bashbros 0.1.3 → 0.1.4

package/dist/{config-43SK6SFI.js → config-I5NCK3RJ.js}

@@ -3,11 +3,11 @@ import {
   findConfig,
   getDefaultConfig,
   loadConfig
-} from "./chunk-A535VV7N.js";
+} from "./chunk-RTZ4QWG2.js";
 import "./chunk-7OCVIDC7.js";
 export {
   findConfig,
   getDefaultConfig,
   loadConfig
 };
-//# sourceMappingURL=config-43SK6SFI.js.map
+//# sourceMappingURL=config-I5NCK3RJ.js.map

package/dist/copilot-cli-5WJWK5YT.js

@@ -0,0 +1,9 @@
+#!/usr/bin/env node
+import {
+  CopilotCLIHooks
+} from "./chunk-SDN6TAGD.js";
+import "./chunk-7OCVIDC7.js";
+export {
+  CopilotCLIHooks
+};
+//# sourceMappingURL=copilot-cli-5WJWK5YT.js.map

package/dist/{db-SWJUUSFX.js → db-ETWTBXAE.js}

@@ -2,10 +2,10 @@
 import {
   DashboardDB,
   db_default
-} from "./chunk-JYWQT2B4.js";
+} from "./chunk-RDNSS3ME.js";
 import "./chunk-7OCVIDC7.js";
 export {
   DashboardDB,
   db_default as default
 };
-//# sourceMappingURL=db-SWJUUSFX.js.map
+//# sourceMappingURL=db-ETWTBXAE.js.map

package/dist/db-checks-2YOVECD4.js

@@ -0,0 +1,133 @@
+#!/usr/bin/env node
+import "./chunk-7OCVIDC7.js";
+
+// src/policy/db-checks.ts
+function normalize(command) {
+  return command.toLowerCase().replace(/["']/g, "").replace(/\s+/g, " ").replace(/\d+/g, "N").replace(/[a-f0-9]{8,}/gi, "H").trim();
+}
+function jaccardSimilarity(a, b) {
+  const wordsA = new Set(a.split(/\s+/));
+  const wordsB = new Set(b.split(/\s+/));
+  const intersection = new Set([...wordsA].filter((x) => wordsB.has(x)));
+  const union = /* @__PURE__ */ new Set([...wordsA, ...wordsB]);
+  if (union.size === 0) return 1;
+  return intersection.size / union.size;
+}
+function checkLoopDetection(command, config, db) {
+  if (!config.enabled) return { violation: null, warning: null };
+  const totalCount = db.getTotalCommandCount();
+  if (totalCount >= config.maxTurns) {
+    const msg = `Maximum turns reached (${config.maxTurns}). Session may be stuck.`;
+    if (config.action === "block") {
+      return { violation: { type: "loop", rule: "max_turns", message: msg }, warning: null };
+    }
+    return { violation: null, warning: msg };
+  }
+  const recent = db.getRecentCommandTexts(config.windowSize);
+  const exactCount = recent.filter((r) => r.command === command).length;
+  if (exactCount >= config.maxRepeats) {
+    const msg = `Command repeated ${exactCount + 1} times: "${command.slice(0, 50)}"`;
+    if (config.action === "block") {
+      return { violation: { type: "loop", rule: "exact_repeat", message: msg }, warning: null };
+    }
+    return { violation: null, warning: msg };
+  }
+  const normalizedCmd = normalize(command);
+  const similarCount = recent.filter(
+    (r) => jaccardSimilarity(normalize(r.command), normalizedCmd) >= config.similarityThreshold
+  ).length;
+  if (similarCount >= config.maxRepeats) {
+    const msg = `Similar commands repeated ${similarCount + 1} times`;
+    if (config.action === "block") {
+      return { violation: { type: "loop", rule: "semantic_repeat", message: msg }, warning: null };
+    }
+    return { violation: null, warning: msg };
+  }
+  return { violation: null, warning: null };
+}
+var DEFAULT_SUSPICIOUS_PATTERNS = [
+  /\bpasswd\b/,
+  /\bshadow\b/,
+  /\/root\//,
+  /\.ssh\//,
+  /\.gnupg\//,
+  /\.aws\//,
+  /\.kube\//,
+  /wallet/i,
+  /crypto/i,
+  /bitcoin/i,
+  /ethereum/i,
+  /private.*key/i
+];
+function checkAnomalyDetection(command, config, db) {
+  if (!config.enabled) return { violation: null, warning: null };
+  const totalCount = db.getTotalCommandCount();
+  if (totalCount < config.learningCommands) {
+    return { violation: null, warning: null };
+  }
+  const findings = [];
+  const hour = (/* @__PURE__ */ new Date()).getHours();
+  const [start, end] = config.workingHours;
+  if (hour < start || hour >= end) {
+    findings.push(`Activity outside working hours (${hour}:00, allowed ${start}-${end})`);
+  }
+  const oneMinuteAgo = new Date(Date.now() - 6e4).toISOString();
+  const recentCount = db.getCommandCountSince(oneMinuteAgo);
+  if (recentCount > config.typicalCommandsPerMinute * 2) {
+    findings.push(`High command rate: ${recentCount}/min (typical: ${config.typicalCommandsPerMinute})`);
+  }
+  const configPatterns = (config.suspiciousPatterns || []).map((p) => {
+    try {
+      return new RegExp(p, "i");
+    } catch {
+      return null;
+    }
+  }).filter((p) => p !== null);
+  const allPatterns = [...DEFAULT_SUSPICIOUS_PATTERNS, ...configPatterns];
+  for (const pattern of allPatterns) {
+    if (pattern.test(command)) {
+      findings.push(`Suspicious pattern: ${pattern.source}`);
+      break;
+    }
+  }
+  if (findings.length === 0) return { violation: null, warning: null };
+  const msg = `Anomaly: ${findings.join("; ")}`;
+  if (config.action === "block") {
+    return { violation: { type: "anomaly", rule: "anomaly_detection", message: msg }, warning: null };
+  }
+  return { violation: null, warning: msg };
+}
+function checkRateLimit(config, db) {
+  if (!config.enabled) return { violation: null, warning: null };
+  const oneMinuteAgo = new Date(Date.now() - 6e4).toISOString();
+  const perMinute = db.getCommandCountSince(oneMinuteAgo);
+  if (perMinute >= config.maxPerMinute) {
+    return {
+      violation: {
+        type: "rate_limit",
+        rule: "rate_per_minute",
+        message: `Rate limit exceeded: ${perMinute}/${config.maxPerMinute} per minute`
+      },
+      warning: null
+    };
+  }
+  const oneHourAgo = new Date(Date.now() - 36e5).toISOString();
+  const perHour = db.getCommandCountSince(oneHourAgo);
+  if (perHour >= config.maxPerHour) {
+    return {
+      violation: {
+        type: "rate_limit",
+        rule: "rate_per_hour",
+        message: `Rate limit exceeded: ${perHour}/${config.maxPerHour} per hour`
+      },
+      warning: null
+    };
+  }
+  return { violation: null, warning: null };
+}
+export {
+  checkAnomalyDetection,
+  checkLoopDetection,
+  checkRateLimit
+};
+//# sourceMappingURL=db-checks-2YOVECD4.js.map

package/dist/db-checks-2YOVECD4.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/policy/db-checks.ts"],"sourcesContent":["/**\r\n * DB-backed cross-process security checks\r\n * Each function takes a DashboardDB + config section and returns a violation or warning.\r\n */\r\n\r\nimport type { DashboardDB } from '../dashboard/db.js'\r\nimport type {\r\n  LoopDetectionPolicy,\r\n  AnomalyDetectionPolicy,\r\n  RateLimitPolicy,\r\n  PolicyViolation\r\n} from '../types.js'\r\n\r\nexport interface CheckResult {\r\n  violation: PolicyViolation | null\r\n  warning: string | null\r\n}\r\n\r\n// ─────────────────────────────────────────────────────────────\r\n// Helpers (mirrored from LoopDetector for DB-backed checks)\r\n// ─────────────────────────────────────────────────────────────\r\n\r\nfunction normalize(command: string): string {\r\n  return command\r\n    .toLowerCase()\r\n    .replace(/[\"']/g, '')\r\n    .replace(/\\s+/g, ' ')\r\n    .replace(/\\d+/g, 'N')\r\n    .replace(/[a-f0-9]{8,}/gi, 'H')\r\n    .trim()\r\n}\r\n\r\nfunction jaccardSimilarity(a: string, b: string): number {\r\n  const wordsA = new Set(a.split(/\\s+/))\r\n  const wordsB = new Set(b.split(/\\s+/))\r\n  const intersection = new Set([...wordsA].filter(x => wordsB.has(x)))\r\n  const union = new Set([...wordsA, ...wordsB])\r\n  if (union.size === 0) return 1\r\n  return intersection.size / union.size\r\n}\r\n\r\n// ─────────────────────────────────────────────────────────────\r\n// Loop Detection (DB-backed)\r\n// ─────────────────────────────────────────────────────────────\r\n\r\nexport function checkLoopDetection(\r\n  command: string,\r\n  config: LoopDetectionPolicy,\r\n  db: DashboardDB\r\n): CheckResult {\r\n  if (!config.enabled) return { violation: null, warning: null }\r\n\r\n  // Check max turns\r\n  const totalCount = db.getTotalCommandCount()\r\n  if (totalCount >= config.maxTurns) {\r\n    const msg = `Maximum turns reached (${config.maxTurns}). Session may be stuck.`\r\n    if (config.action === 'block') {\r\n      return { violation: { type: 'loop', rule: 'max_turns', message: msg }, warning: null }\r\n    }\r\n    return { violation: null, warning: msg }\r\n  }\r\n\r\n  // Check recent commands for repeats\r\n  const recent = db.getRecentCommandTexts(config.windowSize)\r\n\r\n  // Exact repeats\r\n  const exactCount = recent.filter(r => r.command === command).length\r\n  if (exactCount >= config.maxRepeats) {\r\n    const msg = `Command repeated ${exactCount + 1} times: \"${command.slice(0, 50)}\"`\r\n    if (config.action === 'block') {\r\n      return { violation: { type: 'loop', rule: 'exact_repeat', message: msg }, warning: null }\r\n    }\r\n    return { violation: null, warning: msg }\r\n  }\r\n\r\n  // Semantic repeats\r\n  const normalizedCmd = normalize(command)\r\n  const similarCount = recent.filter(\r\n    r => jaccardSimilarity(normalize(r.command), normalizedCmd) >= config.similarityThreshold\r\n  ).length\r\n  if (similarCount >= config.maxRepeats) {\r\n    const msg = `Similar commands repeated ${similarCount + 1} times`\r\n    if (config.action === 'block') {\r\n      return { violation: { type: 'loop', rule: 'semantic_repeat', message: msg }, warning: null }\r\n    }\r\n    return { violation: null, warning: msg }\r\n  }\r\n\r\n  return { violation: null, warning: null }\r\n}\r\n\r\n// ─────────────────────────────────────────────────────────────\r\n// Anomaly Detection (DB-backed)\r\n// ─────────────────────────────────────────────────────────────\r\n\r\n// Default suspicious patterns (same as anomaly-detector.ts)\r\nconst DEFAULT_SUSPICIOUS_PATTERNS: RegExp[] = [\r\n  /\\bpasswd\\b/,\r\n  /\\bshadow\\b/,\r\n  /\\/root\\//,\r\n  /\\.ssh\\//,\r\n  /\\.gnupg\\//,\r\n  /\\.aws\\//,\r\n  /\\.kube\\//,\r\n  /wallet/i,\r\n  /crypto/i,\r\n  /bitcoin/i,\r\n  /ethereum/i,\r\n  /private.*key/i,\r\n]\r\n\r\nexport function checkAnomalyDetection(\r\n  command: string,\r\n  config: AnomalyDetectionPolicy,\r\n  db: DashboardDB\r\n): CheckResult {\r\n  if (!config.enabled) return { violation: null, warning: null }\r\n\r\n  // Still learning — skip checks\r\n  const totalCount = db.getTotalCommandCount()\r\n  if (totalCount < config.learningCommands) {\r\n    return { violation: null, warning: null }\r\n  }\r\n\r\n  const findings: string[] = []\r\n\r\n  // Check working hours\r\n  const hour = new Date().getHours()\r\n  const [start, end] = config.workingHours\r\n  if (hour < start || hour >= end) {\r\n    findings.push(`Activity outside working hours (${hour}:00, allowed ${start}-${end})`)\r\n  }\r\n\r\n  // Check frequency (commands in last minute)\r\n  const oneMinuteAgo = new Date(Date.now() - 60_000).toISOString()\r\n  const recentCount = db.getCommandCountSince(oneMinuteAgo)\r\n  if (recentCount > config.typicalCommandsPerMinute * 2) {\r\n    findings.push(`High command rate: ${recentCount}/min (typical: ${config.typicalCommandsPerMinute})`)\r\n  }\r\n\r\n  // Check suspicious patterns (config + built-in)\r\n  const configPatterns = (config.suspiciousPatterns || []).map(p => {\r\n    try { return new RegExp(p, 'i') } catch { return null }\r\n  }).filter((p): p is RegExp => p !== null)\r\n\r\n  const allPatterns = [...DEFAULT_SUSPICIOUS_PATTERNS, ...configPatterns]\r\n  for (const pattern of allPatterns) {\r\n    if (pattern.test(command)) {\r\n      findings.push(`Suspicious pattern: ${pattern.source}`)\r\n      break // one is enough\r\n    }\r\n  }\r\n\r\n  if (findings.length === 0) return { violation: null, warning: null }\r\n\r\n  const msg = `Anomaly: ${findings.join('; ')}`\r\n  if (config.action === 'block') {\r\n    return { violation: { type: 'anomaly', rule: 'anomaly_detection', message: msg }, warning: null }\r\n  }\r\n  return { violation: null, warning: msg }\r\n}\r\n\r\n// ─────────────────────────────────────────────────────────────\r\n// Rate Limiting (DB-backed)\r\n// ─────────────────────────────────────────────────────────────\r\n\r\nexport function checkRateLimit(\r\n  config: RateLimitPolicy,\r\n  db: DashboardDB\r\n): CheckResult {\r\n  if (!config.enabled) return { violation: null, warning: null }\r\n\r\n  // Per-minute check\r\n  const oneMinuteAgo = new Date(Date.now() - 60_000).toISOString()\r\n  const perMinute = db.getCommandCountSince(oneMinuteAgo)\r\n  if (perMinute >= config.maxPerMinute) {\r\n    return {\r\n      violation: {\r\n        type: 'rate_limit',\r\n        rule: 'rate_per_minute',\r\n        message: `Rate limit exceeded: ${perMinute}/${config.maxPerMinute} per minute`\r\n      },\r\n      warning: null\r\n    }\r\n  }\r\n\r\n  // Per-hour check\r\n  const oneHourAgo = new Date(Date.now() - 3_600_000).toISOString()\r\n  const perHour = db.getCommandCountSince(oneHourAgo)\r\n  if (perHour >= config.maxPerHour) {\r\n    return {\r\n      violation: {\r\n        type: 'rate_limit',\r\n        rule: 'rate_per_hour',\r\n        message: `Rate limit exceeded: ${perHour}/${config.maxPerHour} per hour`\r\n      },\r\n      warning: null\r\n    }\r\n  }\r\n\r\n  return { violation: null, warning: null }\r\n}\r\n"],"mappings":";;;;AAsBA,SAAS,UAAU,SAAyB;AAC1C,SAAO,QACJ,YAAY,EACZ,QAAQ,SAAS,EAAE,EACnB,QAAQ,QAAQ,GAAG,EACnB,QAAQ,QAAQ,GAAG,EACnB,QAAQ,kBAAkB,GAAG,EAC7B,KAAK;AACV;AAEA,SAAS,kBAAkB,GAAW,GAAmB;AACvD,QAAM,SAAS,IAAI,IAAI,EAAE,MAAM,KAAK,CAAC;AACrC,QAAM,SAAS,IAAI,IAAI,EAAE,MAAM,KAAK,CAAC;AACrC,QAAM,eAAe,IAAI,IAAI,CAAC,GAAG,MAAM,EAAE,OAAO,OAAK,OAAO,IAAI,CAAC,CAAC,CAAC;AACnE,QAAM,QAAQ,oBAAI,IAAI,CAAC,GAAG,QAAQ,GAAG,MAAM,CAAC;AAC5C,MAAI,MAAM,SAAS,EAAG,QAAO;AAC7B,SAAO,aAAa,OAAO,MAAM;AACnC;AAMO,SAAS,mBACd,SACA,QACA,IACa;AACb,MAAI,CAAC,OAAO,QAAS,QAAO,EAAE,WAAW,MAAM,SAAS,KAAK;AAG7D,QAAM,aAAa,GAAG,qBAAqB;AAC3C,MAAI,cAAc,OAAO,UAAU;AACjC,UAAM,MAAM,0BAA0B,OAAO,QAAQ;AACrD,QAAI,OAAO,WAAW,SAAS;AAC7B,aAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,MAAM,aAAa,SAAS,IAAI,GAAG,SAAS,KAAK;AAAA,IACvF;AACA,WAAO,EAAE,WAAW,MAAM,SAAS,IAAI;AAAA,EACzC;AAGA,QAAM,SAAS,GAAG,sBAAsB,OAAO,UAAU;AAGzD,QAAM,aAAa,OAAO,OAAO,OAAK,EAAE,YAAY,OAAO,EAAE;AAC7D,MAAI,cAAc,OAAO,YAAY;AACnC,UAAM,MAAM,oBAAoB,aAAa,CAAC,YAAY,QAAQ,MAAM,GAAG,EAAE,CAAC;AAC9E,QAAI,OAAO,WAAW,SAAS;AAC7B,aAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,MAAM,gBAAgB,SAAS,IAAI,GAAG,SAAS,KAAK;AAAA,IAC1F;AACA,WAAO,EAAE,WAAW,MAAM,SAAS,IAAI;AAAA,EACzC;AAGA,QAAM,gBAAgB,UAAU,OAAO;AACvC,QAAM,eAAe,OAAO;AAAA,IAC1B,OAAK,kBAAkB,UAAU,EAAE,OAAO,GAAG,aAAa,KAAK,OAAO;AAAA,EACxE,EAAE;AACF,MAAI,gBAAgB,OAAO,YAAY;AACrC,UAAM,MAAM,6BAA6B,eAAe,CAAC;AACzD,QAAI,OAAO,WAAW,SAAS;AAC7B,aAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,MAAM,mBAAmB,SAAS,IAAI,GAAG,SAAS,KAAK;AAAA,IAC7F;AACA,WAAO,EAAE,WAAW,MAAM,SAAS,IAAI;AAAA,EACzC;AAEA,SAAO,EAAE,WAAW,MAAM,SAAS,KAAK;AAC1C;AAOA,IAAM,8BAAwC;AAAA,EAC5C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEO,SAAS,sBACd,SACA,QACA,IACa;AACb,MAAI,CAAC,OAAO,QAAS,QAAO,EAAE,WAAW,MAAM,SAAS,KAAK;AAG7D,QAAM,aAAa,GAAG,qBAAqB;AAC3C,MAAI,aAAa,OAAO,kBAAkB;AACxC,WAAO,EAAE,WAAW,MAAM,SAAS,KAAK;AAAA,EAC1C;AAEA,QAAM,WAAqB,CAAC;AAG5B,QAAM,QAAO,oBAAI,KAAK,GAAE,SAAS;AACjC,QAAM,CAAC,OAAO,GAAG,IAAI,OAAO;AAC5B,MAAI,OAAO,SAAS,QAAQ,KAAK;AAC/B,aAAS,KAAK,mCAAmC,IAAI,gBAAgB,KAAK,IAAI,GAAG,GAAG;AAAA,EACtF;AAGA,QAAM,eAAe,IAAI,KAAK,KAAK,IAAI,IAAI,GAAM,EAAE,YAAY;AAC/D,QAAM,cAAc,GAAG,qBAAqB,YAAY;AACxD,MAAI,cAAc,OAAO,2BAA2B,GAAG;AACrD,aAAS,KAAK,sBAAsB,WAAW,kBAAkB,OAAO,wBAAwB,GAAG;AAAA,EACrG;AAGA,QAAM,kBAAkB,OAAO,sBAAsB,CAAC,GAAG,IAAI,OAAK;AAChE,QAAI;AAAE,aAAO,IAAI,OAAO,GAAG,GAAG;AAAA,IAAE,QAAQ;AAAE,aAAO;AAAA,IAAK;AAAA,EACxD,CAAC,EAAE,OAAO,CAAC,MAAmB,MAAM,IAAI;AAExC,QAAM,cAAc,CAAC,GAAG,6BAA6B,GAAG,cAAc;AACtE,aAAW,WAAW,aAAa;AACjC,QAAI,QAAQ,KAAK,OAAO,GAAG;AACzB,eAAS,KAAK,uBAAuB,QAAQ,MAAM,EAAE;AACrD;AAAA,IACF;AAAA,EACF;AAEA,MAAI,SAAS,WAAW,EAAG,QAAO,EAAE,WAAW,MAAM,SAAS,KAAK;AAEnE,QAAM,MAAM,YAAY,SAAS,KAAK,IAAI,CAAC;AAC3C,MAAI,OAAO,WAAW,SAAS;AAC7B,WAAO,EAAE,WAAW,EAAE,MAAM,WAAW,MAAM,qBAAqB,SAAS,IAAI,GAAG,SAAS,KAAK;AAAA,EAClG;AACA,SAAO,EAAE,WAAW,MAAM,SAAS,IAAI;AACzC;AAMO,SAAS,eACd,QACA,IACa;AACb,MAAI,CAAC,OAAO,QAAS,QAAO,EAAE,WAAW,MAAM,SAAS,KAAK;AAG7D,QAAM,eAAe,IAAI,KAAK,KAAK,IAAI,IAAI,GAAM,EAAE,YAAY;AAC/D,QAAM,YAAY,GAAG,qBAAqB,YAAY;AACtD,MAAI,aAAa,OAAO,cAAc;AACpC,WAAO;AAAA,MACL,WAAW;AAAA,QACT,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS,wBAAwB,SAAS,IAAI,OAAO,YAAY;AAAA,MACnE;AAAA,MACA,SAAS;AAAA,IACX;AAAA,EACF;AAGA,QAAM,aAAa,IAAI,KAAK,KAAK,IAAI,IAAI,IAAS,EAAE,YAAY;AAChE,QAAM,UAAU,GAAG,qBAAqB,UAAU;AAClD,MAAI,WAAW,OAAO,YAAY;AAChC,WAAO;AAAA,MACL,WAAW;AAAA,QACT,MAAM;AAAA,QACN,MAAM;AAAA,QACN,SAAS,wBAAwB,OAAO,IAAI,OAAO,UAAU;AAAA,MAC/D;AAAA,MACA,SAAS;AAAA,IACX;AAAA,EACF;AAEA,SAAO,EAAE,WAAW,MAAM,SAAS,KAAK;AAC1C;","names":[]}

package/dist/{display-HFIFXOOL.js → display-UH7KEHOW.js}

@@ -5,8 +5,8 @@ import {
   formatAllAgentsInfo,
   formatPermissionsTable,
   getEffectivePermissions
-} from "./chunk-WPJJZLT6.js";
-import "./chunk-A535VV7N.js";
+} from "./chunk-CG6VEHJM.js";
+import "./chunk-RTZ4QWG2.js";
 import "./chunk-7OCVIDC7.js";
 export {
   formatAgentInfo,
@@ -15,4 +15,4 @@ export {
   formatPermissionsTable,
   getEffectivePermissions
 };
-//# sourceMappingURL=display-HFIFXOOL.js.map
+//# sourceMappingURL=display-UH7KEHOW.js.map

package/dist/gemini-cli-3563EELZ.js

@@ -0,0 +1,9 @@
+#!/usr/bin/env node
+import {
+  GeminiCLIHooks
+} from "./chunk-T5ONCUHZ.js";
+import "./chunk-7OCVIDC7.js";
+export {
+  GeminiCLIHooks
+};
+//# sourceMappingURL=gemini-cli-3563EELZ.js.map

package/dist/gemini-cli-3563EELZ.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/index.d.ts

@@ -16,7 +16,7 @@ interface BashBrosConfig {
     ward: WardPolicy;
     dashboard: DashboardPolicy;
 }
-type AgentType = 'claude-code' | 'clawdbot' | 'moltbot' | 'gemini-cli' | 'aider' | 'opencode' | 'custom';
+type AgentType = 'claude-code' | 'clawdbot' | 'moltbot' | 'gemini-cli' | 'copilot-cli' | 'aider' | 'opencode' | 'custom';
 interface MoltbotGatewayInfo {
     port: number;
     host: string;
@@ -117,7 +117,7 @@ interface CommandResult {
     violations: PolicyViolation[];
 }
 interface PolicyViolation {
-    type: 'command' | 'path' | 'secrets' | 'rate_limit';
+    type: 'command' | 'path' | 'secrets' | 'rate_limit' | 'risk_score' | 'loop' | 'anomaly' | 'output';
     rule: string;
     message: string;
 }
@@ -311,6 +311,133 @@ declare class SystemProfiler {
     toContext(): string;
 }
 
+/**
+ * Simple Ollama client for local model inference.
+ * Keeps it minimal - just what we need for Bash Bro.
+ */
+interface OllamaConfig {
+    host: string;
+    model: string;
+    timeout: number;
+}
+interface ChatMessage {
+    role: 'system' | 'user' | 'assistant';
+    content: string;
+}
+interface ModelInfo {
+    modelfile: string;
+    parameters: string;
+    template: string;
+    details: {
+        parent_model: string;
+        format: string;
+        family: string;
+        families: string[];
+        parameter_size: string;
+        quantization_level: string;
+    };
+}
+interface RunningModel {
+    name: string;
+    model: string;
+    size: number;
+    size_vram: number;
+    digest: string;
+    details: {
+        family: string;
+        parameter_size: string;
+        quantization_level: string;
+    };
+    expires_at: string;
+}
+declare class OllamaClient {
+    private config;
+    constructor(config?: Partial<OllamaConfig>);
+    /**
+     * Check if Ollama is running and accessible
+     */
+    isAvailable(): Promise<boolean>;
+    /**
+     * List available models
+     */
+    listModels(): Promise<string[]>;
+    /**
+     * Generate a response from the model
+     */
+    generate(prompt: string, systemPrompt?: string): Promise<string>;
+    /**
+     * Chat with the model (multi-turn conversation)
+     */
+    chat(messages: ChatMessage[]): Promise<string>;
+    /**
+     * Ask Bash Bro to suggest a command
+     */
+    suggestCommand(context: string): Promise<string | null>;
+    /**
+     * Ask Bash Bro to explain a command
+     */
+    explainCommand(command: string): Promise<string>;
+    /**
+     * Ask Bash Bro to fix a command that failed
+     */
+    fixCommand(command: string, error: string): Promise<string | null>;
+    /**
+     * Show detailed info about a model
+     */
+    showModel(name: string): Promise<ModelInfo | null>;
+    /**
+     * Delete a model
+     */
+    deleteModel(name: string): Promise<boolean>;
+    /**
+     * List currently running models
+     */
+    listRunning(): Promise<RunningModel[]>;
+    /**
+     * Pull a model from the registry
+     */
+    pullModel(name: string): Promise<boolean>;
+    /**
+     * Create a model from a Modelfile
+     */
+    createModel(name: string, modelfile: string): Promise<boolean>;
+    setModel(model: string): void;
+    getModel(): string;
+    /**
+     * Generate a shell script from a natural language description
+     */
+    generateScript(description: string, shell?: string): Promise<string | null>;
+    /**
+     * Analyze command safety and provide recommendations
+     */
+    analyzeCommandSafety(command: string): Promise<{
+        safe: boolean;
+        risk: 'low' | 'medium' | 'high' | 'critical';
+        explanation: string;
+        suggestions: string[];
+    }>;
+    /**
+     * Summarize a series of commands and their outputs
+     */
+    summarizeSession(commands: {
+        command: string;
+        output?: string;
+        error?: string;
+    }[]): Promise<string>;
+    /**
+     * Get help for a specific tool or command
+     */
+    getHelp(topic: string): Promise<string>;
+    /**
+     * Convert natural language to a command
+     */
+    naturalToCommand(description: string): Promise<string | null>;
+    /**
+     * Generate with a temporary model override (for adapter-specific calls)
+     */
+    generateWithAdapter(modelOverride: string, prompt: string, systemPrompt?: string): Promise<string>;
+}
+
 type RouteDecision = 'bro' | 'main' | 'both';
 interface RoutingResult {
     decision: RouteDecision;
@@ -320,9 +447,11 @@ interface RoutingResult {
 declare class TaskRouter {
     private rules;
     private profile;
-    constructor(profile?: SystemProfile | null);
+    private ollama;
+    constructor(profile?: SystemProfile | null, ollama?: OllamaClient | null);
     private buildDefaultRules;
     route(command: string): RoutingResult;
+    routeAsync(command: string): Promise<RoutingResult>;
     private looksSimple;
     addRule(pattern: RegExp, route: RouteDecision, reason: string): void;
     updateProfile(profile: SystemProfile): void;
@@ -338,9 +467,12 @@ declare class CommandSuggester {
     private history;
     private profile;
     private patterns;
-    constructor(profile?: SystemProfile | null);
+    private ollama;
+    private aiCache;
+    constructor(profile?: SystemProfile | null, ollama?: OllamaClient | null);
     private initPatterns;
     suggest(context: SuggestionContext): Suggestion[];
+    suggestAsync(context: SuggestionContext): Promise<Suggestion[]>;
     private suggestFromPatterns;
     private suggestFromHistory;
     private suggestFromContext;
@@ -381,6 +513,23 @@ declare class BackgroundWorker extends EventEmitter {
     formatStatus(): string;
 }
 
+type AdapterPurpose = 'suggest' | 'safety' | 'route' | 'explain' | 'fix' | 'script' | 'general';
+interface AdapterEntry {
+    name: string;
+    baseModel: string;
+    purpose: AdapterPurpose;
+    adapterPath: string;
+    trainedAt: string;
+    tracesUsed: number;
+    qualityScore: number;
+}
+
+interface ModelProfile {
+    name: string;
+    baseModel: string;
+    adapters: Partial<Record<AdapterPurpose, string>>;
+}
+
 interface BroConfig {
     modelEndpoint?: string;
     modelName?: string;
@@ -389,6 +538,7 @@ interface BroConfig {
     enableBackground?: boolean;
     enableOllama?: boolean;
     enableBashgymIntegration?: boolean;
+    activeProfile?: string;
 }
 declare class BashBro extends EventEmitter {
     private profiler;
@@ -400,6 +550,9 @@ declare class BashBro extends EventEmitter {
     private config;
     private ollamaAvailable;
     private bashgymModelVersion;
+    private adapterRegistry;
+    private profileManager;
+    private activeProfile;
     constructor(config?: BroConfig);
     /**
      * Initialize bashgym integration for model hot-swap
@@ -414,6 +567,14 @@ declare class BashBro extends EventEmitter {
     scanProject(projectPath: string): void;
     route(command: string): RoutingResult;
     suggest(context: SuggestionContext): Suggestion[];
+    /**
+     * AI-enhanced async routing - uses pattern matching first, falls back to Ollama
+     */
+    routeAsync(command: string): Promise<RoutingResult>;
+    /**
+     * AI-enhanced async suggestions - pattern matching + Ollama suggestions with caching
+     */
+    suggestAsync(context: SuggestionContext): Promise<Suggestion[]>;
     /**
      * SECURITY FIX: Safe command execution with validation
      */
@@ -484,84 +645,27 @@ declare class BashBro extends EventEmitter {
      * Force refresh the bashgym model (check for updates)
      */
     refreshBashgymModel(): boolean;
-    status(): string;
-}
-
-/**
- * Simple Ollama client for local model inference.
- * Keeps it minimal - just what we need for Bash Bro.
- */
-interface OllamaConfig {
-    host: string;
-    model: string;
-    timeout: number;
-}
-interface ChatMessage {
-    role: 'system' | 'user' | 'assistant';
-    content: string;
-}
-declare class OllamaClient {
-    private config;
-    constructor(config?: Partial<OllamaConfig>);
-    /**
-     * Check if Ollama is running and accessible
-     */
-    isAvailable(): Promise<boolean>;
-    /**
-     * List available models
-     */
-    listModels(): Promise<string[]>;
-    /**
-     * Generate a response from the model
-     */
-    generate(prompt: string, systemPrompt?: string): Promise<string>;
     /**
-     * Chat with the model (multi-turn conversation)
+     * Get model name for a specific purpose (checks active profile for adapter override)
      */
-    chat(messages: ChatMessage[]): Promise<string>;
-    /**
-     * Ask Bash Bro to suggest a command
-     */
-    suggestCommand(context: string): Promise<string | null>;
+    private getModelForPurpose;
     /**
-     * Ask Bash Bro to explain a command
+     * Get discovered LoRA adapters
      */
-    explainCommand(command: string): Promise<string>;
+    getAdapters(): AdapterEntry[];
     /**
-     * Ask Bash Bro to fix a command that failed
+     * Get available model profiles
      */
-    fixCommand(command: string, error: string): Promise<string | null>;
-    setModel(model: string): void;
-    getModel(): string;
+    getProfiles(): ModelProfile[];
     /**
-     * Generate a shell script from a natural language description
+     * Get the active model profile
      */
-    generateScript(description: string, shell?: string): Promise<string | null>;
+    getActiveProfile(): ModelProfile | null;
     /**
-     * Analyze command safety and provide recommendations
+     * Set the active model profile by name
      */
-    analyzeCommandSafety(command: string): Promise<{
-        safe: boolean;
-        risk: 'low' | 'medium' | 'high' | 'critical';
-        explanation: string;
-        suggestions: string[];
-    }>;
-    /**
-     * Summarize a series of commands and their outputs
-     */
-    summarizeSession(commands: {
-        command: string;
-        output?: string;
-        error?: string;
-    }[]): Promise<string>;
-    /**
-     * Get help for a specific tool or command
-     */
-    getHelp(topic: string): Promise<string>;
-    /**
-     * Convert natural language to a command
-     */
-    naturalToCommand(description: string): Promise<string | null>;
+    setActiveProfile(name: string): boolean;
+    status(): string;
 }
 
 /**