securenow 7.6.4 → 7.6.6

package/NPM_README.md

@@ -1236,7 +1236,6 @@ Legacy env fallback aliases are listed below for existing installs only.
 |----------|-------------|---------|
 | `SECURENOW_API_KEY` | Legacy firewall key override. Prefer `apiKey` in `.securenow/credentials.json`. | from creds file |
 | `SECURENOW_API_URL` | SecureNow API base URL. Auto-detected for co-located deployments (falls back to `http://localhost:4000` on ECONNREFUSED). | `https://api.securenow.ai` |
-| `SECURENOW_FIREWALL_ENABLED` | Master kill-switch. Set to `0` to disable. | `1` |
 | `SECURENOW_FIREWALL_VERSION_INTERVAL` | Seconds between version checks (lightweight ETag-based). | `10` |
 | `SECURENOW_FIREWALL_SYNC_INTERVAL` | Full blocklist refresh interval in seconds (safety net). | `300` |
 | `SECURENOW_FIREWALL_FAIL_MODE` | `open` (allow when unavailable) or `closed` (block all). | `open` |

package/SKILL-API.md

@@ -503,10 +503,9 @@ Local development and production use `.securenow/credentials.json`. Every settin
 | Variable | Description | Default |
 |----------|-------------|---------|
 | `SECURENOW_API_KEY` | Legacy env override for the `apiKey` field (`snk_live_...`). Since v7.5.1, login writes the scoped firewall key to `.securenow/credentials.json`. | - |
-| `SECURENOW_API_URL` | SecureNow API base URL | `https://api.securenow.ai` |
-| `SECURENOW_FIREWALL_ENABLED` | Master kill-switch (`0` to disable) | `1` |
-| `SECURENOW_FIREWALL_VERSION_INTERVAL` | Seconds between lightweight version checks | `10` |
-| `SECURENOW_FIREWALL_SYNC_INTERVAL` | Full blocklist refresh interval in seconds | `300` |
+| `SECURENOW_API_URL` | SecureNow API base URL | `https://api.securenow.ai` |
+| `SECURENOW_FIREWALL_VERSION_INTERVAL` | Seconds between lightweight version checks | `10` |
+| `SECURENOW_FIREWALL_SYNC_INTERVAL` | Full blocklist refresh interval in seconds | `300` |
 | `SECURENOW_FIREWALL_FAIL_MODE` | `open` (allow all when unavailable) or `closed` | `open` |
 | `SECURENOW_FIREWALL_STATUS_CODE` | HTTP status for blocked requests | `403` |
 | `SECURENOW_FIREWALL_LOG` | Log blocked requests | `1` |

package/SKILL-CLI.md

@@ -203,20 +203,45 @@ securenow logs list --app my-app --env production --minutes 30 --level error
 securenow logs trace <traceId> --env production       # logs correlated to a specific trace
 ```
 
-### Notifications
-
-```bash
-securenow notifications [--limit N] [--page P]
-securenow notifications list --limit 20
-securenow notifications read <id>            # mark one as read
-securenow notifications read-all             # mark all as read
-securenow notifications unread               # unread count
-```
-
-### Alerts
-
-```bash
-securenow alerts                             # list alert rules (default)
+### Notifications
+
+```bash
+securenow notifications [--limit N] [--page P]
+securenow notifications list --limit 20
+securenow notifications read <id>            # mark one as read
+securenow notifications read-all             # mark all as read
+securenow notifications unread               # unread count
+```
+
+### Human Actions — AI-Prepared Decision Queue
+
+Use this for the same work shown in **Requires Human**: AI has already grouped alerts, fetched traces, built a report, and left a final Block IP or False Positive decision.
+
+```bash
+securenow human                              # list human decisions, most urgent first
+securenow human list --limit 20
+securenow human show 1                       # inspect row 1 with AI report, DAG, proofs, trace links
+securenow human block 1 --yes --reason "AI evidence confirmed malicious"
+securenow human fp 1 --yes --reason "Scoped false positive after evidence review"
+securenow human prompt 1                     # print a Codex/Claude MCP prompt for this row
+securenow human work --limit 10              # list queue + print MCP runbook for deep queue work
+```
+
+MCP parity:
+
+- `securenow_human_actions_list`
+- `securenow_notifications_get`
+- `securenow_human_action_report`
+- `securenow_human_action_block`
+- `securenow_human_action_false_positive`
+- prompts: `investigate_human_action_row`, `work_human_actions`
+
+Write tools still require `confirm:true` plus a reason. False positives should stay restrictive to the app, alert rule, path, method/status, user-agent, body pattern, or other exact evidence the AI report supports.
+
+### Alerts
+
+```bash
+securenow alerts                             # list alert rules (default)
 securenow alerts rules                       # list alert rules (columns: Status, Applications, Schedule)
 securenow alerts rules show <id>            # one rule; JSON: --json
 securenow alerts rules update <id> --applications-all   # all current & future apps

package/app-config.js

@@ -131,7 +131,6 @@ const ENV_TO_CONFIG_PATH = Object.freeze({
   SECURENOW_STRICT: 'runtime.strict',
   SECURENOW_TEST_SPAN: 'runtime.testSpan',
   SECURENOW_HIDE_BANNER: 'runtime.hideBanner',
-  SECURENOW_FIREWALL_ENABLED: 'firewall.enabled',
   SECURENOW_API_URL: 'firewall.apiUrl',
   SECURENOW_FIREWALL_VERSION_INTERVAL: 'firewall.versionCheckInterval',
   SECURENOW_FIREWALL_SYNC_INTERVAL: 'firewall.syncInterval',
@@ -548,6 +547,7 @@ function resolveEnvKey(key) {
   if (upper === 'OTEL_SERVICE_NAME') return resolveAppName();
   if (upper === 'SECURENOW_API_KEY') return resolveApiKey();
   if (upper === 'SECURENOW_INSTANCE' || upper === 'OTEL_EXPORTER_OTLP_ENDPOINT') return resolveInstance();
+  if (upper === 'SECURENOW_FIREWALL_ENABLED') return resolveFirewallEnabled();
 
   const configPath = ENV_TO_CONFIG_PATH[upper];
   if (configPath) return resolveConfigPath(configPath);
@@ -597,12 +597,19 @@ function resolveEndpoints(options = {}) {
   };
 }
 
+function resolveFirewallEnabled() {
+  const fromConfig = pick(getPath(loadCredentials()?.config, 'firewall.enabled'));
+  if (fromConfig != null) return parseBool(fromConfig, true);
+
+  return parseBool(getPath(DEFAULT_CONFIG, 'firewall.enabled'), true);
+}
+
 function resolveFirewallOptions() {
   return {
     apiKey: resolveApiKey(),
     appKey: resolveAppKey() || null,
     environment: resolveDeploymentEnvironment(),
-    enabled: boolEnv('SECURENOW_FIREWALL_ENABLED', true),
+    enabled: resolveFirewallEnabled(),
     apiUrl: env('SECURENOW_API_URL') || DEFAULT_API_URL,
     versionCheckInterval: numberEnv('SECURENOW_FIREWALL_VERSION_INTERVAL', 10, 1),
     syncInterval: numberEnv('SECURENOW_FIREWALL_SYNC_INTERVAL', 300, 1),
@@ -651,6 +658,7 @@ module.exports = {
   resolveOtlpHeaders,
   resolveOtlpHeaderString,
   resolveEndpoints,
+  resolveFirewallEnabled,
   resolveFirewallOptions,
   env,
   boolEnv,

package/cli/auth.js

@@ -237,7 +237,7 @@ async function login(args, flags) {
     const email = payload?.email || 'unknown';
     const exp = payload?.exp ? payload.exp * 1000 : null;
 
-    config.setAuth(token, email, exp, { local });
+    config.setAuth(token, email, exp, { local, enableFirewall: true });
     if (local) config.ensureLocalGitignore();
     console.log('');
     ui.success(`Logged in as ${ui.c.bold(email)}`);
@@ -255,7 +255,7 @@ async function login(args, flags) {
     const email = payload?.email || 'unknown';
     const exp = payload?.exp ? payload.exp * 1000 : null;
 
-    config.setAuth(token, email, exp, { local, app });
+    config.setAuth(token, email, exp, { local, app, enableFirewall: true });
     if (apiKey) config.setApiKey(apiKey, { local });
     if (local) config.ensureLocalGitignore();
     console.log('');

package/cli/config.js

@@ -101,11 +101,22 @@ function saveCredentials(creds, { local = false } = {}) {
   saveJSON(targetFile, appConfig.withCredentialDefaults(creds) || {});
 }
 
-function ensureCredentialDefaults({ local } = {}) {
+function withOnboardingFirewallEnabled(creds) {
+  const payload = appConfig.withCredentialDefaults(creds || {}) || {};
+  payload.config = payload.config || {};
+  payload.config.firewall = payload.config.firewall || {};
+  payload.config.firewall.enabled = true;
+  return payload;
+}
+
+function ensureCredentialDefaults({ local, enableFirewall = false } = {}) {
   const useLocal = local === true || (local == null && hasLocalCredentials());
   const targetFile = credentialsFileForLocal(useLocal);
   const existing = loadJSON(targetFile);
-  saveJSON(targetFile, appConfig.withCredentialDefaults(existing || {}) || {});
+  const payload = enableFirewall
+    ? withOnboardingFirewallEnabled(existing || {})
+    : appConfig.withCredentialDefaults(existing || {}) || {};
+  saveJSON(targetFile, payload);
 }
 
 function clearCredentials({ local } = {}) {
@@ -132,7 +143,7 @@ function getToken() {
   return creds.token;
 }
 
-function setAuth(token, email, expiresAt, { local = false, app = null } = {}) {
+function setAuth(token, email, expiresAt, { local = false, app = null, enableFirewall = false } = {}) {
   const targetFile = credentialsFileForLocal(local);
   const payload = { ...loadJSON(targetFile), token, email, expiresAt };
   if (app && (app.key || app.name || app.instance)) {
@@ -142,7 +153,10 @@ function setAuth(token, email, expiresAt, { local = false, app = null } = {}) {
       instance: app.instance || null,
     };
   }
-  saveCredentials(payload, { local });
+  saveJSON(
+    targetFile,
+    enableFirewall ? withOnboardingFirewallEnabled(payload) : appConfig.withCredentialDefaults(payload) || {}
+  );
 }
 
 function getApp() {
@@ -154,7 +168,7 @@ function setApiKey(apiKey, { local } = {}) {
   const useLocal = local === true || (local == null && hasLocalCredentials());
   const targetFile = credentialsFileForLocal(useLocal);
   const existing = loadJSON(targetFile);
-  saveJSON(targetFile, appConfig.withCredentialDefaults({ ...existing, apiKey }) || { apiKey });
+  saveJSON(targetFile, withOnboardingFirewallEnabled({ ...existing, apiKey }));
 }
 
 function clearApiKey({ local } = {}) {
@@ -238,6 +252,7 @@ module.exports = {
   getAuthSource,
   hasLocalCredentials,
   ensureCredentialDefaults,
+  withOnboardingFirewallEnabled,
   ensureLocalGitignore,
   getApiUrl,
   getAppUrl,

package/cli/credentials.js

@@ -20,7 +20,7 @@ function buildRuntimeCredentials(options = {}) {
     options.env ||
     appConfig.resolveDeploymentEnvironment() ||
     'production';
-  const runtime = appConfig.withCredentialDefaults({
+  const runtime = config.withOnboardingFirewallEnabled({
     apiKey: creds.apiKey || null,
     app: {
       key: creds.app?.key || null,
@@ -33,6 +33,10 @@ function buildRuntimeCredentials(options = {}) {
         ...(creds.config?.runtime || {}),
         deploymentEnvironment,
       },
+      firewall: {
+        ...(creds.config?.firewall || {}),
+        enabled: true,
+      },
     },
     _securenow: {
       ...(creds._securenow || {}),

package/cli/human.js

@@ -0,0 +1,366 @@
+'use strict';
+
+const config = require('./config');
+const { api, requireAuth } = require('./client');
+const ui = require('./ui');
+
+function appUrl(pathname) {
+  return `${config.getAppUrl()}${pathname}`;
+}
+
+function asArray(value) {
+  return Array.isArray(value) ? value : [];
+}
+
+function formatList(values, limit = 3) {
+  const list = asArray(values).filter(Boolean).map(String);
+  if (!list.length) return '-';
+  return list.slice(0, limit).join(', ') + (list.length > limit ? ` +${list.length - limit}` : '');
+}
+
+function confidenceLabel(value) {
+  if (value === null || value === undefined) return 'AI ready';
+  return `${Math.round(Number(value))}%`;
+}
+
+function taskLabel(task) {
+  return task?.headline || task?.title || task?.detectionName || 'AI investigation';
+}
+
+function parseTaskRef(ref) {
+  if (!ref) return null;
+  const text = String(ref).trim();
+  if (/^\d+$/.test(text)) return { kind: 'row', row: Math.max(1, parseInt(text, 10)) };
+  const colon = text.indexOf(':');
+  if (colon > 0) {
+    return { kind: 'id', notificationId: text.slice(0, colon), ip: text.slice(colon + 1) };
+  }
+  const slash = text.indexOf('/');
+  if (slash > 0) {
+    return { kind: 'id', notificationId: text.slice(0, slash), ip: text.slice(slash + 1) };
+  }
+  return { kind: 'notification', notificationId: text };
+}
+
+async function fetchQueue(flags = {}) {
+  const query = {
+    page: flags.page || 1,
+    limit: flags.limit || 20,
+  };
+  if (flags.search) query.search = flags.search;
+  return api.get('/notifications/approval-tasks', { query });
+}
+
+async function resolveTask(ref, flags = {}) {
+  const parsed = parseTaskRef(ref);
+  if (!parsed) {
+    ui.error('Task row or id required. Use `securenow human list` first.');
+    process.exit(1);
+  }
+
+  const queue = await fetchQueue({ ...flags, limit: flags.limit || 50 });
+  const tasks = queue.tasks || [];
+
+  if (parsed.kind === 'row') {
+    const task = tasks[parsed.row - 1];
+    if (!task) {
+      ui.error(`Row ${parsed.row} was not found on page ${flags.page || 1}.`);
+      process.exit(1);
+    }
+    return { task, queue, row: parsed.row };
+  }
+
+  const task = tasks.find((candidate) => (
+    candidate.id === ref ||
+    (candidate.notificationId === parsed.notificationId && (!parsed.ip || candidate.ip === parsed.ip))
+  ));
+
+  if (task) return { task, queue, row: tasks.indexOf(task) + 1 };
+
+  if (parsed.kind === 'id' && parsed.notificationId && parsed.ip) {
+    return {
+      task: {
+        id: `${parsed.notificationId}:${parsed.ip}`,
+        notificationId: parsed.notificationId,
+        ip: parsed.ip,
+        href: `/dashboard/notifications/ip/${parsed.notificationId}/${encodeURIComponent(parsed.ip)}`,
+      },
+      queue,
+      row: null,
+    };
+  }
+
+  ui.error(`Could not find task "${ref}". Use row number or <notificationId>:<ip>.`);
+  process.exit(1);
+}
+
+async function list(args, flags) {
+  requireAuth();
+  const s = ui.spinner('Fetching human action queue');
+  try {
+    const data = await fetchQueue(flags);
+    const tasks = data.tasks || [];
+    s.stop(`Found ${data.summary?.total ?? data.pagination?.total ?? tasks.length} human action${tasks.length === 1 ? '' : 's'}`);
+
+    if (flags.json) {
+      ui.json(data);
+      return;
+    }
+
+    console.log('');
+    if (!tasks.length) {
+      ui.info('No human decisions waiting.');
+      console.log('');
+      return;
+    }
+
+    const rows = tasks.map((task, index) => [
+      String(index + 1),
+      task.urgencyScore || 0,
+      ui.statusBadge(task.severity || 'info'),
+      task.ip || '-',
+      confidenceLabel(task.aiDecision?.confidence),
+      ui.truncate(formatList(task.proofs?.paths, 2), 28),
+      ui.truncate(taskLabel(task), 56),
+      task.lastSeenAt ? ui.timeAgo(task.lastSeenAt) : '-',
+    ]);
+    ui.table(['Row', 'Urgency', 'Severity', 'IP', 'Conf', 'Paths', 'Case', 'Seen'], rows, { maxColWidth: 60 });
+    console.log('');
+    ui.info('Inspect a row: securenow human show <row>');
+    ui.info('Use MCP deeply: securenow human prompt <row>');
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch human action queue');
+    throw err;
+  }
+}
+
+function printTaskSummary(task, row) {
+  ui.heading(row ? `Human action row ${row}` : 'Human action');
+  ui.keyValue([
+    ['Task ID', task.id || `${task.notificationId}:${task.ip}`],
+    ['IP', task.ip || '-'],
+    ['Case', taskLabel(task)],
+    ['Severity', task.severity || '-'],
+    ['Urgency', String(task.urgencyScore || 0)],
+    ['AI confidence', confidenceLabel(task.aiDecision?.confidence)],
+    ['Recommendation', task.aiDecision?.label || task.aiDecision?.recommendation || 'Review'],
+    ['Dashboard', appUrl(task.href || `/dashboard/notifications/ip/${task.notificationId}/${encodeURIComponent(task.ip || '')}`)],
+  ]);
+}
+
+function printAiReport(ipReport = {}, notification = {}) {
+  const ip = ipReport.ip || {};
+  const report = ip.aiReport || {};
+  const raw = report.rawData || {};
+  const steps = asArray(report.steps);
+  const finalDecision = report.finalDecision || {};
+
+  ui.subheading('AI report');
+  ui.keyValue([
+    ['Status', report.status || '-'],
+    ['Verdict', ip.verdict || raw.verdict || '-'],
+    ['Risk', ip.riskScore != null ? `${ip.riskScore}/100` : raw.riskScore != null ? `${raw.riskScore}/100` : '-'],
+    ['Final decision', finalDecision.decision || '-'],
+    ['Final reason', ui.truncate(finalDecision.reason || report.summary || '-', 120)],
+  ]);
+
+  if (report.summary) {
+    console.log('');
+    console.log(`  ${ui.c.bold('Summary')} ${report.summary}`);
+  }
+
+  if (asArray(report.findings).length) {
+    console.log('');
+    console.log(`  ${ui.c.bold('Findings')}`);
+    for (const finding of asArray(report.findings).slice(0, 6)) {
+      console.log(`  - ${finding}`);
+    }
+  }
+
+  if (steps.length) {
+    console.log('');
+    console.log(`  ${ui.c.bold('DAG steps')}`);
+    const rows = steps.map((step) => [
+      step.id,
+      step.status || '-',
+      step.durationMs != null ? `${step.durationMs}ms` : '-',
+      ui.truncate(step.outputSummary || step.inputSummary || step.error || '', 80),
+    ]);
+    ui.table(['Step', 'Status', 'Dur', 'Output'], rows);
+  }
+
+  const traceIds = [
+    ...asArray(ip.metadata?.traceIds),
+    ...steps.flatMap((step) => asArray(step.data?.traceIds)),
+    ...steps.flatMap((step) => asArray(step.data?.suspectTraceIds)),
+  ].filter(Boolean);
+  const uniqueTraceIds = [...new Set(traceIds)].slice(0, 10);
+  if (uniqueTraceIds.length) {
+    const apps = asArray(notification.notification?.applications || notification.applications);
+    const appKeys = apps.join(',');
+    console.log('');
+    console.log(`  ${ui.c.bold('Trace links')}`);
+    for (const traceId of uniqueTraceIds) {
+      const qs = appKeys ? `?appKeys=${encodeURIComponent(appKeys)}` : '';
+      console.log(`  - ${traceId}  ${ui.c.dim(appUrl(`/trace-details/${encodeURIComponent(traceId)}${qs}`))}`);
+    }
+  }
+}
+
+async function show(args, flags) {
+  requireAuth();
+  const ref = args[0];
+  const s = ui.spinner('Fetching human action detail');
+  try {
+    const { task, row } = await resolveTask(ref, flags);
+    const [ipReport, notification] = await Promise.all([
+      api.get(`/notifications/${encodeURIComponent(task.notificationId)}/ips/${encodeURIComponent(task.ip)}`),
+      api.get(`/notifications/${encodeURIComponent(task.notificationId)}`).catch(() => ({})),
+    ]);
+    s.stop('Loaded human action detail');
+
+    if (flags.json) {
+      ui.json({ task, ipReport, notification });
+      return;
+    }
+
+    printTaskSummary(task, row);
+    printAiReport(ipReport, notification);
+
+    ui.subheading('Proofs');
+    ui.keyValue([
+      ['Paths', formatList(task.proofs?.paths, 5)],
+      ['Methods', formatList(task.proofs?.methods, 5)],
+      ['Status', formatList((task.proofs?.statusCodes || []).map(String), 5)],
+      ['User agents', formatList(task.proofs?.userAgents, 3)],
+      ['Traces', formatList(task.proofs?.traceIds, 3)],
+    ]);
+
+    console.log('');
+    ui.info(`Approve block: securenow human block ${ref} --yes --reason "AI evidence confirmed malicious"`);
+    ui.info(`Mark FP:       securenow human fp ${ref} --yes --reason "Scoped false positive after evidence review"`);
+    ui.info(`MCP prompt:    securenow human prompt ${ref}`);
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch human action detail');
+    throw err;
+  }
+}
+
+async function block(args, flags) {
+  requireAuth();
+  const ref = args[0];
+  const { task } = await resolveTask(ref, flags);
+  const reason = flags.reason || task.aiDecision?.reason || task.aiDecision?.verdict || 'Approved SecureNow AI block recommendation';
+
+  if (!flags.yes && !flags.force) {
+    const ok = await ui.confirm(`Block ${task.ip} based on AI evidence?`);
+    if (!ok) return;
+  }
+
+  const s = ui.spinner(`Blocking ${task.ip}`);
+  try {
+    const body = {
+      status: 'blocked',
+      verdict: task.aiDecision?.verdict || 'Blocked after SecureNow AI approval',
+      riskScore: task.aiDecision?.riskScore ?? undefined,
+      decisionSource: 'ai_dag',
+      note: reason,
+    };
+    const data = await api.put(`/notifications/${encodeURIComponent(task.notificationId)}/ips/${encodeURIComponent(task.ip)}/status`, body);
+    s.stop(`${task.ip} blocked`);
+    if (flags.json) ui.json(data);
+    else ui.success(`Handled: ${task.ip} blocked and recorded.`);
+  } catch (err) {
+    s.fail('Failed to block IP');
+    throw err;
+  }
+}
+
+async function fp(args, flags) {
+  requireAuth();
+  const ref = args[0];
+  const { task } = await resolveTask(ref, flags);
+  const scope = task.falsePositiveScope || {};
+  const reason = flags.reason || `Marked false positive from CLI. ${scope.scopeLabel || ''}`.trim();
+
+  if (!flags.yes && !flags.force) {
+    const ok = await ui.confirm(`Mark ${task.ip} as a scoped false positive?`);
+    if (!ok) return;
+  }
+
+  const s = ui.spinner(`Marking ${task.ip} false positive`);
+  try {
+    const body = {
+      reason,
+      conditions: flags.conditions ? JSON.parse(flags.conditions) : (scope.conditions?.length ? scope.conditions : null),
+      matchMode: flags['match-mode'] || scope.matchMode || 'all',
+      createExclusion: flags['create-exclusion'] != null ? flags['create-exclusion'] !== 'false' : Boolean(scope.createExclusion),
+      applyToExisting: flags['apply-existing'] != null ? flags['apply-existing'] !== 'false' : Boolean(scope.applyToExisting),
+      ruleScope: flags['rule-scope'] || scope.ruleScope || 'this_rule',
+      aiConfidence: task.aiDecision?.confidence ?? null,
+    };
+    const data = await api.post(`/notifications/${encodeURIComponent(task.notificationId)}/ips/${encodeURIComponent(task.ip)}/false-positive`, body);
+    s.stop(`${task.ip} marked false positive`);
+    if (flags.json) ui.json(data);
+    else ui.success(`Handled: ${task.ip} marked false positive with scoped evidence.`);
+  } catch (err) {
+    s.fail('Failed to mark false positive');
+    throw err;
+  }
+}
+
+function mcpPromptText(ref, flags = {}) {
+  const rowText = ref ? `Start with human action row/id: ${ref}.` : 'Work the human action queue from most urgent to least urgent.';
+  const limit = flags.limit || 10;
+  const mode = flags.mode || (ref ? 'single_row' : 'queue');
+  return [
+    'Use the SecureNow MCP server to do my human Detect & Respond work deeply.',
+    '',
+    rowText,
+    `Mode: ${mode}. Review up to ${limit} task(s) unless I ask for more.`,
+    '',
+    'Runbook:',
+    '1. Call securenow_human_actions_list with page=1 and the requested limit.',
+    ref
+      ? '2. Select the requested row number or task id, then call securenow_notifications_get and securenow_human_action_report for its notificationId and IP.'
+      : '2. For each task, call securenow_notifications_get and securenow_human_action_report for the notificationId and IP.',
+    '3. Read the AI report, finalDecision, DAG steps, findings, proofs, metadata paths/user agents/status codes, and trace IDs.',
+    '4. Open/inspect trace evidence with securenow_traces_show and securenow_logs_for_trace when trace IDs are available.',
+    '5. Decide one of only two outcomes: block the IP, or mark a scoped false positive. If evidence is ambiguous, report why and stop for that row.',
+    '6. For block decisions, call securenow_human_action_block with confirm:true and a precise reason.',
+    '7. For false positives, call securenow_human_action_false_positive with confirm:true, the narrowest available conditions, and a precise reason.',
+    '8. Summarize each row handled, skipped, and still waiting. Do not globally trust an IP by default.',
+    '',
+    'Safety:',
+    '- Do not call write tools without confirm:true and a reason.',
+    '- Do not use broad false-positive scopes if the evidence only supports one alert rule/path/method/status/user-agent/body pattern.',
+    '- Prefer no action over a weak action.',
+  ].join('\n');
+}
+
+async function prompt(args, flags) {
+  const ref = args[0];
+  const text = mcpPromptText(ref, flags);
+  if (flags.json) ui.json({ prompt: text });
+  else console.log(`\n${text}\n`);
+}
+
+async function work(args, flags) {
+  requireAuth();
+  await list(args, { ...flags, limit: flags.limit || 10 });
+  console.log('');
+  ui.subheading('MCP prompt');
+  console.log(mcpPromptText(args[0], flags));
+  console.log('');
+}
+
+module.exports = {
+  list,
+  show,
+  block,
+  fp,
+  prompt,
+  work,
+};

package/cli/init.js

@@ -86,7 +86,7 @@ async function init(_args, flags) {
 }
 
 function initCredentials(flags) {
-  config.ensureCredentialDefaults({ local: true });
+  config.ensureCredentialDefaults({ local: true, enableFirewall: true });
   config.ensureLocalGitignore();
   const creds = config.loadCredentials();
   creds.config = creds.config || {};

package/cli.js

@@ -151,20 +151,48 @@ const COMMANDS = {
     },
     defaultSub: 'list',
   },
-  notifications: {
-    desc: 'Manage notifications',
-    usage: 'securenow notifications <subcommand> [options]',
+  notifications: {
+    desc: 'Manage notifications',
+    usage: 'securenow notifications <subcommand> [options]',
     sub: {
       list: { desc: 'List notifications', flags: { limit: 'Max results', page: 'Page number' }, run: (a, f) => require('./cli/monitor').notificationsList(a, f) },
       read: { desc: 'Mark notification as read', usage: 'securenow notifications read <id>', run: (a, f) => require('./cli/monitor').notificationsRead(a, f) },
       'read-all': { desc: 'Mark all as read', run: () => require('./cli/monitor').notificationsReadAll() },
       unread: { desc: 'Show unread count', run: () => require('./cli/monitor').notificationsUnread() },
-    },
-    defaultSub: 'list',
-  },
-  alerts: {
-    desc: 'Manage alerting',
-    usage: 'securenow alerts <subcommand> [options]',
+    },
+    defaultSub: 'list',
+  },
+  human: {
+    desc: 'Work the human action queue prepared by SecureNow AI',
+    usage: 'securenow human <list|show|block|fp|prompt|work> [row|notificationId:ip] [options]',
+    flags: {
+      json: 'Output as JSON',
+      page: 'Queue page number',
+      limit: 'Queue page size',
+      search: 'Search IP, rule, path, or verdict',
+      reason: 'Reason for block/false-positive decisions',
+      yes: 'Confirm write actions without prompting',
+      force: 'Alias for --yes',
+      conditions: 'False-positive conditions JSON array',
+      'match-mode': 'False-positive match mode: all or any',
+      'rule-scope': 'False-positive scope: this_rule | specific_rules | all_existing | any_rule',
+      'create-exclusion': 'Create a restrictive exclusion when marking false positive',
+      'apply-existing': 'Apply false-positive decision to existing matching rows',
+      mode: 'Prompt mode label for MCP prompt output',
+    },
+    sub: {
+      list: { desc: 'List human decisions AI prepared', run: (a, f) => require('./cli/human').list(a, f) },
+      show: { desc: 'Show one row with AI report, proofs, DAG, and trace links', usage: 'securenow human show <row|notificationId:ip>', run: (a, f) => require('./cli/human').show(a, f) },
+      block: { desc: 'Approve the AI block recommendation for a row', usage: 'securenow human block <row|notificationId:ip> --yes --reason "..."', run: (a, f) => require('./cli/human').block(a, f) },
+      fp: { desc: 'Mark a row as a scoped false positive', usage: 'securenow human fp <row|notificationId:ip> --yes --reason "..."', run: (a, f) => require('./cli/human').fp(a, f) },
+      prompt: { desc: 'Print a Codex/Claude MCP prompt for row or queue work', usage: 'securenow human prompt [row|notificationId:ip] [--limit 10]', run: (a, f) => require('./cli/human').prompt(a, f) },
+      work: { desc: 'List the queue and print the MCP runbook to work it deeply', usage: 'securenow human work [--limit 10]', run: (a, f) => require('./cli/human').work(a, f) },
+    },
+    defaultSub: 'list',
+  },
+  alerts: {
+    desc: 'Manage alerting',
+    usage: 'securenow alerts <subcommand> [options]',
     sub: {
       rules: {
         desc: 'List, show, or update alert rules',
@@ -469,7 +497,7 @@ function showHelp(commandName) {
     'Authentication': ['login', 'logout', 'whoami', 'credentials'],
     'Applications': ['apps', 'init', 'status'],
     'Observe': ['traces', 'logs', 'analytics'],
-    'Detect & Respond': ['notifications', 'alerts', 'fp'],
+    'Detect & Respond': ['human', 'notifications', 'alerts', 'fp'],
     'Investigate': ['ip', 'forensics'],
     'Firewall': ['firewall'],
     'Remediation': ['blocklist', 'allowlist', 'trusted'],

package/docs/ENVIRONMENT-VARIABLES.md

@@ -130,7 +130,7 @@ Legacy environment variables are fallback-only for existing deployments. New loc
 | `config.runtime.strict` | `false` | Exit clustered workers when no app identity resolves. |
 | `config.runtime.testSpan` | `false` | Prefer `npx securenow test-span` for manual checks. |
 | `config.runtime.hideBanner` | `false` | Hide free-trial response banner. |
-| `config.firewall.enabled` | `true` | Local kill-switch; dashboard app toggle also applies. |
+| `config.firewall.enabled` | `true` | Local SDK firewall switch. Leave absent/true for protection; set false only when intentionally disabling in this credentials file. Dashboard app toggle also applies. |
 | `config.firewall.apiUrl` | `https://api.securenow.ai` | SecureNow API base URL. |
 | `config.firewall.versionCheckInterval` | `10` | Seconds between lightweight version checks. |
 | `config.firewall.syncInterval` | `300` | Seconds between full blocklist syncs. |

package/docs/FIREWALL-GUIDE.md

@@ -199,13 +199,12 @@ SECURENOW_FIREWALL_CLOUD_DRY_RUN=1
 
 ## Environment Variables Reference
 
-| Variable | Default | Description |
-|----------|---------|-------------|
-| `SECURENOW_API_KEY` | *(from creds file)* | API key with `firewall:read` scope. Since v7.1.0 the firewall also reads this from `.securenow/credentials.json` (written by `securenow login` or `securenow api-key set`), so this env var is optional. The env var only wins if it starts with `snk_live_`; otherwise the credentials file is used. |
-| `SECURENOW_API_URL` | `https://api.securenow.ai` | API base URL. Auto-fallback to `http://localhost:4000` on ECONNREFUSED. |
-| `SECURENOW_FIREWALL_ENABLED` | `1` | Master kill-switch (`0` to disable) |
-| `SECURENOW_FIREWALL_VERSION_INTERVAL` | `10` | Seconds between version checks (lightweight ETag-based) |
-| `SECURENOW_FIREWALL_SYNC_INTERVAL` | `300` | Full blocklist refresh interval in seconds (safety net) |
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `SECURENOW_API_KEY` | *(from creds file)* | API key with `firewall:read` scope. Since v7.1.0 the firewall also reads this from `.securenow/credentials.json` (written by `securenow login` or `securenow api-key set`), so this env var is optional. The env var only wins if it starts with `snk_live_`; otherwise the credentials file is used. |
+| `SECURENOW_API_URL` | `https://api.securenow.ai` | API base URL. Auto-fallback to `http://localhost:4000` on ECONNREFUSED. |
+| `SECURENOW_FIREWALL_VERSION_INTERVAL` | `10` | Seconds between version checks (lightweight ETag-based) |
+| `SECURENOW_FIREWALL_SYNC_INTERVAL` | `300` | Full blocklist refresh interval in seconds (safety net) |
 | `SECURENOW_FIREWALL_FAIL_MODE` | `open` | `open` = allow when list unavailable; `closed` = block all |
 | `SECURENOW_FIREWALL_STATUS_CODE` | `403` | HTTP status code for blocked requests (Layer 1) |
 | `SECURENOW_FIREWALL_LOG` | `1` | Log blocked requests to console (`0` to silence) |
@@ -390,14 +389,16 @@ All layers clean up on process exit (SIGINT/SIGTERM):
 echo $SECURENOW_API_KEY
 ```
 
-**Check 2:** Is the firewall disabled?
-
-```bash
-# Must NOT be set to 0
-echo $SECURENOW_FIREWALL_ENABLED
-```
-
-**Check 3:** Check the startup log for sync errors:
+**Check 2:** Is the firewall disabled in SecureNow config or dashboard?
+
+```bash
+npx securenow env
+npx securenow firewall apps
+```
+
+The local SDK switch is `config.firewall.enabled` in `.securenow/credentials.json`. The runtime dashboard toggle is per app/environment.
+
+**Check 3:** Check the startup log for sync errors:
 
 ```
 [securenow] Firewall: initial sync failed: API returned 401

package/firewall.js

@@ -15,9 +15,11 @@ let _lastSyncEtag = null;
 let _initialized = false;
 let _consecutiveErrors = 0;
 let _layers = [];
-let _rawIps = [];
-let _stats = { syncs: 0, blocked: 0, allowed: 0, versionChecks: 0, errors: 0, suppressedDisabled: 0 };
-let _localhostFallbackTried = false;
+let _rawIps = [];
+let _stats = { syncs: 0, blocked: 0, allowed: 0, versionChecks: 0, errors: 0, suppressedDisabled: 0 };
+let _localhostFallbackTried = false;
+let _eventQueue = [];
+let _eventTimer = null;
 
 // Remote toggle — set by /firewall/sync when an appKey is in scope. Default
 // true so a missing/unreachable backend fails open (matches pre-7.3 behavior).
@@ -45,7 +47,10 @@ let _retryAfterUntil = 0;
 
 // Keep-alive agents — reuse TCP connections across polls (TLS handshake once)
 const _httpAgent = new http.Agent({ keepAlive: true, maxSockets: 2, keepAliveMsecs: 30_000 });
-const _httpsAgent = new https.Agent({ keepAlive: true, maxSockets: 2, keepAliveMsecs: 30_000 });
+const _httpsAgent = new https.Agent({ keepAlive: true, maxSockets: 2, keepAliveMsecs: 30_000 });
+const EVENT_FLUSH_INTERVAL_MS = 2_000;
+const EVENT_BATCH_SIZE = 25;
+const EVENT_QUEUE_MAX = 1_000;
 
 // Unified sync uses /firewall/sync (v2). Falls back to legacy on 404.
 let _useUnifiedSync = true;
@@ -118,7 +123,7 @@ function agentFor(url) {
   return url.startsWith('https') ? _httpsAgent : _httpAgent;
 }
 
-function httpGet(url, extraHeaders, timeout, callback) {
+function httpGet(url, extraHeaders, timeout, callback) {
   const mod = url.startsWith('https') ? https : http;
   const parsed = new URL(url);
 
@@ -142,8 +147,89 @@ function httpGet(url, extraHeaders, timeout, callback) {
 
   req.on('error', (err) => callback(err));
   req.on('timeout', () => { req.destroy(); callback(new Error('Request timed out')); });
-  req.end();
-}
+  req.end();
+}
+
+function httpPostJson(url, body, timeout, callback) {
+  const mod = url.startsWith('https') ? https : http;
+  const parsed = new URL(url);
+  const payload = JSON.stringify(body || {});
+
+  const req = mod.request({
+    hostname: parsed.hostname,
+    port: parsed.port || (parsed.protocol === 'https:' ? 443 : 80),
+    path: parsed.pathname + parsed.search,
+    method: 'POST',
+    headers: {
+      'Authorization': `Bearer ${_options.apiKey}`,
+      'User-Agent': 'securenow-firewall-sdk',
+      'Content-Type': 'application/json',
+      'Content-Length': Buffer.byteLength(payload),
+    },
+    timeout,
+    agent: agentFor(url),
+  }, (res) => {
+    let data = '';
+    res.on('data', (chunk) => { data += chunk; });
+    res.on('end', () => { callback(null, res, data); });
+  });
+
+  req.on('error', (err) => callback(err));
+  req.on('timeout', () => { req.destroy(); callback(new Error('Request timed out')); });
+  req.write(payload);
+  req.end();
+}
+
+function scheduleEventFlush() {
+  if (_eventTimer || _eventQueue.length === 0) return;
+  _eventTimer = setTimeout(() => {
+    _eventTimer = null;
+    flushFirewallEvents();
+  }, EVENT_FLUSH_INTERVAL_MS);
+  if (_eventTimer.unref) _eventTimer.unref();
+}
+
+function flushFirewallEvents() {
+  if (!_options || !_options.apiKey || !_options.apiUrl || _eventQueue.length === 0) return;
+  if (shouldSkipRequest()) {
+    _eventQueue = [];
+    return;
+  }
+
+  const batch = _eventQueue.splice(0, EVENT_BATCH_SIZE);
+  const url = buildFirewallUrl('/firewall/events');
+
+  httpPostJson(url, { events: batch }, 5000, (err, res) => {
+    if (err || !res || res.statusCode >= 400) {
+      if (_options.log) {
+        const msg = err ? err.message : `API returned ${res.statusCode}`;
+        console.warn('[securenow] Firewall: failed to report blocked-request ledger:', msg);
+      }
+    }
+    if (_eventQueue.length) scheduleEventFlush();
+  });
+}
+
+function reportFirewallEvent(event) {
+  if (!_options || !_options.apiKey || !_options.apiUrl) return;
+
+  const item = {
+    applicationKey: _options.appKey || null,
+    environment: _options.environment || 'production',
+    action: 'blocked',
+    statusCode: (_options && _options.statusCode) || 403,
+    occurredAt: new Date().toISOString(),
+    ...event,
+  };
+
+  _eventQueue.push(item);
+  if (_eventQueue.length > EVENT_QUEUE_MAX) {
+    _eventQueue.splice(0, _eventQueue.length - EVENT_QUEUE_MAX);
+  }
+
+  if (_eventQueue.length >= EVENT_BATCH_SIZE) flushFirewallEvents();
+  else scheduleEventFlush();
+}
 
 // ────── Unified Sync (v2 — single request for everything) ──────
 
@@ -609,23 +695,39 @@ function firewallRequestHandler(req, res) {
   const ip = resolveClientIp(req);
 
   // Allowlist check: if active, only listed IPs are allowed through
-  if (_allowlistMatcher && _allowlistMatcher.stats().total > 0) {
-    if (!_allowlistMatcher.isBlocked(ip)) {
-      _stats.blocked++;
-      if (_options && _options.log) console.log('[securenow] Firewall: blocked %s via HTTP (not in allowlist)', ip);
-      sendBlockResponse(req, res, ip);
-      return true;
-    }
-    return false;
-  }
+  if (_allowlistMatcher && _allowlistMatcher.stats().total > 0) {
+    if (!_allowlistMatcher.isBlocked(ip)) {
+      _stats.blocked++;
+      if (_options && _options.log) console.log('[securenow] Firewall: blocked %s via HTTP (not in allowlist)', ip);
+      reportFirewallEvent({
+        source: 'allowlist',
+        ip,
+        matchedEntry: '',
+        method: req.method || '',
+        path: req.url || '',
+        userAgent: req.headers['user-agent'] || '',
+      });
+      sendBlockResponse(req, res, ip);
+      return true;
+    }
+    return false;
+  }
 
   // Blocklist check
-  if (_matcher && _matcher.isBlocked(ip)) {
-    _stats.blocked++;
-    if (_options && _options.log) console.log('[securenow] Firewall: blocked %s via HTTP', ip);
-    sendBlockResponse(req, res, ip);
-    return true;
-  }
+  if (_matcher && _matcher.isBlocked(ip)) {
+    _stats.blocked++;
+    if (_options && _options.log) console.log('[securenow] Firewall: blocked %s via HTTP', ip);
+    reportFirewallEvent({
+      source: 'blocklist',
+      ip,
+      matchedEntry: ip,
+      method: req.method || '',
+      path: req.url || '',
+      userAgent: req.headers['user-agent'] || '',
+    });
+    sendBlockResponse(req, res, ip);
+    return true;
+  }
 
   return false;
 }
@@ -721,11 +823,13 @@ function init(options) {
   startSyncLoop();
 }
 
-function shutdown() {
-  if (_pollTimer) { clearTimeout(_pollTimer); _pollTimer = null; }
-  if (_syncTimer) { clearInterval(_syncTimer); _syncTimer = null; }
-
-  _circuitState = 'closed';
+function shutdown() {
+  if (_pollTimer) { clearTimeout(_pollTimer); _pollTimer = null; }
+  if (_syncTimer) { clearInterval(_syncTimer); _syncTimer = null; }
+  if (_eventTimer) { clearTimeout(_eventTimer); _eventTimer = null; }
+  flushFirewallEvents();
+
+  _circuitState = 'closed';
   _circuitOpenedAt = 0;
   _consecutiveErrors = 0;
   _pollInflight = false;

package/mcp/catalog.js

@@ -408,6 +408,94 @@ const TOOLS = [
       ...confirmSchema,
     }, ['id', 'confirm', 'reason']),
   },
+  {
+    name: 'securenow_notifications_get',
+    title: 'Get Notification',
+    description: 'Get one notification/case with alert context, clusters, and IP investigations.',
+    scope: 'notifications:read',
+    readOnly: true,
+    method: 'GET',
+    endpoint: '/notifications/:id',
+    pathParams: ['id'],
+    inputSchema: objectSchema({
+      id: string('Notification id.'),
+    }, ['id']),
+  },
+  {
+    name: 'securenow_human_actions_list',
+    title: 'List Human Action Queue',
+    description: 'List approval-gated human decisions prepared by SecureNow AI, ordered by urgency.',
+    scope: 'notifications:read',
+    readOnly: true,
+    method: 'GET',
+    endpoint: '/notifications/approval-tasks',
+    queryFields: ['limit', 'page', 'search'],
+    inputSchema: objectSchema({
+      ...pagingInput,
+      search: string('Optional search over IP, rule, path, or verdict.'),
+    }),
+  },
+  {
+    name: 'securenow_human_action_report',
+    title: 'Get Human Action Report',
+    description: 'Fetch the full IP investigation report, DAG steps, proofs, metadata, and AI decision for one human action row.',
+    scope: 'notifications:read',
+    readOnly: true,
+    method: 'GET',
+    endpoint: '/notifications/:notificationId/ips/:ip',
+    pathParams: ['notificationId', 'ip'],
+    inputSchema: objectSchema({
+      notificationId: string('Notification id from the human action row.'),
+      ip: string('IP address from the human action row.'),
+    }, ['notificationId', 'ip']),
+  },
+  {
+    name: 'securenow_human_action_block',
+    title: 'Approve AI Block Recommendation',
+    description: 'Approve the AI-prepared block decision for an IP. Write action; requires confirmation.',
+    scope: 'notifications:write',
+    readOnly: false,
+    destructive: true,
+    confirm: true,
+    method: 'PUT',
+    endpoint: '/notifications/:notificationId/ips/:ip/status',
+    pathParams: ['notificationId', 'ip'],
+    fixedBody: { status: 'blocked', decisionSource: 'ai_dag' },
+    reasonAsNote: true,
+    bodyFields: ['note', 'verdict', 'riskScore'],
+    inputSchema: objectSchema({
+      notificationId: string('Notification id from the human action row.'),
+      ip: string('IP address to block.'),
+      note: string('Audit note explaining why the AI block was approved.'),
+      verdict: string('Optional final verdict text.'),
+      riskScore: number('Optional risk score.', { minimum: 0, maximum: 100 }),
+      ...confirmSchema,
+    }, ['notificationId', 'ip', 'confirm', 'reason']),
+  },
+  {
+    name: 'securenow_human_action_false_positive',
+    title: 'Mark Human Action False Positive',
+    description: 'Mark an AI-prepared human action as a scoped false positive. Write action; requires confirmation.',
+    scope: 'notifications:write',
+    readOnly: false,
+    confirm: true,
+    method: 'POST',
+    endpoint: '/notifications/:notificationId/ips/:ip/false-positive',
+    pathParams: ['notificationId', 'ip'],
+    bodyFields: ['reason', 'conditions', 'matchMode', 'createExclusion', 'applyToExisting', 'ruleScope', 'targetRuleIds', 'aiConfidence'],
+    inputSchema: objectSchema({
+      notificationId: string('Notification id from the human action row.'),
+      ip: string('IP address to mark as false positive.'),
+      conditions: { type: 'array', items: { type: 'object', additionalProperties: true }, description: 'Restrictive false-positive conditions. Prefer app/rule/path/method/status/user-agent/body scope.' },
+      matchMode: string('Condition match mode: all or any.'),
+      createExclusion: boolean('Whether to create a restrictive exclusion rule.'),
+      applyToExisting: boolean('Whether to apply to existing matching IP investigations.'),
+      ruleScope: string('Scope: this_rule, specific_rules, all_existing, or any_rule.'),
+      targetRuleIds: arrayOfStrings('Specific rule ids when ruleScope is specific_rules.'),
+      aiConfidence: number('AI confidence for audit metadata.', { minimum: 0, maximum: 100 }),
+      ...confirmSchema,
+    }, ['notificationId', 'ip', 'confirm', 'reason']),
+  },
   {
     name: 'securenow_ip_lookup',
     title: 'IP Intelligence Lookup',
@@ -700,6 +788,27 @@ const PROMPTS = [
       { name: 'environment', description: 'Environment to investigate. Defaults to production; use all only when explicitly needed.', required: false },
     ],
   },
+  {
+    name: 'investigate_human_action_row',
+    title: 'Investigate Human Action Row',
+    description: 'Use MCP tools to deeply review one Requires Human row and either block the IP or mark a scoped false positive.',
+    arguments: [
+      { name: 'rowNumber', description: '1-based row number from the Requires Human queue.', required: true },
+      { name: 'page', description: 'Queue page number. Defaults to 1.', required: false },
+      { name: 'limit', description: 'Rows to fetch. Defaults to 20.', required: false },
+      { name: 'confirmWrites', description: 'Set true only when the user explicitly wants the MCP agent to execute decisions.', required: false },
+    ],
+  },
+  {
+    name: 'work_human_actions',
+    title: 'Work Human Actions',
+    description: 'Use MCP tools to work the approval queue from most urgent to least urgent, with trace verification and scoped decisions.',
+    arguments: [
+      { name: 'limit', description: 'Maximum rows to review this run. Defaults to 10.', required: false },
+      { name: 'search', description: 'Optional search filter for the queue.', required: false },
+      { name: 'confirmWrites', description: 'Set true only when the user explicitly wants the MCP agent to execute decisions.', required: false },
+    ],
+  },
 ];
 
 function promptMessages(name, args = {}) {
@@ -759,6 +868,56 @@ function promptMessages(name, args = {}) {
     ];
   }
 
+  if (name === 'investigate_human_action_row') {
+    const rowNumber = args.rowNumber || '<rowNumber>';
+    const page = args.page || 1;
+    const limit = args.limit || 20;
+    const confirmWrites = args.confirmWrites === true || args.confirmWrites === 'true';
+    return [
+      {
+        role: 'user',
+        content: {
+          type: 'text',
+          text: [
+            `Investigate Requires Human row ${rowNumber} using SecureNow MCP.`,
+            `Fetch page=${page}, limit=${limit} with securenow_human_actions_list, select row ${rowNumber}, then call securenow_notifications_get and securenow_human_action_report for that notificationId and IP.`,
+            'Read the AI report, finalDecision, DAG steps, findings, proofs, metadata paths/user agents/status codes, and trace IDs.',
+            'Open trace evidence with securenow_traces_show and correlated logs with securenow_logs_for_trace when trace IDs are available.',
+            'Return one of only two outcomes: Block IP or False Positive. If evidence is ambiguous, stop and explain what is missing.',
+            confirmWrites
+              ? 'The user requested execution. If evidence supports the decision, call securenow_human_action_block or securenow_human_action_false_positive with confirm:true and a precise reason.'
+              : 'Do not execute write tools yet. Prepare the recommended decision and exact tool call the user can approve.',
+            'False positives must be narrow: app + alert rule + path + method/status/user-agent/body evidence where possible. Never globally trust an IP by default.',
+          ].join('\n'),
+        },
+      },
+    ];
+  }
+
+  if (name === 'work_human_actions') {
+    const limit = args.limit || 10;
+    const confirmWrites = args.confirmWrites === true || args.confirmWrites === 'true';
+    return [
+      {
+        role: 'user',
+        content: {
+          type: 'text',
+          text: [
+            'Work my SecureNow Requires Human queue like a senior security analyst using the MCP tools.',
+            `Review up to ${limit} row(s), most urgent first.${args.search ? ` Search filter: ${args.search}.` : ''}`,
+            'Start with securenow_human_actions_list. For each row, call securenow_notifications_get and securenow_human_action_report, inspect the AI report/DAG/proofs/trace IDs, and fetch trace/log evidence where useful.',
+            'For each row choose exactly one outcome: Block IP, False Positive, or Skip because evidence is insufficient. Explain skipped rows.',
+            confirmWrites
+              ? 'The user requested execution. For supported decisions, call the correct write tool with confirm:true and a precise reason, then continue.'
+              : 'Do not execute write tools yet. Produce a row-by-row action plan and exact MCP write calls for user approval.',
+            'For block decisions, use securenow_human_action_block. For false positives, use securenow_human_action_false_positive with restrictive conditions. Avoid broad/global trust.',
+            'End with counts: handled, proposed block, proposed false positive, skipped, still waiting.',
+          ].join('\n'),
+        },
+      },
+    ];
+  }
+
   throw new Error(`Unknown prompt: ${name}`);
 }
 
@@ -829,6 +988,10 @@ function buildApiRequest(tool, rawArgs = {}) {
     if (value != null && value !== '') body[key] = value;
   }
 
+  if (tool.reasonAsNote && !body.note && args.reason) {
+    body.note = args.reason;
+  }
+
   return {
     method: tool.method,
     endpoint,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "securenow",
-  "version": "7.6.4",
+  "version": "7.6.6",
   "description": "OpenTelemetry instrumentation for Node.js, Next.js, and Nuxt - Send traces and logs to any OTLP-compatible backend",
   "type": "commonjs",
   "main": "register.js",