feat: Context Sniper UI parity — native popup, browser daemon, cloud

- context-sniper.ts (new): shared RiskMetadata type, smartTruncate,
  extractContext (returns {snippet, lineIndex}), computeRiskMetadata
- native.ts: import from context-sniper, use .snippet on extractContext calls
- core.ts: add tier to evaluatePolicy returns; compute riskMetadata once in
  authorizeHeadless; pass it to initNode9SaaS, askDaemon, notifyDaemonViewer
- daemon/index.ts: store and broadcast riskMetadata in PendingEntry
- daemon/ui.html: renderPayload() uses riskMetadata for intent badge, tier,
  file path, annotated snippet, matched-word highlight; falls back to raw args

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: nawi-25

src/context-sniper.ts

@@ -0,0 +1,147 @@
+// src/context-sniper.ts
+// Shared Context Sniper module.
+// Pre-computes the code snippet and intent ONCE in authorizeHeadless (core.ts),
+// then the resulting RiskMetadata bundle flows to every approval channel:
+// native popup, browser daemon, cloud/SaaS backend, Slack, and Mission Control.
+
+import path from 'path';
+
+export interface RiskMetadata {
+  intent: 'EDIT' | 'EXEC';
+  tier: 1 | 2 | 3 | 4 | 5 | 6 | 7;
+  blockedByLabel: string;
+  matchedWord?: string;
+  matchedField?: string;
+  contextSnippet?: string;   // Pre-computed 7-line window with 🛑 marker
+  contextLineIndex?: number; // Index of the 🛑 line within the snippet (0-based)
+  editFileName?: string;     // basename of file_path (EDIT intent only)
+  editFilePath?: string;     // full file_path (EDIT intent only)
+  ruleName?: string;         // Tier 2 (Smart Rules) only
+}
+
+/** Keeps the start and end of a long string, truncating the middle. */
+export function smartTruncate(str: string, maxLen = 500): string {
+  if (str.length <= maxLen) return str;
+  const edge = Math.floor(maxLen / 2) - 3;
+  return `${str.slice(0, edge)} ... ${str.slice(-edge)}`;
+}
+
+/**
+ * Returns the 7-line context window centred on matchedWord, plus the
+ * 0-based index of the hit line within the returned snippet.
+ * If the text is short or the word isn't found, returns the full text and lineIndex -1.
+ */
+export function extractContext(
+  text: string,
+  matchedWord?: string,
+): { snippet: string; lineIndex: number } {
+  const lines = text.split('\n');
+  if (lines.length <= 7 || !matchedWord) {
+    return { snippet: smartTruncate(text, 500), lineIndex: -1 };
+  }
+
+  const escaped = matchedWord.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+  const pattern = new RegExp(`\\b${escaped}\\b`, 'i');
+
+  const allHits = lines.map((line, i) => ({ i, line })).filter(({ line }) => pattern.test(line));
+  if (allHits.length === 0) return { snippet: smartTruncate(text, 500), lineIndex: -1 };
+
+  // Prefer non-comment lines so we highlight actual code, not documentation
+  const nonComment = allHits.find(({ line }) => {
+    const trimmed = line.trim();
+    return !trimmed.startsWith('//') && !trimmed.startsWith('#');
+  });
+  const hitIndex = (nonComment ?? allHits[0]).i;
+
+  const start = Math.max(0, hitIndex - 3);
+  const end = Math.min(lines.length, hitIndex + 4);
+  const lineIndex = hitIndex - start;
+
+  const snippet = lines
+    .slice(start, end)
+    .map((line, i) => `${start + i === hitIndex ? '🛑 ' : '   '}${line}`)
+    .join('\n');
+
+  const head = start > 0 ? `... [${start} lines hidden] ...\n` : '';
+  const tail = end < lines.length ? `\n... [${lines.length - end} lines hidden] ...` : '';
+
+  return { snippet: `${head}${snippet}${tail}`, lineIndex };
+}
+
+const CODE_KEYS = [
+  'command', 'cmd', 'shell_command', 'bash_command', 'script',
+  'code', 'input', 'sql', 'query', 'arguments', 'args', 'param', 'params', 'text',
+];
+
+/**
+ * Computes the RiskMetadata bundle from args + policy result fields.
+ * Called once in authorizeHeadless; the result is forwarded unchanged to all channels.
+ */
+export function computeRiskMetadata(
+  args: unknown,
+  tier: RiskMetadata['tier'],
+  blockedByLabel: string,
+  matchedField?: string,
+  matchedWord?: string,
+  ruleName?: string,
+): RiskMetadata {
+  let intent: 'EDIT' | 'EXEC' = 'EXEC';
+  let contextSnippet: string | undefined;
+  let contextLineIndex: number | undefined;
+  let editFileName: string | undefined;
+  let editFilePath: string | undefined;
+
+  // Handle Gemini-style stringified JSON
+  let parsed = args;
+  if (typeof args === 'string') {
+    const trimmed = args.trim();
+    if (trimmed.startsWith('{') && trimmed.endsWith('}')) {
+      try { parsed = JSON.parse(trimmed); } catch { /* keep as string */ }
+    }
+  }
+
+  if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+    const obj = parsed as Record<string, unknown>;
+
+    if (obj.old_string !== undefined && obj.new_string !== undefined) {
+      // EDIT intent — extract context from the incoming new_string
+      intent = 'EDIT';
+      if (obj.file_path) {
+        editFilePath = String(obj.file_path);
+        editFileName = path.basename(editFilePath);
+      }
+      const result = extractContext(String(obj.new_string), matchedWord);
+      contextSnippet = result.snippet;
+      if (result.lineIndex >= 0) contextLineIndex = result.lineIndex;
+
+    } else if (matchedField && obj[matchedField] !== undefined) {
+      // EXEC — we know which field triggered, extract context from it
+      const result = extractContext(String(obj[matchedField]), matchedWord);
+      contextSnippet = result.snippet;
+      if (result.lineIndex >= 0) contextLineIndex = result.lineIndex;
+
+    } else {
+      // EXEC fallback — pick the first recognisable code-like key
+      const foundKey = Object.keys(obj).find((k) => CODE_KEYS.includes(k.toLowerCase()));
+      if (foundKey) {
+        const val = obj[foundKey];
+        contextSnippet = smartTruncate(typeof val === 'string' ? val : JSON.stringify(val), 500);
+      }
+    }
+  } else if (typeof parsed === 'string') {
+    contextSnippet = smartTruncate(parsed, 500);
+  }
+
+  return {
+    intent,
+    tier,
+    blockedByLabel,
+    ...(matchedWord && { matchedWord }),
+    ...(matchedField && { matchedField }),
+    ...(contextSnippet !== undefined && { contextSnippet }),
+    ...(contextLineIndex !== undefined && { contextLineIndex }),
+    ...(editFileName && { editFileName }),
+    ...(editFilePath && { editFilePath }),
+    ...(ruleName && { ruleName }),
+  };
+}

src/core.ts

@@ -7,6 +7,7 @@ import os from 'os';
 import pm from 'picomatch';
 import { parse } from 'sh-syntax';
 import { askNativePopup, sendDesktopNotification } from './ui/native';
+import { computeRiskMetadata, RiskMetadata } from './context-sniper';
 
 // ── Feature file paths ────────────────────────────────────────────────────────
 const PAUSED_FILE = path.join(os.homedir(), '.node9', 'PAUSED');
@@ -639,6 +640,8 @@ export async function evaluatePolicy(
   reason?: string;
   matchedField?: string;
   matchedWord?: string;
+  tier?: 1 | 2 | 3 | 4 | 5 | 6 | 7;
+  ruleName?: string;
 }> {
   const config = getConfig();
 
@@ -656,6 +659,8 @@ export async function evaluatePolicy(
         decision: matchedRule.verdict,
         blockedByLabel: `Smart Rule: ${matchedRule.name ?? matchedRule.tool}`,
         reason: matchedRule.reason,
+        tier: 2,
+        ruleName: matchedRule.name ?? matchedRule.tool,
       };
     }
   }
@@ -675,7 +680,7 @@ export async function evaluatePolicy(
     // Inline arbitrary code execution is always a review
     const INLINE_EXEC_PATTERN = /^(python3?|bash|sh|zsh|perl|ruby|node|php|lua)\s+(-c|-e|-eval)\s/i;
     if (INLINE_EXEC_PATTERN.test(shellCommand.trim())) {
-      return { decision: 'review', blockedByLabel: 'Node9 Standard (Inline Execution)' };
+      return { decision: 'review', blockedByLabel: 'Node9 Standard (Inline Execution)', tier: 3 };
     }
 
     // Strip DML keywords from tokens so user dangerousWords like "delete"/"update"
@@ -714,7 +719,7 @@ export async function evaluatePolicy(
     if (hasSystemDisaster || isRootWipe) {
       // If it IS a system disaster, return review so the dev gets a
       // "Manual Nuclear Protection" popup as a final safety check.
-      return { decision: 'review', blockedByLabel: 'Manual Nuclear Protection' };
+      return { decision: 'review', blockedByLabel: 'Manual Nuclear Protection', tier: 3 };
     }
 
     // For everything else (docker, psql, rmdir, delete, rm),
@@ -740,13 +745,15 @@ export async function evaluatePolicy(
           return {
             decision: 'review',
             blockedByLabel: `Project/Global Config — rule "${rule.action}" (path blocked)`,
+            tier: 5,
           };
         const allAllowed = pathTokens.every((p) => matchesPattern(p, rule.allowPaths || []));
         if (allAllowed) return { decision: 'allow' };
       }
       return {
         decision: 'review',
         blockedByLabel: `Project/Global Config — rule "${rule.action}" (default block)`,
+        tier: 5,
       };
     }
   }
@@ -798,14 +805,15 @@ export async function evaluatePolicy(
       blockedByLabel: `Project/Global Config — dangerous word: "${matchedDangerousWord}"`,
       matchedWord: matchedDangerousWord,
       matchedField,
+      tier: 6,
     };
   }
 
   // ── 7. Strict Mode Fallback ─────────────────────────────────────────────
   if (config.settings.mode === 'strict') {
     const envConfig = getActiveEnvironment(config);
     if (envConfig?.requireApproval === false) return { decision: 'allow' };
-    return { decision: 'review', blockedByLabel: 'Global Config (Strict Mode Active)' };
+    return { decision: 'review', blockedByLabel: 'Global Config (Strict Mode Active)', tier: 7 };
   }
 
   return { decision: 'allow' };
@@ -1215,7 +1223,8 @@ async function askDaemon(
   toolName: string,
   args: unknown,
   meta?: { agent?: string; mcpServer?: string },
-  signal?: AbortSignal // NEW: Added signal
+  signal?: AbortSignal,
+  riskMetadata?: RiskMetadata
 ): Promise<'allow' | 'deny' | 'abandoned'> {
   const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
 
@@ -1229,7 +1238,7 @@ async function askDaemon(
     const checkRes = await fetch(`${base}/check`, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ toolName, args, agent: meta?.agent, mcpServer: meta?.mcpServer }),
+      body: JSON.stringify({ toolName, args, agent: meta?.agent, mcpServer: meta?.mcpServer, ...(riskMetadata && { riskMetadata }) }),
       signal: checkCtrl.signal,
     });
     if (!checkRes.ok) throw new Error('Daemon fail');
@@ -1261,7 +1270,8 @@ async function askDaemon(
 async function notifyDaemonViewer(
   toolName: string,
   args: unknown,
-  meta?: { agent?: string; mcpServer?: string }
+  meta?: { agent?: string; mcpServer?: string },
+  riskMetadata?: RiskMetadata
 ): Promise<string> {
   const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
   const res = await fetch(`${base}/check`, {
@@ -1273,6 +1283,7 @@ async function notifyDaemonViewer(
       slackDelegated: true,
       agent: meta?.agent,
       mcpServer: meta?.mcpServer,
+      ...(riskMetadata && { riskMetadata }),
     }),
     signal: AbortSignal.timeout(3000),
   });
@@ -1381,6 +1392,7 @@ export async function authorizeHeadless(
   let explainableLabel = 'Local Config';
   let policyMatchedField: string | undefined;
   let policyMatchedWord: string | undefined;
+  let riskMetadata: RiskMetadata | undefined;
 
   if (config.settings.mode === 'audit') {
     if (!isIgnoredTool(toolName)) {
@@ -1424,6 +1436,14 @@ export async function authorizeHeadless(
     explainableLabel = policyResult.blockedByLabel || 'Local Config';
     policyMatchedField = policyResult.matchedField;
     policyMatchedWord = policyResult.matchedWord;
+    riskMetadata = computeRiskMetadata(
+      args,
+      policyResult.tier ?? 6,
+      explainableLabel,
+      policyMatchedField,
+      policyMatchedWord,
+      policyResult.ruleName,
+    );
 
     const persistent = getPersistentDecision(toolName);
     if (persistent === 'allow') {
@@ -1453,7 +1473,7 @@ export async function authorizeHeadless(
 
   if (cloudEnforced) {
     try {
-      const initResult = await initNode9SaaS(toolName, args, creds!, meta);
+      const initResult = await initNode9SaaS(toolName, args, creds!, meta, riskMetadata);
 
       if (!initResult.pending) {
         return {
@@ -1544,7 +1564,7 @@ export async function authorizeHeadless(
       (async () => {
         try {
           if (isDaemonRunning() && internalToken && !options?.calledFromDaemon) {
-            viewerId = await notifyDaemonViewer(toolName, args, meta).catch(() => null);
+            viewerId = await notifyDaemonViewer(toolName, args, meta, riskMetadata).catch(() => null);
           }
           const cloudResult = await pollNode9SaaS(cloudRequestId, creds!, signal);
 
@@ -1613,7 +1633,7 @@ export async function authorizeHeadless(
             console.error(chalk.cyan(`   URL → http://${DAEMON_HOST}:${DAEMON_PORT}/\n`));
           }
 
-          const daemonDecision = await askDaemon(toolName, args, meta, signal);
+          const daemonDecision = await askDaemon(toolName, args, meta, signal, riskMetadata);
           if (daemonDecision === 'abandoned') throw new Error('Abandoned');
 
           const isApproved = daemonDecision === 'allow';
@@ -1966,7 +1986,8 @@ async function initNode9SaaS(
   toolName: string,
   args: unknown,
   creds: { apiKey: string; apiUrl: string },
-  meta?: { agent?: string; mcpServer?: string }
+  meta?: { agent?: string; mcpServer?: string },
+  riskMetadata?: RiskMetadata
 ): Promise<{
   pending: boolean;
   requestId?: string;
@@ -1991,6 +2012,7 @@ async function initNode9SaaS(
           cwd: process.cwd(),
           platform: os.platform(),
         },
+        ...(riskMetadata && { riskMetadata }),
       }),
       signal: controller.signal,
     });

src/daemon/index.ts

@@ -1,5 +1,6 @@
 // src/daemon/index.ts — Node9 localhost approval server
 import { UI_HTML_TEMPLATE } from './ui';
+import { RiskMetadata } from '../context-sniper';
 import http from 'http';
 import fs from 'fs';
 import path from 'path';
@@ -136,6 +137,7 @@ interface PendingEntry {
   id: string;
   toolName: string;
   args: unknown;
+  riskMetadata?: RiskMetadata;
   agent?: string;
   mcpServer?: string;
   timestamp: number;
@@ -274,6 +276,7 @@ export function startDaemon(): void {
             id: e.id,
             toolName: e.toolName,
             args: e.args,
+            riskMetadata: e.riskMetadata,
             slackDelegated: e.slackDelegated,
             timestamp: e.timestamp,
             agent: e.agent,
@@ -303,12 +306,13 @@ export function startDaemon(): void {
 
         const body = await readBody(req);
         if (body.length > 65_536) return res.writeHead(413).end();
-        const { toolName, args, slackDelegated = false, agent, mcpServer } = JSON.parse(body);
+        const { toolName, args, slackDelegated = false, agent, mcpServer, riskMetadata } = JSON.parse(body);
         const id = randomUUID();
         const entry: PendingEntry = {
           id,
           toolName,
           args,
+          riskMetadata: riskMetadata ?? undefined,
           agent: typeof agent === 'string' ? agent : undefined,
           mcpServer: typeof mcpServer === 'string' ? mcpServer : undefined,
           slackDelegated: !!slackDelegated,
@@ -340,6 +344,7 @@ export function startDaemon(): void {
             id,
             toolName,
             args,
+            riskMetadata: entry.riskMetadata,
             slackDelegated: entry.slackDelegated,
             agent: entry.agent,
             mcpServer: entry.mcpServer,