bashbros 0.1.1 → 0.1.2

package/dist/cli.js

@@ -1,8 +1,11 @@
 #!/usr/bin/env node
+import {
+  DashboardDB
+} from "./chunk-YUMNBQAY.js";
 import {
   formatAllAgentsInfo,
   formatPermissionsTable
-} from "./chunk-WPJJZLT6.js";
+} from "./chunk-SQCP6IYB.js";
 import {
   BashBro,
   BashBros,
@@ -14,17 +17,18 @@ import {
   UndoStack,
   gateCommand,
   getBashgymIntegration
-} from "./chunk-VVSCAH2B.js";
+} from "./chunk-XCZMQRSX.js";
 import "./chunk-SG752FZC.js";
 import "./chunk-DLP2O6PN.js";
 import {
   findConfig,
   getDefaultConfig,
   loadConfig
-} from "./chunk-A535VV7N.js";
+} from "./chunk-BW6XCOJH.js";
+import "./chunk-QWZGB4V3.js";
 import {
   allowForSession
-} from "./chunk-GD5VNHIN.js";
+} from "./chunk-FRMAIRQ2.js";
 import {
   RiskScorer
 } from "./chunk-DEAF6PYM.js";
@@ -35,9 +39,6 @@ import {
 import {
   MoltbotHooks
 } from "./chunk-J37RHCFJ.js";
-import {
-  DashboardDB
-} from "./chunk-CSRPOGHY.js";
 import "./chunk-7OCVIDC7.js";
 
 // src/cli.ts
@@ -1014,7 +1015,7 @@ var EgressPatternMatcher = class {
 // src/policy/ward/egress.ts
 var DashboardDB2 = null;
 try {
-  const dbModule = await import("./db-EHQDB5OL.js");
+  const dbModule = await import("./db-OBKEXRTP.js");
   DashboardDB2 = dbModule.DashboardDB;
 } catch {
 }
@@ -1422,6 +1423,166 @@ ${passed} passed, ${failed} failed. Fix issues above.
 
 // src/watch.ts
 import chalk3 from "chalk";
+import { readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "fs";
+import { parse, stringify as stringify2 } from "yaml";
+
+// src/dashboard/writer.ts
+import { homedir as homedir4 } from "os";
+import { join as join4 } from "path";
+import { mkdirSync as mkdirSync2, existsSync as existsSync5 } from "fs";
+function getDefaultDbPath() {
+  const bashbrosDir = join4(homedir4(), ".bashbros");
+  if (!existsSync5(bashbrosDir)) {
+    mkdirSync2(bashbrosDir, { recursive: true });
+  }
+  return join4(bashbrosDir, "dashboard.db");
+}
+var DashboardWriter = class {
+  db;
+  sessionId = null;
+  commandCount = 0;
+  blockedCount = 0;
+  totalRiskScore = 0;
+  constructor(dbPath) {
+    const path = dbPath ?? getDefaultDbPath();
+    this.db = new DashboardDB(path);
+  }
+  /**
+   * Start a new watch session
+   */
+  startSession(agent, workingDir) {
+    this.sessionId = this.db.insertSession({
+      agent,
+      pid: process.pid,
+      workingDir
+    });
+    this.commandCount = 0;
+    this.blockedCount = 0;
+    this.totalRiskScore = 0;
+    return this.sessionId;
+  }
+  /**
+   * End the current session
+   */
+  endSession() {
+    if (!this.sessionId) return;
+    const avgRiskScore = this.commandCount > 0 ? this.totalRiskScore / this.commandCount : 0;
+    this.db.updateSession(this.sessionId, {
+      endTime: /* @__PURE__ */ new Date(),
+      status: "completed",
+      commandCount: this.commandCount,
+      blockedCount: this.blockedCount,
+      avgRiskScore
+    });
+    this.sessionId = null;
+  }
+  /**
+   * Mark session as crashed (for unexpected exits)
+   */
+  crashSession() {
+    if (!this.sessionId) return;
+    const avgRiskScore = this.commandCount > 0 ? this.totalRiskScore / this.commandCount : 0;
+    this.db.updateSession(this.sessionId, {
+      endTime: /* @__PURE__ */ new Date(),
+      status: "crashed",
+      commandCount: this.commandCount,
+      blockedCount: this.blockedCount,
+      avgRiskScore
+    });
+    this.sessionId = null;
+  }
+  /**
+   * Record a command execution
+   */
+  recordCommand(command, allowed, riskScore, violations, durationMs) {
+    if (!this.sessionId) return null;
+    const input = {
+      sessionId: this.sessionId,
+      command,
+      allowed,
+      riskScore: riskScore.score,
+      riskLevel: riskScore.level,
+      riskFactors: riskScore.factors,
+      durationMs,
+      violations: violations.map((v) => v.message)
+    };
+    const id = this.db.insertCommand(input);
+    this.commandCount++;
+    this.totalRiskScore += riskScore.score;
+    if (!allowed) {
+      this.blockedCount++;
+    }
+    if (this.commandCount % 10 === 0) {
+      const avgRiskScore = this.totalRiskScore / this.commandCount;
+      this.db.updateSession(this.sessionId, {
+        commandCount: this.commandCount,
+        blockedCount: this.blockedCount,
+        avgRiskScore
+      });
+    }
+    return id;
+  }
+  /**
+   * Record a Bash Bro AI event
+   */
+  recordBroEvent(input) {
+    const dbInput = {
+      sessionId: this.sessionId ?? void 0,
+      eventType: input.eventType,
+      inputContext: input.inputContext,
+      outputSummary: input.outputSummary,
+      modelUsed: input.modelUsed,
+      latencyMs: input.latencyMs,
+      success: input.success
+    };
+    return this.db.insertBroEvent(dbInput);
+  }
+  /**
+   * Update Bash Bro status
+   */
+  updateBroStatus(status) {
+    const dbInput = {
+      ollamaAvailable: status.ollamaAvailable,
+      ollamaModel: status.ollamaModel,
+      platform: status.platform,
+      shell: status.shell,
+      projectType: status.projectType
+    };
+    return this.db.updateBroStatus(dbInput);
+  }
+  /**
+   * Get current session ID
+   */
+  getSessionId() {
+    return this.sessionId;
+  }
+  /**
+   * Get current session stats
+   */
+  getSessionStats() {
+    return {
+      commandCount: this.commandCount,
+      blockedCount: this.blockedCount,
+      avgRiskScore: this.commandCount > 0 ? this.totalRiskScore / this.commandCount : 0
+    };
+  }
+  /**
+   * Close database connection
+   */
+  close() {
+    this.db.close();
+  }
+  /**
+   * Get the underlying database instance (for advanced use)
+   */
+  getDB() {
+    return this.db;
+  }
+};
+
+// src/watch.ts
+var dashboardWriter = null;
+var riskScorer = null;
 function cleanup() {
   if (process.stdin.isTTY) {
     process.stdin.setRawMode(false);
@@ -1440,7 +1601,24 @@ async function startWatch(options) {
   console.log(chalk3.dim("  Press Ctrl+C to stop"));
   console.log();
   const bashbros = new BashBros(configPath);
-  bashbros.on("blocked", (command, violations) => {
+  const config = bashbros.getConfig();
+  try {
+    dashboardWriter = new DashboardWriter();
+    riskScorer = new RiskScorer();
+    const sessionId = dashboardWriter.startSession(config.agent, process.cwd());
+    if (options.verbose) {
+      console.log(chalk3.dim(`  Session: ${sessionId}`));
+    }
+  } catch (error) {
+    if (options.verbose) {
+      console.log(chalk3.yellow("  Dashboard recording disabled"));
+    }
+  }
+  let pendingCommand = null;
+  let awaitingPromptResponse = false;
+  function showBlockedPrompt(command, violations) {
+    pendingCommand = command;
+    awaitingPromptResponse = true;
     console.log();
     console.log(chalk3.red("\u{1F6E1}\uFE0F  BashBros blocked a command"));
     console.log();
@@ -1448,12 +1626,72 @@ async function startWatch(options) {
     console.log(chalk3.dim("  Reason:"), violations[0].message);
     console.log(chalk3.dim("  Policy:"), violations[0].rule);
     console.log();
-    console.log(chalk3.dim("  To allow this command:"));
-    console.log(chalk3.cyan(`    bashbros allow "${command}" --once`));
-    console.log(chalk3.cyan(`    bashbros allow "${command}" --persist`));
-    console.log();
+    console.log(chalk3.yellow("  Allow this command?"));
+    console.log(chalk3.cyan("    [y]"), "Allow once");
+    console.log(chalk3.cyan("    [s]"), "Allow for session");
+    console.log(chalk3.cyan("    [p]"), "Allow permanently");
+    console.log(chalk3.cyan("    [n]"), "Block (default)");
+    process.stdout.write(chalk3.dim("\n  Choice: "));
+  }
+  function handlePromptResponse(choice) {
+    if (!pendingCommand) return;
+    const command = pendingCommand;
+    pendingCommand = null;
+    awaitingPromptResponse = false;
+    console.log(choice);
+    switch (choice.toLowerCase()) {
+      case "y":
+        console.log(chalk3.green("  \u2713 Allowed once"));
+        console.log();
+        bashbros.write(command + "\r");
+        break;
+      case "s":
+        allowForSession(command);
+        console.log(chalk3.green("  \u2713 Allowed for session"));
+        console.log();
+        bashbros.write(command + "\r");
+        break;
+      case "p":
+        try {
+          const content = readFileSync2(configPath, "utf-8");
+          const config2 = parse(content);
+          if (!config2.commands) {
+            config2.commands = { allow: [], block: [] };
+          }
+          if (!config2.commands.allow) {
+            config2.commands.allow = [];
+          }
+          if (!config2.commands.allow.includes(command)) {
+            config2.commands.allow.push(command);
+            writeFileSync2(configPath, stringify2(config2));
+          }
+          console.log(chalk3.green("  \u2713 Added to allowlist permanently"));
+          console.log();
+          bashbros.write(command + "\r");
+        } catch (error) {
+          console.log(chalk3.red("  \u2717 Failed to update config"));
+          console.log();
+        }
+        break;
+      case "n":
+      default:
+        console.log(chalk3.yellow("  \u2717 Blocked"));
+        console.log();
+        break;
+    }
+  }
+  bashbros.on("blocked", (command, violations) => {
+    if (dashboardWriter && riskScorer) {
+      const risk = riskScorer.score(command);
+      dashboardWriter.recordCommand(command, false, risk, violations, 0);
+    }
+    showBlockedPrompt(command, violations);
   });
   bashbros.on("allowed", (result) => {
+    if (dashboardWriter && riskScorer) {
+      const risk = riskScorer.score(result.command);
+      dashboardWriter.recordCommand(result.command, true, risk, [], result.duration);
+    }
     if (options.verbose) {
       console.log(chalk3.green("\u2713"), chalk3.dim(result.command));
     }
@@ -1465,6 +1703,10 @@ async function startWatch(options) {
     console.error(chalk3.red("Error:"), error.message);
   });
   bashbros.on("exit", (exitCode) => {
+    if (dashboardWriter) {
+      dashboardWriter.endSession();
+      dashboardWriter.close();
+    }
     cleanup();
     process.exit(exitCode ?? 0);
   });
@@ -1472,14 +1714,32 @@ async function startWatch(options) {
     cleanup();
     console.log();
     console.log(chalk3.yellow("Stopping BashBros..."));
+    if (dashboardWriter) {
+      dashboardWriter.endSession();
+      dashboardWriter.close();
+    }
     bashbros.stop();
     process.exit(0);
   });
   process.on("SIGTERM", () => {
     cleanup();
+    if (dashboardWriter) {
+      dashboardWriter.endSession();
+      dashboardWriter.close();
+    }
     bashbros.stop();
     process.exit(0);
   });
+  process.on("uncaughtException", (error) => {
+    console.error(chalk3.red("Unexpected error:"), error.message);
+    if (dashboardWriter) {
+      dashboardWriter.crashSession();
+      dashboardWriter.close();
+    }
+    cleanup();
+    bashbros.stop();
+    process.exit(1);
+  });
   bashbros.start();
   let commandBuffer = "";
   if (process.stdout.isTTY) {
@@ -1498,11 +1758,31 @@ async function startWatch(options) {
     const str = data.toString();
     for (const char of str) {
       const code = char.charCodeAt(0);
+      if (awaitingPromptResponse) {
+        if (code === 3) {
+          pendingCommand = null;
+          awaitingPromptResponse = false;
+          console.log(chalk3.yellow("Cancelled"));
+          console.log();
+        } else if (char === "\r" || char === "\n") {
+          handlePromptResponse("n");
+        } else if (code >= 32) {
+          handlePromptResponse(char);
+        }
+        continue;
+      }
       if (char === "\r" || char === "\n") {
         const command = commandBuffer.trim();
         commandBuffer = "";
         if (command) {
-          bashbros.execute(command);
+          const violations = bashbros.validateOnly(command);
+          if (violations.length > 0) {
+            bashbros.write("");
+            bashbros.write("\r");
+            bashbros.emit("blocked", command, violations);
+          } else {
+            bashbros.write("\r");
+          }
         } else {
           bashbros.write("\r");
         }
@@ -1533,8 +1813,8 @@ async function startWatch(options) {
 
 // src/allow.ts
 import chalk4 from "chalk";
-import { readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "fs";
-import { parse, stringify as stringify2 } from "yaml";
+import { readFileSync as readFileSync3, writeFileSync as writeFileSync3 } from "fs";
+import { parse as parse2, stringify as stringify3 } from "yaml";
 async function handleAllow(command, options) {
   if (options.once) {
     allowForSession(command);
@@ -1549,8 +1829,8 @@ async function handleAllow(command, options) {
       process.exit(1);
     }
     try {
-      const content = readFileSync2(configPath, "utf-8");
-      const config = parse(content);
+      const content = readFileSync3(configPath, "utf-8");
+      const config = parse2(content);
       if (!config.commands) {
         config.commands = { allow: [], block: [] };
       }
@@ -1559,7 +1839,7 @@ async function handleAllow(command, options) {
       }
       if (!config.commands.allow.includes(command)) {
         config.commands.allow.push(command);
-        writeFileSync2(configPath, stringify2(config));
+        writeFileSync3(configPath, stringify3(config));
         console.log(chalk4.green("\u2713"), `Added to allowlist: ${command}`);
         console.log(chalk4.dim(`  Updated ${configPath}`));
       } else {
@@ -1585,7 +1865,17 @@ import express from "express";
 import { WebSocketServer } from "ws";
 import { createServer } from "http";
 import { fileURLToPath } from "url";
-import { dirname, join as join4 } from "path";
+import { dirname, join as join5 } from "path";
+import { homedir as homedir5 } from "os";
+import { readFileSync as readFileSync4, writeFileSync as writeFileSync4, existsSync as existsSync6, mkdirSync as mkdirSync3 } from "fs";
+import { parse as parse3, stringify as stringify4 } from "yaml";
+function getDefaultDbPath2() {
+  const bashbrosDir = join5(homedir5(), ".bashbros");
+  if (!existsSync6(bashbrosDir)) {
+    mkdirSync3(bashbrosDir, { recursive: true });
+  }
+  return join5(bashbrosDir, "dashboard.db");
+}
 var DashboardServer = class {
   app;
   server = null;
@@ -1597,7 +1887,7 @@ var DashboardServer = class {
   constructor(config = {}) {
     this.port = config.port ?? 17800;
     this.bind = config.bind ?? "127.0.0.1";
-    this.db = new DashboardDB(config.dbPath ?? ":memory:");
+    this.db = new DashboardDB(config.dbPath ?? getDefaultDbPath2());
     this.app = express();
     this.setupMiddleware();
     this.setupRoutes();
@@ -1696,12 +1986,202 @@ var DashboardServer = class {
         res.status(500).json({ error: "Failed to deny block" });
       }
     });
+    this.app.get("/api/sessions", (req, res) => {
+      try {
+        const filter = {};
+        if (req.query.status) filter.status = req.query.status;
+        if (req.query.agent) filter.agent = req.query.agent;
+        if (req.query.limit) filter.limit = parseInt(req.query.limit, 10);
+        if (req.query.offset) filter.offset = parseInt(req.query.offset, 10);
+        if (req.query.since) filter.since = new Date(req.query.since);
+        if (req.query.until) filter.until = new Date(req.query.until);
+        const sessions = this.db.getSessions(filter);
+        res.json(sessions);
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch sessions" });
+      }
+    });
+    this.app.get("/api/sessions/active", (_req, res) => {
+      try {
+        const session = this.db.getActiveSession();
+        if (!session) {
+          res.json(null);
+          return;
+        }
+        res.json(session);
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch active session" });
+      }
+    });
+    this.app.get("/api/sessions/:id", (req, res) => {
+      try {
+        const session = this.db.getSession(req.params.id);
+        if (!session) {
+          res.status(404).json({ error: "Session not found" });
+          return;
+        }
+        res.json(session);
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch session" });
+      }
+    });
+    this.app.get("/api/sessions/:id/commands", (req, res) => {
+      try {
+        const limit = req.query.limit ? parseInt(req.query.limit, 10) : 100;
+        const commands = this.db.getCommandsBySession(req.params.id, limit);
+        res.json(commands);
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch session commands" });
+      }
+    });
+    this.app.get("/api/sessions/:id/metrics", (req, res) => {
+      try {
+        const session = this.db.getSession(req.params.id);
+        if (!session) {
+          res.status(404).json({ error: "Session not found" });
+          return;
+        }
+        const metrics = this.db.getSessionMetrics(req.params.id);
+        res.json(metrics);
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch session metrics" });
+      }
+    });
+    this.app.get("/api/commands/live", (req, res) => {
+      try {
+        const limit = req.query.limit ? parseInt(req.query.limit, 10) : 20;
+        const commands = this.db.getLiveCommands(limit);
+        res.json(commands);
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch live commands" });
+      }
+    });
+    this.app.get("/api/commands", (req, res) => {
+      try {
+        const filter = {};
+        if (req.query.sessionId) filter.sessionId = req.query.sessionId;
+        if (req.query.allowed !== void 0) filter.allowed = req.query.allowed === "true";
+        if (req.query.riskLevel) filter.riskLevel = req.query.riskLevel;
+        if (req.query.afterId) filter.afterId = req.query.afterId;
+        if (req.query.since) filter.since = new Date(req.query.since);
+        if (req.query.limit) filter.limit = parseInt(req.query.limit, 10);
+        if (req.query.offset) filter.offset = parseInt(req.query.offset, 10);
+        const commands = this.db.getCommands(filter);
+        res.json(commands);
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch commands" });
+      }
+    });
+    this.app.get("/api/bro/status", (_req, res) => {
+      try {
+        const status = this.db.getLatestBroStatus();
+        res.json(status);
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch Bro status" });
+      }
+    });
+    this.app.get("/api/bro/events", (req, res) => {
+      try {
+        const limit = req.query.limit ? parseInt(req.query.limit, 10) : 100;
+        const sessionId = req.query.sessionId;
+        const events = this.db.getBroEvents(limit, sessionId);
+        res.json(events);
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch Bro events" });
+      }
+    });
+    this.app.get("/api/bro/models", async (_req, res) => {
+      try {
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), 5e3);
+        const response = await fetch("http://localhost:11434/api/tags", {
+          signal: controller.signal
+        });
+        clearTimeout(timeout);
+        if (!response.ok) {
+          res.json({ available: false, models: [] });
+          return;
+        }
+        const data = await response.json();
+        const models = data.models?.map((m) => m.name) || [];
+        res.json({ available: true, models });
+      } catch (error) {
+        res.json({ available: false, models: [] });
+      }
+    });
+    this.app.post("/api/bro/model", (req, res) => {
+      try {
+        const { model } = req.body;
+        if (!model) {
+          res.status(400).json({ error: "Model name required" });
+          return;
+        }
+        const controlPath = join5(homedir5(), ".bashbros", "model-control.json");
+        writeFileSync4(controlPath, JSON.stringify({
+          model,
+          timestamp: (/* @__PURE__ */ new Date()).toISOString()
+        }), "utf-8");
+        res.json({ success: true, model });
+      } catch (error) {
+        res.status(500).json({ error: "Failed to change model" });
+      }
+    });
+    this.app.post("/api/bro/scan", (_req, res) => {
+      try {
+        const controlPath = join5(homedir5(), ".bashbros", "scan-control.json");
+        writeFileSync4(controlPath, JSON.stringify({
+          action: "scan",
+          timestamp: (/* @__PURE__ */ new Date()).toISOString()
+        }), "utf-8");
+        res.json({ success: true, message: "Scan requested" });
+      } catch (error) {
+        res.status(500).json({ error: "Failed to trigger scan" });
+      }
+    });
+    this.app.get("/api/exposures", (req, res) => {
+      try {
+        const limit = req.query.limit ? parseInt(req.query.limit, 10) : 100;
+        const exposures = this.db.getRecentExposures(limit);
+        res.json(exposures);
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch exposures" });
+      }
+    });
+    this.app.get("/api/config", (_req, res) => {
+      try {
+        const configPath = findConfig();
+        if (!configPath) {
+          res.status(404).json({ error: "No config file found" });
+          return;
+        }
+        const content = readFileSync4(configPath, "utf-8");
+        const config = parse3(content);
+        res.json(config);
+      } catch (error) {
+        res.status(500).json({ error: "Failed to load config" });
+      }
+    });
+    this.app.post("/api/config", (req, res) => {
+      try {
+        const configPath = findConfig();
+        if (!configPath) {
+          res.status(404).json({ error: "No config file found" });
+          return;
+        }
+        const config = req.body;
+        const content = stringify4(config);
+        writeFileSync4(configPath, content, "utf-8");
+        res.json({ success: true });
+      } catch (error) {
+        res.status(500).json({ error: "Failed to save config" });
+      }
+    });
     const __filename = fileURLToPath(import.meta.url);
     const __dirname = dirname(__filename);
-    const staticPath = join4(__dirname, "static");
+    const staticPath = join5(__dirname, "static");
     this.app.use(express.static(staticPath));
     this.app.get("/{*path}", (_req, res) => {
-      res.sendFile(join4(staticPath, "index.html"));
+      res.sendFile(join5(staticPath, "index.html"));
     });
   }
   setupWebSocket() {
@@ -1832,7 +2312,7 @@ program.command("scan").description("Scan your system and project environment").
   console.log(bro.getSystemContext());
   console.log();
   console.log(chalk5.bold("\n## Agent Configurations\n"));
-  const { formatAgentSummary } = await import("./display-HFIFXOOL.js");
+  const { formatAgentSummary } = await import("./display-6LZ2HBCU.js");
   const agents = await getAllAgentConfigs();
   console.log(formatAgentSummary(agents));
   console.log();
@@ -1962,8 +2442,8 @@ program.command("script <description>").description("Generate a shell script fro
   if (script) {
     console.log(chalk5.cyan(script));
     if (options.output) {
-      const { writeFileSync: writeFileSync3 } = await import("fs");
-      writeFileSync3(options.output, script, { mode: 493 });
+      const { writeFileSync: writeFileSync5 } = await import("fs");
+      writeFileSync5(options.output, script, { mode: 493 });
       console.log(chalk5.green(`
 \u2713 Saved to ${options.output}`));
     }
@@ -2191,7 +2671,7 @@ program.command("agent-info [agent]").description("Show detailed info about inst
       return;
     }
     const info = await getAgentConfigInfo(agent);
-    const { formatAgentInfo: formatAgentInfo2 } = await import("./display-HFIFXOOL.js");
+    const { formatAgentInfo: formatAgentInfo2 } = await import("./display-6LZ2HBCU.js");
     console.log();
     console.log(formatAgentInfo2(info));
     if (options.raw && info.configExists && info.configPath) {
@@ -2223,11 +2703,78 @@ program.command("permissions").description("Show combined permissions view acros
   console.log(formatPermissionsTable(agents));
   console.log();
 });
-program.command("gate <command>").description("Check if a command should be allowed (used by hooks)").action(async (command) => {
+program.command("gate <command>").description("Check if a command should be allowed (used by hooks)").option("-y, --yes", "Skip interactive prompt and block").action(async (command, options) => {
   const result = await gateCommand(command);
   if (!result.allowed) {
-    console.error(`BLOCKED: ${result.reason}`);
-    process.exit(2);
+    if (process.stdin.isTTY && !options.yes) {
+      const { allowForSession: allowForSession2 } = await import("./session-Y4MICATZ.js");
+      const { readFileSync: readFileSync5, writeFileSync: writeFileSync5 } = await import("fs");
+      const { parse: parse4, stringify: stringify5 } = await import("yaml");
+      const { findConfig: findConfig2 } = await import("./config-JLLOTFLI.js");
+      console.error();
+      console.error(chalk5.red("\u{1F6E1}\uFE0F  BashBros blocked a command"));
+      console.error();
+      console.error(chalk5.dim("  Command:"), command);
+      console.error(chalk5.dim("  Reason:"), result.reason);
+      console.error();
+      console.error(chalk5.yellow("  Allow this command?"));
+      console.error(chalk5.cyan("    [y]"), "Allow once");
+      console.error(chalk5.cyan("    [s]"), "Allow for session");
+      console.error(chalk5.cyan("    [p]"), "Allow permanently");
+      console.error(chalk5.cyan("    [n]"), "Block (default)");
+      process.stderr.write(chalk5.dim("\n  Choice: "));
+      const choice = await new Promise((resolve) => {
+        if (process.stdin.isTTY) {
+          process.stdin.setRawMode(true);
+        }
+        process.stdin.resume();
+        process.stdin.once("data", (data) => {
+          if (process.stdin.isTTY) {
+            process.stdin.setRawMode(false);
+          }
+          const char = data.toString().toLowerCase();
+          console.error(char);
+          resolve(char);
+        });
+      });
+      switch (choice) {
+        case "y":
+          console.error(chalk5.green("  \u2713 Allowed once"));
+          process.exit(0);
+          break;
+        case "s":
+          allowForSession2(command);
+          console.error(chalk5.green("  \u2713 Allowed for session"));
+          process.exit(0);
+          break;
+        case "p":
+          try {
+            const configPath = findConfig2();
+            if (configPath) {
+              const content = readFileSync5(configPath, "utf-8");
+              const config = parse4(content);
+              if (!config.commands) config.commands = { allow: [], block: [] };
+              if (!config.commands.allow) config.commands.allow = [];
+              if (!config.commands.allow.includes(command)) {
+                config.commands.allow.push(command);
+                writeFileSync5(configPath, stringify5(config));
+              }
+              console.error(chalk5.green("  \u2713 Added to allowlist permanently"));
+              process.exit(0);
+            }
+          } catch {
+            console.error(chalk5.red("  \u2717 Failed to update config"));
+          }
+          process.exit(2);
+          break;
+        default:
+          console.error(chalk5.yellow("  \u2717 Blocked"));
+          process.exit(2);
+      }
+    } else {
+      console.error(`Blocked: ${result.reason}`);
+      process.exit(2);
+    }
   }
   process.exit(0);
 });