bashbros 0.1.2 → 0.1.4

package/dist/cli.js

@@ -1,30 +1,54 @@
 #!/usr/bin/env node
-import {
-  DashboardDB
-} from "./chunk-YUMNBQAY.js";
 import {
   formatAllAgentsInfo,
   formatPermissionsTable
-} from "./chunk-SQCP6IYB.js";
+} from "./chunk-CG6VEHJM.js";
+import {
+  GeminiCLIHooks
+} from "./chunk-T5ONCUHZ.js";
+import {
+  CopilotCLIHooks
+} from "./chunk-SDN6TAGD.js";
+import {
+  OpenCodeHooks
+} from "./chunk-IUUBCPMV.js";
+import {
+  formatRedactedConfig,
+  parseAgentConfig
+} from "./chunk-ID2O2QTI.js";
+import {
+  DashboardWriter
+} from "./chunk-KYDMPE4N.js";
 import {
+  ContextStore
+} from "./chunk-J6ONXY6N.js";
+import {
+  AnomalyDetector,
   BashBro,
   BashBros,
-  ClaudeCodeHooks,
   CostEstimator,
   LoopDetector,
-  MetricsCollector,
+  OutputScanner,
   ReportGenerator,
   UndoStack,
-  gateCommand,
   getBashgymIntegration
-} from "./chunk-XCZMQRSX.js";
+} from "./chunk-7OEWYFN3.js";
+import {
+  ClaudeCodeHooks,
+  gateCommand
+} from "./chunk-LZYW7XQO.js";
+import {
+  MoltbotHooks
+} from "./chunk-J37RHCFJ.js";
 import "./chunk-SG752FZC.js";
-import "./chunk-DLP2O6PN.js";
+import "./chunk-EMLEJVJZ.js";
+import "./chunk-4XZ64P4V.js";
+import "./chunk-LJE4EPIU.js";
 import {
   findConfig,
   getDefaultConfig,
   loadConfig
-} from "./chunk-BW6XCOJH.js";
+} from "./chunk-RTZ4QWG2.js";
 import "./chunk-QWZGB4V3.js";
 import {
   allowForSession
@@ -33,12 +57,8 @@ import {
   RiskScorer
 } from "./chunk-DEAF6PYM.js";
 import {
-  formatRedactedConfig,
-  parseAgentConfig
-} from "./chunk-ID2O2QTI.js";
-import {
-  MoltbotHooks
-} from "./chunk-J37RHCFJ.js";
+  DashboardDB
+} from "./chunk-RDNSS3ME.js";
 import "./chunk-7OCVIDC7.js";
 
 // src/cli.ts
@@ -66,6 +86,7 @@ async function runOnboarding() {
         { name: "Moltbot (clawd.bot)", value: "moltbot" },
         { name: "Clawdbot (legacy)", value: "clawdbot" },
         { name: "Gemini CLI", value: "gemini-cli" },
+        { name: "Copilot CLI", value: "copilot-cli" },
         { name: "Aider", value: "aider" },
         { name: "OpenCode", value: "opencode" },
         { name: "Other (custom)", value: "custom" }
@@ -294,6 +315,9 @@ var AGENT_CONFIG_PATHS = {
   "gemini-cli": [
     join2(homedir2(), ".config", "gemini-cli", "config.json")
   ],
+  "copilot-cli": [
+    join2(homedir2(), ".config", "github-copilot", "config.json")
+  ],
   "opencode": [
     join2(homedir2(), ".opencode", "config.yml"),
     join2(homedir2(), ".config", "opencode", "config.yml")
@@ -306,6 +330,7 @@ var AGENT_COMMANDS = {
   "moltbot": "moltbot",
   "aider": "aider",
   "gemini-cli": "gemini",
+  "copilot-cli": "copilot",
   "opencode": "opencode",
   "custom": ""
 };
@@ -1015,7 +1040,7 @@ var EgressPatternMatcher = class {
 // src/policy/ward/egress.ts
 var DashboardDB2 = null;
 try {
-  const dbModule = await import("./db-OBKEXRTP.js");
+  const dbModule = await import("./db-ETWTBXAE.js");
   DashboardDB2 = dbModule.DashboardDB;
 } catch {
 }
@@ -1425,169 +1450,31 @@ ${passed} passed, ${failed} failed. Fix issues above.
 import chalk3 from "chalk";
 import { readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "fs";
 import { parse, stringify as stringify2 } from "yaml";
-
-// src/dashboard/writer.ts
-import { homedir as homedir4 } from "os";
-import { join as join4 } from "path";
-import { mkdirSync as mkdirSync2, existsSync as existsSync5 } from "fs";
-function getDefaultDbPath() {
-  const bashbrosDir = join4(homedir4(), ".bashbros");
-  if (!existsSync5(bashbrosDir)) {
-    mkdirSync2(bashbrosDir, { recursive: true });
-  }
-  return join4(bashbrosDir, "dashboard.db");
-}
-var DashboardWriter = class {
-  db;
-  sessionId = null;
-  commandCount = 0;
-  blockedCount = 0;
-  totalRiskScore = 0;
-  constructor(dbPath) {
-    const path = dbPath ?? getDefaultDbPath();
-    this.db = new DashboardDB(path);
-  }
-  /**
-   * Start a new watch session
-   */
-  startSession(agent, workingDir) {
-    this.sessionId = this.db.insertSession({
-      agent,
-      pid: process.pid,
-      workingDir
-    });
-    this.commandCount = 0;
-    this.blockedCount = 0;
-    this.totalRiskScore = 0;
-    return this.sessionId;
-  }
-  /**
-   * End the current session
-   */
-  endSession() {
-    if (!this.sessionId) return;
-    const avgRiskScore = this.commandCount > 0 ? this.totalRiskScore / this.commandCount : 0;
-    this.db.updateSession(this.sessionId, {
-      endTime: /* @__PURE__ */ new Date(),
-      status: "completed",
-      commandCount: this.commandCount,
-      blockedCount: this.blockedCount,
-      avgRiskScore
-    });
-    this.sessionId = null;
-  }
-  /**
-   * Mark session as crashed (for unexpected exits)
-   */
-  crashSession() {
-    if (!this.sessionId) return;
-    const avgRiskScore = this.commandCount > 0 ? this.totalRiskScore / this.commandCount : 0;
-    this.db.updateSession(this.sessionId, {
-      endTime: /* @__PURE__ */ new Date(),
-      status: "crashed",
-      commandCount: this.commandCount,
-      blockedCount: this.blockedCount,
-      avgRiskScore
-    });
-    this.sessionId = null;
-  }
-  /**
-   * Record a command execution
-   */
-  recordCommand(command, allowed, riskScore, violations, durationMs) {
-    if (!this.sessionId) return null;
-    const input = {
-      sessionId: this.sessionId,
-      command,
-      allowed,
-      riskScore: riskScore.score,
-      riskLevel: riskScore.level,
-      riskFactors: riskScore.factors,
-      durationMs,
-      violations: violations.map((v) => v.message)
-    };
-    const id = this.db.insertCommand(input);
-    this.commandCount++;
-    this.totalRiskScore += riskScore.score;
-    if (!allowed) {
-      this.blockedCount++;
-    }
-    if (this.commandCount % 10 === 0) {
-      const avgRiskScore = this.totalRiskScore / this.commandCount;
-      this.db.updateSession(this.sessionId, {
-        commandCount: this.commandCount,
-        blockedCount: this.blockedCount,
-        avgRiskScore
-      });
-    }
-    return id;
-  }
-  /**
-   * Record a Bash Bro AI event
-   */
-  recordBroEvent(input) {
-    const dbInput = {
-      sessionId: this.sessionId ?? void 0,
-      eventType: input.eventType,
-      inputContext: input.inputContext,
-      outputSummary: input.outputSummary,
-      modelUsed: input.modelUsed,
-      latencyMs: input.latencyMs,
-      success: input.success
-    };
-    return this.db.insertBroEvent(dbInput);
-  }
-  /**
-   * Update Bash Bro status
-   */
-  updateBroStatus(status) {
-    const dbInput = {
-      ollamaAvailable: status.ollamaAvailable,
-      ollamaModel: status.ollamaModel,
-      platform: status.platform,
-      shell: status.shell,
-      projectType: status.projectType
-    };
-    return this.db.updateBroStatus(dbInput);
-  }
-  /**
-   * Get current session ID
-   */
-  getSessionId() {
-    return this.sessionId;
-  }
-  /**
-   * Get current session stats
-   */
-  getSessionStats() {
-    return {
-      commandCount: this.commandCount,
-      blockedCount: this.blockedCount,
-      avgRiskScore: this.commandCount > 0 ? this.totalRiskScore / this.commandCount : 0
-    };
-  }
-  /**
-   * Close database connection
-   */
-  close() {
-    this.db.close();
-  }
-  /**
-   * Get the underlying database instance (for advanced use)
-   */
-  getDB() {
-    return this.db;
-  }
-};
-
-// src/watch.ts
 var dashboardWriter = null;
 var riskScorer = null;
+var contextStore = null;
+var contextCommandCount = 0;
+var contextSessionStartTime = null;
 function cleanup() {
   if (process.stdin.isTTY) {
     process.stdin.setRawMode(false);
   }
 }
+function finalizeContextStore(agent) {
+  if (!contextStore) return;
+  try {
+    contextStore.writeSession({
+      id: `${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
+      agent,
+      startTime: contextSessionStartTime || (/* @__PURE__ */ new Date()).toISOString(),
+      endTime: (/* @__PURE__ */ new Date()).toISOString(),
+      commandCount: contextCommandCount,
+      summary: `Watch session with ${contextCommandCount} commands`
+    });
+    contextStore.updateIndex();
+  } catch {
+  }
+}
 async function startWatch(options) {
   const configPath = findConfig();
   if (!configPath) {
@@ -1602,6 +1489,7 @@ async function startWatch(options) {
   console.log();
   const bashbros = new BashBros(configPath);
   const config = bashbros.getConfig();
+  const fullConfig = loadConfig(configPath);
   try {
     dashboardWriter = new DashboardWriter();
     riskScorer = new RiskScorer();
@@ -1614,6 +1502,33 @@ async function startWatch(options) {
       console.log(chalk3.yellow("  Dashboard recording disabled"));
     }
   }
+  try {
+    contextStore = new ContextStore(process.cwd());
+    contextStore.initialize();
+    contextSessionStartTime = (/* @__PURE__ */ new Date()).toISOString();
+    contextCommandCount = 0;
+    if (options.verbose) {
+      console.log(chalk3.dim("  Context store initialized"));
+    }
+  } catch (error) {
+    if (options.verbose) {
+      console.log(chalk3.yellow("  Context store disabled"));
+    }
+  }
+  const loopDetector2 = new LoopDetector(fullConfig.loopDetection);
+  const anomalyDetector = new AnomalyDetector({
+    workingHours: fullConfig.anomalyDetection.workingHours,
+    typicalCommandsPerMinute: fullConfig.anomalyDetection.typicalCommandsPerMinute,
+    suspiciousPatterns: fullConfig.anomalyDetection.suspiciousPatterns.map((p) => {
+      try {
+        return new RegExp(p, "i");
+      } catch {
+        return null;
+      }
+    }).filter((p) => p !== null),
+    enabled: fullConfig.anomalyDetection.enabled
+  });
+  const outputScanner = fullConfig.outputScanning.enabled ? new OutputScanner(fullConfig.outputScanning) : null;
   let pendingCommand = null;
   let awaitingPromptResponse = false;
   function showBlockedPrompt(command, violations) {
@@ -1653,6 +1568,11 @@ async function startWatch(options) {
         break;
       case "p":
         try {
+          if (!configPath) {
+            console.log(chalk3.red("  \u2717 No config file found"));
+            console.log();
+            break;
+          }
           const content = readFileSync2(configPath, "utf-8");
           const config2 = parse(content);
           if (!config2.commands) {
@@ -1692,14 +1612,50 @@ async function startWatch(options) {
       const risk = riskScorer.score(result.command);
       dashboardWriter.recordCommand(result.command, true, risk, [], result.duration);
     }
+    if (contextStore) {
+      try {
+        contextStore.appendCommand({
+          command: result.command,
+          output: (result.output || "").slice(0, 500),
+          agent: config.agent,
+          exitCode: result.exitCode ?? 0,
+          cwd: process.cwd()
+        });
+        contextCommandCount++;
+      } catch {
+      }
+    }
     if (options.verbose) {
       console.log(chalk3.green("\u2713"), chalk3.dim(result.command));
     }
   });
   bashbros.on("output", (data) => {
+    if (outputScanner) {
+      try {
+        const text = typeof data === "string" ? data : data.toString();
+        const scanResult = outputScanner.scan(text);
+        if (scanResult.hasSecrets) {
+          for (const f of scanResult.findings.filter((f2) => f2.type === "secret")) {
+            process.stderr.write(chalk3.yellow(`[BashBros] Output warning: ${f.message}`) + "\n");
+          }
+        }
+      } catch {
+      }
+    }
     process.stdout.write(data);
   });
   bashbros.on("error", (error) => {
+    if (contextStore) {
+      try {
+        contextStore.appendError({
+          command: "",
+          error: error.message,
+          agent: config.agent,
+          resolved: false
+        });
+      } catch {
+      }
+    }
     console.error(chalk3.red("Error:"), error.message);
   });
   bashbros.on("exit", (exitCode) => {
@@ -1707,6 +1663,7 @@ async function startWatch(options) {
       dashboardWriter.endSession();
       dashboardWriter.close();
     }
+    finalizeContextStore(config.agent);
     cleanup();
     process.exit(exitCode ?? 0);
   });
@@ -1718,6 +1675,7 @@ async function startWatch(options) {
       dashboardWriter.endSession();
       dashboardWriter.close();
     }
+    finalizeContextStore(config.agent);
     bashbros.stop();
     process.exit(0);
   });
@@ -1727,6 +1685,7 @@ async function startWatch(options) {
       dashboardWriter.endSession();
       dashboardWriter.close();
     }
+    finalizeContextStore(config.agent);
     bashbros.stop();
     process.exit(0);
   });
@@ -1736,6 +1695,7 @@ async function startWatch(options) {
       dashboardWriter.crashSession();
       dashboardWriter.close();
     }
+    finalizeContextStore(config.agent);
     cleanup();
     bashbros.stop();
     process.exit(1);
@@ -1776,6 +1736,48 @@ async function startWatch(options) {
         commandBuffer = "";
         if (command) {
           const violations = bashbros.validateOnly(command);
+          if (violations.length === 0 && riskScorer && fullConfig.riskScoring.enabled) {
+            const risk = riskScorer.score(command);
+            if (risk.score >= fullConfig.riskScoring.blockThreshold) {
+              violations.push({
+                type: "risk_score",
+                rule: "risk_threshold",
+                message: `Risk score ${risk.score} >= block threshold ${fullConfig.riskScoring.blockThreshold}: ${risk.factors.join(", ")}`
+              });
+            } else if (risk.score >= fullConfig.riskScoring.warnThreshold) {
+              process.stderr.write(chalk3.yellow(`[BashBros] Warning: risk score ${risk.score} (${risk.factors.join(", ")})`) + "\n");
+            }
+          }
+          if (violations.length === 0 && fullConfig.loopDetection.enabled) {
+            const loopAlert = loopDetector2.check(command);
+            if (loopAlert) {
+              if (fullConfig.loopDetection.action === "block") {
+                violations.push({
+                  type: "loop",
+                  rule: loopAlert.type,
+                  message: loopAlert.message
+                });
+              } else {
+                process.stderr.write(chalk3.yellow(`[BashBros] Loop warning: ${loopAlert.message}`) + "\n");
+              }
+            }
+          }
+          if (violations.length === 0 && fullConfig.anomalyDetection.enabled) {
+            const anomalies = anomalyDetector.check(command);
+            const significant = anomalies.filter((a) => a.severity === "warning" || a.severity === "alert");
+            if (significant.length > 0) {
+              const msg = significant.map((a) => a.message).join("; ");
+              if (fullConfig.anomalyDetection.action === "block") {
+                violations.push({
+                  type: "anomaly",
+                  rule: "anomaly_detection",
+                  message: `Anomaly: ${msg}`
+                });
+              } else {
+                process.stderr.write(chalk3.yellow(`[BashBros] Anomaly: ${msg}`) + "\n");
+              }
+            }
+          }
           if (violations.length > 0) {
             bashbros.write("");
             bashbros.write("\r");
@@ -1865,16 +1867,16 @@ import express from "express";
 import { WebSocketServer } from "ws";
 import { createServer } from "http";
 import { fileURLToPath } from "url";
-import { dirname, join as join5 } from "path";
-import { homedir as homedir5 } from "os";
-import { readFileSync as readFileSync4, writeFileSync as writeFileSync4, existsSync as existsSync6, mkdirSync as mkdirSync3 } from "fs";
+import { dirname, join as join4 } from "path";
+import { homedir as homedir4 } from "os";
+import { readFileSync as readFileSync4, writeFileSync as writeFileSync4, existsSync as existsSync5, mkdirSync as mkdirSync2 } from "fs";
 import { parse as parse3, stringify as stringify4 } from "yaml";
-function getDefaultDbPath2() {
-  const bashbrosDir = join5(homedir5(), ".bashbros");
-  if (!existsSync6(bashbrosDir)) {
-    mkdirSync3(bashbrosDir, { recursive: true });
+function getDefaultDbPath() {
+  const bashbrosDir = join4(homedir4(), ".bashbros");
+  if (!existsSync5(bashbrosDir)) {
+    mkdirSync2(bashbrosDir, { recursive: true });
   }
-  return join5(bashbrosDir, "dashboard.db");
+  return join4(bashbrosDir, "dashboard.db");
 }
 var DashboardServer = class {
   app;
@@ -1887,7 +1889,7 @@ var DashboardServer = class {
   constructor(config = {}) {
     this.port = config.port ?? 17800;
     this.bind = config.bind ?? "127.0.0.1";
-    this.db = new DashboardDB(config.dbPath ?? getDefaultDbPath2());
+    this.db = new DashboardDB(config.dbPath ?? getDefaultDbPath());
     this.app = express();
     this.setupMiddleware();
     this.setupRoutes();
@@ -1896,7 +1898,7 @@ var DashboardServer = class {
     this.app.use(express.json());
     this.app.use((_req, res, next) => {
       res.header("Access-Control-Allow-Origin", "*");
-      res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
+      res.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
       res.header("Access-Control-Allow-Headers", "Content-Type");
       next();
     });
@@ -1940,7 +1942,7 @@ var DashboardServer = class {
     this.app.get("/api/connectors/:name/events", (req, res) => {
       try {
         const limit = req.query.limit ? parseInt(req.query.limit, 10) : 100;
-        const events = this.db.getConnectorEvents(req.params.name, limit);
+        const events = this.db.getConnectorEvents(String(req.params.name), limit);
         res.json(events);
       } catch (error) {
         res.status(500).json({ error: "Failed to fetch connector events" });
@@ -1956,7 +1958,7 @@ var DashboardServer = class {
     });
     this.app.post("/api/blocked/:id/approve", (req, res) => {
       try {
-        const { id } = req.params;
+        const id = String(req.params.id);
         const approvedBy = req.body?.approvedBy ?? "dashboard-user";
         const block = this.db.getBlock(id);
         if (!block) {
@@ -1972,7 +1974,7 @@ var DashboardServer = class {
     });
     this.app.post("/api/blocked/:id/deny", (req, res) => {
       try {
-        const { id } = req.params;
+        const id = String(req.params.id);
         const deniedBy = req.body?.deniedBy ?? "dashboard-user";
         const block = this.db.getBlock(id);
         if (!block) {
@@ -2013,9 +2015,17 @@ var DashboardServer = class {
         res.status(500).json({ error: "Failed to fetch active session" });
       }
     });
+    this.app.get("/api/sessions/active-all", (_req, res) => {
+      try {
+        const sessions = this.db.getActiveSessions();
+        res.json(sessions);
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch active sessions" });
+      }
+    });
     this.app.get("/api/sessions/:id", (req, res) => {
       try {
-        const session = this.db.getSession(req.params.id);
+        const session = this.db.getSession(String(req.params.id));
         if (!session) {
           res.status(404).json({ error: "Session not found" });
           return;
@@ -2028,7 +2038,7 @@ var DashboardServer = class {
     this.app.get("/api/sessions/:id/commands", (req, res) => {
       try {
         const limit = req.query.limit ? parseInt(req.query.limit, 10) : 100;
-        const commands = this.db.getCommandsBySession(req.params.id, limit);
+        const commands = this.db.getCommandsBySession(String(req.params.id), limit);
         res.json(commands);
       } catch (error) {
         res.status(500).json({ error: "Failed to fetch session commands" });
@@ -2036,12 +2046,12 @@ var DashboardServer = class {
     });
     this.app.get("/api/sessions/:id/metrics", (req, res) => {
       try {
-        const session = this.db.getSession(req.params.id);
+        const session = this.db.getSession(String(req.params.id));
         if (!session) {
           res.status(404).json({ error: "Session not found" });
           return;
         }
-        const metrics = this.db.getSessionMetrics(req.params.id);
+        const metrics = this.db.getSessionMetrics(String(req.params.id));
         res.json(metrics);
       } catch (error) {
         res.status(500).json({ error: "Failed to fetch session metrics" });
@@ -2050,8 +2060,16 @@ var DashboardServer = class {
     this.app.get("/api/commands/live", (req, res) => {
       try {
         const limit = req.query.limit ? parseInt(req.query.limit, 10) : 20;
-        const commands = this.db.getLiveCommands(limit);
-        res.json(commands);
+        if (req.query.sessionId) {
+          const commands = this.db.getCommands({
+            sessionId: req.query.sessionId,
+            limit
+          });
+          res.json(commands);
+        } else {
+          const commands = this.db.getLiveCommands(limit);
+          res.json(commands);
+        }
       } catch (error) {
         res.status(500).json({ error: "Failed to fetch live commands" });
       }
@@ -2072,6 +2090,37 @@ var DashboardServer = class {
         res.status(500).json({ error: "Failed to fetch commands" });
       }
     });
+    this.app.get("/api/tools/live", (req, res) => {
+      try {
+        const limit = req.query.limit ? parseInt(req.query.limit, 10) : 50;
+        const tools = this.db.getLiveToolUses(limit);
+        res.json(tools);
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch live tool uses" });
+      }
+    });
+    this.app.get("/api/tools", (req, res) => {
+      try {
+        const filter = {};
+        if (req.query.toolName) filter.toolName = req.query.toolName;
+        if (req.query.sessionId) filter.sessionId = req.query.sessionId;
+        if (req.query.since) filter.since = new Date(req.query.since);
+        if (req.query.limit) filter.limit = parseInt(req.query.limit, 10);
+        if (req.query.offset) filter.offset = parseInt(req.query.offset, 10);
+        const tools = this.db.getToolUses(filter);
+        res.json(tools);
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch tool uses" });
+      }
+    });
+    this.app.get("/api/tools/stats", (_req, res) => {
+      try {
+        const stats = this.db.getToolUseStats();
+        res.json(stats);
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch tool use stats" });
+      }
+    });
     this.app.get("/api/bro/status", (_req, res) => {
       try {
         const status = this.db.getLatestBroStatus();
@@ -2116,7 +2165,7 @@ var DashboardServer = class {
           res.status(400).json({ error: "Model name required" });
           return;
         }
-        const controlPath = join5(homedir5(), ".bashbros", "model-control.json");
+        const controlPath = join4(homedir4(), ".bashbros", "model-control.json");
         writeFileSync4(controlPath, JSON.stringify({
           model,
           timestamp: (/* @__PURE__ */ new Date()).toISOString()
@@ -2128,7 +2177,7 @@ var DashboardServer = class {
     });
     this.app.post("/api/bro/scan", (_req, res) => {
       try {
-        const controlPath = join5(homedir5(), ".bashbros", "scan-control.json");
+        const controlPath = join4(homedir4(), ".bashbros", "scan-control.json");
         writeFileSync4(controlPath, JSON.stringify({
           action: "scan",
           timestamp: (/* @__PURE__ */ new Date()).toISOString()
@@ -2138,6 +2187,217 @@ var DashboardServer = class {
         res.status(500).json({ error: "Failed to trigger scan" });
       }
     });
+    this.app.get("/api/bro/models/running", async (_req, res) => {
+      try {
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), 5e3);
+        const response = await fetch("http://localhost:11434/api/ps", { signal: controller.signal });
+        clearTimeout(timeout);
+        if (!response.ok) {
+          res.json({ models: [] });
+          return;
+        }
+        const data = await response.json();
+        res.json(data);
+      } catch {
+        res.json({ models: [] });
+      }
+    });
+    this.app.get("/api/bro/models/:name", async (req, res) => {
+      try {
+        const name = decodeURIComponent(String(req.params.name));
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), 5e3);
+        const response = await fetch("http://localhost:11434/api/show", {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ name }),
+          signal: controller.signal
+        });
+        clearTimeout(timeout);
+        if (!response.ok) {
+          res.status(404).json({ error: "Model not found" });
+          return;
+        }
+        res.json(await response.json());
+      } catch {
+        res.status(500).json({ error: "Failed to fetch model details" });
+      }
+    });
+    this.app.post("/api/bro/models/pull", async (req, res) => {
+      try {
+        const { name } = req.body;
+        if (!name) {
+          res.status(400).json({ error: "Model name required" });
+          return;
+        }
+        this.broadcast({ type: "model:pull:start", name });
+        const response = await fetch("http://localhost:11434/api/pull", {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ name, stream: false })
+        });
+        if (response.ok) {
+          this.broadcast({ type: "model:pull:complete", name });
+          res.json({ success: true });
+        } else {
+          this.broadcast({ type: "model:pull:error", name });
+          res.status(500).json({ error: "Pull failed" });
+        }
+      } catch {
+        res.status(500).json({ error: "Failed to pull model" });
+      }
+    });
+    this.app.delete("/api/bro/models/:name", async (req, res) => {
+      try {
+        const name = decodeURIComponent(String(req.params.name));
+        const response = await fetch("http://localhost:11434/api/delete", {
+          method: "DELETE",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ name })
+        });
+        res.json({ success: response.ok });
+      } catch {
+        res.status(500).json({ error: "Failed to delete model" });
+      }
+    });
+    this.app.get("/api/bro/adapters", async (_req, res) => {
+      try {
+        const { AdapterRegistry } = await import("./adapters-JAZGGNVP.js");
+        const registry = new AdapterRegistry();
+        res.json(registry.discover());
+      } catch {
+        res.json([]);
+      }
+    });
+    this.app.get("/api/bro/adapters/events", (_req, res) => {
+      try {
+        res.json(this.db.getAdapterEvents());
+      } catch {
+        res.json([]);
+      }
+    });
+    this.app.post("/api/bro/adapters/:name/activate", async (req, res) => {
+      try {
+        const adapterName = String(req.params.name);
+        const { AdapterRegistry } = await import("./adapters-JAZGGNVP.js");
+        const registry = new AdapterRegistry();
+        const adapters = registry.discover();
+        const adapter = adapters.find((a) => a.name === adapterName);
+        if (!adapter) {
+          res.status(404).json({ error: "Adapter not found" });
+          return;
+        }
+        const modelfile = registry.generateModelfile(adapter);
+        const ollamaName = registry.ollamaModelName(adapterName);
+        const response = await fetch("http://localhost:11434/api/create", {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ name: ollamaName, modelfile, stream: false })
+        });
+        if (response.ok) {
+          this.db.insertAdapterEvent({
+            adapterName,
+            baseModel: adapter.baseModel,
+            purpose: adapter.purpose,
+            action: "activated",
+            success: true
+          });
+          this.broadcast({ type: "adapter:activated", name: adapterName });
+          res.json({ success: true, ollamaModel: ollamaName });
+        } else {
+          res.status(500).json({ error: "Failed to create Ollama model from adapter" });
+        }
+      } catch {
+        res.status(500).json({ error: "Failed to activate adapter" });
+      }
+    });
+    this.app.get("/api/bro/profiles", async (_req, res) => {
+      try {
+        const { ProfileManager } = await import("./profiles-7CLN6TAT.js");
+        res.json(new ProfileManager().list());
+      } catch {
+        res.json([]);
+      }
+    });
+    this.app.post("/api/bro/profiles", async (req, res) => {
+      try {
+        const { ProfileManager } = await import("./profiles-7CLN6TAT.js");
+        new ProfileManager().save(req.body);
+        res.json({ success: true });
+      } catch {
+        res.status(500).json({ error: "Failed to save profile" });
+      }
+    });
+    this.app.delete("/api/bro/profiles/:name", async (req, res) => {
+      try {
+        const { ProfileManager } = await import("./profiles-7CLN6TAT.js");
+        new ProfileManager().delete(String(req.params.name));
+        res.json({ success: true });
+      } catch {
+        res.status(500).json({ error: "Failed to delete profile" });
+      }
+    });
+    this.app.get("/api/context/index", async (_req, res) => {
+      try {
+        const { ContextStore: ContextStore2 } = await import("./store-WJ5Y7MOE.js");
+        res.json(new ContextStore2(process.cwd()).getIndex());
+      } catch {
+        res.json({ lastUpdated: "", agents: [], sessionCount: 0, commandFileCount: 0, errorFileCount: 0 });
+      }
+    });
+    this.app.get("/api/context/memory", async (_req, res) => {
+      try {
+        const { ContextStore: ContextStore2 } = await import("./store-WJ5Y7MOE.js");
+        const store = new ContextStore2(process.cwd());
+        const files = store.listMemoryFiles();
+        const result = {};
+        for (const file of files) {
+          result[file] = store.readMemory(file);
+        }
+        res.json(result);
+      } catch {
+        res.json({});
+      }
+    });
+    this.app.put("/api/context/memory/:name", async (req, res) => {
+      try {
+        const { ContextStore: ContextStore2 } = await import("./store-WJ5Y7MOE.js");
+        const store = new ContextStore2(process.cwd());
+        store.writeMemory(String(req.params.name), req.body.content);
+        this.broadcast({ type: "context:updated", file: req.params.name });
+        res.json({ success: true });
+      } catch {
+        res.status(500).json({ error: "Failed to write memory file" });
+      }
+    });
+    this.app.get("/api/achievements", (_req, res) => {
+      try {
+        const stats = this.db.getAchievementStats();
+        const badges = this.db.computeAchievements(stats);
+        const xp = this.db.computeXP(stats, badges);
+        res.json({ stats, badges, xp });
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch achievements" });
+      }
+    });
+    this.app.get("/api/security/summary", (_req, res) => {
+      try {
+        const summary = this.db.getSecuritySummary();
+        res.json(summary);
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch security summary" });
+      }
+    });
+    this.app.get("/api/security/blocked-commands", (req, res) => {
+      try {
+        const limit = req.query.limit ? parseInt(req.query.limit, 10) : 25;
+        const commands = this.db.getBlockedCommandsRecent(limit);
+        res.json(commands);
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch blocked commands" });
+      }
+    });
     this.app.get("/api/exposures", (req, res) => {
       try {
         const limit = req.query.limit ? parseInt(req.query.limit, 10) : 100;
@@ -2176,12 +2436,73 @@ var DashboardServer = class {
         res.status(500).json({ error: "Failed to save config" });
       }
     });
-    const __filename = fileURLToPath(import.meta.url);
-    const __dirname = dirname(__filename);
-    const staticPath = join5(__dirname, "static");
+    this.app.get("/api/agents/status", async (_req, res) => {
+      try {
+        const claude = ClaudeCodeHooks.getStatus();
+        const moltbot = MoltbotHooks.getStatus();
+        const gemini = GeminiCLIHooks.getStatus();
+        const copilot = CopilotCLIHooks.getStatus();
+        const opencode = OpenCodeHooks.getStatus();
+        let gatewayRunning = false;
+        let sandboxMode = null;
+        try {
+          const gw = await MoltbotHooks.getGatewayStatus();
+          gatewayRunning = gw.running;
+          sandboxMode = gw.sandboxMode ? "strict" : null;
+        } catch {
+          gatewayRunning = moltbot.gatewayRunning;
+          sandboxMode = moltbot.sandboxMode;
+        }
+        const agents = [
+          {
+            name: "Claude Code",
+            key: "claude-code",
+            installed: claude.claudeInstalled,
+            hooksInstalled: claude.hooksInstalled,
+            hooks: claude.hooks,
+            extra: { allToolsRecording: claude.allToolsInstalled }
+          },
+          {
+            name: "Moltbot",
+            key: "moltbot",
+            installed: moltbot.moltbotInstalled || moltbot.clawdbotInstalled,
+            hooksInstalled: moltbot.hooksInstalled,
+            hooks: moltbot.hooks,
+            extra: { gatewayRunning, sandboxMode }
+          },
+          {
+            name: "Gemini CLI",
+            key: "gemini-cli",
+            installed: gemini.geminiInstalled,
+            hooksInstalled: gemini.hooksInstalled,
+            hooks: gemini.hooks
+          },
+          {
+            name: "GitHub Copilot CLI",
+            key: "copilot-cli",
+            installed: copilot.copilotInstalled,
+            hooksInstalled: copilot.hooksInstalled,
+            hooks: copilot.hooks
+          },
+          {
+            name: "OpenCode",
+            key: "opencode",
+            installed: opencode.openCodeInstalled,
+            hooksInstalled: opencode.pluginInstalled,
+            hooks: opencode.pluginInstalled ? ["plugin (gate + record)"] : []
+          }
+        ];
+        res.json({ agents });
+      } catch (error) {
+        res.status(500).json({ error: "Failed to fetch agent status" });
+      }
+    });
+    const __filename2 = fileURLToPath(import.meta.url);
+    const __dirname2 = dirname(__filename2);
+    const staticPath = join4(__dirname2, "static");
     this.app.use(express.static(staticPath));
     this.app.get("/{*path}", (_req, res) => {
-      res.sendFile(join5(staticPath, "index.html"));
+      res.sendFile(join4(staticPath, "index.html"));
     });
   }
   setupWebSocket() {
@@ -2272,16 +2593,53 @@ var DashboardServer = class {
 };
 
 // src/cli.ts
-var metricsCollector = null;
-var costEstimator = null;
+import { readFileSync as readFileSync5 } from "fs";
+import { fileURLToPath as fileURLToPath2 } from "url";
+import { dirname as dirname2, join as join5 } from "path";
 var loopDetector = null;
 var undoStack = null;
+function extractHookSessionId(event) {
+  if (typeof event.session_id === "string" && event.session_id) {
+    return event.session_id;
+  }
+  if (process.env.CLAUDE_SESSION_ID) {
+    return process.env.CLAUDE_SESSION_ID;
+  }
+  return `ppid-${process.ppid}`;
+}
+function extractRepoName(event) {
+  const repo = event.repo;
+  if (repo && typeof repo.name === "string") return repo.name;
+  return null;
+}
+async function readStdinJSON() {
+  const chunks = [];
+  for await (const chunk of process.stdin) {
+    chunks.push(chunk);
+  }
+  const data = Buffer.concat(chunks).toString("utf-8").trim();
+  if (!data) return {};
+  try {
+    return JSON.parse(data);
+  } catch {
+    return {};
+  }
+}
 var logo = `
   \u2571BashBros \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
   \u{1F91D} Your Friendly Bash Agent Helper
 `;
 var program = new Command();
-program.name("bashbros").description("The Bash Agent Helper").version("0.1.0");
+var __filename = fileURLToPath2(import.meta.url);
+var __dirname = dirname2(__filename);
+var version = "0.1.3";
+try {
+  const pkgPath = join5(__dirname, "..", "package.json");
+  const pkg = JSON.parse(readFileSync5(pkgPath, "utf-8"));
+  version = pkg.version;
+} catch {
+}
+program.name("bashbros").description("The Bash Agent Helper").version(version);
 program.command("init").description("Set up BashBros for your project").action(async () => {
   console.log(chalk5.cyan(logo));
   await runOnboarding();
@@ -2312,7 +2670,7 @@ program.command("scan").description("Scan your system and project environment").
   console.log(bro.getSystemContext());
   console.log();
   console.log(chalk5.bold("\n## Agent Configurations\n"));
-  const { formatAgentSummary } = await import("./display-6LZ2HBCU.js");
+  const { formatAgentSummary } = await import("./display-UH7KEHOW.js");
   const agents = await getAllAgentConfigs();
   console.log(formatAgentSummary(agents));
   console.log();
@@ -2515,7 +2873,7 @@ program.command("do <description>").description("Convert natural language to a c
 });
 program.command("models").description("List available Ollama models").action(async () => {
   console.log(chalk5.cyan(logo));
-  const { OllamaClient } = await import("./ollama-HY35OHW4.js");
+  const { OllamaClient } = await import("./ollama-5JVKNFOV.js");
   const ollama = new OllamaClient();
   const available = await ollama.isAvailable();
   if (!available) {
@@ -2559,11 +2917,30 @@ hookCmd.command("status").description("Check Claude Code hook status").action(()
   console.log();
   console.log(`  Claude Code: ${status.claudeInstalled ? chalk5.green("installed") : chalk5.yellow("not found")}`);
   console.log(`  BashBros hooks: ${status.hooksInstalled ? chalk5.green("active") : chalk5.dim("not installed")}`);
+  console.log(`  All-tools recording: ${status.allToolsInstalled ? chalk5.green("active") : chalk5.dim("not installed")}`);
   if (status.hooks.length > 0) {
     console.log(`  Active hooks: ${status.hooks.join(", ")}`);
   }
   console.log();
 });
+hookCmd.command("install-all-tools").description("Install hook to record ALL Claude Code tool uses (not just Bash)").action(() => {
+  const result = ClaudeCodeHooks.installAllTools();
+  if (result.success) {
+    console.log(chalk5.green("\u2713"), result.message);
+  } else {
+    console.log(chalk5.red("\u2717"), result.message);
+    process.exit(1);
+  }
+});
+hookCmd.command("uninstall-all-tools").description("Remove all-tools recording hook").action(() => {
+  const result = ClaudeCodeHooks.uninstallAllTools();
+  if (result.success) {
+    console.log(chalk5.green("\u2713"), result.message);
+  } else {
+    console.log(chalk5.red("\u2717"), result.message);
+    process.exit(1);
+  }
+});
 var moltbotCmd = program.command("moltbot").alias("clawdbot").description("Manage Moltbot/Clawdbot integration");
 moltbotCmd.command("install").description("Install BashBros hooks into Moltbot").action(() => {
   const result = MoltbotHooks.install();
@@ -2664,14 +3041,14 @@ moltbotCmd.command("audit").description("Run Moltbot security audit").option("--
 program.command("agent-info [agent]").description("Show detailed info about installed agents and their configurations").option("-r, --raw", "Show raw (redacted) config contents").action(async (agent, options) => {
   console.log(chalk5.cyan(logo));
   if (agent) {
-    const validAgents = ["claude-code", "moltbot", "clawdbot", "aider", "gemini-cli", "opencode"];
+    const validAgents = ["claude-code", "moltbot", "clawdbot", "copilot-cli", "aider", "gemini-cli", "opencode"];
     if (!validAgents.includes(agent)) {
       console.log(chalk5.red(`Unknown agent: ${agent}`));
       console.log(chalk5.dim(`Valid agents: ${validAgents.join(", ")}`));
       return;
     }
     const info = await getAgentConfigInfo(agent);
-    const { formatAgentInfo: formatAgentInfo2 } = await import("./display-6LZ2HBCU.js");
+    const { formatAgentInfo: formatAgentInfo2 } = await import("./display-UH7KEHOW.js");
     console.log();
     console.log(formatAgentInfo2(info));
     if (options.raw && info.configExists && info.configPath) {
@@ -2703,14 +3080,60 @@ program.command("permissions").description("Show combined permissions view acros
   console.log(formatPermissionsTable(agents));
   console.log();
 });
-program.command("gate <command>").description("Check if a command should be allowed (used by hooks)").option("-y, --yes", "Skip interactive prompt and block").action(async (command, options) => {
+program.command("gate [command]").description("Check if a command should be allowed (used by hooks)").option("-y, --yes", "Skip interactive prompt and block").action(async (rawInput, options) => {
+  let command = "";
+  let hookEvent = {};
+  try {
+    const chunks = [];
+    for await (const chunk of process.stdin) {
+      chunks.push(chunk);
+    }
+    const stdinData = Buffer.concat(chunks).toString("utf-8").trim();
+    if (stdinData) {
+      const event = JSON.parse(stdinData);
+      hookEvent = event;
+      if (event.tool_input?.command) {
+        command = event.tool_input.command;
+      }
+    }
+  } catch {
+  }
+  if (!command && rawInput && rawInput !== "$TOOL_INPUT") {
+    try {
+      const parsed = JSON.parse(rawInput);
+      if (parsed?.command) command = parsed.command;
+    } catch {
+      command = rawInput;
+    }
+  }
+  if (!command) {
+    process.exit(0);
+  }
   const result = await gateCommand(command);
   if (!result.allowed) {
+    try {
+      const { DashboardWriter: DashboardWriter2 } = await import("./writer-3NAVABN6.js");
+      const { RiskScorer: RiskScorer2 } = await import("./risk-scorer-Y6KF2XCZ.js");
+      const scorer = new RiskScorer2();
+      const risk = scorer.score(command);
+      const writer = new DashboardWriter2();
+      const hookSessionId = extractHookSessionId(hookEvent);
+      writer.ensureHookSession(hookSessionId, process.cwd(), extractRepoName(hookEvent));
+      writer.recordCommand(
+        command,
+        false,
+        risk,
+        [{ type: "command", rule: "gate", message: result.reason || "Blocked" }],
+        0
+      );
+      writer.close();
+    } catch {
+    }
     if (process.stdin.isTTY && !options.yes) {
       const { allowForSession: allowForSession2 } = await import("./session-Y4MICATZ.js");
-      const { readFileSync: readFileSync5, writeFileSync: writeFileSync5 } = await import("fs");
+      const { readFileSync: readFileSync6, writeFileSync: writeFileSync5 } = await import("fs");
       const { parse: parse4, stringify: stringify5 } = await import("yaml");
-      const { findConfig: findConfig2 } = await import("./config-JLLOTFLI.js");
+      const { findConfig: findConfig2 } = await import("./config-I5NCK3RJ.js");
       console.error();
       console.error(chalk5.red("\u{1F6E1}\uFE0F  BashBros blocked a command"));
       console.error();
@@ -2751,7 +3174,7 @@ program.command("gate <command>").description("Check if a command should be allo
           try {
             const configPath = findConfig2();
             if (configPath) {
-              const content = readFileSync5(configPath, "utf-8");
+              const content = readFileSync6(configPath, "utf-8");
               const config = parse4(content);
               if (!config.commands) config.commands = { allow: [], block: [] };
               if (!config.commands.allow) config.commands.allow = [];
@@ -2778,61 +3201,317 @@ program.command("gate <command>").description("Check if a command should be allo
   }
   process.exit(0);
 });
-program.command("record <command>").description("Record a command execution (used by hooks)").option("-o, --output <output>", "Command output").option("-e, --exit-code <code>", "Exit code", "0").action(async (command, options) => {
-  if (!metricsCollector) metricsCollector = new MetricsCollector();
-  if (!costEstimator) costEstimator = new CostEstimator();
-  if (!loopDetector) loopDetector = new LoopDetector();
-  if (!undoStack) undoStack = new UndoStack();
+program.command("record-tool").description("Record a Claude Code tool execution (used by hooks)").option("--marker <marker>", "Hook marker (ignored, used for identification)").action(async () => {
+  const cfg = loadConfig();
+  let eventJson = "";
+  try {
+    const chunks = [];
+    for await (const chunk of process.stdin) {
+      chunks.push(chunk);
+    }
+    eventJson = Buffer.concat(chunks).toString("utf-8").trim();
+  } catch {
+  }
+  if (!eventJson) {
+    return;
+  }
+  try {
+    const event = JSON.parse(eventJson);
+    const events = Array.isArray(event) ? event : [event];
+    const { DashboardWriter: DashboardWriter2 } = await import("./writer-3NAVABN6.js");
+    const writer = new DashboardWriter2();
+    const firstEvent = events[0] || {};
+    const hookSessionId = extractHookSessionId(firstEvent);
+    writer.ensureHookSession(hookSessionId, firstEvent.cwd || process.cwd(), extractRepoName(firstEvent));
+    for (const evt of events) {
+      const toolName = evt.tool_name || evt.tool || "unknown";
+      const toolInput = evt.tool_input || evt.input || {};
+      const toolOutput = evt.tool_output || evt.output || "";
+      let inputStr;
+      if (typeof toolInput === "string") {
+        inputStr = toolInput;
+      } else if (typeof toolInput === "object") {
+        inputStr = JSON.stringify(toolInput, null, 2);
+      } else {
+        inputStr = String(toolInput);
+      }
+      let outputStr;
+      let exitCode = null;
+      let success = null;
+      if (typeof toolOutput === "object" && toolOutput !== null) {
+        outputStr = (toolOutput.stdout || "") + (toolOutput.stderr || "");
+        exitCode = toolOutput.exit_code ?? toolOutput.exitCode ?? null;
+        if (exitCode !== null) {
+          success = exitCode === 0;
+        }
+      } else {
+        outputStr = String(toolOutput || "");
+      }
+      const repoName = evt.repo?.name ?? null;
+      const repoPath = evt.repo?.path ?? null;
+      writer.recordToolUse({
+        toolName,
+        toolInput: inputStr,
+        toolOutput: outputStr,
+        exitCode,
+        success,
+        cwd: evt.cwd || process.cwd(),
+        repoName,
+        repoPath
+      });
+      if (cfg.outputScanning.enabled && outputStr) {
+        try {
+          const scanner = new OutputScanner(cfg.outputScanning);
+          const scanResult = scanner.scan(outputStr);
+          if (scanResult.hasSecrets) {
+            for (const f of scanResult.findings.filter((f2) => f2.type === "secret")) {
+              process.stderr.write(`[BashBros] Output warning (${toolName}): ${f.message}
+`);
+            }
+          }
+        } catch {
+        }
+      }
+      const preview = inputStr.substring(0, 40).replace(/\n/g, " ");
+      console.log(`[BashBros] ${toolName}: ${preview}${inputStr.length > 40 ? "..." : ""}`);
+    }
+    writer.close();
+  } catch (e) {
+    console.error(`[BashBros] Error recording tool: ${e instanceof Error ? e.message : e}`);
+  }
+});
+program.command("record [rawInput]").description("Record a command execution (used by hooks)").option("-o, --output <output>", "Command output").option("-e, --exit-code <code>", "Exit code", "0").action(async (rawInput, options) => {
+  let command = "";
+  let stdinData = "";
+  let hookEvent = {};
+  try {
+    const chunks = [];
+    for await (const chunk of process.stdin) {
+      chunks.push(chunk);
+    }
+    stdinData = Buffer.concat(chunks).toString("utf-8").trim();
+    if (stdinData) {
+      const event = JSON.parse(stdinData);
+      hookEvent = event;
+      if (event.tool_input?.command) {
+        command = event.tool_input.command;
+      }
+    }
+  } catch {
+  }
+  if (!command && rawInput && rawInput !== "$TOOL_INPUT") {
+    try {
+      const parsed = JSON.parse(rawInput);
+      if (parsed?.command) command = parsed.command;
+    } catch {
+      command = rawInput;
+    }
+  }
+  if (!command) return;
+  const cfg = loadConfig();
+  if (!loopDetector) loopDetector = new LoopDetector(cfg.loopDetection);
   const scorer = new RiskScorer();
   const risk = scorer.score(command);
-  metricsCollector.record({
-    command,
-    timestamp: /* @__PURE__ */ new Date(),
-    duration: 0,
-    // Not available in hook
-    allowed: true,
-    riskScore: risk,
-    violations: [],
-    exitCode: parseInt(options.exitCode) || 0
-  });
-  costEstimator.recordToolCall(command, options.output || "");
   const loopAlert = loopDetector.check(command);
   if (loopAlert) {
     console.error(chalk5.yellow(`\u26A0 Loop detected: ${loopAlert.message}`));
   }
-  const paths = command.match(/(?:^|\s)(\.\/|\.\.\/|\/|~\/)[^\s]+/g) || [];
-  const cleanPaths = paths.map((p) => p.trim());
-  if (cleanPaths.length > 0) {
-    undoStack.recordFromCommand(command, cleanPaths);
+  try {
+    const { DashboardWriter: DashboardWriter2 } = await import("./writer-3NAVABN6.js");
+    const writer = new DashboardWriter2();
+    const hookSessionId = extractHookSessionId(hookEvent);
+    writer.ensureHookSession(hookSessionId, process.cwd(), extractRepoName(hookEvent));
+    writer.recordCommand(
+      command,
+      true,
+      // allowed (if we're recording post-execution, it was allowed)
+      risk,
+      [],
+      // no violations (it passed the gate)
+      0
+      // duration not available in hook mode
+    );
+    writer.close();
+  } catch (e) {
+    console.error(`[BashBros] Error persisting record: ${e instanceof Error ? e.message : e}`);
+  }
+  if (cfg.outputScanning.enabled && stdinData) {
+    try {
+      const event = JSON.parse(stdinData);
+      const toolOutput = event.tool_output;
+      let outputStr = "";
+      if (typeof toolOutput === "string") {
+        outputStr = toolOutput;
+      } else if (typeof toolOutput === "object" && toolOutput !== null) {
+        outputStr = (toolOutput.stdout || "") + (toolOutput.stderr || "");
+      }
+      if (outputStr) {
+        const scanner = new OutputScanner(cfg.outputScanning);
+        const scanResult = scanner.scan(outputStr);
+        if (scanResult.hasSecrets) {
+          for (const f of scanResult.findings.filter((f2) => f2.type === "secret")) {
+            process.stderr.write(`[BashBros] Output warning: ${f.message}
+`);
+          }
+        }
+        if (scanResult.hasErrors) {
+          for (const f of scanResult.findings.filter((f2) => f2.type === "error")) {
+            process.stderr.write(`[BashBros] Output notice: ${f.message}
+`);
+          }
+        }
+      }
+    } catch {
+    }
   }
 });
-program.command("session-end").description("Generate session report (used by hooks)").option("-f, --format <format>", "Output format (text, markdown, json)", "text").action((options) => {
-  if (!metricsCollector) {
+program.command("session-end").description("Generate session report (used by hooks)").option("-f, --format <format>", "Output format (text, markdown, json)", "text").action(async (options) => {
+  let hookSessionId = null;
+  try {
+    const chunks = [];
+    for await (const chunk of process.stdin) {
+      chunks.push(chunk);
+    }
+    const stdinData = Buffer.concat(chunks).toString("utf-8").trim();
+    if (stdinData) {
+      const event = JSON.parse(stdinData);
+      hookSessionId = extractHookSessionId(event);
+    }
+  } catch {
+  }
+  try {
+    const { DashboardWriter: DashboardWriter2 } = await import("./writer-3NAVABN6.js");
+    const writer = new DashboardWriter2();
+    if (hookSessionId) {
+      writer.endHookSession(hookSessionId);
+    }
+    const db = writer.getDB();
+    const since = new Date(Date.now() - 24 * 60 * 60 * 1e3);
+    const commands = db.getCommands({ since, limit: 1e4 });
+    if (commands.length > 0) {
+      const startTime = commands[commands.length - 1].timestamp;
+      const endTime = commands[0].timestamp;
+      const duration = endTime.getTime() - startTime.getTime();
+      const cmdFreq = /* @__PURE__ */ new Map();
+      for (const cmd of commands) {
+        const base = cmd.command.split(/\s+/)[0];
+        cmdFreq.set(base, (cmdFreq.get(base) || 0) + 1);
+      }
+      const topCommands = [...cmdFreq.entries()].sort((a, b) => b[1] - a[1]).slice(0, 10);
+      const violationsByType = {};
+      for (const cmd of commands) {
+        for (const v of cmd.violations) {
+          violationsByType[v] = (violationsByType[v] || 0) + 1;
+        }
+      }
+      const metrics = {
+        sessionId: "hook-session",
+        startTime,
+        endTime,
+        duration,
+        commandCount: commands.length,
+        blockedCount: commands.filter((c) => !c.allowed).length,
+        uniqueCommands: cmdFreq.size,
+        topCommands,
+        riskDistribution: {
+          safe: commands.filter((c) => c.riskLevel === "safe").length,
+          caution: commands.filter((c) => c.riskLevel === "caution").length,
+          dangerous: commands.filter((c) => c.riskLevel === "dangerous").length,
+          critical: commands.filter((c) => c.riskLevel === "critical").length
+        },
+        avgRiskScore: commands.reduce((sum, c) => sum + c.riskScore, 0) / commands.length,
+        avgExecutionTime: commands.reduce((sum, c) => sum + c.durationMs, 0) / commands.length,
+        totalExecutionTime: commands.reduce((sum, c) => sum + c.durationMs, 0),
+        filesModified: [],
+        pathsAccessed: [],
+        violationsByType
+      };
+      const toolUses = db.getToolUses({ since, limit: 1e4 });
+      const estimator = new CostEstimator();
+      for (const use of toolUses) {
+        estimator.recordToolCall(use.toolInput, use.toolOutput);
+      }
+      const report = ReportGenerator.generate(metrics, estimator.getEstimate(), { format: options.format });
+      console.log();
+      console.log(report);
+      console.log();
+      writer.close();
+      return;
+    }
+    writer.close();
+  } catch {
     console.log(chalk5.dim("No session data to report."));
-    return;
   }
-  const metrics = metricsCollector.getMetrics();
-  const cost = costEstimator?.getEstimate();
-  const report = ReportGenerator.generate(metrics, cost, { format: options.format });
-  console.log();
-  console.log(report);
-  console.log();
 });
-program.command("report").description("Generate a session report").option("-f, --format <format>", "Output format (text, markdown, json)", "text").option("--no-cost", "Hide cost estimate").option("--no-risk", "Hide risk distribution").action((options) => {
-  if (!metricsCollector) {
+program.command("report").description("Generate a session report").option("-f, --format <format>", "Output format (text, markdown, json)", "text").option("--no-cost", "Hide cost estimate").option("--no-risk", "Hide risk distribution").action(async (options) => {
+  try {
+    const { DashboardWriter: DashboardWriter2 } = await import("./writer-3NAVABN6.js");
+    const writer = new DashboardWriter2();
+    const db = writer.getDB();
+    const since = new Date(Date.now() - 24 * 60 * 60 * 1e3);
+    const commands = db.getCommands({ since, limit: 1e4 });
+    if (commands.length > 0) {
+      const startTime = commands[commands.length - 1].timestamp;
+      const endTime = commands[0].timestamp;
+      const duration = endTime.getTime() - startTime.getTime();
+      const cmdFreq = /* @__PURE__ */ new Map();
+      for (const cmd of commands) {
+        const base = cmd.command.split(/\s+/)[0];
+        cmdFreq.set(base, (cmdFreq.get(base) || 0) + 1);
+      }
+      const topCommands = [...cmdFreq.entries()].sort((a, b) => b[1] - a[1]).slice(0, 10);
+      const violationsByType = {};
+      for (const cmd of commands) {
+        for (const v of cmd.violations) {
+          violationsByType[v] = (violationsByType[v] || 0) + 1;
+        }
+      }
+      const metrics = {
+        sessionId: "hook-session",
+        startTime,
+        endTime,
+        duration,
+        commandCount: commands.length,
+        blockedCount: commands.filter((c) => !c.allowed).length,
+        uniqueCommands: cmdFreq.size,
+        topCommands,
+        riskDistribution: {
+          safe: commands.filter((c) => c.riskLevel === "safe").length,
+          caution: commands.filter((c) => c.riskLevel === "caution").length,
+          dangerous: commands.filter((c) => c.riskLevel === "dangerous").length,
+          critical: commands.filter((c) => c.riskLevel === "critical").length
+        },
+        avgRiskScore: commands.reduce((sum, c) => sum + c.riskScore, 0) / commands.length,
+        avgExecutionTime: commands.reduce((sum, c) => sum + c.durationMs, 0) / commands.length,
+        totalExecutionTime: commands.reduce((sum, c) => sum + c.durationMs, 0),
+        filesModified: [],
+        pathsAccessed: [],
+        violationsByType
+      };
+      let cost;
+      if (options.cost) {
+        const toolUses = db.getToolUses({ since, limit: 1e4 });
+        const estimator = new CostEstimator();
+        for (const use of toolUses) {
+          estimator.recordToolCall(use.toolInput, use.toolOutput);
+        }
+        cost = estimator.getEstimate();
+      }
+      const report = ReportGenerator.generate(metrics, cost, {
+        format: options.format,
+        showCost: options.cost,
+        showRisk: options.risk
+      });
+      console.log();
+      console.log(report);
+      console.log();
+      writer.close();
+      return;
+    }
+    writer.close();
+  } catch {
     console.log(chalk5.dim("No session data. Run some commands first."));
-    return;
   }
-  const metrics = metricsCollector.getMetrics();
-  const cost = options.cost ? costEstimator?.getEstimate() : void 0;
-  const report = ReportGenerator.generate(metrics, cost, {
-    format: options.format,
-    showCost: options.cost,
-    showRisk: options.risk
-  });
-  console.log();
-  console.log(report);
-  console.log();
 });
 program.command("risk <command>").description("Score a command for security risk").action((command) => {
   const scorer = new RiskScorer();
@@ -3048,5 +3727,257 @@ patternsCmd.command("test <text>").description("Test if text matches any detecti
   }
   console.log();
 });
+var geminiCmd = program.command("gemini").description("Manage Gemini CLI integration");
+geminiCmd.command("install").description("Install BashBros hooks into Gemini CLI").action(async () => {
+  const { GeminiCLIHooks: GeminiCLIHooks2 } = await import("./gemini-cli-3563EELZ.js");
+  const result = GeminiCLIHooks2.install();
+  if (result.success) {
+    console.log(chalk5.green("\u2713"), result.message);
+  } else {
+    console.log(chalk5.red("\u2717"), result.message);
+    process.exit(1);
+  }
+});
+geminiCmd.command("uninstall").description("Remove BashBros hooks from Gemini CLI").action(async () => {
+  const { GeminiCLIHooks: GeminiCLIHooks2 } = await import("./gemini-cli-3563EELZ.js");
+  const result = GeminiCLIHooks2.uninstall();
+  if (result.success) {
+    console.log(chalk5.green("\u2713"), result.message);
+  } else {
+    console.log(chalk5.red("\u2717"), result.message);
+    process.exit(1);
+  }
+});
+geminiCmd.command("status").description("Check Gemini CLI integration status").action(async () => {
+  const { GeminiCLIHooks: GeminiCLIHooks2 } = await import("./gemini-cli-3563EELZ.js");
+  const status = GeminiCLIHooks2.getStatus();
+  console.log();
+  console.log(chalk5.bold("Gemini CLI Integration Status"));
+  console.log();
+  console.log(`  Gemini CLI: ${status.geminiInstalled ? chalk5.green("detected") : chalk5.yellow("not found")}`);
+  console.log(`  BashBros hooks: ${status.hooksInstalled ? chalk5.green("active") : chalk5.dim("not installed")}`);
+  if (status.hooks.length > 0) {
+    console.log(`  Active hooks: ${status.hooks.join(", ")}`);
+  }
+  console.log(chalk5.dim("  Scope: project (.gemini/settings.json)"));
+  console.log();
+});
+var copilotCmd = program.command("copilot").description("Manage GitHub Copilot CLI integration");
+copilotCmd.command("install").description("Install BashBros hooks into Copilot CLI").action(async () => {
+  const { CopilotCLIHooks: CopilotCLIHooks2 } = await import("./copilot-cli-5WJWK5YT.js");
+  const result = CopilotCLIHooks2.install();
+  if (result.success) {
+    console.log(chalk5.green("\u2713"), result.message);
+  } else {
+    console.log(chalk5.red("\u2717"), result.message);
+    process.exit(1);
+  }
+});
+copilotCmd.command("uninstall").description("Remove BashBros hooks from Copilot CLI").action(async () => {
+  const { CopilotCLIHooks: CopilotCLIHooks2 } = await import("./copilot-cli-5WJWK5YT.js");
+  const result = CopilotCLIHooks2.uninstall();
+  if (result.success) {
+    console.log(chalk5.green("\u2713"), result.message);
+  } else {
+    console.log(chalk5.red("\u2717"), result.message);
+    process.exit(1);
+  }
+});
+copilotCmd.command("status").description("Check Copilot CLI integration status").action(async () => {
+  const { CopilotCLIHooks: CopilotCLIHooks2 } = await import("./copilot-cli-5WJWK5YT.js");
+  const status = CopilotCLIHooks2.getStatus();
+  console.log();
+  console.log(chalk5.bold("Copilot CLI Integration Status"));
+  console.log();
+  console.log(`  Copilot CLI: ${status.copilotInstalled ? chalk5.green("detected") : chalk5.yellow("not found")}`);
+  console.log(`  BashBros hooks: ${status.hooksInstalled ? chalk5.green("active") : chalk5.dim("not installed")}`);
+  if (status.hooks.length > 0) {
+    console.log(`  Active hooks: ${status.hooks.join(", ")}`);
+  }
+  console.log(chalk5.dim("  Scope: project (.github/hooks/bashbros.json)"));
+  console.log();
+});
+var opencodeCmd = program.command("opencode").description("Manage OpenCode integration");
+opencodeCmd.command("install").description("Install BashBros plugin into OpenCode").action(async () => {
+  const { OpenCodeHooks: OpenCodeHooks2 } = await import("./opencode-DRCY275R.js");
+  const result = OpenCodeHooks2.install();
+  if (result.success) {
+    console.log(chalk5.green("\u2713"), result.message);
+  } else {
+    console.log(chalk5.red("\u2717"), result.message);
+    process.exit(1);
+  }
+});
+opencodeCmd.command("uninstall").description("Remove BashBros plugin from OpenCode").action(async () => {
+  const { OpenCodeHooks: OpenCodeHooks2 } = await import("./opencode-DRCY275R.js");
+  const result = OpenCodeHooks2.uninstall();
+  if (result.success) {
+    console.log(chalk5.green("\u2713"), result.message);
+  } else {
+    console.log(chalk5.red("\u2717"), result.message);
+    process.exit(1);
+  }
+});
+opencodeCmd.command("status").description("Check OpenCode integration status").action(async () => {
+  const { OpenCodeHooks: OpenCodeHooks2 } = await import("./opencode-DRCY275R.js");
+  const status = OpenCodeHooks2.getStatus();
+  console.log();
+  console.log(chalk5.bold("OpenCode Integration Status"));
+  console.log();
+  console.log(`  OpenCode: ${status.openCodeInstalled ? chalk5.green("detected") : chalk5.yellow("not found")}`);
+  console.log(`  BashBros plugin: ${status.pluginInstalled ? chalk5.green("active") : chalk5.dim("not installed")}`);
+  console.log(chalk5.dim("  Scope: project (.opencode/plugins/bashbros.ts)"));
+  console.log();
+});
+program.command("gemini-gate").description("Gate command for Gemini CLI hooks (internal)").action(async () => {
+  const event = await readStdinJSON();
+  const toolInput = event.tool_input;
+  const command = typeof toolInput?.command === "string" ? toolInput.command : "";
+  if (!command) {
+    console.log(JSON.stringify({ decision: "allow" }));
+    process.exit(0);
+  }
+  const result = await gateCommand(command);
+  if (!result.allowed) {
+    try {
+      const { DashboardWriter: DashboardWriter2 } = await import("./writer-3NAVABN6.js");
+      const writer = new DashboardWriter2();
+      const hookSessionId = extractHookSessionId(event);
+      writer.ensureHookSession(hookSessionId, process.cwd(), extractRepoName(event));
+      const scorer = new RiskScorer();
+      const risk = scorer.score(command);
+      writer.recordCommand(
+        command,
+        false,
+        risk,
+        [{ type: "command", rule: "gate", message: result.reason || "Blocked" }],
+        0
+      );
+      writer.close();
+    } catch {
+    }
+    console.log(JSON.stringify({
+      decision: "deny",
+      reason: result.reason || "Blocked by BashBros"
+    }));
+    process.exit(0);
+  }
+  console.log(JSON.stringify({ decision: "allow" }));
+  process.exit(0);
+});
+program.command("gemini-record").description("Record command for Gemini CLI hooks (internal)").action(async () => {
+  const event = await readStdinJSON();
+  const toolInput = event.tool_input;
+  const command = typeof toolInput?.command === "string" ? toolInput.command : "";
+  if (!command) return;
+  const cfg = loadConfig();
+  if (!loopDetector) loopDetector = new LoopDetector(cfg.loopDetection);
+  const scorer = new RiskScorer();
+  const risk = scorer.score(command);
+  const loopAlert = loopDetector.check(command);
+  if (loopAlert) {
+    process.stderr.write(`[BashBros] Loop detected: ${loopAlert.message}
+`);
+  }
+  try {
+    const { DashboardWriter: DashboardWriter2 } = await import("./writer-3NAVABN6.js");
+    const writer = new DashboardWriter2();
+    const hookSessionId = extractHookSessionId(event);
+    writer.ensureHookSession(hookSessionId, process.cwd(), extractRepoName(event));
+    writer.recordCommand(command, true, risk, [], 0);
+    writer.close();
+  } catch (e) {
+    process.stderr.write(`[BashBros] Error recording: ${e instanceof Error ? e.message : e}
+`);
+  }
+  if (cfg.outputScanning.enabled) {
+    const toolOutput = event.tool_output;
+    let outputStr = "";
+    if (typeof toolOutput === "string") outputStr = toolOutput;
+    else if (typeof toolOutput === "object" && toolOutput !== null) {
+      outputStr = (toolOutput.stdout || "") + (toolOutput.stderr || "");
+    }
+    if (outputStr) {
+      try {
+        const scanner = new OutputScanner(cfg.outputScanning);
+        const scanResult = scanner.scan(outputStr);
+        if (scanResult.hasSecrets) {
+          for (const f of scanResult.findings.filter((f2) => f2.type === "secret")) {
+            process.stderr.write(`[BashBros] Output warning: ${f.message}
+`);
+          }
+        }
+      } catch {
+      }
+    }
+  }
+});
+program.command("copilot-gate").description("Gate command for Copilot CLI hooks (internal)").action(async () => {
+  const event = await readStdinJSON();
+  const toolArgs = event.toolArgs;
+  const command = typeof toolArgs?.command === "string" ? toolArgs.command : "";
+  if (!command) {
+    console.log(JSON.stringify({ permissionDecision: "allow" }));
+    process.exit(0);
+  }
+  const result = await gateCommand(command);
+  if (!result.allowed) {
+    try {
+      const { DashboardWriter: DashboardWriter2 } = await import("./writer-3NAVABN6.js");
+      const writer = new DashboardWriter2();
+      const hookSessionId = extractHookSessionId(event);
+      writer.ensureHookSession(hookSessionId, process.cwd(), extractRepoName(event));
+      const scorer = new RiskScorer();
+      const risk = scorer.score(command);
+      writer.recordCommand(
+        command,
+        false,
+        risk,
+        [{ type: "command", rule: "gate", message: result.reason || "Blocked" }],
+        0
+      );
+      writer.close();
+    } catch {
+    }
+    console.log(JSON.stringify({
+      permissionDecision: "deny",
+      permissionDecisionReason: result.reason || "Blocked by BashBros"
+    }));
+    process.exit(1);
+  }
+  console.log(JSON.stringify({ permissionDecision: "allow" }));
+  process.exit(0);
+});
+program.command("copilot-record").description("Record command for Copilot CLI hooks (internal)").action(async () => {
+  const event = await readStdinJSON();
+  const toolArgs = event.toolArgs;
+  const command = typeof toolArgs?.command === "string" ? toolArgs.command : "";
+  if (!command) return;
+  const cfg = loadConfig();
+  if (!loopDetector) loopDetector = new LoopDetector(cfg.loopDetection);
+  const scorer = new RiskScorer();
+  const risk = scorer.score(command);
+  const loopAlert = loopDetector.check(command);
+  if (loopAlert) {
+    process.stderr.write(`[BashBros] Loop detected: ${loopAlert.message}
+`);
+  }
+  try {
+    const { DashboardWriter: DashboardWriter2 } = await import("./writer-3NAVABN6.js");
+    const writer = new DashboardWriter2();
+    const hookSessionId = extractHookSessionId(event);
+    writer.ensureHookSession(hookSessionId, process.cwd(), extractRepoName(event));
+    writer.recordCommand(command, true, risk, [], 0);
+    writer.close();
+  } catch (e) {
+    process.stderr.write(`[BashBros] Error recording: ${e instanceof Error ? e.message : e}
+`);
+  }
+});
+program.command("setup").description("Install BashBros hooks for multiple agents at once").action(async () => {
+  console.log(chalk5.cyan(logo));
+  const { runSetup } = await import("./setup-YS27MOPE.js");
+  await runSetup();
+});
 program.parse();
 //# sourceMappingURL=cli.js.map