@node9/proxy 1.0.14 → 1.0.15

package/dist/index.js

@@ -40,6 +40,8 @@ var import_prompts = require("@inquirer/prompts");
 var import_fs2 = __toESM(require("fs"));
 var import_path4 = __toESM(require("path"));
 var import_os2 = __toESM(require("os"));
+var import_net = __toESM(require("net"));
+var import_crypto = require("crypto");
 var import_picomatch = __toESM(require("picomatch"));
 var import_sh_syntax = require("sh-syntax");
 
@@ -1335,7 +1337,7 @@ function getPersistentDecision(toolName) {
   }
   return null;
 }
-async function askDaemon(toolName, args, meta, signal, riskMetadata) {
+async function askDaemon(toolName, args, meta, signal, riskMetadata, activityId) {
   const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
   const checkCtrl = new AbortController();
   const checkTimer = setTimeout(() => checkCtrl.abort(), 5e3);
@@ -1350,6 +1352,12 @@ async function askDaemon(toolName, args, meta, signal, riskMetadata) {
         args,
         agent: meta?.agent,
         mcpServer: meta?.mcpServer,
+        fromCLI: true,
+        // Pass the flight-recorder ID so the daemon uses the same UUID for
+        // activity-result as the CLI used for the pending activity event.
+        // Without this, the two UUIDs never match and tail.ts never resolves
+        // the pending item.
+        activityId,
         ...riskMetadata && { riskMetadata }
       }),
       signal: checkCtrl.signal
@@ -1404,7 +1412,45 @@ async function resolveViaDaemon(id, decision, internalToken) {
     signal: AbortSignal.timeout(3e3)
   });
 }
+var ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path4.default.join(import_os2.default.tmpdir(), "node9-activity.sock");
+function notifyActivity(data) {
+  return new Promise((resolve) => {
+    try {
+      const payload = JSON.stringify(data);
+      const sock = import_net.default.createConnection(ACTIVITY_SOCKET_PATH);
+      sock.on("connect", () => {
+        sock.on("close", resolve);
+        sock.end(payload);
+      });
+      sock.on("error", resolve);
+    } catch {
+      resolve();
+    }
+  });
+}
 async function authorizeHeadless(toolName, args, allowTerminalFallback = false, meta, options) {
+  if (!options?.calledFromDaemon) {
+    const actId = (0, import_crypto.randomUUID)();
+    const actTs = Date.now();
+    await notifyActivity({ id: actId, ts: actTs, tool: toolName, args, status: "pending" });
+    const result = await _authorizeHeadlessCore(toolName, args, allowTerminalFallback, meta, {
+      ...options,
+      activityId: actId
+    });
+    if (!result.noApprovalMechanism) {
+      await notifyActivity({
+        id: actId,
+        tool: toolName,
+        ts: actTs,
+        status: result.approved ? "allow" : result.blockedByLabel?.includes("DLP") ? "dlp" : "block",
+        label: result.blockedByLabel
+      });
+    }
+    return result;
+  }
+  return _authorizeHeadlessCore(toolName, args, allowTerminalFallback, meta, options);
+}
+async function _authorizeHeadlessCore(toolName, args, allowTerminalFallback = false, meta, options) {
   if (process.env.NODE9_PAUSED === "1") return { approved: true, checkedBy: "paused" };
   const pauseState = checkPause();
   if (pauseState.paused) return { approved: true, checkedBy: "paused" };
@@ -1440,6 +1486,7 @@ async function authorizeHeadless(toolName, args, allowTerminalFallback = false,
           blockedByLabel: "\u{1F6A8} Node9 DLP (Secret Detected)"
         };
       }
+      if (!isManual) appendLocalAudit(toolName, args, "allow", "dlp-review-flagged", meta);
       explainableLabel = "\u{1F6A8} Node9 DLP (Credential Review)";
     }
   }
@@ -1662,7 +1709,14 @@ async function authorizeHeadless(toolName, args, allowTerminalFallback = false,
             console.error(import_chalk2.default.cyan(`   URL \u2192 http://${DAEMON_HOST}:${DAEMON_PORT}/
 `));
           }
-          const daemonDecision = await askDaemon(toolName, args, meta, signal, riskMetadata);
+          const daemonDecision = await askDaemon(
+            toolName,
+            args,
+            meta,
+            signal,
+            riskMetadata,
+            options?.activityId
+          );
           if (daemonDecision === "abandoned") throw new Error("Abandoned");
           const isApproved = daemonDecision === "allow";
           return {
@@ -1866,7 +1920,10 @@ function getConfig() {
     for (const rule of shield.smartRules) {
       if (!existingRuleNames.has(rule.name)) mergedPolicy.smartRules.push(rule);
     }
-    for (const word of shield.dangerousWords) mergedPolicy.dangerousWords.push(word);
+    const existingWords = new Set(mergedPolicy.dangerousWords);
+    for (const word of shield.dangerousWords) {
+      if (!existingWords.has(word)) mergedPolicy.dangerousWords.push(word);
+    }
   }
   const existingAdvisoryNames = new Set(mergedPolicy.smartRules.map((r) => r.name));
   for (const rule of ADVISORY_SMART_RULES) {

package/dist/index.mjs

@@ -4,6 +4,8 @@ import { confirm } from "@inquirer/prompts";
 import fs2 from "fs";
 import path4 from "path";
 import os2 from "os";
+import net from "net";
+import { randomUUID } from "crypto";
 import pm from "picomatch";
 import { parse } from "sh-syntax";
 
@@ -1299,7 +1301,7 @@ function getPersistentDecision(toolName) {
   }
   return null;
 }
-async function askDaemon(toolName, args, meta, signal, riskMetadata) {
+async function askDaemon(toolName, args, meta, signal, riskMetadata, activityId) {
   const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
   const checkCtrl = new AbortController();
   const checkTimer = setTimeout(() => checkCtrl.abort(), 5e3);
@@ -1314,6 +1316,12 @@ async function askDaemon(toolName, args, meta, signal, riskMetadata) {
         args,
         agent: meta?.agent,
         mcpServer: meta?.mcpServer,
+        fromCLI: true,
+        // Pass the flight-recorder ID so the daemon uses the same UUID for
+        // activity-result as the CLI used for the pending activity event.
+        // Without this, the two UUIDs never match and tail.ts never resolves
+        // the pending item.
+        activityId,
         ...riskMetadata && { riskMetadata }
       }),
       signal: checkCtrl.signal
@@ -1368,7 +1376,45 @@ async function resolveViaDaemon(id, decision, internalToken) {
     signal: AbortSignal.timeout(3e3)
   });
 }
+var ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path4.join(os2.tmpdir(), "node9-activity.sock");
+function notifyActivity(data) {
+  return new Promise((resolve) => {
+    try {
+      const payload = JSON.stringify(data);
+      const sock = net.createConnection(ACTIVITY_SOCKET_PATH);
+      sock.on("connect", () => {
+        sock.on("close", resolve);
+        sock.end(payload);
+      });
+      sock.on("error", resolve);
+    } catch {
+      resolve();
+    }
+  });
+}
 async function authorizeHeadless(toolName, args, allowTerminalFallback = false, meta, options) {
+  if (!options?.calledFromDaemon) {
+    const actId = randomUUID();
+    const actTs = Date.now();
+    await notifyActivity({ id: actId, ts: actTs, tool: toolName, args, status: "pending" });
+    const result = await _authorizeHeadlessCore(toolName, args, allowTerminalFallback, meta, {
+      ...options,
+      activityId: actId
+    });
+    if (!result.noApprovalMechanism) {
+      await notifyActivity({
+        id: actId,
+        tool: toolName,
+        ts: actTs,
+        status: result.approved ? "allow" : result.blockedByLabel?.includes("DLP") ? "dlp" : "block",
+        label: result.blockedByLabel
+      });
+    }
+    return result;
+  }
+  return _authorizeHeadlessCore(toolName, args, allowTerminalFallback, meta, options);
+}
+async function _authorizeHeadlessCore(toolName, args, allowTerminalFallback = false, meta, options) {
   if (process.env.NODE9_PAUSED === "1") return { approved: true, checkedBy: "paused" };
   const pauseState = checkPause();
   if (pauseState.paused) return { approved: true, checkedBy: "paused" };
@@ -1404,6 +1450,7 @@ async function authorizeHeadless(toolName, args, allowTerminalFallback = false,
           blockedByLabel: "\u{1F6A8} Node9 DLP (Secret Detected)"
         };
       }
+      if (!isManual) appendLocalAudit(toolName, args, "allow", "dlp-review-flagged", meta);
       explainableLabel = "\u{1F6A8} Node9 DLP (Credential Review)";
     }
   }
@@ -1626,7 +1673,14 @@ async function authorizeHeadless(toolName, args, allowTerminalFallback = false,
             console.error(chalk2.cyan(`   URL \u2192 http://${DAEMON_HOST}:${DAEMON_PORT}/
 `));
           }
-          const daemonDecision = await askDaemon(toolName, args, meta, signal, riskMetadata);
+          const daemonDecision = await askDaemon(
+            toolName,
+            args,
+            meta,
+            signal,
+            riskMetadata,
+            options?.activityId
+          );
           if (daemonDecision === "abandoned") throw new Error("Abandoned");
           const isApproved = daemonDecision === "allow";
           return {
@@ -1830,7 +1884,10 @@ function getConfig() {
     for (const rule of shield.smartRules) {
       if (!existingRuleNames.has(rule.name)) mergedPolicy.smartRules.push(rule);
     }
-    for (const word of shield.dangerousWords) mergedPolicy.dangerousWords.push(word);
+    const existingWords = new Set(mergedPolicy.dangerousWords);
+    for (const word of shield.dangerousWords) {
+      if (!existingWords.has(word)) mergedPolicy.dangerousWords.push(word);
+    }
   }
   const existingAdvisoryNames = new Set(mergedPolicy.smartRules.map((r) => r.name));
   for (const rule of ADVISORY_SMART_RULES) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@node9/proxy",
-  "version": "1.0.14",
+  "version": "1.0.15",
   "description": "The Sudo Command for AI Agents. Execution Security for Claude Code & MCP.",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",