@node9/proxy 1.0.4 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +67 -6
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -16,11 +16,7 @@ While others try to _guess_ if a prompt is malicious (Semantic Security), Node9
|
|
|
16
16
|
**AIs are literal.** When you ask an agent to "Fix my disk space," it might decide to run `docker system prune -af`.
|
|
17
17
|
|
|
18
18
|
<p align="center">
|
|
19
|
-
<<<<<<< dev
|
|
20
|
-
<img src="https://github.com/user-attachments/assets/afae9caa-0605-4cac-929a-c14198383169" width="100%">
|
|
21
|
-
=======
|
|
22
19
|
<img src="https://github.com/user-attachments/assets/0e45e843-4cf7-408e-95ce-23fb09525ee4" width="100%">
|
|
23
|
-
>>>>>>> main
|
|
24
20
|
</p>
|
|
25
21
|
|
|
26
22
|
**With Node9, the interaction looks like this:**
|
|
@@ -79,6 +75,8 @@ Revert to this snapshot? [y/N]
|
|
|
79
75
|
|
|
80
76
|
Node9 keeps the last 10 snapshots. Snapshots are only taken for file-writing tools (`write_file`, `edit_file`, `str_replace_based_edit_tool`, `create_file`) — not for read-only or shell commands.
|
|
81
77
|
|
|
78
|
+
Node9 keeps the last 10 snapshots. Snapshots are only taken for file-writing tools (`write_file`, `edit_file`, `str_replace_based_edit_tool`, `create_file`) — not for read-only or shell commands.
|
|
79
|
+
|
|
82
80
|
### 🌊 The Resolution Waterfall
|
|
83
81
|
|
|
84
82
|
Security posture is resolved using a strict 5-tier waterfall:
|
|
@@ -97,13 +95,17 @@ Security posture is resolved using a strict 5-tier waterfall:
|
|
|
97
95
|
npm install -g @node9/proxy
|
|
98
96
|
|
|
99
97
|
# 1. Setup protection for your favorite agent
|
|
100
|
-
node9
|
|
98
|
+
node9 setup # interactive menu — picks the right agent for you
|
|
99
|
+
node9 addto claude # or wire directly
|
|
101
100
|
node9 addto gemini
|
|
102
101
|
|
|
103
102
|
# 2. Initialize your local safety net
|
|
104
103
|
node9 init
|
|
105
104
|
|
|
106
|
-
# 3.
|
|
105
|
+
# 3. Verify everything is wired correctly
|
|
106
|
+
node9 doctor
|
|
107
|
+
|
|
108
|
+
# 4. Check your status
|
|
107
109
|
node9 status
|
|
108
110
|
```
|
|
109
111
|
|
|
@@ -151,6 +153,65 @@ Rules are **merged additive**—you cannot "un-danger" a word locally if it was
|
|
|
151
153
|
|
|
152
154
|
---
|
|
153
155
|
|
|
156
|
+
## 🖥️ CLI Reference
|
|
157
|
+
|
|
158
|
+
| Command | Description |
|
|
159
|
+
| :---------------------------- | :------------------------------------------------------------------------------------ |
|
|
160
|
+
| `node9 setup` | Interactive menu — detects installed agents and wires hooks for you |
|
|
161
|
+
| `node9 addto <agent>` | Wire hooks for a specific agent (`claude`, `gemini`, `cursor`) |
|
|
162
|
+
| `node9 init` | Create default `~/.node9/config.json` |
|
|
163
|
+
| `node9 status` | Show current protection status and active rules |
|
|
164
|
+
| `node9 doctor` | Health check — verifies binaries, config, credentials, and all agent hooks |
|
|
165
|
+
| `node9 explain <tool> [args]` | Trace the policy waterfall for a given tool call (dry-run, no approval prompt) |
|
|
166
|
+
| `node9 undo [--steps N]` | Revert the last N AI file edits using shadow Git snapshots |
|
|
167
|
+
| `node9 check` | Called by agent hooks; evaluates a pending tool call and exits 0 (allow) or 1 (block) |
|
|
168
|
+
|
|
169
|
+
### `node9 doctor`
|
|
170
|
+
|
|
171
|
+
Runs a full self-test and exits 1 if any required check fails:
|
|
172
|
+
|
|
173
|
+
```
|
|
174
|
+
Node9 Doctor v1.2.0
|
|
175
|
+
────────────────────────────────────────
|
|
176
|
+
Binaries
|
|
177
|
+
✅ Node.js v20.11.0
|
|
178
|
+
✅ git version 2.43.0
|
|
179
|
+
|
|
180
|
+
Configuration
|
|
181
|
+
✅ ~/.node9/config.json found and valid
|
|
182
|
+
✅ ~/.node9/credentials.json — cloud credentials found
|
|
183
|
+
|
|
184
|
+
Agent Hooks
|
|
185
|
+
✅ Claude Code — PreToolUse hook active
|
|
186
|
+
⚠️ Gemini CLI — not configured (optional)
|
|
187
|
+
⚠️ Cursor — not configured (optional)
|
|
188
|
+
|
|
189
|
+
────────────────────────────────────────
|
|
190
|
+
All checks passed ✅
|
|
191
|
+
```
|
|
192
|
+
|
|
193
|
+
### `node9 explain`
|
|
194
|
+
|
|
195
|
+
Dry-runs the policy engine and prints exactly which rule (or waterfall tier) would block or allow a given tool call — useful for debugging your config:
|
|
196
|
+
|
|
197
|
+
```bash
|
|
198
|
+
node9 explain bash '{"command":"rm -rf /tmp/build"}'
|
|
199
|
+
```
|
|
200
|
+
|
|
201
|
+
```
|
|
202
|
+
Policy Waterfall for: bash
|
|
203
|
+
──────────────────────────────────────────────
|
|
204
|
+
Tier 1 · Cloud Org Policy SKIP (no org policy loaded)
|
|
205
|
+
Tier 2 · Dangerous Words BLOCK ← matched "rm -rf"
|
|
206
|
+
Tier 3 · Path Block –
|
|
207
|
+
Tier 4 · Inline Exec –
|
|
208
|
+
Tier 5 · Rule Match –
|
|
209
|
+
──────────────────────────────────────────────
|
|
210
|
+
Verdict: BLOCK (dangerous word: rm -rf)
|
|
211
|
+
```
|
|
212
|
+
|
|
213
|
+
---
|
|
214
|
+
|
|
154
215
|
## 🔧 Troubleshooting
|
|
155
216
|
|
|
156
217
|
**`node9 check` exits immediately / Claude is never blocked**
|