@node9/proxy 1.0.17 → 1.0.19

package/README.md

@@ -5,11 +5,14 @@
 [![NPM Version](https://img.shields.io/npm/v/@node9/proxy.svg)](https://www.npmjs.com/package/@node9/proxy)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![Open in HF Spaces](https://huggingface.co/datasets/huggingface/badges/resolve/main/open-in-hf-spaces-sm.svg)](https://huggingface.co/spaces/Node9ai/node9-security-demo)
+[![Documentation](https://img.shields.io/badge/docs-node9.ai%2Fdocs-blue)](https://node9.ai/docs)
 
 **Node9** is the execution security layer for the Agentic Era. It encases autonomous AI Agents (Claude Code, Gemini CLI, Cursor, MCP Servers) in a deterministic security wrapper, intercepting dangerous shell commands and tool calls before they execute.
 
 While others try to _guess_ if a prompt is malicious (Semantic Security), Node9 _governs_ the actual action (Execution Security).
 
+📖 **[Full Documentation →](https://node9.ai/docs)**
+
 ---
 
 ## 💎 The "Aha!" Moment

package/dist/cli.js

@@ -2404,7 +2404,7 @@ var init_core = __esm({
               {
                 field: "command",
                 op: "matches",
-                value: "git push.*(--force|--force-with-lease|-f\\b)",
+                value: "^\\s*git\\b.*\\bpush\\b.*(--force|--force-with-lease|-f\\b)",
                 flags: "i"
               }
             ],
@@ -2415,7 +2415,14 @@ var init_core = __esm({
           {
             name: "review-git-push",
             tool: "bash",
-            conditions: [{ field: "command", op: "matches", value: "^\\s*git\\s+push\\b", flags: "i" }],
+            conditions: [
+              {
+                field: "command",
+                op: "matches",
+                value: "^\\s*git\\b.*\\bpush\\b(?!.*(-f\\b|--force|--force-with-lease))",
+                flags: "i"
+              }
+            ],
             conditionMode: "all",
             verdict: "review",
             reason: "git push sends changes to a shared remote"
@@ -2427,7 +2434,7 @@ var init_core = __esm({
               {
                 field: "command",
                 op: "matches",
-                value: "git\\s+(reset\\s+--hard|clean\\s+-[fdxX]|rebase|tag\\s+-d|branch\\s+-[dD])",
+                value: "^\\s*git\\b.*(reset\\s+--hard|clean\\s+-[fdxX]|\\brebase\\b|tag\\s+-d|branch\\s+-[dD])",
                 flags: "i"
               }
             ],
@@ -4730,18 +4737,21 @@ function renderPending(activity) {
   process.stdout.write(`${formatBase(activity)}  ${import_chalk5.default.yellow("\u25CF \u2026")}\r`);
 }
 async function ensureDaemon() {
+  let pidPort = null;
   if (import_fs6.default.existsSync(PID_FILE)) {
     try {
       const { port } = JSON.parse(import_fs6.default.readFileSync(PID_FILE, "utf-8"));
-      return port;
+      pidPort = port;
     } catch {
+      console.error(import_chalk5.default.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
     }
   }
+  const checkPort = pidPort ?? DAEMON_PORT2;
   try {
-    const res = await fetch(`http://127.0.0.1:${DAEMON_PORT2}/settings`, {
+    const res = await fetch(`http://127.0.0.1:${checkPort}/settings`, {
       signal: AbortSignal.timeout(500)
     });
-    if (res.ok) return DAEMON_PORT2;
+    if (res.ok) return checkPort;
   } catch {
   }
   console.log(import_chalk5.default.dim("\u{1F6E1}\uFE0F  Starting Node9 daemon..."));
@@ -4767,25 +4777,44 @@ async function ensureDaemon() {
 async function startTail(options = {}) {
   const port = await ensureDaemon();
   if (options.clear) {
-    await new Promise((resolve) => {
+    const result = await new Promise((resolve) => {
       const req2 = import_http2.default.request(
         { method: "POST", hostname: "127.0.0.1", port, path: "/events/clear" },
         (res) => {
+          const status = res.statusCode ?? 0;
+          res.on(
+            "end",
+            () => resolve({
+              ok: status >= 200 && status < 300,
+              code: status >= 200 && status < 300 ? void 0 : `HTTP ${status}`
+            })
+          );
           res.resume();
-          res.on("end", resolve);
         }
       );
-      req2.on("error", resolve);
+      req2.once("error", (err) => resolve({ ok: false, code: err.code }));
+      req2.setTimeout(2e3, () => {
+        resolve({ ok: false, code: "ETIMEDOUT" });
+        req2.destroy();
+      });
       req2.end();
     });
+    if (result.ok) {
+      console.log(import_chalk5.default.green("\u2713 Flight Recorder buffer cleared."));
+    } else if (result.code === "ECONNREFUSED") {
+      throw new Error("Daemon is not running. Start it with: node9 daemon start");
+    } else if (result.code === "ETIMEDOUT") {
+      throw new Error("Daemon did not respond in time. Try: node9 daemon restart");
+    } else {
+      throw new Error(`Failed to clear buffer (${result.code ?? "unknown error"})`);
+    }
+    return;
   }
   const connectionTime = Date.now();
   const pending2 = /* @__PURE__ */ new Map();
   console.log(import_chalk5.default.cyan.bold(`
 \u{1F6F0}\uFE0F  Node9 tail  `) + import_chalk5.default.dim(`\u2192 localhost:${port}`));
-  if (options.clear) {
-    console.log(import_chalk5.default.dim("History cleared. Showing live events. Press Ctrl+C to exit.\n"));
-  } else if (options.history) {
+  if (options.history) {
     console.log(import_chalk5.default.dim("Showing history + live events. Press Ctrl+C to exit.\n"));
   } else {
     console.log(
@@ -4918,6 +4947,7 @@ function fullPathCommand(subcommand) {
   if (process.env.NODE9_TESTING === "1") return `node9 ${subcommand}`;
   const nodeExec = process.execPath;
   const cliScript = process.argv[1];
+  if (!cliScript.endsWith(".js")) return `${cliScript} ${subcommand}`;
   return `${nodeExec} ${cliScript} ${subcommand}`;
 }
 function readJson(filePath) {
@@ -4934,6 +4964,126 @@ function writeJson(filePath, data) {
   if (!import_fs3.default.existsSync(dir)) import_fs3.default.mkdirSync(dir, { recursive: true });
   import_fs3.default.writeFileSync(filePath, JSON.stringify(data, null, 2) + "\n");
 }
+function isNode9Hook(cmd) {
+  if (!cmd) return false;
+  return /(?:^|[\s/\\])node9 (?:check|log)/.test(cmd) || /(?:^|[\s/\\])cli\.js (?:check|log)/.test(cmd);
+}
+function teardownClaude() {
+  const homeDir2 = import_os3.default.homedir();
+  const hooksPath = import_path5.default.join(homeDir2, ".claude", "settings.json");
+  const mcpPath = import_path5.default.join(homeDir2, ".claude.json");
+  let changed = false;
+  const settings = readJson(hooksPath);
+  if (settings?.hooks) {
+    for (const event of ["PreToolUse", "PostToolUse"]) {
+      const before = settings.hooks[event]?.length ?? 0;
+      settings.hooks[event] = settings.hooks[event]?.filter(
+        (m) => !m.hooks.some((h) => isNode9Hook(h.command))
+      );
+      if ((settings.hooks[event]?.length ?? 0) < before) changed = true;
+      if (settings.hooks[event]?.length === 0) delete settings.hooks[event];
+    }
+    if (changed) {
+      writeJson(hooksPath, settings);
+      console.log(
+        import_chalk3.default.green("  \u2705 Removed PreToolUse / PostToolUse hooks from ~/.claude/settings.json")
+      );
+    } else {
+      console.log(import_chalk3.default.blue("  \u2139\uFE0F  No Node9 hooks found in ~/.claude/settings.json"));
+    }
+  }
+  const claudeConfig = readJson(mcpPath);
+  if (claudeConfig?.mcpServers) {
+    let mcpChanged = false;
+    for (const [name, server] of Object.entries(claudeConfig.mcpServers)) {
+      if (server.command === "node9" && Array.isArray(server.args) && server.args.length > 0) {
+        const [originalCmd, ...originalArgs] = server.args;
+        claudeConfig.mcpServers[name] = {
+          ...server,
+          command: originalCmd,
+          args: originalArgs.length ? originalArgs : void 0
+        };
+        mcpChanged = true;
+      } else if (server.command === "node9") {
+        console.warn(
+          import_chalk3.default.yellow(
+            `  \u26A0\uFE0F  Cannot unwrap MCP server "${name}" in ~/.claude.json \u2014 args is empty. Remove it manually.`
+          )
+        );
+      }
+    }
+    if (mcpChanged) {
+      writeJson(mcpPath, claudeConfig);
+      console.log(import_chalk3.default.green("  \u2705 Unwrapped MCP servers in ~/.claude.json"));
+    }
+  }
+}
+function teardownGemini() {
+  const homeDir2 = import_os3.default.homedir();
+  const settingsPath = import_path5.default.join(homeDir2, ".gemini", "settings.json");
+  const settings = readJson(settingsPath);
+  if (!settings) {
+    console.log(import_chalk3.default.blue("  \u2139\uFE0F  ~/.gemini/settings.json not found \u2014 nothing to remove"));
+    return;
+  }
+  let changed = false;
+  for (const event of ["BeforeTool", "AfterTool"]) {
+    const before = settings.hooks?.[event]?.length ?? 0;
+    if (settings.hooks?.[event]) {
+      settings.hooks[event] = settings.hooks[event].filter(
+        (m) => !m.hooks.some((h) => isNode9Hook(h.command))
+      );
+      if ((settings.hooks[event]?.length ?? 0) < before) changed = true;
+      if (settings.hooks[event]?.length === 0) delete settings.hooks[event];
+    }
+  }
+  if (settings.mcpServers) {
+    for (const [name, server] of Object.entries(settings.mcpServers)) {
+      if (server.command === "node9" && Array.isArray(server.args) && server.args.length > 0) {
+        const [originalCmd, ...originalArgs] = server.args;
+        settings.mcpServers[name] = {
+          ...server,
+          command: originalCmd,
+          args: originalArgs.length ? originalArgs : void 0
+        };
+        changed = true;
+      }
+    }
+  }
+  if (changed) {
+    writeJson(settingsPath, settings);
+    console.log(import_chalk3.default.green("  \u2705 Removed Node9 hooks from ~/.gemini/settings.json"));
+  } else {
+    console.log(import_chalk3.default.blue("  \u2139\uFE0F  No Node9 hooks found in ~/.gemini/settings.json"));
+  }
+}
+function teardownCursor() {
+  const homeDir2 = import_os3.default.homedir();
+  const mcpPath = import_path5.default.join(homeDir2, ".cursor", "mcp.json");
+  const mcpConfig = readJson(mcpPath);
+  if (!mcpConfig?.mcpServers) {
+    console.log(import_chalk3.default.blue("  \u2139\uFE0F  ~/.cursor/mcp.json not found \u2014 nothing to remove"));
+    return;
+  }
+  let changed = false;
+  for (const [name, server] of Object.entries(mcpConfig.mcpServers)) {
+    if (server.command === "node9" && Array.isArray(server.args) && server.args.length > 0) {
+      const [originalCmd, ...originalArgs] = server.args;
+      mcpConfig.mcpServers[name] = {
+        ...server,
+        command: originalCmd,
+        args: originalArgs.length ? originalArgs : void 0
+      };
+      changed = true;
+    }
+  }
+  if (changed) {
+    writeJson(mcpPath, mcpConfig);
+    console.log(import_chalk3.default.green("  \u2705 Unwrapped MCP servers in ~/.cursor/mcp.json"));
+  } else {
+    console.log(import_chalk3.default.blue("  \u2139\uFE0F  No Node9-wrapped MCP servers found in ~/.cursor/mcp.json"));
+  }
+}
 async function setupClaude() {
   const homeDir2 = import_os3.default.homedir();
   const mcpPath = import_path5.default.join(homeDir2, ".claude.json");
@@ -5557,6 +5707,87 @@ program.command("setup").description('Alias for "addto" \u2014 integrate Node9 w
   console.error(import_chalk6.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor`));
   process.exit(1);
 });
+program.command("removefrom").description("Remove Node9 hooks from an AI agent configuration").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor").argument("<target>", "The agent to remove from: claude | gemini | cursor").action((target) => {
+  let fn;
+  if (target === "claude") fn = teardownClaude;
+  else if (target === "gemini") fn = teardownGemini;
+  else if (target === "cursor") fn = teardownCursor;
+  else {
+    console.error(import_chalk6.default.red(`Unknown target: "${target}". Supported: claude, gemini, cursor`));
+    process.exit(1);
+  }
+  console.log(import_chalk6.default.cyan(`
+\u{1F6E1}\uFE0F  Node9: removing hooks from ${target}...
+`));
+  try {
+    fn();
+  } catch (err) {
+    console.error(import_chalk6.default.red(`  \u26A0\uFE0F  Failed: ${err instanceof Error ? err.message : String(err)}`));
+    process.exit(1);
+  }
+  console.log(import_chalk6.default.gray("\n  Restart the agent for changes to take effect."));
+});
+program.command("uninstall").description("Remove all Node9 hooks and optionally delete config files").option("--purge", "Also delete ~/.node9/ directory (config, audit log, credentials)").action(async (options) => {
+  console.log(import_chalk6.default.cyan("\n\u{1F6E1}\uFE0F  Node9 Uninstall\n"));
+  console.log(import_chalk6.default.bold("Stopping daemon..."));
+  try {
+    stopDaemon();
+    console.log(import_chalk6.default.green("  \u2705 Daemon stopped"));
+  } catch {
+    console.log(import_chalk6.default.blue("  \u2139\uFE0F  Daemon was not running"));
+  }
+  console.log(import_chalk6.default.bold("\nRemoving hooks..."));
+  let teardownFailed = false;
+  for (const [label, fn] of [
+    ["Claude", teardownClaude],
+    ["Gemini", teardownGemini],
+    ["Cursor", teardownCursor]
+  ]) {
+    try {
+      fn();
+    } catch (err) {
+      teardownFailed = true;
+      console.error(
+        import_chalk6.default.red(
+          `  \u26A0\uFE0F  Failed to remove ${label} hooks: ${err instanceof Error ? err.message : String(err)}`
+        )
+      );
+    }
+  }
+  if (options.purge) {
+    const node9Dir = import_path9.default.join(import_os7.default.homedir(), ".node9");
+    if (import_fs7.default.existsSync(node9Dir)) {
+      const confirmed = await (0, import_prompts3.confirm)({
+        message: `Permanently delete ${node9Dir} (config, audit log, credentials)?`,
+        default: false
+      });
+      if (confirmed) {
+        import_fs7.default.rmSync(node9Dir, { recursive: true });
+        if (import_fs7.default.existsSync(node9Dir)) {
+          console.error(
+            import_chalk6.default.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
+          );
+        } else {
+          console.log(import_chalk6.default.green("\n  \u2705 Deleted ~/.node9/ (config, audit log, credentials)"));
+        }
+      } else {
+        console.log(import_chalk6.default.yellow("\n  Skipped \u2014 ~/.node9/ was not deleted."));
+      }
+    } else {
+      console.log(import_chalk6.default.blue("\n  \u2139\uFE0F  ~/.node9/ not found \u2014 nothing to delete"));
+    }
+  } else {
+    console.log(
+      import_chalk6.default.gray("\n  ~/.node9/ kept \u2014 run with --purge to delete config and audit log")
+    );
+  }
+  if (teardownFailed) {
+    console.error(import_chalk6.default.red("\n  \u26A0\uFE0F  Some hooks could not be removed \u2014 see errors above."));
+    process.exit(1);
+  }
+  console.log(import_chalk6.default.green.bold("\n\u{1F6E1}\uFE0F  Node9 removed. Run: npm uninstall -g @node9/proxy"));
+  console.log(import_chalk6.default.gray("   Restart any open AI agent sessions for changes to take effect.\n"));
+});
 program.command("doctor").description("Check that Node9 is installed and configured correctly").action(() => {
   const homeDir2 = import_os7.default.homedir();
   let failures = 0;
@@ -5967,9 +6198,14 @@ program.command("daemon").description("Run the local approval server").argument(
     startDaemon();
   }
 );
-program.command("tail").description("Stream live agent activity to the terminal").option("--history", "Include recent history on connect", false).option("--clear", "Clear history buffer and stream live events fresh", false).action(async (options) => {
+program.command("tail").description("Stream live agent activity to the terminal").option("--history", "Replay recent history then continue live", false).option("--clear", "Clear the history buffer and exit (does not stream)", false).action(async (options) => {
   const { startTail: startTail2 } = await Promise.resolve().then(() => (init_tail(), tail_exports));
-  await startTail2(options);
+  try {
+    await startTail2(options);
+  } catch (err) {
+    console.error(import_chalk6.default.red(`\u274C ${err instanceof Error ? err.message : String(err)}`));
+    process.exit(1);
+  }
 });
 program.command("check").description("Hook handler \u2014 evaluates a tool call before execution").argument("[data]", "JSON string of the tool call").action(async (data) => {
   const processPayload = async (raw) => {
@@ -6052,7 +6288,7 @@ RAW: ${raw}
       }
       const result = await authorizeHeadless(toolName, toolInput, false, meta);
       if (result.approved) {
-        if (result.checkedBy)
+        if (result.checkedBy && process.env.NODE9_DEBUG === "1")
           process.stderr.write(`\u2713 node9 [${result.checkedBy}]: "${toolName}" allowed
 `);
         process.exit(0);
@@ -6063,7 +6299,7 @@ RAW: ${raw}
         if (daemonReady) {
           const retry = await authorizeHeadless(toolName, toolInput, false, meta);
           if (retry.approved) {
-            if (retry.checkedBy)
+            if (retry.checkedBy && process.env.NODE9_DEBUG === "1")
               process.stderr.write(`\u2713 node9 [${retry.checkedBy}]: "${toolName}" allowed
 `);
             process.exit(0);

package/dist/cli.mjs

@@ -2383,7 +2383,7 @@ var init_core = __esm({
               {
                 field: "command",
                 op: "matches",
-                value: "git push.*(--force|--force-with-lease|-f\\b)",
+                value: "^\\s*git\\b.*\\bpush\\b.*(--force|--force-with-lease|-f\\b)",
                 flags: "i"
               }
             ],
@@ -2394,7 +2394,14 @@ var init_core = __esm({
           {
             name: "review-git-push",
             tool: "bash",
-            conditions: [{ field: "command", op: "matches", value: "^\\s*git\\s+push\\b", flags: "i" }],
+            conditions: [
+              {
+                field: "command",
+                op: "matches",
+                value: "^\\s*git\\b.*\\bpush\\b(?!.*(-f\\b|--force|--force-with-lease))",
+                flags: "i"
+              }
+            ],
             conditionMode: "all",
             verdict: "review",
             reason: "git push sends changes to a shared remote"
@@ -2406,7 +2413,7 @@ var init_core = __esm({
               {
                 field: "command",
                 op: "matches",
-                value: "git\\s+(reset\\s+--hard|clean\\s+-[fdxX]|rebase|tag\\s+-d|branch\\s+-[dD])",
+                value: "^\\s*git\\b.*(reset\\s+--hard|clean\\s+-[fdxX]|\\brebase\\b|tag\\s+-d|branch\\s+-[dD])",
                 flags: "i"
               }
             ],
@@ -4716,18 +4723,21 @@ function renderPending(activity) {
   process.stdout.write(`${formatBase(activity)}  ${chalk5.yellow("\u25CF \u2026")}\r`);
 }
 async function ensureDaemon() {
+  let pidPort = null;
   if (fs6.existsSync(PID_FILE)) {
     try {
       const { port } = JSON.parse(fs6.readFileSync(PID_FILE, "utf-8"));
-      return port;
+      pidPort = port;
     } catch {
+      console.error(chalk5.dim("\u26A0\uFE0F  Could not read PID file; falling back to default port."));
     }
   }
+  const checkPort = pidPort ?? DAEMON_PORT2;
   try {
-    const res = await fetch(`http://127.0.0.1:${DAEMON_PORT2}/settings`, {
+    const res = await fetch(`http://127.0.0.1:${checkPort}/settings`, {
       signal: AbortSignal.timeout(500)
     });
-    if (res.ok) return DAEMON_PORT2;
+    if (res.ok) return checkPort;
   } catch {
   }
   console.log(chalk5.dim("\u{1F6E1}\uFE0F  Starting Node9 daemon..."));
@@ -4753,25 +4763,44 @@ async function ensureDaemon() {
 async function startTail(options = {}) {
   const port = await ensureDaemon();
   if (options.clear) {
-    await new Promise((resolve) => {
+    const result = await new Promise((resolve) => {
       const req2 = http2.request(
         { method: "POST", hostname: "127.0.0.1", port, path: "/events/clear" },
         (res) => {
+          const status = res.statusCode ?? 0;
+          res.on(
+            "end",
+            () => resolve({
+              ok: status >= 200 && status < 300,
+              code: status >= 200 && status < 300 ? void 0 : `HTTP ${status}`
+            })
+          );
           res.resume();
-          res.on("end", resolve);
         }
       );
-      req2.on("error", resolve);
+      req2.once("error", (err) => resolve({ ok: false, code: err.code }));
+      req2.setTimeout(2e3, () => {
+        resolve({ ok: false, code: "ETIMEDOUT" });
+        req2.destroy();
+      });
       req2.end();
     });
+    if (result.ok) {
+      console.log(chalk5.green("\u2713 Flight Recorder buffer cleared."));
+    } else if (result.code === "ECONNREFUSED") {
+      throw new Error("Daemon is not running. Start it with: node9 daemon start");
+    } else if (result.code === "ETIMEDOUT") {
+      throw new Error("Daemon did not respond in time. Try: node9 daemon restart");
+    } else {
+      throw new Error(`Failed to clear buffer (${result.code ?? "unknown error"})`);
+    }
+    return;
   }
   const connectionTime = Date.now();
   const pending2 = /* @__PURE__ */ new Map();
   console.log(chalk5.cyan.bold(`
 \u{1F6F0}\uFE0F  Node9 tail  `) + chalk5.dim(`\u2192 localhost:${port}`));
-  if (options.clear) {
-    console.log(chalk5.dim("History cleared. Showing live events. Press Ctrl+C to exit.\n"));
-  } else if (options.history) {
+  if (options.history) {
     console.log(chalk5.dim("Showing history + live events. Press Ctrl+C to exit.\n"));
   } else {
     console.log(
@@ -4897,6 +4926,7 @@ function fullPathCommand(subcommand) {
   if (process.env.NODE9_TESTING === "1") return `node9 ${subcommand}`;
   const nodeExec = process.execPath;
   const cliScript = process.argv[1];
+  if (!cliScript.endsWith(".js")) return `${cliScript} ${subcommand}`;
   return `${nodeExec} ${cliScript} ${subcommand}`;
 }
 function readJson(filePath) {
@@ -4913,6 +4943,126 @@ function writeJson(filePath, data) {
   if (!fs3.existsSync(dir)) fs3.mkdirSync(dir, { recursive: true });
   fs3.writeFileSync(filePath, JSON.stringify(data, null, 2) + "\n");
 }
+function isNode9Hook(cmd) {
+  if (!cmd) return false;
+  return /(?:^|[\s/\\])node9 (?:check|log)/.test(cmd) || /(?:^|[\s/\\])cli\.js (?:check|log)/.test(cmd);
+}
+function teardownClaude() {
+  const homeDir2 = os3.homedir();
+  const hooksPath = path5.join(homeDir2, ".claude", "settings.json");
+  const mcpPath = path5.join(homeDir2, ".claude.json");
+  let changed = false;
+  const settings = readJson(hooksPath);
+  if (settings?.hooks) {
+    for (const event of ["PreToolUse", "PostToolUse"]) {
+      const before = settings.hooks[event]?.length ?? 0;
+      settings.hooks[event] = settings.hooks[event]?.filter(
+        (m) => !m.hooks.some((h) => isNode9Hook(h.command))
+      );
+      if ((settings.hooks[event]?.length ?? 0) < before) changed = true;
+      if (settings.hooks[event]?.length === 0) delete settings.hooks[event];
+    }
+    if (changed) {
+      writeJson(hooksPath, settings);
+      console.log(
+        chalk3.green("  \u2705 Removed PreToolUse / PostToolUse hooks from ~/.claude/settings.json")
+      );
+    } else {
+      console.log(chalk3.blue("  \u2139\uFE0F  No Node9 hooks found in ~/.claude/settings.json"));
+    }
+  }
+  const claudeConfig = readJson(mcpPath);
+  if (claudeConfig?.mcpServers) {
+    let mcpChanged = false;
+    for (const [name, server] of Object.entries(claudeConfig.mcpServers)) {
+      if (server.command === "node9" && Array.isArray(server.args) && server.args.length > 0) {
+        const [originalCmd, ...originalArgs] = server.args;
+        claudeConfig.mcpServers[name] = {
+          ...server,
+          command: originalCmd,
+          args: originalArgs.length ? originalArgs : void 0
+        };
+        mcpChanged = true;
+      } else if (server.command === "node9") {
+        console.warn(
+          chalk3.yellow(
+            `  \u26A0\uFE0F  Cannot unwrap MCP server "${name}" in ~/.claude.json \u2014 args is empty. Remove it manually.`
+          )
+        );
+      }
+    }
+    if (mcpChanged) {
+      writeJson(mcpPath, claudeConfig);
+      console.log(chalk3.green("  \u2705 Unwrapped MCP servers in ~/.claude.json"));
+    }
+  }
+}
+function teardownGemini() {
+  const homeDir2 = os3.homedir();
+  const settingsPath = path5.join(homeDir2, ".gemini", "settings.json");
+  const settings = readJson(settingsPath);
+  if (!settings) {
+    console.log(chalk3.blue("  \u2139\uFE0F  ~/.gemini/settings.json not found \u2014 nothing to remove"));
+    return;
+  }
+  let changed = false;
+  for (const event of ["BeforeTool", "AfterTool"]) {
+    const before = settings.hooks?.[event]?.length ?? 0;
+    if (settings.hooks?.[event]) {
+      settings.hooks[event] = settings.hooks[event].filter(
+        (m) => !m.hooks.some((h) => isNode9Hook(h.command))
+      );
+      if ((settings.hooks[event]?.length ?? 0) < before) changed = true;
+      if (settings.hooks[event]?.length === 0) delete settings.hooks[event];
+    }
+  }
+  if (settings.mcpServers) {
+    for (const [name, server] of Object.entries(settings.mcpServers)) {
+      if (server.command === "node9" && Array.isArray(server.args) && server.args.length > 0) {
+        const [originalCmd, ...originalArgs] = server.args;
+        settings.mcpServers[name] = {
+          ...server,
+          command: originalCmd,
+          args: originalArgs.length ? originalArgs : void 0
+        };
+        changed = true;
+      }
+    }
+  }
+  if (changed) {
+    writeJson(settingsPath, settings);
+    console.log(chalk3.green("  \u2705 Removed Node9 hooks from ~/.gemini/settings.json"));
+  } else {
+    console.log(chalk3.blue("  \u2139\uFE0F  No Node9 hooks found in ~/.gemini/settings.json"));
+  }
+}
+function teardownCursor() {
+  const homeDir2 = os3.homedir();
+  const mcpPath = path5.join(homeDir2, ".cursor", "mcp.json");
+  const mcpConfig = readJson(mcpPath);
+  if (!mcpConfig?.mcpServers) {
+    console.log(chalk3.blue("  \u2139\uFE0F  ~/.cursor/mcp.json not found \u2014 nothing to remove"));
+    return;
+  }
+  let changed = false;
+  for (const [name, server] of Object.entries(mcpConfig.mcpServers)) {
+    if (server.command === "node9" && Array.isArray(server.args) && server.args.length > 0) {
+      const [originalCmd, ...originalArgs] = server.args;
+      mcpConfig.mcpServers[name] = {
+        ...server,
+        command: originalCmd,
+        args: originalArgs.length ? originalArgs : void 0
+      };
+      changed = true;
+    }
+  }
+  if (changed) {
+    writeJson(mcpPath, mcpConfig);
+    console.log(chalk3.green("  \u2705 Unwrapped MCP servers in ~/.cursor/mcp.json"));
+  } else {
+    console.log(chalk3.blue("  \u2139\uFE0F  No Node9-wrapped MCP servers found in ~/.cursor/mcp.json"));
+  }
+}
 async function setupClaude() {
   const homeDir2 = os3.homedir();
   const mcpPath = path5.join(homeDir2, ".claude.json");
@@ -5536,6 +5686,87 @@ program.command("setup").description('Alias for "addto" \u2014 integrate Node9 w
   console.error(chalk6.red(`Unknown target: "${target}". Supported: claude, gemini, cursor`));
   process.exit(1);
 });
+program.command("removefrom").description("Remove Node9 hooks from an AI agent configuration").addHelpText("after", "\n  Supported targets:  claude  gemini  cursor").argument("<target>", "The agent to remove from: claude | gemini | cursor").action((target) => {
+  let fn;
+  if (target === "claude") fn = teardownClaude;
+  else if (target === "gemini") fn = teardownGemini;
+  else if (target === "cursor") fn = teardownCursor;
+  else {
+    console.error(chalk6.red(`Unknown target: "${target}". Supported: claude, gemini, cursor`));
+    process.exit(1);
+  }
+  console.log(chalk6.cyan(`
+\u{1F6E1}\uFE0F  Node9: removing hooks from ${target}...
+`));
+  try {
+    fn();
+  } catch (err) {
+    console.error(chalk6.red(`  \u26A0\uFE0F  Failed: ${err instanceof Error ? err.message : String(err)}`));
+    process.exit(1);
+  }
+  console.log(chalk6.gray("\n  Restart the agent for changes to take effect."));
+});
+program.command("uninstall").description("Remove all Node9 hooks and optionally delete config files").option("--purge", "Also delete ~/.node9/ directory (config, audit log, credentials)").action(async (options) => {
+  console.log(chalk6.cyan("\n\u{1F6E1}\uFE0F  Node9 Uninstall\n"));
+  console.log(chalk6.bold("Stopping daemon..."));
+  try {
+    stopDaemon();
+    console.log(chalk6.green("  \u2705 Daemon stopped"));
+  } catch {
+    console.log(chalk6.blue("  \u2139\uFE0F  Daemon was not running"));
+  }
+  console.log(chalk6.bold("\nRemoving hooks..."));
+  let teardownFailed = false;
+  for (const [label, fn] of [
+    ["Claude", teardownClaude],
+    ["Gemini", teardownGemini],
+    ["Cursor", teardownCursor]
+  ]) {
+    try {
+      fn();
+    } catch (err) {
+      teardownFailed = true;
+      console.error(
+        chalk6.red(
+          `  \u26A0\uFE0F  Failed to remove ${label} hooks: ${err instanceof Error ? err.message : String(err)}`
+        )
+      );
+    }
+  }
+  if (options.purge) {
+    const node9Dir = path9.join(os7.homedir(), ".node9");
+    if (fs7.existsSync(node9Dir)) {
+      const confirmed = await confirm3({
+        message: `Permanently delete ${node9Dir} (config, audit log, credentials)?`,
+        default: false
+      });
+      if (confirmed) {
+        fs7.rmSync(node9Dir, { recursive: true });
+        if (fs7.existsSync(node9Dir)) {
+          console.error(
+            chalk6.red("\n  \u26A0\uFE0F  ~/.node9/ could not be fully deleted \u2014 remove it manually.")
+          );
+        } else {
+          console.log(chalk6.green("\n  \u2705 Deleted ~/.node9/ (config, audit log, credentials)"));
+        }
+      } else {
+        console.log(chalk6.yellow("\n  Skipped \u2014 ~/.node9/ was not deleted."));
+      }
+    } else {
+      console.log(chalk6.blue("\n  \u2139\uFE0F  ~/.node9/ not found \u2014 nothing to delete"));
+    }
+  } else {
+    console.log(
+      chalk6.gray("\n  ~/.node9/ kept \u2014 run with --purge to delete config and audit log")
+    );
+  }
+  if (teardownFailed) {
+    console.error(chalk6.red("\n  \u26A0\uFE0F  Some hooks could not be removed \u2014 see errors above."));
+    process.exit(1);
+  }
+  console.log(chalk6.green.bold("\n\u{1F6E1}\uFE0F  Node9 removed. Run: npm uninstall -g @node9/proxy"));
+  console.log(chalk6.gray("   Restart any open AI agent sessions for changes to take effect.\n"));
+});
 program.command("doctor").description("Check that Node9 is installed and configured correctly").action(() => {
   const homeDir2 = os7.homedir();
   let failures = 0;
@@ -5946,9 +6177,14 @@ program.command("daemon").description("Run the local approval server").argument(
     startDaemon();
   }
 );
-program.command("tail").description("Stream live agent activity to the terminal").option("--history", "Include recent history on connect", false).option("--clear", "Clear history buffer and stream live events fresh", false).action(async (options) => {
+program.command("tail").description("Stream live agent activity to the terminal").option("--history", "Replay recent history then continue live", false).option("--clear", "Clear the history buffer and exit (does not stream)", false).action(async (options) => {
   const { startTail: startTail2 } = await Promise.resolve().then(() => (init_tail(), tail_exports));
-  await startTail2(options);
+  try {
+    await startTail2(options);
+  } catch (err) {
+    console.error(chalk6.red(`\u274C ${err instanceof Error ? err.message : String(err)}`));
+    process.exit(1);
+  }
 });
 program.command("check").description("Hook handler \u2014 evaluates a tool call before execution").argument("[data]", "JSON string of the tool call").action(async (data) => {
   const processPayload = async (raw) => {
@@ -6031,7 +6267,7 @@ RAW: ${raw}
       }
       const result = await authorizeHeadless(toolName, toolInput, false, meta);
       if (result.approved) {
-        if (result.checkedBy)
+        if (result.checkedBy && process.env.NODE9_DEBUG === "1")
           process.stderr.write(`\u2713 node9 [${result.checkedBy}]: "${toolName}" allowed
 `);
         process.exit(0);
@@ -6042,7 +6278,7 @@ RAW: ${raw}
         if (daemonReady) {
           const retry = await authorizeHeadless(toolName, toolInput, false, meta);
           if (retry.approved) {
-            if (retry.checkedBy)
+            if (retry.checkedBy && process.env.NODE9_DEBUG === "1")
               process.stderr.write(`\u2713 node9 [${retry.checkedBy}]: "${toolName}" allowed
 `);
             process.exit(0);

package/dist/index.js

@@ -1115,7 +1115,7 @@ var DEFAULT_CONFIG = {
           {
             field: "command",
             op: "matches",
-            value: "git push.*(--force|--force-with-lease|-f\\b)",
+            value: "^\\s*git\\b.*\\bpush\\b.*(--force|--force-with-lease|-f\\b)",
             flags: "i"
           }
         ],
@@ -1126,7 +1126,14 @@ var DEFAULT_CONFIG = {
       {
         name: "review-git-push",
         tool: "bash",
-        conditions: [{ field: "command", op: "matches", value: "^\\s*git\\s+push\\b", flags: "i" }],
+        conditions: [
+          {
+            field: "command",
+            op: "matches",
+            value: "^\\s*git\\b.*\\bpush\\b(?!.*(-f\\b|--force|--force-with-lease))",
+            flags: "i"
+          }
+        ],
         conditionMode: "all",
         verdict: "review",
         reason: "git push sends changes to a shared remote"
@@ -1138,7 +1145,7 @@ var DEFAULT_CONFIG = {
           {
             field: "command",
             op: "matches",
-            value: "git\\s+(reset\\s+--hard|clean\\s+-[fdxX]|rebase|tag\\s+-d|branch\\s+-[dD])",
+            value: "^\\s*git\\b.*(reset\\s+--hard|clean\\s+-[fdxX]|\\brebase\\b|tag\\s+-d|branch\\s+-[dD])",
             flags: "i"
           }
         ],

package/dist/index.mjs

@@ -1079,7 +1079,7 @@ var DEFAULT_CONFIG = {
           {
             field: "command",
             op: "matches",
-            value: "git push.*(--force|--force-with-lease|-f\\b)",
+            value: "^\\s*git\\b.*\\bpush\\b.*(--force|--force-with-lease|-f\\b)",
             flags: "i"
           }
         ],
@@ -1090,7 +1090,14 @@ var DEFAULT_CONFIG = {
       {
         name: "review-git-push",
         tool: "bash",
-        conditions: [{ field: "command", op: "matches", value: "^\\s*git\\s+push\\b", flags: "i" }],
+        conditions: [
+          {
+            field: "command",
+            op: "matches",
+            value: "^\\s*git\\b.*\\bpush\\b(?!.*(-f\\b|--force|--force-with-lease))",
+            flags: "i"
+          }
+        ],
         conditionMode: "all",
         verdict: "review",
         reason: "git push sends changes to a shared remote"
@@ -1102,7 +1109,7 @@ var DEFAULT_CONFIG = {
           {
             field: "command",
             op: "matches",
-            value: "git\\s+(reset\\s+--hard|clean\\s+-[fdxX]|rebase|tag\\s+-d|branch\\s+-[dD])",
+            value: "^\\s*git\\b.*(reset\\s+--hard|clean\\s+-[fdxX]|\\brebase\\b|tag\\s+-d|branch\\s+-[dD])",
             flags: "i"
           }
         ],

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@node9/proxy",
-  "version": "1.0.17",
+  "version": "1.0.19",
   "description": "The Sudo Command for AI Agents. Execution Security for Claude Code & MCP.",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -59,6 +59,7 @@
     "fix": "npm run format && npm run lint:fix",
     "validate": "npm run format && npm run lint && npm run typecheck && npm run test && npm run test:e2e && npm run build",
     "test:e2e": "NODE9_TESTING=1 bash scripts/e2e.sh",
+    "preuninstall": "node9 uninstall || echo 'node9 uninstall failed — remove hooks manually from ~/.claude/settings.json'",
     "prepublishOnly": "npm run validate",
     "test": "NODE_ENV=test vitest --run",
     "test:watch": "NODE_ENV=test vitest",