tweek 0.2.1__py3-none-any.whl → 0.3.1__py3-none-any.whl

tweek/cli_helpers.py

@@ -32,7 +32,7 @@ def print_error(message: str, fix_hint: str = "") -> None:
     """Print an error message with red X and optional fix hint."""
     console.print(f"[red]\u2717[/red] {message}")
     if fix_hint:
-        console.print(f"  [dim]Hint: {fix_hint}[/dim]")
+        console.print(f"  [white]Hint: {fix_hint}[/white]")
 
 
 def print_health_banner(checks: "List") -> None:
@@ -51,7 +51,7 @@ def print_health_banner(checks: "List") -> None:
 
     panel = Panel(
         f"[bold {color}]{verdict_text}[/bold {color}]\n"
-        f"[dim]Run 'tweek doctor' for details[/dim]",
+        f"[white]Run 'tweek doctor' for details[/white]",
         border_style=color,
         padding=(0, 2),
     )
@@ -63,11 +63,11 @@ def format_command_example(command: str, description: str) -> str:
     Format a single command example line.
 
     Args:
-        command: The command string, e.g., "tweek install --scope global"
+        command: The command string, e.g., "tweek protect claude-code --scope global"
         description: Brief explanation of what it does.
 
     Returns:
-        Formatted string like "  tweek install --scope global    Install globally"
+        Formatted string like "  tweek protect claude-code --scope global    Install globally"
     """
     return f"  {command:<40s} {description}"
 
@@ -141,11 +141,11 @@ def print_doctor_results(checks: "List") -> None:
         CheckStatus.OK: ("[green]OK[/green]    ", "green"),
         CheckStatus.WARNING: ("[yellow]WARN[/yellow]  ", "yellow"),
         CheckStatus.ERROR: ("[red]ERROR[/red] ", "red"),
-        CheckStatus.SKIPPED: ("[dim]SKIP[/dim]  ", "dim"),
+        CheckStatus.SKIPPED: ("[white]SKIP[/white]  ", "white"),
     }
 
     for check in checks:
-        style_text, _ = status_styles.get(check.status, ("[dim]???[/dim]   ", "dim"))
+        style_text, _ = status_styles.get(check.status, ("[white]???[/white]   ", "white"))
         console.print(f"  {style_text}  {check.label:<22s} {check.message}")
 
     # Verdict

tweek/cli_model.py

@@ -90,7 +90,7 @@ def model_download(name: str, force: bool):
         console.print()
         console.print(f"[green]Model downloaded to {model_dir}[/green]")
         console.print(
-            f"[dim]Local screening is now active for risky/dangerous operations.[/dim]"
+            f"[white]Local screening is now active for risky/dangerous operations.[/white]"
         )
 
     except ModelDownloadError as e:
@@ -130,8 +130,8 @@ def model_list(available: bool):
                 defn.display_name,
                 f"~{defn.size_mb:.0f} MB",
                 defn.license,
-                "[green]yes[/green]" if installed else "[dim]no[/dim]",
-                "[green]yes[/green]" if active else "[dim]-[/dim]",
+                "[green]yes[/green]" if installed else "[white]no[/white]",
+                "[green]yes[/green]" if active else "[white]-[/white]",
             )
 
         console.print(table)
@@ -158,7 +158,7 @@ def model_list(available: bool):
                 name,
                 defn.display_name if defn else name,
                 size_str,
-                "[green]yes[/green]" if active else "[dim]-[/dim]",
+                "[green]yes[/green]" if active else "[white]-[/white]",
             )
 
         console.print(table)
@@ -221,10 +221,10 @@ def model_status():
             )
         else:
             fallback_lines.append(
-                "  Cloud LLM:    [dim]none (no API keys configured)[/dim]"
+                "  Cloud LLM:    [white]none (no API keys configured)[/white]"
             )
     except Exception:
-        fallback_lines.append("  Cloud LLM:    [dim]unavailable[/dim]")
+        fallback_lines.append("  Cloud LLM:    [white]unavailable[/white]")
 
     # Overall status
     if LOCAL_MODEL_AVAILABLE and installed:
@@ -232,7 +232,7 @@ def model_status():
     elif LOCAL_MODEL_AVAILABLE and not installed:
         status = "[yellow]Ready[/yellow] - Dependencies installed, model not downloaded"
     else:
-        status = "[dim]Inactive[/dim] - Install dependencies: pip install tweek[local-models]"
+        status = "[white]Inactive[/white] - Install dependencies: pip install tweek[local-models]"
 
     content = f"Status: {status}\n\n"
     content += "[bold]Dependencies[/bold]\n" + "\n".join(deps_lines) + "\n\n"

tweek/config/__init__.py

@@ -10,4 +10,12 @@ PATTERNS_FILE = CONFIG_DIR / "patterns.yaml"
 __all__ = [
     "ConfigManager", "SecurityTier", "ConfigIssue", "ConfigChange",
     "get_config", "CONFIG_DIR", "PATTERNS_FILE",
+    "TweekConfig", "PatternsConfig",
 ]
+
+# Lazy imports for Pydantic models to avoid import cost when not needed
+def __getattr__(name):
+    if name in ("TweekConfig", "PatternsConfig"):
+        from tweek.config.models import TweekConfig, PatternsConfig
+        return {"TweekConfig": TweekConfig, "PatternsConfig": PatternsConfig}[name]
+    raise AttributeError(f"module {__name__!r} has no attribute {name!r}")

tweek/config/manager.py

@@ -173,7 +173,7 @@ class ConfigManager:
         "plugins", "mcp", "proxy", "sandbox", "isolation_chamber",
         "llm_review", "local_model", "rate_limiting", "session_analysis",
         "path_boundary", "non_english_handling", "version", "tiers",
-        "heuristic_scorer",
+        "heuristic_scorer", "openclaw",
     }
 
     def __init__(
@@ -685,8 +685,40 @@ class ConfigManager:
                     suggestion=suggestion,
                 ))
 
+        # Run Pydantic structural validation on merged config
+        try:
+            merged = self._get_merged()
+            pydantic_issues = self._validate_with_pydantic(merged)
+            # Deduplicate: only add Pydantic issues not already caught above
+            existing_messages = {i.message for i in issues}
+            for pi in pydantic_issues:
+                if pi.message not in existing_messages:
+                    issues.append(pi)
+        except Exception:
+            pass  # Pydantic validation is additive, never blocks
+
         return issues
 
+    def _validate_with_pydantic(self, config: Dict) -> List[ConfigIssue]:
+        """Run Pydantic model validation on merged config."""
+        from pydantic import ValidationError
+        from tweek.config.models import TweekConfig
+
+        try:
+            TweekConfig.model_validate(config)
+            return []
+        except ValidationError as e:
+            issues = []
+            for err in e.errors():
+                loc = ".".join(str(p) for p in err["loc"])
+                issues.append(ConfigIssue(
+                    level="error",
+                    key=loc,
+                    message=err["msg"],
+                    suggestion="",
+                ))
+            return issues
+
     def diff_preset(self, preset_name: str) -> List[ConfigChange]:
         """
         Show what would change if a preset were applied.

tweek/config/models.py

@@ -0,0 +1,307 @@
+"""
+Pydantic models for Tweek configuration validation.
+
+These models define the schema for tiers.yaml (the main configuration file)
+and patterns.yaml (attack pattern definitions). They provide:
+- Type-safe configuration loading with automatic validation
+- Human-readable error messages for invalid configuration
+- JSON Schema export for documentation and IDE support
+"""
+
+from __future__ import annotations
+
+import re
+from enum import Enum
+from typing import Any, Dict, List, Optional
+
+from pydantic import BaseModel, Field, field_validator, model_validator
+
+
+# ============================================================================
+# Enums
+# ============================================================================
+
+
+class SecurityTierValue(str, Enum):
+    """Valid security tier values."""
+    SAFE = "safe"
+    DEFAULT = "default"
+    RISKY = "risky"
+    DANGEROUS = "dangerous"
+
+
+class NonEnglishHandling(str, Enum):
+    """How non-English content is handled during screening."""
+    ESCALATE = "escalate"
+    TRANSLATE = "translate"
+    BOTH = "both"
+    NONE = "none"
+
+
+class PatternSeverity(str, Enum):
+    """Severity levels for attack patterns."""
+    CRITICAL = "critical"
+    HIGH = "high"
+    MEDIUM = "medium"
+    LOW = "low"
+
+
+class PatternConfidence(str, Enum):
+    """Confidence levels for attack pattern matches."""
+    DETERMINISTIC = "deterministic"
+    HEURISTIC = "heuristic"
+    CONTEXTUAL = "contextual"
+
+
+# ============================================================================
+# Configuration Section Models
+# ============================================================================
+
+
+class LLMReviewLocalConfig(BaseModel):
+    """Configuration for local LLM server (Ollama, LM Studio)."""
+    enabled: bool = True
+    probe_timeout: float = Field(default=2.0, gt=0)
+    timeout_seconds: float = Field(default=30.0, gt=0)
+    ollama_host: Optional[str] = None
+    lm_studio_host: Optional[str] = None
+    preferred_models: List[str] = Field(default_factory=list)
+    validate_on_first_use: bool = True
+    min_validation_score: float = Field(default=0.6, ge=0.0, le=1.0)
+
+    model_config = {"extra": "allow"}
+
+
+class LLMReviewFallbackConfig(BaseModel):
+    """Configuration for LLM fallback chain."""
+    enabled: bool = True
+    order: List[str] = Field(default_factory=lambda: ["local", "anthropic", "openai"])
+
+    model_config = {"extra": "allow"}
+
+
+class LLMReviewConfig(BaseModel):
+    """Configuration for LLM-based semantic review."""
+    enabled: bool = True
+    provider: str = "auto"
+    model: str = "auto"
+    base_url: Optional[str] = None
+    api_key_env: Optional[str] = None
+    timeout_seconds: float = Field(default=15.0, gt=0)
+    local: LLMReviewLocalConfig = Field(default_factory=LLMReviewLocalConfig)
+    fallback: LLMReviewFallbackConfig = Field(default_factory=LLMReviewFallbackConfig)
+
+    model_config = {"extra": "allow"}
+
+
+class RateLimitingConfig(BaseModel):
+    """Configuration for request rate limiting."""
+    enabled: bool = True
+    burst_window_seconds: int = Field(default=10, gt=0)
+    burst_threshold: int = Field(default=5, gt=0)
+    max_per_minute: int = Field(default=60, gt=0)
+    max_dangerous_per_minute: int = Field(default=10, gt=0)
+    max_same_command_per_minute: int = Field(default=5, gt=0)
+
+    model_config = {"extra": "allow"}
+
+
+class SessionAnalysisConfig(BaseModel):
+    """Configuration for session-level analysis."""
+    enabled: bool = True
+    lookback_minutes: int = Field(default=30, gt=0)
+    alert_on_risk_score: float = Field(default=0.7, ge=0.0, le=1.0)
+
+    model_config = {"extra": "allow"}
+
+
+class HeuristicScorerConfig(BaseModel):
+    """Configuration for heuristic scoring bridge."""
+    enabled: bool = True
+    threshold: float = Field(default=0.4, ge=0.0, le=1.0)
+    log_all_scores: bool = False
+
+    model_config = {"extra": "allow"}
+
+
+class LocalModelConfig(BaseModel):
+    """Configuration for local ONNX model inference."""
+    enabled: bool = True
+    model: str = "auto"
+    escalate_to_llm: bool = True
+    escalate_min_confidence: float = Field(default=0.1, ge=0.0, le=1.0)
+    escalate_max_confidence: float = Field(default=0.9, ge=0.0, le=1.0)
+
+    @model_validator(mode="after")
+    def check_escalation_bounds(self) -> "LocalModelConfig":
+        if self.escalate_min_confidence >= self.escalate_max_confidence:
+            raise ValueError(
+                f"escalate_min_confidence ({self.escalate_min_confidence}) "
+                f"must be less than escalate_max_confidence ({self.escalate_max_confidence})"
+            )
+        return self
+
+    model_config = {"extra": "allow"}
+
+
+class TierDefinition(BaseModel):
+    """Definition of a security tier."""
+    description: str
+    screening: List[str] = Field(default_factory=list)
+
+
+class EscalationRule(BaseModel):
+    """A content-based escalation rule."""
+    pattern: str
+    description: str
+    escalate_to: SecurityTierValue
+
+    @field_validator("pattern")
+    @classmethod
+    def validate_regex(cls, v: str) -> str:
+        try:
+            re.compile(v)
+        except re.error as e:
+            raise ValueError(f"Invalid regex pattern: {e}") from e
+        return v
+
+
+class SensitiveDirectory(BaseModel):
+    """A sensitive directory that triggers path boundary escalation."""
+    pattern: str
+    escalate_to: SecurityTierValue
+    description: str = ""
+
+
+class PathBoundaryConfig(BaseModel):
+    """Configuration for path boundary escalation."""
+    enabled: bool = True
+    default_escalate_to: SecurityTierValue = SecurityTierValue.RISKY
+    sensitive_directories: List[SensitiveDirectory] = Field(default_factory=list)
+
+
+class OpenClawConfig(BaseModel):
+    """Configuration for OpenClaw integration."""
+    enabled: bool = False
+    gateway_port: int = Field(default=18789, gt=0, le=65535)
+    scanner_port: int = Field(default=9878, gt=0, le=65535)
+    plugin_installed: bool = False
+    preset: str = "cautious"
+
+    model_config = {"extra": "allow"}
+
+
+# ============================================================================
+# Root Configuration Model
+# ============================================================================
+
+
+class TweekConfig(BaseModel):
+    """
+    Root Pydantic model for Tweek configuration (tiers.yaml / config.yaml).
+
+    Validates the merged configuration from builtin, user, and project layers.
+    Uses extra="allow" at the root level to be forward-compatible with new
+    config keys added in future versions.
+    """
+    version: Optional[int] = None
+
+    # Core tool/skill classification
+    tools: Dict[str, SecurityTierValue] = Field(default_factory=dict)
+    skills: Dict[str, SecurityTierValue] = Field(default_factory=dict)
+    default_tier: SecurityTierValue = SecurityTierValue.DEFAULT
+
+    # Tier definitions
+    tiers: Dict[str, TierDefinition] = Field(default_factory=dict)
+
+    # Screening configuration
+    llm_review: Optional[LLMReviewConfig] = None
+    rate_limiting: Optional[RateLimitingConfig] = None
+    session_analysis: Optional[SessionAnalysisConfig] = None
+    heuristic_scorer: Optional[HeuristicScorerConfig] = None
+    local_model: Optional[LocalModelConfig] = None
+
+    # Escalation rules
+    escalations: List[EscalationRule] = Field(default_factory=list)
+
+    # Path boundary
+    path_boundary: Optional[PathBoundaryConfig] = None
+
+    # Non-English handling
+    non_english_handling: NonEnglishHandling = NonEnglishHandling.ESCALATE
+
+    # Integration configs
+    proxy: Optional[Dict[str, Any]] = None
+    mcp: Optional[Dict[str, Any]] = None
+    sandbox: Optional[Dict[str, Any]] = None
+    isolation_chamber: Optional[Dict[str, Any]] = None
+    plugins: Optional[Dict[str, Any]] = None
+    openclaw: Optional[OpenClawConfig] = None
+
+    model_config = {"extra": "allow"}
+
+    @field_validator("tools", mode="before")
+    @classmethod
+    def coerce_tool_tiers(cls, v: Any) -> Any:
+        """Accept string tier values and coerce to SecurityTierValue."""
+        if isinstance(v, dict):
+            return {k: SecurityTierValue(val) if isinstance(val, str) else val for k, val in v.items()}
+        return v
+
+    @field_validator("skills", mode="before")
+    @classmethod
+    def coerce_skill_tiers(cls, v: Any) -> Any:
+        """Accept string tier values and coerce to SecurityTierValue."""
+        if isinstance(v, dict):
+            return {k: SecurityTierValue(val) if isinstance(val, str) else val for k, val in v.items()}
+        return v
+
+
+# ============================================================================
+# Pattern Schema Model
+# ============================================================================
+
+
+class PatternDefinition(BaseModel):
+    """A single attack pattern definition from patterns.yaml."""
+    id: int
+    name: str
+    description: str
+    regex: str
+    severity: PatternSeverity
+    confidence: PatternConfidence
+    family: Optional[str] = None
+
+    @field_validator("regex")
+    @classmethod
+    def validate_regex(cls, v: str) -> str:
+        try:
+            re.compile(v)
+        except re.error as e:
+            raise ValueError(f"Invalid regex in pattern: {e}") from e
+        return v
+
+
+class PatternsConfig(BaseModel):
+    """Root model for patterns.yaml."""
+    version: int
+    pattern_count: int = 0
+    patterns: List[PatternDefinition] = Field(default_factory=list)
+
+    @model_validator(mode="after")
+    def check_pattern_count(self) -> "PatternsConfig":
+        actual = len(self.patterns)
+        if self.pattern_count > 0 and actual != self.pattern_count:
+            raise ValueError(
+                f"pattern_count ({self.pattern_count}) does not match "
+                f"actual number of patterns ({actual})"
+            )
+        return self
+
+    @model_validator(mode="after")
+    def check_unique_ids(self) -> "PatternsConfig":
+        ids = [p.id for p in self.patterns]
+        if len(ids) != len(set(ids)):
+            dupes = [i for i in ids if ids.count(i) > 1]
+            raise ValueError(f"Duplicate pattern IDs: {set(dupes)}")
+        return self

tweek/config/patterns.yaml

@@ -1,5 +1,5 @@
 # Tweek Attack Pattern Definitions v3
-# All 215 patterns included FREE
+# All 259 patterns included FREE
 #
 # Update via: tweek update (pulls from github.com/gettweek/tweek)
 #

tweek/diagnostics.py

@@ -3,7 +3,7 @@
 Tweek Diagnostics Engine
 
 Health check system for verifying Tweek installation, configuration,
-and runtime dependencies. Used by `tweek doctor` and the status banner.
+and runtime dependencies. Used by `tweek doctor` and the health banner.
 """
 
 import json
@@ -30,7 +30,7 @@ class HealthCheck:
     label: str          # Human label: "Hook Installation"
     status: CheckStatus
     message: str        # Description: "Global hooks installed at ~/.claude/"
-    fix_hint: str = ""  # Recovery: "Run: tweek install --scope global"
+    fix_hint: str = ""  # Recovery: "Run: tweek protect claude-code --global"
 
 
 def run_health_checks(verbose: bool = False) -> List[HealthCheck]:
@@ -168,7 +168,7 @@ def _check_hooks_installed(verbose: bool = False) -> HealthCheck:
             label="Hook Installation",
             status=CheckStatus.WARNING,
             message="Installed in project only (./.claude)",
-            fix_hint="Run: tweek install --scope global  (to protect all projects)",
+            fix_hint="Run: tweek protect claude-code --global  (to protect all projects)",
         )
     else:
         return HealthCheck(
@@ -176,7 +176,7 @@ def _check_hooks_installed(verbose: bool = False) -> HealthCheck:
             label="Hook Installation",
             status=CheckStatus.ERROR,
             message="No hooks installed",
-            fix_hint="Run: tweek install",
+            fix_hint="Run: tweek protect claude-code",
         )
 
 
@@ -597,18 +597,53 @@ def _check_llm_review(verbose: bool = False) -> HealthCheck:
             get_llm_reviewer,
             _detect_local_server,
             FallbackReviewProvider,
+            DEFAULT_API_KEY_ENVS,
         )
+        from tweek.security.local_model import LOCAL_MODEL_AVAILABLE
 
         reviewer = get_llm_reviewer()
 
         if not reviewer.enabled:
+            # Check which env vars are missing to give specific guidance
+            missing_keys = []
+            for provider, env_names in DEFAULT_API_KEY_ENVS.items():
+                if isinstance(env_names, list):
+                    if not any(os.environ.get(e) for e in env_names):
+                        missing_keys.append(f"{' or '.join(env_names)} ({provider})")
+                else:
+                    if not os.environ.get(env_names):
+                        missing_keys.append(f"{env_names} ({provider})")
+
+            hint_parts = [
+                "To enable cloud LLM review for uncertain classifications:",
+                "  Set one of: " + ", ".join(
+                    k.split(" (")[0] for k in missing_keys
+                ),
+            ]
+
+            if not LOCAL_MODEL_AVAILABLE:
+                hint_parts.append(
+                    "  Or install the local model: pip install 'tweek[local]'"
+                )
+            else:
+                hint_parts.append(
+                    "  Local ONNX model is available but could not initialize"
+                )
+
+            hint_parts.append(
+                "  Or install Ollama (https://ollama.ai) for local LLM review"
+            )
+            hint_parts.append(
+                "  See: docs/CONFIGURATION.md or ~/.tweek/config.yaml"
+            )
+
             return HealthCheck(
                 name="llm_review",
                 label="LLM Review",
                 status=CheckStatus.WARNING,
-                message="No LLM provider available (review disabled)",
-                fix_hint="Set ANTHROPIC_API_KEY, OPENAI_API_KEY, or GOOGLE_API_KEY. "
-                         "Or install Ollama: https://ollama.ai",
+                message="No LLM provider available — review disabled, "
+                        "pattern matching and heuristic scoring still active",
+                fix_hint="\n".join(hint_parts),
             )
 
         # Build status message
@@ -636,6 +671,23 @@ def _check_llm_review(verbose: bool = False) -> HealthCheck:
         except Exception:
             pass
 
+        # In verbose mode, report escalation path
+        if verbose:
+            if provider_name == "local":
+                # Check if cloud escalation is available
+                cloud_env_found = any(
+                    os.environ.get(e) if isinstance(e, str)
+                    else any(os.environ.get(v) for v in e)
+                    for e in DEFAULT_API_KEY_ENVS.values()
+                )
+                if cloud_env_found:
+                    parts.append("cloud escalation: available")
+                else:
+                    parts.append("cloud escalation: not configured")
+
+            if LOCAL_MODEL_AVAILABLE:
+                parts.append("local ONNX: available")
+
         return HealthCheck(
             name="llm_review",
             label="LLM Review",

tweek/hooks/post_tool_use.py

@@ -11,7 +11,7 @@ web pages, documents, and other ingested content.
 
 Screening Pipeline:
 1. Language Detection — identify non-English content
-2. Pattern Matching — 215 regex patterns for known attack vectors
+2. Pattern Matching — 259 regex patterns for known attack vectors
 3. LLM Review — semantic analysis if non-English escalation triggers
 
 Claude Code PostToolUse Protocol:

tweek/hooks/pre_tool_use.py

@@ -925,10 +925,10 @@ def process_hook(input_data: dict, logger: SecurityLogger) -> dict:
                 }
             }
 
-        # Block AI from running tweek trust/untrust/uninstall — human-only commands
+        # Block AI from running tweek trust/untrust/uninstall/unprotect — human-only commands
         command_stripped = command.strip()
-        if re.match(r"tweek\s+(trust|untrust|uninstall)\b", command_stripped):
-            if "uninstall" in command_stripped:
+        if re.match(r"tweek\s+(trust|untrust|uninstall|unprotect)\b", command_stripped):
+            if "uninstall" in command_stripped or "unprotect" in command_stripped:
                 reason = (
                     "TWEEK SELF-PROTECTION: Uninstall must be done by a human.\n"
                     "Run this command directly in your terminal:\n"

tweek/licensing.py

@@ -74,7 +74,7 @@ class LicenseInfo:
 # Only compliance and team management features require a license.
 TIER_FEATURES = {
     Tier.FREE: [
-        "pattern_matching",       # All 215 patterns included free
+        "pattern_matching",       # All 259 patterns included free
         "basic_logging",
         "vault_storage",
         "cli_commands",

tweek/mcp/approval_cli.py

@@ -39,7 +39,7 @@ def display_pending(queue: ApprovalQueue) -> int:
     pending = queue.get_pending()
 
     if not pending:
-        console.print("[dim]No pending approval requests.[/dim]")
+        console.print("[white]No pending approval requests.[/white]")
         return 0
 
     table = Table(title="Pending Approval Requests", show_lines=True)
@@ -112,7 +112,7 @@ def display_request_detail(request: ApprovalRequest):
     remaining = request.time_remaining
     if remaining > 0:
         lines.append("")
-        lines.append(f"[dim]Auto-deny in {int(remaining)}s[/dim]")
+        lines.append(f"[white]Auto-deny in {int(remaining)}s[/white]")
 
     panel = Panel(
         "\n".join(lines),
@@ -160,7 +160,7 @@ def run_approval_daemon(
                 # Prompt for decision
                 decision = _prompt_decision(console, req)
                 if decision == "quit":
-                    console.print("[dim]Exiting approval daemon.[/dim]")
+                    console.print("[white]Exiting approval daemon.[/white]")
                     return
                 elif decision == "skip":
                     continue
@@ -200,7 +200,7 @@ def run_approval_daemon(
             time.sleep(poll_interval)
 
     except KeyboardInterrupt:
-        console.print("\n[dim]Approval daemon stopped.[/dim]")
+        console.print("\n[white]Approval daemon stopped.[/white]")
 
     # Print summary
     stats = queue.get_stats()