failproofai 0.0.1-beta.9 → 0.0.2-beta.1

package/.next/standalone/dist/cli.mjs

@@ -0,0 +1,2891 @@
+#!/usr/bin/env node
+var __defProp = Object.defineProperty;
+var __returnValue = (v) => v;
+function __exportSetter(name, newValue) {
+  this[name] = __returnValue.bind(null, newValue);
+}
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: __exportSetter.bind(all, name)
+    });
+};
+var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
+
+// src/hooks/hook-logger.ts
+import {
+  appendFileSync,
+  renameSync,
+  mkdirSync,
+  existsSync,
+  statSync
+} from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+function ensureResolved() {
+  if (resolved)
+    return;
+  resolved = true;
+  const rawLevel = (process.env.FAILPROOFAI_LOG_LEVEL ?? "").toLowerCase();
+  if (rawLevel === "info" || rawLevel === "warn" || rawLevel === "error") {
+    currentLevel = rawLevel;
+  }
+  const rawFile = (process.env.FAILPROOFAI_HOOK_LOG_FILE ?? "").trim();
+  if (rawFile) {
+    fileLoggingEnabled = true;
+    if (rawFile !== "1" && rawFile !== "true") {
+      logDir = rawFile;
+    }
+  }
+}
+function shouldEmit(level) {
+  ensureResolved();
+  return LEVEL_ORDER[level] >= LEVEL_ORDER[currentLevel];
+}
+function emitStderr(label, msg) {
+  process.stderr.write(`[failproofai:hook] ${label} ${msg}
+`);
+}
+function ensureLogDir() {
+  if (!existsSync(logDir)) {
+    mkdirSync(logDir, { recursive: true });
+  }
+}
+function rotateIfNeeded(filePath) {
+  try {
+    const stats = statSync(filePath);
+    if (stats.size >= MAX_FILE_SIZE) {
+      const archiveName = `hooks-${Date.now()}.log`;
+      renameSync(filePath, join(logDir, archiveName));
+    }
+  } catch {}
+}
+function appendToFile(label, msg) {
+  if (!fileLoggingEnabled)
+    return;
+  try {
+    ensureLogDir();
+    const filePath = join(logDir, LOG_FILENAME);
+    rotateIfNeeded(filePath);
+    const timestamp = new Date().toISOString();
+    const line = `[${timestamp}] ${label} ${msg}
+`;
+    appendFileSync(filePath, line, "utf-8");
+  } catch {}
+}
+function hookLogInfo(msg) {
+  if (!shouldEmit("info"))
+    return;
+  emitStderr("INFO", msg);
+  appendToFile("INFO", msg);
+}
+function hookLogWarn(msg) {
+  if (!shouldEmit("warn"))
+    return;
+  emitStderr("WARN", msg);
+  appendToFile("WARN", msg);
+}
+function hookLogError(msg) {
+  if (!shouldEmit("error"))
+    return;
+  emitStderr("ERROR", msg);
+  appendToFile("ERROR", msg);
+}
+var LEVEL_ORDER, MAX_FILE_SIZE, LOG_FILENAME = "hooks.log", DEFAULT_LOG_DIR, resolved = false, currentLevel = "warn", fileLoggingEnabled = false, logDir;
+var init_hook_logger = __esm(() => {
+  LEVEL_ORDER = { info: 0, warn: 1, error: 2 };
+  MAX_FILE_SIZE = 512 * 1024;
+  DEFAULT_LOG_DIR = join(homedir(), ".failproofai", "logs");
+  logDir = DEFAULT_LOG_DIR;
+});
+
+// src/hooks/hooks-config.ts
+import { readFileSync, writeFileSync, existsSync as existsSync2, mkdirSync as mkdirSync2 } from "node:fs";
+import { resolve, dirname } from "node:path";
+import { homedir as homedir2 } from "node:os";
+function readConfigAt(path) {
+  if (!existsSync2(path))
+    return {};
+  try {
+    const raw = readFileSync(path, "utf8");
+    return JSON.parse(raw);
+  } catch (err) {
+    hookLogWarn(`failed to parse config at ${path}: ${err instanceof Error ? err.message : String(err)}`);
+    return {};
+  }
+}
+function readMergedHooksConfig(cwd) {
+  const base = cwd ? resolve(cwd) : process.cwd();
+  const projectPath = resolve(base, ".failproofai", "policies-config.json");
+  const localPath = resolve(base, ".failproofai", "policies-config.local.json");
+  const globalPath = resolve(homedir2(), ".failproofai", "policies-config.json");
+  const project = readConfigAt(projectPath);
+  const local = readConfigAt(localPath);
+  const global_ = readConfigAt(globalPath);
+  const enabledSet = new Set([
+    ...project.enabledPolicies ?? [],
+    ...local.enabledPolicies ?? [],
+    ...global_.enabledPolicies ?? []
+  ]);
+  const mergedParams = {};
+  for (const scope of [project, local, global_]) {
+    if (!scope.policyParams)
+      continue;
+    for (const [policyName, params] of Object.entries(scope.policyParams)) {
+      if (!(policyName in mergedParams)) {
+        mergedParams[policyName] = params;
+      }
+    }
+  }
+  const customPoliciesPath = project.customPoliciesPath ?? local.customPoliciesPath ?? global_.customPoliciesPath;
+  const llm = project.llm ?? local.llm ?? global_.llm;
+  return {
+    enabledPolicies: [...enabledSet],
+    ...Object.keys(mergedParams).length > 0 ? { policyParams: mergedParams } : {},
+    ...customPoliciesPath !== undefined ? { customPoliciesPath } : {},
+    ...llm !== undefined ? { llm } : {}
+  };
+}
+function getConfigPath() {
+  return resolve(homedir2(), ".failproofai", "policies-config.json");
+}
+function readHooksConfig() {
+  const configPath = getConfigPath();
+  if (!existsSync2(configPath)) {
+    return { enabledPolicies: [] };
+  }
+  try {
+    const raw = readFileSync(configPath, "utf8");
+    return JSON.parse(raw);
+  } catch (err) {
+    hookLogWarn(`failed to parse config at ${configPath}: ${err instanceof Error ? err.message : String(err)}`);
+    return { enabledPolicies: [] };
+  }
+}
+function writeHooksConfig(config) {
+  const configPath = getConfigPath();
+  const dir = dirname(configPath);
+  if (!existsSync2(dir)) {
+    mkdirSync2(dir, { recursive: true });
+  }
+  writeFileSync(configPath, JSON.stringify(config, null, 2) + `
+`, "utf8");
+}
+var init_hooks_config = __esm(() => {
+  init_hook_logger();
+});
+
+// src/hooks/policy-helpers.ts
+function allow() {
+  return { decision: "allow" };
+}
+function deny(reason) {
+  return { decision: "deny", reason };
+}
+function instruct(reason) {
+  return { decision: "instruct", reason };
+}
+
+// src/hooks/policy-registry.ts
+function getIndexCache() {
+  return globalThis[INDEX_CACHE_KEY];
+}
+function setIndexCache(cache) {
+  globalThis[INDEX_CACHE_KEY] = cache;
+}
+function getRegistry() {
+  const g = globalThis;
+  if (!g[REGISTRY_KEY]) {
+    g[REGISTRY_KEY] = [];
+  }
+  return g[REGISTRY_KEY];
+}
+function registerPolicy(name, description, fn, match, priority = 0) {
+  const registry = getRegistry();
+  const idx = registry.findIndex((p) => p.name === name);
+  const entry = { name, description, fn, match, priority };
+  if (idx >= 0) {
+    registry[idx] = entry;
+  } else {
+    registry.push(entry);
+  }
+  setIndexCache(null);
+}
+function getPoliciesForEvent(eventType, toolName) {
+  let cache = getIndexCache();
+  if (!cache) {
+    cache = new Map;
+    setIndexCache(cache);
+  }
+  const key = `${eventType}:${toolName ?? ""}`;
+  const cached = cache.get(key);
+  if (cached)
+    return cached;
+  const result = getRegistry().filter((p) => {
+    if (p.match.events && p.match.events.length > 0) {
+      if (!p.match.events.includes(eventType))
+        return false;
+    }
+    if (p.match.toolNames && p.match.toolNames.length > 0) {
+      if (!toolName || !p.match.toolNames.includes(toolName))
+        return false;
+    }
+    return true;
+  }).sort((a, b) => b.priority - a.priority);
+  cache.set(key, result);
+  return result;
+}
+function clearPolicies() {
+  const g = globalThis;
+  g[REGISTRY_KEY] = [];
+  setIndexCache(null);
+}
+var REGISTRY_KEY = "__FAILPROOFAI_POLICY_REGISTRY__", INDEX_CACHE_KEY = "__FAILPROOFAI_POLICY_INDEX_CACHE__";
+
+// src/hooks/builtin-policies.ts
+import { resolve as resolve2, join as join2 } from "node:path";
+import { readFile, writeFile } from "node:fs/promises";
+import { execSync } from "node:child_process";
+import { homedir as homedir3 } from "node:os";
+function isClaudeInternalPath(resolved2) {
+  const claudeDir = join2(homedir3(), ".claude");
+  return resolved2 === claudeDir || resolved2.startsWith(claudeDir + "/");
+}
+function isClaudeSettingsFile(resolved2) {
+  return /[\\/]\.claude[\\/]settings(?:\.[^/\\]+)?\.json$/.test(resolved2);
+}
+function getCommand(ctx) {
+  return ctx.toolInput?.command ?? "";
+}
+function getFilePath(ctx) {
+  return ctx.toolInput?.file_path ?? "";
+}
+function parseArgvTokens(cmd) {
+  return cmd.trim().split(/\s+/).map((t) => t.replace(/^['"]|['"]$/g, ""));
+}
+function matchesAllowedPattern(cmd, pattern) {
+  const cmdTokens = parseArgvTokens(cmd);
+  const patTokens = parseArgvTokens(pattern);
+  if (cmdTokens.length < patTokens.length)
+    return false;
+  if (cmdTokens.some((tok) => SHELL_OPERATORS.has(tok)))
+    return false;
+  if (cmdTokens.some((tok) => SHELL_METACHAR_RE.test(tok)))
+    return false;
+  return patTokens.every((tok, i) => tok === "*" || tok === cmdTokens[i]);
+}
+function sanitizeJwt(ctx) {
+  const output = JSON.stringify(ctx.payload);
+  if (JWT_RE.test(output)) {
+    return {
+      decision: "deny",
+      reason: "JWT token detected in tool output",
+      message: "[REDACTED: JWT token removed by failproofai]"
+    };
+  }
+  return allow();
+}
+function sanitizeApiKeys(ctx) {
+  const output = JSON.stringify(ctx.payload);
+  for (const [pattern, label] of API_KEY_PATTERNS) {
+    if (pattern.test(output)) {
+      return {
+        decision: "deny",
+        reason: `${label} detected in tool output`,
+        message: `[REDACTED: ${label} removed by failproofai]`
+      };
+    }
+  }
+  const additional = ctx.params?.additionalPatterns ?? [];
+  for (const { regex, label } of additional) {
+    try {
+      if (new RegExp(regex).test(output)) {
+        return {
+          decision: "deny",
+          reason: `${label} detected in tool output`,
+          message: `[REDACTED: ${label} removed by failproofai]`
+        };
+      }
+    } catch {
+      hookLogWarn(`additionalPatterns: invalid regex "${regex}", skipping`);
+    }
+  }
+  return allow();
+}
+function sanitizeConnectionStrings(ctx) {
+  const output = JSON.stringify(ctx.payload);
+  if (CONNECTION_STRING_RE.test(output)) {
+    return {
+      decision: "deny",
+      reason: "Database connection string with credentials detected in tool output",
+      message: "[REDACTED: connection string removed by failproofai]"
+    };
+  }
+  return allow();
+}
+function sanitizePrivateKeyContent(ctx) {
+  const output = JSON.stringify(ctx.payload);
+  if (PRIVATE_KEY_RE.test(output)) {
+    return {
+      decision: "deny",
+      reason: "Private key content detected in tool output",
+      message: "[REDACTED: private key content removed by failproofai]"
+    };
+  }
+  return allow();
+}
+function sanitizeBearerTokens(ctx) {
+  const output = JSON.stringify(ctx.payload);
+  if (BEARER_TOKEN_RE.test(output)) {
+    return {
+      decision: "deny",
+      reason: "Bearer token detected in tool output",
+      message: "[REDACTED: Bearer token removed by failproofai]"
+    };
+  }
+  return allow();
+}
+function warnDestructiveSql(ctx) {
+  if (ctx.toolName !== "Bash")
+    return allow();
+  const cmd = getCommand(ctx);
+  if (!SQL_TOOL_RE.test(cmd))
+    return allow();
+  if (DESTRUCTIVE_SQL_RE.test(cmd)) {
+    return instruct("STOP: This command contains destructive SQL (DROP/TRUNCATE/DELETE). Confirm with the user before executing.");
+  }
+  if (DELETE_NO_WHERE_RE.test(cmd) && !SQL_WHERE_RE.test(cmd)) {
+    return instruct("STOP: This command contains destructive SQL (DROP/TRUNCATE/DELETE). Confirm with the user before executing.");
+  }
+  return allow();
+}
+function warnLargeFileWrite(ctx) {
+  if (ctx.toolName !== "Write")
+    return allow();
+  const content = ctx.toolInput?.content;
+  if (typeof content !== "string")
+    return allow();
+  const thresholdKb = ctx.params?.thresholdKb ?? 1024;
+  const thresholdBytes = thresholdKb * 1024;
+  if (content.length > thresholdBytes) {
+    return instruct(`STOP: You are writing a file larger than ${thresholdKb}KB (${Math.round(content.length / 1024)}KB). This is unusually large. Confirm this is intentional before proceeding.`);
+  }
+  return allow();
+}
+function warnPackagePublish(ctx) {
+  if (ctx.toolName !== "Bash")
+    return allow();
+  const cmd = getCommand(ctx);
+  if (PUBLISH_CMD_RE.test(cmd)) {
+    return instruct("STOP: This command publishes a package to a public registry. Confirm with the user that this is intentional.");
+  }
+  return allow();
+}
+function protectEnvVars(ctx) {
+  if (ctx.toolName !== "Bash")
+    return allow();
+  const cmd = getCommand(ctx);
+  if (ENV_PRINTENV_RE.test(cmd)) {
+    return deny("Command reads environment variables");
+  }
+  if (ECHO_ENV_RE.test(cmd)) {
+    return deny("Command echoes environment variable");
+  }
+  if (EXPORT_RE.test(cmd)) {
+    return deny("Command exports environment variable");
+  }
+  if (PS_ENV_VAR_RE.test(cmd)) {
+    return deny("Command reads environment variable via PowerShell");
+  }
+  if (PS_CHILDITEM_ENV_RE.test(cmd)) {
+    return deny("Command reads environment variables via PowerShell");
+  }
+  if (DOTNET_GETENV_RE.test(cmd)) {
+    return deny("Command reads environment variable via .NET");
+  }
+  if (CMD_ECHO_ENV_RE.test(cmd)) {
+    return deny("Command echoes environment variable via cmd");
+  }
+  return allow();
+}
+function blockEnvFiles(ctx) {
+  const cmd = getCommand(ctx);
+  const filePath = getFilePath(ctx);
+  if (filePath && ENV_FILE_PATH_RE.test(filePath)) {
+    return deny("Access to .env file blocked");
+  }
+  if (ctx.toolName === "Bash" && ENV_CMD_RE.test(cmd)) {
+    return deny("Command references .env file");
+  }
+  return allow();
+}
+function blockSudo(ctx) {
+  if (ctx.toolName !== "Bash")
+    return allow();
+  const cmd = getCommand(ctx).trimStart();
+  if (SUDO_RE.test(cmd) || cmd.startsWith("sudo ")) {
+    const allowPatterns = ctx.params?.allowPatterns ?? [];
+    if (allowPatterns.some((p) => matchesAllowedPattern(cmd, p)))
+      return allow();
+    return deny("sudo commands are blocked");
+  }
+  if (PS_ELEVATION_RE.test(cmd)) {
+    return deny("Elevated process launch is blocked");
+  }
+  if (RUNAS_RE.test(cmd)) {
+    return deny("runas elevation is blocked");
+  }
+  return allow();
+}
+function blockCurlPipeSh(ctx) {
+  if (ctx.toolName !== "Bash")
+    return allow();
+  const cmd = getCommand(ctx);
+  if (CURL_PIPE_SH_RE.test(cmd)) {
+    return deny("Piping downloads to shell is blocked");
+  }
+  if (PS_WEB_PIPE_RE.test(cmd)) {
+    return deny("Piping downloads to Invoke-Expression is blocked");
+  }
+  return allow();
+}
+function extractGitPushArgs(cmd) {
+  return cmd.split(/&&|\|\||[|;\n]/).map((s) => s.trim()).filter((s) => /^git\s+push\s/.test(s)).map((s) => s.replace(/^git\s+push\s+/, ""));
+}
+function blockPushMaster(ctx) {
+  if (ctx.toolName !== "Bash")
+    return allow();
+  const protectedBranches = ctx.params?.protectedBranches ?? ["main", "master"];
+  if (protectedBranches.length === 0)
+    return allow();
+  const args = extractGitPushArgs(getCommand(ctx));
+  const branchPattern = new RegExp(`\\b(?:${protectedBranches.map((b) => b.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")).join("|")})\\b`);
+  if (args.some((a) => branchPattern.test(a))) {
+    return deny(`Pushing to ${protectedBranches.join("/")} is blocked`);
+  }
+  return allow();
+}
+function rmTargetIsAllowed(cmd, allowPaths) {
+  if (allowPaths.length === 0)
+    return false;
+  const segments = cmd.split(/&&|\|\||[|;\n]/).map((s) => s.trim()).filter((s) => /\brm\b/.test(s));
+  if (segments.length === 0)
+    return false;
+  for (const seg of segments) {
+    const tokens = parseArgvTokens(seg);
+    const rmIdx = tokens.findIndex((t) => t === "rm");
+    if (rmIdx < 0)
+      continue;
+    const flagTokens = tokens.slice(rmIdx + 1).filter((t) => /^-[^-]/.test(t));
+    if (!/r/i.test(flagTokens.join("")))
+      continue;
+    const pathArgs = tokens.slice(rmIdx + 1).filter((t) => !t.startsWith("-"));
+    for (const target of pathArgs) {
+      const normalized = target.replace(/\/\*$/, "").replace(/\/+$/, "") || "/";
+      const covered = allowPaths.some((p) => {
+        const np = p.replace(/\/+$/, "") || "/";
+        return normalized === np || normalized.startsWith(np + "/");
+      });
+      if (!covered) {
+        const segCovered = allowPaths.some((p) => {
+          const escaped = p.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+          return new RegExp(`${escaped}(?:[/"'\\s/*]|$)`).test(seg);
+        });
+        if (!segCovered)
+          return false;
+      }
+    }
+  }
+  return true;
+}
+function blockRmRf(ctx) {
+  if (ctx.toolName !== "Bash")
+    return allow();
+  const cmd = getCommand(ctx);
+  const hasDestructivePath = /(?:\/\s*$|\/\*|~)/.test(cmd);
+  if (hasDestructivePath && (/rm\s+-[^\s]*r[^\s]*f[^\s]*/.test(cmd) || /rm\s+-[^\s]*f[^\s]*r[^\s]*/.test(cmd))) {
+    const allowPaths = ctx.params?.allowPaths ?? [];
+    if (rmTargetIsAllowed(cmd, allowPaths))
+      return allow();
+    return deny("Catastrophic deletion blocked");
+  }
+  if (hasDestructivePath && /\brm\b/.test(cmd)) {
+    const tokens = parseArgvTokens(cmd);
+    const shortFlags = tokens.filter((t) => /^-[^-]/.test(t)).join("");
+    if (/r/i.test(shortFlags) && /f/.test(shortFlags)) {
+      const allowPaths = ctx.params?.allowPaths ?? [];
+      if (rmTargetIsAllowed(cmd, allowPaths))
+        return allow();
+      return deny("Catastrophic deletion blocked");
+    }
+  }
+  if (/Remove-Item\s+.*-Recurse.*-Force.*(?:[A-Z]:\\(?:\s|$)|\\\*)/i.test(cmd)) {
+    return deny("Catastrophic deletion blocked");
+  }
+  if (/(?:rd|rmdir)\s+\/s\s+\/q\s+[A-Z]:\\/i.test(cmd)) {
+    return deny("Catastrophic deletion blocked");
+  }
+  return allow();
+}
+function blockForcePush(ctx) {
+  if (ctx.toolName !== "Bash")
+    return allow();
+  const args = extractGitPushArgs(getCommand(ctx));
+  if (args.some((a) => FORCE_PUSH_RE.test(a))) {
+    return deny("Force-pushing is blocked");
+  }
+  return allow();
+}
+function blockSecretsWrite(ctx) {
+  if (ctx.toolName !== "Write")
+    return allow();
+  const filePath = getFilePath(ctx);
+  if (SECRET_FILE_RE.test(filePath) || SECRET_FILE_ID_RSA_RE.test(filePath) || SECRET_FILE_CREDENTIALS_RE.test(filePath)) {
+    return deny("Writing secret key files is blocked");
+  }
+  const additionalPatterns = ctx.params?.additionalPatterns ?? [];
+  for (const pattern of additionalPatterns) {
+    if (filePath.includes(pattern)) {
+      return deny(`Writing blocked file pattern: ${pattern}`);
+    }
+  }
+  return allow();
+}
+function extractAbsolutePaths(command) {
+  const paths = [];
+  const pathRe = /(?<![a-zA-Z0-9_.\-~\\])(?:~\/[^\s;|&"'()\[\]{}]*|~(?=\s|$|[;|&"'()\[\]{}])|\/[^\s;|&"'()\[\]{}]*)/g;
+  function addPaths(s) {
+    pathRe.lastIndex = 0;
+    let m;
+    while ((m = pathRe.exec(s)) !== null) {
+      let p = m[0];
+      if (p === "~")
+        p = homedir3();
+      else if (p.startsWith("~/"))
+        p = join2(homedir3(), p.slice(2));
+      paths.push(p);
+    }
+  }
+  let firstBarePipe = command.length;
+  let inDouble = false, inSingle = false;
+  for (let i = 0;i < command.length; i++) {
+    const c = command[i];
+    if (c === '"' && !inSingle)
+      inDouble = !inDouble;
+    else if (c === "'" && !inDouble)
+      inSingle = !inSingle;
+    else if (c === "|" && !inDouble && !inSingle) {
+      firstBarePipe = i;
+      break;
+    }
+  }
+  const firstSegment = command.slice(0, firstBarePipe);
+  const quotedRe = /"([^"]*)"|'([^']*)'/g;
+  let qm;
+  while ((qm = quotedRe.exec(firstSegment)) !== null) {
+    const content = qm[1] ?? qm[2] ?? "";
+    if (/[*?\[\]^$+()\\]/.test(content))
+      continue;
+    addPaths(content);
+  }
+  const stripped = command.replace(/"[^"]*"/g, (m) => " ".repeat(m.length)).replace(/'[^']*'/g, (m) => " ".repeat(m.length));
+  addPaths(stripped);
+  return paths;
+}
+function blockReadOutsideCwd(ctx) {
+  const cwd = ctx.session?.cwd;
+  if (!cwd)
+    return allow();
+  const allowPaths = ctx.params?.allowPaths ?? [];
+  if (ctx.toolName === "Bash") {
+    const cmd = getCommand(ctx);
+    if (!READ_LIKE_CMDS.test(cmd))
+      return allow();
+    const paths = extractAbsolutePaths(cmd);
+    const cwdWithSep2 = cwd.endsWith("/") ? cwd : cwd + "/";
+    for (const p of paths) {
+      const resolved3 = resolve2(cwd, p);
+      if (isClaudeSettingsFile(resolved3)) {
+        return deny(`Reading Claude settings file blocked: ${resolved3}`);
+      }
+      if (isClaudeInternalPath(resolved3))
+        continue;
+      if (resolved3 === "/dev/null")
+        continue;
+      if (resolved3 !== cwd && !resolved3.startsWith(cwdWithSep2)) {
+        if (allowPaths.some((ap) => resolved3 === ap || resolved3.startsWith(ap.endsWith("/") ? ap : ap + "/")))
+          continue;
+        return deny(`Bash read outside project directory blocked: ${resolved3}`);
+      }
+    }
+    return allow();
+  }
+  const filePath = getFilePath(ctx);
+  const searchPath = ctx.toolInput?.path ?? "";
+  const target = filePath || searchPath;
+  if (!target)
+    return allow();
+  const resolved2 = resolve2(cwd, target);
+  if (isClaudeSettingsFile(resolved2)) {
+    return deny(`Reading Claude settings file blocked: ${resolved2}`);
+  }
+  if (isClaudeInternalPath(resolved2))
+    return allow();
+  if (resolved2 === "/dev/null")
+    return allow();
+  const cwdWithSep = cwd.endsWith("/") ? cwd : cwd + "/";
+  if (resolved2 !== cwd && !resolved2.startsWith(cwdWithSep)) {
+    if (allowPaths.some((ap) => resolved2 === ap || resolved2.startsWith(ap.endsWith("/") ? ap : ap + "/")))
+      return allow();
+    return deny(`Access outside project directory blocked: ${resolved2}`);
+  }
+  return allow();
+}
+function blockWorkOnMain(ctx) {
+  if (ctx.toolName !== "Bash")
+    return allow();
+  const cmd = getCommand(ctx);
+  if (!GIT_COMMIT_MERGE_RE.test(cmd))
+    return allow();
+  const cwd = ctx.session?.cwd;
+  if (!cwd)
+    return allow();
+  try {
+    let branch = gitBranchCache.get(cwd);
+    if (branch === undefined) {
+      branch = execSync("git rev-parse --abbrev-ref HEAD", {
+        cwd,
+        encoding: "utf8",
+        timeout: 3000
+      }).trim();
+      gitBranchCache.set(cwd, branch);
+    }
+    const protectedBranches = ctx.params?.protectedBranches ?? ["main", "master"];
+    if (protectedBranches.includes(branch)) {
+      return deny(`Git ${cmd.match(/git\s+(\S+)/)?.[1] ?? "operation"} on ${branch} is blocked. Create a feature branch first.`);
+    }
+  } catch {
+    return allow();
+  }
+  return allow();
+}
+function blockFailproofaiCommands(ctx) {
+  if (ctx.toolName !== "Bash")
+    return allow();
+  const cmd = getCommand(ctx);
+  if (FAILPROOFAI_CLI_RE.test(cmd)) {
+    return deny("Running failproofai CLI commands is blocked");
+  }
+  if (FAILPROOFAI_UNINSTALL_RE.test(cmd)) {
+    return deny("Uninstalling failproofai is blocked");
+  }
+  return allow();
+}
+async function warnRepeatedToolCalls(ctx) {
+  const THRESHOLD = 3;
+  const transcriptPath = ctx.session?.transcriptPath;
+  if (!transcriptPath || !ctx.toolName || !ctx.toolInput)
+    return allow();
+  const trackerPath = `${transcriptPath}.tool-calls.json`;
+  const fingerprint = JSON.stringify({ tool: ctx.toolName, input: ctx.toolInput });
+  let counts = {};
+  try {
+    const raw = await readFile(trackerPath, "utf8");
+    counts = JSON.parse(raw);
+  } catch {}
+  const prevCount = counts[fingerprint] ?? 0;
+  if (prevCount >= THRESHOLD) {
+    return instruct(`STOP: You have already called ${ctx.toolName} ${prevCount} times with identical parameters. This is wasteful and unproductive. Do NOT repeat this call — use a different approach or ask the user for clarification.`);
+  }
+  counts[fingerprint] = prevCount + 1;
+  try {
+    const serialized = JSON.stringify(counts);
+    if (serialized.length <= TOOL_CALL_TRACKER_MAX_BYTES) {
+      await writeFile(trackerPath, serialized, "utf8");
+    }
+  } catch {}
+  return allow();
+}
+function warnGitAmend(ctx) {
+  if (ctx.toolName !== "Bash")
+    return allow();
+  const cmd = getCommand(ctx);
+  if (GIT_AMEND_RE.test(cmd)) {
+    return instruct("STOP: This command amends the last commit, which rewrites git history. If this commit has already been pushed to a shared branch, this will cause divergence for other contributors. Confirm with the user before executing.");
+  }
+  return allow();
+}
+function warnGitStashDrop(ctx) {
+  if (ctx.toolName !== "Bash")
+    return allow();
+  const cmd = getCommand(ctx);
+  if (GIT_STASH_DROP_RE.test(cmd)) {
+    return instruct("STOP: This command permanently deletes stashed changes (git stash drop/clear). Stash entries cannot be recovered after deletion. Confirm with the user before executing.");
+  }
+  return allow();
+}
+function warnAllFilesStaged(ctx) {
+  if (ctx.toolName !== "Bash")
+    return allow();
+  const cmd = getCommand(ctx);
+  if (GIT_ADD_ALL_RE.test(cmd)) {
+    return instruct("STOP: This command stages all files in the working tree (git add -A / --all / .). This may inadvertently include build artifacts, generated files, or sensitive files not covered by .gitignore. Confirm with the user before executing.");
+  }
+  return allow();
+}
+function warnSchemaAlteration(ctx) {
+  if (ctx.toolName !== "Bash")
+    return allow();
+  const cmd = getCommand(ctx);
+  if (!SQL_TOOL_RE.test(cmd))
+    return allow();
+  if (SCHEMA_ALTER_RE.test(cmd)) {
+    return instruct("STOP: This command contains a schema-altering SQL statement (ALTER TABLE with column or rename operation). Schema changes on production databases are irreversible or disruptive. Confirm with the user before executing.");
+  }
+  return allow();
+}
+function warnGlobalPackageInstall(ctx) {
+  if (ctx.toolName !== "Bash")
+    return allow();
+  const cmd = getCommand(ctx);
+  const isGlobal = NPM_GLOBAL_RE.test(cmd) || YARN_GLOBAL_RE.test(cmd) || PNPM_GLOBAL_RE.test(cmd) || BUN_GLOBAL_RE.test(cmd) || CARGO_INSTALL_RE.test(cmd) || PIP_SYSTEM_RE.test(cmd);
+  if (isGlobal) {
+    return instruct("STOP: This command installs a package globally, which modifies the system-wide environment outside the project. This can conflict with other projects or system tools. Confirm with the user before executing.");
+  }
+  return allow();
+}
+function warnBackgroundProcess(ctx) {
+  if (ctx.toolName !== "Bash")
+    return allow();
+  const cmd = getCommand(ctx);
+  const isBackground = NOHUP_RE.test(cmd) || SCREEN_DETACH_RE.test(cmd) || TMUX_DETACH_RE.test(cmd) || DISOWN_RE.test(cmd) || BACKGROUND_AMPERSAND_RE.test(cmd);
+  if (isBackground) {
+    return instruct("STOP: This command starts a background or detached process (nohup, screen -d, tmux -d, or trailing &). Background processes persist after Claude's session and may be difficult to track or stop. Confirm with the user before executing.");
+  }
+  return allow();
+}
+function registerBuiltinPolicies(enabledNames) {
+  const enabledSet = new Set(enabledNames);
+  for (const policy of BUILTIN_POLICIES) {
+    if (enabledSet.has(policy.name)) {
+      registerPolicy(policy.name, policy.description, policy.fn, policy.match);
+    }
+  }
+}
+var SHELL_OPERATORS, SHELL_METACHAR_RE, JWT_RE, API_KEY_PATTERNS, CONNECTION_STRING_RE, PRIVATE_KEY_RE, BEARER_TOKEN_RE, SQL_TOOL_RE, DESTRUCTIVE_SQL_RE, DELETE_NO_WHERE_RE, SQL_WHERE_RE, SCHEMA_ALTER_RE, PUBLISH_CMD_RE, ENV_PRINTENV_RE, ECHO_ENV_RE, EXPORT_RE, PS_ENV_VAR_RE, PS_CHILDITEM_ENV_RE, DOTNET_GETENV_RE, CMD_ECHO_ENV_RE, ENV_FILE_PATH_RE, ENV_CMD_RE, SUDO_RE, PS_ELEVATION_RE, RUNAS_RE, CURL_PIPE_SH_RE, PS_WEB_PIPE_RE, FORCE_PUSH_RE, SECRET_FILE_RE, SECRET_FILE_ID_RSA_RE, SECRET_FILE_CREDENTIALS_RE, GIT_COMMIT_MERGE_RE, FAILPROOFAI_CLI_RE, FAILPROOFAI_UNINSTALL_RE, GIT_AMEND_RE, GIT_STASH_DROP_RE, GIT_ADD_ALL_RE, NPM_GLOBAL_RE, YARN_GLOBAL_RE, PNPM_GLOBAL_RE, BUN_GLOBAL_RE, CARGO_INSTALL_RE, PIP_SYSTEM_RE, NOHUP_RE, SCREEN_DETACH_RE, TMUX_DETACH_RE, DISOWN_RE, BACKGROUND_AMPERSAND_RE, gitBranchCache, READ_LIKE_CMDS, TOOL_CALL_TRACKER_MAX_BYTES = 65536, BUILTIN_POLICIES;
+var init_builtin_policies = __esm(() => {
+  init_hook_logger();
+  SHELL_OPERATORS = new Set(["&&", "||", "|", ";"]);
+  SHELL_METACHAR_RE = /[;&<>`$()\\]/;
+  JWT_RE = /eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}/;
+  API_KEY_PATTERNS = [
+    [/sk-ant-[A-Za-z0-9\-_]{20,}/, "Anthropic API key"],
+    [/sk-proj-[A-Za-z0-9\-_]{20,}/, "OpenAI project API key"],
+    [/sk-[A-Za-z0-9]{20,}/, "OpenAI API key"],
+    [/ghp_[A-Za-z0-9]{36}/, "GitHub personal access token"],
+    [/github_pat_[A-Za-z0-9_]{82}/, "GitHub fine-grained token"],
+    [/AKIA[A-Z0-9]{16}/, "AWS access key ID"],
+    [/sk_live_[A-Za-z0-9]{24,}/, "Stripe live secret key"],
+    [/sk_test_[A-Za-z0-9]{24,}/, "Stripe test secret key"],
+    [/AIza[0-9A-Za-z\-_]{35}/, "Google API key"]
+  ];
+  CONNECTION_STRING_RE = /(?:postgresql|postgres|mysql|mongodb(?:\+srv)?|redis|amqps?|smtps?):\/\/[^@\s]+@/;
+  PRIVATE_KEY_RE = /-----BEGIN (?:[A-Z]+ )?PRIVATE KEY-----/;
+  BEARER_TOKEN_RE = /Authorization:\s*Bearer\s+[A-Za-z0-9\-._~+/]{20,}/i;
+  SQL_TOOL_RE = /\b(?:psql|mysql|sqlite3|pgcli|clickhouse-client)\b/;
+  DESTRUCTIVE_SQL_RE = /\b(?:DROP\s+(?:TABLE|DATABASE|SCHEMA)|TRUNCATE\b)/i;
+  DELETE_NO_WHERE_RE = /\bDELETE\s+FROM\b/i;
+  SQL_WHERE_RE = /\bWHERE\b/i;
+  SCHEMA_ALTER_RE = /\bALTER\s+TABLE\b[\s\S]*\b(?:DROP\s+COLUMN|ADD\s+COLUMN|RENAME\s+(?:COLUMN|TO)|MODIFY\s+COLUMN)\b/i;
+  PUBLISH_CMD_RE = /(?:npm\s+publish|bun\s+publish|pnpm\s+publish|yarn\s+npm\s+publish|twine\s+upload|poetry\s+publish|cargo\s+publish|gem\s+push)\b/;
+  ENV_PRINTENV_RE = /(?:^|\s|;|&&|\|\|)(?:env|printenv)(?:\s|$|;|&&|\|)/;
+  ECHO_ENV_RE = /echo\s+.*\$[A-Za-z_]/;
+  EXPORT_RE = /(?:^|\s|;|&&|\|\|)export\s+\w+/;
+  PS_ENV_VAR_RE = /\$env:[A-Za-z_]/i;
+  PS_CHILDITEM_ENV_RE = /(?:Get-ChildItem|dir|gci|ls)\s+Env:/i;
+  DOTNET_GETENV_RE = /\[Environment\]::GetEnvironment/i;
+  CMD_ECHO_ENV_RE = /echo\s+%[A-Za-z_]/i;
+  ENV_FILE_PATH_RE = /(?:^|[\\/])\.env(?:\.|$)/;
+  ENV_CMD_RE = /\.env(?:\b|\s|$|\.)/;
+  SUDO_RE = /(?:^|;|&&|\|\|)\s*sudo\s/;
+  PS_ELEVATION_RE = /Start-Process\s+.*-Verb\s+RunAs/i;
+  RUNAS_RE = /(?:^|;|&&|\|\|)\s*runas\s/i;
+  CURL_PIPE_SH_RE = /(?:curl|wget)\s.*\|\s*(?:sh|bash|zsh)/;
+  PS_WEB_PIPE_RE = /(?:Invoke-WebRequest|iwr|Invoke-RestMethod|irm)\s+.*\|\s*(?:Invoke-Expression|iex)/i;
+  FORCE_PUSH_RE = /(?:--force|-f\b)/;
+  SECRET_FILE_RE = /\.(?:pem|key)$/;
+  SECRET_FILE_ID_RSA_RE = /id_rsa/;
+  SECRET_FILE_CREDENTIALS_RE = /credentials/;
+  GIT_COMMIT_MERGE_RE = /git\s+(?:commit|merge|rebase|cherry-pick)\b/;
+  FAILPROOFAI_CLI_RE = /(?:^|;|&&|\|\||\|)\s*failproofai(?:\s|$)/;
+  FAILPROOFAI_UNINSTALL_RE = /(?:npm\s+(?:uninstall|remove|un|r)\s.*failproofai|bun\s+remove\s.*failproofai|yarn\s+global\s+remove\s+failproofai|pnpm\s+(?:remove|uninstall|un)\s.*failproofai)/;
+  GIT_AMEND_RE = /\bgit\s+commit\b.*--amend\b/;
+  GIT_STASH_DROP_RE = /\bgit\s+stash\s+(?:drop|clear)\b/;
+  GIT_ADD_ALL_RE = /\bgit\s+add\s+(?:-A\b|--all\b|\.(?:\s|$|;|&&|\|\|))/;
+  NPM_GLOBAL_RE = /\bnpm\s+(?:install|i)\b(?=.*(?:\s-g\b|--global\b))/;
+  YARN_GLOBAL_RE = /\byarn\s+global\s+add\b/;
+  PNPM_GLOBAL_RE = /\bpnpm\s+(?:add|install|i)\b(?=.*(?:\s-g\b|--global\b))/;
+  BUN_GLOBAL_RE = /\bbun\s+(?:install|add)\b(?=.*(?:\s-g\b|--global\b))/;
+  CARGO_INSTALL_RE = /\bcargo\s+install\b/;
+  PIP_SYSTEM_RE = /\bpip(?:3)?\s+install\b(?=.*(?:--user\b|--break-system-packages\b))/;
+  NOHUP_RE = /\bnohup\s+\S/;
+  SCREEN_DETACH_RE = /\bscreen\s+-[A-Za-z]*d[A-Za-z]*\b/;
+  TMUX_DETACH_RE = /\btmux\s+(?:new-session|new)\b[^|&;]*-d\b/;
+  DISOWN_RE = /\bdisown\b/;
+  BACKGROUND_AMPERSAND_RE = /(?<![&|])\s?&\s*(?:$|#|;)/;
+  gitBranchCache = new Map;
+  READ_LIKE_CMDS = /(?:^|;|&&|\|\||\|)\s*(?:ls|find|cat|head|tail|less|more|wc|file|stat|tree|du)\s/;
+  BUILTIN_POLICIES = [
+    {
+      name: "sanitize-jwt",
+      description: "Stop Claude from reading JWTs in tool responses",
+      fn: sanitizeJwt,
+      match: { events: ["PostToolUse"] },
+      defaultEnabled: true,
+      category: "Sanitize"
+    },
+    {
+      name: "sanitize-api-keys",
+      description: "Stop Claude from reading API keys (OpenAI, Anthropic, GitHub, AWS, Stripe, Google) in tool responses",
+      fn: sanitizeApiKeys,
+      match: { events: ["PostToolUse"] },
+      defaultEnabled: true,
+      category: "Sanitize",
+      params: {
+        additionalPatterns: {
+          type: "pattern[]",
+          description: "Additional API key patterns to scrub, each with { regex, label }",
+          default: []
+        }
+      }
+    },
+    {
+      name: "sanitize-connection-strings",
+      description: "Stop Claude from reading database connection strings with embedded credentials in tool responses",
+      fn: sanitizeConnectionStrings,
+      match: { events: ["PostToolUse"] },
+      defaultEnabled: true,
+      category: "Sanitize"
+    },
+    {
+      name: "sanitize-private-key-content",
+      description: "Stop Claude from reading PEM private key content in tool responses",
+      fn: sanitizePrivateKeyContent,
+      match: { events: ["PostToolUse"] },
+      defaultEnabled: true,
+      category: "Sanitize"
+    },
+    {
+      name: "sanitize-bearer-tokens",
+      description: "Stop Claude from reading Authorization Bearer tokens in tool responses",
+      fn: sanitizeBearerTokens,
+      match: { events: ["PostToolUse"] },
+      defaultEnabled: true,
+      category: "Sanitize"
+    },
+    {
+      name: "protect-env-vars",
+      description: "Prevent commands that read environment variables",
+      fn: protectEnvVars,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: true,
+      category: "Environment"
+    },
+    {
+      name: "block-env-files",
+      description: "Block reading/writing .env files",
+      fn: blockEnvFiles,
+      match: { events: ["PreToolUse"] },
+      defaultEnabled: true,
+      category: "Environment"
+    },
+    {
+      name: "block-read-outside-cwd",
+      description: "Block file reads outside the session working directory",
+      fn: blockReadOutsideCwd,
+      match: { events: ["PreToolUse"], toolNames: ["Read", "Glob", "Grep", "Bash"] },
+      defaultEnabled: false,
+      category: "Environment",
+      params: {
+        allowPaths: {
+          type: "string[]",
+          description: "Absolute paths outside cwd that are allowed to be read",
+          default: []
+        }
+      }
+    },
+    {
+      name: "block-sudo",
+      description: "Block sudo commands",
+      fn: blockSudo,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: true,
+      category: "Dangerous Commands",
+      params: {
+        allowPatterns: {
+          type: "string[]",
+          description: "Sudo command patterns to allow, matched token-by-token (e.g. 'sudo systemctl status')",
+          default: []
+        }
+      }
+    },
+    {
+      name: "block-curl-pipe-sh",
+      description: "Block piping downloads to shell",
+      fn: blockCurlPipeSh,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: true,
+      category: "Dangerous Commands"
+    },
+    {
+      name: "block-rm-rf",
+      description: "Prevent catastrophic deletions",
+      fn: blockRmRf,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Dangerous Commands",
+      params: {
+        allowPaths: {
+          type: "string[]",
+          description: "Paths that are allowed to be recursively deleted",
+          default: []
+        }
+      }
+    },
+    {
+      name: "block-failproofai-commands",
+      description: "Block failproofai CLI commands and uninstallation",
+      fn: blockFailproofaiCommands,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: true,
+      category: "Dangerous Commands"
+    },
+    {
+      name: "block-secrets-write",
+      description: "Block writing secret key files",
+      fn: blockSecretsWrite,
+      match: { events: ["PreToolUse"], toolNames: ["Write"] },
+      defaultEnabled: false,
+      category: "Dangerous Commands",
+      params: {
+        additionalPatterns: {
+          type: "string[]",
+          description: "Additional filename patterns (substrings) to block",
+          default: []
+        }
+      }
+    },
+    {
+      name: "block-push-master",
+      description: "Block pushing to main/master",
+      fn: blockPushMaster,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: true,
+      category: "Git",
+      params: {
+        protectedBranches: {
+          type: "string[]",
+          description: "Branch names to protect from direct pushes",
+          default: ["main", "master"]
+        }
+      }
+    },
+    {
+      name: "block-force-push",
+      description: "Prevent force-pushing to any branch",
+      fn: blockForcePush,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Git"
+    },
+    {
+      name: "block-work-on-main",
+      description: "Block git commits and merges on main/master branch",
+      fn: blockWorkOnMain,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Git",
+      params: {
+        protectedBranches: {
+          type: "string[]",
+          description: "Branch names where commits/merges are blocked",
+          default: ["main", "master"]
+        }
+      }
+    },
+    {
+      name: "warn-git-amend",
+      description: "Warns before amending git commits, which rewrites history",
+      fn: warnGitAmend,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Git"
+    },
+    {
+      name: "warn-git-stash-drop",
+      description: "Warns before permanently deleting stashed changes",
+      fn: warnGitStashDrop,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Git"
+    },
+    {
+      name: "warn-all-files-staged",
+      description: "Warns before staging all working tree files with git add -A / . / --all",
+      fn: warnAllFilesStaged,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Git"
+    },
+    {
+      name: "warn-destructive-sql",
+      description: "Warn before executing destructive SQL (DROP/TRUNCATE/DELETE without WHERE) via database clients",
+      fn: warnDestructiveSql,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Database"
+    },
+    {
+      name: "warn-schema-alteration",
+      description: "Warns before SQL schema changes (ALTER TABLE with column or rename operations)",
+      fn: warnSchemaAlteration,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Database"
+    },
+    {
+      name: "warn-package-publish",
+      description: "Warn before publishing packages to public registries (npm, PyPI, crates.io, RubyGems, etc.)",
+      fn: warnPackagePublish,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Packages & System"
+    },
+    {
+      name: "warn-global-package-install",
+      description: "Warns before installing packages globally (npm -g, cargo install, etc.)",
+      fn: warnGlobalPackageInstall,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Packages & System"
+    },
+    {
+      name: "warn-large-file-write",
+      description: "Warn before writing files larger than 1MB (configurable via thresholdKb param)",
+      fn: warnLargeFileWrite,
+      match: { events: ["PreToolUse"], toolNames: ["Write"] },
+      defaultEnabled: false,
+      category: "Packages & System",
+      params: {
+        thresholdKb: {
+          type: "number",
+          description: "File size threshold in KB above which a warning is issued",
+          default: 1024
+        }
+      }
+    },
+    {
+      name: "warn-background-process",
+      description: "Warns before starting detached or background processes",
+      fn: warnBackgroundProcess,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Packages & System"
+    },
+    {
+      name: "warn-repeated-tool-calls",
+      description: "Warn when the same tool is called 3+ times with identical parameters",
+      fn: warnRepeatedToolCalls,
+      match: { events: ["PreToolUse"] },
+      defaultEnabled: false,
+      category: "AI Behavior"
+    }
+  ];
+});
+
+// src/hooks/policy-evaluator.ts
+async function evaluatePolicies(eventType, payload, session, config) {
+  const toolName = payload.tool_name;
+  const toolInput = payload.tool_input;
+  const policies = getPoliciesForEvent(eventType, toolName);
+  hookLogInfo(`evaluating ${policies.length} policies for ${eventType}`);
+  if (policies.length === 0) {
+    return { exitCode: 0, stdout: "", stderr: "", policyName: null, reason: null, decision: "allow" };
+  }
+  const baseCtx = {
+    eventType,
+    payload,
+    toolName,
+    toolInput,
+    session
+  };
+  let instructPolicyName = null;
+  let instructReason = null;
+  for (const policy of policies) {
+    const schema = POLICY_PARAMS_MAP.get(policy.name);
+    let ctx;
+    if (schema) {
+      const userParams = config?.policyParams?.[policy.name] ?? {};
+      const resolvedParams = {};
+      for (const [key, spec] of Object.entries(schema)) {
+        resolvedParams[key] = key in userParams ? userParams[key] : spec.default;
+      }
+      ctx = { ...baseCtx, params: resolvedParams };
+    } else {
+      ctx = { ...baseCtx, params: {} };
+    }
+    let result;
+    try {
+      result = await policy.fn(ctx);
+    } catch (err) {
+      hookLogWarn(`policy "${policy.name}" threw: ${err instanceof Error ? err.message : String(err)}`);
+      continue;
+    }
+    if (result.decision === "deny") {
+      const reason = result.reason ?? `Blocked by policy: ${policy.name}`;
+      hookLogInfo(`deny by "${policy.name}": ${reason}`);
+      const displayTool = ctx.toolName ?? "unknown tool";
+      if (eventType === "PreToolUse") {
+        const response = {
+          hookSpecificOutput: {
+            hookEventName: eventType,
+            permissionDecision: "deny",
+            permissionDecisionReason: `Blocked ${displayTool} by failproofai because: ${reason}, as per the policy configured by the user`
+          }
+        };
+        return {
+          exitCode: 0,
+          stdout: JSON.stringify(response),
+          stderr: "",
+          policyName: policy.name,
+          reason,
+          decision: "deny"
+        };
+      }
+      if (eventType === "PostToolUse") {
+        const response = {
+          hookSpecificOutput: {
+            hookEventName: eventType,
+            additionalContext: `Blocked ${displayTool} by failproofai because: ${reason}, as per the policy configured by the user`
+          }
+        };
+        return {
+          exitCode: 0,
+          stdout: JSON.stringify(response),
+          stderr: "",
+          policyName: policy.name,
+          reason,
+          decision: "deny"
+        };
+      }
+      return {
+        exitCode: 2,
+        stdout: "",
+        stderr: "",
+        policyName: policy.name,
+        reason,
+        decision: "deny"
+      };
+    }
+    if (result.decision === "instruct" && !instructPolicyName) {
+      instructPolicyName = policy.name;
+      instructReason = result.reason ?? `Instruction from policy: ${policy.name}`;
+      hookLogInfo(`instruct by "${policy.name}": ${instructReason}`);
+    }
+  }
+  if (instructPolicyName && instructReason) {
+    if (eventType === "Stop") {
+      return {
+        exitCode: 2,
+        stdout: "",
+        stderr: instructReason,
+        policyName: instructPolicyName,
+        reason: instructReason,
+        decision: "instruct"
+      };
+    }
+    const response = {
+      hookSpecificOutput: {
+        hookEventName: eventType,
+        additionalContext: `Instruction from failproofai: ${instructReason}`
+      }
+    };
+    return {
+      exitCode: 0,
+      stdout: JSON.stringify(response),
+      stderr: "",
+      policyName: instructPolicyName,
+      reason: instructReason,
+      decision: "instruct"
+    };
+  }
+  return { exitCode: 0, stdout: "", stderr: "", policyName: null, reason: null, decision: "allow" };
+}
+var POLICY_PARAMS_MAP;
+var init_policy_evaluator = __esm(() => {
+  init_builtin_policies();
+  init_hook_logger();
+  POLICY_PARAMS_MAP = new Map(BUILTIN_POLICIES.filter((p) => p.params).map((p) => [p.name, p.params]));
+});
+
+// src/hooks/custom-hooks-registry.ts
+function getRegistry2() {
+  const g = globalThis;
+  if (!Array.isArray(g[REGISTRY_KEY2]))
+    g[REGISTRY_KEY2] = [];
+  return g[REGISTRY_KEY2];
+}
+function getCustomHooks() {
+  return getRegistry2();
+}
+function clearCustomHooks() {
+  const g = globalThis;
+  g[REGISTRY_KEY2] = [];
+}
+var REGISTRY_KEY2 = "__failproofai_custom_hooks__";
+var init_custom_hooks_registry = () => {};
+
+// src/hooks/loader-utils.ts
+import { readFile as readFile2, writeFile as writeFile2, unlink, access } from "fs/promises";
+import { resolve as resolve3, dirname as dirname2, relative } from "path";
+import { pathToFileURL } from "url";
+async function fileExists(path) {
+  try {
+    await access(path);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function findDistIndex() {
+  const distPath = process.env.FAILPROOFAI_DIST_PATH;
+  if (distPath) {
+    const candidate = resolve3(distPath, "index.js");
+    if (await fileExists(candidate))
+      return candidate;
+  }
+  const candidates = [
+    resolve3(dirname2(process.execPath), "..", "assets", "dist", "index.js"),
+    resolve3(process.cwd(), "dist", "index.js"),
+    resolve3(process.cwd(), "node_modules", "failproofai", "dist", "index.js")
+  ];
+  for (const c of candidates) {
+    if (await fileExists(c))
+      return c;
+  }
+  return null;
+}
+async function resolveLocalImport(fromDir, specifier) {
+  const base = resolve3(fromDir, specifier);
+  const candidates = [base, `${base}.js`, `${base}.mjs`, `${base}.ts`, resolve3(base, "index.js")];
+  for (const c of candidates) {
+    if (await fileExists(c))
+      return c;
+  }
+  return null;
+}
+async function createEsmShim(distIndex, distUrl) {
+  const shimPath = distIndex + ".__failproofai_esm_shim__.mjs";
+  const shimCode = [
+    `import _cjs from '${distUrl}';`,
+    `export const createApp = _cjs.createApp;`,
+    `export const getQueueCondition = _cjs.getQueueCondition;`,
+    `export const clearQueueCondition = _cjs.clearQueueCondition;`,
+    `export const customPolicies = _cjs.customPolicies;`,
+    `export const allow = _cjs.allow;`,
+    `export const deny = _cjs.deny;`,
+    `export const instruct = _cjs.instruct;`,
+    `export default _cjs;`
+  ].join(`
+`);
+  await writeFile2(shimPath, shimCode, "utf-8");
+  return { shimPath, shimUrl: pathToFileURL(shimPath).href };
+}
+async function rewriteFileTree(entryPath, distUrl, distIndex) {
+  const queue = [entryPath];
+  const visited = new Set;
+  const tmpFiles = [];
+  let esmShimUrl = null;
+  if (distIndex && distUrl) {
+    const shim = await createEsmShim(distIndex, distUrl);
+    tmpFiles.push(shim.shimPath);
+    esmShimUrl = shim.shimUrl;
+  }
+  while (queue.length > 0) {
+    const filePath = queue.shift();
+    if (visited.has(filePath))
+      continue;
+    visited.add(filePath);
+    let code = await readFile2(filePath, "utf-8");
+    if (esmShimUrl) {
+      code = code.replace(/from\s+(['"])(?:claudeye|failproofai)\1/g, `from '${esmShimUrl}'`);
+    }
+    if (distIndex) {
+      code = code.replace(/require\s*\(\s*(['"])(?:claudeye|failproofai)\1\s*\)/g, `require('${distIndex.replace(/\\/g, "\\\\")}')`);
+    }
+    const dir = dirname2(filePath);
+    const rewrites = new Map;
+    for (const re of [LOCAL_IMPORT_RE, LOCAL_REQUIRE_RE]) {
+      const freshRe = new RegExp(re.source, re.flags);
+      let match;
+      while ((match = freshRe.exec(code)) !== null) {
+        const specifier = match[2];
+        if (rewrites.has(specifier))
+          continue;
+        const resolved2 = await resolveLocalImport(dir, specifier);
+        if (!resolved2)
+          continue;
+        if (!visited.has(resolved2) && !queue.includes(resolved2)) {
+          queue.push(resolved2);
+        }
+        let relPath = relative(dir, resolved2 + TMP_SUFFIX).split("\\").join("/");
+        if (!relPath.startsWith("."))
+          relPath = "./" + relPath;
+        rewrites.set(specifier, relPath);
+      }
+    }
+    const sortedSpecs = [...rewrites.keys()].sort((a, b) => b.length - a.length);
+    for (const specifier of sortedSpecs) {
+      const replacement = rewrites.get(specifier);
+      const escaped = specifier.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+      code = code.replace(new RegExp(`'${escaped}'`, "g"), `'${replacement}'`);
+      code = code.replace(new RegExp(`"${escaped}"`, "g"), `"${replacement}"`);
+    }
+    const tmpPath = filePath + TMP_SUFFIX;
+    await writeFile2(tmpPath, code, "utf-8");
+    tmpFiles.push(tmpPath);
+  }
+  return tmpFiles;
+}
+async function cleanupTmpFiles(tmpFiles) {
+  for (const tmp of tmpFiles) {
+    try {
+      await unlink(tmp);
+    } catch {}
+  }
+}
+var TMP_SUFFIX = ".__failproofai_tmp__.mjs", LOCAL_IMPORT_RE, LOCAL_REQUIRE_RE;
+var init_loader_utils = __esm(() => {
+  LOCAL_IMPORT_RE = /(?:import\s+(?:[\s\S]*?\s+from\s+)?|export\s+(?:[\s\S]*?\s+from\s+))(['"])(\.\.?\/[^'"]+)\1/g;
+  LOCAL_REQUIRE_RE = /require\s*\(\s*(['"])(\.\.?\/[^'"]+)\1\s*\)/g;
+});
+
+// src/hooks/custom-hooks-loader.ts
+import { resolve as resolve4, isAbsolute } from "node:path";
+import { existsSync as existsSync3 } from "node:fs";
+import { pathToFileURL as pathToFileURL2 } from "node:url";
+async function loadCustomHooks(customPoliciesPath, opts) {
+  if (!customPoliciesPath)
+    return [];
+  const absPath = isAbsolute(customPoliciesPath) ? customPoliciesPath : resolve4(process.cwd(), customPoliciesPath);
+  if (!existsSync3(absPath)) {
+    if (opts?.strict)
+      throw new Error(`Custom hooks file not found: ${absPath}`);
+    hookLogWarn(`customPoliciesPath not found: ${absPath}`);
+    return [];
+  }
+  clearCustomHooks();
+  const g = globalThis;
+  g[LOADING_KEY] = true;
+  let tmpFiles = [];
+  try {
+    const distIndex = await findDistIndex();
+    const distUrl = distIndex ? pathToFileURL2(distIndex).href : null;
+    tmpFiles = await rewriteFileTree(absPath, distUrl, distIndex);
+    const entryTmp = absPath + TMP_SUFFIX;
+    const fileUrl = pathToFileURL2(entryTmp).href;
+    await import(fileUrl);
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (opts?.strict)
+      throw new Error(`Failed to load custom hooks from ${absPath}: ${msg}`);
+    hookLogError(`failed to load custom hooks from ${absPath}: ${msg}`);
+    return [];
+  } finally {
+    g[LOADING_KEY] = false;
+    await cleanupTmpFiles(tmpFiles);
+  }
+  return getCustomHooks();
+}
+var LOADING_KEY = "__FAILPROOFAI_LOADING_HOOKS__";
+var init_custom_hooks_loader = __esm(() => {
+  init_hook_logger();
+  init_custom_hooks_registry();
+  init_loader_utils();
+});
+
+// src/hooks/hook-activity-store.ts
+import {
+  readFileSync as readFileSync2,
+  writeFileSync as writeFileSync2,
+  appendFileSync as appendFileSync2,
+  renameSync as renameSync2,
+  readdirSync,
+  mkdirSync as mkdirSync3,
+  existsSync as existsSync4,
+  statSync as statSync2,
+  unlinkSync
+} from "node:fs";
+import { join as join3 } from "node:path";
+import { homedir as homedir4 } from "node:os";
+function ensureDir() {
+  if (!existsSync4(storeDir)) {
+    mkdirSync3(storeDir, { recursive: true });
+  }
+}
+function acquireLock() {
+  ensureDir();
+  const lockPath = join3(storeDir, LOCK_FILE);
+  const deadline = Date.now() + LOCK_STALE_MS;
+  while (Date.now() < deadline) {
+    try {
+      writeFileSync2(lockPath, String(process.pid), { flag: "wx" });
+      return;
+    } catch (e) {
+      if (e.code !== "EEXIST")
+        return;
+      try {
+        const s = statSync2(lockPath);
+        if (Date.now() - s.mtimeMs > LOCK_STALE_MS) {
+          writeFileSync2(lockPath, String(process.pid), "utf-8");
+          return;
+        }
+      } catch {}
+    }
+  }
+}
+function releaseLock() {
+  try {
+    unlinkSync(join3(storeDir, LOCK_FILE));
+  } catch {}
+}
+function persistHookActivity(entry) {
+  ensureDir();
+  acquireLock();
+  try {
+    const currentPath = join3(storeDir, CURRENT_FILE);
+    const countPath = join3(storeDir, COUNT_FILE);
+    const lineCount = readCount(countPath);
+    if (lineCount >= PAGE_SIZE) {
+      try {
+        rotate(currentPath, countPath);
+      } catch (e) {
+        if (e.code !== "ENOENT")
+          throw e;
+      }
+    }
+    appendFileSync2(currentPath, JSON.stringify(entry) + `
+`, "utf-8");
+    writeCount(countPath, lineCount >= PAGE_SIZE ? 1 : lineCount + 1);
+    updateStats(entry);
+  } finally {
+    releaseLock();
+  }
+}
+function rotate(currentPath, countPath) {
+  const archiveName = `page-${Date.now()}-${rotateSeq++}.jsonl`;
+  const archivePath = join3(storeDir, archiveName);
+  renameSync2(currentPath, archivePath);
+  writeCount(countPath, 0);
+}
+function readCount(countPath) {
+  try {
+    const n = parseInt(readFileSync2(countPath, "utf-8"), 10);
+    return isNaN(n) ? 0 : n;
+  } catch {
+    return 0;
+  }
+}
+function writeCount(countPath, n) {
+  try {
+    writeFileSync2(countPath, String(n), "utf-8");
+  } catch {}
+}
+function readStoredStats() {
+  try {
+    return JSON.parse(readFileSync2(join3(storeDir, STATS_FILE), "utf-8"));
+  } catch {
+    return { totalEvents: 0, denyCount: 0, policyMap: {} };
+  }
+}
+function updateStats(entry) {
+  const s = readStoredStats();
+  s.totalEvents += 1;
+  if (entry.decision === "deny")
+    s.denyCount += 1;
+  if (entry.policyName) {
+    s.policyMap[entry.policyName] = (s.policyMap[entry.policyName] ?? 0) + 1;
+  }
+  const tmpPath = join3(storeDir, `stats.json.${process.pid}.tmp`);
+  try {
+    writeFileSync2(tmpPath, JSON.stringify(s), "utf-8");
+    renameSync2(tmpPath, join3(storeDir, STATS_FILE));
+  } catch {
+    try {
+      unlinkSync(tmpPath);
+    } catch {}
+  }
+}
+var PAGE_SIZE = 25, DEFAULT_STORE_DIR, CURRENT_FILE = "current.jsonl", COUNT_FILE = "current.count", STATS_FILE = "stats.json", LOCK_FILE = "current.lock", LOCK_STALE_MS = 2000, storeDir, rotateSeq = 0;
+var init_hook_activity_store = __esm(() => {
+  DEFAULT_STORE_DIR = join3(homedir4(), ".failproofai", "cache", "hook-activity");
+  storeDir = DEFAULT_STORE_DIR;
+});
+
+// package.json
+var version2 = "0.0.2-beta.1";
+var init_package = () => {};
+
+// src/posthog-key.ts
+var POSTHOG_API_KEY = "phc_Ac1Ww1GqKc0z1SyrRWbmatEeQdlOQIsDEEdP8l8JRgX";
+
+// src/hooks/hook-telemetry.ts
+async function trackHookEvent(distinctId, event, properties) {
+  if (process.env.FAILPROOFAI_TELEMETRY_DISABLED === "1")
+    return;
+  const body = JSON.stringify({
+    api_key: process.env.FAILPROOFAI_POSTHOG_KEY ?? API_KEY,
+    event,
+    distinct_id: distinctId,
+    properties: { ...properties, $lib: "failproofai-hooks", failproofai_version: version2 }
+  });
+  try {
+    await fetch(process.env.FAILPROOFAI_POSTHOG_HOST ? `${process.env.FAILPROOFAI_POSTHOG_HOST}/capture/` : CAPTURE_URL, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body,
+      signal: AbortSignal.timeout(5000)
+    });
+  } catch {}
+}
+var API_KEY, CAPTURE_URL = "https://us.i.posthog.com/capture/";
+var init_hook_telemetry = __esm(() => {
+  init_package();
+  API_KEY = POSTHOG_API_KEY;
+});
+
+// lib/telemetry-id.ts
+import fs from "node:fs";
+import path from "node:path";
+import os from "node:os";
+import crypto from "node:crypto";
+import { execSync as execSync2 } from "node:child_process";
+function hashToId(raw) {
+  return crypto.createHmac("sha256", NAMESPACE).update(raw).digest("hex");
+}
+function getPlatformMachineId() {
+  try {
+    const platform = os.platform();
+    if (platform === "linux") {
+      for (const p of ["/etc/machine-id", "/var/lib/dbus/machine-id"]) {
+        try {
+          const id = fs.readFileSync(p, "utf-8").trim();
+          if (id)
+            return id;
+        } catch {}
+      }
+    } else if (platform === "darwin") {
+      const out = execSync2("ioreg -rd1 -c IOPlatformExpertDevice", {
+        encoding: "utf-8",
+        timeout: 3000
+      });
+      const m = out.match(/"IOPlatformUUID"\s*=\s*"([^"]+)"/);
+      if (m?.[1])
+        return m[1];
+    } else if (platform === "win32") {
+      const out = execSync2('reg query "HKLM\\SOFTWARE\\Microsoft\\Cryptography" /v MachineGuid', { encoding: "utf-8", timeout: 3000 });
+      const m = out.match(/MachineGuid\s+REG_SZ\s+(\S+)/);
+      if (m?.[1])
+        return m[1];
+    }
+  } catch {}
+  return;
+}
+function getSystemPropertiesId() {
+  return [
+    os.hostname(),
+    os.homedir(),
+    os.platform(),
+    os.arch(),
+    os.cpus()[0]?.model ?? ""
+  ].join(":");
+}
+function getFileBasedId() {
+  try {
+    const existing = fs.readFileSync(ID_FILE, "utf-8").trim();
+    if (existing)
+      return existing;
+  } catch {}
+  const id = crypto.randomUUID();
+  try {
+    fs.mkdirSync(ID_DIR, { recursive: true });
+    fs.writeFileSync(ID_FILE, id, "utf-8");
+  } catch {}
+  return id;
+}
+function getInstanceId() {
+  if (cachedId)
+    return cachedId;
+  const machineId = getPlatformMachineId();
+  if (machineId) {
+    cachedId = hashToId(machineId);
+    return cachedId;
+  }
+  const sysProps = getSystemPropertiesId();
+  if (sysProps) {
+    cachedId = hashToId(sysProps);
+    return cachedId;
+  }
+  cachedId = getFileBasedId();
+  return cachedId;
+}
+var NAMESPACE = "failproofai-telemetry-v1", ID_DIR, ID_FILE, cachedId;
+var init_telemetry_id = __esm(() => {
+  ID_DIR = path.join(os.homedir(), ".failproofai");
+  ID_FILE = path.join(ID_DIR, "instance-id");
+});
+
+// src/hooks/handler.ts
+var exports_handler = {};
+__export(exports_handler, {
+  handleHookEvent: () => handleHookEvent
+});
+async function handleHookEvent(eventType) {
+  const startTime = performance.now();
+  const MAX_STDIN_BYTES = 1048576;
+  let payload = "";
+  try {
+    payload = await new Promise((resolve5, reject) => {
+      const chunks = [];
+      let totalBytes = 0;
+      process.stdin.setEncoding("utf8");
+      process.stdin.on("data", (chunk) => {
+        totalBytes += Buffer.byteLength(chunk);
+        if (totalBytes > MAX_STDIN_BYTES) {
+          hookLogWarn(`stdin payload exceeds 1 MB for ${eventType}, discarding`);
+          process.stdin.destroy();
+          resolve5("");
+          return;
+        }
+        chunks.push(chunk);
+      });
+      process.stdin.on("end", () => resolve5(chunks.join("")));
+      process.stdin.on("error", reject);
+      if (process.stdin.readableEnded)
+        resolve5("");
+    });
+  } catch {
+    hookLogWarn(`stdin read failed for ${eventType}`);
+  }
+  let parsed = {};
+  if (payload) {
+    try {
+      parsed = JSON.parse(payload);
+    } catch {
+      hookLogWarn(`payload parse failed for ${eventType} (${payload.length} bytes)`);
+    }
+  }
+  const session = {
+    sessionId: parsed.session_id,
+    transcriptPath: parsed.transcript_path,
+    cwd: parsed.cwd,
+    permissionMode: parsed.permission_mode,
+    hookEventName: parsed.hook_event_name
+  };
+  const config = readMergedHooksConfig(session.cwd);
+  clearPolicies();
+  registerBuiltinPolicies(config.enabledPolicies);
+  const customHooksList = await loadCustomHooks(config.customPoliciesPath);
+  for (const hook of customHooksList) {
+    const hookName = hook.name;
+    const fn = async (ctx) => {
+      try {
+        const result2 = await Promise.race([
+          hook.fn(ctx),
+          new Promise((_, reject) => setTimeout(() => reject(new Error("timeout")), 1e4))
+        ]);
+        return result2;
+      } catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        const isTimeout = msg === "timeout";
+        hookLogWarn(`custom hook "${hookName}" failed: ${msg}`);
+        trackHookEvent(getInstanceId(), "custom_hook_error", {
+          hook_name: hookName,
+          error_type: isTimeout ? "timeout" : "exception",
+          event_type: eventType
+        });
+        return { decision: "allow" };
+      }
+    };
+    registerPolicy(`custom/${hookName}`, hook.description ?? "", fn, hook.match ?? {}, -1);
+  }
+  if (customHooksList.length > 0) {
+    trackHookEvent(getInstanceId(), "custom_hooks_loaded", {
+      custom_hooks_count: customHooksList.length,
+      custom_hook_names: customHooksList.map((h) => h.name),
+      event_types_covered: [...new Set(customHooksList.flatMap((h) => h.match?.events ?? []))]
+    });
+  }
+  hookLogInfo(`event=${eventType} policies=${config.enabledPolicies.length} custom=${customHooksList.length}`);
+  const result = await evaluatePolicies(eventType, parsed, session, config);
+  const durationMs = Math.round(performance.now() - startTime);
+  hookLogInfo(`result=${result.decision} policy=${result.policyName ?? "none"} duration=${durationMs}ms`);
+  if (result.stdout) {
+    process.stdout.write(result.stdout);
+  }
+  if (result.stderr) {
+    process.stderr.write(result.stderr);
+  }
+  try {
+    persistHookActivity({
+      timestamp: Date.now(),
+      eventType,
+      toolName: parsed.tool_name ?? null,
+      policyName: result.policyName,
+      decision: result.decision,
+      reason: result.reason,
+      durationMs,
+      sessionId: session.sessionId,
+      transcriptPath: session.transcriptPath,
+      cwd: session.cwd,
+      permissionMode: session.permissionMode,
+      hookEventName: session.hookEventName
+    });
+  } catch {
+    hookLogWarn("activity persistence failed");
+  }
+  if (result.decision === "deny" || result.decision === "instruct") {
+    try {
+      const isCustomHook = result.policyName?.startsWith("custom/") ?? false;
+      const hasCustomParams = !isCustomHook && !!(result.policyName && config.policyParams?.[result.policyName]);
+      const paramKeysOverridden = hasCustomParams ? Object.keys(config.policyParams[result.policyName]) : [];
+      const distinctId = getInstanceId();
+      await trackHookEvent(distinctId, "hook_policy_triggered", {
+        event_type: eventType,
+        tool_name: parsed.tool_name ?? null,
+        policy_name: result.policyName,
+        decision: result.decision,
+        is_custom_hook: isCustomHook,
+        has_custom_params: hasCustomParams,
+        param_keys_overridden: paramKeysOverridden
+      });
+    } catch {}
+  }
+  return result.exitCode;
+}
+var init_handler = __esm(() => {
+  init_hooks_config();
+  init_builtin_policies();
+  init_policy_evaluator();
+  init_custom_hooks_loader();
+  init_hook_activity_store();
+  init_hook_telemetry();
+  init_telemetry_id();
+  init_hook_logger();
+});
+
+// src/hooks/types.ts
+var HOOK_SCOPES, HOOK_EVENT_TYPES, FAILPROOFAI_HOOK_MARKER = "__failproofai_hook__";
+var init_types = __esm(() => {
+  HOOK_SCOPES = ["user", "project", "local"];
+  HOOK_EVENT_TYPES = [
+    "SessionStart",
+    "SessionEnd",
+    "UserPromptSubmit",
+    "PreToolUse",
+    "PermissionRequest",
+    "PermissionDenied",
+    "PostToolUse",
+    "PostToolUseFailure",
+    "Notification",
+    "SubagentStart",
+    "SubagentStop",
+    "TaskCreated",
+    "TaskCompleted",
+    "Stop",
+    "StopFailure",
+    "TeammateIdle",
+    "InstructionsLoaded",
+    "ConfigChange",
+    "CwdChanged",
+    "FileChanged",
+    "WorktreeCreate",
+    "WorktreeRemove",
+    "PreCompact",
+    "PostCompact",
+    "Elicitation",
+    "ElicitationResult"
+  ];
+});
+
+// src/hooks/install-prompt.ts
+import * as readline from "node:readline";
+async function promptPolicySelection(preSelected, options = {}) {
+  const { includeBeta = false } = options;
+  if (!process.stdin.isTTY) {
+    const available = BUILTIN_POLICIES.filter((p) => includeBeta || !p.beta);
+    if (preSelected)
+      return preSelected.filter((name) => available.some((p) => p.name === name));
+    return available.filter((p) => p.defaultEnabled).map((p) => p.name);
+  }
+  const preSelectedSet = preSelected ? new Set(preSelected) : null;
+  const items = BUILTIN_POLICIES.filter((p) => includeBeta || !p.beta).map((p) => ({
+    name: p.name,
+    description: p.description,
+    category: p.category,
+    selected: preSelectedSet ? preSelectedSet.has(p.name) : p.defaultEnabled,
+    beta: !!p.beta
+  }));
+  const total = items.length;
+  const WINDOW_SIZE = 8;
+  let cursor = 0;
+  let search = "";
+  let lastLineCount = 0;
+  let cursorHidden = false;
+  function hideCursor() {
+    if (!cursorHidden) {
+      process.stdout.write("\x1B[?25l");
+      cursorHidden = true;
+    }
+  }
+  function showCursor() {
+    if (cursorHidden) {
+      process.stdout.write("\x1B[?25h");
+      cursorHidden = false;
+    }
+  }
+  function truncateLine(line, width) {
+    let visual = 0;
+    let result = "";
+    let i = 0;
+    while (i < line.length) {
+      if (line[i] === "\x1B" && line[i + 1] === "[") {
+        let j = i + 2;
+        while (j < line.length && !/[A-Za-z]/.test(line[j]))
+          j++;
+        j++;
+        result += line.slice(i, j);
+        i = j;
+      } else {
+        if (visual >= width)
+          break;
+        result += line[i];
+        visual++;
+        i++;
+      }
+    }
+    return result;
+  }
+  function getFiltered() {
+    if (!search)
+      return items;
+    const q = search.toLowerCase();
+    return items.filter((i) => i.name.toLowerCase().includes(q) || i.description.toLowerCase().includes(q));
+  }
+  function buildDisplayRows(filtered) {
+    const categoryOrder = [];
+    const categoryEnabledCount = new Map;
+    const categoryTotalCount = new Map;
+    for (const p of items) {
+      if (!categoryEnabledCount.has(p.category)) {
+        categoryOrder.push(p.category);
+        categoryEnabledCount.set(p.category, 0);
+        categoryTotalCount.set(p.category, 0);
+      }
+      categoryTotalCount.set(p.category, categoryTotalCount.get(p.category) + 1);
+      if (p.selected)
+        categoryEnabledCount.set(p.category, categoryEnabledCount.get(p.category) + 1);
+    }
+    const filteredByCategory = new Map;
+    for (const item of filtered) {
+      const bucket = filteredByCategory.get(item.category) ?? [];
+      bucket.push(item);
+      filteredByCategory.set(item.category, bucket);
+    }
+    const rows = [];
+    let idx = 0;
+    for (const cat of categoryOrder) {
+      const catFiltered = filteredByCategory.get(cat);
+      if (!catFiltered || catFiltered.length === 0)
+        continue;
+      rows.push({ kind: "header", category: cat, enabledCount: categoryEnabledCount.get(cat), totalCount: categoryTotalCount.get(cat) });
+      for (const item of catFiltered) {
+        rows.push({ kind: "item", item, filteredIndex: idx++ });
+      }
+    }
+    return rows;
+  }
+  function render() {
+    const cols = process.stdout.columns || 120;
+    hideCursor();
+    const filtered = getFiltered();
+    const shown = filtered.length;
+    if (shown > 0 && cursor >= shown)
+      cursor = shown - 1;
+    const lines = [];
+    lines.push("  Failproof AI — Policy Manager");
+    lines.push("");
+    const innerWidth = Math.max(20, cols - 6);
+    const topBorder = "  ┌" + "─".repeat(innerWidth + 2) + "┐";
+    const botBorder = "  └" + "─".repeat(innerWidth + 2) + "┘";
+    const cursorChar = "\x1B[7m \x1B[0m";
+    const countPart = search ? ` \x1B[2m(${shown}/${total})\x1B[0m` : ` \x1B[2m(${total} policies)\x1B[0m`;
+    const searchContent = `\x1B[1mSearch:\x1B[0m ${search}${cursorChar}${countPart}`;
+    lines.push(topBorder);
+    lines.push(`  │ ${searchContent}`);
+    lines.push(botBorder);
+    lines.push("");
+    if (shown === 0) {
+      lines.push("  \x1B[2mNo policies match “" + search + "”\x1B[0m");
+      for (let i = 0;i < WINDOW_SIZE + 1; i++)
+        lines.push("");
+    } else {
+      const displayRows = buildDisplayRows(filtered);
+      let cursorDisplayRow = 0;
+      for (let i = 0;i < displayRows.length; i++) {
+        const row = displayRows[i];
+        if (row.kind === "item" && row.filteredIndex === cursor) {
+          cursorDisplayRow = i;
+          break;
+        }
+      }
+      let windowStart = cursorDisplayRow - Math.floor(WINDOW_SIZE / 2);
+      windowStart = Math.max(0, windowStart);
+      windowStart = Math.min(windowStart, Math.max(0, displayRows.length - WINDOW_SIZE));
+      const windowEnd = Math.min(displayRows.length, windowStart + WINDOW_SIZE);
+      const aboveItems = displayRows.slice(0, windowStart).filter((r) => r.kind === "item").length;
+      if (aboveItems > 0) {
+        lines.push(`  \x1B[2m  ↑ ${aboveItems} more above\x1B[0m`);
+      } else {
+        lines.push("");
+      }
+      for (let i = windowStart;i < windowEnd; i++) {
+        const row = displayRows[i];
+        if (row.kind === "header") {
+          const label = ` ${row.category.toUpperCase()} (${row.enabledCount}/${row.totalCount}) `;
+          const prefix = "── ";
+          const prefixLen = 3 + label.length;
+          const dashLen = Math.max(2, cols - 2 - prefixLen);
+          lines.push(`  \x1B[2m${prefix}${label}${"─".repeat(dashLen)}\x1B[0m`);
+        } else {
+          const item = row.item;
+          const isActive = row.filteredIndex === cursor;
+          const pointer = isActive ? "\x1B[36m❯\x1B[0m" : " ";
+          const check = item.selected ? "\x1B[32m[✓]\x1B[0m" : "[ ]";
+          const namePart = isActive ? `\x1B[1;36m${item.name}\x1B[0m` : item.name;
+          const betaPart = item.beta ? " \x1B[35m[beta]\x1B[0m" : "";
+          const pad = " ".repeat(Math.max(1, 28 - item.name.length));
+          const desc = `\x1B[2m${item.description}\x1B[0m`;
+          lines.push(`  ${pointer} ${check} ${namePart}${betaPart}${pad}${desc}`);
+        }
+      }
+      for (let i = windowEnd - windowStart;i < WINDOW_SIZE; i++) {
+        lines.push("");
+      }
+      const belowItems = displayRows.slice(windowEnd).filter((r) => r.kind === "item").length;
+      if (belowItems > 0) {
+        lines.push(`  \x1B[2m  ↓ ${belowItems} more below\x1B[0m`);
+      } else {
+        lines.push("");
+      }
+    }
+    lines.push("");
+    lines.push("  \x1B[2m" + "─".repeat(cols - 2) + "\x1B[0m");
+    lines.push("  [↑↓] Move  [Space] Toggle  [Ctrl+A] All  [Ctrl+S] Save  [Esc] Clear  [^C] Quit");
+    lines.push("");
+    lines.push("  \x1B[2mTip: `policies` for a flat list · `policies --install <name…>` to skip prompt\x1B[0m");
+    if (!includeBeta) {
+      lines.push("  \x1B[2mTip: `policies --install --beta` to include beta policies\x1B[0m");
+    }
+    if (lastLineCount > 0) {
+      process.stdout.write(`\x1B[${lastLineCount}A\x1B[J`);
+    }
+    const output = lines.map((l) => l === "" ? l : truncateLine(l, cols)).join(`
+`) + `
+`;
+    process.stdout.write(output);
+    lastLineCount = lines.length;
+  }
+  return new Promise((resolve5) => {
+    render();
+    process.stdin.setRawMode(true);
+    process.stdin.resume();
+    readline.emitKeypressEvents(process.stdin);
+    function keypressHandler(_str, key) {
+      if (!key)
+        return;
+      if (key.ctrl && key.name === "c") {
+        cleanup();
+        process.exit(0);
+      }
+      const filtered = getFiltered();
+      if (key.name === "up") {
+        if (filtered.length > 0) {
+          cursor = cursor > 0 ? cursor - 1 : filtered.length - 1;
+        }
+        render();
+      } else if (key.name === "down") {
+        if (filtered.length > 0) {
+          cursor = cursor < filtered.length - 1 ? cursor + 1 : 0;
+        }
+        render();
+      } else if (key.name === "return" || key.name === "space") {
+        const item = filtered[cursor];
+        if (item)
+          item.selected = !item.selected;
+        render();
+      } else if (key.name === "escape") {
+        search = "";
+        cursor = 0;
+        render();
+      } else if (key.ctrl && key.name === "a") {
+        const allSelected = filtered.length > 0 && filtered.every((i) => i.selected);
+        for (const item of filtered)
+          item.selected = !allSelected;
+        render();
+      } else if (key.ctrl && key.name === "s") {
+        cleanup();
+        const selected = items.filter((i) => i.selected).map((i) => i.name);
+        process.stdout.write(`
+`);
+        resolve5(selected);
+      } else if (key.name === "backspace" || key.name === "delete") {
+        if (search.length > 0) {
+          search = search.slice(0, -1);
+          cursor = 0;
+          render();
+        }
+      } else if (_str && _str.length === 1 && !key.ctrl && !key.meta) {
+        search += _str;
+        cursor = 0;
+        render();
+      }
+    }
+    function cleanup() {
+      showCursor();
+      process.stdin.removeListener("keypress", keypressHandler);
+      process.stdin.setRawMode(false);
+      process.stdin.pause();
+    }
+    process.stdin.on("keypress", keypressHandler);
+  });
+}
+var init_install_prompt = __esm(() => {
+  init_builtin_policies();
+});
+
+// src/hooks/manager.ts
+var exports_manager = {};
+__export(exports_manager, {
+  removeHooks: () => removeHooks,
+  listHooks: () => listHooks,
+  installHooks: () => installHooks,
+  hooksInstalledInSettings: () => hooksInstalledInSettings,
+  getSettingsPath: () => getSettingsPath
+});
+import { execSync as execSync3 } from "node:child_process";
+import { readFileSync as readFileSync3, writeFileSync as writeFileSync3, existsSync as existsSync5, mkdirSync as mkdirSync4 } from "node:fs";
+import { resolve as resolve5, dirname as dirname3 } from "node:path";
+import { homedir as homedir5, platform, arch, release, hostname } from "node:os";
+function getSettingsPath(scope, cwd) {
+  const base = cwd ? resolve5(cwd) : process.cwd();
+  switch (scope) {
+    case "user":
+      return resolve5(homedir5(), ".claude", "settings.json");
+    case "project":
+      return resolve5(base, ".claude", "settings.json");
+    case "local":
+      return resolve5(base, ".claude", "settings.local.json");
+  }
+}
+function scopeLabel(scope) {
+  switch (scope) {
+    case "user":
+      return `~/.claude/settings.json`;
+    case "project":
+      return `{cwd}/.claude/settings.json`;
+    case "local":
+      return `{cwd}/.claude/settings.local.json`;
+  }
+}
+function readSettings(settingsPath) {
+  if (!existsSync5(settingsPath)) {
+    return {};
+  }
+  const raw = readFileSync3(settingsPath, "utf8");
+  return JSON.parse(raw);
+}
+function writeSettings(settingsPath, settings) {
+  mkdirSync4(dirname3(settingsPath), { recursive: true });
+  writeFileSync3(settingsPath, JSON.stringify(settings, null, 2) + `
+`, "utf8");
+}
+function resolveFailproofaiBinary() {
+  try {
+    const cmd = process.platform === "win32" ? "where failproofai" : "which failproofai";
+    const result = execSync3(cmd, { encoding: "utf8" }).trim();
+    return result.split(`
+`)[0].trim();
+  } catch {
+    throw new Error(`failproofai binary not found in PATH.
+` + "Install it globally first: npm install -g failproofai");
+  }
+}
+function isFailproofaiHook(hook) {
+  if (hook[FAILPROOFAI_HOOK_MARKER] === true)
+    return true;
+  const cmd = typeof hook.command === "string" ? hook.command : "";
+  return cmd.includes("failproofai") && cmd.includes("--hook");
+}
+function validatePolicyNames(names) {
+  const invalid = names.filter((n) => !VALID_POLICY_NAMES.has(n));
+  if (invalid.length > 0) {
+    const validList = [...VALID_POLICY_NAMES].join(", ");
+    throw new Error(`Unknown policy name(s): ${invalid.join(", ")}
+` + `Valid policies: ${validList}`);
+  }
+}
+function deduplicateScopes(scopes, cwd) {
+  const seen = new Set;
+  return scopes.filter((s) => {
+    const p = getSettingsPath(s, cwd);
+    if (seen.has(p))
+      return false;
+    seen.add(p);
+    return true;
+  });
+}
+function hooksInstalledInSettings(scope, cwd) {
+  const settingsPath = getSettingsPath(scope, cwd);
+  if (!existsSync5(settingsPath))
+    return false;
+  try {
+    const settings = readSettings(settingsPath);
+    if (!settings.hooks)
+      return false;
+    for (const matchers of Object.values(settings.hooks)) {
+      if (!Array.isArray(matchers))
+        continue;
+      for (const matcher of matchers) {
+        if (!matcher.hooks)
+          continue;
+        if (matcher.hooks.some((h) => isFailproofaiHook(h))) {
+          return true;
+        }
+      }
+    }
+  } catch {}
+  return false;
+}
+function removeHooksFromSettingsFile(settingsPath) {
+  const settings = readSettings(settingsPath);
+  if (!settings.hooks)
+    return 0;
+  let removed = 0;
+  for (const eventType of Object.keys(settings.hooks)) {
+    const matchers = settings.hooks[eventType];
+    if (!Array.isArray(matchers))
+      continue;
+    for (let i = matchers.length - 1;i >= 0; i--) {
+      const matcher = matchers[i];
+      if (!matcher.hooks)
+        continue;
+      const before = matcher.hooks.length;
+      matcher.hooks = matcher.hooks.filter((h) => !isFailproofaiHook(h));
+      removed += before - matcher.hooks.length;
+      if (matcher.hooks.length === 0) {
+        matchers.splice(i, 1);
+      }
+    }
+    if (matchers.length === 0) {
+      delete settings.hooks[eventType];
+    }
+  }
+  if (Object.keys(settings.hooks).length === 0) {
+    delete settings.hooks;
+  }
+  writeSettings(settingsPath, settings);
+  return removed;
+}
+async function installHooks(policyNames, scope = "user", cwd, includeBeta = false, source, customPoliciesPath, removeCustomHooks = false) {
+  const binaryPath = resolveFailproofaiBinary();
+  const previousConfig = readHooksConfig();
+  const previousEnabled = new Set(previousConfig.enabledPolicies);
+  let selectedPolicies;
+  if (policyNames !== undefined) {
+    let incoming;
+    if (policyNames.length === 1 && policyNames[0] === "all") {
+      incoming = BUILTIN_POLICIES.filter((p) => includeBeta || !p.beta).map((p) => p.name);
+    } else {
+      if (policyNames.length > 0)
+        validatePolicyNames(policyNames);
+      incoming = policyNames;
+    }
+    selectedPolicies = [...new Set([...previousConfig.enabledPolicies, ...incoming])];
+  } else {
+    const preSelected = previousConfig.enabledPolicies.length > 0 ? previousConfig.enabledPolicies : undefined;
+    selectedPolicies = await promptPolicySelection(preSelected, { includeBeta });
+  }
+  const configToWrite = { ...previousConfig, enabledPolicies: selectedPolicies };
+  if (removeCustomHooks) {
+    delete configToWrite.customPoliciesPath;
+  } else if (customPoliciesPath) {
+    configToWrite.customPoliciesPath = resolve5(customPoliciesPath);
+    let validatedHooks = [];
+    try {
+      validatedHooks = await loadCustomHooks(configToWrite.customPoliciesPath, { strict: true });
+    } catch (err) {
+      console.error(`Error: ${err instanceof Error ? err.message : String(err)}`);
+      process.exit(1);
+    }
+    if (validatedHooks.length === 0) {
+      console.error(`Error: no hooks registered in ${customPoliciesPath}. ` + `Make sure your file calls customPolicies.add(...) at least once.`);
+      process.exit(1);
+    }
+    console.log(`
+Validated ${validatedHooks.length} custom hook(s): ${validatedHooks.map((h) => h.name).join(", ")}`);
+  }
+  writeHooksConfig(configToWrite);
+  console.log(`
+Enabled ${selectedPolicies.length} policy(ies): ${selectedPolicies.join(", ")}`);
+  if (removeCustomHooks) {
+    console.log("Custom hooks path cleared.");
+  } else if (configToWrite.customPoliciesPath) {
+    console.log(`Custom hooks path: ${configToWrite.customPoliciesPath}`);
+  }
+  const settingsPath = getSettingsPath(scope, cwd);
+  const settings = readSettings(settingsPath);
+  if (!settings.hooks) {
+    settings.hooks = {};
+  }
+  for (const eventType of HOOK_EVENT_TYPES) {
+    const command = `"${binaryPath}" --hook ${eventType}`;
+    const hookEntry = {
+      type: "command",
+      command,
+      timeout: 60000,
+      [FAILPROOFAI_HOOK_MARKER]: true
+    };
+    if (!settings.hooks[eventType]) {
+      settings.hooks[eventType] = [];
+    }
+    const matchers = settings.hooks[eventType];
+    let found = false;
+    for (const matcher of matchers) {
+      if (!matcher.hooks)
+        continue;
+      const failproofaiIdx = matcher.hooks.findIndex((h) => isFailproofaiHook(h));
+      if (failproofaiIdx >= 0) {
+        matcher.hooks[failproofaiIdx] = hookEntry;
+        found = true;
+        break;
+      }
+    }
+    if (!found) {
+      matchers.push({ hooks: [hookEntry] });
+    }
+  }
+  writeSettings(settingsPath, settings);
+  try {
+    const newSet = new Set(selectedPolicies);
+    const policiesAdded = selectedPolicies.filter((p) => !previousEnabled.has(p));
+    const policiesRemoved = [...previousEnabled].filter((p) => !newSet.has(p));
+    const distinctId = getInstanceId();
+    await trackHookEvent(distinctId, "hooks_installed", {
+      scope,
+      policies: selectedPolicies,
+      policy_count: selectedPolicies.length,
+      policies_added: policiesAdded,
+      policies_removed: policiesRemoved,
+      ...source ? { source } : {},
+      platform: platform(),
+      arch: arch(),
+      os_release: release(),
+      hostname_hash: hashToId(hostname()),
+      has_custom_hooks_path: !!configToWrite.customPoliciesPath,
+      has_policy_params: !!(configToWrite.policyParams && Object.keys(configToWrite.policyParams).length > 0),
+      param_policy_names: configToWrite.policyParams ? Object.keys(configToWrite.policyParams) : []
+    });
+  } catch {}
+  console.log(`Failproof AI hooks installed for all ${HOOK_EVENT_TYPES.length} event types (scope: ${scope}).`);
+  console.log(`Settings: ${settingsPath}`);
+  console.log(`Binary:   ${binaryPath}`);
+  const otherScopes = deduplicateScopes(HOOK_SCOPES, cwd).filter((s) => s !== scope);
+  const duplicates = otherScopes.filter((s) => hooksInstalledInSettings(s, cwd));
+  if (duplicates.length > 0) {
+    const scopeList = duplicates.map((s) => `${s} (${scopeLabel(s)})`).join(", ");
+    console.log();
+    console.log(`\x1B[33mWarning: Failproof AI hooks are also installed at ${scopeList}.\x1B[0m`);
+    console.log(`Having hooks in multiple scopes may cause duplicate policy evaluation.`);
+    console.log(`Use \`failproofai policies --uninstall --scope ${duplicates[0]}\` to remove the other installation,`);
+    console.log(`or \`failproofai policies\` to see all scopes.`);
+  }
+}
+async function removeHooks(policyNames, scope = "user", cwd, opts) {
+  if (opts?.removeCustomHooks) {
+    const config = readHooksConfig();
+    delete config.customPoliciesPath;
+    writeHooksConfig(config);
+    console.log("Custom hooks path cleared.");
+  }
+  if (policyNames && policyNames.length > 0 && !(policyNames.length === 1 && policyNames[0] === "all")) {
+    validatePolicyNames(policyNames);
+    const config = readHooksConfig();
+    const removeSet = new Set(policyNames);
+    const remaining = config.enabledPolicies.filter((p) => !removeSet.has(p));
+    const notEnabled = policyNames.filter((p) => !config.enabledPolicies.includes(p));
+    if (notEnabled.length > 0) {
+      console.log(`Warning: policy(ies) not currently enabled: ${notEnabled.join(", ")}`);
+    }
+    const { policyParams: existingParams, ...baseConfig } = config;
+    const filteredParams = existingParams ? Object.fromEntries(Object.entries(existingParams).filter(([k]) => !removeSet.has(k))) : null;
+    const updatedConfig = {
+      ...baseConfig,
+      enabledPolicies: remaining,
+      ...filteredParams && Object.keys(filteredParams).length > 0 ? { policyParams: filteredParams } : {}
+    };
+    writeHooksConfig(updatedConfig);
+    try {
+      const distinctId = getInstanceId();
+      const actuallyRemoved = policyNames.filter((p) => config.enabledPolicies.includes(p));
+      await trackHookEvent(distinctId, "hooks_removed", {
+        scope,
+        removal_mode: opts?.betaOnly ? "beta_policies" : "policies",
+        beta_only: opts?.betaOnly ?? false,
+        policies_removed: actuallyRemoved,
+        removed_count: actuallyRemoved.length,
+        ...opts?.source ? { source: opts.source } : {},
+        platform: platform(),
+        arch: arch(),
+        os_release: release(),
+        hostname_hash: hashToId(hostname())
+      });
+    } catch {}
+    console.log(`Disabled ${policyNames.length - notEnabled.length} policy(ies).`);
+    console.log(`Remaining: ${remaining.length > 0 ? remaining.join(", ") : "(none)"}`);
+    return;
+  }
+  const configBeforeRemoval = readHooksConfig();
+  const scopesToRemove = scope === "all" ? [...HOOK_SCOPES] : [scope];
+  let totalRemoved = 0;
+  for (const s of scopesToRemove) {
+    const settingsPath = getSettingsPath(s, cwd);
+    if (!existsSync5(settingsPath)) {
+      if (scope !== "all") {
+        console.log("No settings file found. Nothing to remove.");
+        return;
+      }
+      continue;
+    }
+    const settings = readSettings(settingsPath);
+    if (!settings.hooks) {
+      if (scope !== "all") {
+        console.log("No hooks found in settings. Nothing to remove.");
+        return;
+      }
+      continue;
+    }
+    const removed = removeHooksFromSettingsFile(settingsPath);
+    totalRemoved += removed;
+    if (scope !== "all") {
+      console.log(`Removed ${removed} failproofai hook(s) from settings.`);
+      console.log(`Settings: ${settingsPath}`);
+    }
+  }
+  if (scope === "all") {
+    console.log(`Removed ${totalRemoved} failproofai hook(s) from all scopes.`);
+    for (const s of scopesToRemove) {
+      console.log(`  ${s}: ${getSettingsPath(s, cwd)}`);
+    }
+  }
+  try {
+    const distinctId = getInstanceId();
+    await trackHookEvent(distinctId, "hooks_removed", {
+      scope,
+      removal_mode: "hooks",
+      policies_removed: configBeforeRemoval.enabledPolicies,
+      removed_count: totalRemoved,
+      ...opts?.source ? { source: opts.source } : {},
+      platform: platform(),
+      arch: arch(),
+      os_release: release(),
+      hostname_hash: hashToId(hostname())
+    });
+  } catch {}
+  if (scope === "all" || !HOOK_SCOPES.some((s) => hooksInstalledInSettings(s, cwd))) {
+    const existingForClear = readHooksConfig();
+    const { customPoliciesPath: _drop, policyParams: _dropParams, ...restClear } = existingForClear;
+    writeHooksConfig({ ...restClear, enabledPolicies: [] });
+  }
+}
+async function listHooks(cwd) {
+  const config = readMergedHooksConfig(cwd);
+  const enabledSet = new Set(config.enabledPolicies);
+  const uniqueScopes = deduplicateScopes(HOOK_SCOPES, cwd);
+  const installedScopes = uniqueScopes.filter((s) => hooksInstalledInSettings(s, cwd));
+  const regularPolicies = BUILTIN_POLICIES.filter((p) => !p.beta);
+  const betaPolicies = BUILTIN_POLICIES.filter((p) => p.beta);
+  const nameColWidth = Math.max(...BUILTIN_POLICIES.map((p) => p.name.length)) + 2;
+  const builtinPolicyNames = new Set(BUILTIN_POLICIES.map((p) => p.name));
+  const printParamsSummary = (policyName, indent) => {
+    const params = config.policyParams?.[policyName];
+    if (!params)
+      return;
+    for (const [key, val] of Object.entries(params)) {
+      console.log(`${indent}  ${key}: ${JSON.stringify(val)}`);
+    }
+  };
+  const statusCol = 8;
+  const printSimpleRow = (policy) => {
+    const mark = enabledSet.has(policy.name) ? `\x1B[32m✓\x1B[0m` : " ";
+    console.log(`  ${mark}${" ".repeat(statusCol - 1)}${policy.name.padEnd(nameColWidth)}${policy.description}`);
+    printParamsSummary(policy.name, `  ${" ".repeat(statusCol)}`);
+  };
+  const printBetaSection = (printRow) => {
+    if (betaPolicies.length > 0) {
+      console.log(`
+  \x1B[2m── Beta ──\x1B[0m`);
+      for (const policy of betaPolicies)
+        printRow(policy);
+    }
+  };
+  if (installedScopes.length === 0) {
+    console.log(`
+Failproof AI Policies — not installed
+`);
+    console.log(`  ${"Status".padEnd(statusCol)}${"Name".padEnd(nameColWidth)}Description`);
+    console.log(`  ${"─".repeat(6)}  ${"─".repeat(nameColWidth - 2)}  ${"─".repeat(38)}`);
+    for (const policy of regularPolicies)
+      printSimpleRow(policy);
+    printBetaSection(printSimpleRow);
+    if (config.enabledPolicies.length > 0) {
+      console.log("\n  Policies not installed. Run `failproofai policies --install` to activate.");
+    } else {
+      console.log("\n  Run `failproofai policies --install` to get started.");
+    }
+    console.log(`  Config: ~/.failproofai/policies-config.json
+`);
+  } else if (installedScopes.length === 1) {
+    const scope = installedScopes[0];
+    console.log(`
+Failproof AI Hook Policies (${scope})
+`);
+    console.log(`  ${"Status".padEnd(statusCol)}${"Name".padEnd(nameColWidth)}Description`);
+    console.log(`  ${"─".repeat(6)}  ${"─".repeat(nameColWidth - 2)}  ${"─".repeat(38)}`);
+    for (const policy of regularPolicies)
+      printSimpleRow(policy);
+    printBetaSection(printSimpleRow);
+    console.log(`
+  Config: ~/.failproofai/policies-config.json
+`);
+  } else {
+    const COL = 9;
+    const scopeLabelMap = {
+      user: "User",
+      project: "Project",
+      local: "Local"
+    };
+    console.log(`
+Failproof AI Hook Policies
+`);
+    const buildScopePrefix = () => {
+      let s = "  ";
+      for (const sc of installedScopes)
+        s += scopeLabelMap[sc].padEnd(COL);
+      return s;
+    };
+    const scopeHeaderWidth = installedScopes.length * COL;
+    console.log(`${buildScopePrefix()}${"Name".padEnd(nameColWidth)}Description`);
+    console.log(`  ${"─".repeat(scopeHeaderWidth)}${"─".repeat(nameColWidth)}${"─".repeat(38)}`);
+    const printMultiScopeRow = (policy) => {
+      const enabled = enabledSet.has(policy.name);
+      let row = "  ";
+      for (const _scope of installedScopes) {
+        if (enabled) {
+          row += `\x1B[32m✓ ON\x1B[0m` + " ".repeat(COL - 4);
+        } else {
+          row += "  OFF" + " ".repeat(COL - 5);
+        }
+      }
+      row += policy.name.padEnd(nameColWidth) + policy.description;
+      console.log(row);
+      printParamsSummary(policy.name, `  ${" ".repeat(scopeHeaderWidth)}`);
+    };
+    for (const policy of regularPolicies)
+      printMultiScopeRow(policy);
+    if (betaPolicies.length > 0) {
+      console.log(`
+  \x1B[2m── Beta ──\x1B[0m`);
+      for (const policy of betaPolicies)
+        printMultiScopeRow(policy);
+    }
+    console.log(`
+  Config: ~/.failproofai/policies-config.json`);
+    const scopeNames = installedScopes.join(", ");
+    console.log();
+    console.log(`\x1B[33m⚠ Hooks in multiple scopes (${scopeNames}).\x1B[0m`);
+    console.log(`  Consider keeping one. Remove with: failproofai policies --uninstall --scope <scope>
+`);
+  }
+  if (config.policyParams) {
+    for (const key of Object.keys(config.policyParams)) {
+      if (!builtinPolicyNames.has(key)) {
+        console.log(`  \x1B[33mWarning: unknown policyParams key "${key}" — possible typo\x1B[0m`);
+      }
+    }
+  }
+  if (config.customPoliciesPath) {
+    console.log(`
+  ── Custom Policies (${config.customPoliciesPath}) ───────────────────────`);
+    if (!existsSync5(config.customPoliciesPath)) {
+      console.log(`  \x1B[31m✗ File not found: ${config.customPoliciesPath}\x1B[0m`);
+    } else {
+      const hooks = await loadCustomHooks(config.customPoliciesPath);
+      if (hooks.length === 0) {
+        console.log(`  \x1B[31m✗ ERR  failed to load (check ~/.failproofai/logs/hooks.log)\x1B[0m`);
+      } else {
+        const descColWidth = nameColWidth;
+        for (const hook of hooks) {
+          console.log(`  \x1B[32m✓\x1B[0m       ${hook.name.padEnd(descColWidth)}${hook.description ?? ""}`);
+        }
+      }
+    }
+    console.log();
+  }
+}
+var VALID_POLICY_NAMES;
+var init_manager = __esm(() => {
+  init_types();
+  init_install_prompt();
+  init_hooks_config();
+  init_builtin_policies();
+  init_custom_hooks_loader();
+  init_hook_telemetry();
+  init_telemetry_id();
+  VALID_POLICY_NAMES = new Set(BUILTIN_POLICIES.map((p) => p.name));
+});
+
+// lib/paths.ts
+import { homedir as homedir6 } from "os";
+import { join as join4 } from "path";
+function getDefaultClaudeProjectsPath() {
+  return join4(homedir6(), ".claude", "projects");
+}
+var init_paths = () => {};
+
+// scripts/parse-script-args.ts
+import { resolve as resolve6 } from "path";
+function parseStringFlag(flagName, errorLabel, inlineValue, args, index, options) {
+  const raw = inlineValue ?? args[index + 1];
+  if (raw === undefined || inlineValue === null && raw.startsWith("-")) {
+    console.error(`Error: ${flagName} requires ${errorLabel}`);
+    process.exit(1);
+  }
+  const value = options?.resolve ? resolve6(raw) : raw;
+  return { value, spliceCount: inlineValue !== null ? 1 : 2 };
+}
+function parseScriptArgs(argv) {
+  const args = [...argv];
+  let claudeProjectsPath;
+  let loggingLevel;
+  let disableTelemetry = false;
+  let allowedDevOrigins;
+  for (let i = 0;i < args.length; i++) {
+    const arg = args[i];
+    const eqIdx = arg.indexOf("=");
+    const flag = eqIdx >= 0 ? arg.slice(0, eqIdx) : arg;
+    const inlineValue = eqIdx >= 0 ? arg.slice(eqIdx + 1) : null;
+    if (flag === "--projects-path" || flag === "-p") {
+      const { value, spliceCount } = parseStringFlag(flag, "a path argument", inlineValue, args, i);
+      claudeProjectsPath = value;
+      args.splice(i, spliceCount);
+      i--;
+      continue;
+    }
+    if (flag === "--logging") {
+      const raw = inlineValue ?? args[i + 1];
+      if (raw === undefined || inlineValue === null && raw.startsWith("-")) {
+        console.error("Error: --logging requires a level (info, warn, error)");
+        process.exit(1);
+      }
+      const val = raw.toLowerCase();
+      if (val !== "info" && val !== "warn" && val !== "error") {
+        console.error("Error: --logging must be one of: info, warn, error");
+        process.exit(1);
+      }
+      loggingLevel = val;
+      args.splice(i, inlineValue !== null ? 1 : 2);
+      i--;
+      continue;
+    }
+    if (flag === "--disable-telemetry") {
+      disableTelemetry = true;
+      args.splice(i, 1);
+      i--;
+      continue;
+    }
+    if (flag === "--allowed-origins") {
+      const { value, spliceCount } = parseStringFlag(flag, "a comma-separated list of origins", inlineValue, args, i);
+      allowedDevOrigins = value.split(",").map((s) => s.trim()).filter(Boolean);
+      args.splice(i, spliceCount);
+      i--;
+      continue;
+    }
+  }
+  return { claudeProjectsPath, loggingLevel, disableTelemetry, allowedDevOrigins, remainingArgs: args };
+}
+var init_parse_script_args = () => {};
+
+// scripts/launch.ts
+var exports_launch = {};
+__export(exports_launch, {
+  launch: () => launch
+});
+import { spawn } from "child_process";
+import { realpathSync, existsSync as existsSync6 } from "node:fs";
+import { resolve as resolve7, dirname as dirname4 } from "node:path";
+import { fileURLToPath } from "node:url";
+function launch(mode) {
+  const { claudeProjectsPath: parsedPath, loggingLevel, disableTelemetry, allowedDevOrigins, remainingArgs } = parseScriptArgs(process.argv.slice(2));
+  console.log(`
+    ______      _ __                       ____   ___    ____
+   / ____/___ _(_) /___  _________  ____  / __/  /   |  /  _/
+  / /_  / __ \`/ / / __ \\/ ___/ __ \\/ __ \\/ /_   / /| |  / /
+ / __/ / /_/ / / / /_/ / /  / /_/ / /_/ / __/  / ___ |_/ /
+/_/    \\__,_/_/_/ .___/_/   \\____/\\____/_/    /_/  |_/___/
+               /_/   v${version2}
+`);
+  console.log(`  ⭐ Star us:      https://github.com/exospherehost/failproofai`);
+  console.log(`  \uD83D\uDCD6 Docs:         https://befailproof.ai
+`);
+  let claudeProjectsPath = parsedPath;
+  if (!claudeProjectsPath) {
+    claudeProjectsPath = getDefaultClaudeProjectsPath();
+    console.log(`Using default .claude projects path: ${claudeProjectsPath}`);
+  } else {
+    console.log(`Using custom .claude projects path: ${claudeProjectsPath}`);
+  }
+  process.env.CLAUDE_PROJECTS_PATH = claudeProjectsPath;
+  let cmd;
+  let cmdArgs;
+  if (mode === "start") {
+    const portIdx = remainingArgs.indexOf("--port");
+    const port = portIdx >= 0 ? remainingArgs[portIdx + 1] : "8020";
+    process.env.PORT = port;
+    process.env.HOSTNAME = "0.0.0.0";
+    cmd = "node";
+    const packageRoot = process.env.FAILPROOFAI_PACKAGE_ROOT ?? resolve7(dirname4(realpathSync(fileURLToPath(import.meta.url))), "..");
+    const serverJsPath = resolve7(packageRoot, ".next/standalone/server.js");
+    if (!existsSync6(serverJsPath)) {
+      console.error(`
+Error: Cannot find server.js at:
+  ${serverJsPath}
+
+` + `The package may be missing its build output.
+` + `Try reinstalling:
+  npm install -g failproofai@latest
+`);
+      process.exit(1);
+    }
+    cmdArgs = [serverJsPath];
+  } else {
+    cmd = "bunx";
+    cmdArgs = ["--bun", "next", "dev", ...remainingArgs];
+  }
+  const nextProcess = spawn(cmd, cmdArgs, {
+    stdio: "inherit",
+    env: {
+      ...process.env,
+      CLAUDE_PROJECTS_PATH: claudeProjectsPath,
+      ...loggingLevel ? { FAILPROOFAI_LOG_LEVEL: loggingLevel } : {},
+      ...disableTelemetry ? { FAILPROOFAI_TELEMETRY_DISABLED: "1" } : {},
+      ...allowedDevOrigins ? { FAILPROOFAI_ALLOWED_DEV_ORIGINS: allowedDevOrigins.join(",") } : {}
+    }
+  });
+  nextProcess.on("error", (error) => {
+    console.error("Error starting Next.js:", error);
+    process.exit(1);
+  });
+  nextProcess.on("exit", (code) => {
+    process.exit(code || 0);
+  });
+}
+var init_launch = __esm(() => {
+  init_paths();
+  init_parse_script_args();
+  init_package();
+});
+
+// bin/failproofai.mjs
+import { realpathSync as realpathSync2 } from "fs";
+import { dirname as dirname5, resolve as resolve8 } from "path";
+import { fileURLToPath as fileURLToPath2 } from "url";
+// package.json
+var version = "0.0.2-beta.1";
+
+// bin/failproofai.mjs
+if (!process.env.FAILPROOFAI_PACKAGE_ROOT) {
+  process.env.FAILPROOFAI_PACKAGE_ROOT = resolve8(dirname5(realpathSync2(fileURLToPath2(import.meta.url))), "..");
+}
+if (!process.env.FAILPROOFAI_DIST_PATH) {
+  process.env.FAILPROOFAI_DIST_PATH = resolve8(dirname5(realpathSync2(fileURLToPath2(import.meta.url))), "..", "dist");
+}
+var args = process.argv.slice(2);
+if (args[0] === "p")
+  args[0] = "policies";
+var SUBCOMMANDS = ["policies"];
+if ((args.includes("--help") || args.includes("-h")) && !SUBCOMMANDS.includes(args[0])) {
+  console.log(`
+failproofai v${version}
+
+USAGE
+  failproofai [command] [options]
+
+COMMANDS
+  (no args)                      Launch the policy dashboard
+
+  policies, p                    List all available policies and their status
+  policies --install, -i         Enable policies in Claude Code settings
+    [names...]                     Specific policy names to enable
+    --scope user|project|local     Config scope to write to (default: user)
+    --beta                         Include beta policies
+    --custom, -c <path>            Path to a JS file of custom policies
+
+  policies --uninstall, -u       Disable policies or remove hooks
+    [names...]                     Specific policy names to disable
+    --scope user|project|local|all Config scope to remove from (default: user)
+    --beta                         Remove only beta policies
+    --custom, -c                   Clear the customPoliciesPath from config
+
+  policies --help, -h            Show this help for the policies command
+
+  --version, -v                  Print version and exit
+  --help, -h                     Show this help message
+
+EXAMPLES
+  failproofai policies
+  failproofai policies --install
+  failproofai policies --install block-sudo sanitize-api-keys --scope project
+  failproofai policies --install --custom ./my-policies.js
+  failproofai policies -i -c ./my-policies.js
+  failproofai policies --uninstall block-sudo
+  failproofai policies --uninstall --custom
+
+LINKS
+  \u2B50 Star us:      https://github.com/exospherehost/failproofai
+  \uD83D\uDCD6 Docs:         https://befailproof.ai
+`.trimStart());
+  process.exit(0);
+}
+if (args.includes("--version") || args.includes("-v")) {
+  console.log(version);
+  process.exit(0);
+}
+var hookIdx = args.indexOf("--hook");
+if (hookIdx >= 0 && args[hookIdx + 1]) {
+  const { handleHookEvent: handleHookEvent2 } = await Promise.resolve().then(() => (init_handler(), exports_handler));
+  const exitCode = await handleHookEvent2(args[hookIdx + 1]);
+  process.exit(exitCode);
+}
+if (args[0] === "policies") {
+  const subArgs = args.slice(1);
+  const isInstall = subArgs.includes("--install") || subArgs.includes("-i");
+  const isUninstall = subArgs.includes("--uninstall") || subArgs.includes("-u");
+  const isHelp = subArgs.includes("--help") || subArgs.includes("-h");
+  if (isHelp) {
+    console.log(`
+failproofai policies \u2014 manage Failproof AI policies
+
+USAGE
+  failproofai policies                       List all policies and their status
+  failproofai policies --install, -i         Enable policies
+  failproofai policies --uninstall, -u       Disable policies or remove hooks
+
+OPTIONS (install)
+  [names...]                     Specific policy names to enable (omit for interactive)
+  --scope user|project|local     Config scope to write to (default: user)
+  --beta                         Include beta policies
+  --custom, -c <path>            Path to a JS file of custom policies
+                                 (skips interactive prompt; validates file first)
+
+OPTIONS (uninstall)
+  [names...]                     Specific policy names to disable (omit to remove hooks)
+  --scope user|project|local|all Config scope to remove from (default: user)
+  --beta                         Remove only beta policies
+  --custom, -c                   Clear the customPoliciesPath from config
+
+EXAMPLES
+  failproofai policies
+  failproofai policies --install
+  failproofai policies --install block-sudo sanitize-api-keys
+  failproofai policies --install --custom ./my-policies.js
+  failproofai policies -i -c ./my-policies.js
+  failproofai policies --uninstall block-sudo
+  failproofai policies -u
+  failproofai policies --uninstall --custom
+`.trimStart());
+    process.exit(0);
+  }
+  if (isInstall) {
+    const { installHooks: installHooks2 } = await Promise.resolve().then(() => (init_manager(), exports_manager));
+    const scopeIdx = subArgs.indexOf("--scope");
+    const scope = scopeIdx >= 0 ? subArgs[scopeIdx + 1] : "user";
+    const customIdx = subArgs.includes("--custom") ? subArgs.indexOf("--custom") : subArgs.includes("-c") ? subArgs.indexOf("-c") : -1;
+    const customPoliciesPath = customIdx >= 0 ? subArgs[customIdx + 1] : undefined;
+    const includeBeta = subArgs.includes("--beta");
+    const consumed = new Set([scope, customPoliciesPath].filter(Boolean));
+    const flags = new Set(["--install", "-i", "--scope", "--beta", "--custom", "-c"]);
+    const explicitPolicyNames = subArgs.filter((a) => !a.startsWith("-") && !flags.has(a) && !consumed.has(a));
+    const policyNames = explicitPolicyNames.length > 0 ? explicitPolicyNames : customPoliciesPath !== undefined ? [] : undefined;
+    await installHooks2(policyNames, scope, undefined, includeBeta, undefined, customPoliciesPath);
+    process.exit(0);
+  }
+  if (isUninstall) {
+    const { removeHooks: removeHooks2 } = await Promise.resolve().then(() => (init_manager(), exports_manager));
+    const scopeIdx = subArgs.indexOf("--scope");
+    const scope = scopeIdx >= 0 ? subArgs[scopeIdx + 1] : "user";
+    const betaOnly = subArgs.includes("--beta");
+    const removeCustomHooks = subArgs.includes("--custom") || subArgs.includes("-c");
+    const consumed = new Set([scope].filter(Boolean));
+    const flags = new Set(["--uninstall", "-u", "--scope", "--beta", "--custom", "-c"]);
+    const policyNames = subArgs.filter((a) => !a.startsWith("-") && !flags.has(a) && !consumed.has(a));
+    await removeHooks2(policyNames.length > 0 ? policyNames : undefined, scope, undefined, { betaOnly, removeCustomHooks });
+    process.exit(0);
+  }
+  const { listHooks: listHooks2 } = await Promise.resolve().then(() => (init_manager(), exports_manager));
+  await listHooks2();
+  process.exit(0);
+}
+var knownFlags = ["--version", "-v", "--help", "-h", "--hook"];
+var unknownFlag = args.find((a) => a.startsWith("-") && !knownFlags.includes(a));
+if (unknownFlag) {
+  let levenshtein = function(a, b) {
+    const m = a.length, n = b.length;
+    const dp = Array.from({ length: m + 1 }, (_, i) => Array.from({ length: n + 1 }, (_2, j) => i === 0 ? j : j === 0 ? i : 0));
+    for (let i = 1;i <= m; i++)
+      for (let j = 1;j <= n; j++)
+        dp[i][j] = a[i - 1] === b[j - 1] ? dp[i - 1][j - 1] : 1 + Math.min(dp[i - 1][j], dp[i][j - 1], dp[i - 1][j - 1]);
+    return dp[m][n];
+  };
+  const primary = ["--version", "--help", "--hook", "policies"];
+  const closest = primary.reduce((best, flag) => {
+    const dist = levenshtein(unknownFlag, flag);
+    return dist < best.dist ? { flag, dist } : best;
+  }, { flag: primary[0], dist: Infinity });
+  console.error(`Unknown flag: ${unknownFlag}`);
+  console.error(`Did you mean: ${closest.flag}?`);
+  console.error(`Run \`failproofai --help\` for usage details.`);
+  process.exit(1);
+}
+var unknownSubcommand = args.find((a) => !a.startsWith("-") && a !== "policies");
+if (unknownSubcommand) {
+  console.error(`Unknown command: ${unknownSubcommand}`);
+  console.error(`Did you mean: failproofai policies?`);
+  console.error(`Run \`failproofai --help\` for usage details.`);
+  process.exit(1);
+}
+var { launch: launch2 } = await Promise.resolve().then(() => (init_launch(), exports_launch));
+launch2("start");