@node9/proxy 1.0.14 → 1.0.16

package/dist/index.js

@@ -40,6 +40,9 @@ var import_prompts = require("@inquirer/prompts");
 var import_fs2 = __toESM(require("fs"));
 var import_path4 = __toESM(require("path"));
 var import_os2 = __toESM(require("os"));
+var import_net = __toESM(require("net"));
+var import_crypto = require("crypto");
+var import_child_process2 = require("child_process");
 var import_picomatch = __toESM(require("picomatch"));
 var import_sh_syntax = require("sh-syntax");
 
@@ -390,7 +393,13 @@ var SmartConditionSchema = import_zod.z.object({
   ),
   value: import_zod.z.string().optional(),
   flags: import_zod.z.string().optional()
-});
+}).refine(
+  (c) => {
+    if (c.op === "matchesGlob" || c.op === "notMatchesGlob") return c.value !== void 0;
+    return true;
+  },
+  { message: "matchesGlob and notMatchesGlob conditions require a value field" }
+);
 var SmartRuleSchema = import_zod.z.object({
   name: import_zod.z.string().optional(),
   tool: import_zod.z.string().min(1, "Smart rule tool must not be empty"),
@@ -409,6 +418,7 @@ var ConfigFileSchema = import_zod.z.object({
     enableUndo: import_zod.z.boolean().optional(),
     enableHookLogDebug: import_zod.z.boolean().optional(),
     approvalTimeoutMs: import_zod.z.number().nonnegative().optional(),
+    flightRecorder: import_zod.z.boolean().optional(),
     approvers: import_zod.z.object({
       native: import_zod.z.boolean().optional(),
       browser: import_zod.z.boolean().optional(),
@@ -883,7 +893,7 @@ function evaluateSmartConditions(args, rule) {
       case "matchesGlob":
         return val !== null && cond.value ? import_picomatch.default.isMatch(val, cond.value) : false;
       case "notMatchesGlob":
-        return val !== null && cond.value ? !import_picomatch.default.isMatch(val, cond.value) : true;
+        return val !== null && cond.value ? !import_picomatch.default.isMatch(val, cond.value) : false;
       default:
         return false;
     }
@@ -994,15 +1004,17 @@ var DANGEROUS_WORDS = [
   // permanently overwrites file contents (unrecoverable)
 ];
 var DEFAULT_CONFIG = {
+  version: "1.0",
   settings: {
-    mode: "standard",
+    mode: "audit",
     autoStartDaemon: true,
     enableUndo: true,
     // 🔥 ALWAYS TRUE BY DEFAULT for the safety net
-    enableHookLogDebug: false,
-    approvalTimeoutMs: 0,
-    // 0 = disabled; set e.g. 30000 for 30-second auto-deny
-    approvers: { native: true, browser: true, cloud: true, terminal: true }
+    enableHookLogDebug: true,
+    approvalTimeoutMs: 3e4,
+    // 30-second auto-deny timeout
+    flightRecorder: true,
+    approvers: { native: true, browser: true, cloud: false, terminal: true }
   },
   policy: {
     sandboxPaths: ["/tmp/**", "**/sandbox/**", "**/test-results/**"],
@@ -1313,13 +1325,23 @@ function isIgnoredTool(toolName) {
 var DAEMON_PORT = 7391;
 var DAEMON_HOST = "127.0.0.1";
 function isDaemonRunning() {
+  const pidFile = import_path4.default.join(import_os2.default.homedir(), ".node9", "daemon.pid");
+  if (import_fs2.default.existsSync(pidFile)) {
+    try {
+      const { pid, port } = JSON.parse(import_fs2.default.readFileSync(pidFile, "utf-8"));
+      if (port !== DAEMON_PORT) return false;
+      process.kill(pid, 0);
+      return true;
+    } catch {
+      return false;
+    }
+  }
   try {
-    const pidFile = import_path4.default.join(import_os2.default.homedir(), ".node9", "daemon.pid");
-    if (!import_fs2.default.existsSync(pidFile)) return false;
-    const { pid, port } = JSON.parse(import_fs2.default.readFileSync(pidFile, "utf-8"));
-    if (port !== DAEMON_PORT) return false;
-    process.kill(pid, 0);
-    return true;
+    const r = (0, import_child_process2.spawnSync)("ss", ["-Htnp", `sport = :${DAEMON_PORT}`], {
+      encoding: "utf8",
+      timeout: 500
+    });
+    return r.status === 0 && (r.stdout ?? "").includes(`:${DAEMON_PORT}`);
   } catch {
     return false;
   }
@@ -1335,7 +1357,7 @@ function getPersistentDecision(toolName) {
   }
   return null;
 }
-async function askDaemon(toolName, args, meta, signal, riskMetadata) {
+async function askDaemon(toolName, args, meta, signal, riskMetadata, activityId) {
   const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
   const checkCtrl = new AbortController();
   const checkTimer = setTimeout(() => checkCtrl.abort(), 5e3);
@@ -1350,6 +1372,12 @@ async function askDaemon(toolName, args, meta, signal, riskMetadata) {
         args,
         agent: meta?.agent,
         mcpServer: meta?.mcpServer,
+        fromCLI: true,
+        // Pass the flight-recorder ID so the daemon uses the same UUID for
+        // activity-result as the CLI used for the pending activity event.
+        // Without this, the two UUIDs never match and tail.ts never resolves
+        // the pending item.
+        activityId,
         ...riskMetadata && { riskMetadata }
       }),
       signal: checkCtrl.signal
@@ -1404,7 +1432,45 @@ async function resolveViaDaemon(id, decision, internalToken) {
     signal: AbortSignal.timeout(3e3)
   });
 }
+var ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path4.default.join(import_os2.default.tmpdir(), "node9-activity.sock");
+function notifyActivity(data) {
+  return new Promise((resolve) => {
+    try {
+      const payload = JSON.stringify(data);
+      const sock = import_net.default.createConnection(ACTIVITY_SOCKET_PATH);
+      sock.on("connect", () => {
+        sock.on("close", resolve);
+        sock.end(payload);
+      });
+      sock.on("error", resolve);
+    } catch {
+      resolve();
+    }
+  });
+}
 async function authorizeHeadless(toolName, args, allowTerminalFallback = false, meta, options) {
+  if (!options?.calledFromDaemon) {
+    const actId = (0, import_crypto.randomUUID)();
+    const actTs = Date.now();
+    await notifyActivity({ id: actId, ts: actTs, tool: toolName, args, status: "pending" });
+    const result = await _authorizeHeadlessCore(toolName, args, allowTerminalFallback, meta, {
+      ...options,
+      activityId: actId
+    });
+    if (!result.noApprovalMechanism) {
+      await notifyActivity({
+        id: actId,
+        tool: toolName,
+        ts: actTs,
+        status: result.approved ? "allow" : result.blockedByLabel?.includes("DLP") ? "dlp" : "block",
+        label: result.blockedByLabel
+      });
+    }
+    return result;
+  }
+  return _authorizeHeadlessCore(toolName, args, allowTerminalFallback, meta, options);
+}
+async function _authorizeHeadlessCore(toolName, args, allowTerminalFallback = false, meta, options) {
   if (process.env.NODE9_PAUSED === "1") return { approved: true, checkedBy: "paused" };
   const pauseState = checkPause();
   if (pauseState.paused) return { approved: true, checkedBy: "paused" };
@@ -1440,6 +1506,7 @@ async function authorizeHeadless(toolName, args, allowTerminalFallback = false,
           blockedByLabel: "\u{1F6A8} Node9 DLP (Secret Detected)"
         };
       }
+      if (!isManual) appendLocalAudit(toolName, args, "allow", "dlp-review-flagged", meta);
       explainableLabel = "\u{1F6A8} Node9 DLP (Credential Review)";
     }
   }
@@ -1662,7 +1729,14 @@ async function authorizeHeadless(toolName, args, allowTerminalFallback = false,
             console.error(import_chalk2.default.cyan(`   URL \u2192 http://${DAEMON_HOST}:${DAEMON_PORT}/
 `));
           }
-          const daemonDecision = await askDaemon(toolName, args, meta, signal, riskMetadata);
+          const daemonDecision = await askDaemon(
+            toolName,
+            args,
+            meta,
+            signal,
+            riskMetadata,
+            options?.activityId
+          );
           if (daemonDecision === "abandoned") throw new Error("Abandoned");
           const isApproved = daemonDecision === "allow";
           return {
@@ -1866,7 +1940,10 @@ function getConfig() {
     for (const rule of shield.smartRules) {
       if (!existingRuleNames.has(rule.name)) mergedPolicy.smartRules.push(rule);
     }
-    for (const word of shield.dangerousWords) mergedPolicy.dangerousWords.push(word);
+    const existingWords = new Set(mergedPolicy.dangerousWords);
+    for (const word of shield.dangerousWords) {
+      if (!existingWords.has(word)) mergedPolicy.dangerousWords.push(word);
+    }
   }
   const existingAdvisoryNames = new Set(mergedPolicy.smartRules.map((r) => r.name));
   for (const rule of ADVISORY_SMART_RULES) {

package/dist/index.mjs

@@ -4,6 +4,9 @@ import { confirm } from "@inquirer/prompts";
 import fs2 from "fs";
 import path4 from "path";
 import os2 from "os";
+import net from "net";
+import { randomUUID } from "crypto";
+import { spawnSync } from "child_process";
 import pm from "picomatch";
 import { parse } from "sh-syntax";
 
@@ -354,7 +357,13 @@ var SmartConditionSchema = z.object({
   ),
   value: z.string().optional(),
   flags: z.string().optional()
-});
+}).refine(
+  (c) => {
+    if (c.op === "matchesGlob" || c.op === "notMatchesGlob") return c.value !== void 0;
+    return true;
+  },
+  { message: "matchesGlob and notMatchesGlob conditions require a value field" }
+);
 var SmartRuleSchema = z.object({
   name: z.string().optional(),
   tool: z.string().min(1, "Smart rule tool must not be empty"),
@@ -373,6 +382,7 @@ var ConfigFileSchema = z.object({
     enableUndo: z.boolean().optional(),
     enableHookLogDebug: z.boolean().optional(),
     approvalTimeoutMs: z.number().nonnegative().optional(),
+    flightRecorder: z.boolean().optional(),
     approvers: z.object({
       native: z.boolean().optional(),
       browser: z.boolean().optional(),
@@ -847,7 +857,7 @@ function evaluateSmartConditions(args, rule) {
       case "matchesGlob":
         return val !== null && cond.value ? pm.isMatch(val, cond.value) : false;
       case "notMatchesGlob":
-        return val !== null && cond.value ? !pm.isMatch(val, cond.value) : true;
+        return val !== null && cond.value ? !pm.isMatch(val, cond.value) : false;
       default:
         return false;
     }
@@ -958,15 +968,17 @@ var DANGEROUS_WORDS = [
   // permanently overwrites file contents (unrecoverable)
 ];
 var DEFAULT_CONFIG = {
+  version: "1.0",
   settings: {
-    mode: "standard",
+    mode: "audit",
     autoStartDaemon: true,
     enableUndo: true,
     // 🔥 ALWAYS TRUE BY DEFAULT for the safety net
-    enableHookLogDebug: false,
-    approvalTimeoutMs: 0,
-    // 0 = disabled; set e.g. 30000 for 30-second auto-deny
-    approvers: { native: true, browser: true, cloud: true, terminal: true }
+    enableHookLogDebug: true,
+    approvalTimeoutMs: 3e4,
+    // 30-second auto-deny timeout
+    flightRecorder: true,
+    approvers: { native: true, browser: true, cloud: false, terminal: true }
   },
   policy: {
     sandboxPaths: ["/tmp/**", "**/sandbox/**", "**/test-results/**"],
@@ -1277,13 +1289,23 @@ function isIgnoredTool(toolName) {
 var DAEMON_PORT = 7391;
 var DAEMON_HOST = "127.0.0.1";
 function isDaemonRunning() {
+  const pidFile = path4.join(os2.homedir(), ".node9", "daemon.pid");
+  if (fs2.existsSync(pidFile)) {
+    try {
+      const { pid, port } = JSON.parse(fs2.readFileSync(pidFile, "utf-8"));
+      if (port !== DAEMON_PORT) return false;
+      process.kill(pid, 0);
+      return true;
+    } catch {
+      return false;
+    }
+  }
   try {
-    const pidFile = path4.join(os2.homedir(), ".node9", "daemon.pid");
-    if (!fs2.existsSync(pidFile)) return false;
-    const { pid, port } = JSON.parse(fs2.readFileSync(pidFile, "utf-8"));
-    if (port !== DAEMON_PORT) return false;
-    process.kill(pid, 0);
-    return true;
+    const r = spawnSync("ss", ["-Htnp", `sport = :${DAEMON_PORT}`], {
+      encoding: "utf8",
+      timeout: 500
+    });
+    return r.status === 0 && (r.stdout ?? "").includes(`:${DAEMON_PORT}`);
   } catch {
     return false;
   }
@@ -1299,7 +1321,7 @@ function getPersistentDecision(toolName) {
   }
   return null;
 }
-async function askDaemon(toolName, args, meta, signal, riskMetadata) {
+async function askDaemon(toolName, args, meta, signal, riskMetadata, activityId) {
   const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
   const checkCtrl = new AbortController();
   const checkTimer = setTimeout(() => checkCtrl.abort(), 5e3);
@@ -1314,6 +1336,12 @@ async function askDaemon(toolName, args, meta, signal, riskMetadata) {
         args,
         agent: meta?.agent,
         mcpServer: meta?.mcpServer,
+        fromCLI: true,
+        // Pass the flight-recorder ID so the daemon uses the same UUID for
+        // activity-result as the CLI used for the pending activity event.
+        // Without this, the two UUIDs never match and tail.ts never resolves
+        // the pending item.
+        activityId,
         ...riskMetadata && { riskMetadata }
       }),
       signal: checkCtrl.signal
@@ -1368,7 +1396,45 @@ async function resolveViaDaemon(id, decision, internalToken) {
     signal: AbortSignal.timeout(3e3)
   });
 }
+var ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path4.join(os2.tmpdir(), "node9-activity.sock");
+function notifyActivity(data) {
+  return new Promise((resolve) => {
+    try {
+      const payload = JSON.stringify(data);
+      const sock = net.createConnection(ACTIVITY_SOCKET_PATH);
+      sock.on("connect", () => {
+        sock.on("close", resolve);
+        sock.end(payload);
+      });
+      sock.on("error", resolve);
+    } catch {
+      resolve();
+    }
+  });
+}
 async function authorizeHeadless(toolName, args, allowTerminalFallback = false, meta, options) {
+  if (!options?.calledFromDaemon) {
+    const actId = randomUUID();
+    const actTs = Date.now();
+    await notifyActivity({ id: actId, ts: actTs, tool: toolName, args, status: "pending" });
+    const result = await _authorizeHeadlessCore(toolName, args, allowTerminalFallback, meta, {
+      ...options,
+      activityId: actId
+    });
+    if (!result.noApprovalMechanism) {
+      await notifyActivity({
+        id: actId,
+        tool: toolName,
+        ts: actTs,
+        status: result.approved ? "allow" : result.blockedByLabel?.includes("DLP") ? "dlp" : "block",
+        label: result.blockedByLabel
+      });
+    }
+    return result;
+  }
+  return _authorizeHeadlessCore(toolName, args, allowTerminalFallback, meta, options);
+}
+async function _authorizeHeadlessCore(toolName, args, allowTerminalFallback = false, meta, options) {
   if (process.env.NODE9_PAUSED === "1") return { approved: true, checkedBy: "paused" };
   const pauseState = checkPause();
   if (pauseState.paused) return { approved: true, checkedBy: "paused" };
@@ -1404,6 +1470,7 @@ async function authorizeHeadless(toolName, args, allowTerminalFallback = false,
           blockedByLabel: "\u{1F6A8} Node9 DLP (Secret Detected)"
         };
       }
+      if (!isManual) appendLocalAudit(toolName, args, "allow", "dlp-review-flagged", meta);
       explainableLabel = "\u{1F6A8} Node9 DLP (Credential Review)";
     }
   }
@@ -1626,7 +1693,14 @@ async function authorizeHeadless(toolName, args, allowTerminalFallback = false,
             console.error(chalk2.cyan(`   URL \u2192 http://${DAEMON_HOST}:${DAEMON_PORT}/
 `));
           }
-          const daemonDecision = await askDaemon(toolName, args, meta, signal, riskMetadata);
+          const daemonDecision = await askDaemon(
+            toolName,
+            args,
+            meta,
+            signal,
+            riskMetadata,
+            options?.activityId
+          );
           if (daemonDecision === "abandoned") throw new Error("Abandoned");
           const isApproved = daemonDecision === "allow";
           return {
@@ -1830,7 +1904,10 @@ function getConfig() {
     for (const rule of shield.smartRules) {
       if (!existingRuleNames.has(rule.name)) mergedPolicy.smartRules.push(rule);
     }
-    for (const word of shield.dangerousWords) mergedPolicy.dangerousWords.push(word);
+    const existingWords = new Set(mergedPolicy.dangerousWords);
+    for (const word of shield.dangerousWords) {
+      if (!existingWords.has(word)) mergedPolicy.dangerousWords.push(word);
+    }
   }
   const existingAdvisoryNames = new Set(mergedPolicy.smartRules.map((r) => r.name));
   for (const rule of ADVISORY_SMART_RULES) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@node9/proxy",
-  "version": "1.0.14",
+  "version": "1.0.16",
   "description": "The Sudo Command for AI Agents. Execution Security for Claude Code & MCP.",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",