bashbros 0.1.3 → 0.1.4

package/dist/{chunk-2RPTM6EQ.js → chunk-7OEWYFN3.js}

@@ -4,10 +4,16 @@ import {
 } from "./chunk-SG752FZC.js";
 import {
   OllamaClient
-} from "./chunk-DLP2O6PN.js";
+} from "./chunk-EMLEJVJZ.js";
+import {
+  AdapterRegistry
+} from "./chunk-4XZ64P4V.js";
+import {
+  ProfileManager
+} from "./chunk-LJE4EPIU.js";
 import {
   loadConfig
-} from "./chunk-A535VV7N.js";
+} from "./chunk-RTZ4QWG2.js";
 import {
   PolicyEngine
 } from "./chunk-QWZGB4V3.js";
@@ -414,290 +420,6 @@ function resetBashgymIntegration() {
   _integration = null;
 }
 
-// src/hooks/claude-code.ts
-import { existsSync as existsSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2, mkdirSync as mkdirSync2 } from "fs";
-import { join as join2 } from "path";
-import { homedir as homedir2 } from "os";
-var CLAUDE_SETTINGS_PATH = join2(homedir2(), ".claude", "settings.json");
-var CLAUDE_DIR = join2(homedir2(), ".claude");
-var BASHBROS_HOOK_MARKER = "# bashbros-managed";
-var BASHBROS_ALL_TOOLS_MARKER = "--marker=bashbros-all-tools";
-var ClaudeCodeHooks = class {
-  /**
-   * Check if Claude Code is installed
-   */
-  static isClaudeInstalled() {
-    return existsSync2(CLAUDE_DIR);
-  }
-  /**
-   * Load current Claude settings
-   */
-  static loadSettings() {
-    if (!existsSync2(CLAUDE_SETTINGS_PATH)) {
-      return {};
-    }
-    try {
-      const content = readFileSync2(CLAUDE_SETTINGS_PATH, "utf-8");
-      return JSON.parse(content);
-    } catch {
-      return {};
-    }
-  }
-  /**
-   * Save Claude settings
-   */
-  static saveSettings(settings) {
-    if (!existsSync2(CLAUDE_DIR)) {
-      mkdirSync2(CLAUDE_DIR, { recursive: true });
-    }
-    writeFileSync2(
-      CLAUDE_SETTINGS_PATH,
-      JSON.stringify(settings, null, 2),
-      "utf-8"
-    );
-  }
-  /**
-   * Install BashBros hooks into Claude Code
-   */
-  static install() {
-    if (!this.isClaudeInstalled()) {
-      return {
-        success: false,
-        message: "Claude Code not found. Install Claude Code first."
-      };
-    }
-    const settings = this.loadSettings();
-    if (!settings.hooks) {
-      settings.hooks = {};
-    }
-    if (this.isInstalled(settings)) {
-      return {
-        success: true,
-        message: "BashBros hooks already installed."
-      };
-    }
-    const preToolUseHook = {
-      matcher: "Bash",
-      hooks: [{
-        type: "command",
-        command: `bashbros gate "$TOOL_INPUT" ${BASHBROS_HOOK_MARKER}`
-      }]
-    };
-    const postToolUseHook = {
-      matcher: "Bash",
-      hooks: [{
-        type: "command",
-        command: `bashbros record "$TOOL_INPUT" "$TOOL_OUTPUT" ${BASHBROS_HOOK_MARKER}`
-      }]
-    };
-    const sessionEndHook = {
-      hooks: [{
-        type: "command",
-        command: `bashbros session-end ${BASHBROS_HOOK_MARKER}`
-      }]
-    };
-    settings.hooks.PreToolUse = [
-      ...settings.hooks.PreToolUse || [],
-      preToolUseHook
-    ];
-    settings.hooks.PostToolUse = [
-      ...settings.hooks.PostToolUse || [],
-      postToolUseHook
-    ];
-    settings.hooks.SessionEnd = [
-      ...settings.hooks.SessionEnd || [],
-      sessionEndHook
-    ];
-    this.saveSettings(settings);
-    return {
-      success: true,
-      message: "BashBros hooks installed successfully."
-    };
-  }
-  /**
-   * Uninstall BashBros hooks from Claude Code
-   */
-  static uninstall() {
-    if (!this.isClaudeInstalled()) {
-      return {
-        success: false,
-        message: "Claude Code not found."
-      };
-    }
-    const settings = this.loadSettings();
-    if (!settings.hooks) {
-      return {
-        success: true,
-        message: "No hooks to uninstall."
-      };
-    }
-    const filterHooks = (hooks) => {
-      if (!hooks) return [];
-      return hooks.filter(
-        (h) => !h.hooks.some((hook) => hook.command.includes(BASHBROS_HOOK_MARKER))
-      );
-    };
-    settings.hooks.PreToolUse = filterHooks(settings.hooks.PreToolUse);
-    settings.hooks.PostToolUse = filterHooks(settings.hooks.PostToolUse);
-    settings.hooks.SessionEnd = filterHooks(settings.hooks.SessionEnd);
-    if (settings.hooks.PreToolUse?.length === 0) delete settings.hooks.PreToolUse;
-    if (settings.hooks.PostToolUse?.length === 0) delete settings.hooks.PostToolUse;
-    if (settings.hooks.SessionEnd?.length === 0) delete settings.hooks.SessionEnd;
-    if (Object.keys(settings.hooks).length === 0) delete settings.hooks;
-    this.saveSettings(settings);
-    return {
-      success: true,
-      message: "BashBros hooks uninstalled successfully."
-    };
-  }
-  /**
-   * Check if BashBros hooks are installed
-   */
-  static isInstalled(settings) {
-    const s = settings || this.loadSettings();
-    if (!s.hooks) return false;
-    const hasMarker = (hooks) => {
-      if (!hooks) return false;
-      return hooks.some(
-        (h) => h.hooks.some((hook) => hook.command.includes(BASHBROS_HOOK_MARKER))
-      );
-    };
-    return hasMarker(s.hooks.PreToolUse) || hasMarker(s.hooks.PostToolUse) || hasMarker(s.hooks.SessionEnd);
-  }
-  /**
-   * Get hook status
-   */
-  static getStatus() {
-    const claudeInstalled = this.isClaudeInstalled();
-    const settings = claudeInstalled ? this.loadSettings() : {};
-    const hooksInstalled = this.isInstalled(settings);
-    const allToolsInstalled = this.isAllToolsInstalled(settings);
-    const hooks = [];
-    if (settings.hooks?.PreToolUse) hooks.push("PreToolUse (gate)");
-    if (settings.hooks?.PostToolUse) hooks.push("PostToolUse (record)");
-    if (settings.hooks?.SessionEnd) hooks.push("SessionEnd (report)");
-    if (allToolsInstalled) hooks.push("PostToolUse (all-tools)");
-    return {
-      claudeInstalled,
-      hooksInstalled,
-      allToolsInstalled,
-      hooks
-    };
-  }
-  /**
-   * Check if all-tools recording is installed
-   */
-  static isAllToolsInstalled(settings) {
-    const s = settings || this.loadSettings();
-    if (!s.hooks?.PostToolUse) return false;
-    return s.hooks.PostToolUse.some(
-      (h) => h.hooks.some(
-        (hook) => hook.command.includes(BASHBROS_ALL_TOOLS_MARKER) || hook.command.includes("bashbros-all-tools")
-      )
-    );
-  }
-  /**
-   * Install all-tools recording hook (records ALL Claude Code tools, not just Bash)
-   */
-  static installAllTools() {
-    if (!this.isClaudeInstalled()) {
-      return {
-        success: false,
-        message: "Claude Code not found. Install Claude Code first."
-      };
-    }
-    const settings = this.loadSettings();
-    if (!settings.hooks) {
-      settings.hooks = {};
-    }
-    if (this.isAllToolsInstalled(settings)) {
-      return {
-        success: true,
-        message: "BashBros all-tools recording already installed."
-      };
-    }
-    const allToolsHook = {
-      matcher: "",
-      // Empty matcher matches ALL tools
-      hooks: [{
-        type: "command",
-        command: `bashbros record-tool ${BASHBROS_ALL_TOOLS_MARKER}`
-      }]
-    };
-    settings.hooks.PostToolUse = [
-      allToolsHook,
-      ...settings.hooks.PostToolUse || []
-    ];
-    this.saveSettings(settings);
-    return {
-      success: true,
-      message: "BashBros all-tools recording installed. All Claude Code tools will now be recorded."
-    };
-  }
-  /**
-   * Uninstall all-tools recording hook
-   */
-  static uninstallAllTools() {
-    if (!this.isClaudeInstalled()) {
-      return {
-        success: false,
-        message: "Claude Code not found."
-      };
-    }
-    const settings = this.loadSettings();
-    if (!settings.hooks?.PostToolUse) {
-      return {
-        success: true,
-        message: "No all-tools hook to uninstall."
-      };
-    }
-    settings.hooks.PostToolUse = settings.hooks.PostToolUse.filter(
-      (h) => !h.hooks.some(
-        (hook) => hook.command.includes(BASHBROS_ALL_TOOLS_MARKER) || hook.command.includes("bashbros-all-tools")
-      )
-    );
-    if (settings.hooks.PostToolUse.length === 0) {
-      delete settings.hooks.PostToolUse;
-    }
-    if (Object.keys(settings.hooks).length === 0) {
-      delete settings.hooks;
-    }
-    this.saveSettings(settings);
-    return {
-      success: true,
-      message: "BashBros all-tools recording uninstalled."
-    };
-  }
-};
-async function gateCommand(command) {
-  const { PolicyEngine: PolicyEngine2 } = await import("./engine-EGPAS2EX.js");
-  const { RiskScorer } = await import("./risk-scorer-Y6KF2XCZ.js");
-  const { loadConfig: loadConfig2 } = await import("./config-43SK6SFI.js");
-  const config = loadConfig2();
-  const engine = new PolicyEngine2(config);
-  const scorer = new RiskScorer();
-  const violations = engine.validate(command);
-  const risk = scorer.score(command);
-  if (violations.length > 0) {
-    return {
-      allowed: false,
-      reason: violations[0].message,
-      riskScore: risk.score
-    };
-  }
-  if (risk.level === "critical") {
-    return {
-      allowed: false,
-      reason: `Critical risk: ${risk.factors.join(", ")}`,
-      riskScore: risk.score
-    };
-  }
-  return {
-    allowed: true,
-    riskScore: risk.score
-  };
-}
-
 // src/core.ts
 import * as pty from "node-pty";
 import { EventEmitter as EventEmitter2 } from "events";
@@ -780,32 +502,594 @@ var BashBros = class extends EventEmitter2 {
   isAllowed(command) {
     return this.policy.isAllowed(command);
   }
-  resize(cols, rows) {
-    if (this.ptyProcess) {
-      this.ptyProcess.resize(cols, rows);
+  resize(cols, rows) {
+    if (this.ptyProcess) {
+      this.ptyProcess.resize(cols, rows);
+    }
+  }
+  write(data) {
+    if (this.ptyProcess) {
+      this.ptyProcess.write(data);
+    }
+  }
+  stop() {
+    if (this.ptyProcess) {
+      this.ptyProcess.kill();
+      this.ptyProcess = null;
+    }
+  }
+  getConfig() {
+    return this.config;
+  }
+};
+
+// src/policy/loop-detector.ts
+var DEFAULT_CONFIG = {
+  maxRepeats: 3,
+  maxTurns: 100,
+  similarityThreshold: 0.85,
+  cooldownMs: 1e3,
+  windowSize: 20
+};
+var LoopDetector = class {
+  config;
+  history = [];
+  turnCount = 0;
+  constructor(config = {}) {
+    this.config = { ...DEFAULT_CONFIG, ...config };
+  }
+  /**
+   * Record a command and check for loops
+   */
+  check(command) {
+    const now = Date.now();
+    const normalized = this.normalize(command);
+    this.turnCount++;
+    if (this.turnCount >= this.config.maxTurns) {
+      return {
+        type: "max_turns",
+        command,
+        count: this.turnCount,
+        message: `Maximum turns reached (${this.config.maxTurns}). Session may be stuck.`
+      };
+    }
+    const exactMatches = this.history.filter((h) => h.command === command);
+    if (exactMatches.length >= this.config.maxRepeats) {
+      return {
+        type: "exact_repeat",
+        command,
+        count: exactMatches.length + 1,
+        message: `Command repeated ${exactMatches.length + 1} times: "${command.slice(0, 50)}..."`
+      };
+    }
+    const lastSame = exactMatches[exactMatches.length - 1];
+    if (lastSame && now - lastSame.timestamp < this.config.cooldownMs) {
+      return {
+        type: "exact_repeat",
+        command,
+        count: 2,
+        message: `Rapid repeat detected (${now - lastSame.timestamp}ms apart)`
+      };
+    }
+    const recentWindow = this.history.slice(-this.config.windowSize);
+    const similarCount = recentWindow.filter(
+      (h) => this.similarity(h.normalized, normalized) >= this.config.similarityThreshold
+    ).length;
+    if (similarCount >= this.config.maxRepeats) {
+      return {
+        type: "semantic_repeat",
+        command,
+        count: similarCount + 1,
+        message: `Similar commands repeated ${similarCount + 1} times`
+      };
+    }
+    const baseCommand = command.split(/\s+/)[0];
+    const toolCount = recentWindow.filter(
+      (h) => h.command.split(/\s+/)[0] === baseCommand
+    ).length;
+    if (toolCount >= this.config.maxRepeats * 2) {
+      return {
+        type: "tool_hammering",
+        command,
+        count: toolCount + 1,
+        message: `Tool "${baseCommand}" called ${toolCount + 1} times in last ${this.config.windowSize} commands`
+      };
+    }
+    this.history.push({ command, timestamp: now, normalized });
+    if (this.history.length > this.config.windowSize * 2) {
+      this.history = this.history.slice(-this.config.windowSize);
+    }
+    return null;
+  }
+  /**
+   * Normalize command for comparison
+   */
+  normalize(command) {
+    return command.toLowerCase().replace(/["']/g, "").replace(/\s+/g, " ").replace(/\d+/g, "N").replace(/[a-f0-9]{8,}/gi, "H").trim();
+  }
+  /**
+   * Calculate similarity between two strings (Jaccard index on words)
+   */
+  similarity(a, b) {
+    const wordsA = new Set(a.split(/\s+/));
+    const wordsB = new Set(b.split(/\s+/));
+    const intersection = new Set([...wordsA].filter((x) => wordsB.has(x)));
+    const union = /* @__PURE__ */ new Set([...wordsA, ...wordsB]);
+    if (union.size === 0) return 1;
+    return intersection.size / union.size;
+  }
+  /**
+   * Get current turn count
+   */
+  getTurnCount() {
+    return this.turnCount;
+  }
+  /**
+   * Get command frequency map
+   */
+  getFrequencyMap() {
+    const freq = /* @__PURE__ */ new Map();
+    for (const entry of this.history) {
+      const base = entry.command.split(/\s+/)[0];
+      freq.set(base, (freq.get(base) || 0) + 1);
+    }
+    return freq;
+  }
+  /**
+   * Reset detector state
+   */
+  reset() {
+    this.history = [];
+    this.turnCount = 0;
+  }
+  /**
+   * Get stats for reporting
+   */
+  getStats() {
+    const freq = this.getFrequencyMap();
+    const sorted = [...freq.entries()].sort((a, b) => b[1] - a[1]);
+    return {
+      turnCount: this.turnCount,
+      uniqueCommands: freq.size,
+      topCommands: sorted.slice(0, 5)
+    };
+  }
+};
+
+// src/policy/anomaly-detector.ts
+var DEFAULT_CONFIG2 = {
+  workingHours: [6, 22],
+  // 6 AM to 10 PM
+  typicalCommandsPerMinute: 30,
+  knownPaths: [],
+  suspiciousPatterns: [],
+  enabled: true
+};
+var DEFAULT_SUSPICIOUS_PATTERNS = [
+  /\bpasswd\b/,
+  /\bshadow\b/,
+  /\/root\//,
+  /\.ssh\//,
+  /\.gnupg\//,
+  /\.aws\//,
+  /\.kube\//,
+  /wallet/i,
+  /crypto/i,
+  /bitcoin/i,
+  /ethereum/i,
+  /private.*key/i
+];
+var AnomalyDetector = class {
+  config;
+  commands = [];
+  baselinePaths = /* @__PURE__ */ new Set();
+  baselineCommands = /* @__PURE__ */ new Set();
+  learningMode = true;
+  learningCount = 0;
+  LEARNING_THRESHOLD = 50;
+  constructor(config = {}) {
+    this.config = { ...DEFAULT_CONFIG2, ...config };
+  }
+  /**
+   * Check a command for anomalies
+   */
+  check(command, cwd) {
+    if (!this.config.enabled) return [];
+    const anomalies = [];
+    const now = Date.now();
+    this.commands.push({ command, timestamp: now, path: cwd });
+    if (this.commands.length > 1e3) {
+      this.commands = this.commands.slice(-500);
+    }
+    if (this.learningMode) {
+      this.learn(command, cwd);
+      if (this.learningCount >= this.LEARNING_THRESHOLD) {
+        this.learningMode = false;
+      }
+      return anomalies;
+    }
+    const timingAnomaly = this.checkTiming(now);
+    if (timingAnomaly) anomalies.push(timingAnomaly);
+    const freqAnomaly = this.checkFrequency(now);
+    if (freqAnomaly) anomalies.push(freqAnomaly);
+    if (cwd) {
+      const pathAnomaly = this.checkPath(cwd);
+      if (pathAnomaly) anomalies.push(pathAnomaly);
+    }
+    const patternAnomalies = this.checkPatterns(command);
+    anomalies.push(...patternAnomalies);
+    const behaviorAnomaly = this.checkBehavior(command);
+    if (behaviorAnomaly) anomalies.push(behaviorAnomaly);
+    return anomalies;
+  }
+  /**
+   * Learn from command (build baseline)
+   */
+  learn(command, cwd) {
+    this.learningCount++;
+    const baseCmd = command.split(/\s+/)[0];
+    this.baselineCommands.add(baseCmd);
+    if (cwd) {
+      this.baselinePaths.add(cwd);
+      const parts = cwd.split(/[/\\]/);
+      for (let i = 1; i <= parts.length; i++) {
+        this.baselinePaths.add(parts.slice(0, i).join("/"));
+      }
+    }
+  }
+  /**
+   * Check for timing anomalies
+   */
+  checkTiming(now) {
+    const hour = new Date(now).getHours();
+    const [start, end] = this.config.workingHours;
+    if (hour < start || hour >= end) {
+      return {
+        type: "timing",
+        severity: "info",
+        message: `Activity outside normal hours (${hour}:00)`,
+        details: { hour, workingHours: this.config.workingHours }
+      };
+    }
+    return null;
+  }
+  /**
+   * Check for frequency anomalies
+   */
+  checkFrequency(now) {
+    const oneMinuteAgo = now - 6e4;
+    const recentCommands = this.commands.filter((c) => c.timestamp > oneMinuteAgo);
+    const rate = recentCommands.length;
+    if (rate > this.config.typicalCommandsPerMinute * 2) {
+      return {
+        type: "frequency",
+        severity: "warning",
+        message: `High command rate: ${rate}/min (typical: ${this.config.typicalCommandsPerMinute})`,
+        details: { rate, typical: this.config.typicalCommandsPerMinute }
+      };
+    }
+    const fiveSecondsAgo = now - 5e3;
+    const burstCommands = this.commands.filter((c) => c.timestamp > fiveSecondsAgo);
+    if (burstCommands.length > 10) {
+      return {
+        type: "frequency",
+        severity: "alert",
+        message: `Burst detected: ${burstCommands.length} commands in 5 seconds`,
+        details: { count: burstCommands.length, window: "5s" }
+      };
+    }
+    return null;
+  }
+  /**
+   * Check for unusual path access
+   */
+  checkPath(path) {
+    if (this.config.knownPaths.length > 0) {
+      const isKnown = this.config.knownPaths.some(
+        (p) => path.startsWith(p) || path.includes(p)
+      );
+      if (!isKnown) {
+        return {
+          type: "path",
+          severity: "warning",
+          message: `Access to unexpected path: ${path}`,
+          details: { path, knownPaths: this.config.knownPaths }
+        };
+      }
+    }
+    if (!this.learningMode && this.baselinePaths.size > 0) {
+      const isBaseline = this.baselinePaths.has(path) || [...this.baselinePaths].some((p) => path.startsWith(p));
+      if (!isBaseline) {
+        return {
+          type: "path",
+          severity: "info",
+          message: `New path accessed: ${path}`,
+          details: { path, isNew: true }
+        };
+      }
+    }
+    return null;
+  }
+  /**
+   * Check for suspicious patterns
+   */
+  checkPatterns(command) {
+    const anomalies = [];
+    const allPatterns = [...DEFAULT_SUSPICIOUS_PATTERNS, ...this.config.suspiciousPatterns];
+    for (const pattern of allPatterns) {
+      if (pattern.test(command)) {
+        anomalies.push({
+          type: "pattern",
+          severity: "warning",
+          message: `Suspicious pattern detected: ${pattern.source}`,
+          details: { command: command.slice(0, 100), pattern: pattern.source }
+        });
+      }
+    }
+    return anomalies;
+  }
+  /**
+   * Check for behavioral anomalies
+   */
+  checkBehavior(command) {
+    const baseCmd = command.split(/\s+/)[0];
+    if (!this.learningMode && this.baselineCommands.size > 0) {
+      if (!this.baselineCommands.has(baseCmd)) {
+        const sensitiveCommands = /* @__PURE__ */ new Set([
+          "curl",
+          "wget",
+          "nc",
+          "netcat",
+          "ssh",
+          "scp",
+          "rsync",
+          "sudo",
+          "su",
+          "chmod",
+          "chown",
+          "mount",
+          "umount"
+        ]);
+        if (sensitiveCommands.has(baseCmd)) {
+          return {
+            type: "behavior",
+            severity: "warning",
+            message: `New sensitive command type: ${baseCmd}`,
+            details: { command: baseCmd, isNew: true }
+          };
+        }
+      }
+    }
+    return null;
+  }
+  /**
+   * Get anomaly stats
+   */
+  getStats() {
+    const now = Date.now();
+    const oneMinuteAgo = now - 6e4;
+    const recentRate = this.commands.filter((c) => c.timestamp > oneMinuteAgo).length;
+    return {
+      learningMode: this.learningMode,
+      learningProgress: Math.min(100, Math.round(this.learningCount / this.LEARNING_THRESHOLD * 100)),
+      baselineCommands: this.baselineCommands.size,
+      baselinePaths: this.baselinePaths.size,
+      recentCommandRate: recentRate
+    };
+  }
+  /**
+   * Force end learning mode
+   */
+  endLearning() {
+    this.learningMode = false;
+  }
+  /**
+   * Reset and restart learning
+   */
+  reset() {
+    this.commands = [];
+    this.baselinePaths.clear();
+    this.baselineCommands.clear();
+    this.learningMode = true;
+    this.learningCount = 0;
+  }
+};
+
+// src/policy/output-scanner.ts
+var SECRET_PATTERNS = [
+  // API Keys
+  { pattern: /sk-[A-Za-z0-9]{20,}/, name: "OpenAI API Key" },
+  { pattern: /sk-ant-[A-Za-z0-9\-]{20,}/, name: "Anthropic API Key" },
+  { pattern: /ghp_[A-Za-z0-9]{36}/, name: "GitHub Token" },
+  { pattern: /gho_[A-Za-z0-9]{36}/, name: "GitHub OAuth Token" },
+  { pattern: /github_pat_[A-Za-z0-9_]{22,}/, name: "GitHub PAT" },
+  { pattern: /glpat-[A-Za-z0-9\-]{20,}/, name: "GitLab Token" },
+  { pattern: /xox[baprs]-[A-Za-z0-9\-]{10,}/, name: "Slack Token" },
+  { pattern: /sk_live_[A-Za-z0-9]{24,}/, name: "Stripe Secret Key" },
+  { pattern: /sq0atp-[A-Za-z0-9\-_]{22,}/, name: "Square Token" },
+  { pattern: /AKIA[A-Z0-9]{16}/, name: "AWS Access Key" },
+  { pattern: /amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/, name: "Amazon MWS Key" },
+  // OAuth/JWT
+  { pattern: /Bearer\s+[A-Za-z0-9\-._~+/]+=*/, name: "Bearer Token" },
+  { pattern: /eyJ[A-Za-z0-9\-_]+\.eyJ[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+/, name: "JWT Token" },
+  // Credentials in output
+  { pattern: /password\s*[=:]\s*['"]?[^\s'"]{4,}['"]?/i, name: "Password" },
+  { pattern: /passwd\s*[=:]\s*['"]?[^\s'"]{4,}['"]?/i, name: "Password" },
+  { pattern: /api[_-]?key\s*[=:]\s*['"]?[^\s'"]{8,}['"]?/i, name: "API Key" },
+  { pattern: /secret\s*[=:]\s*['"]?[^\s'"]{8,}['"]?/i, name: "Secret" },
+  { pattern: /token\s*[=:]\s*['"]?[^\s'"]{8,}['"]?/i, name: "Token" },
+  // Private keys
+  { pattern: /-----BEGIN\s+(RSA\s+)?PRIVATE\s+KEY-----/, name: "Private Key" },
+  { pattern: /-----BEGIN\s+EC\s+PRIVATE\s+KEY-----/, name: "EC Private Key" },
+  { pattern: /-----BEGIN\s+OPENSSH\s+PRIVATE\s+KEY-----/, name: "SSH Private Key" },
+  { pattern: /-----BEGIN\s+PGP\s+PRIVATE\s+KEY\s+BLOCK-----/, name: "PGP Private Key" },
+  // Database URLs
+  { pattern: /mongodb(\+srv)?:\/\/[^:]+:[^@]+@/, name: "MongoDB Connection String" },
+  { pattern: /postgres(ql)?:\/\/[^:]+:[^@]+@/, name: "PostgreSQL Connection String" },
+  { pattern: /mysql:\/\/[^:]+:[^@]+@/, name: "MySQL Connection String" },
+  { pattern: /redis:\/\/[^:]+:[^@]+@/, name: "Redis Connection String" },
+  // SSH
+  { pattern: /ssh-rsa\s+[A-Za-z0-9+/]+[=]{0,2}/, name: "SSH Public Key" },
+  { pattern: /ssh-ed25519\s+[A-Za-z0-9+/]+/, name: "SSH ED25519 Key" }
+];
+var ERROR_PATTERNS = [
+  { pattern: /EACCES|EPERM|permission denied/i, name: "Permission Error" },
+  { pattern: /ENOENT|no such file|not found/i, name: "File Not Found" },
+  { pattern: /ECONNREFUSED|connection refused/i, name: "Connection Refused" },
+  { pattern: /ETIMEDOUT|timed out/i, name: "Timeout Error" },
+  { pattern: /segmentation fault|core dumped/i, name: "Crash" },
+  { pattern: /out of memory|OOM|cannot allocate/i, name: "Memory Error" },
+  { pattern: /stack trace|traceback|at\s+\S+:\d+:\d+/i, name: "Stack Trace" },
+  { pattern: /error:|fatal:|failed:/i, name: "Error Message" }
+];
+var OutputScanner = class {
+  secretPatterns;
+  redactPatterns;
+  policy;
+  constructor(policy) {
+    this.policy = policy;
+    this.secretPatterns = SECRET_PATTERNS.map((p) => p.pattern);
+    this.redactPatterns = (policy.redactPatterns || []).map((p) => {
+      try {
+        return new RegExp(p, "gi");
+      } catch {
+        return null;
+      }
+    }).filter((p) => p !== null);
+  }
+  /**
+   * Scan output for secrets and sensitive data
+   */
+  scan(output) {
+    if (!this.policy.enabled) {
+      return {
+        hasSecrets: false,
+        hasErrors: false,
+        redactedOutput: output,
+        findings: []
+      };
+    }
+    const findings = [];
+    let hasSecrets = false;
+    let hasErrors = false;
+    let processedOutput = output;
+    if (output.length > this.policy.maxOutputLength) {
+      processedOutput = output.slice(0, this.policy.maxOutputLength) + "\n... [truncated]";
+    }
+    if (this.policy.scanForSecrets) {
+      const secretFindings = this.scanForSecrets(processedOutput);
+      if (secretFindings.length > 0) {
+        hasSecrets = true;
+        findings.push(...secretFindings);
+      }
+    }
+    if (this.policy.scanForErrors) {
+      const errorFindings = this.scanForErrors(processedOutput);
+      if (errorFindings.length > 0) {
+        hasErrors = true;
+        findings.push(...errorFindings);
+      }
+    }
+    const redactedOutput = this.redact(processedOutput);
+    return {
+      hasSecrets,
+      hasErrors,
+      redactedOutput,
+      findings
+    };
+  }
+  /**
+   * Scan for secrets in output
+   */
+  scanForSecrets(output) {
+    const findings = [];
+    const lines = output.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      for (const { pattern, name } of SECRET_PATTERNS) {
+        if (pattern.test(line)) {
+          findings.push({
+            type: "secret",
+            pattern: name,
+            message: `Potential ${name} found in output`,
+            line: i + 1
+          });
+        }
+      }
+    }
+    return findings;
+  }
+  /**
+   * Scan for error patterns in output
+   */
+  scanForErrors(output) {
+    const findings = [];
+    const lines = output.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      for (const { pattern, name } of ERROR_PATTERNS) {
+        if (pattern.test(line)) {
+          findings.push({
+            type: "error",
+            pattern: name,
+            message: `${name} detected`,
+            line: i + 1
+          });
+          break;
+        }
+      }
     }
+    return findings;
   }
-  write(data) {
-    if (this.ptyProcess) {
-      this.ptyProcess.write(data);
+  /**
+   * Redact sensitive data from output
+   */
+  redact(output) {
+    let redacted = output;
+    for (const { pattern, name } of SECRET_PATTERNS) {
+      redacted = redacted.replace(new RegExp(pattern.source, "g"), `[REDACTED ${name}]`);
     }
+    for (const pattern of this.redactPatterns) {
+      redacted = redacted.replace(pattern, "[REDACTED]");
+    }
+    return redacted;
   }
-  stop() {
-    if (this.ptyProcess) {
-      this.ptyProcess.kill();
-      this.ptyProcess = null;
+  /**
+   * Check if output contains any secrets
+   */
+  hasSecrets(output) {
+    for (const pattern of this.secretPatterns) {
+      if (pattern.test(output)) {
+        return true;
+      }
     }
+    return false;
   }
-  getConfig() {
-    return this.config;
+  /**
+   * Get summary of findings
+   */
+  static summarize(findings) {
+    if (findings.length === 0) {
+      return "No issues found";
+    }
+    const secrets = findings.filter((f) => f.type === "secret");
+    const errors = findings.filter((f) => f.type === "error");
+    const parts = [];
+    if (secrets.length > 0) {
+      parts.push(`${secrets.length} potential secret(s)`);
+    }
+    if (errors.length > 0) {
+      parts.push(`${errors.length} error(s)`);
+    }
+    return parts.join(", ");
   }
 };
 
 // src/bro/profiler.ts
 import { execFileSync } from "child_process";
-import { existsSync as existsSync3, readFileSync as readFileSync3, realpathSync } from "fs";
-import { homedir as homedir3, platform, arch, cpus, totalmem } from "os";
-import { join as join3 } from "path";
+import { existsSync as existsSync2, readFileSync as readFileSync2, realpathSync } from "fs";
+import { homedir as homedir2, platform, arch, cpus, totalmem } from "os";
+import { join as join2 } from "path";
 var SAFE_VERSION_COMMANDS = {
   python: ["--version"],
   python3: ["--version"],
@@ -838,7 +1122,7 @@ var SystemProfiler = class {
   profile = null;
   profilePath;
   constructor() {
-    this.profilePath = join3(homedir3(), ".bashbros", "system-profile.json");
+    this.profilePath = join2(homedir2(), ".bashbros", "system-profile.json");
   }
   async scan() {
     const profile = {
@@ -1022,8 +1306,8 @@ var SystemProfiler = class {
       ["composer.json", "php"]
     ];
     for (const [file, type] of checks) {
-      const filePath = join3(projectPath, file);
-      if (existsSync3(filePath)) {
+      const filePath = join2(projectPath, file);
+      if (existsSync2(filePath)) {
         try {
           const realPath = realpathSync(filePath);
           if (realPath.startsWith(realpathSync(projectPath))) {
@@ -1037,24 +1321,24 @@ var SystemProfiler = class {
   }
   detectDependencies(projectPath) {
     const deps = [];
-    const pkgPath = join3(projectPath, "package.json");
-    if (existsSync3(pkgPath)) {
+    const pkgPath = join2(projectPath, "package.json");
+    if (existsSync2(pkgPath)) {
       try {
         const realPkgPath = realpathSync(pkgPath);
         if (realPkgPath.startsWith(realpathSync(projectPath))) {
-          const pkg = JSON.parse(readFileSync3(realPkgPath, "utf-8"));
+          const pkg = JSON.parse(readFileSync2(realPkgPath, "utf-8"));
           deps.push(...Object.keys(pkg.dependencies || {}));
           deps.push(...Object.keys(pkg.devDependencies || {}));
         }
       } catch {
       }
     }
-    const reqPath = join3(projectPath, "requirements.txt");
-    if (existsSync3(reqPath)) {
+    const reqPath = join2(projectPath, "requirements.txt");
+    if (existsSync2(reqPath)) {
       try {
         const realReqPath = realpathSync(reqPath);
         if (realReqPath.startsWith(realpathSync(projectPath))) {
-          const reqs = readFileSync3(realReqPath, "utf-8");
+          const reqs = readFileSync2(realReqPath, "utf-8");
           const packages = reqs.split("\n").map((line) => line.split(/[=<>]/)[0].trim()).filter(Boolean);
           deps.push(...packages);
         }
@@ -1064,9 +1348,9 @@ var SystemProfiler = class {
     return deps.slice(0, 100);
   }
   load() {
-    if (existsSync3(this.profilePath)) {
+    if (existsSync2(this.profilePath)) {
       try {
-        const data = readFileSync3(this.profilePath, "utf-8");
+        const data = readFileSync2(this.profilePath, "utf-8");
         this.profile = JSON.parse(data);
         return this.profile;
       } catch {
@@ -1077,13 +1361,13 @@ var SystemProfiler = class {
   }
   save() {
     try {
-      const { writeFileSync: writeFileSync4, mkdirSync: mkdirSync4, chmodSync } = __require("fs");
-      const dir = join3(homedir3(), ".bashbros");
-      if (!existsSync3(dir)) {
-        mkdirSync4(dir, { recursive: true, mode: 448 });
+      const { writeFileSync: writeFileSync3, mkdirSync: mkdirSync3, chmodSync } = __require("fs");
+      const dir = join2(homedir2(), ".bashbros");
+      if (!existsSync2(dir)) {
+        mkdirSync3(dir, { recursive: true, mode: 448 });
       }
       const filePath = this.profilePath;
-      writeFileSync4(filePath, JSON.stringify(this.profile, null, 2));
+      writeFileSync3(filePath, JSON.stringify(this.profile, null, 2));
       try {
         chmodSync(filePath, 384);
       } catch {
@@ -1131,8 +1415,10 @@ var SystemProfiler = class {
 var TaskRouter = class {
   rules;
   profile;
-  constructor(profile = null) {
+  ollama;
+  constructor(profile = null, ollama = null) {
     this.profile = profile;
+    this.ollama = ollama;
     this.rules = this.buildDefaultRules();
   }
   buildDefaultRules() {
@@ -1212,6 +1498,25 @@ var TaskRouter = class {
       confidence: 0.5
     };
   }
+  async routeAsync(command) {
+    const patternResult = this.route(command);
+    if (patternResult.confidence >= 0.7) {
+      return patternResult;
+    }
+    if (!this.ollama) {
+      return patternResult;
+    }
+    try {
+      const prompt = `Classify this command as one of: bro (simple, local task), main (complex, needs reasoning), both (can run in background). Command: "${command}". Respond with ONLY one word: bro, main, or both.`;
+      const response = await this.ollama.generate(prompt, "You are a command classifier. Respond with exactly one word: bro, main, or both.");
+      const decision = response.trim().toLowerCase();
+      if (["bro", "main", "both"].includes(decision)) {
+        return { decision, reason: "AI classification", confidence: 0.8 };
+      }
+    } catch {
+    }
+    return { decision: "main", reason: "AI fallback - defaulting to main", confidence: 0.5 };
+  }
   looksSimple(command) {
     const words = command.split(/\s+/);
     if (words.length <= 3) return true;
@@ -1240,8 +1545,11 @@ var CommandSuggester = class {
   history = [];
   profile = null;
   patterns = /* @__PURE__ */ new Map();
-  constructor(profile = null) {
+  ollama;
+  aiCache = /* @__PURE__ */ new Map();
+  constructor(profile = null, ollama = null) {
     this.profile = profile;
+    this.ollama = ollama;
     this.initPatterns();
   }
   initPatterns() {
@@ -1274,6 +1582,34 @@ var CommandSuggester = class {
     const unique = this.dedupeAndRank(suggestions);
     return unique.slice(0, 5);
   }
+  async suggestAsync(context) {
+    const suggestions = this.suggest(context);
+    if (!this.ollama) return suggestions;
+    const cacheKey = JSON.stringify({ lc: context.lastCommand, lo: context.lastOutput?.slice(0, 100) });
+    const cached = this.aiCache.get(cacheKey);
+    if (cached && cached.expiry > Date.now()) {
+      suggestions.push(...cached.suggestions);
+      return this.dedupeAndRank(suggestions).slice(0, 5);
+    }
+    try {
+      const contextStr = `Last command: ${context.lastCommand || "none"}
+Output: ${(context.lastOutput || "").slice(0, 200)}
+Project: ${context.projectType || "unknown"}`;
+      const aiSuggestion = await this.ollama.suggestCommand(contextStr);
+      if (aiSuggestion) {
+        const aiSuggestions = [{
+          command: aiSuggestion,
+          description: "AI suggestion",
+          confidence: 0.75,
+          source: "model"
+        }];
+        this.aiCache.set(cacheKey, { suggestions: aiSuggestions, expiry: Date.now() + 5 * 60 * 1e3 });
+        suggestions.push(...aiSuggestions);
+      }
+    } catch {
+    }
+    return this.dedupeAndRank(suggestions).slice(0, 5);
+  }
   suggestFromPatterns(lastCommand) {
     const suggestions = [];
     for (const [key, commands] of this.patterns) {
@@ -1692,6 +2028,9 @@ var BashBro = class extends EventEmitter4 {
   config;
   ollamaAvailable = false;
   bashgymModelVersion = null;
+  adapterRegistry;
+  profileManager;
+  activeProfile = null;
   constructor(config = {}) {
     super();
     this.config = {
@@ -1703,8 +2042,6 @@ var BashBro = class extends EventEmitter4 {
       ...config
     };
     this.profiler = new SystemProfiler();
-    this.router = new TaskRouter();
-    this.suggester = new CommandSuggester();
     this.worker = new BackgroundWorker();
     if (this.config.enableOllama) {
       this.ollama = new OllamaClient({
@@ -1712,12 +2049,19 @@ var BashBro = class extends EventEmitter4 {
         model: this.config.modelName
       });
     }
+    this.router = new TaskRouter(null, this.ollama);
+    this.suggester = new CommandSuggester(null, this.ollama);
     this.worker.on("complete", (data) => this.emit("task:complete", data));
     this.worker.on("output", (data) => this.emit("task:output", data));
     this.worker.on("error", (data) => this.emit("task:error", data));
     if (this.config.enableBashgymIntegration) {
       this.initBashgymIntegration();
     }
+    this.adapterRegistry = new AdapterRegistry();
+    this.profileManager = new ProfileManager();
+    if (this.config.activeProfile) {
+      this.activeProfile = this.profileManager.load(this.config.activeProfile);
+    }
   }
   /**
    * Initialize bashgym integration for model hot-swap
@@ -1800,6 +2144,22 @@ var BashBro = class extends EventEmitter4 {
     }
     return this.suggester.suggest(context);
   }
+  /**
+   * AI-enhanced async routing - uses pattern matching first, falls back to Ollama
+   */
+  async routeAsync(command) {
+    if (!this.config.enableRouting) {
+      return { decision: "main", reason: "Routing disabled", confidence: 1 };
+    }
+    return this.router.routeAsync(command);
+  }
+  /**
+   * AI-enhanced async suggestions - pattern matching + Ollama suggestions with caching
+   */
+  async suggestAsync(context) {
+    if (!this.config.enableSuggestions) return [];
+    return this.suggester.suggestAsync(context);
+  }
   /**
    * SECURITY FIX: Safe command execution with validation
    */
@@ -2084,6 +2444,41 @@ var BashBro = class extends EventEmitter4 {
     }
     return false;
   }
+  /**
+   * Get model name for a specific purpose (checks active profile for adapter override)
+   */
+  getModelForPurpose(purpose) {
+    if (!this.activeProfile) return null;
+    return this.profileManager.getModelForPurpose(this.activeProfile, purpose);
+  }
+  /**
+   * Get discovered LoRA adapters
+   */
+  getAdapters() {
+    return this.adapterRegistry.discover();
+  }
+  /**
+   * Get available model profiles
+   */
+  getProfiles() {
+    return this.profileManager.list();
+  }
+  /**
+   * Get the active model profile
+   */
+  getActiveProfile() {
+    return this.activeProfile;
+  }
+  /**
+   * Set the active model profile by name
+   */
+  setActiveProfile(name) {
+    const profile = this.profileManager.load(name);
+    if (!profile) return false;
+    this.activeProfile = profile;
+    this.emit("profile:changed", profile);
+    return true;
+  }
   // Format a nice status message
   status() {
     const lines = [
@@ -2138,151 +2533,6 @@ var BashBro = class extends EventEmitter4 {
   }
 };
 
-// src/observability/metrics.ts
-var MetricsCollector = class {
-  sessionId;
-  startTime;
-  commands = [];
-  filesModified = /* @__PURE__ */ new Set();
-  pathsAccessed = /* @__PURE__ */ new Set();
-  constructor() {
-    this.sessionId = this.generateSessionId();
-    this.startTime = /* @__PURE__ */ new Date();
-  }
-  generateSessionId() {
-    const now = /* @__PURE__ */ new Date();
-    const date = now.toISOString().slice(0, 10).replace(/-/g, "");
-    const time = now.toTimeString().slice(0, 8).replace(/:/g, "");
-    const rand = Math.random().toString(36).slice(2, 6);
-    return `${date}-${time}-${rand}`;
-  }
-  /**
-   * Record a command execution
-   */
-  record(metric) {
-    this.commands.push(metric);
-    const paths = this.extractPaths(metric.command);
-    for (const path of paths) {
-      this.pathsAccessed.add(path);
-    }
-    if (this.isWriteCommand(metric.command)) {
-      for (const path of paths) {
-        this.filesModified.add(path);
-      }
-    }
-  }
-  /**
-   * Get current session metrics
-   */
-  getMetrics() {
-    const now = /* @__PURE__ */ new Date();
-    const duration = now.getTime() - this.startTime.getTime();
-    const riskDist = { safe: 0, caution: 0, dangerous: 0, critical: 0 };
-    let totalRisk = 0;
-    for (const cmd of this.commands) {
-      riskDist[cmd.riskScore.level]++;
-      totalRisk += cmd.riskScore.score;
-    }
-    const cmdFreq = /* @__PURE__ */ new Map();
-    for (const cmd of this.commands) {
-      const base = cmd.command.split(/\s+/)[0];
-      cmdFreq.set(base, (cmdFreq.get(base) || 0) + 1);
-    }
-    const topCommands = [...cmdFreq.entries()].sort((a, b) => b[1] - a[1]).slice(0, 10);
-    const violationsByType = {};
-    for (const cmd of this.commands) {
-      for (const v of cmd.violations) {
-        violationsByType[v.type] = (violationsByType[v.type] || 0) + 1;
-      }
-    }
-    const totalExecTime = this.commands.reduce((sum, c) => sum + c.duration, 0);
-    const avgExecTime = this.commands.length > 0 ? totalExecTime / this.commands.length : 0;
-    return {
-      sessionId: this.sessionId,
-      startTime: this.startTime,
-      duration,
-      commandCount: this.commands.length,
-      blockedCount: this.commands.filter((c) => !c.allowed).length,
-      uniqueCommands: cmdFreq.size,
-      topCommands,
-      riskDistribution: riskDist,
-      avgRiskScore: this.commands.length > 0 ? totalRisk / this.commands.length : 0,
-      avgExecutionTime: avgExecTime,
-      totalExecutionTime: totalExecTime,
-      filesModified: [...this.filesModified],
-      pathsAccessed: [...this.pathsAccessed],
-      violationsByType
-    };
-  }
-  /**
-   * Extract paths from a command
-   */
-  extractPaths(command) {
-    const paths = [];
-    const tokens = command.split(/\s+/);
-    for (const token of tokens) {
-      if (token.startsWith("-")) continue;
-      if (token.startsWith("/") || token.startsWith("./") || token.startsWith("../") || token.startsWith("~/") || token.includes(".")) {
-        paths.push(token);
-      }
-    }
-    return paths;
-  }
-  /**
-   * Check if command modifies files
-   */
-  isWriteCommand(command) {
-    const writePatterns = [
-      /^(vim|vi|nano|emacs|code)\s/,
-      /^(touch|mkdir|cp|mv|rm)\s/,
-      /^(echo|cat|printf).*>/,
-      /^(git\s+(add|commit|checkout|reset))/,
-      /^(npm|yarn|pnpm)\s+(install|uninstall)/,
-      /^(pip|pip3)\s+(install|uninstall)/,
-      /^chmod\s/,
-      /^chown\s/
-    ];
-    return writePatterns.some((p) => p.test(command));
-  }
-  /**
-   * Get recent commands
-   */
-  getRecentCommands(n = 10) {
-    return this.commands.slice(-n);
-  }
-  /**
-   * Get blocked commands
-   */
-  getBlockedCommands() {
-    return this.commands.filter((c) => !c.allowed);
-  }
-  /**
-   * Get high-risk commands
-   */
-  getHighRiskCommands(threshold = 6) {
-    return this.commands.filter((c) => c.riskScore.score >= threshold);
-  }
-  /**
-   * Format duration for display
-   */
-  static formatDuration(ms) {
-    if (ms < 1e3) return `${ms}ms`;
-    if (ms < 6e4) return `${(ms / 1e3).toFixed(1)}s`;
-    if (ms < 36e5) return `${Math.floor(ms / 6e4)}m ${Math.floor(ms % 6e4 / 1e3)}s`;
-    return `${Math.floor(ms / 36e5)}h ${Math.floor(ms % 36e5 / 6e4)}m`;
-  }
-  /**
-   * Reset collector
-   */
-  reset() {
-    this.sessionId = this.generateSessionId();
-    this.startTime = /* @__PURE__ */ new Date();
-    this.commands = [];
-    this.filesModified.clear();
-    this.pathsAccessed.clear();
-  }
-};
-
 // src/observability/cost.ts
 var MODEL_PRICING = {
   "claude-opus-4": { inputPer1k: 0.015, outputPer1k: 0.075 },
@@ -2627,15 +2877,15 @@ var ReportGenerator = class {
 };
 
 // src/safety/undo-stack.ts
-import { existsSync as existsSync4, unlinkSync, mkdirSync as mkdirSync3, copyFileSync, readdirSync, statSync } from "fs";
-import { join as join4, dirname } from "path";
-import { homedir as homedir4 } from "os";
-var DEFAULT_CONFIG = {
+import { existsSync as existsSync3, unlinkSync, mkdirSync as mkdirSync2, copyFileSync, readdirSync, statSync } from "fs";
+import { join as join3, dirname } from "path";
+import { homedir as homedir3 } from "os";
+var DEFAULT_CONFIG3 = {
   maxStackSize: 100,
   maxFileSize: 10 * 1024 * 1024,
   // 10MB
   ttlMinutes: 60,
-  backupPath: join4(homedir4(), ".bashbros", "undo"),
+  backupPath: join3(homedir3(), ".bashbros", "undo"),
   enabled: true
 };
 var UndoStack = class {
@@ -2644,13 +2894,13 @@ var UndoStack = class {
   config;
   undoDir;
   constructor(policy) {
-    this.config = { ...DEFAULT_CONFIG };
+    this.config = { ...DEFAULT_CONFIG3 };
     if (policy) {
       if (typeof policy.maxStackSize === "number") this.config.maxStackSize = policy.maxStackSize;
       if (typeof policy.maxFileSize === "number") this.config.maxFileSize = policy.maxFileSize;
       if (typeof policy.ttlMinutes === "number") this.config.ttlMinutes = policy.ttlMinutes;
       if (typeof policy.backupPath === "string") {
-        this.config.backupPath = policy.backupPath.replace("~", homedir4());
+        this.config.backupPath = policy.backupPath.replace("~", homedir3());
       }
       if (typeof policy.enabled === "boolean") this.config.enabled = policy.enabled;
     }
@@ -2660,8 +2910,8 @@ var UndoStack = class {
     this.cleanupOldBackups();
   }
   ensureUndoDir() {
-    if (!existsSync4(this.undoDir)) {
-      mkdirSync3(this.undoDir, { recursive: true, mode: 448 });
+    if (!existsSync3(this.undoDir)) {
+      mkdirSync2(this.undoDir, { recursive: true, mode: 448 });
     }
   }
   /**
@@ -2675,7 +2925,7 @@ var UndoStack = class {
       const files = readdirSync(this.undoDir);
       for (const file of files) {
         if (!file.endsWith(".backup")) continue;
-        const filePath = join4(this.undoDir, file);
+        const filePath = join3(this.undoDir, file);
         try {
           const stats = statSync(filePath);
           if (stats.mtimeMs < cutoff) {
@@ -2716,7 +2966,7 @@ var UndoStack = class {
    * Record a file modification (backs up original)
    */
   recordModify(path, command) {
-    if (!this.config.enabled || !existsSync4(path)) {
+    if (!this.config.enabled || !existsSync3(path)) {
       return null;
     }
     const stats = statSync(path);
@@ -2732,7 +2982,7 @@ var UndoStack = class {
       return entry;
     }
     const id = this.generateId();
-    const backupPath = join4(this.undoDir, `${id}.backup`);
+    const backupPath = join3(this.undoDir, `${id}.backup`);
     try {
       copyFileSync(path, backupPath);
       const entry = {
@@ -2753,7 +3003,7 @@ var UndoStack = class {
    * Record a file deletion (backs up content)
    */
   recordDelete(path, command) {
-    if (!this.config.enabled || !existsSync4(path)) {
+    if (!this.config.enabled || !existsSync3(path)) {
       return null;
     }
     const stats = statSync(path);
@@ -2769,7 +3019,7 @@ var UndoStack = class {
       return entry;
     }
     const id = this.generateId();
-    const backupPath = join4(this.undoDir, `${id}.backup`);
+    const backupPath = join3(this.undoDir, `${id}.backup`);
     try {
       copyFileSync(path, backupPath);
       const entry = {
@@ -2796,11 +3046,11 @@ var UndoStack = class {
     const isModify = /^(sed|awk|vim|vi|nano|code)\s/.test(command) || /^(echo|cat).*>>/.test(command);
     for (const path of paths) {
       let entry = null;
-      if (isDelete && existsSync4(path)) {
+      if (isDelete && existsSync3(path)) {
         entry = this.recordDelete(path, command);
-      } else if (isModify && existsSync4(path)) {
+      } else if (isModify && existsSync3(path)) {
         entry = this.recordModify(path, command);
-      } else if (isCreate && !existsSync4(path)) {
+      } else if (isCreate && !existsSync3(path)) {
         entry = this.recordCreate(path, command);
       }
       if (entry) {
@@ -2826,7 +3076,7 @@ var UndoStack = class {
     try {
       switch (entry.operation) {
         case "create":
-          if (existsSync4(entry.path)) {
+          if (existsSync3(entry.path)) {
             unlinkSync(entry.path);
             return {
               success: true,
@@ -2840,7 +3090,7 @@ var UndoStack = class {
             entry
           };
         case "modify":
-          if (entry.backupPath && existsSync4(entry.backupPath)) {
+          if (entry.backupPath && existsSync3(entry.backupPath)) {
             copyFileSync(entry.backupPath, entry.path);
             return {
               success: true,
@@ -2854,10 +3104,10 @@ var UndoStack = class {
             entry
           };
         case "delete":
-          if (entry.backupPath && existsSync4(entry.backupPath)) {
+          if (entry.backupPath && existsSync3(entry.backupPath)) {
             const dir = dirname(entry.path);
-            if (!existsSync4(dir)) {
-              mkdirSync3(dir, { recursive: true });
+            if (!existsSync3(dir)) {
+              mkdirSync2(dir, { recursive: true });
             }
             copyFileSync(entry.backupPath, entry.path);
             return {
@@ -2913,7 +3163,7 @@ var UndoStack = class {
    */
   clear() {
     for (const entry of this.stack) {
-      if (entry.backupPath && existsSync4(entry.backupPath)) {
+      if (entry.backupPath && existsSync3(entry.backupPath)) {
         try {
           unlinkSync(entry.backupPath);
         } catch {
@@ -2929,7 +3179,7 @@ var UndoStack = class {
     this.stack.push(entry);
     if (this.stack.length > this.config.maxStackSize) {
       const removed = this.stack.shift();
-      if (removed?.backupPath && existsSync4(removed.backupPath)) {
+      if (removed?.backupPath && existsSync3(removed.backupPath)) {
         try {
           unlinkSync(removed.backupPath);
         } catch {
@@ -2959,155 +3209,21 @@ var UndoStack = class {
   }
 };
 
-// src/policy/loop-detector.ts
-var DEFAULT_CONFIG2 = {
-  maxRepeats: 3,
-  maxTurns: 100,
-  similarityThreshold: 0.85,
-  cooldownMs: 1e3,
-  windowSize: 20
-};
-var LoopDetector = class {
-  config;
-  history = [];
-  turnCount = 0;
-  constructor(config = {}) {
-    this.config = { ...DEFAULT_CONFIG2, ...config };
-  }
-  /**
-   * Record a command and check for loops
-   */
-  check(command) {
-    const now = Date.now();
-    const normalized = this.normalize(command);
-    this.turnCount++;
-    if (this.turnCount >= this.config.maxTurns) {
-      return {
-        type: "max_turns",
-        command,
-        count: this.turnCount,
-        message: `Maximum turns reached (${this.config.maxTurns}). Session may be stuck.`
-      };
-    }
-    const exactMatches = this.history.filter((h) => h.command === command);
-    if (exactMatches.length >= this.config.maxRepeats) {
-      return {
-        type: "exact_repeat",
-        command,
-        count: exactMatches.length + 1,
-        message: `Command repeated ${exactMatches.length + 1} times: "${command.slice(0, 50)}..."`
-      };
-    }
-    const lastSame = exactMatches[exactMatches.length - 1];
-    if (lastSame && now - lastSame.timestamp < this.config.cooldownMs) {
-      return {
-        type: "exact_repeat",
-        command,
-        count: 2,
-        message: `Rapid repeat detected (${now - lastSame.timestamp}ms apart)`
-      };
-    }
-    const recentWindow = this.history.slice(-this.config.windowSize);
-    const similarCount = recentWindow.filter(
-      (h) => this.similarity(h.normalized, normalized) >= this.config.similarityThreshold
-    ).length;
-    if (similarCount >= this.config.maxRepeats) {
-      return {
-        type: "semantic_repeat",
-        command,
-        count: similarCount + 1,
-        message: `Similar commands repeated ${similarCount + 1} times`
-      };
-    }
-    const baseCommand = command.split(/\s+/)[0];
-    const toolCount = recentWindow.filter(
-      (h) => h.command.split(/\s+/)[0] === baseCommand
-    ).length;
-    if (toolCount >= this.config.maxRepeats * 2) {
-      return {
-        type: "tool_hammering",
-        command,
-        count: toolCount + 1,
-        message: `Tool "${baseCommand}" called ${toolCount + 1} times in last ${this.config.windowSize} commands`
-      };
-    }
-    this.history.push({ command, timestamp: now, normalized });
-    if (this.history.length > this.config.windowSize * 2) {
-      this.history = this.history.slice(-this.config.windowSize);
-    }
-    return null;
-  }
-  /**
-   * Normalize command for comparison
-   */
-  normalize(command) {
-    return command.toLowerCase().replace(/["']/g, "").replace(/\s+/g, " ").replace(/\d+/g, "N").replace(/[a-f0-9]{8,}/gi, "H").trim();
-  }
-  /**
-   * Calculate similarity between two strings (Jaccard index on words)
-   */
-  similarity(a, b) {
-    const wordsA = new Set(a.split(/\s+/));
-    const wordsB = new Set(b.split(/\s+/));
-    const intersection = new Set([...wordsA].filter((x) => wordsB.has(x)));
-    const union = /* @__PURE__ */ new Set([...wordsA, ...wordsB]);
-    if (union.size === 0) return 1;
-    return intersection.size / union.size;
-  }
-  /**
-   * Get current turn count
-   */
-  getTurnCount() {
-    return this.turnCount;
-  }
-  /**
-   * Get command frequency map
-   */
-  getFrequencyMap() {
-    const freq = /* @__PURE__ */ new Map();
-    for (const entry of this.history) {
-      const base = entry.command.split(/\s+/)[0];
-      freq.set(base, (freq.get(base) || 0) + 1);
-    }
-    return freq;
-  }
-  /**
-   * Reset detector state
-   */
-  reset() {
-    this.history = [];
-    this.turnCount = 0;
-  }
-  /**
-   * Get stats for reporting
-   */
-  getStats() {
-    const freq = this.getFrequencyMap();
-    const sorted = [...freq.entries()].sort((a, b) => b[1] - a[1]);
-    return {
-      turnCount: this.turnCount,
-      uniqueCommands: freq.size,
-      topCommands: sorted.slice(0, 5)
-    };
-  }
-};
-
 export {
   BashgymIntegration,
   getBashgymIntegration,
   resetBashgymIntegration,
-  ClaudeCodeHooks,
-  gateCommand,
   BashBros,
+  LoopDetector,
+  AnomalyDetector,
+  OutputScanner,
   SystemProfiler,
   TaskRouter,
   CommandSuggester,
   BackgroundWorker,
   BashBro,
-  MetricsCollector,
   CostEstimator,
   ReportGenerator,
-  UndoStack,
-  LoopDetector
+  UndoStack
 };
-//# sourceMappingURL=chunk-2RPTM6EQ.js.map
+//# sourceMappingURL=chunk-7OEWYFN3.js.map