@node9/proxy 1.0.7 → 1.0.8

package/dist/index.mjs

@@ -2,13 +2,14 @@
 import chalk2 from "chalk";
 import { confirm } from "@inquirer/prompts";
 import fs from "fs";
-import path from "path";
+import path2 from "path";
 import os from "os";
 import pm from "picomatch";
 import { parse } from "sh-syntax";
 
 // src/ui/native.ts
 import { spawn } from "child_process";
+import path from "path";
 import chalk from "chalk";
 var isTestEnv = () => {
   return process.env.NODE_ENV === "test" || process.env.VITEST === "true" || !!process.env.VITEST || process.env.CI === "true" || !!process.env.CI || process.env.NODE9_TESTING === "1";
@@ -18,8 +19,29 @@ function smartTruncate(str, maxLen = 500) {
   const edge = Math.floor(maxLen / 2) - 3;
   return `${str.slice(0, edge)} ... ${str.slice(-edge)}`;
 }
-function formatArgs(args) {
-  if (args === null || args === void 0) return "(none)";
+function extractContext(text, matchedWord) {
+  const lines = text.split("\n");
+  if (lines.length <= 7 || !matchedWord) return smartTruncate(text, 500);
+  const escaped = matchedWord.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+  const pattern = new RegExp(`\\b${escaped}\\b`, "i");
+  const allHits = lines.map((line, i) => ({ i, line })).filter(({ line }) => pattern.test(line));
+  if (allHits.length === 0) return smartTruncate(text, 500);
+  const nonComment = allHits.find(({ line }) => {
+    const trimmed = line.trim();
+    return !trimmed.startsWith("//") && !trimmed.startsWith("#");
+  });
+  const hitIndex = (nonComment ?? allHits[0]).i;
+  const start = Math.max(0, hitIndex - 3);
+  const end = Math.min(lines.length, hitIndex + 4);
+  const snippet = lines.slice(start, end).map((line, i) => `${start + i === hitIndex ? "\u{1F6D1} " : "   "}${line}`).join("\n");
+  const head = start > 0 ? `... [${start} lines hidden] ...
+` : "";
+  const tail = end < lines.length ? `
+... [${lines.length - end} lines hidden] ...` : "";
+  return `${head}${snippet}${tail}`;
+}
+function formatArgs(args, matchedField, matchedWord) {
+  if (args === null || args === void 0) return { message: "(none)", intent: "EXEC" };
   let parsed = args;
   if (typeof args === "string") {
     const trimmed = args.trim();
@@ -30,11 +52,39 @@ function formatArgs(args) {
         parsed = args;
       }
     } else {
-      return smartTruncate(args, 600);
+      return { message: smartTruncate(args, 600), intent: "EXEC" };
     }
   }
   if (typeof parsed === "object" && !Array.isArray(parsed)) {
     const obj = parsed;
+    if (obj.old_string !== void 0 && obj.new_string !== void 0) {
+      const file = obj.file_path ? path.basename(String(obj.file_path)) : "file";
+      const oldPreview = smartTruncate(String(obj.old_string), 120);
+      const newPreview = extractContext(String(obj.new_string), matchedWord);
+      return {
+        intent: "EDIT",
+        message: `\u{1F4DD} EDITING: ${file}
+\u{1F4C2} PATH: ${obj.file_path}
+
+--- REPLACING ---
+${oldPreview}
+
++++ NEW CODE +++
+${newPreview}`
+      };
+    }
+    if (matchedField && obj[matchedField] !== void 0) {
+      const otherKeys = Object.keys(obj).filter((k) => k !== matchedField);
+      const context = otherKeys.length > 0 ? `\u2699\uFE0F  Context: ${otherKeys.map((k) => `${k}=${smartTruncate(typeof obj[k] === "object" ? JSON.stringify(obj[k]) : String(obj[k]), 30)}`).join(", ")}
+
+` : "";
+      const content = extractContext(String(obj[matchedField]), matchedWord);
+      return {
+        intent: "EXEC",
+        message: `${context}\u{1F6D1} [${matchedField.toUpperCase()}]:
+${content}`
+      };
+    }
     const codeKeys = [
       "command",
       "cmd",
@@ -55,14 +105,18 @@ function formatArgs(args) {
     if (foundKey) {
       const val = obj[foundKey];
       const str = typeof val === "string" ? val : JSON.stringify(val);
-      return `[${foundKey.toUpperCase()}]:
-${smartTruncate(str, 500)}`;
+      return {
+        intent: "EXEC",
+        message: `[${foundKey.toUpperCase()}]:
+${smartTruncate(str, 500)}`
+      };
     }
-    return Object.entries(obj).slice(0, 5).map(
+    const msg = Object.entries(obj).slice(0, 5).map(
       ([k, v]) => `  ${k}: ${smartTruncate(typeof v === "string" ? v : JSON.stringify(v), 300)}`
     ).join("\n");
+    return { intent: "EXEC", message: msg };
   }
-  return smartTruncate(JSON.stringify(parsed), 200);
+  return { intent: "EXEC", message: smartTruncate(JSON.stringify(parsed), 200) };
 }
 function sendDesktopNotification(title, body) {
   if (isTestEnv()) return;
@@ -115,10 +169,11 @@ function buildPangoMessage(toolName, formattedArgs, agent, explainableLabel, loc
   }
   return lines.join("\n");
 }
-async function askNativePopup(toolName, args, agent, explainableLabel, locked = false, signal) {
+async function askNativePopup(toolName, args, agent, explainableLabel, locked = false, signal, matchedField, matchedWord) {
   if (isTestEnv()) return "deny";
-  const formattedArgs = formatArgs(args);
-  const title = locked ? `\u26A1 Node9 \u2014 Locked` : `\u{1F6E1}\uFE0F Node9 \u2014 Action Approval`;
+  const { message: formattedArgs, intent } = formatArgs(args, matchedField, matchedWord);
+  const intentLabel = intent === "EDIT" ? "Code Edit" : "Action Approval";
+  const title = locked ? `\u26A1 Node9 \u2014 Locked` : `\u{1F6E1}\uFE0F Node9 \u2014 ${intentLabel}`;
   const message = buildPlainMessage(toolName, formattedArgs, agent, explainableLabel, locked);
   process.stderr.write(chalk.yellow(`
 \u{1F6E1}\uFE0F  Node9: Intercepted "${toolName}" \u2014 awaiting user...
@@ -196,10 +251,10 @@ end run`;
 }
 
 // src/core.ts
-var PAUSED_FILE = path.join(os.homedir(), ".node9", "PAUSED");
-var TRUST_FILE = path.join(os.homedir(), ".node9", "trust.json");
-var LOCAL_AUDIT_LOG = path.join(os.homedir(), ".node9", "audit.log");
-var HOOK_DEBUG_LOG = path.join(os.homedir(), ".node9", "hook-debug.log");
+var PAUSED_FILE = path2.join(os.homedir(), ".node9", "PAUSED");
+var TRUST_FILE = path2.join(os.homedir(), ".node9", "trust.json");
+var LOCAL_AUDIT_LOG = path2.join(os.homedir(), ".node9", "audit.log");
+var HOOK_DEBUG_LOG = path2.join(os.homedir(), ".node9", "hook-debug.log");
 function checkPause() {
   try {
     if (!fs.existsSync(PAUSED_FILE)) return { paused: false };
@@ -217,7 +272,7 @@ function checkPause() {
   }
 }
 function atomicWriteSync(filePath, data, options) {
-  const dir = path.dirname(filePath);
+  const dir = path2.dirname(filePath);
   if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
   const tmpPath = `${filePath}.${os.hostname()}.${process.pid}.tmp`;
   fs.writeFileSync(tmpPath, data, options);
@@ -258,7 +313,7 @@ function writeTrustSession(toolName, durationMs) {
 }
 function appendToLog(logPath, entry) {
   try {
-    const dir = path.dirname(logPath);
+    const dir = path2.dirname(logPath);
     if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
     fs.appendFileSync(logPath, JSON.stringify(entry) + "\n");
   } catch {
@@ -302,9 +357,9 @@ function matchesPattern(text, patterns) {
   const withoutDotSlash = text.replace(/^\.\//, "");
   return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
 }
-function getNestedValue(obj, path2) {
+function getNestedValue(obj, path3) {
   if (!obj || typeof obj !== "object") return null;
-  return path2.split(".").reduce((prev, curr) => prev?.[curr], obj);
+  return path3.split(".").reduce((prev, curr) => prev?.[curr], obj);
 }
 function evaluateSmartConditions(args, rule) {
   if (!rule.conditions || rule.conditions.length === 0) return true;
@@ -493,6 +548,18 @@ var DEFAULT_CONFIG = {
       "terminal.execute": "command",
       "postgres:query": "sql"
     },
+    snapshot: {
+      tools: [
+        "str_replace_based_edit_tool",
+        "write_file",
+        "edit_file",
+        "create_file",
+        "edit",
+        "replace"
+      ],
+      onlyPaths: [],
+      ignorePaths: ["**/node_modules/**", "dist/**", "build/**", ".next/**", "**/*.log"]
+    },
     rules: [
       {
         action: "rm",
@@ -528,7 +595,7 @@ var DEFAULT_CONFIG = {
 var cachedConfig = null;
 function getInternalToken() {
   try {
-    const pidFile = path.join(os.homedir(), ".node9", "daemon.pid");
+    const pidFile = path2.join(os.homedir(), ".node9", "daemon.pid");
     if (!fs.existsSync(pidFile)) return null;
     const data = JSON.parse(fs.readFileSync(pidFile, "utf-8"));
     process.kill(data.pid, 0);
@@ -632,9 +699,29 @@ async function evaluatePolicy(toolName, args, agent) {
     })
   );
   if (isDangerous) {
+    let matchedField;
+    if (matchedDangerousWord && args && typeof args === "object" && !Array.isArray(args)) {
+      const obj = args;
+      for (const [key, value] of Object.entries(obj)) {
+        if (typeof value === "string") {
+          try {
+            if (new RegExp(
+              `\\b${matchedDangerousWord.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}\\b`,
+              "i"
+            ).test(value)) {
+              matchedField = key;
+              break;
+            }
+          } catch {
+          }
+        }
+      }
+    }
     return {
       decision: "review",
-      blockedByLabel: `Project/Global Config \u2014 dangerous word: "${matchedDangerousWord}"`
+      blockedByLabel: `Project/Global Config \u2014 dangerous word: "${matchedDangerousWord}"`,
+      matchedWord: matchedDangerousWord,
+      matchedField
     };
   }
   if (config.settings.mode === "strict") {
@@ -652,7 +739,7 @@ var DAEMON_PORT = 7391;
 var DAEMON_HOST = "127.0.0.1";
 function isDaemonRunning() {
   try {
-    const pidFile = path.join(os.homedir(), ".node9", "daemon.pid");
+    const pidFile = path2.join(os.homedir(), ".node9", "daemon.pid");
     if (!fs.existsSync(pidFile)) return false;
     const { pid, port } = JSON.parse(fs.readFileSync(pidFile, "utf-8"));
     if (port !== DAEMON_PORT) return false;
@@ -664,7 +751,7 @@ function isDaemonRunning() {
 }
 function getPersistentDecision(toolName) {
   try {
-    const file = path.join(os.homedir(), ".node9", "decisions.json");
+    const file = path2.join(os.homedir(), ".node9", "decisions.json");
     if (!fs.existsSync(file)) return null;
     const decisions = JSON.parse(fs.readFileSync(file, "utf-8"));
     const d = decisions[toolName];
@@ -735,7 +822,7 @@ async function resolveViaDaemon(id, decision, internalToken) {
     signal: AbortSignal.timeout(3e3)
   });
 }
-async function authorizeHeadless(toolName, args, allowTerminalFallback = false, meta) {
+async function authorizeHeadless(toolName, args, allowTerminalFallback = false, meta, options) {
   if (process.env.NODE9_PAUSED === "1") return { approved: true, checkedBy: "paused" };
   const pauseState = checkPause();
   if (pauseState.paused) return { approved: true, checkedBy: "paused" };
@@ -755,6 +842,8 @@ async function authorizeHeadless(toolName, args, allowTerminalFallback = false,
   }
   const isManual = meta?.agent === "Terminal";
   let explainableLabel = "Local Config";
+  let policyMatchedField;
+  let policyMatchedWord;
   if (config.settings.mode === "audit") {
     if (!isIgnoredTool(toolName)) {
       const policyResult = await evaluatePolicy(toolName, args, meta?.agent);
@@ -790,6 +879,8 @@ async function authorizeHeadless(toolName, args, allowTerminalFallback = false,
       };
     }
     explainableLabel = policyResult.blockedByLabel || "Local Config";
+    policyMatchedField = policyResult.matchedField;
+    policyMatchedWord = policyResult.matchedWord;
     const persistent = getPersistentDecision(toolName);
     if (persistent === "allow") {
       if (creds?.apiKey) auditLocalAllow(toolName, args, "persistent", creds, meta);
@@ -882,7 +973,7 @@ async function authorizeHeadless(toolName, args, allowTerminalFallback = false,
     racePromises.push(
       (async () => {
         try {
-          if (isDaemonRunning() && internalToken) {
+          if (isDaemonRunning() && internalToken && !options?.calledFromDaemon) {
             viewerId = await notifyDaemonViewer(toolName, args, meta).catch(() => null);
           }
           const cloudResult = await pollNode9SaaS(cloudRequestId, creds, signal);
@@ -910,7 +1001,9 @@ async function authorizeHeadless(toolName, args, allowTerminalFallback = false,
           meta?.agent,
           explainableLabel,
           isRemoteLocked,
-          signal
+          signal,
+          policyMatchedField,
+          policyMatchedWord
         );
         if (decision === "always_allow") {
           writeTrustSession(toolName, 36e5);
@@ -927,7 +1020,7 @@ async function authorizeHeadless(toolName, args, allowTerminalFallback = false,
       })()
     );
   }
-  if (approvers.browser && isDaemonRunning()) {
+  if (approvers.browser && isDaemonRunning() && !options?.calledFromDaemon) {
     racePromises.push(
       (async () => {
         try {
@@ -1063,8 +1156,8 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
 }
 function getConfig() {
   if (cachedConfig) return cachedConfig;
-  const globalPath = path.join(os.homedir(), ".node9", "config.json");
-  const projectPath = path.join(process.cwd(), "node9.config.json");
+  const globalPath = path2.join(os.homedir(), ".node9", "config.json");
+  const projectPath = path2.join(process.cwd(), "node9.config.json");
   const globalConfig = tryLoadConfig(globalPath);
   const projectConfig = tryLoadConfig(projectPath);
   const mergedSettings = {
@@ -1077,7 +1170,12 @@ function getConfig() {
     ignoredTools: [...DEFAULT_CONFIG.policy.ignoredTools],
     toolInspection: { ...DEFAULT_CONFIG.policy.toolInspection },
     rules: [...DEFAULT_CONFIG.policy.rules],
-    smartRules: [...DEFAULT_CONFIG.policy.smartRules]
+    smartRules: [...DEFAULT_CONFIG.policy.smartRules],
+    snapshot: {
+      tools: [...DEFAULT_CONFIG.policy.snapshot.tools],
+      onlyPaths: [...DEFAULT_CONFIG.policy.snapshot.onlyPaths],
+      ignorePaths: [...DEFAULT_CONFIG.policy.snapshot.ignorePaths]
+    }
   };
   const applyLayer = (source) => {
     if (!source) return;
@@ -1089,6 +1187,7 @@ function getConfig() {
     if (s.enableHookLogDebug !== void 0)
       mergedSettings.enableHookLogDebug = s.enableHookLogDebug;
     if (s.approvers) mergedSettings.approvers = { ...mergedSettings.approvers, ...s.approvers };
+    if (s.approvalTimeoutMs !== void 0) mergedSettings.approvalTimeoutMs = s.approvalTimeoutMs;
     if (s.environment !== void 0) mergedSettings.environment = s.environment;
     if (p.sandboxPaths) mergedPolicy.sandboxPaths.push(...p.sandboxPaths);
     if (p.ignoredTools) mergedPolicy.ignoredTools.push(...p.ignoredTools);
@@ -1097,6 +1196,12 @@ function getConfig() {
       mergedPolicy.toolInspection = { ...mergedPolicy.toolInspection, ...p.toolInspection };
     if (p.rules) mergedPolicy.rules.push(...p.rules);
     if (p.smartRules) mergedPolicy.smartRules.push(...p.smartRules);
+    if (p.snapshot) {
+      const s2 = p.snapshot;
+      if (s2.tools) mergedPolicy.snapshot.tools.push(...s2.tools);
+      if (s2.onlyPaths) mergedPolicy.snapshot.onlyPaths.push(...s2.onlyPaths);
+      if (s2.ignorePaths) mergedPolicy.snapshot.ignorePaths.push(...s2.ignorePaths);
+    }
   };
   applyLayer(globalConfig);
   applyLayer(projectConfig);
@@ -1104,6 +1209,9 @@ function getConfig() {
   mergedPolicy.sandboxPaths = [...new Set(mergedPolicy.sandboxPaths)];
   mergedPolicy.dangerousWords = [...new Set(mergedPolicy.dangerousWords)];
   mergedPolicy.ignoredTools = [...new Set(mergedPolicy.ignoredTools)];
+  mergedPolicy.snapshot.tools = [...new Set(mergedPolicy.snapshot.tools)];
+  mergedPolicy.snapshot.onlyPaths = [...new Set(mergedPolicy.snapshot.onlyPaths)];
+  mergedPolicy.snapshot.ignorePaths = [...new Set(mergedPolicy.snapshot.ignorePaths)];
   cachedConfig = {
     settings: mergedSettings,
     policy: mergedPolicy,
@@ -1132,7 +1240,7 @@ function getCredentials() {
     };
   }
   try {
-    const credPath = path.join(os.homedir(), ".node9", "credentials.json");
+    const credPath = path2.join(os.homedir(), ".node9", "credentials.json");
     if (fs.existsSync(credPath)) {
       const creds = JSON.parse(fs.readFileSync(credPath, "utf-8"));
       const profileName = process.env.NODE9_PROFILE || "default";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@node9/proxy",
-  "version": "1.0.7",
+  "version": "1.0.8",
   "description": "The Sudo Command for AI Agents. Execution Security for Claude Code & MCP.",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -41,7 +41,7 @@
     "hitl"
   ],
   "author": "Nadav <nadav@node9.ai>",
-  "license": "MIT",
+  "license": "Apache-2.0",
   "files": [
     "dist",
     "README.md",
@@ -73,6 +73,8 @@
     "sh-syntax": "^0.5.8"
   },
   "devDependencies": {
+    "@anthropic-ai/sdk": "^0.78.0",
+    "@octokit/rest": "^22.0.1",
     "@semantic-release/commit-analyzer": "^13.0.1",
     "@semantic-release/git": "^10.0.1",
     "@semantic-release/github": "^12.0.6",