bashbros 0.1.0

package/dist/chunk-43W3RVEL.js

@@ -0,0 +1,2910 @@
+#!/usr/bin/env node
+import {
+  AuditLogger
+} from "./chunk-SG752FZC.js";
+import {
+  OllamaClient
+} from "./chunk-DLP2O6PN.js";
+import {
+  loadConfig
+} from "./chunk-SB4JS3GU.js";
+import {
+  PolicyEngine
+} from "./chunk-GD5VNHIN.js";
+import {
+  __require
+} from "./chunk-7OCVIDC7.js";
+
+// src/integration/bashgym.ts
+import { existsSync, mkdirSync, writeFileSync, readFileSync, watch } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+import { EventEmitter } from "events";
+var DEFAULT_SETTINGS = {
+  version: "1.0",
+  updated_at: null,
+  updated_by: null,
+  integration: {
+    enabled: false,
+    linked_at: null
+  },
+  capture: {
+    mode: "successful_only",
+    auto_stream: true
+  },
+  training: {
+    auto_enabled: false,
+    quality_threshold: 50,
+    trigger: "quality_based"
+  },
+  security: {
+    bashbros_primary: true,
+    policy_path: null
+  },
+  model_sync: {
+    auto_export_ollama: true,
+    ollama_model_name: "bashgym-sidekick",
+    notify_on_update: true
+  }
+};
+var BashgymIntegration = class extends EventEmitter {
+  integrationDir;
+  settings = null;
+  manifest = null;
+  settingsWatcher = null;
+  modelWatcher = null;
+  sessionId;
+  traceBuffer = [];
+  securityEvents = [];
+  currentPrompt = "";
+  // Directory paths
+  tracesDir;
+  pendingDir;
+  modelsDir;
+  configDir;
+  statusDir;
+  constructor(integrationDir) {
+    super();
+    this.integrationDir = integrationDir || join(homedir(), ".bashgym", "integration");
+    this.tracesDir = join(this.integrationDir, "traces");
+    this.pendingDir = join(this.tracesDir, "pending");
+    this.modelsDir = join(this.integrationDir, "models");
+    this.configDir = join(this.integrationDir, "config");
+    this.statusDir = join(this.integrationDir, "status");
+    this.sessionId = `bashbros-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+  }
+  /**
+   * Initialize the integration
+   */
+  async initialize() {
+    if (!existsSync(this.integrationDir)) {
+      return false;
+    }
+    this.settings = this.loadSettings();
+    if (!this.settings?.integration.enabled) {
+      return false;
+    }
+    this.manifest = this.loadManifest();
+    this.startWatching();
+    this.updateStatus();
+    this.emit("connected");
+    return true;
+  }
+  /**
+   * Check if bashgym is available
+   */
+  isAvailable() {
+    return existsSync(this.integrationDir) && existsSync(this.configDir);
+  }
+  /**
+   * Check if integration is linked
+   */
+  isLinked() {
+    const settings = this.getSettings();
+    return !!(settings?.integration.enabled && settings.integration.linked_at !== null);
+  }
+  // =========================================================================
+  // Settings Management
+  // =========================================================================
+  getSettings() {
+    if (!this.settings) {
+      this.settings = this.loadSettings();
+    }
+    return this.settings;
+  }
+  loadSettings() {
+    const settingsPath = join(this.configDir, "settings.json");
+    if (!existsSync(settingsPath)) {
+      return null;
+    }
+    try {
+      const content = readFileSync(settingsPath, "utf-8");
+      return JSON.parse(content);
+    } catch {
+      return null;
+    }
+  }
+  updateSettings(updates) {
+    const current = this.getSettings() || { ...DEFAULT_SETTINGS };
+    const updated = {
+      ...current,
+      ...updates,
+      updated_at: (/* @__PURE__ */ new Date()).toISOString(),
+      updated_by: "bashbros"
+    };
+    const settingsPath = join(this.configDir, "settings.json");
+    writeFileSync(settingsPath, JSON.stringify(updated, null, 2));
+    this.settings = updated;
+    this.emit("settings:changed", updated);
+  }
+  // =========================================================================
+  // Trace Export
+  // =========================================================================
+  /**
+   * Start a new trace session
+   */
+  startSession(prompt) {
+    this.currentPrompt = prompt;
+    this.traceBuffer = [];
+    this.securityEvents = [];
+  }
+  /**
+   * Add a step to the current trace
+   */
+  addStep(step) {
+    this.traceBuffer.push({
+      ...step,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    });
+  }
+  /**
+   * Add a command result to the trace
+   */
+  addCommandResult(result) {
+    this.addStep({
+      tool_name: "Bash",
+      command: result.command,
+      output: result.output || "",
+      success: result.allowed && !result.error,
+      exit_code: result.exitCode,
+      cwd: process.cwd()
+    });
+    if (result.violations.length > 0) {
+      this.securityEvents.push({
+        type: "violation",
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        command: result.command,
+        violation: result.violations[0]
+      });
+    }
+  }
+  /**
+   * Add a file operation to the trace
+   */
+  addFileOperation(operation, path, success, output) {
+    this.addStep({
+      tool_name: operation,
+      command: path,
+      output: output || "",
+      success
+    });
+  }
+  /**
+   * End the session and export the trace
+   */
+  async endSession(verificationPassed = false) {
+    if (!this.currentPrompt || this.traceBuffer.length === 0) {
+      return null;
+    }
+    const settings = this.getSettings();
+    if (!settings?.integration.enabled) {
+      return null;
+    }
+    if (settings.capture.mode === "successful_only" && !verificationPassed) {
+      this.clearSession();
+      return null;
+    }
+    const traceData = {
+      version: "1.0",
+      metadata: {
+        user_initial_prompt: this.currentPrompt,
+        source_tool: "bashbros",
+        session_id: this.sessionId,
+        verification_passed: verificationPassed,
+        capture_mode: settings.capture.mode
+      },
+      trace: this.traceBuffer,
+      bashbros_extensions: {
+        security_events: this.securityEvents,
+        sidekick_annotations: {
+          teachable_moment: this.determineTeachableMoment(),
+          complexity: this.determineComplexity()
+        }
+      }
+    };
+    const filename = `${Date.now()}-${this.sessionId.slice(-8)}.json`;
+    const filepath = join(this.pendingDir, filename);
+    try {
+      if (!existsSync(this.pendingDir)) {
+        mkdirSync(this.pendingDir, { recursive: true });
+      }
+      writeFileSync(filepath, JSON.stringify(traceData, null, 2));
+      this.emit("trace:exported", filename);
+      this.clearSession();
+      return filename;
+    } catch (error) {
+      console.error("Failed to export trace:", error);
+      return null;
+    }
+  }
+  clearSession() {
+    this.currentPrompt = "";
+    this.traceBuffer = [];
+    this.securityEvents = [];
+    this.sessionId = `bashbros-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+  }
+  determineTeachableMoment() {
+    const hasMultipleSteps = this.traceBuffer.length >= 3;
+    const hasErrorRecovery = this.traceBuffer.some(
+      (s, i) => !s.success && i < this.traceBuffer.length - 1 && this.traceBuffer[i + 1].success
+    );
+    const toolNames = new Set(this.traceBuffer.map((s) => s.tool_name));
+    const hasDiverseTools = toolNames.size >= 2;
+    return hasMultipleSteps && (hasErrorRecovery || hasDiverseTools);
+  }
+  determineComplexity() {
+    const stepCount = this.traceBuffer.length;
+    const toolCount = new Set(this.traceBuffer.map((s) => s.tool_name)).size;
+    const hasErrors = this.traceBuffer.some((s) => !s.success);
+    if (stepCount <= 3 && toolCount <= 2 && !hasErrors) {
+      return "easy";
+    }
+    if (stepCount >= 10 || toolCount >= 4 || this.securityEvents.length > 0) {
+      return "hard";
+    }
+    return "medium";
+  }
+  // =========================================================================
+  // Model Management
+  // =========================================================================
+  /**
+   * Get current model version
+   */
+  getCurrentModelVersion() {
+    const manifest = this.loadManifest();
+    return manifest?.latest || null;
+  }
+  /**
+   * Get model manifest
+   */
+  getModelManifest() {
+    return this.manifest || this.loadManifest();
+  }
+  loadManifest() {
+    const manifestPath = join(this.modelsDir, "manifest.json");
+    if (!existsSync(manifestPath)) {
+      return null;
+    }
+    try {
+      const content = readFileSync(manifestPath, "utf-8");
+      return JSON.parse(content);
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Get path to latest GGUF model
+   */
+  getLatestModelPath() {
+    const latestPath = join(this.modelsDir, "latest", "sidekick.gguf");
+    if (existsSync(latestPath)) {
+      return latestPath;
+    }
+    return null;
+  }
+  /**
+   * Get Ollama model name for sidekick
+   */
+  getOllamaModelName() {
+    const settings = this.getSettings();
+    return settings?.model_sync.ollama_model_name || "bashgym-sidekick";
+  }
+  // =========================================================================
+  // File Watching
+  // =========================================================================
+  startWatching() {
+    const settingsPath = join(this.configDir, "settings.json");
+    if (existsSync(settingsPath)) {
+      try {
+        this.settingsWatcher = watch(settingsPath, (eventType) => {
+          if (eventType === "change") {
+            const newSettings = this.loadSettings();
+            if (newSettings) {
+              this.settings = newSettings;
+              this.emit("settings:changed", newSettings);
+            }
+          }
+        });
+      } catch {
+      }
+    }
+    const manifestPath = join(this.modelsDir, "manifest.json");
+    if (existsSync(manifestPath)) {
+      try {
+        this.modelWatcher = watch(manifestPath, (eventType) => {
+          if (eventType === "change") {
+            const oldVersion = this.manifest?.latest;
+            const newManifest = this.loadManifest();
+            if (newManifest && newManifest.latest !== oldVersion) {
+              this.manifest = newManifest;
+              this.emit("model:updated", newManifest.latest, newManifest);
+            }
+          }
+        });
+      } catch {
+      }
+    }
+  }
+  stopWatching() {
+    if (this.settingsWatcher) {
+      this.settingsWatcher.close();
+      this.settingsWatcher = null;
+    }
+    if (this.modelWatcher) {
+      this.modelWatcher.close();
+      this.modelWatcher = null;
+    }
+  }
+  // =========================================================================
+  // Status Management
+  // =========================================================================
+  updateStatus() {
+    const statusPath = join(this.statusDir, "bashbros.json");
+    const status = {
+      heartbeat: (/* @__PURE__ */ new Date()).toISOString(),
+      version: "1.0",
+      session_id: this.sessionId,
+      active: true
+    };
+    try {
+      if (!existsSync(this.statusDir)) {
+        mkdirSync(this.statusDir, { recursive: true });
+      }
+      writeFileSync(statusPath, JSON.stringify(status, null, 2));
+    } catch {
+    }
+  }
+  /**
+   * Check if bashgym is actively running
+   */
+  isBashgymRunning() {
+    const statusPath = join(this.statusDir, "bashgym.json");
+    if (!existsSync(statusPath)) {
+      return false;
+    }
+    try {
+      const content = readFileSync(statusPath, "utf-8");
+      const status = JSON.parse(content);
+      const heartbeat = new Date(status.heartbeat);
+      const age = Date.now() - heartbeat.getTime();
+      return age < 5 * 60 * 1e3;
+    } catch {
+      return false;
+    }
+  }
+  // =========================================================================
+  // Cleanup
+  // =========================================================================
+  dispose() {
+    this.stopWatching();
+    this.emit("disconnected");
+  }
+};
+var _integration = null;
+function getBashgymIntegration() {
+  if (!_integration) {
+    _integration = new BashgymIntegration();
+  }
+  return _integration;
+}
+function resetBashgymIntegration() {
+  if (_integration) {
+    _integration.dispose();
+  }
+  _integration = null;
+}
+
+// src/hooks/claude-code.ts
+import { existsSync as existsSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2, mkdirSync as mkdirSync2 } from "fs";
+import { join as join2 } from "path";
+import { homedir as homedir2 } from "os";
+var CLAUDE_SETTINGS_PATH = join2(homedir2(), ".claude", "settings.json");
+var CLAUDE_DIR = join2(homedir2(), ".claude");
+var BASHBROS_HOOK_MARKER = "# bashbros-managed";
+var ClaudeCodeHooks = class {
+  /**
+   * Check if Claude Code is installed
+   */
+  static isClaudeInstalled() {
+    return existsSync2(CLAUDE_DIR);
+  }
+  /**
+   * Load current Claude settings
+   */
+  static loadSettings() {
+    if (!existsSync2(CLAUDE_SETTINGS_PATH)) {
+      return {};
+    }
+    try {
+      const content = readFileSync2(CLAUDE_SETTINGS_PATH, "utf-8");
+      return JSON.parse(content);
+    } catch {
+      return {};
+    }
+  }
+  /**
+   * Save Claude settings
+   */
+  static saveSettings(settings) {
+    if (!existsSync2(CLAUDE_DIR)) {
+      mkdirSync2(CLAUDE_DIR, { recursive: true });
+    }
+    writeFileSync2(
+      CLAUDE_SETTINGS_PATH,
+      JSON.stringify(settings, null, 2),
+      "utf-8"
+    );
+  }
+  /**
+   * Install BashBros hooks into Claude Code
+   */
+  static install() {
+    if (!this.isClaudeInstalled()) {
+      return {
+        success: false,
+        message: "Claude Code not found. Install Claude Code first."
+      };
+    }
+    const settings = this.loadSettings();
+    if (!settings.hooks) {
+      settings.hooks = {};
+    }
+    if (this.isInstalled(settings)) {
+      return {
+        success: true,
+        message: "BashBros hooks already installed."
+      };
+    }
+    const preToolUseHook = {
+      matcher: "Bash",
+      hooks: [{
+        type: "command",
+        command: `bashbros gate "$TOOL_INPUT" ${BASHBROS_HOOK_MARKER}`
+      }]
+    };
+    const postToolUseHook = {
+      matcher: "Bash",
+      hooks: [{
+        type: "command",
+        command: `bashbros record "$TOOL_INPUT" "$TOOL_OUTPUT" ${BASHBROS_HOOK_MARKER}`
+      }]
+    };
+    const sessionEndHook = {
+      hooks: [{
+        type: "command",
+        command: `bashbros session-end ${BASHBROS_HOOK_MARKER}`
+      }]
+    };
+    settings.hooks.PreToolUse = [
+      ...settings.hooks.PreToolUse || [],
+      preToolUseHook
+    ];
+    settings.hooks.PostToolUse = [
+      ...settings.hooks.PostToolUse || [],
+      postToolUseHook
+    ];
+    settings.hooks.SessionEnd = [
+      ...settings.hooks.SessionEnd || [],
+      sessionEndHook
+    ];
+    this.saveSettings(settings);
+    return {
+      success: true,
+      message: "BashBros hooks installed successfully."
+    };
+  }
+  /**
+   * Uninstall BashBros hooks from Claude Code
+   */
+  static uninstall() {
+    if (!this.isClaudeInstalled()) {
+      return {
+        success: false,
+        message: "Claude Code not found."
+      };
+    }
+    const settings = this.loadSettings();
+    if (!settings.hooks) {
+      return {
+        success: true,
+        message: "No hooks to uninstall."
+      };
+    }
+    const filterHooks = (hooks) => {
+      if (!hooks) return [];
+      return hooks.filter(
+        (h) => !h.hooks.some((hook) => hook.command.includes(BASHBROS_HOOK_MARKER))
+      );
+    };
+    settings.hooks.PreToolUse = filterHooks(settings.hooks.PreToolUse);
+    settings.hooks.PostToolUse = filterHooks(settings.hooks.PostToolUse);
+    settings.hooks.SessionEnd = filterHooks(settings.hooks.SessionEnd);
+    if (settings.hooks.PreToolUse?.length === 0) delete settings.hooks.PreToolUse;
+    if (settings.hooks.PostToolUse?.length === 0) delete settings.hooks.PostToolUse;
+    if (settings.hooks.SessionEnd?.length === 0) delete settings.hooks.SessionEnd;
+    if (Object.keys(settings.hooks).length === 0) delete settings.hooks;
+    this.saveSettings(settings);
+    return {
+      success: true,
+      message: "BashBros hooks uninstalled successfully."
+    };
+  }
+  /**
+   * Check if BashBros hooks are installed
+   */
+  static isInstalled(settings) {
+    const s = settings || this.loadSettings();
+    if (!s.hooks) return false;
+    const hasMarker = (hooks) => {
+      if (!hooks) return false;
+      return hooks.some(
+        (h) => h.hooks.some((hook) => hook.command.includes(BASHBROS_HOOK_MARKER))
+      );
+    };
+    return hasMarker(s.hooks.PreToolUse) || hasMarker(s.hooks.PostToolUse) || hasMarker(s.hooks.SessionEnd);
+  }
+  /**
+   * Get hook status
+   */
+  static getStatus() {
+    const claudeInstalled = this.isClaudeInstalled();
+    const settings = claudeInstalled ? this.loadSettings() : {};
+    const hooksInstalled = this.isInstalled(settings);
+    const hooks = [];
+    if (settings.hooks?.PreToolUse) hooks.push("PreToolUse (gate)");
+    if (settings.hooks?.PostToolUse) hooks.push("PostToolUse (record)");
+    if (settings.hooks?.SessionEnd) hooks.push("SessionEnd (report)");
+    return {
+      claudeInstalled,
+      hooksInstalled,
+      hooks
+    };
+  }
+};
+async function gateCommand(command) {
+  const { PolicyEngine: PolicyEngine2 } = await import("./engine-PKLXW6OF.js");
+  const { RiskScorer } = await import("./risk-scorer-Y6KF2XCZ.js");
+  const { loadConfig: loadConfig2 } = await import("./config-CZMIGNPF.js");
+  const config = loadConfig2();
+  const engine = new PolicyEngine2(config);
+  const scorer = new RiskScorer();
+  const violations = engine.validate(command);
+  const risk = scorer.score(command);
+  if (violations.length > 0) {
+    return {
+      allowed: false,
+      reason: violations[0].message,
+      riskScore: risk.score
+    };
+  }
+  if (risk.level === "critical") {
+    return {
+      allowed: false,
+      reason: `Critical risk: ${risk.factors.join(", ")}`,
+      riskScore: risk.score
+    };
+  }
+  return {
+    allowed: true,
+    riskScore: risk.score
+  };
+}
+
+// src/core.ts
+import * as pty from "node-pty";
+import { EventEmitter as EventEmitter2 } from "events";
+var BashBros = class extends EventEmitter2 {
+  config;
+  policy;
+  audit;
+  ptyProcess = null;
+  shell;
+  pendingCommand = "";
+  commandStartTime = 0;
+  constructor(configPath) {
+    super();
+    this.config = loadConfig(configPath);
+    this.policy = new PolicyEngine(this.config);
+    this.audit = new AuditLogger(this.config.audit);
+    this.shell = process.platform === "win32" ? "powershell.exe" : "bash";
+  }
+  start() {
+    this.ptyProcess = pty.spawn(this.shell, [], {
+      name: "xterm-color",
+      cols: 80,
+      rows: 30,
+      cwd: process.cwd(),
+      env: process.env
+    });
+    this.ptyProcess.onData((data) => {
+      this.emit("output", data);
+    });
+    this.ptyProcess.onExit(({ exitCode }) => {
+      this.emit("exit", exitCode);
+    });
+  }
+  execute(command) {
+    const startTime = Date.now();
+    const violations = this.policy.validate(command);
+    if (violations.length > 0) {
+      const result2 = {
+        command,
+        allowed: false,
+        duration: Date.now() - startTime,
+        violations
+      };
+      this.audit.log({
+        timestamp: /* @__PURE__ */ new Date(),
+        command,
+        allowed: false,
+        violations,
+        duration: result2.duration,
+        agent: this.config.agent
+      });
+      this.emit("blocked", command, violations);
+      return result2;
+    }
+    this.commandStartTime = startTime;
+    this.pendingCommand = command;
+    if (this.ptyProcess) {
+      this.ptyProcess.write(command + "\r");
+    }
+    const result = {
+      command,
+      allowed: true,
+      duration: Date.now() - startTime,
+      violations: []
+    };
+    this.audit.log({
+      timestamp: /* @__PURE__ */ new Date(),
+      command,
+      allowed: true,
+      violations: [],
+      duration: result.duration,
+      agent: this.config.agent
+    });
+    this.emit("allowed", result);
+    return result;
+  }
+  validateOnly(command) {
+    return this.policy.validate(command);
+  }
+  isAllowed(command) {
+    return this.policy.isAllowed(command);
+  }
+  resize(cols, rows) {
+    if (this.ptyProcess) {
+      this.ptyProcess.resize(cols, rows);
+    }
+  }
+  write(data) {
+    if (this.ptyProcess) {
+      this.ptyProcess.write(data);
+    }
+  }
+  stop() {
+    if (this.ptyProcess) {
+      this.ptyProcess.kill();
+      this.ptyProcess = null;
+    }
+  }
+  getConfig() {
+    return this.config;
+  }
+};
+
+// src/bro/profiler.ts
+import { execFileSync } from "child_process";
+import { existsSync as existsSync3, readFileSync as readFileSync3, realpathSync } from "fs";
+import { homedir as homedir3, platform, arch, cpus, totalmem } from "os";
+import { join as join3 } from "path";
+var SAFE_VERSION_COMMANDS = {
+  python: ["--version"],
+  python3: ["--version"],
+  node: ["--version"],
+  rustc: ["--version"],
+  go: ["version"],
+  java: ["-version"],
+  ruby: ["--version"],
+  npm: ["--version"],
+  pnpm: ["--version"],
+  yarn: ["--version"],
+  pip: ["--version"],
+  pip3: ["--version"],
+  cargo: ["--version"],
+  brew: ["--version"],
+  git: ["--version"],
+  docker: ["--version"],
+  kubectl: ["version", "--client", "--short"],
+  aws: ["--version"],
+  gcloud: ["--version"],
+  ollama: ["--version"],
+  code: ["--version"],
+  cursor: ["--version"],
+  vim: ["--version"],
+  nvim: ["--version"],
+  nano: ["--version"],
+  emacs: ["--version"]
+};
+var SystemProfiler = class {
+  profile = null;
+  profilePath;
+  constructor() {
+    this.profilePath = join3(homedir3(), ".bashbros", "system-profile.json");
+  }
+  async scan() {
+    const profile = {
+      platform: platform(),
+      arch: arch(),
+      shell: this.detectShell(),
+      cpuCores: cpus().length,
+      memoryGB: Math.round(totalmem() / 1024 ** 3),
+      python: this.getVersionSafe("python") || this.getVersionSafe("python3"),
+      node: this.getVersionSafe("node"),
+      rust: this.getVersionSafe("rustc"),
+      go: this.getVersionSafe("go"),
+      java: this.getVersionSafe("java"),
+      ruby: this.getVersionSafe("ruby"),
+      npm: this.getVersionSafe("npm"),
+      pnpm: this.getVersionSafe("pnpm"),
+      yarn: this.getVersionSafe("yarn"),
+      pip: this.getVersionSafe("pip") || this.getVersionSafe("pip3"),
+      cargo: this.getVersionSafe("cargo"),
+      brew: this.getVersionSafe("brew"),
+      git: this.getVersionSafe("git"),
+      docker: this.getVersionSafe("docker"),
+      kubectl: this.getVersionSafe("kubectl"),
+      aws: this.getVersionSafe("aws"),
+      gcloud: this.getVersionSafe("gcloud"),
+      claude: this.commandExists("claude"),
+      clawdbot: this.commandExists("clawdbot"),
+      aider: this.commandExists("aider"),
+      ollama: this.getOllamaInfo(),
+      projectType: null,
+      projectDeps: [],
+      envVars: this.getEnvVarNames(),
+      commonCommands: [],
+      workingHours: null,
+      preferredEditor: this.detectEditor(),
+      timestamp: /* @__PURE__ */ new Date()
+    };
+    this.profile = profile;
+    this.save();
+    return profile;
+  }
+  scanProject(projectPath) {
+    let resolvedPath;
+    try {
+      resolvedPath = realpathSync(projectPath);
+    } catch {
+      resolvedPath = projectPath;
+    }
+    const updates = {
+      projectType: this.detectProjectType(resolvedPath),
+      projectDeps: this.detectDependencies(resolvedPath)
+    };
+    if (this.profile) {
+      this.profile = { ...this.profile, ...updates };
+      this.save();
+    }
+    return updates;
+  }
+  detectShell() {
+    if (platform() === "win32") {
+      return process.env.COMSPEC || "cmd.exe";
+    }
+    return process.env.SHELL || "/bin/bash";
+  }
+  /**
+   * SECURITY FIX: Use execFileSync with array args instead of string concatenation
+   */
+  getVersionSafe(cmd) {
+    const args = SAFE_VERSION_COMMANDS[cmd];
+    if (!args) {
+      return null;
+    }
+    try {
+      const output = execFileSync(cmd, args, {
+        encoding: "utf-8",
+        timeout: 5e3,
+        stdio: ["pipe", "pipe", "pipe"],
+        windowsHide: true
+      }).trim();
+      const version = this.parseVersion(output);
+      const path = this.getCommandPathSafe(cmd);
+      return { version, path };
+    } catch {
+      return null;
+    }
+  }
+  parseVersion(output) {
+    const match = output.match(/(\d+\.\d+(?:\.\d+)?(?:-[\w.]+)?)/i);
+    return match ? match[1] : output.split("\n")[0].slice(0, 50);
+  }
+  /**
+   * SECURITY FIX: Use execFileSync for which/where command
+   */
+  getCommandPathSafe(cmd) {
+    try {
+      const whichCmd = platform() === "win32" ? "where" : "which";
+      const result = execFileSync(whichCmd, [cmd], {
+        encoding: "utf-8",
+        timeout: 3e3,
+        stdio: ["pipe", "pipe", "pipe"],
+        windowsHide: true
+      }).trim().split("\n")[0];
+      return result;
+    } catch {
+      return cmd;
+    }
+  }
+  commandExists(cmd) {
+    try {
+      const whichCmd = platform() === "win32" ? "where" : "which";
+      execFileSync(whichCmd, [cmd], {
+        stdio: "pipe",
+        timeout: 3e3,
+        windowsHide: true
+      });
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  getOllamaInfo() {
+    try {
+      const version = execFileSync("ollama", ["--version"], {
+        encoding: "utf-8",
+        timeout: 5e3,
+        windowsHide: true
+      }).trim();
+      let models = [];
+      try {
+        const modelList = execFileSync("ollama", ["list"], {
+          encoding: "utf-8",
+          timeout: 1e4,
+          windowsHide: true
+        });
+        models = modelList.split("\n").slice(1).map((line) => line.split(/\s+/)[0]).filter(Boolean);
+      } catch {
+      }
+      return { version, models };
+    } catch {
+      return null;
+    }
+  }
+  getEnvVarNames() {
+    const safePatterns = [
+      /^PATH$/i,
+      /^HOME$/i,
+      /^USER$/i,
+      /^SHELL$/i,
+      /^TERM$/i,
+      /^LANG$/i,
+      /^NODE_VERSION$/i,
+      /^PYTHON.*VERSION$/i,
+      /^JAVA_HOME$/i,
+      /^GOPATH$/i,
+      /^EDITOR$/i,
+      /^VISUAL$/i
+    ];
+    return Object.keys(process.env).filter(
+      (key) => safePatterns.some((pattern) => pattern.test(key))
+    );
+  }
+  detectEditor() {
+    const editor = process.env.EDITOR || process.env.VISUAL;
+    if (editor) return editor;
+    const editors = ["code", "cursor", "vim", "nvim", "nano", "emacs"];
+    for (const ed of editors) {
+      if (this.commandExists(ed)) return ed;
+    }
+    return null;
+  }
+  detectProjectType(projectPath) {
+    const checks = [
+      ["package.json", "node"],
+      ["pyproject.toml", "python"],
+      ["requirements.txt", "python"],
+      ["Cargo.toml", "rust"],
+      ["go.mod", "go"],
+      ["pom.xml", "java"],
+      ["build.gradle", "java"],
+      ["Gemfile", "ruby"],
+      ["composer.json", "php"]
+    ];
+    for (const [file, type] of checks) {
+      const filePath = join3(projectPath, file);
+      if (existsSync3(filePath)) {
+        try {
+          const realPath = realpathSync(filePath);
+          if (realPath.startsWith(realpathSync(projectPath))) {
+            return type;
+          }
+        } catch {
+        }
+      }
+    }
+    return null;
+  }
+  detectDependencies(projectPath) {
+    const deps = [];
+    const pkgPath = join3(projectPath, "package.json");
+    if (existsSync3(pkgPath)) {
+      try {
+        const realPkgPath = realpathSync(pkgPath);
+        if (realPkgPath.startsWith(realpathSync(projectPath))) {
+          const pkg = JSON.parse(readFileSync3(realPkgPath, "utf-8"));
+          deps.push(...Object.keys(pkg.dependencies || {}));
+          deps.push(...Object.keys(pkg.devDependencies || {}));
+        }
+      } catch {
+      }
+    }
+    const reqPath = join3(projectPath, "requirements.txt");
+    if (existsSync3(reqPath)) {
+      try {
+        const realReqPath = realpathSync(reqPath);
+        if (realReqPath.startsWith(realpathSync(projectPath))) {
+          const reqs = readFileSync3(realReqPath, "utf-8");
+          const packages = reqs.split("\n").map((line) => line.split(/[=<>]/)[0].trim()).filter(Boolean);
+          deps.push(...packages);
+        }
+      } catch {
+      }
+    }
+    return deps.slice(0, 100);
+  }
+  load() {
+    if (existsSync3(this.profilePath)) {
+      try {
+        const data = readFileSync3(this.profilePath, "utf-8");
+        this.profile = JSON.parse(data);
+        return this.profile;
+      } catch {
+        return null;
+      }
+    }
+    return null;
+  }
+  save() {
+    try {
+      const { writeFileSync: writeFileSync4, mkdirSync: mkdirSync4, chmodSync } = __require("fs");
+      const dir = join3(homedir3(), ".bashbros");
+      if (!existsSync3(dir)) {
+        mkdirSync4(dir, { recursive: true, mode: 448 });
+      }
+      const filePath = this.profilePath;
+      writeFileSync4(filePath, JSON.stringify(this.profile, null, 2));
+      try {
+        chmodSync(filePath, 384);
+      } catch {
+      }
+    } catch {
+    }
+  }
+  get() {
+    return this.profile;
+  }
+  toContext() {
+    if (!this.profile) return "System profile not available.";
+    const p = this.profile;
+    const lines = [
+      `## System Context`,
+      `- Platform: ${p.platform} (${p.arch})`,
+      `- Shell: ${p.shell}`,
+      `- CPU: ${p.cpuCores} cores, RAM: ${p.memoryGB}GB`,
+      ""
+    ];
+    if (p.python) lines.push(`- Python: ${p.python.version}`);
+    if (p.node) lines.push(`- Node: ${p.node.version}`);
+    if (p.rust) lines.push(`- Rust: ${p.rust.version}`);
+    if (p.go) lines.push(`- Go: ${p.go.version}`);
+    if (p.git) lines.push(`- Git: ${p.git.version}`);
+    if (p.docker) lines.push(`- Docker: ${p.docker.version}`);
+    if (p.ollama) {
+      lines.push(`- Ollama: ${p.ollama.version}`);
+      if (p.ollama.models.length > 0) {
+        lines.push(`  Models: ${p.ollama.models.join(", ")}`);
+      }
+    }
+    if (p.projectType) {
+      lines.push("");
+      lines.push(`## Project: ${p.projectType}`);
+      if (p.projectDeps.length > 0) {
+        lines.push(`Dependencies: ${p.projectDeps.slice(0, 20).join(", ")}`);
+      }
+    }
+    return lines.join("\n");
+  }
+};
+
+// src/bro/router.ts
+var TaskRouter = class {
+  rules;
+  profile;
+  constructor(profile = null) {
+    this.profile = profile;
+    this.rules = this.buildDefaultRules();
+  }
+  buildDefaultRules() {
+    return [
+      // Simple file operations → Bash Bro
+      { pattern: /^ls\b/, route: "bro", reason: "Simple file listing" },
+      { pattern: /^cat\s+\S+$/, route: "bro", reason: "Simple file read" },
+      { pattern: /^head\b/, route: "bro", reason: "File head" },
+      { pattern: /^tail\b/, route: "bro", reason: "File tail" },
+      { pattern: /^wc\b/, route: "bro", reason: "Word count" },
+      { pattern: /^pwd$/, route: "bro", reason: "Print directory" },
+      { pattern: /^cd\s+/, route: "bro", reason: "Change directory" },
+      { pattern: /^mkdir\s+/, route: "bro", reason: "Create directory" },
+      { pattern: /^touch\s+/, route: "bro", reason: "Create file" },
+      { pattern: /^cp\s+/, route: "bro", reason: "Copy file" },
+      { pattern: /^mv\s+/, route: "bro", reason: "Move file" },
+      { pattern: /^rm\s+(?!-rf)/, route: "bro", reason: "Remove file (safe)" },
+      // Simple searches → Bash Bro
+      { pattern: /^grep\s+-[ril]*\s+['"]?\w+['"]?\s+\S+$/, route: "bro", reason: "Simple grep" },
+      { pattern: /^find\s+\.\s+-name\s+/, route: "bro", reason: "Simple find" },
+      { pattern: /^which\s+/, route: "bro", reason: "Which command" },
+      // Git simple operations → Bash Bro
+      { pattern: /^git\s+status$/, route: "bro", reason: "Git status" },
+      { pattern: /^git\s+branch$/, route: "bro", reason: "Git branch list" },
+      { pattern: /^git\s+log\s+--oneline/, route: "bro", reason: "Git log" },
+      { pattern: /^git\s+diff$/, route: "bro", reason: "Git diff" },
+      { pattern: /^git\s+add\s+/, route: "bro", reason: "Git add" },
+      // Package info → Bash Bro
+      { pattern: /^npm\s+list/, route: "bro", reason: "NPM list" },
+      { pattern: /^pip\s+list/, route: "bro", reason: "Pip list" },
+      { pattern: /^pip\s+show\s+/, route: "bro", reason: "Pip show" },
+      // Environment checks → Bash Bro
+      { pattern: /^python\s+--version/, route: "bro", reason: "Python version" },
+      { pattern: /^node\s+--version/, route: "bro", reason: "Node version" },
+      { pattern: /^npm\s+--version/, route: "bro", reason: "NPM version" },
+      { pattern: /^env$/, route: "bro", reason: "Environment vars" },
+      { pattern: /^echo\s+\$\w+$/, route: "bro", reason: "Echo env var" },
+      // Complex operations → Main agent
+      { pattern: /refactor/i, route: "main", reason: "Refactoring requires reasoning" },
+      { pattern: /implement/i, route: "main", reason: "Implementation requires reasoning" },
+      { pattern: /explain/i, route: "main", reason: "Explanation requires reasoning" },
+      { pattern: /debug/i, route: "main", reason: "Debugging requires reasoning" },
+      { pattern: /fix\s+/i, route: "main", reason: "Fixing requires reasoning" },
+      { pattern: /why/i, route: "main", reason: "Explanation required" },
+      { pattern: /how\s+(do|can|should)/i, route: "main", reason: "Guidance required" },
+      // Git complex → Main agent
+      { pattern: /^git\s+rebase/, route: "main", reason: "Rebase needs oversight" },
+      { pattern: /^git\s+merge/, route: "main", reason: "Merge needs oversight" },
+      { pattern: /^git\s+reset/, route: "main", reason: "Reset needs oversight" },
+      // Parallel tasks → Both
+      { pattern: /^(npm|yarn|pnpm)\s+(test|run\s+test)/, route: "both", reason: "Tests can run in background" },
+      { pattern: /^pytest/, route: "both", reason: "Tests can run in background" },
+      { pattern: /^(npm|yarn|pnpm)\s+run\s+build/, route: "both", reason: "Build can run in background" },
+      { pattern: /^docker\s+build/, route: "both", reason: "Docker build can run in background" }
+    ];
+  }
+  route(command) {
+    for (const rule of this.rules) {
+      if (rule.pattern.test(command)) {
+        return {
+          decision: rule.route,
+          reason: rule.reason,
+          confidence: 0.9
+        };
+      }
+    }
+    if (this.looksSimple(command)) {
+      return {
+        decision: "bro",
+        reason: "Appears to be a simple command",
+        confidence: 0.6
+      };
+    }
+    return {
+      decision: "main",
+      reason: "Complex or unknown command",
+      confidence: 0.5
+    };
+  }
+  looksSimple(command) {
+    const words = command.split(/\s+/);
+    if (words.length <= 3) return true;
+    if (/[|><&;]/.test(command)) return false;
+    if (/[$`(]/.test(command)) return false;
+    return true;
+  }
+  addRule(pattern, route, reason) {
+    this.rules.unshift({ pattern, route, reason });
+  }
+  updateProfile(profile) {
+    this.profile = profile;
+    if (profile.projectType === "python") {
+      this.addRule(/^python\s+-c\s+/, "bro", "Simple Python one-liner");
+      this.addRule(/^pip\s+install\s+/, "bro", "Pip install");
+    }
+    if (profile.projectType === "node") {
+      this.addRule(/^npx\s+/, "bro", "NPX command");
+      this.addRule(/^npm\s+install\s+/, "bro", "NPM install");
+    }
+  }
+};
+
+// src/bro/suggester.ts
+var CommandSuggester = class {
+  history = [];
+  profile = null;
+  patterns = /* @__PURE__ */ new Map();
+  constructor(profile = null) {
+    this.profile = profile;
+    this.initPatterns();
+  }
+  initPatterns() {
+    this.patterns.set("git status", ["git add .", "git diff", "git stash"]);
+    this.patterns.set("git add", ['git commit -m ""', "git status"]);
+    this.patterns.set("git commit", ["git push", "git log --oneline -5"]);
+    this.patterns.set("git pull", ["git status", "git log --oneline -5"]);
+    this.patterns.set("git checkout", ["git status", "git branch"]);
+    this.patterns.set("npm install", ["npm run build", "npm test", "npm start"]);
+    this.patterns.set("npm test", ["npm run build", "git add ."]);
+    this.patterns.set("npm run build", ["npm start", "npm test"]);
+    this.patterns.set("pip install", ["pip freeze", "python -m pytest"]);
+    this.patterns.set("pytest", ["git add .", "python -m pytest -v"]);
+    this.patterns.set("docker build", ["docker run", "docker images"]);
+    this.patterns.set("docker run", ["docker ps", "docker logs"]);
+    this.patterns.set("cd", ["ls", "ls -la", "git status"]);
+    this.patterns.set("mkdir", ["cd", "touch"]);
+    this.patterns.set("ls", ["cd", "cat", "vim"]);
+  }
+  suggest(context) {
+    const suggestions = [];
+    if (context.lastCommand) {
+      const patternSuggestions = this.suggestFromPatterns(context.lastCommand);
+      suggestions.push(...patternSuggestions);
+    }
+    const historySuggestions = this.suggestFromHistory(context);
+    suggestions.push(...historySuggestions);
+    const contextSuggestions = this.suggestFromContext(context);
+    suggestions.push(...contextSuggestions);
+    const unique = this.dedupeAndRank(suggestions);
+    return unique.slice(0, 5);
+  }
+  suggestFromPatterns(lastCommand) {
+    const suggestions = [];
+    for (const [key, commands] of this.patterns) {
+      if (lastCommand.startsWith(key)) {
+        for (const cmd of commands) {
+          suggestions.push({
+            command: cmd,
+            description: `Common follow-up to "${key}"`,
+            confidence: 0.8,
+            source: "pattern"
+          });
+        }
+        break;
+      }
+    }
+    return suggestions;
+  }
+  suggestFromHistory(context) {
+    if (this.history.length < 3) return [];
+    const suggestions = [];
+    const recentCommands = this.history.slice(-20);
+    const following = /* @__PURE__ */ new Map();
+    for (let i = 0; i < recentCommands.length - 1; i++) {
+      const current = recentCommands[i].command;
+      const next = recentCommands[i + 1].command;
+      if (context.lastCommand && current.startsWith(context.lastCommand.split(" ")[0])) {
+        const count = following.get(next) || 0;
+        following.set(next, count + 1);
+      }
+    }
+    for (const [cmd, count] of following) {
+      if (count >= 2) {
+        suggestions.push({
+          command: cmd,
+          description: "Based on your history",
+          confidence: Math.min(0.9, 0.5 + count * 0.1),
+          source: "history"
+        });
+      }
+    }
+    return suggestions;
+  }
+  suggestFromContext(context) {
+    const suggestions = [];
+    if (context.projectType === "node" && context.cwd) {
+      if (context.files?.includes("package.json")) {
+        suggestions.push({
+          command: "npm install",
+          description: "Install dependencies",
+          confidence: 0.7,
+          source: "context"
+        });
+      }
+    }
+    if (context.projectType === "python" && context.cwd) {
+      if (context.files?.includes("requirements.txt")) {
+        suggestions.push({
+          command: "pip install -r requirements.txt",
+          description: "Install dependencies",
+          confidence: 0.7,
+          source: "context"
+        });
+      }
+    }
+    if (context.lastError) {
+      if (context.lastError.includes("ModuleNotFoundError")) {
+        const match = context.lastError.match(/No module named '(\w+)'/);
+        if (match) {
+          suggestions.push({
+            command: `pip install ${match[1]}`,
+            description: `Install missing module`,
+            confidence: 0.9,
+            source: "context"
+          });
+        }
+      }
+      if (context.lastError.includes("Cannot find module")) {
+        suggestions.push({
+          command: "npm install",
+          description: "Install missing dependencies",
+          confidence: 0.85,
+          source: "context"
+        });
+      }
+    }
+    return suggestions;
+  }
+  dedupeAndRank(suggestions) {
+    const seen = /* @__PURE__ */ new Set();
+    const unique = [];
+    suggestions.sort((a, b) => b.confidence - a.confidence);
+    for (const s of suggestions) {
+      if (!seen.has(s.command)) {
+        seen.add(s.command);
+        unique.push(s);
+      }
+    }
+    return unique;
+  }
+  recordCommand(entry) {
+    this.history.push(entry);
+    if (this.history.length > 100) {
+      this.history = this.history.slice(-100);
+    }
+  }
+  updateProfile(profile) {
+    this.profile = profile;
+  }
+};
+
+// src/bro/worker.ts
+import { spawn as spawn2 } from "child_process";
+import { EventEmitter as EventEmitter3 } from "events";
+var MAX_TASK_HISTORY = 100;
+function parseCommand(command) {
+  const tokens = [];
+  let current = "";
+  let inQuote = null;
+  for (let i = 0; i < command.length; i++) {
+    const char = command[i];
+    if (inQuote) {
+      if (char === inQuote) {
+        inQuote = null;
+      } else {
+        current += char;
+      }
+    } else if (char === '"' || char === "'") {
+      inQuote = char;
+    } else if (char === " " || char === "	") {
+      if (current) {
+        tokens.push(current);
+        current = "";
+      }
+    } else {
+      current += char;
+    }
+  }
+  if (current) {
+    tokens.push(current);
+  }
+  return {
+    cmd: tokens[0] || "",
+    args: tokens.slice(1)
+  };
+}
+function validateCommand(command) {
+  const dangerousPatterns = [
+    /[;&|`$]/,
+    // Shell operators and command substitution
+    /\$\(/,
+    // Command substitution
+    />\s*>/,
+    // Append redirect
+    />\s*\//,
+    // Redirect to absolute path
+    /<\s*\//,
+    // Input from absolute path
+    /\|\s*\w+/
+    // Pipe to command
+  ];
+  for (const pattern of dangerousPatterns) {
+    if (pattern.test(command)) {
+      return {
+        valid: false,
+        reason: `Command contains potentially dangerous pattern: ${pattern.source}`
+      };
+    }
+  }
+  return { valid: true };
+}
+var BackgroundWorker = class extends EventEmitter3 {
+  tasks = /* @__PURE__ */ new Map();
+  processes = /* @__PURE__ */ new Map();
+  taskIdCounter = 0;
+  spawn(command, cwd) {
+    const validation = validateCommand(command);
+    if (!validation.valid) {
+      throw new Error(`Security: ${validation.reason}`);
+    }
+    const id = `task_${++this.taskIdCounter}`;
+    const task = {
+      id,
+      command,
+      status: "running",
+      startTime: /* @__PURE__ */ new Date(),
+      output: []
+    };
+    this.tasks.set(id, task);
+    const { cmd, args } = parseCommand(command);
+    if (!cmd) {
+      task.status = "failed";
+      task.endTime = /* @__PURE__ */ new Date();
+      task.output.push("Error: Empty command");
+      return task;
+    }
+    const proc = spawn2(cmd, args, {
+      cwd: cwd || process.cwd(),
+      shell: false,
+      // CRITICAL: Never use shell: true
+      stdio: ["pipe", "pipe", "pipe"],
+      env: process.env
+    });
+    this.processes.set(id, proc);
+    proc.stdout?.on("data", (data) => {
+      const line = data.toString();
+      task.output.push(line);
+      this.emit("output", { taskId: id, data: line, stream: "stdout" });
+    });
+    proc.stderr?.on("data", (data) => {
+      const line = data.toString();
+      task.output.push(line);
+      this.emit("output", { taskId: id, data: line, stream: "stderr" });
+    });
+    proc.on("close", (code) => {
+      task.status = code === 0 ? "completed" : "failed";
+      task.endTime = /* @__PURE__ */ new Date();
+      task.exitCode = code ?? void 0;
+      this.processes.delete(id);
+      this.emit("complete", {
+        taskId: id,
+        exitCode: code,
+        duration: task.endTime.getTime() - task.startTime.getTime()
+      });
+      this.notifyCompletion(task);
+      this.cleanupOldTasks();
+    });
+    proc.on("error", (error) => {
+      task.status = "failed";
+      task.endTime = /* @__PURE__ */ new Date();
+      task.output.push(`Error: ${error.message}`);
+      this.processes.delete(id);
+      this.emit("error", { taskId: id, error });
+    });
+    this.emit("started", { taskId: id, command });
+    return task;
+  }
+  cancel(taskId) {
+    const proc = this.processes.get(taskId);
+    const task = this.tasks.get(taskId);
+    if (proc && task) {
+      proc.kill("SIGTERM");
+      task.status = "cancelled";
+      task.endTime = /* @__PURE__ */ new Date();
+      this.processes.delete(taskId);
+      return true;
+    }
+    return false;
+  }
+  getTask(taskId) {
+    return this.tasks.get(taskId);
+  }
+  getRunningTasks() {
+    return Array.from(this.tasks.values()).filter((t) => t.status === "running");
+  }
+  getAllTasks() {
+    return Array.from(this.tasks.values());
+  }
+  getRecentTasks(limit = 10) {
+    return Array.from(this.tasks.values()).sort((a, b) => b.startTime.getTime() - a.startTime.getTime()).slice(0, limit);
+  }
+  cleanupOldTasks() {
+    const tasks = Array.from(this.tasks.entries()).filter(([_, t]) => t.status !== "running").sort((a, b) => b[1].startTime.getTime() - a[1].startTime.getTime());
+    if (tasks.length > MAX_TASK_HISTORY) {
+      const toRemove = tasks.slice(MAX_TASK_HISTORY);
+      for (const [id] of toRemove) {
+        this.tasks.delete(id);
+      }
+    }
+  }
+  notifyCompletion(task) {
+    const duration = task.endTime ? Math.round((task.endTime.getTime() - task.startTime.getTime()) / 1e3) : 0;
+    const icon = task.status === "completed" ? "\u2713" : "\u2717";
+    const status = task.status === "completed" ? "completed" : "failed";
+    console.log(`
+\u{1F91D} Bash Bro: Background task ${icon} ${status}`);
+    console.log(`   Command: ${task.command}`);
+    console.log(`   Duration: ${duration}s`);
+    if (task.status === "failed" && task.output.length > 0) {
+      const lastLines = task.output.slice(-3).join("").trim();
+      if (lastLines) {
+        console.log(`   Last output: ${lastLines.slice(0, 100)}`);
+      }
+    }
+    console.log();
+  }
+  formatStatus() {
+    const running = this.getRunningTasks();
+    if (running.length === 0) {
+      return "No background tasks running.";
+    }
+    const lines = ["Background tasks:"];
+    for (const task of running) {
+      const elapsed = Math.round((Date.now() - task.startTime.getTime()) / 1e3);
+      lines.push(`  [${task.id}] ${task.command} (${elapsed}s)`);
+    }
+    return lines.join("\n");
+  }
+};
+
+// src/bro/bro.ts
+import { execFileSync as execFileSync2 } from "child_process";
+import { EventEmitter as EventEmitter4 } from "events";
+var SAFE_COMMANDS = /* @__PURE__ */ new Set([
+  "ls",
+  "dir",
+  "cat",
+  "head",
+  "tail",
+  "grep",
+  "find",
+  "wc",
+  "pwd",
+  "cd",
+  "mkdir",
+  "touch",
+  "cp",
+  "mv",
+  "rm",
+  "git",
+  "npm",
+  "npx",
+  "pnpm",
+  "yarn",
+  "node",
+  "python",
+  "python3",
+  "pip",
+  "pip3",
+  "pytest",
+  "cargo",
+  "go",
+  "rustc",
+  "docker",
+  "kubectl",
+  "echo",
+  "which",
+  "where",
+  "type",
+  "date",
+  "whoami",
+  "hostname",
+  "env",
+  "printenv"
+]);
+function parseCommandSafe(command) {
+  const tokens = [];
+  let current = "";
+  let inQuote = null;
+  for (let i = 0; i < command.length; i++) {
+    const char = command[i];
+    if (inQuote) {
+      if (char === inQuote) {
+        inQuote = null;
+      } else {
+        current += char;
+      }
+    } else if (char === '"' || char === "'") {
+      inQuote = char;
+    } else if (char === " " || char === "	") {
+      if (current) {
+        tokens.push(current);
+        current = "";
+      }
+    } else {
+      current += char;
+    }
+  }
+  if (current) {
+    tokens.push(current);
+  }
+  if (tokens.length === 0) {
+    return null;
+  }
+  const cmd = tokens[0];
+  if (!SAFE_COMMANDS.has(cmd)) {
+    return null;
+  }
+  return {
+    cmd,
+    args: tokens.slice(1)
+  };
+}
+function validateCommandSafety(command) {
+  const dangerousPatterns = [
+    /[;&|`]/,
+    // Shell operators
+    /\$\(/,
+    // Command substitution
+    /\$\{/,
+    // Variable expansion
+    />\s*>/,
+    // Append redirect
+    /[<>]\s*\//,
+    // Redirect to/from absolute path
+    /\|\s*\w+/,
+    // Pipe to command
+    /\\x[0-9a-f]/i,
+    // Hex escapes
+    /\\[0-7]{3}/
+    // Octal escapes
+  ];
+  for (const pattern of dangerousPatterns) {
+    if (pattern.test(command)) {
+      return { safe: false, reason: `Contains dangerous pattern` };
+    }
+  }
+  return { safe: true };
+}
+var BashBro = class extends EventEmitter4 {
+  profiler;
+  router;
+  suggester;
+  worker;
+  ollama = null;
+  profile = null;
+  config;
+  ollamaAvailable = false;
+  bashgymModelVersion = null;
+  constructor(config = {}) {
+    super();
+    this.config = {
+      enableSuggestions: true,
+      enableRouting: true,
+      enableBackground: true,
+      enableOllama: true,
+      enableBashgymIntegration: true,
+      ...config
+    };
+    this.profiler = new SystemProfiler();
+    this.router = new TaskRouter();
+    this.suggester = new CommandSuggester();
+    this.worker = new BackgroundWorker();
+    if (this.config.enableOllama) {
+      this.ollama = new OllamaClient({
+        host: this.config.modelEndpoint,
+        model: this.config.modelName
+      });
+    }
+    this.worker.on("complete", (data) => this.emit("task:complete", data));
+    this.worker.on("output", (data) => this.emit("task:output", data));
+    this.worker.on("error", (data) => this.emit("task:error", data));
+    if (this.config.enableBashgymIntegration) {
+      this.initBashgymIntegration();
+    }
+  }
+  /**
+   * Initialize bashgym integration for model hot-swap
+   */
+  initBashgymIntegration() {
+    try {
+      const integration = getBashgymIntegration();
+      integration.on("model:updated", (version, manifest) => {
+        this.handleModelUpdate(version, manifest);
+      });
+      if (integration.isLinked()) {
+        const modelName = integration.getOllamaModelName();
+        const currentVersion = integration.getCurrentModelVersion();
+        if (currentVersion && this.ollama) {
+          this.ollama.setModel(`${modelName}:${currentVersion}`);
+          this.bashgymModelVersion = currentVersion;
+          console.log(`\u{1F91D} Bash Bro: Using bashgym sidekick model (${currentVersion})`);
+        }
+      }
+    } catch {
+    }
+  }
+  /**
+   * Handle model update from bashgym (hot-swap)
+   */
+  handleModelUpdate(version, manifest) {
+    if (!this.ollama) return;
+    if (version === this.bashgymModelVersion) return;
+    try {
+      const integration = getBashgymIntegration();
+      const modelName = integration.getOllamaModelName();
+      this.ollama.setModel(`${modelName}:${version}`);
+      this.bashgymModelVersion = version;
+      console.log(`\u{1F91D} Bash Bro: Model hot-swapped to ${version}`);
+      this.emit("model:updated", version);
+    } catch (error) {
+      console.error("Failed to hot-swap model:", error);
+    }
+  }
+  async initialize() {
+    this.profile = this.profiler.load();
+    if (!this.profile || this.isProfileStale()) {
+      console.log("\u{1F91D} Bash Bro: Scanning your system...");
+      this.profile = await this.profiler.scan();
+      console.log("\u{1F91D} Bash Bro: System profile updated!");
+    }
+    this.router.updateProfile(this.profile);
+    this.suggester.updateProfile(this.profile);
+    if (this.ollama) {
+      this.ollamaAvailable = await this.ollama.isAvailable();
+      if (this.ollamaAvailable) {
+        console.log("\u{1F91D} Bash Bro: Ollama connected");
+      }
+    }
+    this.emit("ready", this.profile);
+  }
+  isProfileStale() {
+    if (!this.profile) return true;
+    const age = Date.now() - new Date(this.profile.timestamp).getTime();
+    const oneDay = 24 * 60 * 60 * 1e3;
+    return age > oneDay;
+  }
+  scanProject(projectPath) {
+    this.profiler.scanProject(projectPath);
+    this.profile = this.profiler.get();
+    if (this.profile) {
+      this.router.updateProfile(this.profile);
+      this.suggester.updateProfile(this.profile);
+    }
+  }
+  route(command) {
+    if (!this.config.enableRouting) {
+      return { decision: "main", reason: "Routing disabled", confidence: 1 };
+    }
+    return this.router.route(command);
+  }
+  suggest(context) {
+    if (!this.config.enableSuggestions) {
+      return [];
+    }
+    return this.suggester.suggest(context);
+  }
+  /**
+   * SECURITY FIX: Safe command execution with validation
+   */
+  async execute(command) {
+    const safety = validateCommandSafety(command);
+    if (!safety.safe) {
+      return `Security: Command blocked - ${safety.reason}`;
+    }
+    const parsed = parseCommandSafe(command);
+    if (!parsed) {
+      return `Security: Command not in allowlist. Only safe commands can be executed directly.`;
+    }
+    try {
+      const output = execFileSync2(parsed.cmd, parsed.args, {
+        encoding: "utf-8",
+        timeout: 3e4,
+        cwd: process.cwd(),
+        windowsHide: true
+      });
+      return output;
+    } catch (error) {
+      return error.message || "Command failed";
+    }
+  }
+  runBackground(command, cwd) {
+    if (!this.config.enableBackground) {
+      throw new Error("Background tasks disabled");
+    }
+    return this.worker.spawn(command, cwd);
+  }
+  cancelBackground(taskId) {
+    return this.worker.cancel(taskId);
+  }
+  getBackgroundTasks() {
+    return this.worker.getRunningTasks();
+  }
+  getSystemContext() {
+    return this.profiler.toContext();
+  }
+  getProfile() {
+    return this.profile;
+  }
+  /**
+   * Check if Ollama is available for AI features
+   */
+  isOllamaAvailable() {
+    return this.ollamaAvailable;
+  }
+  /**
+   * Ask Bash Bro (via Ollama) to suggest the next command
+   */
+  async aiSuggest(context) {
+    if (!this.ollama || !this.ollamaAvailable) {
+      return null;
+    }
+    return this.ollama.suggestCommand(context);
+  }
+  /**
+   * Ask Bash Bro to explain a command
+   */
+  async aiExplain(command) {
+    if (!this.ollama || !this.ollamaAvailable) {
+      return "Ollama not available for explanations.";
+    }
+    return this.ollama.explainCommand(command);
+  }
+  /**
+   * Ask Bash Bro to fix a failed command
+   */
+  async aiFix(command, error) {
+    if (!this.ollama || !this.ollamaAvailable) {
+      return null;
+    }
+    return this.ollama.fixCommand(command, error);
+  }
+  /**
+   * Set the Ollama model to use
+   */
+  setModel(model) {
+    if (this.ollama) {
+      this.ollama.setModel(model);
+    }
+  }
+  /**
+   * Generate a shell script from natural language description
+   */
+  async aiGenerateScript(description) {
+    if (!this.ollama || !this.ollamaAvailable) {
+      return null;
+    }
+    const shell = this.profile?.shell || "bash";
+    return this.ollama.generateScript(description, shell);
+  }
+  /**
+   * Analyze command for security risks using AI
+   */
+  async aiAnalyzeSafety(command) {
+    if (!this.ollama || !this.ollamaAvailable) {
+      return {
+        safe: true,
+        risk: "low",
+        explanation: "AI analysis not available.",
+        suggestions: []
+      };
+    }
+    return this.ollama.analyzeCommandSafety(command);
+  }
+  /**
+   * Summarize a terminal session
+   */
+  async aiSummarize(commands) {
+    if (!this.ollama || !this.ollamaAvailable) {
+      return "AI not available for summaries.";
+    }
+    return this.ollama.summarizeSession(commands);
+  }
+  /**
+   * Get AI help for a topic or command
+   */
+  async aiHelp(topic) {
+    if (!this.ollama || !this.ollamaAvailable) {
+      return "AI not available for help.";
+    }
+    return this.ollama.getHelp(topic);
+  }
+  /**
+   * Convert natural language to command
+   */
+  async aiToCommand(description) {
+    if (!this.ollama || !this.ollamaAvailable) {
+      return null;
+    }
+    return this.ollama.naturalToCommand(description);
+  }
+  /**
+   * Get bashgym sidekick model version (if using)
+   */
+  getBashgymModelVersion() {
+    return this.bashgymModelVersion;
+  }
+  /**
+   * Check if using bashgym-trained sidekick model
+   */
+  isUsingBashgymModel() {
+    return this.bashgymModelVersion !== null;
+  }
+  /**
+   * Force refresh the bashgym model (check for updates)
+   */
+  refreshBashgymModel() {
+    if (!this.config.enableBashgymIntegration) {
+      return false;
+    }
+    try {
+      const integration = getBashgymIntegration();
+      const currentVersion = integration.getCurrentModelVersion();
+      if (currentVersion && currentVersion !== this.bashgymModelVersion) {
+        const modelName = integration.getOllamaModelName();
+        if (this.ollama) {
+          this.ollama.setModel(`${modelName}:${currentVersion}`);
+          this.bashgymModelVersion = currentVersion;
+          this.emit("model:updated", currentVersion);
+          return true;
+        }
+      }
+    } catch {
+    }
+    return false;
+  }
+  // Format a nice status message
+  status() {
+    const lines = [
+      "\u{1F91D} Bash Bro Status",
+      "\u2500".repeat(40)
+    ];
+    if (this.profile) {
+      lines.push(`Platform: ${this.profile.platform} (${this.profile.arch})`);
+      lines.push(`Shell: ${this.profile.shell}`);
+      if (this.profile.python) {
+        lines.push(`Python: ${this.profile.python.version}`);
+      }
+      if (this.profile.node) {
+        lines.push(`Node: ${this.profile.node.version}`);
+      }
+      if (this.profile.ollama) {
+        lines.push(`Ollama: ${this.profile.ollama.version}`);
+        if (this.profile.ollama.models.length > 0) {
+          lines.push(`  Models: ${this.profile.ollama.models.join(", ")}`);
+        }
+      }
+      if (this.profile.projectType) {
+        lines.push(`Project: ${this.profile.projectType}`);
+      }
+    }
+    lines.push("");
+    if (this.ollamaAvailable) {
+      const model = this.ollama?.getModel() || "default";
+      if (this.bashgymModelVersion) {
+        lines.push(`AI: Connected (bashgym sidekick ${this.bashgymModelVersion})`);
+      } else {
+        lines.push(`AI: Connected (${model})`);
+      }
+    } else {
+      lines.push("AI: Not connected (run Ollama for AI features)");
+    }
+    if (this.config.enableBashgymIntegration) {
+      try {
+        const integration = getBashgymIntegration();
+        if (integration.isLinked()) {
+          lines.push(`BashGym: Linked`);
+          if (integration.isBashgymRunning()) {
+            lines.push(`  Status: Running`);
+          }
+        }
+      } catch {
+      }
+    }
+    lines.push("");
+    lines.push(this.worker.formatStatus());
+    return lines.join("\n");
+  }
+};
+
+// src/observability/metrics.ts
+var MetricsCollector = class {
+  sessionId;
+  startTime;
+  commands = [];
+  filesModified = /* @__PURE__ */ new Set();
+  pathsAccessed = /* @__PURE__ */ new Set();
+  constructor() {
+    this.sessionId = this.generateSessionId();
+    this.startTime = /* @__PURE__ */ new Date();
+  }
+  generateSessionId() {
+    const now = /* @__PURE__ */ new Date();
+    const date = now.toISOString().slice(0, 10).replace(/-/g, "");
+    const time = now.toTimeString().slice(0, 8).replace(/:/g, "");
+    const rand = Math.random().toString(36).slice(2, 6);
+    return `${date}-${time}-${rand}`;
+  }
+  /**
+   * Record a command execution
+   */
+  record(metric) {
+    this.commands.push(metric);
+    const paths = this.extractPaths(metric.command);
+    for (const path of paths) {
+      this.pathsAccessed.add(path);
+    }
+    if (this.isWriteCommand(metric.command)) {
+      for (const path of paths) {
+        this.filesModified.add(path);
+      }
+    }
+  }
+  /**
+   * Get current session metrics
+   */
+  getMetrics() {
+    const now = /* @__PURE__ */ new Date();
+    const duration = now.getTime() - this.startTime.getTime();
+    const riskDist = { safe: 0, caution: 0, dangerous: 0, critical: 0 };
+    let totalRisk = 0;
+    for (const cmd of this.commands) {
+      riskDist[cmd.riskScore.level]++;
+      totalRisk += cmd.riskScore.score;
+    }
+    const cmdFreq = /* @__PURE__ */ new Map();
+    for (const cmd of this.commands) {
+      const base = cmd.command.split(/\s+/)[0];
+      cmdFreq.set(base, (cmdFreq.get(base) || 0) + 1);
+    }
+    const topCommands = [...cmdFreq.entries()].sort((a, b) => b[1] - a[1]).slice(0, 10);
+    const violationsByType = {};
+    for (const cmd of this.commands) {
+      for (const v of cmd.violations) {
+        violationsByType[v.type] = (violationsByType[v.type] || 0) + 1;
+      }
+    }
+    const totalExecTime = this.commands.reduce((sum, c) => sum + c.duration, 0);
+    const avgExecTime = this.commands.length > 0 ? totalExecTime / this.commands.length : 0;
+    return {
+      sessionId: this.sessionId,
+      startTime: this.startTime,
+      duration,
+      commandCount: this.commands.length,
+      blockedCount: this.commands.filter((c) => !c.allowed).length,
+      uniqueCommands: cmdFreq.size,
+      topCommands,
+      riskDistribution: riskDist,
+      avgRiskScore: this.commands.length > 0 ? totalRisk / this.commands.length : 0,
+      avgExecutionTime: avgExecTime,
+      totalExecutionTime: totalExecTime,
+      filesModified: [...this.filesModified],
+      pathsAccessed: [...this.pathsAccessed],
+      violationsByType
+    };
+  }
+  /**
+   * Extract paths from a command
+   */
+  extractPaths(command) {
+    const paths = [];
+    const tokens = command.split(/\s+/);
+    for (const token of tokens) {
+      if (token.startsWith("-")) continue;
+      if (token.startsWith("/") || token.startsWith("./") || token.startsWith("../") || token.startsWith("~/") || token.includes(".")) {
+        paths.push(token);
+      }
+    }
+    return paths;
+  }
+  /**
+   * Check if command modifies files
+   */
+  isWriteCommand(command) {
+    const writePatterns = [
+      /^(vim|vi|nano|emacs|code)\s/,
+      /^(touch|mkdir|cp|mv|rm)\s/,
+      /^(echo|cat|printf).*>/,
+      /^(git\s+(add|commit|checkout|reset))/,
+      /^(npm|yarn|pnpm)\s+(install|uninstall)/,
+      /^(pip|pip3)\s+(install|uninstall)/,
+      /^chmod\s/,
+      /^chown\s/
+    ];
+    return writePatterns.some((p) => p.test(command));
+  }
+  /**
+   * Get recent commands
+   */
+  getRecentCommands(n = 10) {
+    return this.commands.slice(-n);
+  }
+  /**
+   * Get blocked commands
+   */
+  getBlockedCommands() {
+    return this.commands.filter((c) => !c.allowed);
+  }
+  /**
+   * Get high-risk commands
+   */
+  getHighRiskCommands(threshold = 6) {
+    return this.commands.filter((c) => c.riskScore.score >= threshold);
+  }
+  /**
+   * Format duration for display
+   */
+  static formatDuration(ms) {
+    if (ms < 1e3) return `${ms}ms`;
+    if (ms < 6e4) return `${(ms / 1e3).toFixed(1)}s`;
+    if (ms < 36e5) return `${Math.floor(ms / 6e4)}m ${Math.floor(ms % 6e4 / 1e3)}s`;
+    return `${Math.floor(ms / 36e5)}h ${Math.floor(ms % 36e5 / 6e4)}m`;
+  }
+  /**
+   * Reset collector
+   */
+  reset() {
+    this.sessionId = this.generateSessionId();
+    this.startTime = /* @__PURE__ */ new Date();
+    this.commands = [];
+    this.filesModified.clear();
+    this.pathsAccessed.clear();
+  }
+};
+
+// src/observability/cost.ts
+var MODEL_PRICING = {
+  "claude-opus-4": { inputPer1k: 0.015, outputPer1k: 0.075 },
+  "claude-sonnet-4": { inputPer1k: 3e-3, outputPer1k: 0.015 },
+  "claude-haiku-4": { inputPer1k: 25e-5, outputPer1k: 125e-5 },
+  "gpt-4o": { inputPer1k: 5e-3, outputPer1k: 0.015 },
+  "gpt-4o-mini": { inputPer1k: 15e-5, outputPer1k: 6e-4 },
+  "default": { inputPer1k: 3e-3, outputPer1k: 0.015 }
+};
+var AVG_CHARS_PER_TOKEN = 4;
+var AVG_TOOL_CALL_TOKENS = 150;
+var AVG_TOOL_RESULT_TOKENS = 500;
+var CONTEXT_OVERHEAD_RATIO = 0.2;
+var CostEstimator = class {
+  model;
+  pricing;
+  totalInputTokens = 0;
+  totalOutputTokens = 0;
+  toolCallCount = 0;
+  constructor(model = "claude-sonnet-4") {
+    this.model = model;
+    this.pricing = MODEL_PRICING[model] || MODEL_PRICING["default"];
+  }
+  /**
+   * Estimate tokens from text
+   */
+  estimateTokens(text) {
+    return Math.ceil(text.length / AVG_CHARS_PER_TOKEN);
+  }
+  /**
+   * Record a tool call with input and output
+   */
+  recordToolCall(input, output) {
+    this.toolCallCount++;
+    const inputTokens = this.estimateTokens(input) + AVG_TOOL_CALL_TOKENS;
+    this.totalInputTokens += inputTokens;
+    if (output) {
+      const outputTokens = this.estimateTokens(output) + 50;
+      this.totalOutputTokens += outputTokens;
+    } else {
+      this.totalOutputTokens += AVG_TOOL_RESULT_TOKENS;
+    }
+  }
+  /**
+   * Get current cost estimate
+   */
+  getEstimate() {
+    const contextTokens = Math.ceil(
+      (this.totalInputTokens + this.totalOutputTokens) * CONTEXT_OVERHEAD_RATIO
+    );
+    const totalInput = this.totalInputTokens + contextTokens;
+    const totalOutput = this.totalOutputTokens;
+    const inputCost = totalInput / 1e3 * this.pricing.inputPer1k;
+    const outputCost = totalOutput / 1e3 * this.pricing.outputPer1k;
+    const totalCost = inputCost + outputCost;
+    let confidence;
+    if (this.toolCallCount < 5) confidence = "low";
+    else if (this.toolCallCount < 20) confidence = "medium";
+    else confidence = "high";
+    return {
+      estimatedTokens: totalInput + totalOutput,
+      estimatedCost: Math.round(totalCost * 1e4) / 1e4,
+      // 4 decimal places
+      breakdown: {
+        inputTokens: totalInput,
+        outputTokens: totalOutput,
+        toolCalls: this.toolCallCount,
+        contextTokens
+      },
+      model: this.model,
+      confidence
+    };
+  }
+  /**
+   * Format cost for display
+   */
+  static formatCost(cost) {
+    if (cost < 0.01) return `$${(cost * 100).toFixed(2)}\xA2`;
+    if (cost < 1) return `$${cost.toFixed(3)}`;
+    return `$${cost.toFixed(2)}`;
+  }
+  /**
+   * Get cost projection for N more commands
+   */
+  projectCost(additionalCommands) {
+    if (this.toolCallCount === 0) {
+      const projectedInput2 = additionalCommands * (AVG_TOOL_CALL_TOKENS + 50);
+      const projectedOutput2 = additionalCommands * AVG_TOOL_RESULT_TOKENS;
+      const inputCost2 = projectedInput2 / 1e3 * this.pricing.inputPer1k;
+      const outputCost2 = projectedOutput2 / 1e3 * this.pricing.outputPer1k;
+      return {
+        estimatedTokens: projectedInput2 + projectedOutput2,
+        estimatedCost: inputCost2 + outputCost2,
+        breakdown: {
+          inputTokens: projectedInput2,
+          outputTokens: projectedOutput2,
+          toolCalls: additionalCommands,
+          contextTokens: 0
+        },
+        model: this.model,
+        confidence: "low"
+      };
+    }
+    const avgInputPerCall = this.totalInputTokens / this.toolCallCount;
+    const avgOutputPerCall = this.totalOutputTokens / this.toolCallCount;
+    const projectedInput = this.totalInputTokens + additionalCommands * avgInputPerCall;
+    const projectedOutput = this.totalOutputTokens + additionalCommands * avgOutputPerCall;
+    const contextTokens = Math.ceil((projectedInput + projectedOutput) * CONTEXT_OVERHEAD_RATIO);
+    const totalInput = projectedInput + contextTokens;
+    const totalOutput = projectedOutput;
+    const inputCost = totalInput / 1e3 * this.pricing.inputPer1k;
+    const outputCost = totalOutput / 1e3 * this.pricing.outputPer1k;
+    return {
+      estimatedTokens: totalInput + totalOutput,
+      estimatedCost: inputCost + outputCost,
+      breakdown: {
+        inputTokens: Math.ceil(totalInput),
+        outputTokens: Math.ceil(totalOutput),
+        toolCalls: this.toolCallCount + additionalCommands,
+        contextTokens
+      },
+      model: this.model,
+      confidence: this.toolCallCount >= 10 ? "high" : "medium"
+    };
+  }
+  /**
+   * Set model for pricing
+   */
+  setModel(model) {
+    this.model = model;
+    this.pricing = MODEL_PRICING[model] || MODEL_PRICING["default"];
+  }
+  /**
+   * Reset counters
+   */
+  reset() {
+    this.totalInputTokens = 0;
+    this.totalOutputTokens = 0;
+    this.toolCallCount = 0;
+  }
+  /**
+   * Add custom model pricing
+   */
+  static addModelPricing(model, pricing) {
+    MODEL_PRICING[model] = pricing;
+  }
+};
+
+// src/observability/report.ts
+var DEFAULT_OPTIONS = {
+  showCommands: true,
+  showBlocked: true,
+  showRisk: true,
+  showPaths: true,
+  showCost: true,
+  format: "text"
+};
+var ReportGenerator = class {
+  /**
+   * Generate a session report
+   */
+  static generate(metrics, cost, options = {}) {
+    const opts = { ...DEFAULT_OPTIONS, ...options };
+    switch (opts.format) {
+      case "json":
+        return this.generateJSON(metrics, cost);
+      case "markdown":
+        return this.generateMarkdown(metrics, cost, opts);
+      default:
+        return this.generateText(metrics, cost, opts);
+    }
+  }
+  /**
+   * Generate text report
+   */
+  static generateText(metrics, cost, opts = {}) {
+    const lines = [];
+    const duration = this.formatDuration(metrics.duration);
+    lines.push(`Session Report (${duration})`);
+    lines.push("\u2500".repeat(45));
+    lines.push("");
+    const blockedPct = metrics.commandCount > 0 ? Math.round(metrics.blockedCount / metrics.commandCount * 100) : 0;
+    lines.push(`Commands: ${metrics.commandCount} total, ${metrics.blockedCount} blocked (${blockedPct}%)`);
+    lines.push("");
+    if (opts.showRisk) {
+      const total = metrics.commandCount || 1;
+      const { safe, caution, dangerous, critical } = metrics.riskDistribution;
+      const safePct = Math.round(safe / total * 100);
+      const cautionPct = Math.round(caution / total * 100);
+      const dangerousPct = Math.round(dangerous / total * 100);
+      const criticalPct = Math.round(critical / total * 100);
+      lines.push("Risk Distribution:");
+      lines.push(`  ${this.progressBar(safePct, 20)} ${safePct}% safe`);
+      lines.push(`  ${this.progressBar(cautionPct, 20)} ${cautionPct}% caution`);
+      lines.push(`  ${this.progressBar(dangerousPct, 20)} ${dangerousPct}% dangerous`);
+      if (critical > 0) {
+        lines.push(`  ${this.progressBar(criticalPct, 20)} ${criticalPct}% CRITICAL`);
+      }
+      lines.push(`  Average risk score: ${metrics.avgRiskScore.toFixed(1)}/10`);
+      lines.push("");
+    }
+    if (opts.showCommands && metrics.topCommands.length > 0) {
+      lines.push("Top Commands:");
+      for (const [cmd, count] of metrics.topCommands.slice(0, 5)) {
+        const pct = Math.round(count / metrics.commandCount * 100);
+        lines.push(`  ${cmd.padEnd(15)} ${count.toString().padStart(3)} (${pct}%)`);
+      }
+      lines.push("");
+    }
+    if (opts.showBlocked && metrics.blockedCount > 0) {
+      lines.push("Violations by Type:");
+      for (const [type, count] of Object.entries(metrics.violationsByType)) {
+        lines.push(`  ${type}: ${count}`);
+      }
+      lines.push("");
+    }
+    if (opts.showPaths) {
+      if (metrics.filesModified.length > 0) {
+        lines.push(`Files Modified: ${metrics.filesModified.length}`);
+        for (const file of metrics.filesModified.slice(0, 5)) {
+          lines.push(`  \u2022 ${file}`);
+        }
+        if (metrics.filesModified.length > 5) {
+          lines.push(`  ... and ${metrics.filesModified.length - 5} more`);
+        }
+        lines.push("");
+      }
+      lines.push(`Paths Accessed: ${metrics.pathsAccessed.length} unique`);
+      lines.push("");
+    }
+    if (opts.showCost && cost) {
+      lines.push("Cost Estimate:");
+      lines.push(`  Tokens: ~${cost.estimatedTokens.toLocaleString()} (${cost.confidence} confidence)`);
+      lines.push(`  Cost: ~${this.formatCost(cost.estimatedCost)} (${cost.model})`);
+      lines.push("");
+    }
+    lines.push("Performance:");
+    lines.push(`  Avg execution time: ${metrics.avgExecutionTime.toFixed(0)}ms`);
+    lines.push(`  Total execution time: ${this.formatDuration(metrics.totalExecutionTime)}`);
+    lines.push("");
+    lines.push(`Session ID: ${metrics.sessionId}`);
+    return lines.join("\n");
+  }
+  /**
+   * Generate markdown report
+   */
+  static generateMarkdown(metrics, cost, opts = {}) {
+    const lines = [];
+    const duration = this.formatDuration(metrics.duration);
+    lines.push(`# Session Report`);
+    lines.push("");
+    lines.push(`**Duration:** ${duration}`);
+    lines.push(`**Session ID:** \`${metrics.sessionId}\``);
+    lines.push("");
+    lines.push("## Summary");
+    lines.push("");
+    lines.push("| Metric | Value |");
+    lines.push("|--------|-------|");
+    lines.push(`| Commands | ${metrics.commandCount} |`);
+    lines.push(`| Blocked | ${metrics.blockedCount} |`);
+    lines.push(`| Unique Commands | ${metrics.uniqueCommands} |`);
+    lines.push(`| Avg Risk Score | ${metrics.avgRiskScore.toFixed(1)}/10 |`);
+    lines.push("");
+    if (opts.showRisk) {
+      lines.push("## Risk Distribution");
+      lines.push("");
+      lines.push("| Level | Count | Percentage |");
+      lines.push("|-------|-------|------------|");
+      const total = metrics.commandCount || 1;
+      for (const [level, count] of Object.entries(metrics.riskDistribution)) {
+        const pct = Math.round(count / total * 100);
+        lines.push(`| ${level} | ${count} | ${pct}% |`);
+      }
+      lines.push("");
+    }
+    if (opts.showCommands && metrics.topCommands.length > 0) {
+      lines.push("## Top Commands");
+      lines.push("");
+      lines.push("| Command | Count |");
+      lines.push("|---------|-------|");
+      for (const [cmd, count] of metrics.topCommands.slice(0, 10)) {
+        lines.push(`| \`${cmd}\` | ${count} |`);
+      }
+      lines.push("");
+    }
+    if (opts.showCost && cost) {
+      lines.push("## Cost Estimate");
+      lines.push("");
+      lines.push(`- **Tokens:** ~${cost.estimatedTokens.toLocaleString()}`);
+      lines.push(`- **Cost:** ~${this.formatCost(cost.estimatedCost)}`);
+      lines.push(`- **Model:** ${cost.model}`);
+      lines.push(`- **Confidence:** ${cost.confidence}`);
+      lines.push("");
+    }
+    return lines.join("\n");
+  }
+  /**
+   * Generate JSON report
+   */
+  static generateJSON(metrics, cost) {
+    return JSON.stringify({ metrics, cost }, null, 2);
+  }
+  /**
+   * Generate a simple progress bar
+   */
+  static progressBar(percent, width) {
+    const filled = Math.round(percent / 100 * width);
+    const empty = width - filled;
+    return "\u2588".repeat(filled) + "\u2591".repeat(empty);
+  }
+  /**
+   * Format duration
+   */
+  static formatDuration(ms) {
+    if (ms < 1e3) return `${ms}ms`;
+    if (ms < 6e4) return `${(ms / 1e3).toFixed(1)}s`;
+    if (ms < 36e5) {
+      const mins2 = Math.floor(ms / 6e4);
+      const secs = Math.floor(ms % 6e4 / 1e3);
+      return `${mins2}m ${secs}s`;
+    }
+    const hours = Math.floor(ms / 36e5);
+    const mins = Math.floor(ms % 36e5 / 6e4);
+    return `${hours}h ${mins}m`;
+  }
+  /**
+   * Format cost
+   */
+  static formatCost(cost) {
+    if (cost < 0.01) return `$${(cost * 100).toFixed(2)}\xA2`;
+    if (cost < 1) return `$${cost.toFixed(3)}`;
+    return `$${cost.toFixed(2)}`;
+  }
+  /**
+   * Generate a one-line summary
+   */
+  static oneLine(metrics) {
+    const duration = this.formatDuration(metrics.duration);
+    const blockedPct = metrics.commandCount > 0 ? Math.round(metrics.blockedCount / metrics.commandCount * 100) : 0;
+    return `${metrics.commandCount} cmds (${blockedPct}% blocked) | risk: ${metrics.avgRiskScore.toFixed(1)}/10 | ${duration}`;
+  }
+};
+
+// src/safety/undo-stack.ts
+import { existsSync as existsSync4, unlinkSync, mkdirSync as mkdirSync3, copyFileSync, readdirSync, statSync } from "fs";
+import { join as join4, dirname } from "path";
+import { homedir as homedir4 } from "os";
+var DEFAULT_CONFIG = {
+  maxStackSize: 100,
+  maxFileSize: 10 * 1024 * 1024,
+  // 10MB
+  ttlMinutes: 60,
+  backupPath: join4(homedir4(), ".bashbros", "undo"),
+  enabled: true
+};
+var UndoStack = class {
+  stack = [];
+  sessionId;
+  config;
+  undoDir;
+  constructor(policy) {
+    this.config = { ...DEFAULT_CONFIG };
+    if (policy) {
+      if (typeof policy.maxStackSize === "number") this.config.maxStackSize = policy.maxStackSize;
+      if (typeof policy.maxFileSize === "number") this.config.maxFileSize = policy.maxFileSize;
+      if (typeof policy.ttlMinutes === "number") this.config.ttlMinutes = policy.ttlMinutes;
+      if (typeof policy.backupPath === "string") {
+        this.config.backupPath = policy.backupPath.replace("~", homedir4());
+      }
+      if (typeof policy.enabled === "boolean") this.config.enabled = policy.enabled;
+    }
+    this.undoDir = this.config.backupPath;
+    this.sessionId = Date.now().toString(36);
+    this.ensureUndoDir();
+    this.cleanupOldBackups();
+  }
+  ensureUndoDir() {
+    if (!existsSync4(this.undoDir)) {
+      mkdirSync3(this.undoDir, { recursive: true, mode: 448 });
+    }
+  }
+  /**
+   * Clean up backups older than TTL
+   */
+  cleanupOldBackups() {
+    if (!this.config.enabled || this.config.ttlMinutes <= 0) return 0;
+    const cutoff = Date.now() - this.config.ttlMinutes * 60 * 1e3;
+    let cleaned = 0;
+    try {
+      const files = readdirSync(this.undoDir);
+      for (const file of files) {
+        if (!file.endsWith(".backup")) continue;
+        const filePath = join4(this.undoDir, file);
+        try {
+          const stats = statSync(filePath);
+          if (stats.mtimeMs < cutoff) {
+            unlinkSync(filePath);
+            cleaned++;
+          }
+        } catch {
+        }
+      }
+    } catch {
+    }
+    return cleaned;
+  }
+  generateId() {
+    return `${this.sessionId}-${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 6)}`;
+  }
+  /**
+   * Check if undo is enabled
+   */
+  isEnabled() {
+    return this.config.enabled;
+  }
+  /**
+   * Record a file creation
+   */
+  recordCreate(path, command) {
+    const entry = {
+      id: this.generateId(),
+      timestamp: /* @__PURE__ */ new Date(),
+      path,
+      operation: "create",
+      command
+    };
+    this.push(entry);
+    return entry;
+  }
+  /**
+   * Record a file modification (backs up original)
+   */
+  recordModify(path, command) {
+    if (!this.config.enabled || !existsSync4(path)) {
+      return null;
+    }
+    const stats = statSync(path);
+    if (stats.size > this.config.maxFileSize) {
+      const entry = {
+        id: this.generateId(),
+        timestamp: /* @__PURE__ */ new Date(),
+        path,
+        operation: "modify",
+        command
+      };
+      this.push(entry);
+      return entry;
+    }
+    const id = this.generateId();
+    const backupPath = join4(this.undoDir, `${id}.backup`);
+    try {
+      copyFileSync(path, backupPath);
+      const entry = {
+        id,
+        timestamp: /* @__PURE__ */ new Date(),
+        path,
+        operation: "modify",
+        backupPath,
+        command
+      };
+      this.push(entry);
+      return entry;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Record a file deletion (backs up content)
+   */
+  recordDelete(path, command) {
+    if (!this.config.enabled || !existsSync4(path)) {
+      return null;
+    }
+    const stats = statSync(path);
+    if (stats.size > this.config.maxFileSize) {
+      const entry = {
+        id: this.generateId(),
+        timestamp: /* @__PURE__ */ new Date(),
+        path,
+        operation: "delete",
+        command
+      };
+      this.push(entry);
+      return entry;
+    }
+    const id = this.generateId();
+    const backupPath = join4(this.undoDir, `${id}.backup`);
+    try {
+      copyFileSync(path, backupPath);
+      const entry = {
+        id,
+        timestamp: /* @__PURE__ */ new Date(),
+        path,
+        operation: "delete",
+        backupPath,
+        command
+      };
+      this.push(entry);
+      return entry;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Auto-detect operation from command
+   */
+  recordFromCommand(command, paths) {
+    const entries = [];
+    const isCreate = /^(touch|mkdir|cp|mv|>|>>)/.test(command) || /^(echo|cat|printf).*>/.test(command);
+    const isDelete = /^rm\s/.test(command);
+    const isModify = /^(sed|awk|vim|vi|nano|code)\s/.test(command) || /^(echo|cat).*>>/.test(command);
+    for (const path of paths) {
+      let entry = null;
+      if (isDelete && existsSync4(path)) {
+        entry = this.recordDelete(path, command);
+      } else if (isModify && existsSync4(path)) {
+        entry = this.recordModify(path, command);
+      } else if (isCreate && !existsSync4(path)) {
+        entry = this.recordCreate(path, command);
+      }
+      if (entry) {
+        entries.push(entry);
+      }
+    }
+    return entries;
+  }
+  /**
+   * Undo the last operation
+   */
+  undo() {
+    const entry = this.stack.pop();
+    if (!entry) {
+      return { success: false, message: "Nothing to undo" };
+    }
+    return this.undoEntry(entry);
+  }
+  /**
+   * Undo a specific entry
+   */
+  undoEntry(entry) {
+    try {
+      switch (entry.operation) {
+        case "create":
+          if (existsSync4(entry.path)) {
+            unlinkSync(entry.path);
+            return {
+              success: true,
+              message: `Deleted created file: ${entry.path}`,
+              entry
+            };
+          }
+          return {
+            success: false,
+            message: `File already deleted: ${entry.path}`,
+            entry
+          };
+        case "modify":
+          if (entry.backupPath && existsSync4(entry.backupPath)) {
+            copyFileSync(entry.backupPath, entry.path);
+            return {
+              success: true,
+              message: `Restored: ${entry.path}`,
+              entry
+            };
+          }
+          return {
+            success: false,
+            message: `No backup available for: ${entry.path}`,
+            entry
+          };
+        case "delete":
+          if (entry.backupPath && existsSync4(entry.backupPath)) {
+            const dir = dirname(entry.path);
+            if (!existsSync4(dir)) {
+              mkdirSync3(dir, { recursive: true });
+            }
+            copyFileSync(entry.backupPath, entry.path);
+            return {
+              success: true,
+              message: `Restored deleted file: ${entry.path}`,
+              entry
+            };
+          }
+          return {
+            success: false,
+            message: `No backup available for: ${entry.path}`,
+            entry
+          };
+        default:
+          return {
+            success: false,
+            message: `Unknown operation: ${entry.operation}`,
+            entry
+          };
+      }
+    } catch (error) {
+      return {
+        success: false,
+        message: `Undo failed: ${error.message}`,
+        entry
+      };
+    }
+  }
+  /**
+   * Undo all operations in the session
+   */
+  undoAll() {
+    const results = [];
+    while (this.stack.length > 0) {
+      results.push(this.undo());
+    }
+    return results;
+  }
+  /**
+   * Get the undo stack
+   */
+  getStack() {
+    return [...this.stack];
+  }
+  /**
+   * Get stack size
+   */
+  size() {
+    return this.stack.length;
+  }
+  /**
+   * Clear the stack (and backups)
+   */
+  clear() {
+    for (const entry of this.stack) {
+      if (entry.backupPath && existsSync4(entry.backupPath)) {
+        try {
+          unlinkSync(entry.backupPath);
+        } catch {
+        }
+      }
+    }
+    this.stack = [];
+  }
+  /**
+   * Push entry to stack
+   */
+  push(entry) {
+    this.stack.push(entry);
+    if (this.stack.length > this.config.maxStackSize) {
+      const removed = this.stack.shift();
+      if (removed?.backupPath && existsSync4(removed.backupPath)) {
+        try {
+          unlinkSync(removed.backupPath);
+        } catch {
+        }
+      }
+    }
+  }
+  /**
+   * Format stack for display
+   */
+  formatStack() {
+    if (this.stack.length === 0) {
+      return "Undo stack is empty";
+    }
+    const lines = ["Undo Stack:", ""];
+    for (let i = this.stack.length - 1; i >= 0; i--) {
+      const entry = this.stack[i];
+      const hasBackup = entry.backupPath ? "\u2713" : "\u2717";
+      const time = entry.timestamp.toLocaleTimeString();
+      const op = entry.operation.padEnd(6);
+      lines.push(`${i + 1}. [${time}] ${op} ${entry.path} (backup: ${hasBackup})`);
+      if (entry.command) {
+        lines.push(`   \u2514\u2500 ${entry.command.slice(0, 60)}...`);
+      }
+    }
+    return lines.join("\n");
+  }
+};
+
+// src/policy/loop-detector.ts
+var DEFAULT_CONFIG2 = {
+  maxRepeats: 3,
+  maxTurns: 100,
+  similarityThreshold: 0.85,
+  cooldownMs: 1e3,
+  windowSize: 20
+};
+var LoopDetector = class {
+  config;
+  history = [];
+  turnCount = 0;
+  constructor(config = {}) {
+    this.config = { ...DEFAULT_CONFIG2, ...config };
+  }
+  /**
+   * Record a command and check for loops
+   */
+  check(command) {
+    const now = Date.now();
+    const normalized = this.normalize(command);
+    this.turnCount++;
+    if (this.turnCount >= this.config.maxTurns) {
+      return {
+        type: "max_turns",
+        command,
+        count: this.turnCount,
+        message: `Maximum turns reached (${this.config.maxTurns}). Session may be stuck.`
+      };
+    }
+    const exactMatches = this.history.filter((h) => h.command === command);
+    if (exactMatches.length >= this.config.maxRepeats) {
+      return {
+        type: "exact_repeat",
+        command,
+        count: exactMatches.length + 1,
+        message: `Command repeated ${exactMatches.length + 1} times: "${command.slice(0, 50)}..."`
+      };
+    }
+    const lastSame = exactMatches[exactMatches.length - 1];
+    if (lastSame && now - lastSame.timestamp < this.config.cooldownMs) {
+      return {
+        type: "exact_repeat",
+        command,
+        count: 2,
+        message: `Rapid repeat detected (${now - lastSame.timestamp}ms apart)`
+      };
+    }
+    const recentWindow = this.history.slice(-this.config.windowSize);
+    const similarCount = recentWindow.filter(
+      (h) => this.similarity(h.normalized, normalized) >= this.config.similarityThreshold
+    ).length;
+    if (similarCount >= this.config.maxRepeats) {
+      return {
+        type: "semantic_repeat",
+        command,
+        count: similarCount + 1,
+        message: `Similar commands repeated ${similarCount + 1} times`
+      };
+    }
+    const baseCommand = command.split(/\s+/)[0];
+    const toolCount = recentWindow.filter(
+      (h) => h.command.split(/\s+/)[0] === baseCommand
+    ).length;
+    if (toolCount >= this.config.maxRepeats * 2) {
+      return {
+        type: "tool_hammering",
+        command,
+        count: toolCount + 1,
+        message: `Tool "${baseCommand}" called ${toolCount + 1} times in last ${this.config.windowSize} commands`
+      };
+    }
+    this.history.push({ command, timestamp: now, normalized });
+    if (this.history.length > this.config.windowSize * 2) {
+      this.history = this.history.slice(-this.config.windowSize);
+    }
+    return null;
+  }
+  /**
+   * Normalize command for comparison
+   */
+  normalize(command) {
+    return command.toLowerCase().replace(/["']/g, "").replace(/\s+/g, " ").replace(/\d+/g, "N").replace(/[a-f0-9]{8,}/gi, "H").trim();
+  }
+  /**
+   * Calculate similarity between two strings (Jaccard index on words)
+   */
+  similarity(a, b) {
+    const wordsA = new Set(a.split(/\s+/));
+    const wordsB = new Set(b.split(/\s+/));
+    const intersection = new Set([...wordsA].filter((x) => wordsB.has(x)));
+    const union = /* @__PURE__ */ new Set([...wordsA, ...wordsB]);
+    if (union.size === 0) return 1;
+    return intersection.size / union.size;
+  }
+  /**
+   * Get current turn count
+   */
+  getTurnCount() {
+    return this.turnCount;
+  }
+  /**
+   * Get command frequency map
+   */
+  getFrequencyMap() {
+    const freq = /* @__PURE__ */ new Map();
+    for (const entry of this.history) {
+      const base = entry.command.split(/\s+/)[0];
+      freq.set(base, (freq.get(base) || 0) + 1);
+    }
+    return freq;
+  }
+  /**
+   * Reset detector state
+   */
+  reset() {
+    this.history = [];
+    this.turnCount = 0;
+  }
+  /**
+   * Get stats for reporting
+   */
+  getStats() {
+    const freq = this.getFrequencyMap();
+    const sorted = [...freq.entries()].sort((a, b) => b[1] - a[1]);
+    return {
+      turnCount: this.turnCount,
+      uniqueCommands: freq.size,
+      topCommands: sorted.slice(0, 5)
+    };
+  }
+};
+
+export {
+  BashgymIntegration,
+  getBashgymIntegration,
+  resetBashgymIntegration,
+  ClaudeCodeHooks,
+  gateCommand,
+  BashBros,
+  SystemProfiler,
+  TaskRouter,
+  CommandSuggester,
+  BackgroundWorker,
+  BashBro,
+  MetricsCollector,
+  CostEstimator,
+  ReportGenerator,
+  UndoStack,
+  LoopDetector
+};
+//# sourceMappingURL=chunk-43W3RVEL.js.map