From 6071b4263e81f91d379a39e338de9124f11c8a3e Mon Sep 17 00:00:00 2001
From: 16bit-ykiko <119843247+16bit-ykiko@users.noreply.github.com>
Date: Wed, 17 Jun 2026 13:42:24 +0000
Subject: [PATCH] docs: sync catter

---
 en/catter/design/architecture.md           | 164 +++++++++
 en/catter/design/hook-mechanism.md         | 218 ++++++++++++
 en/catter/design/ipc-protocol.md           | 221 ++++++++++++
 en/catter/dev/build.md                     |  66 ++++
 en/catter/dev/contribution.md              |  58 ++++
 en/catter/features/build-profiling.md      |  21 ++
 en/catter/features/command-tree.md         |  43 +++
 en/catter/features/compilation-database.md |  67 ++++
 en/catter/features/fake-compilation.md     |  24 ++
 en/catter/features/target-tree.md          |  39 +++
 en/catter/guide/configuration.md           |  80 +++++
 en/catter/guide/quick-start.md             |  77 +++++
 en/catter/guide/what-is-catter.md          |  49 +++
 en/catter/index.md                         |  29 ++
 en/catter/scripting/builtin-modules.md     | 379 +++++++++++++++++++++
 en/catter/scripting/command-analysis.md    | 217 ++++++++++++
 en/catter/scripting/option-parsing.md      | 213 ++++++++++++
 en/catter/scripting/overview.md            |  94 +++++
 en/catter/scripting/service-api.md         | 230 +++++++++++++
 en/catter/sidebar.yaml                     |  38 +++
 zh/catter/design/architecture.md           | 164 +++++++++
 zh/catter/design/hook-mechanism.md         | 218 ++++++++++++
 zh/catter/design/ipc-protocol.md           | 221 ++++++++++++
 zh/catter/dev/build.md                     |  66 ++++
 zh/catter/dev/contribution.md              |  58 ++++
 zh/catter/features/build-profiling.md      |  21 ++
 zh/catter/features/command-tree.md         |  43 +++
 zh/catter/features/compilation-database.md |  67 ++++
 zh/catter/features/fake-compilation.md     |  24 ++
 zh/catter/features/target-tree.md          |  39 +++
 zh/catter/guide/configuration.md           |  80 +++++
 zh/catter/guide/quick-start.md             |  77 +++++
 zh/catter/guide/what-is-catter.md          |  49 +++
 zh/catter/index.md                         |  29 ++
 zh/catter/scripting/builtin-modules.md     | 379 +++++++++++++++++++++
 zh/catter/scripting/command-analysis.md    | 217 ++++++++++++
 zh/catter/scripting/option-parsing.md      | 213 ++++++++++++
 zh/catter/scripting/overview.md            |  94 +++++
 zh/catter/scripting/service-api.md         | 230 +++++++++++++
 zh/catter/sidebar.yaml                     |  38 +++
 40 files changed, 4654 insertions(+)
 create mode 100644 en/catter/design/architecture.md
 create mode 100644 en/catter/design/hook-mechanism.md
 create mode 100644 en/catter/design/ipc-protocol.md
 create mode 100644 en/catter/dev/build.md
 create mode 100644 en/catter/dev/contribution.md
 create mode 100644 en/catter/features/build-profiling.md
 create mode 100644 en/catter/features/command-tree.md
 create mode 100644 en/catter/features/compilation-database.md
 create mode 100644 en/catter/features/fake-compilation.md
 create mode 100644 en/catter/features/target-tree.md
 create mode 100644 en/catter/guide/configuration.md
 create mode 100644 en/catter/guide/quick-start.md
 create mode 100644 en/catter/guide/what-is-catter.md
 create mode 100644 en/catter/index.md
 create mode 100644 en/catter/scripting/builtin-modules.md
 create mode 100644 en/catter/scripting/command-analysis.md
 create mode 100644 en/catter/scripting/option-parsing.md
 create mode 100644 en/catter/scripting/overview.md
 create mode 100644 en/catter/scripting/service-api.md
 create mode 100644 en/catter/sidebar.yaml
 create mode 100644 zh/catter/design/architecture.md
 create mode 100644 zh/catter/design/hook-mechanism.md
 create mode 100644 zh/catter/design/ipc-protocol.md
 create mode 100644 zh/catter/dev/build.md
 create mode 100644 zh/catter/dev/contribution.md
 create mode 100644 zh/catter/features/build-profiling.md
 create mode 100644 zh/catter/features/command-tree.md
 create mode 100644 zh/catter/features/compilation-database.md
 create mode 100644 zh/catter/features/fake-compilation.md
 create mode 100644 zh/catter/features/target-tree.md
 create mode 100644 zh/catter/guide/configuration.md
 create mode 100644 zh/catter/guide/quick-start.md
 create mode 100644 zh/catter/guide/what-is-catter.md
 create mode 100644 zh/catter/index.md
 create mode 100644 zh/catter/scripting/builtin-modules.md
 create mode 100644 zh/catter/scripting/command-analysis.md
 create mode 100644 zh/catter/scripting/option-parsing.md
 create mode 100644 zh/catter/scripting/overview.md
 create mode 100644 zh/catter/scripting/service-api.md
 create mode 100644 zh/catter/sidebar.yaml

diff --git a/en/catter/design/architecture.md b/en/catter/design/architecture.md
new file mode 100644
index 0000000..fc4c842
--- /dev/null
+++ b/en/catter/design/architecture.md
@@ -0,0 +1,164 @@
+# System Architecture
+
+Catter is a three-part system for intercepting and processing build commands. Each component has a distinct responsibility, and they communicate over IPC to form a pipeline that captures every compiler invocation a build system makes.
+
+## The Three Components
+
+### 1. HOOK -- Process Creation Interceptor
+
+A platform-specific shared library injected into build system processes. It intercepts calls to process creation functions (`execve` on Unix, `CreateProcess` on Windows) and rewrites them so that every child process is routed through `catter-proxy` before execution.
+
+- **Linux**: `libcatter-hook-unix.so`, injected via `LD_PRELOAD`
+- **macOS**: `libcatter-hook-unix.dylib`, injected via `DYLD_INSERT_LIBRARIES`
+- **Windows**: `catter-hook-win64.dll`, injected via DLL injection (`VirtualAllocEx` + `LoadLibraryA`)
+
+The hook is passive -- it does not make decisions. It simply redirects process creation to the proxy.
+
+### 2. PROXY (`catter-proxy`) -- Compiler Wrapper and Hook Manager
+
+A standalone executable that operates in two modes:
+
+- **Injector Mode**: Launched by `catter` to start the build system with the hook library attached. This is the first proxy instance in a session.
+- **Wrapper Mode**: Launched by the hook library when a build command is intercepted. Each intercepted command spawns a new `catter-proxy` process that acts as a stand-in for the original compiler/tool.
+
+In both modes, the proxy connects to the `catter` daemon over IPC, sends information about the captured command, receives a decision (execute, drop, or modify), and acts on it.
+
+### 3. DECISION (`catter`) -- The Daemon
+
+The main process that the user invokes. It:
+
+1. Loads and initializes a JavaScript script via the embedded QuickJS runtime
+2. Spawns `catter-proxy` in injector mode to start the build
+3. Listens on a Unix domain socket (or named pipe on Windows) for IPC connections
+4. Receives intercepted commands from proxy instances
+5. Invokes JavaScript callbacks (`onCommand`, `onExecution`, `onStart`, `onFinish`) to decide how to handle each command
+6. Maintains a session tree that mirrors the process tree of the build
+
+The JS runtime is single-threaded -- all script callbacks run sequentially on the event loop, so scripts do not need to handle concurrency.
+
+## Complete Workflow
+
+Here is a step-by-step walkthrough of what happens when you run:
+
+```bash
+catter script::cdb -o compile_commands.json -- make
+```
+
+1. **User invokes `catter`**. The DECISION daemon starts, loads the `script::cdb` script, and initializes the QuickJS runtime. The script's `onStart()` callback runs.
+
+2. **`catter` spawns `catter-proxy -- make`**. This is the proxy in **injector mode**. The proxy is a child process of `catter`.
+
+3. **Proxy connects to `catter` via IPC**. It sends a `CHECK_MODE` request to confirm the daemon is in inject mode.
+
+4. **`catter` responds: inject mode**. The proxy now knows it should launch the build command with the hook library attached.
+
+5. **Proxy starts `make` with the hook injected**. On Linux, this means adding `libcatter-hook-unix.so` to `LD_PRELOAD` and setting environment variables (`__key_catter_proxy_path_v1`, `__key_catter_command_id_v1`) before calling the real `execve`. On Windows, the process is created suspended, the hook DLL is injected, then the process is resumed.
+
+6. **`make` runs and tries to spawn `g++ main.cpp -o main.o`**. The build system calls `execve("g++", ...)` (or `CreateProcess` on Windows).
+
+7. **The HOOK intercepts the `execve()` call**. The hook library, loaded in `make`'s address space, catches the call before it reaches the kernel.
+
+8. **HOOK rewrites the command**. Instead of executing `g++` directly, the hook rewrites the command to:
+   ```
+   catter-proxy -p <parent_id> --exec /usr/bin/g++ -- g++ main.cpp -o main.o
+   ```
+   It also cleans the environment: removes catter-specific variables and strips the hook library from `LD_PRELOAD` to prevent the proxy itself from being hooked.
+
+9. **A new `catter-proxy` instance starts** (PROXY in **wrapper mode**). This proxy instance calls the real `execve` with the rewritten command.
+
+10. **Wrapper proxy connects to `catter` via IPC**. It sends a `CREATE` request (registering itself with its parent ID), then a `MAKE_DECISION` request containing the full command details: working directory, resolved executable path, arguments, and environment.
+
+11. **`catter` invokes `onCommand(ctx)` in the JS script**. The script inspects the command and returns an action: execute as-is, execute with modifications, or drop.
+
+12. **Proxy acts on the decision**:
+    - **INJECT**: Execute the command with the hook library re-attached (so grandchild processes are also intercepted)
+    - **WRAP**: Execute the command directly, capturing stdout/stderr
+    - **DROP**: Skip execution, return exit code 0
+
+13. **After execution, the proxy sends `FINISH` to `catter`**. The result includes the exit code, captured stdout, and captured stderr.
+
+14. **`catter` invokes `onExecution(ctx)` in the JS script** with the execution result.
+
+15. **When `make` finishes**, the original injector proxy exits, and `catter` invokes `onFinish(result)`.
+
+16. **`catter` shuts down** and writes any output (e.g., `compile_commands.json`).
+
+## Sequence Diagram
+
+```mermaid
+sequenceDiagram
+    participant User
+    participant Catter as catter (DECISION)
+    participant Proxy1 as catter-proxy (Injector)
+    participant Make as make (Build System)
+    participant Hook as HOOK (in make)
+    participant Proxy2 as catter-proxy (Wrapper)
+    participant GCC as g++ (Compiler)
+
+    User->>Catter: catter script::cdb -- make
+    Catter->>Catter: Load script, call onStart()
+    Catter->>Proxy1: Spawn catter-proxy -- make
+    Proxy1->>Catter: IPC: CHECK_MODE
+    Catter-->>Proxy1: INJECT mode
+    Proxy1->>Make: Start make with HOOK
+    Make->>Hook: execve("g++", ...)
+    Hook->>Proxy2: Rewrite to catter-proxy -p ID --exec g++ -- ...
+    Proxy2->>Catter: IPC: CREATE(parent_id)
+    Catter-->>Proxy2: New session ID
+    Proxy2->>Catter: IPC: MAKE_DECISION(command)
+    Catter->>Catter: Call onCommand(ctx)
+    Catter-->>Proxy2: Action: execute
+    Proxy2->>GCC: Execute g++ main.cpp
+    GCC-->>Proxy2: Exit code 0
+    Proxy2->>Catter: IPC: FINISH(result)
+    Catter->>Catter: Call onExecution(ctx)
+    Make-->>Proxy1: make exits
+    Proxy1-->>Catter: Process result
+    Catter->>Catter: Call onFinish(result)
+```
+
+## Two Modes of catter-proxy
+
+The proxy binary serves dual purposes depending on how it is invoked:
+
+### Injector Mode
+
+Launched by `catter` to run the build system with hooks. This is always the first proxy instance in a session.
+
+```
+catter-proxy -- make -j8
+```
+
+The injector:
+1. Connects to the daemon, confirms inject mode
+2. Prepares the environment with `LD_PRELOAD` (or performs DLL injection on Windows)
+3. Sets catter-specific environment variables for the hook to read
+4. Launches the build command
+5. Waits for the build to complete, capturing stdout/stderr
+
+### Wrapper Mode
+
+Launched by the hook library when a child process is intercepted. Each intercepted command creates a new wrapper instance.
+
+```
+catter-proxy -p <parent_id> --exec /usr/bin/g++ -- g++ main.cpp -o main.o
+```
+
+The wrapper:
+1. Connects to the daemon
+2. Registers itself as a child of `parent_id` via `CREATE`
+3. Sends the captured command via `MAKE_DECISION`
+4. Executes (or drops) based on the daemon's response
+5. Reports the result via `FINISH`
+
+## Key Design Decisions
+
+**Single-threaded JS runtime**. All JavaScript callbacks run sequentially on the event loop. The daemon handles IPC connections concurrently (via async I/O with `kota`), but script execution is serialized. This eliminates race conditions in user scripts.
+
+**Binary IPC over Unix domain sockets / named pipes**. Communication between proxy and daemon uses Bincode serialization via `kota::ipc::BincodePeer`. This is fast and avoids the overhead of text-based protocols. See the [IPC Protocol](ipc-protocol.md) document for details.
+
+**Recursive hooking**. On Unix, `LD_PRELOAD` is inherited by child processes, so any subprocess spawned by the build system (including nested `make` invocations, shell scripts, or build tool wrappers) is automatically hooked. On Windows, the hook DLL's `CreateProcess` detour ensures every child process gets the DLL injected before it starts. The interception is transparent and recursive -- the build system has no way to tell it is being monitored.
+
+**Environment scrubbing**. The hook cleans its own traces from the environment before launching the proxy. If it did not strip itself from `LD_PRELOAD`, the proxy binary would itself be hooked, causing infinite recursion. The proxy re-adds `LD_PRELOAD` only when launching commands that need interception (INJECT action).
+
+**Session tree**. The daemon maintains a tree of session IDs that mirrors the build process tree. Each proxy instance registers with its parent's session ID, allowing the daemon to track which processes spawned which. This is essential for features like target tree reconstruction and build profiling.
diff --git a/en/catter/design/hook-mechanism.md b/en/catter/design/hook-mechanism.md
new file mode 100644
index 0000000..32dc3d6
--- /dev/null
+++ b/en/catter/design/hook-mechanism.md
@@ -0,0 +1,218 @@
+# Hook Mechanism
+
+The hook is the lowest-level component of catter. It is a shared library that gets loaded into every process spawned by the build system. Its sole job is to intercept process creation calls and rewrite them so that every child process goes through `catter-proxy` instead of executing directly.
+
+The hook implementation is entirely platform-specific. Unix and Windows use fundamentally different interception techniques.
+
+## Unix (Linux and macOS) -- LD_PRELOAD Interception
+
+The Unix hook is a shared library loaded via the dynamic linker's preload mechanism:
+
+- **Linux**: `libcatter-hook-unix.so` loaded via `LD_PRELOAD`
+- **macOS**: `libcatter-hook-unix.dylib` loaded via `DYLD_INSERT_LIBRARIES`
+
+### Intercepted Functions
+
+The hook replaces all standard POSIX functions for creating new processes:
+
+**exec family**:
+- `execve()`, `execv()`
+- `execvpe()`, `execvp()`, `execvP()`
+- `execl()`, `execlp()`, `execle()`
+
+**posix_spawn family**:
+- `posix_spawn()`
+- `posix_spawnp()`
+
+On Linux, the hook uses `dlsym(RTLD_NEXT, "execve")` to obtain the original function pointer from the next library in the load order. It then provides a replacement function with the same signature. When the replacement is called, the hook can inspect and modify the arguments before optionally calling the original.
+
+On macOS, the hook uses the `DYLD_INTERPOSE` macro to replace functions at the dyld level, which is the preferred technique on that platform.
+
+### Key Classes
+
+The hook is implemented as a set of cooperating classes:
+
+- **`Session`** -- Reads and stores session information from the environment. Provides the proxy path and parent session ID.
+- **`Resolver`** -- Resolves the target executable path. Handles PATH lookups, relative path resolution, and edge cases like missing executables.
+- **`CmdBuilder`** -- Constructs the rewritten command that invokes `catter-proxy` instead of the original executable.
+- **`EnvGuard`** -- RAII guard that scrubs the environment before the real `execve` is called. Removes catter variables and strips the hook library from `LD_PRELOAD`.
+- **`Executor`** -- Orchestrates the interception. Validates the session, resolves the executable, builds the proxy command, cleans the environment, and calls the original function.
+- **`Linker`** -- Abstraction for the real system call. Wraps `dlsym(RTLD_NEXT, ...)` to call the original `execve` or `posix_spawn`.
+
+### Hook Initialization
+
+The hook library is loaded via the dynamic linker's constructor mechanism (`__attribute__((constructor))` or equivalent). During initialization, the library:
+
+1. Sets up logging (to `log/catter-hook.log` in the catter data directory)
+2. Is ready to intercept -- the `Executor` lazily reads session state from the environment on first interception
+
+### Environment Variables
+
+The hook reads session information from these environment variables, set by the proxy when it launches the build command:
+
+| Variable | Purpose |
+|----------|---------|
+| `__key_catter_proxy_path_v1` | Absolute path to the `catter-proxy` binary |
+| `__key_catter_command_id_v1` | Session ID of the parent process |
+
+### Interception Flow
+
+When any process creation function is called (e.g., `execve("/usr/bin/g++", argv, envp)`):
+
+1. The hook's replacement function is entered.
+
+2. **`Executor`** validates the session. If the session is invalid (missing environment variables), it builds an error command that reports the problem to the daemon.
+
+3. **`Resolver`** resolves the target executable to an absolute path. For functions like `execvp()` and `execvpe()`, it searches directories in `PATH`. For `execve()`, it resolves relative to the current directory.
+
+4. **`CmdBuilder`** constructs the proxy command:
+   ```
+   <proxy_path> -p <self_id> --exec <resolved_path> -- <original_argv...>
+   ```
+   The original `argv[0]` and all subsequent arguments are preserved after the `--` separator.
+
+5. **`EnvGuard`** (RAII) modifies the environment array:
+   - Removes `__key_catter_proxy_path_v1` and `__key_catter_command_id_v1`
+   - Strips the hook library name from `LD_PRELOAD` (or `DYLD_INSERT_LIBRARIES`)
+   - If `LD_PRELOAD` becomes empty after stripping, removes it entirely
+
+6. **`Linker`** calls the **real** `execve()` (obtained via `dlsym(RTLD_NEXT, ...)`) with the rewritten command.
+
+7. If `execve` succeeds, it does not return (the current process image is replaced). If it fails, the hook restores `errno` and returns the error to the caller.
+
+### Why Clean the Environment?
+
+This step is critical. If the hook library remained in `LD_PRELOAD` when `catter-proxy` is launched:
+
+1. `catter-proxy` itself would be hooked
+2. When the proxy tries to execute the actual compiler, the hook would intercept that call
+3. The hook would rewrite it to launch another `catter-proxy`
+4. This creates **infinite recursion**
+
+By stripping the hook from `LD_PRELOAD`, the proxy executes without interception. The proxy re-adds `LD_PRELOAD` only when it launches a command with the `INJECT` action, ensuring the hook is attached to the right processes.
+
+### Recursive Hooking
+
+Since `LD_PRELOAD` is inherited by child processes through the environment, interception is automatically recursive. Consider this build scenario:
+
+```
+make
+  -> sh -c "gcc main.c -o main"
+     -> gcc main.c -o main
+        -> cc1 main.c -o main.s
+        -> as main.s -o main.o
+        -> ld main.o -o main
+```
+
+Every process in this tree inherits `LD_PRELOAD` and gets hooked. Each invocation goes through `catter-proxy`, which asks the daemon what to do. The build system is completely unaware of the interception.
+
+---
+
+## Windows -- DLL Injection and API Hooking
+
+The Windows hook uses a fundamentally different approach because Windows has no equivalent to `LD_PRELOAD`. Instead, catter combines:
+
+1. **DLL injection** -- to load the hook library into target processes
+2. **API hooking via MinHook** -- to intercept `CreateProcess` calls within those processes
+
+### Hook DLL
+
+The hook is compiled as `catter-hook-win64.dll`. It uses MinHook, a lightweight x86/x64 API hooking library that works by overwriting the first few bytes of a target function with a jump to a detour function (trampoline hooking).
+
+### Environment Variables
+
+| Variable | Purpose |
+|----------|---------|
+| `CATTER_IPC_ID` | Session ID of the parent process |
+| `CATTER_PROXY_PATH` | Absolute path to the `catter-proxy.exe` binary |
+
+### DLL Injection Process
+
+When `catter-proxy` (in injector mode) needs to start a build command with the hook attached:
+
+1. **Create the target process suspended**. The proxy calls `CreateProcessA()` with the `CREATE_SUSPENDED` flag. The process is created but its main thread does not run.
+
+2. **Set environment variables**. `CATTER_IPC_ID` and `CATTER_PROXY_PATH` are set in the target process environment before creation (passed via the environment block).
+
+3. **Allocate memory in the target process**. The proxy calls `VirtualAllocEx()` to allocate a region of memory in the target process's address space.
+
+4. **Write the DLL path**. The proxy calls `WriteProcessMemory()` to write the full path of `catter-hook-win64.dll` into the allocated memory.
+
+5. **Create a remote thread to load the DLL**. The proxy tries three methods in order:
+   - `CreateRemoteThread()` -- Documented Win32 API. Tried first as it is the most widely supported.
+   - `NtCreateThreadEx()` -- Undocumented NT API. Fallback that works reliably on modern Windows (Vista+).
+   - `RtlCreateUserThread()` -- Another undocumented NT API. Last resort fallback.
+
+   The remote thread's entry point is `LoadLibraryA`, and its argument is the pointer to the DLL path string written in step 4. When the thread runs, it loads `catter-hook-win64.dll` into the target process.
+
+6. **Wait for injection to complete**. The proxy waits for the remote thread to finish (with a 3-second timeout).
+
+7. **Resume the main thread**. The proxy calls `ResumeThread()` to let the target process start executing. By this point, the hook DLL is loaded and its hooks are active.
+
+### Hooked Windows APIs
+
+The hook DLL installs MinHook trampoline hooks on these functions during `DLL_PROCESS_ATTACH`:
+
+- **`CreateProcessA()`** -- ANSI version of process creation
+- **`CreateProcessW()`** -- Wide-character version of process creation
+- **`CreateProcessAsUserA()`** -- Passthrough (currently not rewritten)
+- **`CreateProcessAsUserW()`** -- Passthrough (currently not rewritten)
+
+MinHook works by:
+1. Saving the first few instructions of the target function
+2. Overwriting them with a jump to the detour function
+3. Providing a trampoline that contains the saved instructions followed by a jump back, so the original function can still be called
+
+### Hook Detour Logic
+
+When `CreateProcessA` or `CreateProcessW` is called by the hooked process:
+
+1. **Extract the command line**. The hook reads `lpApplicationName` and `lpCommandLine`.
+
+2. **Resolve the absolute path**. The hook resolves the executable using `resolve_abspath()`, which searches the program directory, current directory, System32, Windows directory, and `PATH` (matching the standard Windows search order).
+
+3. **Rewrite the command line**:
+   ```
+   {proxy_path} -p {ipc_id} --exec {resolved_path} -- {original_cmdline}
+   ```
+   The `lpApplicationName` is set to `nullptr` so that the command line is parsed by `CreateProcess` normally.
+
+4. **Call the original `CreateProcess`** via the MinHook trampoline with the modified command line.
+
+### Key Difference from Unix
+
+On Unix, `LD_PRELOAD` is an environment variable inherited automatically by all child processes. The hook is "viral" by default -- every subprocess gets it.
+
+On Windows, there is no such mechanism. The hook DLL must be explicitly injected into each new process. This happens because:
+
+1. The hook's `CreateProcess` detour intercepts every process creation
+2. It rewrites the command to go through `catter-proxy`
+3. When the proxy decides to execute with `INJECT` action, it performs DLL injection into the new process (create suspended, inject, resume)
+
+This means the proxy is responsible for re-injecting the hook into each generation of child processes, maintaining the recursive interception chain.
+
+### DLL Lifecycle
+
+```
+DLL_PROCESS_ATTACH:
+  MH_Initialize()       -- Initialize MinHook
+  MH_CreateHook(...)    -- Install hooks on CreateProcess variants
+  MH_EnableHook(...)    -- Activate all hooks
+
+DLL_PROCESS_DETACH:
+  MH_DisableHook(...)   -- Deactivate all hooks
+  MH_Uninitialize()     -- Clean up MinHook
+```
+
+`DisableThreadLibraryCalls()` is called during attach to suppress `DLL_THREAD_ATTACH` and `DLL_THREAD_DETACH` notifications, reducing overhead.
+
+## Platform Comparison
+
+| Aspect | Linux | macOS | Windows |
+|--------|-------|-------|---------|
+| Hook library | `libcatter-hook-unix.so` | `libcatter-hook-unix.dylib` | `catter-hook-win64.dll` |
+| Injection method | `LD_PRELOAD` env var | `DYLD_INSERT_LIBRARIES` env var | `VirtualAllocEx` + `LoadLibraryA` |
+| Interposition | `dlsym(RTLD_NEXT, ...)` | `DYLD_INTERPOSE` macro | MinHook trampoline hooking |
+| Intercepted APIs | `execve`, `execvp`, `posix_spawn`, etc. | Same as Linux | `CreateProcessA`, `CreateProcessW` |
+| Recursive hooking | Automatic (env inherited) | Automatic (env inherited) | Explicit (DLL re-injected per process) |
+| Env vars for session | `__key_catter_proxy_path_v1`, `__key_catter_command_id_v1` | Same as Linux | `CATTER_PROXY_PATH`, `CATTER_IPC_ID` |
diff --git a/en/catter/design/ipc-protocol.md b/en/catter/design/ipc-protocol.md
new file mode 100644
index 0000000..3df092f
--- /dev/null
+++ b/en/catter/design/ipc-protocol.md
@@ -0,0 +1,221 @@
+# IPC Protocol
+
+Catter uses inter-process communication between the daemon (`catter`) and proxy instances (`catter-proxy`). The daemon acts as a server, and each proxy instance connects as a client.
+
+## Transport
+
+The transport layer is platform-specific:
+
+| Platform | Mechanism | Path / Name |
+|----------|-----------|-------------|
+| Linux / macOS | Unix domain socket | `$XDG_DATA_HOME/pipe-catter-ipc.sock` (typically `~/.local/share/pipe-catter-ipc.sock`) |
+| Windows | Named pipe | `\\.\pipe\catter-ipc` |
+
+The daemon creates the listening socket/pipe at startup. Each `catter-proxy` instance connects to it as a client when it starts. The connection persists for the lifetime of the proxy process.
+
+## Serialization
+
+All messages are encoded using [Bincode](https://github.com/bincode-org/bincode), a compact binary serialization format. The implementation uses `kota::ipc::BincodePeer`, which provides a request-response abstraction over a stream transport (`kota::ipc::StreamTransport`).
+
+Bincode was chosen for its efficiency -- messages are small and fast to encode/decode, which matters because every intercepted build command results in multiple IPC round-trips.
+
+## Request-Response Model
+
+Communication follows a strict request-response pattern. The client (proxy) sends a request and waits for the server (daemon) to respond before proceeding. Each request type has a well-defined parameter type and result type.
+
+The protocol is defined in `src/common/util/data.h` using C++ template specialization:
+
+```cpp
+enum class RequestType : uint8_t {
+    CHECK_MODE,
+    CREATE,
+    MAKE_DECISION,
+    REPORT_ERROR,
+    FINISH,
+};
+```
+
+Each request type maps to a `Request<Type>` specialization that declares `Params` (the request payload) and `Result` (the response payload).
+
+## Request Types
+
+### CHECK_MODE
+
+Asks the daemon what service mode is active.
+
+| Field | Type | Description |
+|-------|------|-------------|
+| **Params** | `ServiceMode` (enum) | The mode to check (currently only `INJECT`) |
+| **Result** | `bool` | `true` if the daemon is in the requested mode |
+
+This is the first request a proxy sends after connecting. It confirms the daemon is ready to handle intercepted commands.
+
+### CREATE
+
+Registers a new process session with the daemon.
+
+| Field | Type | Description |
+|-------|------|-------------|
+| **Params** | `ipcid_t` (`int32_t`) | The parent session ID |
+| **Result** | `ipcid_t` (`int32_t`) | A unique session ID assigned to this proxy instance |
+
+The parent ID establishes the parent-child relationship in the session tree. For the first proxy (injector mode), the parent ID is provided by the daemon when it spawns the proxy. For wrapper-mode proxies, the parent ID comes from the `__key_catter_command_id_v1` environment variable (or `CATTER_IPC_ID` on Windows), which was set by the hook.
+
+### MAKE_DECISION
+
+The core request. The proxy sends a captured command and the daemon decides what to do with it.
+
+**Params** -- `command`:
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `cwd` | `string` | Working directory of the intercepted process |
+| `executable` | `string` | Resolved absolute path to the executable |
+| `args` | `string[]` | Full argument array (including `argv[0]`) |
+| `env` | `string[]` | Environment variables (in `KEY=VALUE` format) |
+
+**Result** -- `action`:
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `type` | `uint8_t` enum | One of `DROP`, `INJECT`, or `WRAP` |
+| `cmd` | `command` | The command to execute (may be modified by the script) |
+
+**Action types**:
+
+- **`DROP` (0)** -- Do not execute the command. The proxy returns exit code 0 immediately. Used when the script determines a command is irrelevant (e.g., a compiler invocation the user wants to skip).
+- **`INJECT` (1)** -- Execute the command with the hook library attached. The proxy re-adds `LD_PRELOAD` (or performs DLL injection on Windows) so that child processes of this command are also intercepted. This is the default for build commands whose children should be monitored.
+- **`WRAP` (2)** -- Execute the command directly without hooking. The proxy runs the command and captures its stdout/stderr, but does not inject the hook. Used for leaf commands (like actual compiler invocations) that do not spawn further build processes.
+
+The daemon may modify the command in the returned action. For example, a script could change compiler flags, redirect output paths, or substitute a different executable.
+
+### REPORT_ERROR
+
+Reports an error condition from the hook or proxy back to the daemon.
+
+**Params**:
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `parent_id` | `ipcid_t` | Session ID of the parent process |
+| `error_msg` | `string` | Human-readable error description |
+
+**Result**: `null` (no response payload)
+
+This is used when the hook encounters an invalid state (e.g., missing environment variables) or when the proxy catches an exception during command processing. The daemon logs the error and can notify the user.
+
+### FINISH
+
+Reports that a command has completed execution.
+
+**Params** -- `process_result`:
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `code` | `int64_t` | Process exit code |
+| `std_out` | `string` | Captured standard output |
+| `std_err` | `string` | Captured standard error |
+
+**Result**: `null` (no response payload)
+
+After the daemon receives this request, it invokes the `onExecution()` JavaScript callback with the result data. The proxy then disconnects.
+
+## Typical Message Sequence
+
+A complete proxy lifecycle involves this sequence of IPC messages:
+
+### Injector Mode (first proxy)
+
+```
+Proxy -> Daemon:  CHECK_MODE(INJECT)
+Daemon -> Proxy:  true
+[Proxy launches build command with hook attached]
+[Proxy waits for build to complete]
+[Proxy exits when build finishes]
+```
+
+The injector proxy also sends `CREATE`, `MAKE_DECISION`, and `FINISH` for the top-level build command, so the build system command itself passes through `onCommand`/`onExecution` like any other intercepted command.
+
+### Wrapper Mode (intercepted command)
+
+```
+Proxy -> Daemon:  CHECK_MODE(INJECT)
+Daemon -> Proxy:  true
+Proxy -> Daemon:  CREATE(parent_id)
+Daemon -> Proxy:  new_session_id
+Proxy -> Daemon:  MAKE_DECISION(command)
+Daemon -> Proxy:  action {type, cmd}
+[Proxy executes or drops the command]
+Proxy -> Daemon:  FINISH(process_result)
+Daemon -> Proxy:  null
+[Proxy disconnects]
+```
+
+### Error Case
+
+```
+Proxy -> Daemon:  REPORT_ERROR(parent_id, error_message)
+Daemon -> Proxy:  null
+[Proxy exits with code -1]
+```
+
+## Session Model
+
+The daemon maintains a session tree that mirrors the process tree of the build:
+
+```
+Session 0 (root -- injector proxy)
+  +-- Session 1 (make -> gcc file1.c)
+  +-- Session 2 (make -> gcc file2.c)
+  +-- Session 3 (make -> ar rcs libfoo.a file1.o file2.o)
+  +-- Session 4 (make -> sh -c "gcc file3.c")
+       +-- Session 5 (sh -> gcc file3.c)
+```
+
+Each session is identified by a unique `ipcid_t` (32-bit integer). The tree is built incrementally as `CREATE` requests arrive, each specifying a `parent_id`. This structure enables:
+
+- **Target tree reconstruction** -- by knowing which object files are linked into which targets
+- **Build profiling** -- by tracking timing data per session and visualizing the parallelism
+- **Error attribution** -- by tracing errors back to the build command that caused them
+
+## Connection Lifecycle
+
+1. **Daemon starts** -- Creates and binds the Unix domain socket or named pipe.
+2. **Proxy connects** -- Opens a connection to the socket/pipe. The connection is established using `kota::pipe::connect()` on the proxy side.
+3. **Daemon accepts** -- For each incoming connection, the daemon creates a `kota::ipc::BincodePeer` and registers request handlers (`on_request<Request<Type>>(...)`) for each request type.
+4. **Request handling** -- The daemon's event loop dispatches incoming requests to the appropriate handler. Handlers may be async (using `co_await`) to interact with the JS runtime or other daemon state.
+5. **Peer disconnects** -- When the proxy process exits, the transport closes and the `BincodePeer::run()` coroutine completes. The daemon logs the disconnection and cleans up the session.
+
+## Data Types
+
+The core data structures used across the IPC boundary:
+
+```cpp
+// Unique identifier for an IPC session
+using ipcid_t = int32_t;
+
+// Captured command from the build system
+struct command {
+    std::string cwd;                   // Working directory
+    std::string executable;            // Resolved executable path
+    std::vector<std::string> args;     // Argument array
+    std::vector<std::string> env;      // Environment (KEY=VALUE entries)
+};
+
+// Result of executing a command
+struct process_result {
+    int64_t code = -1;                 // Exit code
+    std::string std_out;               // Captured stdout
+    std::string std_err;               // Captured stderr
+};
+
+// Decision returned by the daemon
+struct action {
+    enum : uint8_t {
+        DROP,    // Do not execute
+        INJECT,  // Execute with hook attached
+        WRAP,    // Execute without hook
+    } type;
+    command cmd;                       // Possibly modified command
+};
+```
diff --git a/en/catter/dev/build.md b/en/catter/dev/build.md
new file mode 100644
index 0000000..d4b6a9d
--- /dev/null
+++ b/en/catter/dev/build.md
@@ -0,0 +1,66 @@
+# Building from Source
+
+## Prerequisites
+
+- [pixi](https://pixi.sh) -- Environment and dependency management
+- [XMake](https://xmake.io/) -- Build system (not installed by pixi; install separately)
+- Git
+
+## Supported Platforms
+
+| Platform | Toolchain |
+|---|---|
+| Windows (win-64) | MSVC (VS2022) |
+| Linux (linux-64) | GCC 14.2 |
+| macOS (osx-arm64) | Clang 20.1 |
+
+## Build Commands
+
+All builds are managed through pixi tasks:
+
+```bash
+# Configure the build (mode: debug, release, or releasedbg)
+pixi run cfg debug
+
+# Build the project
+pixi run build
+
+# Configure in release mode
+pixi run cfg release
+
+# Build JavaScript/TypeScript API
+pixi run build-js
+
+# Install npm dependencies
+pixi run npm-install
+```
+
+## Build System
+
+The project uses [XMake](https://xmake.io/) as the build system, managed through pixi tasks. The C++ standard is C++23.
+
+### Build Targets
+
+- `catter` -- Main CLI executable (the DECISION daemon)
+- `catter-proxy` -- Proxy process manager
+- `catter-hook-unix` -- Unix hook shared library (Linux/macOS)
+- `catter-hook-win64` -- Windows hook DLL
+- `catter-core` -- Core library
+- `common` -- Shared utilities library
+
+## JavaScript Build
+
+The TypeScript API under `api/` is compiled to JavaScript and embedded into the catter binary. Build with:
+
+```bash
+pixi run build-js
+```
+
+This runs rollup to bundle the TypeScript, and the resulting JS is compiled into the binary as a resource.
+
+## Key Dependencies
+
+- [QuickJS-ng](https://github.com/quickjs-ng/quickjs) (v0.11.0) -- Embedded JavaScript engine
+- [spdlog](https://github.com/gabime/spdlog) (1.15.3) -- Logging
+- [kotatsu](https://github.com/clice-io/kotatsu) -- Async runtime, testing framework, option parsing
+- [MinHook](https://github.com/TsudaKageworyo/MinHook) (v1.3.4) -- Windows API hooking (Windows only)
diff --git a/en/catter/dev/contribution.md b/en/catter/dev/contribution.md
new file mode 100644
index 0000000..85bb082
--- /dev/null
+++ b/en/catter/dev/contribution.md
@@ -0,0 +1,58 @@
+# Contributing
+
+## Testing
+
+Three ways to run tests:
+
+```bash
+# Run everything (build + unit tests + integration tests)
+pixi run -e dev test
+
+# Unit tests only
+pixi run -e dev unit-test
+
+# Integration tests only
+pixi run -e dev integration-test
+```
+
+### Unit Tests
+
+Unit tests use the Kotatsu testing framework (`kota::zest`). Located in `tests/unit/`, the structure mirrors `src/`:
+
+- `tests/unit/common/` -- Tests for shared utilities and option parsing
+- `tests/unit/catter/` -- Tests for core logic (compiler identification, JS runtime)
+- `tests/unit/catter-hook/unix/` -- Tests for Unix hook payload
+
+To enable test targets in the build:
+
+```bash
+pixi run cfg  # or: xmake config --test=y
+```
+
+### Integration Tests
+
+Integration tests use the [LLVM Lit](https://llvm.org/docs/CommandGuide/lit.html) framework. Located in `tests/integration/`, they compile and run C++ test programs, using FileCheck for output verification.
+
+```bash
+# Run integration tests with verbose output
+lit ./tests/integration -sav
+```
+
+## Commit Message Format
+
+Use [conventional commits](https://www.conventionalcommits.org/):
+
+```
+<type>(<scope>): <short description>
+```
+
+**Types**: `feat`, `fix`, `refactor`, `chore`, `docs`, `ci`, `test`, `perf`, `style`, `revert`
+
+Scopes should match source directories or feature names. Keep the subject line under 70 characters.
+
+## Code Style
+
+- C++23 standard
+- Use `.clang-format` for C++ formatting
+- Use ESLint + Prettier for TypeScript
+- Pre-commit hooks are configured (`.pre-commit-config.yaml`)
diff --git a/en/catter/features/build-profiling.md b/en/catter/features/build-profiling.md
new file mode 100644
index 0000000..61517b8
--- /dev/null
+++ b/en/catter/features/build-profiling.md
@@ -0,0 +1,21 @@
+# Build Profiling
+
+> [!WARNING]
+> This feature is planned but not yet implemented.
+
+## Concept
+
+Build profiling captures per-process timing data during a build:
+
+- Process start time and duration
+- Parent-child relationships
+- CPU utilization
+
+This data is rendered as a visual timeline (Gantt-chart style) in a browser, allowing developers to diagnose build performance issues.
+
+## Planned Capabilities
+
+- **Identify serialization bottlenecks** -- Find stages where the build runs single-threaded despite available parallelism.
+- **Measure actual vs. theoretical parallelism** -- Compare the observed concurrency level against the number of available cores.
+- **Find slow compilation units** -- Pinpoint individual source files that take disproportionately long to compile.
+- **Debug build system configuration** -- Detect misconfigured dependencies, unnecessary serialization, or suboptimal job scheduling.
diff --git a/en/catter/features/command-tree.md b/en/catter/features/command-tree.md
new file mode 100644
index 0000000..16a4950
--- /dev/null
+++ b/en/catter/features/command-tree.md
@@ -0,0 +1,43 @@
+# Command Tree
+
+The command tree visualizes the build command DAG as an ASCII tree, showing parent-child process relationships and their commands.
+
+Built-in script: `script::cmd-tree`
+
+## Usage
+
+```bash
+catter script::cmd-tree [options] -- <build-command>
+```
+
+## Options
+
+| Option | Description |
+|--------|-------------|
+| `-d, --depth <n>` | Limit render depth. |
+| `-a, --args <n>` | Number of arguments to show per command. Default: all. |
+| `-w, --argWidth <n>` | Truncate long arguments to this width. Default: 10 characters. |
+
+## Output
+
+The output is an ANSI-colored ASCII tree using box-drawing characters (`│`, `├──`, `└──`). Colors cycle through 4 values by depth level, making it easy to distinguish nesting at a glance.
+
+A typical build tree might look like:
+
+```
+make -j8
+├── gcc -c main.c -o main.o
+│   └── as -o main.o /tmp/ccXXXX.s
+├── gcc -c util.c -o util.o
+│   └── as -o util.o /tmp/ccYYYY.s
+└── gcc main.o util.o -o app
+    └── ld -o app main.o util.o -lc
+```
+
+Each node shows the process command line, and its children are the processes it spawned. The tree is constructed from actual process interception, so it reflects exactly what happened during the build.
+
+## Use Cases
+
+- **Understanding build orchestration** -- See how a build system spawns compilers, assemblers, and linkers.
+- **Debugging unexpected process spawning** -- Identify processes you did not expect the build to invoke.
+- **Verifying capture completeness** -- Confirm that all expected compilations are being intercepted by catter.
diff --git a/en/catter/features/compilation-database.md b/en/catter/features/compilation-database.md
new file mode 100644
index 0000000..b41f919
--- /dev/null
+++ b/en/catter/features/compilation-database.md
@@ -0,0 +1,67 @@
+# Compilation Database
+
+The compilation database (CDB) is catter's primary feature. It intercepts compiler invocations during a build and generates a standard `compile_commands.json` file, compatible with clang tooling, language servers, and IDEs.
+
+Built-in script: `script::cdb`
+
+## Usage
+
+```bash
+catter script::cdb [options] -- <build-command>
+```
+
+## Script Options
+
+| Option | Description |
+|--------|-------------|
+| `-o, --output <path>` | Output path for `compile_commands.json`. Defaults to `build/compile_commands.json`. |
+| `--abort-on-command-failure` | Abort the entire build if any intercepted command fails. |
+| `--save-on-failure` | Save partial CDB even if the build fails. |
+
+## Behavior
+
+By default, catter **merges** with an existing `compile_commands.json` if one is found at the output path. New entries for the same source file replace old ones, so you can incrementally rebuild without losing entries from previous runs.
+
+Internally, catter:
+
+1. Intercepts each compiler invocation during the build.
+2. Analyzes the command using `CompilerAnalysis` to identify source files, output files, and compiler flags.
+3. Builds a `FlatTree` (DAG) of command relationships to track input-to-output edges.
+4. On completion, traverses the tree to leaf source files and generates one CDB entry per source file.
+
+## CDB Entry Format
+
+The output follows the standard clang JSON compilation database format:
+
+```json
+[
+  {
+    "directory": "/path/to/build",
+    "file": "/path/to/source.cpp",
+    "arguments": ["clang++", "-std=c++20", "-c", "source.cpp", "-o", "source.o"],
+    "output": "source.o"
+  }
+]
+```
+
+## Supported Compilers
+
+- **C/C++**: GCC, Clang
+
+Compiler wrappers such as `ccache`, `distcc`, and `sccache` are recognized and handled transparently. Catter can also identify other compilers (Flang, ifort, NVCC, etc.) but `CompilerAnalysis` currently only generates CDB entries for GCC and Clang commands.
+
+## Examples
+
+```bash
+# Basic usage with make
+catter script::cdb -- make -j8
+
+# Specify output path
+catter script::cdb -o build/compile_commands.json -- ninja
+
+# With CMake
+catter script::cdb -- cmake --build build
+
+# With any build system
+catter script::cdb -- ./build.sh
+```
diff --git a/en/catter/features/fake-compilation.md b/en/catter/features/fake-compilation.md
new file mode 100644
index 0000000..17c031e
--- /dev/null
+++ b/en/catter/features/fake-compilation.md
@@ -0,0 +1,24 @@
+# Fake Compilation
+
+> [!WARNING]
+> This feature is planned but not yet implemented.
+
+## Concept
+
+Instead of forwarding compilation to the real compiler, catter generates fake placeholder `.o` files. This lets the build system complete its full run -- including link steps -- without actual compilation.
+
+The result:
+
+- **A complete CDB in a fraction of the time.** No real compilation work is performed, so the build finishes as fast as the build system can schedule it.
+- **Full linker command capture.** Because placeholder object files exist on disk, linker invocations proceed normally and can be intercepted.
+
+## Smart Dependency Analysis
+
+Not all commands can be faked. Code generators -- such as LLVM TableGen -- must still be built genuinely, because they produce headers that other compilations depend on.
+
+Catter will analyze dependencies to distinguish between:
+
+- **Regular compilation** -- Can be faked. The output `.o` file is only consumed by the linker.
+- **Code generators** -- Must be built. Their output (generated headers, source files) is needed as input by other compilation steps.
+
+This achieves a "minimal build": only build what is strictly necessary for correct CDB generation and header production, and fake everything else.
diff --git a/en/catter/features/target-tree.md b/en/catter/features/target-tree.md
new file mode 100644
index 0000000..eea3b38
--- /dev/null
+++ b/en/catter/features/target-tree.md
@@ -0,0 +1,39 @@
+# Target Tree
+
+The target tree renders build artifacts as a dependency forest, showing what was built from what.
+
+Built-in script: `script::target-tree`
+
+## Usage
+
+```bash
+catter script::target-tree [options] -- <build-command>
+```
+
+## Options
+
+| Option | Description |
+|--------|-------------|
+| `-d, --depth <n>` | Limit render depth. |
+
+## Output
+
+The target tree inverts the perspective of the command tree. Instead of showing process parent-child relationships, it shows output artifacts (executables, libraries, object files) as parents, with their input files as children.
+
+For example, where the command tree shows `gcc main.o util.o -o app`, the target tree shows:
+
+```
+app
+├── main.o
+│   └── main.c
+├── util.o
+│   └── util.c
+```
+
+This makes it clear which source files contribute to which final artifacts.
+
+## Use Cases
+
+- **Understanding target dependencies** -- See the full dependency chain from final binaries down to source files.
+- **Analyzing build graphs for C++20 modules** -- Trace module interface units and their consumers.
+- **Identifying source contributions** -- Determine which sources contribute to which targets, useful for splitting or restructuring builds.
diff --git a/en/catter/guide/configuration.md b/en/catter/guide/configuration.md
new file mode 100644
index 0000000..3d7aa81
--- /dev/null
+++ b/en/catter/guide/configuration.md
@@ -0,0 +1,80 @@
+# Configuration
+
+## catter CLI
+
+```
+catter [options] <script> [script-args] -- <build-command>
+```
+
+### Options
+
+| Option | Description | Default |
+|--------|-------------|---------|
+| `-m, --mode <mode>` | Runtime mode. Controls how catter intercepts processes. | `inject` |
+| `-d, --dir <path>` | Working directory for the target process. | Current directory |
+| `--stdio-mode <mode>` | How to handle child process stdio. See below. | `inherit` |
+| `-h, --help` | Show help message. | |
+
+### `--stdio-mode`
+
+Controls what happens with the intercepted process's standard output and error streams:
+
+- **`inherit`** -- Real-time passthrough. Build output appears in your terminal as it normally would.
+- **`capture`** -- Buffer stdout and stderr. The captured output is made available to the script's `onFinish` callback instead of being printed immediately.
+
+### Script Specification
+
+**Built-in scripts** use the `script::` prefix:
+
+```bash
+catter script::<name> [script-args] -- <build-command>
+```
+
+Available built-in scripts:
+
+| Name | Description |
+|------|-------------|
+| `script::cdb` | Generate `compile_commands.json` |
+| `script::cmd-tree` | Display the build command tree |
+| `script::target-tree` | Display the build target tree |
+
+**Custom scripts** use a file path:
+
+```bash
+catter ./path/to/script.js [script-args] -- <build-command>
+```
+
+## catter-proxy CLI
+
+::: warning
+`catter-proxy` is an internal component. It is invoked automatically by catter and is not intended for direct use.
+:::
+
+```
+catter-proxy [options] -- <command>
+```
+
+| Option | Description |
+|--------|-------------|
+| `-p <id>` | Parent process ID for IPC session |
+| `<executable>` | Resolved executable path |
+
+## Environment Variables
+
+These variables are set automatically by catter at runtime. They are documented here for reference; you should not need to set them manually.
+
+### Unix (Linux / macOS)
+
+| Variable | Purpose |
+|----------|---------|
+| `__key_catter_proxy_path_v1` | Path to the `catter-proxy` executable |
+| `__key_catter_command_id_v1` | IPC command identifier |
+| `LD_PRELOAD` (Linux) | Injects the catter hook shared library |
+| `DYLD_INSERT_LIBRARIES` (macOS) | Injects the catter hook shared library |
+
+### Windows
+
+| Variable | Purpose |
+|----------|---------|
+| `CATTER_IPC_ID` | IPC session identifier |
+| `CATTER_PROXY_PATH` | Path to the `catter-proxy` executable |
diff --git a/en/catter/guide/quick-start.md b/en/catter/guide/quick-start.md
new file mode 100644
index 0000000..2ac4e28
--- /dev/null
+++ b/en/catter/guide/quick-start.md
@@ -0,0 +1,77 @@
+# Quick Start
+
+## Prerequisites
+
+- [pixi](https://pixi.sh) for environment management
+- A C++ project with any build system (Make, Ninja, CMake, Meson, etc.)
+
+## Installation
+
+Catter uses pixi for distribution. Install it with:
+
+```bash
+pixi global install catter
+```
+
+::: info
+Catter is at v0.1.0 and under active development. The installation method may change in future releases.
+:::
+
+## Generate a Compilation Database
+
+Run your build command through catter to capture all compiler invocations:
+
+```bash
+catter script::cdb -o compile_commands.json -- make
+```
+
+This produces a `compile_commands.json` file in the current directory, ready for use with any language server or static analysis tool.
+
+## Command Format
+
+```
+catter [options] <script> [script-args] -- <build-command>
+```
+
+Breaking down the CDB example:
+
+| Part | Meaning |
+|------|---------|
+| `script::cdb` | Use the built-in CDB generation script (`script::` prefix selects built-in scripts) |
+| `-o compile_commands.json` | Script-specific option: output file path |
+| `--` | Separator between catter/script arguments and the build command |
+| `make` | The actual build command to intercept |
+
+## More Examples
+
+### Command tree visualization
+
+View the captured build command DAG as an ASCII tree:
+
+```bash
+catter script::cmd-tree -- make
+```
+
+### Using with CMake
+
+```bash
+catter script::cdb -o compile_commands.json -- cmake --build build
+```
+
+### Custom scripts
+
+Use your own JavaScript script instead of a built-in one:
+
+```bash
+catter ./my-script.js -- cmake --build build
+```
+
+## IDE Support for Script Development
+
+Install the catter npm package to get TypeScript type definitions when writing custom scripts:
+
+```bash
+npm install --save-dev catter
+```
+
+This provides IDE autocompletion and type checking for the catter scripting API.
diff --git a/en/catter/guide/what-is-catter.md b/en/catter/guide/what-is-catter.md
new file mode 100644
index 0000000..dd9e9a1
--- /dev/null
+++ b/en/catter/guide/what-is-catter.md
@@ -0,0 +1,49 @@
+# What is Catter?
+
+Catter is a build process interception tool. It hooks into child process creation during a build, captures compilation and linker commands, and lets you process them with JavaScript scripts powered by an embedded QuickJS runtime.
+
+## Motivation
+
+Catter was created for [clice](https://github.com/clice-io/clice), a new C++ language server. Language servers depend on a [Compilation Database (CDB)](https://clang.llvm.org/docs/JSONCompilationDatabase.html) to understand how each source file is compiled, but obtaining one is often painful:
+
+- **Limited build system support** -- CMake only generates CDB when using Makefile or Ninja backends. Many other popular C++ build systems have no native CDB support at all.
+- **Inaccessible build directories** -- When C++ code is built as part of a Python package (or similar), the build directory is managed externally and the CDB file is out of reach.
+- **Code generators require a full build** -- Projects like LLVM use tools such as `tablegen` that generate header files at build time. These files are referenced by `-I` flags in the compilation commands, so the language server cannot resolve includes until a full build has run -- even if you only want to read the code.
+
+No existing cross-platform tool solves all of these problems. That is why we created catter.
+
+## How It Works
+
+Catter's approach is similar to [Bear](https://github.com/rizsotto/Bear) and [scan-build](https://github.com/rizsotto/scan-build). It intercepts child process creation using platform-specific hooks (`LD_PRELOAD` on Linux, `DYLD_INSERT_LIBRARIES` on macOS, DLL injection on Windows). Every intercepted command is sent to a decision-making daemon that runs user-provided JavaScript scripts via QuickJS, determining what to do with each command.
+
+## Core Capabilities
+
+### Compilation Database Generation
+
+The primary use case. Catter captures compiler invocations across any build system and generates a standard `compile_commands.json`. No build system plugins or special configuration needed.
+
+### Linker Analysis
+
+By capturing linker commands, catter can reconstruct the dependency graph between build targets. This is essential for C++20 modules support: the C++ standard says a program may have at most one module with a given name, and "program" is defined by targets (libraries, executables). This target information is missing from the CDB standard, but catter can infer it from linker commands.
+
+### Fake Compilation (Planned)
+
+Instead of forwarding compilation to the real compiler, catter will be able to generate placeholder object files. This lets the build system run to completion without actually compiling, producing a complete CDB in a fraction of the time. Code generators (like `tablegen`) are still built normally -- catter analyzes dependencies to determine the minimal set of tools that must be genuinely compiled.
+
+### Build Profiling (Planned)
+
+Capture process timing, durations, and parent-child relationships during a build. The data can be rendered visually in a browser, letting you analyze parallelism and identify bottlenecks.
+
+### Custom Script Patching
+
+With the embedded QuickJS engine, users can write JavaScript scripts to dynamically modify, redirect, or inject logic into build commands -- without changing the original build files.
+
+## Architecture at a Glance
+
+Catter is a three-part system:
+
+- **HOOK** -- Platform-specific library injected into processes to intercept child process creation.
+- **PROXY** (`catter-proxy`) -- Manages hook injection and acts as a compiler wrapper. Relays intercepted commands to the decision daemon.
+- **DECISION** (`catter`) -- The main daemon. Runs the JS runtime, receives intercepted commands from the proxy, and decides how to handle each one.
+
+For a detailed walkthrough of the architecture and IPC flow, see the [design documentation](../design/architecture).
diff --git a/en/catter/index.md b/en/catter/index.md
new file mode 100644
index 0000000..2961f19
--- /dev/null
+++ b/en/catter/index.md
@@ -0,0 +1,29 @@
+---
+layout: home
+
+hero:
+  name: catter
+  text: Build Process Interception Tool
+  tagline: Capture, analyze, and modify C++ build commands across any build system
+  actions:
+    - theme: brand
+      text: What is catter?
+      link: ./guide/what-is-catter
+    - theme: alt
+      text: Quick Start
+      link: ./guide/quick-start
+
+features:
+  - icon: 🔍
+    title: Universal CDB Generation
+    details: Generate compile_commands.json from any build system — Make, Ninja, CMake, or custom scripts
+  - icon: 🪝
+    title: Deep Process Interception
+    details: Hooks into process creation at the OS level (LD_PRELOAD on Unix, DLL injection on Windows)
+  - icon: 📜
+    title: JavaScript Scripting
+    details: Write custom scripts with the embedded QuickJS engine to analyze, filter, or modify build commands
+  - icon: 🌳
+    title: Build Graph Analysis
+    details: Visualize command trees and target dependencies to understand your build structure
+---
diff --git a/en/catter/scripting/builtin-modules.md b/en/catter/scripting/builtin-modules.md
new file mode 100644
index 0000000..dc8d131
--- /dev/null
+++ b/en/catter/scripting/builtin-modules.md
@@ -0,0 +1,379 @@
+# Built-in Modules Reference
+
+Catter provides several built-in modules accessible via `import { ... } from "catter"`. This page covers the utility modules that complement the core `service`, `cmd`, and `option` APIs.
+
+## fs -- File System
+
+The `fs` module provides synchronous file operations and path manipulation utilities.
+
+### File Operations
+
+```js
+import { fs } from "catter";
+
+fs.exists("/path/to/file");        // boolean
+fs.isFile("/path/to/file");        // boolean
+fs.isDir("/path/to/dir");          // boolean
+fs.pwd();                          // current working directory
+fs.readDirs("/path/to/dir");       // string[] of absolute entry paths
+fs.mkdir("/path/to/dir");          // create directory (recursive by default)
+fs.createFile("/path/to/file");    // create empty file (recursive by default)
+fs.removeAll("/path/to/dir");      // recursively remove file or directory
+fs.rename("old", "new");           // rename/move, returns false if old doesn't exist
+```
+
+### Path Utilities
+
+```js
+import { fs } from "catter";
+
+fs.path.isAbsolute("/tmp/file");           // true
+fs.path.absolute("./relative");            // resolve to absolute path
+fs.path.joinAll("/home", "user", "file");  // "/home/user/file"
+fs.path.toAncestor("/a/b/c/d", 2);        // "/a/b"
+fs.path.extension("file.cpp");             // ".cpp"
+fs.path.filename("/path/to/file.txt");     // "file.txt"
+fs.path.relativeTo("/home", "/home/user"); // "user"
+fs.path.lexicalNormal("src/./a/../b.cc");  // "src/b.cc"
+```
+
+### Async Operations
+
+```js
+import { fs } from "catter";
+
+await fs.async.exists(path);
+await fs.async.isFile(path);
+await fs.async.isDir(path);
+await fs.async.readDirs(path);
+await fs.async.mkdir(path);
+await fs.async.createFile(path);
+await fs.async.removeAll(path);
+await fs.async.rename(oldPath, newPath);
+await fs.async.readText(path);         // read file as string
+await fs.async.writeText(path, text);  // write string to file
+```
+
+## io -- Input/Output
+
+### Text Output
+
+```js
+import { io } from "catter";
+
+io.print("no newline");
+io.println("with newline");
+io.coloredPrint("warning", "yellow");
+io.coloredPrintln("error", "red");
+io.coloredPrintln("success", "green");
+io.coloredPrintln("info", "blue");
+```
+
+Supported colors: `"red"`, `"yellow"`, `"blue"`, `"green"`.
+
+### Binary File Streams
+
+The `FileStream` class provides low-level binary read/write access:
+
+```js
+import { io } from "catter";
+
+const stream = new io.FileStream("data.bin");
+const bytes = stream.read(1024);
+stream.write(new Uint8Array([1, 2, 3]));
+stream.append(new Uint8Array([4, 5]));
+const size = stream.file_size();
+const all = stream.readEntireFile();
+stream.close();
+```
+
+Use the `with()` pattern for automatic cleanup:
+
+```js
+io.FileStream.with("data.bin", (stream) => {
+  const data = stream.readEntireFile();
+  io.println(`Read ${data.length} bytes`);
+});
+```
+
+Seek operations use `SeekWhence`:
+
+```js
+stream.seekRead(0, io.SeekWhence.SET);   // beginning
+stream.seekWrite(0, io.SeekWhence.END);  // end of file
+stream.seekRead(10, io.SeekWhence.CUR);  // relative to current position
+```
+
+### Text File Streams
+
+The `TextFileStream` class wraps `FileStream` with encoding support (ASCII and UTF-8):
+
+```js
+import { io } from "catter";
+
+io.TextFileStream.with("log.txt", "utf-8", (stream) => {
+  const lines = stream.readLines();
+  for (const line of lines) {
+    io.println(line);
+  }
+});
+```
+
+Key methods:
+
+| Method | Description |
+|--------|-------------|
+| `read(chars)` | Read N characters |
+| `write(text)` | Write string |
+| `readLine()` | Read one line (without newline) |
+| `readLines()` | Read all lines into array |
+| `readUntil(delimiter)` | Read until delimiter |
+| `readEntireFile()` | Read entire file as string |
+| `append(text)` | Append to end of file |
+
+## os -- Operating System
+
+```js
+import { os } from "catter";
+
+os.platform();  // "linux" | "macos" | "windows"
+os.arch();      // "x86" | "x64" | "arm" | "arm64"
+```
+
+## http -- HTTP Client
+
+### Quick Methods
+
+```js
+import { http } from "catter";
+
+const text = await http.text("https://example.com");
+const data = await http.json("https://api.example.com/data");
+const res = await http.get(url);
+const res = await http.post(url, body);
+const res = await http.put(url, body);
+const res = await http.patch(url, body);
+const res = await http.del(url);
+const res = await http.head(url);
+```
+
+### Full Request
+
+```js
+import { http } from "catter";
+
+const response = await http.request("https://example.com/api", {
+  method: "POST",
+  headers: { "Content-Type": "application/json" },
+  body: JSON.stringify({ key: "value" }),
+  timeoutMs: 5000,
+  maxRedirects: 5,
+});
+
+io.println(`Status: ${response.status}`);  // 200
+io.println(`OK: ${response.ok}`);          // true
+io.println(`Body: ${response.text()}`);
+const data = response.json();
+const contentType = response.header("content-type");
+```
+
+### Response Object
+
+| Field/Method | Type | Description |
+|-------------|------|-------------|
+| `status` | `number` | HTTP status code |
+| `ok` | `boolean` | True if status is 2xx |
+| `url` | `string` | Final URL (after redirects) |
+| `body` | `string` | Response body |
+| `headers` | `Record<string, string>` | Normalized headers (lowercase keys) |
+| `text()` | `string` | Returns body as string |
+| `json()` | `T` | Parses body as JSON |
+| `header(name)` | `string \| undefined` | Get header by name (case-insensitive) |
+
+### Request Options
+
+| Option | Type | Default | Description |
+|--------|------|---------|-------------|
+| `method` | `string` | `"GET"` | HTTP method |
+| `headers` | `Record \| Array` | `{}` | Request headers |
+| `body` | `string` | `""` | Request body |
+| `timeoutMs` | `number` | `-1` (no timeout) | Request timeout |
+| `maxRedirects` | `number` | `-1` (default) | Max redirects to follow |
+| `proxy` | `string` | `""` | Proxy URL |
+
+### Managed Client
+
+For multiple requests, create a reusable client:
+
+```js
+const client = new http.Client();
+const res = await client.get(url);
+client.close();
+```
+
+## time -- Time Utilities
+
+### Timestamps
+
+```js
+import { time } from "catter";
+
+time.now();          // Unix timestamp in ms (same as time.unixMs())
+time.unixMs();       // Unix timestamp in milliseconds
+time.unixUs();       // Unix timestamp in microseconds
+time.unixSeconds();  // Unix timestamp in seconds
+time.monotonicMs();  // Monotonic clock in ms (for elapsed time)
+time.monotonicUs();  // Monotonic clock in us
+```
+
+### Duration Conversion
+
+All duration helpers produce or consume milliseconds:
+
+```js
+time.ms(1500);       // 1500 (identity, for clarity)
+time.seconds(2);     // 2000
+time.minutes(1);     // 60000
+time.hours(1);       // 3600000
+time.days(1);        // 86400000
+time.ns(1000000);    // 1
+time.us(1000);       // 1
+```
+
+Convert between arbitrary units:
+
+```js
+time.convert(2, "s", "ms");  // 2000
+time.toMs(5, "s");           // 5000
+time.fromMs(60000, "min");   // 1
+```
+
+### Elapsed Time
+
+```js
+const start = time.monotonicMs();
+// ... do work ...
+const ms = time.elapsedMs(start);
+const seconds = time.elapsed(start, "s");
+```
+
+## debug -- Assertions
+
+```js
+import { debug } from "catter";
+
+debug.assertPrint(condition);         // prints "assertion failed!" on failure
+debug.assertThrow(condition);         // throws Error on failure
+debug.assertDo(condition, () => {     // runs callback on failure
+  io.println("custom failure handler");
+});
+```
+
+## cli -- Script Argument Parsing
+
+The `cli` module provides a declarative argument parser for script options. It is typically used inside `onStart` to parse `config.scriptArgs`.
+
+### Defining a Command
+
+```js
+import { cli } from "catter";
+
+const myCommand = cli.command({
+  name: "my-script",
+  description: "My custom build analysis script.",
+  options: [
+    cli.string("output", {
+      short: "o",
+      valueName: "path",
+      description: "Output file path.",
+    }),
+    cli.flag("verbose", {
+      short: "v",
+      description: "Enable verbose output.",
+    }),
+    cli.number("depth", {
+      short: "d",
+      description: "Maximum tree depth.",
+      default: 3,
+      min: 1,
+      max: 100,
+    }),
+    cli.string("include", {
+      short: "I",
+      description: "Include paths.",
+      multiple: true,
+    }),
+  ] as const,
+  positionals: [
+    cli.positional("files", {
+      multiple: true,
+      required: false,
+      description: "Additional input files.",
+    }),
+  ] as const,
+  examples: [
+    "my-script -o result.json",
+    {
+      command: "my-script -v -d 5 -o out.json",
+      description: "Verbose output with depth 5.",
+    },
+  ],
+});
+```
+
+### Parsing Arguments
+
+Use `cli.run()` for the simplest workflow -- it prints help/errors automatically and returns parsed values or `undefined`:
+
+```js
+service.onStart((config) => {
+  const result = cli.run(myCommand, config.scriptArgs);
+  if (result === undefined) {
+    config.execute = false;
+    return config;
+  }
+
+  io.println(`Output: ${result.output}`);    // string | undefined
+  io.println(`Verbose: ${result.verbose}`);  // boolean
+  io.println(`Depth: ${result.depth}`);      // number
+  io.println(`Files: ${result.files}`);      // string[]
+  return config;
+});
+```
+
+For more control, use `cli.parse()` (returns a result object) or `cli.parseOrThrow()` (throws `CLIParseError`):
+
+```js
+const result = cli.parse(myCommand, args);
+if (!result.ok) {
+  io.println(cli.formatError(result));
+  return;
+}
+if (result.helpRequested) {
+  io.println(result.usage);
+  return;
+}
+// result.values is the parsed values object
+```
+
+### Option Types
+
+| Factory | Value Type | Description |
+|---------|-----------|-------------|
+| `cli.flag(name, opts)` | `boolean` | Boolean flag, defaults to `false` |
+| `cli.string(name, opts)` | `string` | String-valued option |
+| `cli.number(name, opts)` | `number` | Number-valued option (with optional `min`, `max`, `integer`) |
+| `cli.positional(name, opts)` | `string` | Positional argument |
+
+All option types support `short`, `description`, `required`, `multiple`, `default`, and `hidden`. Number options additionally support `min`, `max`, and `integer`. String and number options support a `parse` function for custom validation.
+
+### Usage Text
+
+Generate formatted help text programmatically:
+
+```js
+const helpText = cli.usage(myCommand);
+io.println(helpText);
+```
+
+Built-in `-h` / `--help` handling is enabled by default. Set `help: false` in the command definition to disable it.
diff --git a/en/catter/scripting/command-analysis.md b/en/catter/scripting/command-analysis.md
new file mode 100644
index 0000000..9ca3333
--- /dev/null
+++ b/en/catter/scripting/command-analysis.md
@@ -0,0 +1,217 @@
+# Command Analysis
+
+The `cmd` module provides structured analysis of compiler and archiver command lines. It identifies the phase, artifact type, input files, output files, and dependency edges for intercepted build commands.
+
+## CompilerAnalysis
+
+Analyzes compiler command lines (GCC, Clang) to extract structured information.
+
+```js
+import { cmd, io, service } from "catter";
+
+service.onCommand((ctx) => {
+  if (!ctx.capture.success) return;
+
+  const argv = ctx.capture.data.argv;
+  const analysis = cmd.CompilerAnalysis.analyze(argv);
+
+  if (analysis) {
+    io.println(`Phase: ${analysis.phase}`);
+    io.println(`Artifact: ${analysis.artifact}`);
+    io.println(`Compiler: ${analysis.compiler}`);
+    io.println(`Sources: ${analysis.sourceInputs().join(", ")}`);
+    io.println(`Outputs: ${analysis.outputs().join(", ")}`);
+  }
+});
+```
+
+### Static Methods
+
+| Method | Description |
+|--------|-------------|
+| `CompilerAnalysis.supports(argv)` | Check if command looks like a compiler invocation |
+| `CompilerAnalysis.analyze(argv)` | Full analysis, returns `undefined` for non-compiler commands |
+| `CompilerAnalysis.from(analysis)` | Narrow a generic `Analysis` back to `CompilerAnalysis` |
+
+### Instance Properties
+
+| Property | Type | Description |
+|----------|------|-------------|
+| `compiler` | `"clang" \| "gcc"` | Recognized compiler executable |
+| `phase` | `CompilerPhase` | Pipeline phase (see below) |
+| `artifact` | `CompilerArtifact` | Output artifact type (see below) |
+| `style` | `"gnu" \| "cl"` | Driver option syntax style |
+| `type` | `CompilerType \| undefined` | Legacy classification (for compatibility) |
+
+### Instance Methods
+
+| Method | Returns | Description |
+|--------|---------|-------------|
+| `inputs()` | `string[]` | All input file paths |
+| `sourceInputs()` | `string[]` | Only source file paths |
+| `inputEntries()` | `CompilerInput[]` | Inputs with metadata: `{path, kind, index}` |
+| `outputs()` | `string[]` | Produced output file paths |
+| `edges()` | `Edge[]` | Dependency edges (input-to-output mappings) |
+
+Each `CompilerInput` contains:
+
+- `path` -- file path
+- `kind` -- `"source"` or `"link"`
+- `index` -- position in the original argv
+
+Each `Edge` contains:
+
+- `output` -- the output file path
+- `inputs` -- array of input file paths that produce this output
+
+For compile commands, edges pair each object file with its own source file. For link commands, all inputs feed into each output.
+
+### Supported Phases
+
+| Phase | Value |
+|-------|-------|
+| `CompilerPhase.Preprocess` | `"preprocess"` |
+| `CompilerPhase.SyntaxOnly` | `"syntax-only"` |
+| `CompilerPhase.Compile` | `"compile"` |
+| `CompilerPhase.Link` | `"link"` |
+| `CompilerPhase.Archive` | `"archive"` |
+| `CompilerPhase.RelocatableLink` | `"relocatable-link"` |
+| `CompilerPhase.DeviceLink` | `"device-link"` |
+
+### Supported Artifact Types
+
+| Artifact | Value |
+|----------|-------|
+| `CompilerArtifact.None` | `"none"` |
+| `CompilerArtifact.Stdout` | `"stdout"` |
+| `CompilerArtifact.Object` | `"object"` |
+| `CompilerArtifact.Executable` | `"exe"` |
+| `CompilerArtifact.SharedLibrary` | `"shared"` |
+| `CompilerArtifact.StaticLibrary` | `"static-lib"` |
+| `CompilerArtifact.Assembly` | `"asm"` |
+| `CompilerArtifact.LlvmIR` | `"llvm-ir"` |
+| `CompilerArtifact.LlvmBitcode` | `"llvm-bc"` |
+| `CompilerArtifact.Pch` | `"pch"` |
+| `CompilerArtifact.Pcm` | `"pcm"` |
+| `CompilerArtifact.Ptx` | `"ptx"` |
+| `CompilerArtifact.Cubin` | `"cubin"` |
+| `CompilerArtifact.Fatbin` | `"fatbin"` |
+
+## ArchiverAnalysis
+
+Analyzes archive commands (`ar`, `llvm-ar`, `gcc-ar`).
+
+```js
+import { cmd } from "catter";
+
+const argv = ["llvm-ar", "rcs", "libfoo.a", "foo.o", "bar.o"];
+const analysis = cmd.ArchiverAnalysis.analyze(argv);
+
+if (analysis) {
+  io.println(`Operation: ${analysis.operation}`);  // "r"
+  io.println(`Archive: ${analysis.archive}`);       // "libfoo.a"
+  io.println(`Members: ${analysis.members}`);       // ["foo.o", "bar.o"]
+  io.println(`Thin: ${analysis.thin}`);             // false
+}
+```
+
+### Instance Properties
+
+| Property | Type | Description |
+|----------|------|-------------|
+| `operation` | `ArchiverOperation` | Archive operation (`"r"`, `"x"`, `"t"`, etc.) |
+| `modifiers` | `string[]` | Modifier letters (e.g., `["c", "s"]`) |
+| `thin` | `boolean` | Whether thin-archive mode was requested |
+| `archive` | `string \| undefined` | Archive file path |
+| `members` | `string[]` | Member file paths |
+
+### Supported Operations
+
+The analyzer currently models these operations:
+
+| Operation | Value | Description |
+|-----------|-------|-------------|
+| `ArchiverOperation.Print` | `"p"` | Print members |
+| `ArchiverOperation.QuickAppend` | `"q"` | Quick append |
+| `ArchiverOperation.ReplaceOrInsert` | `"r"` | Replace or insert members |
+| `ArchiverOperation.Table` | `"t"` | List contents |
+
+Other `ar` operations (`d`, `m`, `s`, `x`) are recognized by the enum but `ArchiverAnalysis.analyze()` returns `undefined` for them.
+
+## Registry
+
+Analyzers are organized in a `Registry`. The default registry includes `CompilerAnalysis` and `ArchiverAnalysis`.
+
+### Using the Default Registry
+
+```js
+import { cmd } from "catter";
+
+// Analyze with all built-in analyzers
+const analysis = cmd.analyze(["clang", "-c", "main.c"]);
+
+// Check if any analyzer handles the command
+const canHandle = cmd.canHandle(["clang", "-c", "main.c"]);
+```
+
+### Custom Registry
+
+```js
+import { cmd } from "catter";
+
+const registry = new cmd.Registry();
+registry.register(cmd.CompilerAnalysis);
+registry.register(cmd.ArchiverAnalysis);
+
+const analysis = registry.analyze(["gcc", "-c", "main.c"]);
+```
+
+### Adding Custom Analyzers
+
+Implement the `Analyzer` interface with `key`, `supports()`, and `analyze()`:
+
+```js
+import { cmd } from "catter";
+
+class MyToolAnalysis extends cmd.Analysis {
+  static key = "my-tool";
+
+  static supports(argv) {
+    return argv[0]?.endsWith("my-tool") ?? false;
+  }
+
+  static analyze(argv) {
+    if (!MyToolAnalysis.supports(argv)) return undefined;
+    return new MyToolAnalysis(argv);
+  }
+
+  constructor(argv) {
+    const inputs = [argv[1]];
+    const outputs = [argv[2]];
+    super("my-tool", inputs, outputs);
+  }
+}
+
+// Register globally
+cmd.register(MyToolAnalysis);
+
+// Or use a separate registry
+const registry = new cmd.Registry();
+registry.register(MyToolAnalysis);
+```
+
+### Narrowing Analysis Results
+
+When you get a generic `Analysis` from the registry, use the static `from()` method to narrow it:
+
+```js
+const analysis = cmd.analyze(argv);
+const compiler = cmd.CompilerAnalysis.from(analysis);
+const archiver = cmd.ArchiverAnalysis.from(analysis);
+
+if (compiler) {
+  io.println(`Compiler phase: ${compiler.phase}`);
+} else if (archiver) {
+  io.println(`Archiver operation: ${archiver.operation}`);
+}
+```
diff --git a/en/catter/scripting/option-parsing.md b/en/catter/scripting/option-parsing.md
new file mode 100644
index 0000000..a98c0a7
--- /dev/null
+++ b/en/catter/scripting/option-parsing.md
@@ -0,0 +1,213 @@
+# Compiler Option Parsing
+
+The `option` module provides full option table parsing for major C/C++ toolchains, derived from LLVM's option definitions. It can parse, inspect, rewrite, and convert compiler options across toolchains.
+
+## Supported Option Tables
+
+| Table | Toolchain |
+|-------|-----------|
+| `"clang"` | Clang/GCC driver options |
+| `"nvcc"` | NVIDIA CUDA compiler |
+| `"lld-elf"` | LLD linker (ELF/Linux) |
+| `"lld-coff"` | LLD linker (COFF/Windows) |
+| `"lld-macho"` | LLD linker (Mach-O/macOS) |
+| `"lld-mingw"` | LLD linker (MinGW) |
+| `"lld-wasm"` | LLD linker (WebAssembly) |
+| `"llvm-lib"` | LLVM library manager |
+| `"llvm-dlltool"` | LLVM DLL tool |
+
+## Collecting Parsed Options
+
+Parse all options from an argument array:
+
+```js
+import { option } from "catter";
+
+const args = ["-std=c++20", "-O2", "-c", "main.cc", "-o", "main.o"];
+const items = option.collect("clang", args);
+
+if (typeof items === "string") {
+  throw new Error(`Parse error: ${items}`);
+}
+
+for (const item of items) {
+  const meta = option.info("clang", item);
+  io.println(`${meta.prefixedKey} => ${item.values.join(", ")}`);
+}
+```
+
+## Streaming Parse
+
+Parse with a callback instead of collecting:
+
+```js
+import { option } from "catter";
+
+option.parse("clang", args, (result) => {
+  if (typeof result === "string") {
+    io.println(`Error: ${result}`);
+    return false; // stop parsing
+  }
+  io.println(`Option: ${result.key}, values: ${result.values}`);
+  return true; // continue
+});
+```
+
+## Option Inspection
+
+Get metadata about a parsed option:
+
+```js
+const items = option.collect("clang", ["-std=c++20"]);
+if (Array.isArray(items)) {
+  const info = option.info("clang", items[0]);
+  io.println(info.prefixedKey); // "-std="
+  io.println(info.kind);       // OptionKindClass.JoinedClass
+  io.println(info.help);       // help text from LLVM option table
+}
+```
+
+## Rendering Options
+
+Convert a parsed option item back to a command-line string:
+
+```js
+const str = option.stringify("clang", item);
+io.println(str); // e.g., "-std=c++20"
+```
+
+## Alias Resolution
+
+Convert an aliased option to its canonical form:
+
+```js
+const items = option.collect("nvcc", ["-ofoo.o"]);
+if (Array.isArray(items)) {
+  option.convertToUnalias("nvcc", items[0]);
+  io.println(items[0].key); // "--output-file"
+}
+```
+
+Note: `convertToUnalias()` mutates the item in place and returns it for convenience.
+
+## Rewriting Arguments
+
+Replace or remove options in an argument array:
+
+```js
+import { option } from "catter";
+
+const rewritten = option.replace("clang", ["-Iold", "-O0", "main.cc"], (result) => {
+  if (typeof result === "string") {
+    throw new Error(result);
+  }
+
+  // Replace include path
+  if (result.key === "-I") {
+    return { ...result, values: ["new-include"] };
+  }
+
+  // Remove optimization flag (return a string to replace the span)
+  if (result.key === "-O") {
+    return "-O2";
+  }
+
+  // Return undefined to keep unchanged
+});
+
+io.println(rewritten); // "-Inew-include -O2 main.cc"
+```
+
+The callback can return:
+
+| Return value | Effect |
+|--------------|--------|
+| `undefined` | Keep the original text |
+| `OptionItem` | Replace with the rendered item |
+| `string` | Replace with the literal string |
+| `string[]` | Replace with the joined array |
+| `boolean` | `true` to continue, `false` to stop |
+
+## Cross-Table Conversion
+
+Convert arguments from one option table to another, keeping only options that are valid in the target table:
+
+```js
+import { option } from "catter";
+
+const nvccArgs = ["--gpu-architecture=sm_70", "-std=c++17", "-O2"];
+const clangArgs = option.table2table("nvcc", "clang", nvccArgs);
+
+if (typeof clangArgs === "string") {
+  throw new Error(clangArgs);
+}
+
+io.println(clangArgs.join(" ")); // options valid in both tables
+```
+
+The function parses with the source table, splits args into per-option spans, then re-parses each span with the target table. Spans that parse as `UnknownClass` or match excluded IDs are dropped.
+
+## OptionItem Structure
+
+Each parsed option is represented as an `OptionItem`:
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `key` | `string` | Option key (e.g., `"-std="`, `"-c"`, `"-I"`) |
+| `values` | `string[]` | Option values array |
+| `id` | `number` | Numeric option ID from the table |
+| `unalias` | `number \| undefined` | Canonical option ID if this is an alias |
+| `index` | `number` | Position of this option in the original args |
+
+## OptionInfo Structure
+
+Metadata returned by `option.info()`:
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `id` | `number` | Numeric option ID |
+| `prefixedKey` | `string` | Full option string (e.g., `"-std="`) |
+| `kind` | `OptionKindClass` | Option kind (see below) |
+| `group` | `number` | Group ID |
+| `alias` | `number` | Alias target ID |
+| `aliasArgs` | `string[]` | Arguments appended when resolving alias |
+| `flags` | `number` | Option flags |
+| `visibility` | `number` | Platform visibility bitmask |
+| `param` | `number` | Parameter count for multi-arg options |
+| `help` | `string` | Help text from LLVM table |
+| `meta_var` | `string` | Metavar label for help text |
+
+## Option Kinds
+
+The `OptionKindClass` enum describes how an option consumes arguments:
+
+| Kind | Description |
+|------|-------------|
+| `FlagClass` | No value (e.g., `-c`, `-v`) |
+| `JoinedClass` | Value joined to key (e.g., `-std=c++20`) |
+| `SeparateClass` | Value in next argument (e.g., `-o main.o`) |
+| `JoinedOrSeparateClass` | Either joined or separate (e.g., `-Ipath` or `-I path`) |
+| `CommaJoinedClass` | Comma-separated values joined to key |
+| `RemainingArgsClass` | Consumes all remaining arguments |
+| `RemainingArgsJoinedClass` | Key + remaining args |
+| `MultiArgClass` | Fixed number of separate value arguments |
+| `ValuesClass` | Multiple separate values |
+| `InputClass` | Positional input (source file) |
+| `UnknownClass` | Unrecognized option |
+| `GroupClass` | Option group (not a real option) |
+
+## Visibility Filtering
+
+Options can be filtered by platform visibility when parsing. This is useful for handling platform-specific options like MSVC-style `/TC`:
+
+```js
+import { option } from "catter";
+
+// Parse with default visibility (all options visible)
+const items = option.collect("clang", args);
+
+// Parse with explicit visibility mask to filter platform-specific options
+const clItems = option.collect("clang", args, ClangVisibility.CLOption);
+```
+
+Each option table exports its own visibility constants (e.g., `ClangVisibility.DefaultVis`, `ClangVisibility.CLOption`).
diff --git a/en/catter/scripting/overview.md b/en/catter/scripting/overview.md
new file mode 100644
index 0000000..0676bba
--- /dev/null
+++ b/en/catter/scripting/overview.md
@@ -0,0 +1,94 @@
+# Scripting System Overview
+
+Catter embeds [QuickJS-ng](https://github.com/nicklausw/quickjs-ng) (v0.11.0) as its JavaScript engine. Scripts are written in JavaScript (or TypeScript with type checking via the `catter` npm package). The runtime is not Node.js -- it is a lightweight embedded engine with a custom API surface.
+
+## Script Lifecycle
+
+1. User runs: `catter <script> [script-args] -- <build-command>`
+2. Catter loads and evaluates the script.
+3. Script registers service callbacks via `service.register()`.
+4. `onStart(config)` is called -- script can inspect and modify the build configuration.
+5. Build execution begins (if `config.execute` is true).
+6. For each intercepted command: `onCommand(ctx)` is called -- script decides the action.
+7. After each command execution: `onExecution(ctx)` is called with the result.
+8. Build completes: `onFinish(result)` is called with the process exit code, stdout, and stderr.
+
+## Script Types
+
+**Built-in scripts** are selected with the `script::` prefix:
+
+| Script | Description |
+|--------|-------------|
+| `script::cdb` | Generate a `compile_commands.json` compilation database |
+| `script::cmd-tree` | Display the captured build command DAG as an ASCII tree |
+| `script::target-tree` | Display the build target dependency tree |
+
+**Custom scripts** can be any `.js` file path:
+
+```bash
+catter ./my-script.js -- cmake --build build
+```
+
+## Type Support for Development
+
+Install the `catter` npm package to get TypeScript type definitions when writing custom scripts:
+
+```bash
+npm install --save-dev catter
+```
+
+Then in your script:
+
+```js
+// @ts-check
+import { service, fs, io } from "catter";
+```
+
+This provides IDE autocompletion and type checking for the entire catter scripting API.
+
+## Minimal Example
+
+```js
+import { service, io } from "catter";
+
+service.register({
+  onStart(config) {
+    io.println("Build starting...");
+    return config;
+  },
+  onCommand(ctx) {
+    if (ctx.capture.success) {
+      io.println(`Command: ${ctx.capture.data.argv[0]}`);
+    }
+    // Return nothing = let it execute normally
+  },
+  onFinish(result) {
+    io.println(`Build finished with code ${result.code}`);
+  }
+});
+```
+
+## Available Modules
+
+The `catter` package exposes several namespaced modules:
+
+| Module | Purpose |
+|--------|---------|
+| `service` | Service lifecycle registration and callbacks |
+| `cmd` | Command analysis (compiler, archiver) |
+| `option` | Compiler option table parsing and rewriting |
+| `fs` | File system operations and path utilities |
+| `io` | Standard output, colored printing, file streams |
+| `os` | Platform and architecture detection |
+| `http` | HTTP client for GET, POST, and other requests |
+| `time` | Wall-clock and monotonic timestamps, duration helpers |
+| `debug` | Assertion helpers |
+| `cli` | Declarative argument parsing for script options |
+| `data` | Data structures (FlatTree for DAGs) |
+| `scripts` | Pre-built script factories (`scripts.cdb()`, etc.) |
+
+Import them individually:
+
+```js
+import { service, cmd, option, fs, io, os, http, time, debug, cli } from "catter";
+```
diff --git a/en/catter/scripting/service-api.md b/en/catter/scripting/service-api.md
new file mode 100644
index 0000000..b19fd84
--- /dev/null
+++ b/en/catter/scripting/service-api.md
@@ -0,0 +1,230 @@
+# Service API Reference
+
+The service API is the core of catter scripting. It lets you register callbacks that respond to build lifecycle events: start, command interception, execution results, and finish.
+
+## Registration
+
+Register a service object with one or more callbacks:
+
+```js
+import { service } from "catter";
+
+service.register({
+  onStart(config) { /* ... */ },
+  onCommand(ctx) { /* ... */ },
+  onExecution(ctx) { /* ... */ },
+  onFinish(result) { /* ... */ }
+});
+```
+
+All callbacks are optional. You can also use convenience methods to register individual callbacks:
+
+```js
+service.onStart((config) => { /* ... */ });
+service.onCommand((ctx) => { /* ... */ });
+service.onExecution((ctx) => { /* ... */ });
+service.onFinish((result) => { /* ... */ });
+```
+
+## onStart
+
+```
+onStart(config: CatterConfig) => CatterConfig | void
+```
+
+Called before build execution. Receives the runtime configuration object. Return the (possibly modified) config to apply changes, or return nothing to accept it as-is.
+
+**CatterConfig fields:**
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `scriptPath` | `string` | Path to the script being executed |
+| `scriptArgs` | `string[]` | Arguments passed to the script (before `--`) |
+| `buildSystemCommand` | `string[]` | The build command (after `--`) |
+| `buildSystemCommandCwd` | `string` | Working directory for the build |
+| `runtime` | `CatterRuntime` | Runtime capabilities (see below) |
+| `options` | `object` | Options like log level, stdio mode |
+| `execute` | `boolean` | Set to `false` to prevent build execution |
+
+**CatterRuntime fields:**
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `type` | `"inject" \| "eslogger" \| "env"` | Interception mode |
+| `supportActions` | `ActionType[]` | Which actions the runtime supports |
+| `supportParentId` | `boolean` | Whether parent-child process tracking is available |
+
+**Example -- skip execution and just inspect config:**
+
+```js
+service.onStart((config) => {
+  io.println(`Build command: ${config.buildSystemCommand.join(" ")}`);
+  io.println(`Script args: ${config.scriptArgs.join(" ")}`);
+  config.execute = false;
+  return config;
+});
+```
+
+## onCommand
+
+```
+onCommand(ctx: CommandContext) => Action | void
+```
+
+Called for each intercepted process creation. The callback receives a `CommandContext` object and can decide what happens to the command.
+
+**CommandContext fields:**
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `id` | `number` | Unique command ID |
+| `capture` | `CommandCaptureResult` | Captured command data (see below) |
+| `action` | `Action` | Current action (default: `{type: "skip"}`) |
+| `stopped` | `boolean` | Whether propagation has been stopped |
+
+The `capture` field is a tagged result. On success:
+
+- `capture.success` is `true`
+- `capture.data.argv` -- full argument array
+- `capture.data.cwd` -- working directory
+- `capture.data.env` -- environment variables
+- `capture.data.parent` -- parent process ID (if available)
+
+**Action methods on ctx:**
+
+| Method | Effect |
+|--------|--------|
+| `ctx.skip()` | Let the command execute normally but ignore it in catter |
+| `ctx.drop()` | Prevent the command from executing |
+| `ctx.modify(data)` | Execute a modified command instead |
+| `ctx.ignoreDescendants()` | Don't intercept child processes of this command |
+| `ctx.stopPropagation()` | Stop calling remaining service handlers |
+
+If the callback returns nothing (undefined), the command proceeds normally. You can also return an action object directly:
+
+```js
+service.onCommand((ctx) => {
+  if (!ctx.capture.success) {
+    return; // skip capture errors
+  }
+
+  const argv = ctx.capture.data.argv;
+  if (argv[0].endsWith("ccache")) {
+    ctx.ignoreDescendants();
+    return;
+  }
+
+  // Drop all link commands
+  if (argv.includes("-shared")) {
+    ctx.drop();
+  }
+});
+```
+
+## onExecution
+
+```
+onExecution(ctx: ExecutionContext) => void
+```
+
+Called after each command finishes execution.
+
+**ExecutionContext fields:**
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `id` | `number` | Same command ID from `onCommand` |
+| `result` | `ProcessResult` | Process result (see below) |
+| `stopped` | `boolean` | Whether propagation has been stopped |
+
+**ProcessResult fields:**
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `code` | `number` | Exit code |
+| `stdout` | `string` | Standard output (if captured) |
+| `stderr` | `string` | Standard error (if captured) |
+
+```js
+service.onExecution((ctx) => {
+  if (ctx.result.code !== 0) {
+    io.coloredPrintln(`Command ${ctx.id} failed with code ${ctx.result.code}`, "red");
+  }
+});
+```
+
+## onFinish
+
+```
+onFinish(result: ProcessResult) => void
+```
+
+Called when the entire build process completes.
+
+```js
+service.onFinish((result) => {
+  if (result.code === 0) {
+    io.coloredPrintln("Build succeeded.", "green");
+  } else {
+    io.coloredPrintln(`Build failed with code ${result.code}.`, "red");
+  }
+});
+```
+
+## Multiple Services
+
+You can call `service.register()` multiple times. Services are called in registration order. Use `ctx.stopPropagation()` to prevent later services from seeing a command.
+
+```js
+// First service: filter out ccache wrappers
+service.register({
+  onCommand(ctx) {
+    if (ctx.capture.success && ctx.capture.data.argv[0].endsWith("ccache")) {
+      ctx.ignoreDescendants();
+      ctx.stopPropagation();
+    }
+  }
+});
+
+// Second service: analyze remaining commands
+service.register({
+  onCommand(ctx) {
+    // This won't see the ccache command itself
+  }
+});
+```
+
+## Service Composition
+
+The `service` module also provides `pipeline()` and `parallel()` for composing services:
+
+```js
+import { service } from "catter";
+
+// Sequential pipeline -- services run in order
+const combined = service.pipeline(serviceA, serviceB);
+
+// Parallel execution -- services run concurrently
+const parallel = service.parallel(serviceA, serviceB);
+
+service.register(combined);
+```
+
+With `service.parallel()`, at most one service may set an action for any given command. If multiple services attempt to set actions, an error is thrown.
+
+## Factory Helper
+
+Use `service.create()` to construct a service object with typed context-style callbacks:
+
+```js
+import { service } from "catter";
+
+const myService = service.create({
+  onStart(config) { return config; },
+  onCommand(ctx) { /* ... */ },
+  onExecution(ctx) { /* ... */ },
+  onFinish(result) { /* ... */ },
+});
+
+service.register(myService);
+```
diff --git a/en/catter/sidebar.yaml b/en/catter/sidebar.yaml
new file mode 100644
index 0000000..45de7d0
--- /dev/null
+++ b/en/catter/sidebar.yaml
@@ -0,0 +1,38 @@
+guide:
+  label: Guide
+  items:
+    - what-is-catter
+    - quick-start
+    - configuration
+
+features:
+  label: Features
+  items:
+    - compilation-database
+    - command-tree
+    - target-tree
+    - fake-compilation
+    - build-profiling
+
+scripting:
+  label: Scripting
+  items:
+    - overview
+    - service-api
+    - command-analysis
+    - option-parsing
+    - builtin-modules
+
+design:
+  label: Design
+  items:
+    - architecture
+    - hook-mechanism
+    - ipc-protocol
+
+dev:
+  label: Development
+  collapsed: true
+  items:
+    - build
+    - contribution
diff --git a/zh/catter/design/architecture.md b/zh/catter/design/architecture.md
new file mode 100644
index 0000000..63cd7b5
--- /dev/null
+++ b/zh/catter/design/architecture.md
@@ -0,0 +1,164 @@
+# 系统架构
+
+Catter 是一个三层协作系统，用于拦截和处理构建命令。每个组件各司其职，通过 IPC 通信组成一条管线，捕获构建系统发出的每一条编译器调用。
+
+## 三大组件
+
+### 1. HOOK -- 进程创建拦截器
+
+一个平台相关的共享库，注入到构建系统的进程中。它拦截进程创建函数的调用（Unix 上的 `execve`，Windows 上的 `CreateProcess`），并重写命令，使每个子进程都通过 `catter-proxy` 中转后再执行。
+
+- **Linux**: `libcatter-hook-unix.so`，通过 `LD_PRELOAD` 注入
+- **macOS**: `libcatter-hook-unix.dylib`，通过 `DYLD_INSERT_LIBRARIES` 注入
+- **Windows**: `catter-hook-win64.dll`，通过 DLL 注入（`VirtualAllocEx` + `LoadLibraryA`）
+
+HOOK 是被动的 -- 它不做任何决策，仅将进程创建重定向到代理。
+
+### 2. PROXY（`catter-proxy`）-- 编译器包装器与钩子管理器
+
+一个独立的可执行文件，有两种运行模式：
+
+- **注入模式（Injector Mode）**: 由 `catter` 启动，用于运行挂载了钩子库的构建系统。这是会话中的第一个代理实例。
+- **包装模式（Wrapper Mode）**: 由钩子库在拦截到构建命令时启动。每个被拦截的命令都会生成一个新的 `catter-proxy` 进程，代替原始的编译器/工具。
+
+在两种模式下，代理都会通过 IPC 连接到 `catter` 守护进程，发送捕获到的命令信息，接收决策（执行、丢弃或修改），然后据此执行操作。
+
+### 3. DECISION（`catter`）-- 守护进程
+
+用户直接调用的主进程。它负责：
+
+1. 通过内嵌的 QuickJS 运行时加载并初始化 JavaScript 脚本
+2. 以注入模式生成 `catter-proxy` 来启动构建
+3. 在 Unix 域套接字（Windows 上为命名管道）上监听 IPC 连接
+4. 从代理实例接收被拦截的命令
+5. 调用 JavaScript 回调函数（`onCommand`、`onExecution`、`onStart`、`onFinish`）来决定如何处理每条命令
+6. 维护一棵与构建进程树对应的会话树
+
+JS 运行时是单线程的 -- 所有脚本回调在事件循环上顺序执行，因此用户脚本无需处理并发问题。
+
+## 完整工作流程
+
+以下是执行如下命令时的完整步骤说明：
+
+```bash
+catter script::cdb -o compile_commands.json -- make
+```
+
+1. **用户调用 `catter`**。DECISION 守护进程启动，加载 `script::cdb` 脚本，初始化 QuickJS 运行时，执行脚本的 `onStart()` 回调。
+
+2. **`catter` 生成 `catter-proxy -- make`**。这是**注入模式**下的代理，作为 `catter` 的子进程运行。
+
+3. **代理通过 IPC 连接到 `catter`**。它发送 `CHECK_MODE` 请求，确认守护进程处于注入模式。
+
+4. **`catter` 回应：注入模式**。代理确认后，准备启动构建命令并挂载钩子库。
+
+5. **代理启动带有钩子的 `make`**。在 Linux 上，这意味着将 `libcatter-hook-unix.so` 添加到 `LD_PRELOAD` 并设置环境变量（`__key_catter_proxy_path_v1`、`__key_catter_command_id_v1`），然后调用真正的 `execve`。在 Windows 上，进程以挂起状态创建，注入钩子 DLL 后再恢复运行。
+
+6. **`make` 运行并尝试生成 `g++ main.cpp -o main.o`**。构建系统调用 `execve("g++", ...)`（Windows 上为 `CreateProcess`）。
+
+7. **HOOK 拦截 `execve()` 调用**。加载在 `make` 地址空间中的钩子库在系统调用到达内核之前捕获它。
+
+8. **HOOK 重写命令**。不直接执行 `g++`，而是重写为：
+   ```
+   catter-proxy -p <parent_id> --exec /usr/bin/g++ -- g++ main.cpp -o main.o
+   ```
+   同时清理环境：移除 catter 专用环境变量，并从 `LD_PRELOAD` 中剥离钩子库路径，防止代理本身被钩子拦截。
+
+9. **新的 `catter-proxy` 实例启动**（**包装模式**下的 PROXY）。此代理实例通过真正的 `execve` 使用重写后的命令启动。
+
+10. **包装模式代理通过 IPC 连接到 `catter`**。它先发送 `CREATE` 请求（以父进程 ID 注册自身），再发送 `MAKE_DECISION` 请求，包含完整的命令信息：工作目录、已解析的可执行文件路径、参数列表和环境变量。
+
+11. **`catter` 调用 JS 脚本中的 `onCommand(ctx)`**。脚本检查命令内容并返回一个动作：原样执行、修改后执行或丢弃。
+
+12. **代理根据决策执行操作**：
+    - **INJECT**: 挂载钩子库后执行命令（使孙子进程也被拦截）
+    - **WRAP**: 直接执行命令，捕获标准输出和标准错误
+    - **DROP**: 跳过执行，返回退出码 0
+
+13. **执行完成后，代理向 `catter` 发送 `FINISH`**。结果包括退出码、标准输出和标准错误的内容。
+
+14. **`catter` 调用 JS 脚本中的 `onExecution(ctx)`**，传入执行结果。
+
+15. **当 `make` 执行完毕**，最初的注入模式代理退出，`catter` 调用 `onFinish(result)`。
+
+16. **`catter` 关闭**，写入输出文件（例如 `compile_commands.json`）。
+
+## 时序图
+
+```mermaid
+sequenceDiagram
+    participant User as 用户
+    participant Catter as catter (DECISION)
+    participant Proxy1 as catter-proxy (注入模式)
+    participant Make as make (构建系统)
+    participant Hook as HOOK (在 make 中)
+    participant Proxy2 as catter-proxy (包装模式)
+    participant GCC as g++ (编译器)
+
+    User->>Catter: catter script::cdb -- make
+    Catter->>Catter: 加载脚本，调用 onStart()
+    Catter->>Proxy1: 生成 catter-proxy -- make
+    Proxy1->>Catter: IPC: CHECK_MODE
+    Catter-->>Proxy1: INJECT 模式
+    Proxy1->>Make: 挂载 HOOK 启动 make
+    Make->>Hook: execve("g++", ...)
+    Hook->>Proxy2: 重写为 catter-proxy -p ID --exec g++ -- ...
+    Proxy2->>Catter: IPC: CREATE(parent_id)
+    Catter-->>Proxy2: 新会话 ID
+    Proxy2->>Catter: IPC: MAKE_DECISION(command)
+    Catter->>Catter: 调用 onCommand(ctx)
+    Catter-->>Proxy2: 动作: 执行
+    Proxy2->>GCC: 执行 g++ main.cpp
+    GCC-->>Proxy2: 退出码 0
+    Proxy2->>Catter: IPC: FINISH(result)
+    Catter->>Catter: 调用 onExecution(ctx)
+    Make-->>Proxy1: make 退出
+    Proxy1-->>Catter: 进程结果
+    Catter->>Catter: 调用 onFinish(result)
+```
+
+## catter-proxy 的两种模式
+
+代理二进制文件根据启动方式承担不同职责：
+
+### 注入模式（Injector Mode）
+
+由 `catter` 启动，用于运行挂载了钩子的构建系统。始终是会话中的第一个代理实例。
+
+```
+catter-proxy -- make -j8
+```
+
+注入模式下的代理：
+1. 连接守护进程，确认注入模式
+2. 准备环境，设置 `LD_PRELOAD`（或在 Windows 上进行 DLL 注入）
+3. 设置 catter 专用环境变量供钩子读取
+4. 启动构建命令
+5. 等待构建完成，捕获标准输出和标准错误
+
+### 包装模式（Wrapper Mode）
+
+由钩子库在拦截到子进程创建时启动。每个被拦截的命令都会创建一个新的包装实例。
+
+```
+catter-proxy -p <parent_id> --exec /usr/bin/g++ -- g++ main.cpp -o main.o
+```
+
+包装模式下的代理：
+1. 连接守护进程
+2. 通过 `CREATE` 注册为 `parent_id` 的子会话
+3. 通过 `MAKE_DECISION` 发送捕获的命令
+4. 根据守护进程的响应执行（或丢弃）命令
+5. 通过 `FINISH` 报告执行结果
+
+## 关键设计决策
+
+**单线程 JS 运行时**。所有 JavaScript 回调在事件循环上顺序执行。守护进程通过异步 I/O（使用 `kota`）并发处理 IPC 连接，但脚本执行是串行的。这消除了用户脚本中的竞态条件。
+
+**基于 Unix 域套接字/命名管道的二进制 IPC**。代理与守护进程之间的通信使用 `kota::ipc::BincodePeer` 进行 Bincode 序列化。这种方式快速高效，避免了文本协议的开销。详见 [IPC 协议](ipc-protocol.md)文档。
+
+**递归钩子**。在 Unix 上，`LD_PRELOAD` 通过环境变量被子进程继承，因此构建系统生成的任何子进程（包括嵌套的 `make` 调用、shell 脚本或构建工具包装器）都会被自动钩住。在 Windows 上，钩子 DLL 的 `CreateProcess` 替代函数确保每个子进程在开始运行前都被注入 DLL。拦截是透明且递归的 -- 构建系统无法察觉自己正在被监控。
+
+**环境清理**。钩子在启动代理之前会清除自身在环境中的痕迹。如果不从 `LD_PRELOAD` 中剥离钩子库，代理二进制文件本身就会被钩住，导致无限递归。代理仅在以 INJECT 动作启动需要拦截的命令时，才重新添加 `LD_PRELOAD`。
+
+**会话树**。守护进程维护一棵会话 ID 树，与构建进程树一一对应。每个代理实例都携带父进程的会话 ID 进行注册，使守护进程能够追踪哪些进程创建了哪些子进程。这对目标树重建和构建性能分析等功能至关重要。
diff --git a/zh/catter/design/hook-mechanism.md b/zh/catter/design/hook-mechanism.md
new file mode 100644
index 0000000..03a6c2c
--- /dev/null
+++ b/zh/catter/design/hook-mechanism.md
@@ -0,0 +1,218 @@
+# 钩子机制
+
+钩子是 catter 最底层的组件。它是一个共享库，会被加载到构建系统生成的每个进程中。它的唯一职责是拦截进程创建调用，并将其重写，使每个子进程都通过 `catter-proxy` 中转，而非直接执行。
+
+钩子的实现完全依赖于平台特性。Unix 和 Windows 使用了截然不同的拦截技术。
+
+## Unix（Linux 与 macOS）-- 基于 LD_PRELOAD 的拦截
+
+Unix 钩子是通过动态链接器的预加载机制加载的共享库：
+
+- **Linux**: `libcatter-hook-unix.so`，通过 `LD_PRELOAD` 加载
+- **macOS**: `libcatter-hook-unix.dylib`，通过 `DYLD_INSERT_LIBRARIES` 加载
+
+### 被拦截的函数
+
+钩子替换了所有用于创建新进程的标准 POSIX 函数：
+
+**exec 系列**:
+- `execve()`、`execv()`
+- `execvpe()`、`execvp()`、`execvP()`
+- `execl()`、`execlp()`、`execle()`
+
+**posix_spawn 系列**:
+- `posix_spawn()`
+- `posix_spawnp()`
+
+在 Linux 上，钩子使用 `dlsym(RTLD_NEXT, "execve")` 从加载顺序中的下一个库获取原始函数指针，然后提供一个签名相同的替换函数。当替换函数被调用时，钩子可以检查和修改参数，然后选择性地调用原始函数。
+
+在 macOS 上，钩子使用 `DYLD_INTERPOSE` 宏在 dyld 层面替换函数，这是该平台上的首选技术。
+
+### 核心类
+
+钩子由一组协作的类实现：
+
+- **`Session`** -- 从环境变量中读取并存储会话信息。提供代理路径和父进程会话 ID。
+- **`Resolver`** -- 解析目标可执行文件的路径。处理 PATH 查找、相对路径解析及可执行文件缺失等边界情况。
+- **`CmdBuilder`** -- 构造重写后的命令，将 `catter-proxy` 替换原始可执行文件。
+- **`EnvGuard`** -- RAII 守卫，在调用真正的 `execve` 之前清理环境。移除 catter 相关变量，并从 `LD_PRELOAD` 中剥离钩子库。
+- **`Executor`** -- 协调整个拦截过程。验证会话、解析可执行文件、构建代理命令、清理环境、调用原始函数。
+- **`Linker`** -- 真实系统调用的抽象层。封装 `dlsym(RTLD_NEXT, ...)` 以调用原始的 `execve` 或 `posix_spawn`。
+
+### 钩子初始化
+
+钩子库通过动态链接器的构造函数机制（`__attribute__((constructor))` 或等效方式）加载。初始化期间，库会：
+
+1. 设置日志（输出到 catter 数据目录下的 `log/catter-hook.log`）
+2. 准备就绪等待拦截 -- `Executor` 在首次拦截时惰性读取环境中的会话状态
+
+### 环境变量
+
+钩子从以下环境变量中读取会话信息，这些变量由代理在启动构建命令时设置：
+
+| 变量 | 用途 |
+|------|------|
+| `__key_catter_proxy_path_v1` | `catter-proxy` 二进制文件的绝对路径 |
+| `__key_catter_command_id_v1` | 父进程的会话 ID |
+
+### 拦截流程
+
+当任何进程创建函数被调用时（例如 `execve("/usr/bin/g++", argv, envp)`）：
+
+1. 进入钩子的替换函数。
+
+2. **`Executor`** 验证会话。如果会话无效（缺少环境变量），它会构建一个错误命令，将问题报告给守护进程。
+
+3. **`Resolver`** 将目标可执行文件解析为绝对路径。对于 `execvp()` 和 `execvpe()` 等函数，它会搜索 `PATH` 中的目录。对于 `execve()`，则相对于当前目录解析。
+
+4. **`CmdBuilder`** 构造代理命令：
+   ```
+   <proxy_path> -p <self_id> --exec <resolved_path> -- <original_argv...>
+   ```
+   原始的 `argv[0]` 及所有后续参数保留在 `--` 分隔符之后。
+
+5. **`EnvGuard`**（RAII）修改环境数组：
+   - 移除 `__key_catter_proxy_path_v1` 和 `__key_catter_command_id_v1`
+   - 从 `LD_PRELOAD`（或 `DYLD_INSERT_LIBRARIES`）中剥离钩子库名称
+   - 如果剥离后 `LD_PRELOAD` 变为空，则将其完全移除
+
+6. **`Linker`** 使用重写后的命令调用**真正的** `execve()`（通过 `dlsym(RTLD_NEXT, ...)` 获取）。
+
+7. 如果 `execve` 成功，当前进程镜像被替换，函数不会返回。如果失败，钩子恢复 `errno` 并将错误返回给调用者。
+
+### 为什么要清理环境？
+
+这一步至关重要。如果在启动 `catter-proxy` 时钩子库仍留在 `LD_PRELOAD` 中：
+
+1. `catter-proxy` 本身会被钩住
+2. 当代理尝试执行实际的编译器时，钩子会拦截该调用
+3. 钩子会将其重写为启动另一个 `catter-proxy`
+4. 这将造成**无限递归**
+
+通过从 `LD_PRELOAD` 中剥离钩子，代理可以不受拦截地执行。代理仅在以 `INJECT` 动作启动命令时才重新添加 `LD_PRELOAD`，确保钩子仅挂载到正确的进程上。
+
+### 递归钩子
+
+由于 `LD_PRELOAD` 通过环境变量被子进程继承，拦截是自动递归的。考虑如下构建场景：
+
+```
+make
+  -> sh -c "gcc main.c -o main"
+     -> gcc main.c -o main
+        -> cc1 main.c -o main.s
+        -> as main.s -o main.o
+        -> ld main.o -o main
+```
+
+这棵进程树中的每个进程都继承了 `LD_PRELOAD`，因此都会被钩住。每次调用都会经过 `catter-proxy`，由守护进程决定如何处理。构建系统完全无法感知到拦截的存在。
+
+---
+
+## Windows -- DLL 注入与 API 钩子
+
+Windows 钩子使用了与 Unix 完全不同的方法，因为 Windows 没有 `LD_PRELOAD` 的等价机制。catter 结合使用了：
+
+1. **DLL 注入** -- 将钩子库加载到目标进程中
+2. **基于 MinHook 的 API 钩子** -- 在这些进程内拦截 `CreateProcess` 调用
+
+### 钩子 DLL
+
+钩子编译为 `catter-hook-win64.dll`。它使用 MinHook -- 一个轻量级的 x86/x64 API 钩子库，通过覆写目标函数的前几个字节为跳转指令（trampoline hooking）来实现函数替换。
+
+### 环境变量
+
+| 变量 | 用途 |
+|------|------|
+| `CATTER_IPC_ID` | 父进程的会话 ID |
+| `CATTER_PROXY_PATH` | `catter-proxy.exe` 的绝对路径 |
+
+### DLL 注入过程
+
+当 `catter-proxy`（注入模式）需要启动挂载了钩子的构建命令时：
+
+1. **以挂起状态创建目标进程**。代理调用 `CreateProcessA()`，使用 `CREATE_SUSPENDED` 标志。进程被创建但主线程不会运行。
+
+2. **设置环境变量**。`CATTER_IPC_ID` 和 `CATTER_PROXY_PATH` 在创建进程前通过环境块传入目标进程。
+
+3. **在目标进程中分配内存**。代理调用 `VirtualAllocEx()` 在目标进程的地址空间中分配一块内存区域。
+
+4. **写入 DLL 路径**。代理调用 `WriteProcessMemory()` 将 `catter-hook-win64.dll` 的完整路径写入分配的内存。
+
+5. **创建远程线程加载 DLL**。代理按顺序尝试三种方法：
+   - `CreateRemoteThread()` -- 已公开的 Win32 API。首先尝试，因为它是最广泛支持的方法。
+   - `NtCreateThreadEx()` -- 未公开的 NT API。备选方案，在现代 Windows（Vista+）上可靠运行。
+   - `RtlCreateUserThread()` -- 另一个未公开的 NT API。最后的备选方案。
+
+   远程线程的入口点是 `LoadLibraryA`，其参数是步骤 4 中写入的 DLL 路径字符串的指针。当线程运行时，它将 `catter-hook-win64.dll` 加载到目标进程中。
+
+6. **等待注入完成**。代理等待远程线程执行完毕（超时时间为 3 秒）。
+
+7. **恢复主线程**。代理调用 `ResumeThread()` 让目标进程开始执行。此时钩子 DLL 已加载，钩子函数已激活。
+
+### 被钩住的 Windows API
+
+钩子 DLL 在 `DLL_PROCESS_ATTACH` 期间使用 MinHook 的 trampoline 机制安装钩子：
+
+- **`CreateProcessA()`** -- ANSI 版本的进程创建函数
+- **`CreateProcessW()`** -- 宽字符版本的进程创建函数
+- **`CreateProcessAsUserA()`** -- 透传（当前未重写命令行）
+- **`CreateProcessAsUserW()`** -- 透传（当前未重写命令行）
+
+MinHook 的工作原理：
+1. 保存目标函数的前几条指令
+2. 将其覆写为跳转到替代函数的指令
+3. 提供一个 trampoline（跳板），包含保存的指令及跳回原函数的跳转，使原始函数仍可被调用
+
+### 钩子替代逻辑
+
+当被钩住的进程调用 `CreateProcessA` 或 `CreateProcessW` 时：
+
+1. **提取命令行**。钩子读取 `lpApplicationName` 和 `lpCommandLine`。
+
+2. **解析绝对路径**。钩子使用 `resolve_abspath()` 解析可执行文件路径，搜索程序目录、当前目录、System32、Windows 目录和 `PATH`（与标准 Windows 搜索顺序一致）。
+
+3. **重写命令行**：
+   ```
+   {proxy_path} -p {ipc_id} --exec {resolved_path} -- {original_cmdline}
+   ```
+   `lpApplicationName` 被设为 `nullptr`，使 `CreateProcess` 正常解析命令行。
+
+4. **通过 MinHook trampoline 调用原始 `CreateProcess`**，传入修改后的命令行。
+
+### 与 Unix 的关键区别
+
+在 Unix 上，`LD_PRELOAD` 是一个由所有子进程自动继承的环境变量。钩子默认具有"传染性" -- 每个子进程都会被钩住。
+
+在 Windows 上没有这样的机制。钩子 DLL 必须显式注入到每个新进程中。这通过以下方式实现：
+
+1. 钩子的 `CreateProcess` 替代函数拦截每次进程创建
+2. 将命令重写为通过 `catter-proxy` 中转
+3. 当代理决定以 `INJECT` 动作执行时，它对新进程执行 DLL 注入（创建挂起、注入、恢复）
+
+这意味着代理负责在每一代子进程中重新注入钩子，维持递归拦截链。
+
+### DLL 生命周期
+
+```
+DLL_PROCESS_ATTACH:
+  MH_Initialize()       -- 初始化 MinHook
+  MH_CreateHook(...)    -- 在 CreateProcess 系列函数上安装钩子
+  MH_EnableHook(...)    -- 激活所有钩子
+
+DLL_PROCESS_DETACH:
+  MH_DisableHook(...)   -- 停用所有钩子
+  MH_Uninitialize()     -- 清理 MinHook
+```
+
+在 attach 阶段调用 `DisableThreadLibraryCalls()` 以抑制 `DLL_THREAD_ATTACH` 和 `DLL_THREAD_DETACH` 通知，减少运行开销。
+
+## 平台对比
+
+| 方面 | Linux | macOS | Windows |
+|------|-------|-------|---------|
+| 钩子库 | `libcatter-hook-unix.so` | `libcatter-hook-unix.dylib` | `catter-hook-win64.dll` |
+| 注入方式 | `LD_PRELOAD` 环境变量 | `DYLD_INSERT_LIBRARIES` 环境变量 | `VirtualAllocEx` + `LoadLibraryA` |
+| 函数替换 | `dlsym(RTLD_NEXT, ...)` | `DYLD_INTERPOSE` 宏 | MinHook trampoline 钩子 |
+| 拦截的 API | `execve`、`execvp`、`posix_spawn` 等 | 与 Linux 相同 | `CreateProcessA`、`CreateProcessW` |
+| 递归钩子 | 自动（环境变量继承） | 自动（环境变量继承） | 显式（每个进程重新注入 DLL） |
+| 会话环境变量 | `__key_catter_proxy_path_v1`、`__key_catter_command_id_v1` | 与 Linux 相同 | `CATTER_PROXY_PATH`、`CATTER_IPC_ID` |
diff --git a/zh/catter/design/ipc-protocol.md b/zh/catter/design/ipc-protocol.md
new file mode 100644
index 0000000..c3c7615
--- /dev/null
+++ b/zh/catter/design/ipc-protocol.md
@@ -0,0 +1,221 @@
+# IPC 协议
+
+Catter 使用进程间通信在守护进程（`catter`）和代理实例（`catter-proxy`）之间传递信息。守护进程作为服务端，每个代理实例作为客户端连接。
+
+## 传输层
+
+传输层的实现因平台而异：
+
+| 平台 | 机制 | 路径 / 名称 |
+|------|------|-------------|
+| Linux / macOS | Unix 域套接字 | `$XDG_DATA_HOME/pipe-catter-ipc.sock`（通常为 `~/.local/share/pipe-catter-ipc.sock`） |
+| Windows | 命名管道 | `\\.\pipe\catter-ipc` |
+
+守护进程在启动时创建监听套接字/管道。每个 `catter-proxy` 实例启动时作为客户端连接。连接在代理进程的整个生命周期内持续存在。
+
+## 序列化
+
+所有消息使用 [Bincode](https://github.com/bincode-org/bincode) 编码，这是一种紧凑的二进制序列化格式。实现使用 `kota::ipc::BincodePeer`，它在流传输（`kota::ipc::StreamTransport`）之上提供了请求 - 响应抽象。
+
+选择 Bincode 是因为其高效性 -- 消息体积小、编解码速度快。这一点很重要，因为每个被拦截的构建命令都会导致多次 IPC 往返。
+
+## 请求 - 响应模型
+
+通信遵循严格的请求 - 响应模式。客户端（代理）发送请求并等待服务端（守护进程）响应后才继续执行。每种请求类型都有明确定义的参数类型和结果类型。
+
+协议在 `src/common/util/data.h` 中使用 C++ 模板特化定义：
+
+```cpp
+enum class RequestType : uint8_t {
+    CHECK_MODE,
+    CREATE,
+    MAKE_DECISION,
+    REPORT_ERROR,
+    FINISH,
+};
+```
+
+每种请求类型映射到一个 `Request<Type>` 特化，声明 `Params`（请求负载）和 `Result`（响应负载）。
+
+## 请求类型
+
+### CHECK_MODE
+
+查询守护进程当前活动的服务模式。
+
+| 字段 | 类型 | 说明 |
+|------|------|------|
+| **Params** | `ServiceMode`（枚举） | 要检查的模式（当前仅有 `INJECT`） |
+| **Result** | `bool` | 如果守护进程处于请求的模式则返回 `true` |
+
+这是代理连接后发送的第一个请求。它确认守护进程已准备好处理被拦截的命令。
+
+### CREATE
+
+在守护进程中注册一个新的进程会话。
+
+| 字段 | 类型 | 说明 |
+|------|------|------|
+| **Params** | `ipcid_t`（`int32_t`） | 父进程会话 ID |
+| **Result** | `ipcid_t`（`int32_t`） | 分配给此代理实例的唯一会话 ID |
+
+父 ID 在会话树中建立父子关系。对于第一个代理（注入模式），父 ID 由守护进程在生成代理时提供。对于包装模式的代理，父 ID 来自 `__key_catter_command_id_v1` 环境变量（Windows 上为 `CATTER_IPC_ID`），由钩子设置。
+
+### MAKE_DECISION
+
+核心请求。代理发送捕获到的命令，守护进程决定如何处理。
+
+**Params** -- `command`：
+
+| 字段 | 类型 | 说明 |
+|------|------|------|
+| `cwd` | `string` | 被拦截进程的工作目录 |
+| `executable` | `string` | 已解析的可执行文件绝对路径 |
+| `args` | `string[]` | 完整参数数组（包含 `argv[0]`） |
+| `env` | `string[]` | 环境变量（`KEY=VALUE` 格式） |
+
+**Result** -- `action`：
+
+| 字段 | 类型 | 说明 |
+|------|------|------|
+| `type` | `uint8_t` 枚举 | `DROP`、`INJECT` 或 `WRAP` 之一 |
+| `cmd` | `command` | 要执行的命令（可能已被脚本修改） |
+
+**动作类型**：
+
+- **`DROP`（0）** -- 不执行命令。代理立即返回退出码 0。用于脚本判定命令无关紧要的情况（例如用户想跳过的编译器调用）。
+- **`INJECT`（1）** -- 挂载钩子库后执行命令。代理重新添加 `LD_PRELOAD`（或在 Windows 上执行 DLL 注入），使此命令的子进程也被拦截。这是需要监控子进程的构建命令的默认动作。
+- **`WRAP`（2）** -- 直接执行命令，不挂载钩子。代理运行命令并捕获标准输出/标准错误，但不注入钩子。用于叶子命令（如实际的编译器调用），这些命令不会生成更多的构建子进程。
+
+守护进程可能会修改返回动作中的命令。例如，脚本可以更改编译器标志、重定向输出路径或替换可执行文件。
+
+### REPORT_ERROR
+
+将来自钩子或代理的错误状况报告给守护进程。
+
+**Params**：
+
+| 字段 | 类型 | 说明 |
+|------|------|------|
+| `parent_id` | `ipcid_t` | 父进程的会话 ID |
+| `error_msg` | `string` | 人类可读的错误描述 |
+
+**Result**: `null`（无响应负载）
+
+当钩子遇到无效状态（例如缺少环境变量）或代理在命令处理过程中捕获到异常时使用。守护进程记录错误并可通知用户。
+
+### FINISH
+
+报告命令执行完成。
+
+**Params** -- `process_result`：
+
+| 字段 | 类型 | 说明 |
+|------|------|------|
+| `code` | `int64_t` | 进程退出码 |
+| `std_out` | `string` | 捕获的标准输出 |
+| `std_err` | `string` | 捕获的标准错误 |
+
+**Result**: `null`（无响应负载）
+
+守护进程收到此请求后，调用 `onExecution()` JavaScript 回调并传入结果数据。随后代理断开连接。
+
+## 典型消息序列
+
+一个完整的代理生命周期包含如下 IPC 消息序列：
+
+### 注入模式（第一个代理）
+
+```
+代理 -> 守护进程:  CHECK_MODE(INJECT)
+守护进程 -> 代理:  true
+[代理启动挂载了钩子的构建命令]
+[代理等待构建完成]
+[构建完成后代理退出]
+```
+
+注入模式的代理同样会为顶层构建命令发送 `CREATE`、`MAKE_DECISION` 和 `FINISH`，因此构建系统命令本身也会像其他被拦截的命令一样经过 `onCommand`/`onExecution`。
+
+### 包装模式（被拦截的命令）
+
+```
+代理 -> 守护进程:  CHECK_MODE(INJECT)
+守护进程 -> 代理:  true
+代理 -> 守护进程:  CREATE(parent_id)
+守护进程 -> 代理:  new_session_id
+代理 -> 守护进程:  MAKE_DECISION(command)
+守护进程 -> 代理:  action {type, cmd}
+[代理执行或丢弃命令]
+代理 -> 守护进程:  FINISH(process_result)
+守护进程 -> 代理:  null
+[代理断开连接]
+```
+
+### 错误情况
+
+```
+代理 -> 守护进程:  REPORT_ERROR(parent_id, error_message)
+守护进程 -> 代理:  null
+[代理以退出码 -1 退出]
+```
+
+## 会话模型
+
+守护进程维护一棵与构建进程树对应的会话树：
+
+```
+会话 0（根 -- 注入模式代理）
+  +-- 会话 1（make -> gcc file1.c）
+  +-- 会话 2（make -> gcc file2.c）
+  +-- 会话 3（make -> ar rcs libfoo.a file1.o file2.o）
+  +-- 会话 4（make -> sh -c "gcc file3.c"）
+       +-- 会话 5（sh -> gcc file3.c）
+```
+
+每个会话由唯一的 `ipcid_t`（32 位整数）标识。会话树随着 `CREATE` 请求的到达而增量构建，每个请求都指定了 `parent_id`。这种结构支持以下功能：
+
+- **目标树重建** -- 通过了解哪些目标文件链接到哪些目标
+- **构建性能分析** -- 通过跟踪每个会话的计时数据并可视化并行度
+- **错误归因** -- 通过追溯错误到引发错误的构建命令
+
+## 连接生命周期
+
+1. **守护进程启动** -- 创建并绑定 Unix 域套接字或命名管道。
+2. **代理连接** -- 使用 `kota::pipe::connect()` 打开到套接字/管道的连接。
+3. **守护进程接受连接** -- 对于每个传入连接，守护进程创建一个 `kota::ipc::BincodePeer` 并为每种请求类型注册请求处理器（`on_request<Request<Type>>(...)`）。
+4. **请求处理** -- 守护进程的事件循环将传入请求分发到相应的处理器。处理器可以是异步的（使用 `co_await`）以与 JS 运行时或其他守护进程状态交互。
+5. **对端断开** -- 当代理进程退出时，传输层关闭，`BincodePeer::run()` 协程完成。守护进程记录断开事件并清理会话。
+
+## 数据类型
+
+跨 IPC 边界使用的核心数据结构：
+
+```cpp
+// IPC 会话的唯一标识符
+using ipcid_t = int32_t;
+
+// 从构建系统捕获的命令
+struct command {
+    std::string cwd;                   // 工作目录
+    std::string executable;            // 已解析的可执行文件路径
+    std::vector<std::string> args;     // 参数数组
+    std::vector<std::string> env;      // 环境变量（KEY=VALUE 条目）
+};
+
+// 命令执行结果
+struct process_result {
+    int64_t code = -1;                 // 退出码
+    std::string std_out;               // 捕获的标准输出
+    std::string std_err;               // 捕获的标准错误
+};
+
+// 守护进程返回的决策
+struct action {
+    enum : uint8_t {
+        DROP,    // 不执行
+        INJECT,  // 挂载钩子后执行
+        WRAP,    // 不挂载钩子直接执行
+    } type;
+    command cmd;                       // 可能已修改的命令
+};
+```
diff --git a/zh/catter/dev/build.md b/zh/catter/dev/build.md
new file mode 100644
index 0000000..8f16592
--- /dev/null
+++ b/zh/catter/dev/build.md
@@ -0,0 +1,66 @@
+# 从源码构建
+
+## 前置要求
+
+- [pixi](https://pixi.sh) -- 环境与依赖管理
+- [XMake](https://xmake.io/) -- 构建系统（pixi 不会安装，需单独安装）
+- Git
+
+## 支持的平台
+
+| 平台 | 工具链 |
+|---|---|
+| Windows (win-64) | MSVC (VS2022) |
+| Linux (linux-64) | GCC 14.2 |
+| macOS (osx-arm64) | Clang 20.1 |
+
+## 构建命令
+
+所有构建通过 pixi 任务管理：
+
+```bash
+# 配置构建（mode 可选：debug、release、releasedbg）
+pixi run cfg debug
+
+# 构建项目
+pixi run build
+
+# 以 release 模式配置
+pixi run cfg release
+
+# 构建 JavaScript/TypeScript API
+pixi run build-js
+
+# 安装 npm 依赖
+pixi run npm-install
+```
+
+## 构建系统
+
+项目使用 [XMake](https://xmake.io/) 作为构建系统，通过 pixi 任务管理。C++ 标准为 C++23。
+
+### 构建目标
+
+- `catter` -- 主 CLI 可执行文件（DECISION 守护进程）
+- `catter-proxy` -- 代理进程管理器
+- `catter-hook-unix` -- Unix hook 共享库（Linux/macOS）
+- `catter-hook-win64` -- Windows hook DLL
+- `catter-core` -- 核心库
+- `common` -- 共享工具库
+
+## JavaScript 构建
+
+`api/` 下的 TypeScript API 会被编译为 JavaScript 并嵌入到 catter 二进制文件中。构建命令：
+
+```bash
+pixi run build-js
+```
+
+该命令通过 rollup 打包 TypeScript，生成的 JS 文件会作为资源编译进二进制文件。
+
+## 主要依赖
+
+- [QuickJS-ng](https://github.com/quickjs-ng/quickjs) (v0.11.0) -- 内嵌 JavaScript 引擎
+- [spdlog](https://github.com/gabime/spdlog) (1.15.3) -- 日志
+- [kotatsu](https://github.com/clice-io/kotatsu) -- 异步运行时、测试框架、选项解析
+- [MinHook](https://github.com/TsudaKageworyo/MinHook) (v1.3.4) -- Windows API 钩子（仅 Windows）
diff --git a/zh/catter/dev/contribution.md b/zh/catter/dev/contribution.md
new file mode 100644
index 0000000..507723b
--- /dev/null
+++ b/zh/catter/dev/contribution.md
@@ -0,0 +1,58 @@
+# 贡献指南
+
+## 测试
+
+三种方式运行测试：
+
+```bash
+# 运行全部（构建 + 单元测试 + 集成测试）
+pixi run -e dev test
+
+# 仅单元测试
+pixi run -e dev unit-test
+
+# 仅集成测试
+pixi run -e dev integration-test
+```
+
+### 单元测试
+
+单元测试使用 Kotatsu 测试框架（`kota::zest`）。位于 `tests/unit/`，目录结构与 `src/` 对应：
+
+- `tests/unit/common/` -- 共享工具和选项解析的测试
+- `tests/unit/catter/` -- 核心逻辑的测试（编译器识别、JS 运行时）
+- `tests/unit/catter-hook/unix/` -- Unix hook payload 的测试
+
+启用测试目标：
+
+```bash
+pixi run cfg  # 或: xmake config --test=y
+```
+
+### 集成测试
+
+集成测试使用 [LLVM Lit](https://llvm.org/docs/CommandGuide/lit.html) 框架。位于 `tests/integration/`，编译并运行 C++ 测试程序，使用 FileCheck 进行输出验证。
+
+```bash
+# 以详细输出运行集成测试
+lit ./tests/integration -sav
+```
+
+## 提交信息格式
+
+使用[约定式提交](https://www.conventionalcommits.org/zh-hans/)：
+
+```
+<type>(<scope>): <简短描述>
+```
+
+**类型**：`feat`、`fix`、`refactor`、`chore`、`docs`、`ci`、`test`、`perf`、`style`、`revert`
+
+scope 应与源码目录或功能名称一致。标题行不超过 70 个字符。
+
+## 代码风格
+
+- C++23 标准
+- C++ 格式化使用 `.clang-format`
+- TypeScript 使用 ESLint + Prettier
+- 已配置 pre-commit 钩子（`.pre-commit-config.yaml`）
diff --git a/zh/catter/features/build-profiling.md b/zh/catter/features/build-profiling.md
new file mode 100644
index 0000000..ed2d595
--- /dev/null
+++ b/zh/catter/features/build-profiling.md
@@ -0,0 +1,21 @@
+# 构建分析
+
+> [!WARNING]
+> 此功能尚在计划中，尚未实现。
+
+## 概念
+
+构建分析在构建过程中采集每个进程的时间数据：
+
+- 进程启动时间和持续时长
+- 父子进程关系
+- CPU 利用率
+
+这些数据会被渲染为可视化的时间线（甘特图样式），可在浏览器中查看，帮助开发者诊断构建性能问题。
+
+## 计划中的功能
+
+- **识别串行化瓶颈** -- 发现在有可用并行度的情况下仍以单线程运行的阶段。
+- **衡量实际并行度与理论值的差距** -- 将观测到的并发水平与可用核心数进行对比。
+- **定位慢速编译单元** -- 精确找到编译耗时不成比例的源文件。
+- **调试构建系统配置** -- 检测错误的依赖配置、不必要的串行化或次优的任务调度。
diff --git a/zh/catter/features/command-tree.md b/zh/catter/features/command-tree.md
new file mode 100644
index 0000000..c8d701f
--- /dev/null
+++ b/zh/catter/features/command-tree.md
@@ -0,0 +1,43 @@
+# 命令树
+
+命令树将构建命令的有向无环图以 ASCII 树的形式可视化，展示进程之间的父子关系及其执行的命令。
+
+内置脚本：`script::cmd-tree`
+
+## 用法
+
+```bash
+catter script::cmd-tree [options] -- <build-command>
+```
+
+## 选项
+
+| 选项 | 说明 |
+|------|------|
+| `-d, --depth <n>` | 限制渲染深度。 |
+| `-a, --args <n>` | 每条命令显示的参数数量。默认：全部。 |
+| `-w, --argWidth <n>` | 将过长的参数截断到指定宽度。默认：10 个字符。 |
+
+## 输出
+
+输出为 ANSI 彩色的 ASCII 树，使用制表符（`│`、`├──`、`└──`）绘制。颜色按深度在 4 种颜色之间循环，便于快速区分嵌套层级。
+
+典型的构建树可能如下所示：
+
+```
+make -j8
+├── gcc -c main.c -o main.o
+│   └── as -o main.o /tmp/ccXXXX.s
+├── gcc -c util.c -o util.o
+│   └── as -o util.o /tmp/ccYYYY.s
+└── gcc main.o util.o -o app
+    └── ld -o app main.o util.o -lc
+```
+
+每个节点显示进程的命令行，子节点为该进程派生的子进程。树结构由实际的进程拦截构建而成，因此完全反映构建过程中的真实行为。
+
+## 使用场景
+
+- **理解构建编排** -- 查看构建系统如何调度编译器、汇编器和链接器。
+- **调试异常进程派生** -- 识别构建中未预期的进程调用。
+- **验证拦截完整性** -- 确认所有预期的编译操作都被 catter 正确拦截。
diff --git a/zh/catter/features/compilation-database.md b/zh/catter/features/compilation-database.md
new file mode 100644
index 0000000..245b1dd
--- /dev/null
+++ b/zh/catter/features/compilation-database.md
@@ -0,0 +1,67 @@
+# 编译数据库
+
+编译数据库 (CDB) 是 catter 的核心功能。它在构建过程中拦截编译器调用，生成标准的 `compile_commands.json` 文件，兼容 clang 工具链、语言服务器和各类 IDE。
+
+内置脚本：`script::cdb`
+
+## 用法
+
+```bash
+catter script::cdb [options] -- <build-command>
+```
+
+## 脚本选项
+
+| 选项 | 说明 |
+|------|------|
+| `-o, --output <path>` | `compile_commands.json` 的输出路径。默认为 `build/compile_commands.json`。 |
+| `--abort-on-command-failure` | 任一被拦截的命令失败时，中止整个构建。 |
+| `--save-on-failure` | 即使构建失败，也保存已收集的部分 CDB。 |
+
+## 行为
+
+默认情况下，如果输出路径已存在 `compile_commands.json`，catter 会与之**合并**。相同源文件的新条目会替换旧条目，因此可以增量构建而不丢失之前的记录。
+
+内部流程：
+
+1. 在构建过程中拦截每一次编译器调用。
+2. 使用 `CompilerAnalysis` 分析命令，识别源文件、输出文件和编译器标志。
+3. 构建 `FlatTree`（有向无环图）来追踪输入到输出的边关系。
+4. 构建完成后，遍历树到叶节点源文件，为每个源文件生成一条 CDB 条目。
+
+## CDB 条目格式
+
+输出遵循标准的 clang JSON 编译数据库格式：
+
+```json
+[
+  {
+    "directory": "/path/to/build",
+    "file": "/path/to/source.cpp",
+    "arguments": ["clang++", "-std=c++20", "-c", "source.cpp", "-o", "source.o"],
+    "output": "source.o"
+  }
+]
+```
+
+## 支持的编译器
+
+- **C/C++**：GCC、Clang
+
+编译器包装器如 `ccache`、`distcc`、`sccache` 可被正确识别和透明处理。Catter 也能识别其他编译器（Flang、ifort、NVCC 等），但 `CompilerAnalysis` 目前仅为 GCC 和 Clang 命令生成 CDB 条目。
+
+## 示例
+
+```bash
+# 配合 make 基本使用
+catter script::cdb -- make -j8
+
+# 指定输出路径
+catter script::cdb -o build/compile_commands.json -- ninja
+
+# 配合 CMake
+catter script::cdb -- cmake --build build
+
+# 配合任意构建系统
+catter script::cdb -- ./build.sh
+```
diff --git a/zh/catter/features/fake-compilation.md b/zh/catter/features/fake-compilation.md
new file mode 100644
index 0000000..29488db
--- /dev/null
+++ b/zh/catter/features/fake-compilation.md
@@ -0,0 +1,24 @@
+# 伪编译
+
+> [!WARNING]
+> 此功能尚在计划中，尚未实现。
+
+## 概念
+
+伪编译不将编译任务转发给真正的编译器，而是由 catter 生成占位的 `.o` 文件。这样构建系统可以完成完整的运行流程（包括链接步骤），而无需实际编译。
+
+带来的好处：
+
+- **在极短时间内获得完整的 CDB。** 不执行真正的编译工作，构建速度仅受构建系统调度能力的限制。
+- **完整的链接器命令捕获。** 由于占位目标文件存在于磁盘上，链接器调用可以正常进行并被拦截。
+
+## 智能依赖分析
+
+并非所有命令都可以伪造。代码生成器（如 LLVM TableGen）必须真正执行构建，因为它们生成的头文件是其他编译步骤的输入。
+
+Catter 将通过依赖分析区分以下两类：
+
+- **常规编译** -- 可以伪造。输出的 `.o` 文件仅被链接器消费。
+- **代码生成器** -- 必须真正构建。其输出（生成的头文件、源文件）是其他编译步骤所需的输入。
+
+这实现了"最小构建"：仅构建 CDB 生成和头文件产出所严格需要的部分，其余全部伪造。
diff --git a/zh/catter/features/target-tree.md b/zh/catter/features/target-tree.md
new file mode 100644
index 0000000..0e1b5c9
--- /dev/null
+++ b/zh/catter/features/target-tree.md
@@ -0,0 +1,39 @@
+# 目标树
+
+目标树将构建产物渲染为依赖森林，展示"什么由什么构建而来"。
+
+内置脚本：`script::target-tree`
+
+## 用法
+
+```bash
+catter script::target-tree [options] -- <build-command>
+```
+
+## 选项
+
+| 选项 | 说明 |
+|------|------|
+| `-d, --depth <n>` | 限制渲染深度。 |
+
+## 输出
+
+目标树与命令树的视角相反。它不展示进程的父子关系，而是将输出产物（可执行文件、库文件、目标文件）作为父节点，将其输入文件作为子节点。
+
+例如，命令树中显示 `gcc main.o util.o -o app`，而目标树则显示为：
+
+```
+app
+├── main.o
+│   └── main.c
+├── util.o
+│   └── util.c
+```
+
+这样可以清晰地看到哪些源文件参与了哪些最终产物的构建。
+
+## 使用场景
+
+- **理解目标依赖** -- 查看从最终二进制文件到源文件的完整依赖链。
+- **分析 C++20 模块的构建图** -- 追踪模块接口单元及其使用者。
+- **识别源文件贡献** -- 确定哪些源文件参与了哪些目标的构建，有助于拆分或重构构建结构。
diff --git a/zh/catter/guide/configuration.md b/zh/catter/guide/configuration.md
new file mode 100644
index 0000000..829dd07
--- /dev/null
+++ b/zh/catter/guide/configuration.md
@@ -0,0 +1,80 @@
+# 配置参考
+
+## catter 命令行
+
+```
+catter [选项] <脚本> [脚本参数] -- <构建命令>
+```
+
+### 选项
+
+| 选项 | 说明 | 默认值 |
+|------|------|--------|
+| `-m, --mode <mode>` | 运行模式，控制 catter 拦截进程的方式。 | `inject` |
+| `-d, --dir <path>` | 目标进程的工作目录。 | 当前目录 |
+| `--stdio-mode <mode>` | 子进程标准输入输出的处理方式，见下文。 | `inherit` |
+| `-h, --help` | 显示帮助信息。 | |
+
+### `--stdio-mode`
+
+控制被拦截进程的标准输出和标准错误流的处理方式：
+
+- **`inherit`** -- 实时透传。构建输出会像正常一样显示在终端中。
+- **`capture`** -- 缓冲 stdout 和 stderr。捕获的输出会传递给脚本的 `onFinish` 回调，而不是立即打印。
+
+### 脚本指定
+
+**内置脚本**使用 `script::` 前缀：
+
+```bash
+catter script::<名称> [脚本参数] -- <构建命令>
+```
+
+可用的内置脚本：
+
+| 名称 | 说明 |
+|------|------|
+| `script::cdb` | 生成 `compile_commands.json` |
+| `script::cmd-tree` | 展示构建命令树 |
+| `script::target-tree` | 展示构建目标树 |
+
+**自定义脚本**使用文件路径：
+
+```bash
+catter ./path/to/script.js [脚本参数] -- <构建命令>
+```
+
+## catter-proxy 命令行
+
+::: warning
+`catter-proxy` 是内部组件，由 catter 自动调用，不需要用户直接使用。
+:::
+
+```
+catter-proxy [选项] -- <命令>
+```
+
+| 选项 | 说明 |
+|------|------|
+| `-p <id>` | 用于 IPC 会话的父进程 ID |
+| `<executable>` | 已解析的可执行文件路径 |
+
+## 环境变量
+
+以下环境变量由 catter 在运行时自动设置，此处仅作参考，无需手动配置。
+
+### Unix（Linux / macOS）
+
+| 变量 | 用途 |
+|------|------|
+| `__key_catter_proxy_path_v1` | `catter-proxy` 可执行文件的路径 |
+| `__key_catter_command_id_v1` | IPC 命令标识符 |
+| `LD_PRELOAD`（Linux） | 注入 catter 钩子共享库 |
+| `DYLD_INSERT_LIBRARIES`（macOS） | 注入 catter 钩子共享库 |
+
+### Windows
+
+| 变量 | 用途 |
+|------|------|
+| `CATTER_IPC_ID` | IPC 会话标识符 |
+| `CATTER_PROXY_PATH` | `catter-proxy` 可执行文件的路径 |
diff --git a/zh/catter/guide/quick-start.md b/zh/catter/guide/quick-start.md
new file mode 100644
index 0000000..26bce9b
--- /dev/null
+++ b/zh/catter/guide/quick-start.md
@@ -0,0 +1,77 @@
+# 快速上手
+
+## 前置条件
+
+- [pixi](https://pixi.sh) 环境管理工具
+- 使用任意构建系统（Make、Ninja、CMake、Meson 等）的 C++ 项目
+
+## 安装
+
+Catter 通过 pixi 分发，使用以下命令安装：
+
+```bash
+pixi global install catter
+```
+
+::: info
+Catter 目前处于 v0.1.0 阶段，仍在积极开发中，安装方式可能在后续版本中发生变化。
+:::
+
+## 生成编译数据库
+
+通过 catter 运行你的构建命令，即可捕获所有编译器调用：
+
+```bash
+catter script::cdb -o compile_commands.json -- make
+```
+
+这会在当前目录生成 `compile_commands.json` 文件，可直接用于任何语言服务器或静态分析工具。
+
+## 命令格式
+
+```
+catter [选项] <脚本> [脚本参数] -- <构建命令>
+```
+
+以上面的 CDB 示例为例：
+
+| 部分 | 含义 |
+|------|------|
+| `script::cdb` | 使用内置的 CDB 生成脚本（`script::` 前缀表示内置脚本） |
+| `-o compile_commands.json` | 脚本特定选项：输出文件路径 |
+| `--` | catter/脚本参数与构建命令之间的分隔符 |
+| `make` | 实际要拦截的构建命令 |
+
+## 更多示例
+
+### 命令树可视化
+
+将捕获的构建命令 DAG 以 ASCII 树形式展示：
+
+```bash
+catter script::cmd-tree -- make
+```
+
+### 配合 CMake 使用
+
+```bash
+catter script::cdb -o compile_commands.json -- cmake --build build
+```
+
+### 自定义脚本
+
+使用自己编写的 JavaScript 脚本替代内置脚本：
+
+```bash
+catter ./my-script.js -- cmake --build build
+```
+
+## 脚本开发的 IDE 支持
+
+安装 catter npm 包以获取 TypeScript 类型定义，方便编写自定义脚本时使用 IDE 自动补全：
+
+```bash
+npm install --save-dev catter
+```
+
+这将提供 catter 脚本 API 的 IDE 自动补全和类型检查支持。
diff --git a/zh/catter/guide/what-is-catter.md b/zh/catter/guide/what-is-catter.md
new file mode 100644
index 0000000..ab94f6e
--- /dev/null
+++ b/zh/catter/guide/what-is-catter.md
@@ -0,0 +1,49 @@
+# 什么是 Catter?
+
+Catter 是一个构建过程拦截工具。它通过钩子拦截构建过程中的子进程创建，捕获编译和链接命令，并允许用户使用内嵌的 QuickJS 引擎编写 JavaScript 脚本来处理这些命令。
+
+## 动机
+
+Catter 是为 [clice](https://github.com/clice-io/clice) 这个新的 C++ 语言服务器而创建的。语言服务器依赖[编译数据库 (CDB)](https://clang.llvm.org/docs/JSONCompilationDatabase.html) 来了解每个源文件的编译方式，但获取 CDB 往往非常困难：
+
+- **构建系统支持有限** -- CMake 仅在使用 Makefile 或 Ninja 后端时才能生成 CDB。许多其他流行的 C++ 构建系统完全没有原生 CDB 支持。
+- **构建目录不可访问** -- 当 C++ 代码作为 Python 包的一部分进行构建时，构建目录由外部管理，生成的 CDB 文件无法获取。
+- **代码生成器需要完整构建** -- 像 LLVM 这样的项目使用 `tablegen` 等工具在构建时生成头文件。这些文件通过 `-I` 标志在编译命令中被引用，因此在完整构建之前，语言服务器无法正确解析 include 路径——即使你只是想阅读代码。
+
+目前没有跨平台工具能够完整解决上述所有问题，这就是我们创建 catter 的原因。
+
+## 工作原理
+
+Catter 的方式类似于 [Bear](https://github.com/rizsotto/Bear) 和 [scan-build](https://github.com/rizsotto/scan-build)。它使用平台特定的钩子（Linux 上的 `LD_PRELOAD`、macOS 上的 `DYLD_INSERT_LIBRARIES`、Windows 上的 DLL 注入）拦截子进程创建。每个被拦截的命令会发送到一个决策守护进程，该进程通过 QuickJS 运行用户提供的 JavaScript 脚本，决定如何处理每条命令。
+
+## 核心功能
+
+### 编译数据库生成
+
+最主要的用例。Catter 可以跨任意构建系统捕获编译器调用，生成标准的 `compile_commands.json`，无需构建系统插件或特殊配置。
+
+### 链接器分析
+
+通过捕获链接器命令，catter 可以重建构建目标之间的依赖图。这对 C++20 模块支持至关重要：C++ 标准规定一个程序中同名模块最多只能有一个，而"程序"由目标（库、可执行文件）定义。这些目标信息在 CDB 标准中是缺失的，但 catter 可以从链接器命令中推断出来。
+
+### 伪编译（计划中）
+
+不将编译任务转发给真正的编译器，catter 将能够生成占位目标文件。这使得构建系统可以正常运行而无需实际编译，从而在极短的时间内生成完整的 CDB。代码生成器（如 `tablegen`）仍然会正常构建——catter 会分析依赖关系以确定必须真正编译的最小工具集。
+
+### 构建性能分析（计划中）
+
+捕获构建过程中的进程时间、持续时间和父子关系，可以在浏览器中可视化渲染，帮助分析构建并行度和识别性能瓶颈。
+
+### 自定义脚本修补
+
+借助内嵌的 QuickJS 引擎，用户可以编写 JavaScript 脚本来动态修改、重定向或注入构建命令的逻辑——无需修改原始构建文件。
+
+## 架构概览
+
+Catter 由三个部分组成：
+
+- **HOOK** -- 注入到进程中的平台特定库，用于拦截子进程创建。
+- **PROXY**（`catter-proxy`）-- 管理钩子注入并充当编译器包装器，将被拦截的命令转发给决策守护进程。
+- **DECISION**（`catter`）-- 主守护进程。运行 JS 运行时，接收来自 proxy 的被拦截命令，并决定如何处理每条命令。
+
+关于架构和 IPC 流程的详细介绍，请参阅[设计文档](../design/architecture)。
diff --git a/zh/catter/index.md b/zh/catter/index.md
new file mode 100644
index 0000000..19071ad
--- /dev/null
+++ b/zh/catter/index.md
@@ -0,0 +1,29 @@
+---
+layout: home
+
+hero:
+  name: catter
+  text: 构建过程拦截工具
+  tagline: 跨构建系统捕获、分析和修改 C++ 编译命令
+  actions:
+    - theme: brand
+      text: 什么是 catter？
+      link: ./guide/what-is-catter
+    - theme: alt
+      text: 快速开始
+      link: ./guide/quick-start
+
+features:
+  - icon: 🔍
+    title: 通用编译数据库生成
+    details: 从任何构建系统生成 compile_commands.json — Make、Ninja、CMake 或自定义脚本
+  - icon: 🪝
+    title: 深度进程拦截
+    details: 在操作系统层面拦截进程创建（Unix 上使用 LD_PRELOAD，Windows 上使用 DLL 注入）
+  - icon: 📜
+    title: JavaScript 脚本
+    details: 使用内嵌的 QuickJS 引擎编写自定义脚本来分析、过滤或修改构建命令
+  - icon: 🌳
+    title: 构建图分析
+    details: 可视化命令树和目标依赖关系，帮助理解构建结构
+---
diff --git a/zh/catter/scripting/builtin-modules.md b/zh/catter/scripting/builtin-modules.md
new file mode 100644
index 0000000..e2bd6be
--- /dev/null
+++ b/zh/catter/scripting/builtin-modules.md
@@ -0,0 +1,379 @@
+# 内置模块参考
+
+Catter 提供多个内置模块，通过 `import { ... } from "catter"` 导入。本页介绍核心 `service`、`cmd` 和 `option` API 之外的工具模块。
+
+## fs -- 文件系统
+
+`fs` 模块提供同步文件操作和路径工具。
+
+### 文件操作
+
+```js
+import { fs } from "catter";
+
+fs.exists("/path/to/file");        // boolean
+fs.isFile("/path/to/file");        // boolean
+fs.isDir("/path/to/dir");          // boolean
+fs.pwd();                          // 当前工作目录
+fs.readDirs("/path/to/dir");       // string[]，绝对路径数组
+fs.mkdir("/path/to/dir");          // 创建目录（默认递归）
+fs.createFile("/path/to/file");    // 创建空文件（默认递归）
+fs.removeAll("/path/to/dir");      // 递归删除文件或目录
+fs.rename("old", "new");           // 重命名/移动，old 不存在时返回 false
+```
+
+### 路径工具
+
+```js
+import { fs } from "catter";
+
+fs.path.isAbsolute("/tmp/file");           // true
+fs.path.absolute("./relative");            // 解析为绝对路径
+fs.path.joinAll("/home", "user", "file");  // "/home/user/file"
+fs.path.toAncestor("/a/b/c/d", 2);        // "/a/b"
+fs.path.extension("file.cpp");             // ".cpp"
+fs.path.filename("/path/to/file.txt");     // "file.txt"
+fs.path.relativeTo("/home", "/home/user"); // "user"
+fs.path.lexicalNormal("src/./a/../b.cc");  // "src/b.cc"
+```
+
+### 异步操作
+
+```js
+import { fs } from "catter";
+
+await fs.async.exists(path);
+await fs.async.isFile(path);
+await fs.async.isDir(path);
+await fs.async.readDirs(path);
+await fs.async.mkdir(path);
+await fs.async.createFile(path);
+await fs.async.removeAll(path);
+await fs.async.rename(oldPath, newPath);
+await fs.async.readText(path);         // 读取文件为字符串
+await fs.async.writeText(path, text);  // 将字符串写入文件
+```
+
+## io -- 输入/输出
+
+### 文本输出
+
+```js
+import { io } from "catter";
+
+io.print("no newline");
+io.println("with newline");
+io.coloredPrint("warning", "yellow");
+io.coloredPrintln("error", "red");
+io.coloredPrintln("success", "green");
+io.coloredPrintln("info", "blue");
+```
+
+支持的颜色：`"red"`、`"yellow"`、`"blue"`、`"green"`。
+
+### 二进制文件流
+
+`FileStream` 类提供底层的二进制读写能力：
+
+```js
+import { io } from "catter";
+
+const stream = new io.FileStream("data.bin");
+const bytes = stream.read(1024);
+stream.write(new Uint8Array([1, 2, 3]));
+stream.append(new Uint8Array([4, 5]));
+const size = stream.file_size();
+const all = stream.readEntireFile();
+stream.close();
+```
+
+使用 `with()` 模式自动清理资源：
+
+```js
+io.FileStream.with("data.bin", (stream) => {
+  const data = stream.readEntireFile();
+  io.println(`Read ${data.length} bytes`);
+});
+```
+
+文件定位操作使用 `SeekWhence`：
+
+```js
+stream.seekRead(0, io.SeekWhence.SET);   // 文件开头
+stream.seekWrite(0, io.SeekWhence.END);  // 文件末尾
+stream.seekRead(10, io.SeekWhence.CUR);  // 相对当前位置
+```
+
+### 文本文件流
+
+`TextFileStream` 类封装了 `FileStream`，支持编码（ASCII 和 UTF-8）：
+
+```js
+import { io } from "catter";
+
+io.TextFileStream.with("log.txt", "utf-8", (stream) => {
+  const lines = stream.readLines();
+  for (const line of lines) {
+    io.println(line);
+  }
+});
+```
+
+主要方法：
+
+| 方法 | 描述 |
+|------|------|
+| `read(chars)` | 读取 N 个字符 |
+| `write(text)` | 写入字符串 |
+| `readLine()` | 读取一行（不包含换行符） |
+| `readLines()` | 将所有行读入数组 |
+| `readUntil(delimiter)` | 读取到分隔符为止 |
+| `readEntireFile()` | 将整个文件读取为字符串 |
+| `append(text)` | 追加到文件末尾 |
+
+## os -- 操作系统
+
+```js
+import { os } from "catter";
+
+os.platform();  // "linux" | "macos" | "windows"
+os.arch();      // "x86" | "x64" | "arm" | "arm64"
+```
+
+## http -- HTTP 客户端
+
+### 快捷方法
+
+```js
+import { http } from "catter";
+
+const text = await http.text("https://example.com");
+const data = await http.json("https://api.example.com/data");
+const res = await http.get(url);
+const res = await http.post(url, body);
+const res = await http.put(url, body);
+const res = await http.patch(url, body);
+const res = await http.del(url);
+const res = await http.head(url);
+```
+
+### 完整请求
+
+```js
+import { http } from "catter";
+
+const response = await http.request("https://example.com/api", {
+  method: "POST",
+  headers: { "Content-Type": "application/json" },
+  body: JSON.stringify({ key: "value" }),
+  timeoutMs: 5000,
+  maxRedirects: 5,
+});
+
+io.println(`Status: ${response.status}`);  // 200
+io.println(`OK: ${response.ok}`);          // true
+io.println(`Body: ${response.text()}`);
+const data = response.json();
+const contentType = response.header("content-type");
+```
+
+### Response 对象
+
+| 字段/方法 | 类型 | 描述 |
+|----------|------|------|
+| `status` | `number` | HTTP 状态码 |
+| `ok` | `boolean` | 状态码为 2xx 时为 true |
+| `url` | `string` | 最终 URL（经过重定向后） |
+| `body` | `string` | 响应体 |
+| `headers` | `Record<string, string>` | 规范化的响应头（小写键名） |
+| `text()` | `string` | 以字符串形式返回响应体 |
+| `json()` | `T` | 将响应体解析为 JSON |
+| `header(name)` | `string \| undefined` | 按名称获取响应头（不区分大小写） |
+
+### 请求选项
+
+| 选项 | 类型 | 默认值 | 描述 |
+|------|------|--------|------|
+| `method` | `string` | `"GET"` | HTTP 方法 |
+| `headers` | `Record \| Array` | `{}` | 请求头 |
+| `body` | `string` | `""` | 请求体 |
+| `timeoutMs` | `number` | `-1`（无超时） | 请求超时时间 |
+| `maxRedirects` | `number` | `-1`（默认） | 最大重定向次数 |
+| `proxy` | `string` | `""` | 代理 URL |
+
+### 复用客户端
+
+对于多次请求，可以创建可复用的客户端：
+
+```js
+const client = new http.Client();
+const res = await client.get(url);
+client.close();
+```
+
+## time -- 时间工具
+
+### 时间戳
+
+```js
+import { time } from "catter";
+
+time.now();          // Unix 时间戳（毫秒），与 time.unixMs() 相同
+time.unixMs();       // Unix 时间戳（毫秒）
+time.unixUs();       // Unix 时间戳（微秒）
+time.unixSeconds();  // Unix 时间戳（秒）
+time.monotonicMs();  // 单调时钟（毫秒，用于计算耗时）
+time.monotonicUs();  // 单调时钟（微秒）
+```
+
+### 时间间隔转换
+
+所有时间间隔辅助函数以毫秒为单位：
+
+```js
+time.ms(1500);       // 1500（恒等，用于代码清晰性）
+time.seconds(2);     // 2000
+time.minutes(1);     // 60000
+time.hours(1);       // 3600000
+time.days(1);        // 86400000
+time.ns(1000000);    // 1
+time.us(1000);       // 1
+```
+
+在任意单位之间转换：
+
+```js
+time.convert(2, "s", "ms");  // 2000
+time.toMs(5, "s");           // 5000
+time.fromMs(60000, "min");   // 1
+```
+
+### 耗时计算
+
+```js
+const start = time.monotonicMs();
+// ... 执行操作 ...
+const ms = time.elapsedMs(start);
+const seconds = time.elapsed(start, "s");
+```
+
+## debug -- 断言
+
+```js
+import { debug } from "catter";
+
+debug.assertPrint(condition);         // 失败时打印 "assertion failed!"
+debug.assertThrow(condition);         // 失败时抛出 Error
+debug.assertDo(condition, () => {     // 失败时执行回调
+  io.println("custom failure handler");
+});
+```
+
+## cli -- 脚本参数解析
+
+`cli` 模块提供声明式的参数解析器，用于解析脚本选项。通常在 `onStart` 中使用，解析 `config.scriptArgs`。
+
+### 定义命令
+
+```js
+import { cli } from "catter";
+
+const myCommand = cli.command({
+  name: "my-script",
+  description: "My custom build analysis script.",
+  options: [
+    cli.string("output", {
+      short: "o",
+      valueName: "path",
+      description: "Output file path.",
+    }),
+    cli.flag("verbose", {
+      short: "v",
+      description: "Enable verbose output.",
+    }),
+    cli.number("depth", {
+      short: "d",
+      description: "Maximum tree depth.",
+      default: 3,
+      min: 1,
+      max: 100,
+    }),
+    cli.string("include", {
+      short: "I",
+      description: "Include paths.",
+      multiple: true,
+    }),
+  ] as const,
+  positionals: [
+    cli.positional("files", {
+      multiple: true,
+      required: false,
+      description: "Additional input files.",
+    }),
+  ] as const,
+  examples: [
+    "my-script -o result.json",
+    {
+      command: "my-script -v -d 5 -o out.json",
+      description: "Verbose output with depth 5.",
+    },
+  ],
+});
+```
+
+### 解析参数
+
+使用 `cli.run()` 最为简便 -- 它会自动打印帮助/错误信息，解析成功返回值对象，失败返回 `undefined`：
+
+```js
+service.onStart((config) => {
+  const result = cli.run(myCommand, config.scriptArgs);
+  if (result === undefined) {
+    config.execute = false;
+    return config;
+  }
+
+  io.println(`Output: ${result.output}`);    // string | undefined
+  io.println(`Verbose: ${result.verbose}`);  // boolean
+  io.println(`Depth: ${result.depth}`);      // number
+  io.println(`Files: ${result.files}`);      // string[]
+  return config;
+});
+```
+
+需要更细粒度的控制时，使用 `cli.parse()`（返回结果对象）或 `cli.parseOrThrow()`（失败时抛出 `CLIParseError`）：
+
+```js
+const result = cli.parse(myCommand, args);
+if (!result.ok) {
+  io.println(cli.formatError(result));
+  return;
+}
+if (result.helpRequested) {
+  io.println(result.usage);
+  return;
+}
+// result.values 是解析后的值对象
+```
+
+### 选项类型
+
+| 工厂函数 | 值类型 | 描述 |
+|----------|--------|------|
+| `cli.flag(name, opts)` | `boolean` | 布尔标志，默认 `false` |
+| `cli.string(name, opts)` | `string` | 字符串选项 |
+| `cli.number(name, opts)` | `number` | 数字选项（支持 `min`、`max`、`integer`） |
+| `cli.positional(name, opts)` | `string` | 位置参数 |
+
+所有选项类型均支持 `short`、`description`、`required`、`multiple`、`default` 和 `hidden`。数字选项额外支持 `min`、`max` 和 `integer`。字符串和数字选项支持 `parse` 函数进行自定义验证。
+
+### 使用说明文本
+
+以编程方式生成格式化的帮助文本：
+
+```js
+const helpText = cli.usage(myCommand);
+io.println(helpText);
+```
+
+内置的 `-h` / `--help` 处理默认启用。在命令定义中设置 `help: false` 可禁用。
diff --git a/zh/catter/scripting/command-analysis.md b/zh/catter/scripting/command-analysis.md
new file mode 100644
index 0000000..85cd560
--- /dev/null
+++ b/zh/catter/scripting/command-analysis.md
@@ -0,0 +1,217 @@
+# 命令分析
+
+`cmd` 模块提供编译器和归档工具命令行的结构化分析。它能识别编译阶段、产物类型、输入文件、输出文件以及依赖边。
+
+## CompilerAnalysis
+
+分析编译器命令行（GCC、Clang），提取结构化信息。
+
+```js
+import { cmd, io, service } from "catter";
+
+service.onCommand((ctx) => {
+  if (!ctx.capture.success) return;
+
+  const argv = ctx.capture.data.argv;
+  const analysis = cmd.CompilerAnalysis.analyze(argv);
+
+  if (analysis) {
+    io.println(`Phase: ${analysis.phase}`);
+    io.println(`Artifact: ${analysis.artifact}`);
+    io.println(`Compiler: ${analysis.compiler}`);
+    io.println(`Sources: ${analysis.sourceInputs().join(", ")}`);
+    io.println(`Outputs: ${analysis.outputs().join(", ")}`);
+  }
+});
+```
+
+### 静态方法
+
+| 方法 | 描述 |
+|------|------|
+| `CompilerAnalysis.supports(argv)` | 检查命令是否看起来像编译器调用 |
+| `CompilerAnalysis.analyze(argv)` | 完整分析，非编译器命令返回 `undefined` |
+| `CompilerAnalysis.from(analysis)` | 将通用 `Analysis` 收窄为 `CompilerAnalysis` |
+
+### 实例属性
+
+| 属性 | 类型 | 描述 |
+|------|------|------|
+| `compiler` | `"clang" \| "gcc"` | 识别到的编译器 |
+| `phase` | `CompilerPhase` | 编译阶段（见下文） |
+| `artifact` | `CompilerArtifact` | 输出产物类型（见下文） |
+| `style` | `"gnu" \| "cl"` | 驱动选项的语法风格 |
+| `type` | `CompilerType \| undefined` | 旧版兼容分类 |
+
+### 实例方法
+
+| 方法 | 返回值 | 描述 |
+|------|--------|------|
+| `inputs()` | `string[]` | 所有输入文件路径 |
+| `sourceInputs()` | `string[]` | 仅源文件路径 |
+| `inputEntries()` | `CompilerInput[]` | 带元数据的输入：`{path, kind, index}` |
+| `outputs()` | `string[]` | 生成的输出文件路径 |
+| `edges()` | `Edge[]` | 依赖边（输入到输出的映射） |
+
+每个 `CompilerInput` 包含：
+
+- `path` -- 文件路径
+- `kind` -- `"source"` 或 `"link"`
+- `index` -- 在原始 argv 中的位置
+
+每个 `Edge` 包含：
+
+- `output` -- 输出文件路径
+- `inputs` -- 产生该输出的输入文件路径数组
+
+对于编译命令，边会将每个目标文件与其对应的源文件配对。对于链接命令，所有输入都指向每个输出。
+
+### 支持的阶段
+
+| 阶段 | 值 |
+|------|-----|
+| `CompilerPhase.Preprocess` | `"preprocess"` |
+| `CompilerPhase.SyntaxOnly` | `"syntax-only"` |
+| `CompilerPhase.Compile` | `"compile"` |
+| `CompilerPhase.Link` | `"link"` |
+| `CompilerPhase.Archive` | `"archive"` |
+| `CompilerPhase.RelocatableLink` | `"relocatable-link"` |
+| `CompilerPhase.DeviceLink` | `"device-link"` |
+
+### 支持的产物类型
+
+| 产物 | 值 |
+|------|-----|
+| `CompilerArtifact.None` | `"none"` |
+| `CompilerArtifact.Stdout` | `"stdout"` |
+| `CompilerArtifact.Object` | `"object"` |
+| `CompilerArtifact.Executable` | `"exe"` |
+| `CompilerArtifact.SharedLibrary` | `"shared"` |
+| `CompilerArtifact.StaticLibrary` | `"static-lib"` |
+| `CompilerArtifact.Assembly` | `"asm"` |
+| `CompilerArtifact.LlvmIR` | `"llvm-ir"` |
+| `CompilerArtifact.LlvmBitcode` | `"llvm-bc"` |
+| `CompilerArtifact.Pch` | `"pch"` |
+| `CompilerArtifact.Pcm` | `"pcm"` |
+| `CompilerArtifact.Ptx` | `"ptx"` |
+| `CompilerArtifact.Cubin` | `"cubin"` |
+| `CompilerArtifact.Fatbin` | `"fatbin"` |
+
+## ArchiverAnalysis
+
+分析归档命令（`ar`、`llvm-ar`、`gcc-ar`）。
+
+```js
+import { cmd } from "catter";
+
+const argv = ["llvm-ar", "rcs", "libfoo.a", "foo.o", "bar.o"];
+const analysis = cmd.ArchiverAnalysis.analyze(argv);
+
+if (analysis) {
+  io.println(`Operation: ${analysis.operation}`);  // "r"
+  io.println(`Archive: ${analysis.archive}`);       // "libfoo.a"
+  io.println(`Members: ${analysis.members}`);       // ["foo.o", "bar.o"]
+  io.println(`Thin: ${analysis.thin}`);             // false
+}
+```
+
+### 实例属性
+
+| 属性 | 类型 | 描述 |
+|------|------|------|
+| `operation` | `ArchiverOperation` | 归档操作（`"r"`、`"x"`、`"t"` 等） |
+| `modifiers` | `string[]` | 修饰符字母（如 `["c", "s"]`） |
+| `thin` | `boolean` | 是否请求了 thin 归档模式 |
+| `archive` | `string \| undefined` | 归档文件路径 |
+| `members` | `string[]` | 成员文件路径 |
+
+### 支持的操作
+
+分析器目前支持以下操作：
+
+| 操作 | 值 | 描述 |
+|------|-----|------|
+| `ArchiverOperation.Print` | `"p"` | 打印成员 |
+| `ArchiverOperation.QuickAppend` | `"q"` | 快速追加 |
+| `ArchiverOperation.ReplaceOrInsert` | `"r"` | 替换或插入成员 |
+| `ArchiverOperation.Table` | `"t"` | 列出内容 |
+
+其他 `ar` 操作（`d`、`m`、`s`、`x`）在枚举中已定义，但 `ArchiverAnalysis.analyze()` 对它们会返回 `undefined`。
+
+## Registry
+
+分析器被组织在 `Registry` 中。默认注册表包含 `CompilerAnalysis` 和 `ArchiverAnalysis`。
+
+### 使用默认注册表
+
+```js
+import { cmd } from "catter";
+
+// 使用所有内置分析器进行分析
+const analysis = cmd.analyze(["clang", "-c", "main.c"]);
+
+// 检查是否有分析器能处理该命令
+const canHandle = cmd.canHandle(["clang", "-c", "main.c"]);
+```
+
+### 自定义注册表
+
+```js
+import { cmd } from "catter";
+
+const registry = new cmd.Registry();
+registry.register(cmd.CompilerAnalysis);
+registry.register(cmd.ArchiverAnalysis);
+
+const analysis = registry.analyze(["gcc", "-c", "main.c"]);
+```
+
+### 添加自定义分析器
+
+实现 `Analyzer` 接口，提供 `key`、`supports()` 和 `analyze()`：
+
+```js
+import { cmd } from "catter";
+
+class MyToolAnalysis extends cmd.Analysis {
+  static key = "my-tool";
+
+  static supports(argv) {
+    return argv[0]?.endsWith("my-tool") ?? false;
+  }
+
+  static analyze(argv) {
+    if (!MyToolAnalysis.supports(argv)) return undefined;
+    return new MyToolAnalysis(argv);
+  }
+
+  constructor(argv) {
+    const inputs = [argv[1]];
+    const outputs = [argv[2]];
+    super("my-tool", inputs, outputs);
+  }
+}
+
+// 注册到全局注册表
+cmd.register(MyToolAnalysis);
+
+// 或使用独立的注册表
+const registry = new cmd.Registry();
+registry.register(MyToolAnalysis);
+```
+
+### 收窄分析结果
+
+从注册表获取通用 `Analysis` 后，使用静态 `from()` 方法进行类型收窄：
+
+```js
+const analysis = cmd.analyze(argv);
+const compiler = cmd.CompilerAnalysis.from(analysis);
+const archiver = cmd.ArchiverAnalysis.from(analysis);
+
+if (compiler) {
+  io.println(`Compiler phase: ${compiler.phase}`);
+} else if (archiver) {
+  io.println(`Archiver operation: ${archiver.operation}`);
+}
+```
diff --git a/zh/catter/scripting/option-parsing.md b/zh/catter/scripting/option-parsing.md
new file mode 100644
index 0000000..5f10d94
--- /dev/null
+++ b/zh/catter/scripting/option-parsing.md
@@ -0,0 +1,213 @@
+# 编译器选项解析
+
+`option` 模块提供主流 C/C++ 工具链的完整选项表解析，数据源自 LLVM 的选项定义。它可以解析、查询、重写和跨工具链转换编译器选项。
+
+## 支持的选项表
+
+| 选项表 | 工具链 |
+|--------|--------|
+| `"clang"` | Clang/GCC 驱动选项 |
+| `"nvcc"` | NVIDIA CUDA 编译器 |
+| `"lld-elf"` | LLD 链接器 (ELF/Linux) |
+| `"lld-coff"` | LLD 链接器 (COFF/Windows) |
+| `"lld-macho"` | LLD 链接器 (Mach-O/macOS) |
+| `"lld-mingw"` | LLD 链接器 (MinGW) |
+| `"lld-wasm"` | LLD 链接器 (WebAssembly) |
+| `"llvm-lib"` | LLVM 库管理器 |
+| `"llvm-dlltool"` | LLVM DLL 工具 |
+
+## 收集解析结果
+
+将参数数组中的所有选项解析为结构化数据：
+
+```js
+import { option } from "catter";
+
+const args = ["-std=c++20", "-O2", "-c", "main.cc", "-o", "main.o"];
+const items = option.collect("clang", args);
+
+if (typeof items === "string") {
+  throw new Error(`Parse error: ${items}`);
+}
+
+for (const item of items) {
+  const meta = option.info("clang", item);
+  io.println(`${meta.prefixedKey} => ${item.values.join(", ")}`);
+}
+```
+
+## 流式解析
+
+使用回调而非收集方式进行解析：
+
+```js
+import { option } from "catter";
+
+option.parse("clang", args, (result) => {
+  if (typeof result === "string") {
+    io.println(`Error: ${result}`);
+    return false; // 停止解析
+  }
+  io.println(`Option: ${result.key}, values: ${result.values}`);
+  return true; // 继续
+});
+```
+
+## 选项查询
+
+获取已解析选项的元数据：
+
+```js
+const items = option.collect("clang", ["-std=c++20"]);
+if (Array.isArray(items)) {
+  const info = option.info("clang", items[0]);
+  io.println(info.prefixedKey); // "-std="
+  io.println(info.kind);       // OptionKindClass.JoinedClass
+  io.println(info.help);       // 来自 LLVM 选项表的帮助文本
+}
+```
+
+## 渲染选项
+
+将解析后的选项项转换回命令行字符串：
+
+```js
+const str = option.stringify("clang", item);
+io.println(str); // 例如 "-std=c++20"
+```
+
+## 别名解析
+
+将别名选项转换为规范形式：
+
+```js
+const items = option.collect("nvcc", ["-ofoo.o"]);
+if (Array.isArray(items)) {
+  option.convertToUnalias("nvcc", items[0]);
+  io.println(items[0].key); // "--output-file"
+}
+```
+
+注意：`convertToUnalias()` 会原地修改传入的 item 对象并返回，方便链式调用。
+
+## 重写参数
+
+替换或删除参数数组中的选项：
+
+```js
+import { option } from "catter";
+
+const rewritten = option.replace("clang", ["-Iold", "-O0", "main.cc"], (result) => {
+  if (typeof result === "string") {
+    throw new Error(result);
+  }
+
+  // 替换头文件搜索路径
+  if (result.key === "-I") {
+    return { ...result, values: ["new-include"] };
+  }
+
+  // 移除优化选项（返回字符串以替换该段）
+  if (result.key === "-O") {
+    return "-O2";
+  }
+
+  // 返回 undefined 保持不变
+});
+
+io.println(rewritten); // "-Inew-include -O2 main.cc"
+```
+
+回调可以返回：
+
+| 返回值 | 效果 |
+|--------|------|
+| `undefined` | 保持原始文本 |
+| `OptionItem` | 替换为渲染后的选项 |
+| `string` | 替换为该字符串 |
+| `string[]` | 替换为合并后的数组 |
+| `boolean` | `true` 继续，`false` 停止 |
+
+## 跨选项表转换
+
+将参数从一个选项表转换到另一个，仅保留在目标表中有效的选项：
+
+```js
+import { option } from "catter";
+
+const nvccArgs = ["--gpu-architecture=sm_70", "-std=c++17", "-O2"];
+const clangArgs = option.table2table("nvcc", "clang", nvccArgs);
+
+if (typeof clangArgs === "string") {
+  throw new Error(clangArgs);
+}
+
+io.println(clangArgs.join(" ")); // 两个表中都有效的选项
+```
+
+该函数先用源表解析参数，将其拆分为逐选项的片段，然后用目标表重新解析每个片段。解析为 `UnknownClass` 或匹配排除 ID 的片段会被丢弃。
+
+## OptionItem 结构
+
+每个解析后的选项表示为 `OptionItem`：
+
+| 字段 | 类型 | 描述 |
+|------|------|------|
+| `key` | `string` | 选项键（如 `"-std="`、`"-c"`、`"-I"`） |
+| `values` | `string[]` | 选项值数组 |
+| `id` | `number` | 选项表中的数字 ID |
+| `unalias` | `number \| undefined` | 如果是别名，则为规范选项的 ID |
+| `index` | `number` | 在原始 args 中的位置 |
+
+## OptionInfo 结构
+
+`option.info()` 返回的元数据：
+
+| 字段 | 类型 | 描述 |
+|------|------|------|
+| `id` | `number` | 数字选项 ID |
+| `prefixedKey` | `string` | 完整选项字符串（如 `"-std="`） |
+| `kind` | `OptionKindClass` | 选项类型（见下文） |
+| `group` | `number` | 分组 ID |
+| `alias` | `number` | 别名目标 ID |
+| `aliasArgs` | `string[]` | 解析别名时追加的参数 |
+| `flags` | `number` | 选项标志位 |
+| `visibility` | `number` | 平台可见性掩码 |
+| `param` | `number` | 多参数选项的参数个数 |
+| `help` | `string` | 来自 LLVM 表的帮助文本 |
+| `meta_var` | `string` | 帮助文本中的占位符标签 |
+
+## 选项类型
+
+`OptionKindClass` 枚举描述了选项如何消费参数：
+
+| 类型 | 描述 |
+|------|------|
+| `FlagClass` | 无值（如 `-c`、`-v`） |
+| `JoinedClass` | 值直接连接在键后面（如 `-std=c++20`） |
+| `SeparateClass` | 值在下一个参数中（如 `-o main.o`） |
+| `JoinedOrSeparateClass` | 连接或分离均可（如 `-Ipath` 或 `-I path`） |
+| `CommaJoinedClass` | 逗号分隔的值连接在键后面 |
+| `RemainingArgsClass` | 消费所有剩余参数 |
+| `RemainingArgsJoinedClass` | 键 + 剩余参数 |
+| `MultiArgClass` | 固定数量的分离值参数 |
+| `ValuesClass` | 多个分离的值 |
+| `InputClass` | 位置输入（源文件） |
+| `UnknownClass` | 未识别的选项 |
+| `GroupClass` | 选项分组（非实际选项） |
+
+## 可见性过滤
+
+解析时可以按平台可见性过滤选项。这对于处理平台特定选项（如 MSVC 风格的 `/TC`）很有用：
+
+```js
+import { option } from "catter";
+
+// 使用默认可见性解析（所有选项可见）
+const items = option.collect("clang", args);
+
+// 使用显式可见性掩码过滤平台特定选项
+const clItems = option.collect("clang", args, ClangVisibility.CLOption);
+```
+
+每个选项表导出自己的可见性常量（如 `ClangVisibility.DefaultVis`、`ClangVisibility.CLOption`）。
diff --git a/zh/catter/scripting/overview.md b/zh/catter/scripting/overview.md
new file mode 100644
index 0000000..b2ece22
--- /dev/null
+++ b/zh/catter/scripting/overview.md
@@ -0,0 +1,94 @@
+# 脚本系统概述
+
+Catter 内嵌了 [QuickJS-ng](https://github.com/nicklausw/quickjs-ng) (v0.11.0) 作为 JavaScript 引擎。脚本使用 JavaScript 编写（也可通过 `catter` npm 包获得 TypeScript 类型检查支持）。该运行时并非 Node.js，而是一个轻量的嵌入式引擎，提供专属的 API 接口。
+
+## 脚本生命周期
+
+1. 用户运行：`catter <script> [script-args] -- <build-command>`
+2. Catter 加载并执行脚本。
+3. 脚本通过 `service.register()` 注册服务回调。
+4. 调用 `onStart(config)` —— 脚本可以查看和修改构建配置。
+5. 开始执行构建（如果 `config.execute` 为 true）。
+6. 每拦截到一个命令，调用 `onCommand(ctx)` —— 脚本决定如何处理该命令。
+7. 每个命令执行完毕后，调用 `onExecution(ctx)` 并传入执行结果。
+8. 构建完成时，调用 `onFinish(result)` 并传入进程退出码、stdout 和 stderr。
+
+## 脚本类型
+
+**内置脚本**使用 `script::` 前缀选择：
+
+| 脚本 | 描述 |
+|------|------|
+| `script::cdb` | 生成 `compile_commands.json` 编译数据库 |
+| `script::cmd-tree` | 以 ASCII 树形式展示捕获的构建命令 DAG |
+| `script::target-tree` | 展示构建目标的依赖树 |
+
+**自定义脚本**可以是任意 `.js` 文件路径：
+
+```bash
+catter ./my-script.js -- cmake --build build
+```
+
+## 开发时的类型支持
+
+安装 `catter` npm 包以获取 TypeScript 类型定义：
+
+```bash
+npm install --save-dev catter
+```
+
+然后在脚本中：
+
+```js
+// @ts-check
+import { service, fs, io } from "catter";
+```
+
+这样可以在 IDE 中获得完整的自动补全和类型检查支持。
+
+## 最小示例
+
+```js
+import { service, io } from "catter";
+
+service.register({
+  onStart(config) {
+    io.println("Build starting...");
+    return config;
+  },
+  onCommand(ctx) {
+    if (ctx.capture.success) {
+      io.println(`Command: ${ctx.capture.data.argv[0]}`);
+    }
+    // 不返回任何内容 = 让命令正常执行
+  },
+  onFinish(result) {
+    io.println(`Build finished with code ${result.code}`);
+  }
+});
+```
+
+## 可用模块
+
+`catter` 包提供以下命名空间模块：
+
+| 模块 | 用途 |
+|------|------|
+| `service` | 服务生命周期注册和回调 |
+| `cmd` | 命令分析（编译器、归档工具） |
+| `option` | 编译器选项表解析和重写 |
+| `fs` | 文件系统操作和路径工具 |
+| `io` | 标准输出、彩色打印、文件流 |
+| `os` | 平台和架构检测 |
+| `http` | HTTP 客户端，支持 GET、POST 等请求 |
+| `time` | 时间戳和时间间隔工具 |
+| `debug` | 断言辅助函数 |
+| `cli` | 脚本参数声明式解析 |
+| `data` | 数据结构（用于 DAG 的 FlatTree） |
+| `scripts` | 预构建脚本工厂（`scripts.cdb()` 等） |
+
+按需导入：
+
+```js
+import { service, cmd, option, fs, io, os, http, time, debug, cli } from "catter";
+```
diff --git a/zh/catter/scripting/service-api.md b/zh/catter/scripting/service-api.md
new file mode 100644
index 0000000..ccb4a69
--- /dev/null
+++ b/zh/catter/scripting/service-api.md
@@ -0,0 +1,230 @@
+# Service API 参考
+
+Service API 是 catter 脚本系统的核心。它允许你注册回调函数来响应构建生命周期事件：启动、命令拦截、执行结果和完成。
+
+## 注册
+
+注册一个包含一个或多个回调的服务对象：
+
+```js
+import { service } from "catter";
+
+service.register({
+  onStart(config) { /* ... */ },
+  onCommand(ctx) { /* ... */ },
+  onExecution(ctx) { /* ... */ },
+  onFinish(result) { /* ... */ }
+});
+```
+
+所有回调都是可选的。也可以使用便捷方法单独注册某个回调：
+
+```js
+service.onStart((config) => { /* ... */ });
+service.onCommand((ctx) => { /* ... */ });
+service.onExecution((ctx) => { /* ... */ });
+service.onFinish((result) => { /* ... */ });
+```
+
+## onStart
+
+```
+onStart(config: CatterConfig) => CatterConfig | void
+```
+
+在构建执行前调用。接收运行时配置对象。返回（可能已修改的）配置以应用更改，或不返回任何内容表示接受当前配置。
+
+**CatterConfig 字段：**
+
+| 字段 | 类型 | 描述 |
+|------|------|------|
+| `scriptPath` | `string` | 正在执行的脚本路径 |
+| `scriptArgs` | `string[]` | 传递给脚本的参数（`--` 之前的部分） |
+| `buildSystemCommand` | `string[]` | 构建命令（`--` 之后的部分） |
+| `buildSystemCommandCwd` | `string` | 构建命令的工作目录 |
+| `runtime` | `CatterRuntime` | 运行时能力（见下文） |
+| `options` | `object` | 日志级别、stdio 模式等选项 |
+| `execute` | `boolean` | 设为 `false` 可阻止构建执行 |
+
+**CatterRuntime 字段：**
+
+| 字段 | 类型 | 描述 |
+|------|------|------|
+| `type` | `"inject" \| "eslogger" \| "env"` | 拦截模式 |
+| `supportActions` | `ActionType[]` | 运行时支持的动作类型 |
+| `supportParentId` | `boolean` | 是否支持父子进程追踪 |
+
+**示例 -- 跳过执行，仅查看配置：**
+
+```js
+service.onStart((config) => {
+  io.println(`Build command: ${config.buildSystemCommand.join(" ")}`);
+  io.println(`Script args: ${config.scriptArgs.join(" ")}`);
+  config.execute = false;
+  return config;
+});
+```
+
+## onCommand
+
+```
+onCommand(ctx: CommandContext) => Action | void
+```
+
+每拦截到一个进程创建时调用。回调接收一个 `CommandContext` 对象，可以决定如何处理该命令。
+
+**CommandContext 字段：**
+
+| 字段 | 类型 | 描述 |
+|------|------|------|
+| `id` | `number` | 命令唯一 ID |
+| `capture` | `CommandCaptureResult` | 捕获的命令数据（见下文） |
+| `action` | `Action` | 当前动作（默认为 `{type: "skip"}`） |
+| `stopped` | `boolean` | 传播是否已被停止 |
+
+`capture` 字段是一个带标签的结果类型。成功时：
+
+- `capture.success` 为 `true`
+- `capture.data.argv` -- 完整参数数组
+- `capture.data.cwd` -- 工作目录
+- `capture.data.env` -- 环境变量
+- `capture.data.parent` -- 父进程 ID（如果可用）
+
+**ctx 上的动作方法：**
+
+| 方法 | 效果 |
+|------|------|
+| `ctx.skip()` | 让命令正常执行，但在 catter 中忽略它 |
+| `ctx.drop()` | 阻止命令执行 |
+| `ctx.modify(data)` | 执行修改后的命令 |
+| `ctx.ignoreDescendants()` | 不拦截该命令的子进程 |
+| `ctx.stopPropagation()` | 停止调用后续的服务处理器 |
+
+如果回调不返回任何内容（undefined），命令将正常执行。也可以直接返回一个 action 对象：
+
+```js
+service.onCommand((ctx) => {
+  if (!ctx.capture.success) {
+    return; // 跳过捕获错误
+  }
+
+  const argv = ctx.capture.data.argv;
+  if (argv[0].endsWith("ccache")) {
+    ctx.ignoreDescendants();
+    return;
+  }
+
+  // 丢弃所有链接命令
+  if (argv.includes("-shared")) {
+    ctx.drop();
+  }
+});
+```
+
+## onExecution
+
+```
+onExecution(ctx: ExecutionContext) => void
+```
+
+每个命令执行完毕后调用。
+
+**ExecutionContext 字段：**
+
+| 字段 | 类型 | 描述 |
+|------|------|------|
+| `id` | `number` | 与 `onCommand` 中相同的命令 ID |
+| `result` | `ProcessResult` | 进程执行结果（见下文） |
+| `stopped` | `boolean` | 传播是否已被停止 |
+
+**ProcessResult 字段：**
+
+| 字段 | 类型 | 描述 |
+|------|------|------|
+| `code` | `number` | 退出码 |
+| `stdout` | `string` | 标准输出（如果已捕获） |
+| `stderr` | `string` | 标准错误（如果已捕获） |
+
+```js
+service.onExecution((ctx) => {
+  if (ctx.result.code !== 0) {
+    io.coloredPrintln(`Command ${ctx.id} failed with code ${ctx.result.code}`, "red");
+  }
+});
+```
+
+## onFinish
+
+```
+onFinish(result: ProcessResult) => void
+```
+
+整个构建过程完成时调用。
+
+```js
+service.onFinish((result) => {
+  if (result.code === 0) {
+    io.coloredPrintln("Build succeeded.", "green");
+  } else {
+    io.coloredPrintln(`Build failed with code ${result.code}.`, "red");
+  }
+});
+```
+
+## 多服务
+
+可以多次调用 `service.register()`。服务按注册顺序依次调用。使用 `ctx.stopPropagation()` 可以阻止后续服务接收到某个命令。
+
+```js
+// 第一个服务：过滤 ccache 包装器
+service.register({
+  onCommand(ctx) {
+    if (ctx.capture.success && ctx.capture.data.argv[0].endsWith("ccache")) {
+      ctx.ignoreDescendants();
+      ctx.stopPropagation();
+    }
+  }
+});
+
+// 第二个服务：分析剩余命令
+service.register({
+  onCommand(ctx) {
+    // 不会看到 ccache 命令本身
+  }
+});
+```
+
+## 服务组合
+
+`service` 模块还提供了 `pipeline()` 和 `parallel()` 用于组合服务：
+
+```js
+import { service } from "catter";
+
+// 顺序管道 -- 服务按顺序执行
+const combined = service.pipeline(serviceA, serviceB);
+
+// 并行执行 -- 服务同时运行
+const parallel = service.parallel(serviceA, serviceB);
+
+service.register(combined);
+```
+
+使用 `service.parallel()` 时，对于任何给定命令，最多只能有一个服务设置动作。如果多个服务同时尝试设置动作，将会抛出错误。
+
+## 工厂辅助函数
+
+使用 `service.create()` 构造带类型上下文回调的服务对象：
+
+```js
+import { service } from "catter";
+
+const myService = service.create({
+  onStart(config) { return config; },
+  onCommand(ctx) { /* ... */ },
+  onExecution(ctx) { /* ... */ },
+  onFinish(result) { /* ... */ },
+});
+
+service.register(myService);
+```
diff --git a/zh/catter/sidebar.yaml b/zh/catter/sidebar.yaml
new file mode 100644
index 0000000..ba905f4
--- /dev/null
+++ b/zh/catter/sidebar.yaml
@@ -0,0 +1,38 @@
+guide:
+  label: 指南
+  items:
+    - what-is-catter
+    - quick-start
+    - configuration
+
+features:
+  label: 功能
+  items:
+    - compilation-database
+    - command-tree
+    - target-tree
+    - fake-compilation
+    - build-profiling
+
+scripting:
+  label: 脚本系统
+  items:
+    - overview
+    - service-api
+    - command-analysis
+    - option-parsing
+    - builtin-modules
+
+design:
+  label: 设计
+  items:
+    - architecture
+    - hook-mechanism
+    - ipc-protocol
+
+dev:
+  label: 开发
+  collapsed: true
+  items:
+    - build
+    - contribution