1, paddingY: 1, children: /* @__PURE__ */ jsx2(Text2, { color: colors.muted, italic: true, children: "No active sessions" }) }),
+    sessions.map((session, i) => {
+      const isSelected = i === selectedIndex;
+      const indicator = isSelected ? ">" : " ";
+      return /* @__PURE__ */ jsxs2(Box2, { flexDirection: "column", paddingX: 1, paddingY: 0, children: [
+        /* @__PURE__ */ jsxs2(
+          Text2,
+          {
+            color: isSelected ? colors.bright : colors.text,
+            bold: isSelected,
+            backgroundColor: isSelected ? colors.selected : void 0,
+            children: [
+              indicator,
+              " ",
+              session.slug
+            ]
+          }
+        ),
+        /* @__PURE__ */ jsxs2(Text2, { color: colors.muted, children: [
+          "  ",
+          formatProject(session.project),
+          " | ",
+          formatModel(session.model)
+        ] }),
+        /* @__PURE__ */ jsxs2(Text2, { color: colors.muted, children: [
+          "  ",
+          "CPU ",
+          session.cpu,
+          "% | ",
+          session.memMB,
+          "MB | ",
+          session.agentCount,
+          " ag"
+        ] })
+      ] }, session.sessionId);
+    })
+  ] });
+};
+
+// src/ui/components/ActivityFeed.tsx
+import { Box as Box3, Text as Text3 } from "ink";
+import { jsx as jsx3, jsxs as jsxs3 } from "react/jsx-runtime";
+var formatTime = (ts) => {
+  const d = new Date(ts);
+  return d.toLocaleTimeString("en-GB", { hour12: false });
+};
+var summarizeInput = (call) => {
+  const input = call.toolInput;
+  switch (call.toolName) {
+    case "Bash":
+      return String(input.command || "").slice(0, 50);
+    case "Read":
+      return String(input.file_path || "").split("/").slice(-2).join("/");
+    case "Write":
+      return String(input.file_path || "").split("/").slice(-2).join("/");
+    case "Edit":
+      return String(input.file_path || "").split("/").slice(-2).join("/");
+    case "Grep":
+      return `pattern="${String(input.pattern || "").slice(0, 30)}"`;
+    case "Glob":
+      return String(input.pattern || "").slice(0, 40);
+    case "Task":
+      return String(input.description || "").slice(0, 40);
+    case "WebFetch":
+    case "WebSearch":
+      return String(input.url || input.query || "").slice(0, 40);
+    default:
+      return JSON.stringify(input).slice(0, 40);
+  }
+};
+var ActivityFeed = ({ events, sessionSlug, focused, height }) => {
+  const visible = events.slice(-(height - 2));
+  return /* @__PURE__ */ jsxs3(
+    Box3,
+    {
+      flexDirection: "column",
+      flexGrow: 1,
+      borderStyle: "single",
+      borderColor: focused ? colors.primary : colors.border,
+      children: [
+        /* @__PURE__ */ jsxs3(Box3, { paddingX: 1, children: [
+          /* @__PURE__ */ jsx3(Text3, { color: colors.header, bold: true, children: "ACTIVITY" }),
+          sessionSlug && /* @__PURE__ */ jsxs3(Text3, { color: colors.muted, children: [
+            " (",
+            sessionSlug,
+            ")"
+          ] })
+        ] }),
+        visible.length === 0 && /* @__PURE__ */ jsx3(Box3, { paddingX: 1, paddingY: 1, children: /* @__PURE__ */ jsx3(Text3, { color: colors.muted, italic: true, children: sessionSlug ? "Waiting for activity..." : "Select a session" }) }),
+        visible.map((event, i) => /* @__PURE__ */ jsxs3(Box3, { paddingX: 1, children: [
+          /* @__PURE__ */ jsxs3(Text3, { color: colors.muted, children: [
+            formatTime(event.timestamp),
+            " "
+          ] }),
+          /* @__PURE__ */ jsx3(Text3, { color: getToolColor(event.toolName), bold: true, children: event.toolName.padEnd(8) }),
+          /* @__PURE__ */ jsxs3(Text3, { color: colors.text, children: [
+            " ",
+            summarizeInput(event)
+          ] })
+        ] }, `${event.timestamp}-${i}`))
+      ]
+    }
+  );
+};
+
+// src/ui/components/AlertBar.tsx
+import { Box as Box4, Text as Text4 } from "ink";
+import { jsx as jsx4, jsxs as jsxs4 } from "react/jsx-runtime";
+var formatTime2 = (ts) => {
+  const d = new Date(ts);
+  return d.toLocaleTimeString("en-GB", { hour12: false });
+};
+var severityIcon = {
+  info: "i",
+  warn: "!",
+  high: "!!",
+  critical: "!!!"
+};
+var AlertBar = ({ alerts, maxVisible = 4 }) => {
+  const visible = alerts.slice(-maxVisible);
+  return /* @__PURE__ */ jsxs4(
+    Box4,
+    {
+      flexDirection: "column",
+      borderStyle: "single",
+      borderColor: alerts.length > 0 ? colors.error : colors.border,
+      children: [
+        /* @__PURE__ */ jsxs4(Box4, { paddingX: 1, children: [
+          /* @__PURE__ */ jsx4(Text4, { color: colors.error, bold: true, children: "ALERTS" }),
+          alerts.length === 0 && /* @__PURE__ */ jsx4(Text4, { color: colors.muted, children: " (none)" })
+        ] }),
+        visible.map((alert, i) => /* @__PURE__ */ jsxs4(Box4, { paddingX: 1, children: [
+          /* @__PURE__ */ jsxs4(Text4, { color: severityColors[alert.severity] || colors.text, children: [
+            "[",
+            severityIcon[alert.severity] || "?",
+            "]"
+          ] }),
+          /* @__PURE__ */ jsxs4(Text4, { color: colors.muted, children: [
+            " ",
+            formatTime2(alert.timestamp),
+            " "
+          ] }),
+          /* @__PURE__ */ jsxs4(Text4, { color: colors.warning, children: [
+            alert.sessionSlug,
+            ": "
+          ] }),
+          /* @__PURE__ */ jsx4(Text4, { color: colors.text, children: alert.message.slice(0, 60) })
+        ] }, alert.id || i))
+      ]
+    }
+  );
+};
+
+// src/ui/hooks/useSessions.ts
+import { useState as useState2, useEffect as useEffect2, useCallback } from "react";
+var useSessions = (allUsers, pollMs = 5e3) => {
+  const [sessions, setSessions] = useState2([]);
+  const [selectedIndex, setSelectedIndex] = useState2(0);
+  const refresh = useCallback(() => {
+    const found = discoverSessions(allUsers);
+    setSessions(found);
+  }, [allUsers]);
+  useEffect2(() => {
+    refresh();
+    const interval = setInterval(refresh, pollMs);
+    return () => clearInterval(interval);
+  }, [refresh, pollMs]);
+  const selectedSession = sessions[selectedIndex] ?? null;
+  const selectNext = useCallback(() => {
+    setSelectedIndex((i) => Math.min(i + 1, sessions.length - 1));
+  }, [sessions.length]);
+  const selectPrev = useCallback(() => {
+    setSelectedIndex((i) => Math.max(i - 1, 0));
+  }, []);
+  const selectIndex = useCallback((i) => {
+    setSelectedIndex(i);
+  }, []);
+  return { sessions, selectedSession, selectedIndex, selectNext, selectPrev, selectIndex, refresh };
+};
+
+// src/ui/hooks/useActivityStream.ts
+import { useState as useState3, useEffect as useEffect3, useRef } from "react";
+var MAX_EVENTS = 200;
+var useActivityStream = (session, allUsers) => {
+  const [events, setEvents] = useState3([]);
+  const watcherRef = useRef(null);
+  useEffect3(() => {
+    setEvents([]);
+    if (!session) return;
+    const existingCalls = [];
+    const tempWatcher = new Watcher(() => {
+    }, allUsers);
+    for (const file of session.outputFiles) {
+      existingCalls.push(...tempWatcher.readExisting(file));
+    }
+    setEvents(existingCalls.slice(-MAX_EVENTS));
+    const handler = (calls) => {
+      const sessionCalls = calls.filter((c) => c.sessionId === session.sessionId);
+      if (sessionCalls.length === 0) return;
+      setEvents((prev) => [...prev, ...sessionCalls].slice(-MAX_EVENTS));
+    };
+    const watcher = new Watcher(handler, allUsers);
+    watcherRef.current = watcher;
+    watcher.start();
+    return () => {
+      watcher.stop();
+      watcherRef.current = null;
+    };
+  }, [session?.sessionId, allUsers]);
+  return events;
+};
+
+// src/ui/hooks/useAlerts.ts
+import { useState as useState4, useEffect as useEffect4, useRef as useRef2 } from "react";
+var MAX_ALERTS = 100;
+var useAlerts = (enabled, alertLevel, allUsers) => {
+  const [alerts, setAlerts] = useState4([]);
+  const engineRef = useRef2(new SecurityEngine(alertLevel));
+  const watcherRef = useRef2(null);
+  useEffect4(() => {
+    if (!enabled) return;
+    engineRef.current = new SecurityEngine(alertLevel);
+    const securityHandler = (events) => {
+      const newAlerts = [];
+      for (const event of events) {
+        newAlerts.push(...engineRef.current.analyzeEvent(event));
+      }
+      if (newAlerts.length > 0) {
+        setAlerts((prev) => [...prev, ...newAlerts].slice(-MAX_ALERTS));
+      }
+    };
+    const watcher = new Watcher(() => {
+    }, allUsers, securityHandler);
+    watcherRef.current = watcher;
+    watcher.start();
+    return () => {
+      watcher.stop();
+      watcherRef.current = null;
+    };
+  }, [enabled, alertLevel, allUsers]);
+  const clearAlerts = () => setAlerts([]);
+  return { alerts, clearAlerts };
+};
+
+// src/ui/App.tsx
+import { jsx as jsx5, jsxs as jsxs5 } from "react/jsx-runtime";
+var App = ({ options }) => {
+  const { exit } = useApp();
+  const { stdout } = useStdout();
+  const termHeight = stdout?.rows ?? 40;
+  const [activePanel, setActivePanel] = useState5("sessions");
+  const { sessions, selectedSession, selectedIndex, selectNext, selectPrev } = useSessions(options.allUsers);
+  const events = useActivityStream(selectedSession, options.allUsers);
+  const { alerts } = useAlerts(!options.noSecurity, options.alertLevel, options.allUsers);
+  useInput((input, key) => {
+    if (input === "q") {
+      exit();
+      return;
+    }
+    if (key.tab) {
+      setActivePanel((p) => p === "sessions" ? "activity" : "sessions");
+      return;
+    }
+    if (activePanel === "sessions") {
+      if (input === "j" || key.downArrow) selectNext();
+      if (input === "k" || key.upArrow) selectPrev();
+    }
+  });
+  const alertHeight = options.noSecurity ? 0 : 6;
+  const statusHeight = 3;
+  const footerHeight = 1;
+  const mainHeight = termHeight - statusHeight - alertHeight - footerHeight;
+  return /* @__PURE__ */ jsxs5(Box5, { flexDirection: "column", height: termHeight, children: [
+    /* @__PURE__ */ jsx5(StatusBar, { sessionCount: sessions.length, alertCount: alerts.length }),
+    /* @__PURE__ */ jsxs5(Box5, { flexGrow: 1, height: mainHeight, children: [
+      /* @__PURE__ */ jsx5(
+        SessionList,
+        {
+          sessions,
+          selectedIndex,
+          focused: activePanel === "sessions"
+        }
+      ),
+      /* @__PURE__ */ jsx5(
+        ActivityFeed,
+        {
+          events,
+          sessionSlug: selectedSession?.slug ?? null,
+          focused: activePanel === "activity",
+          height: mainHeight
+        }
+      )
+    ] }),
+    !options.noSecurity && /* @__PURE__ */ jsx5(AlertBar, { alerts }),
+    /* @__PURE__ */ jsxs5(Box5, { paddingX: 1, children: [
+      /* @__PURE__ */ jsx5(Box5, { marginRight: 2, children: /* @__PURE__ */ jsx5(Text5, { color: "#5C6370", children: "q:quit" }) }),
+      /* @__PURE__ */ jsx5(Box5, { marginRight: 2, children: /* @__PURE__ */ jsx5(Text5, { color: "#5C6370", children: "j/k:nav" }) }),
+      /* @__PURE__ */ jsx5(Box5, { marginRight: 2, children: /* @__PURE__ */ jsx5(Text5, { color: "#5C6370", children: "tab:panel" }) })
+    ] })
+  ] });
+};
+
+// src/hooks/installer.ts
+import { existsSync, readFileSync as readFileSync2, writeFileSync, copyFileSync, mkdirSync, chmodSync } from "fs";
+import { join as join3, dirname } from "path";
+import { homedir as homedir2 } from "os";
+import { fileURLToPath } from "url";
+var HOOK_FILENAME = "agenttop-guard.py";
+var SETTINGS_PATH = join3(homedir2(), ".claude", "settings.json");
+var getHookSource = () => {
+  const thisFile = fileURLToPath(import.meta.url);
+  const srcHooksDir = join3(dirname(thisFile), "..", "src", "hooks");
+  const distHooksDir = join3(dirname(thisFile), "hooks");
+  for (const dir of [distHooksDir, srcHooksDir]) {
+    const path = join3(dir, HOOK_FILENAME);
+    if (existsSync(path)) return path;
+  }
+  const npmGlobalPath = join3(dirname(thisFile), "..", "hooks", HOOK_FILENAME);
+  if (existsSync(npmGlobalPath)) return npmGlobalPath;
+  throw new Error(`cannot find ${HOOK_FILENAME} \u2014 is agenttop installed correctly?`);
+};
+var getHookTarget = () => {
+  const claudeHooksDir = join3(homedir2(), ".claude", "hooks");
+  mkdirSync(claudeHooksDir, { recursive: true });
+  return join3(claudeHooksDir, HOOK_FILENAME);
+};
+var readSettings = () => {
+  if (!existsSync(SETTINGS_PATH)) {
+    return {};
+  }
+  try {
+    return JSON.parse(readFileSync2(SETTINGS_PATH, "utf-8"));
+  } catch {
+    return {};
+  }
+};
+var writeSettings = (settings) => {
+  mkdirSync(dirname(SETTINGS_PATH), { recursive: true });
+  writeFileSync(SETTINGS_PATH, JSON.stringify(settings, null, 2) + "\n");
+};
+var installHooks = () => {
+  const source = getHookSource();
+  const target = getHookTarget();
+  copyFileSync(source, target);
+  chmodSync(target, 493);
+  const settings = readSettings();
+  const hooks = settings.hooks ?? {};
+  const postToolUse = hooks.PostToolUse ?? [];
+  const hookCommand = target;
+  const allToolsMatcher = postToolUse.find(
+    (entry) => entry.matcher === "Bash|Read|Grep|Glob|WebFetch|WebSearch"
+  );
+  if (allToolsMatcher) {
+    const alreadyInstalled = allToolsMatcher.hooks.some(
+      (h) => h.command.includes("agenttop-guard")
+    );
+    if (alreadyInstalled) {
+      process.stdout.write("agenttop hooks already installed\n");
+      return;
+    }
+    allToolsMatcher.hooks.push({ type: "command", command: hookCommand });
+  } else {
+    postToolUse.push({
+      matcher: "Bash|Read|Grep|Glob|WebFetch|WebSearch",
+      hooks: [{ type: "command", command: hookCommand }]
+    });
+  }
+  hooks.PostToolUse = postToolUse;
+  settings.hooks = hooks;
+  writeSettings(settings);
+  process.stdout.write(`agenttop hooks installed:
+`);
+  process.stdout.write(`  hook: ${target}
+`);
+  process.stdout.write(`  settings: ${SETTINGS_PATH}
+`);
+  process.stdout.write(`  matcher: PostToolUse (Bash|Read|Grep|Glob|WebFetch|WebSearch)
+`);
+};
+var uninstallHooks = () => {
+  const settings = readSettings();
+  const hooks = settings.hooks ?? {};
+  const postToolUse = hooks.PostToolUse ?? [];
+  let removed = false;
+  for (const entry of postToolUse) {
+    const before = entry.hooks.length;
+    entry.hooks = entry.hooks.filter((h) => !h.command.includes("agenttop-guard"));
+    if (entry.hooks.length < before) removed = true;
+  }
+  hooks.PostToolUse = postToolUse.filter((e) => e.hooks.length > 0);
+  settings.hooks = hooks;
+  writeSettings(settings);
+  if (removed) {
+    process.stdout.write("agenttop hooks removed from Claude Code settings\n");
+  } else {
+    process.stdout.write("agenttop hooks were not installed\n");
+  }
+};
+
+// src/index.tsx
+var VERSION = "1.0.0";
+var HELP = `agenttop v${VERSION} -- Real-time dashboard for AI coding agent sessions
+
+Usage: agenttop [options]
+
+Options:
+  --all-users         Monitor all users (root only)
+  --no-security       Disable security analysis
+  --json              Stream events as JSON (no TUI)
+  --alert-level <l>   Minimum: info|warn|high|critical (default: warn)
+  --install-hooks     Install Claude Code PostToolUse hook for active protection
+  --uninstall-hooks   Remove agenttop hooks from Claude Code
+  --version           Show version
+  --help              Show this help
+`;
+var write = (msg) => {
+  process.stdout.write(msg + "\n");
+};
+var parseArgs = (argv) => {
+  const args = argv.slice(2);
+  const options = {
+    allUsers: false,
+    noSecurity: false,
+    json: false,
+    alertLevel: "warn",
+    installHooks: false,
+    uninstallHooks: false,
+    help: false,
+    version: false
+  };
+  for (let i = 0; i < args.length; i++) {
+    switch (args[i]) {
+      case "--all-users":
+        options.allUsers = true;
+        break;
+      case "--no-security":
+        options.noSecurity = true;
+        break;
+      case "--json":
+        options.json = true;
+        break;
+      case "--alert-level":
+        i++;
+        if (["info", "warn", "high", "critical"].includes(args[i])) {
+          options.alertLevel = args[i];
+        }
+        break;
+      case "--install-hooks":
+        options.installHooks = true;
+        break;
+      case "--uninstall-hooks":
+        options.uninstallHooks = true;
+        break;
+      case "--version":
+        options.version = true;
+        break;
+      case "--help":
+        options.help = true;
+        break;
+    }
+  }
+  return options;
+};
+var runJsonMode = (options) => {
+  const engine = options.noSecurity ? null : new SecurityEngine(options.alertLevel);
+  const sessions = discoverSessions(options.allUsers);
+  write(JSON.stringify({ type: "sessions", data: sessions }));
+  const handler = (calls) => {
+    for (const call of calls) {
+      write(JSON.stringify({ type: "tool_call", data: call }));
+    }
+  };
+  const securityHandler = engine ? (events) => {
+    for (const event of events) {
+      const alerts = engine.analyzeEvent(event);
+      for (const alert of alerts) {
+        write(JSON.stringify({ type: "alert", data: alert }));
+      }
+    }
+  } : void 0;
+  const watcher = new Watcher(handler, options.allUsers, securityHandler);
+  watcher.start();
+  process.on("SIGINT", () => {
+    watcher.stop();
+    process.exit(0);
+  });
+  process.on("SIGTERM", () => {
+    watcher.stop();
+    process.exit(0);
+  });
+};
+var main = () => {
+  const options = parseArgs(process.argv);
+  if (options.version) {
+    write(`agenttop v${VERSION}`);
+    process.exit(0);
+  }
+  if (options.help) {
+    write(HELP);
+    process.exit(0);
+  }
+  if (options.installHooks) {
+    installHooks();
+    process.exit(0);
+  }
+  if (options.uninstallHooks) {
+    uninstallHooks();
+    process.exit(0);
+  }
+  if (options.json) {
+    runJsonMode(options);
+    return;
+  }
+  render(React3.createElement(App, { options }));
+};
+main();
+//# sourceMappingURL=index.js.map