@node9/proxy 1.1.0 → 1.1.1

package/dist/cli.js

@@ -790,7 +790,9 @@ var init_dlp = __esm({
     DLP_PATTERNS = [
       { name: "AWS Access Key ID", regex: /\bAKIA[0-9A-Z]{16}\b/, severity: "block" },
       { name: "GitHub Token", regex: /\bgh[pous]_[A-Za-z0-9]{36}\b/, severity: "block" },
-      { name: "Slack Bot Token", regex: /\bxoxb-[0-9A-Za-z-]+\b/, severity: "block" },
+      // Slack bot tokens: xoxb- + variable segment. Real tokens are ~50–80 chars;
+      // lower bound 20 avoids false negatives on partial tokens, upper 100 caps scan cost.
+      { name: "Slack Bot Token", regex: /\bxoxb-[0-9A-Za-z-]{20,100}\b/, severity: "block" },
       { name: "OpenAI API Key", regex: /\bsk-[a-zA-Z0-9_-]{20,}\b/, severity: "block" },
       { name: "Stripe Secret Key", regex: /\bsk_(?:live|test)_[0-9a-zA-Z]{24}\b/, severity: "block" },
       {
@@ -878,40 +880,13 @@ function resumeNode9() {
 function validateRegex(pattern) {
   if (!pattern) return "Pattern is required";
   if (pattern.length > MAX_REGEX_LENGTH) return `Pattern exceeds max length of ${MAX_REGEX_LENGTH}`;
-  let parens = 0, brackets = 0, isEscaped = false, inCharClass = false;
-  for (let i = 0; i < pattern.length; i++) {
-    const char = pattern[i];
-    if (isEscaped) {
-      isEscaped = false;
-      continue;
-    }
-    if (char === "\\") {
-      isEscaped = true;
-      continue;
-    }
-    if (char === "[" && !inCharClass) {
-      inCharClass = true;
-      brackets++;
-      continue;
-    }
-    if (char === "]" && inCharClass) {
-      inCharClass = false;
-      brackets--;
-      continue;
-    }
-    if (inCharClass) continue;
-    if (char === "(") parens++;
-    else if (char === ")") parens--;
-  }
-  if (parens !== 0) return "Unbalanced parentheses";
-  if (brackets !== 0) return "Unbalanced brackets";
-  if (/\\\d+[*+{]/.test(pattern)) return "Quantified backreferences are forbidden (ReDoS risk)";
-  if (!(0, import_safe_regex2.default)(pattern)) return "Pattern rejected: potential ReDoS vulnerability detected";
   try {
     new RegExp(pattern);
   } catch (e) {
     return `Invalid regex syntax: ${e.message}`;
   }
+  if (/\\\d+[*+{]/.test(pattern)) return "Quantified backreferences are forbidden (ReDoS risk)";
+  if (!(0, import_safe_regex2.default)(pattern)) return "Pattern rejected: potential ReDoS vulnerability detected";
   return null;
 }
 function getCompiledRegex(pattern, flags = "") {
@@ -2125,10 +2100,10 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
   }
   return finalResult;
 }
-function getConfig() {
-  if (cachedConfig) return cachedConfig;
+function getConfig(cwd) {
+  if (!cwd && cachedConfig) return cachedConfig;
   const globalPath = import_path5.default.join(import_os2.default.homedir(), ".node9", "config.json");
-  const projectPath = import_path5.default.join(process.cwd(), "node9.config.json");
+  const projectPath = import_path5.default.join(cwd ?? process.cwd(), "node9.config.json");
   const globalConfig = tryLoadConfig(globalPath);
   const projectConfig = tryLoadConfig(projectPath);
   const mergedSettings = {
@@ -2215,12 +2190,13 @@ function getConfig() {
   mergedPolicy.snapshot.tools = [...new Set(mergedPolicy.snapshot.tools)];
   mergedPolicy.snapshot.onlyPaths = [...new Set(mergedPolicy.snapshot.onlyPaths)];
   mergedPolicy.snapshot.ignorePaths = [...new Set(mergedPolicy.snapshot.ignorePaths)];
-  cachedConfig = {
+  const result = {
     settings: mergedSettings,
     policy: mergedPolicy,
     environments: mergedEnvironments
   };
-  return cachedConfig;
+  if (!cwd) cachedConfig = result;
+  return result;
 }
 function tryLoadConfig(filePath) {
   if (!import_fs3.default.existsSync(filePath)) return null;
@@ -5683,9 +5659,19 @@ function applyUndo(hash, cwd) {
       env,
       timeout: GIT_TIMEOUT
     });
+    if (lsTree.status !== 0) {
+      process.stderr.write(`[Node9] applyUndo: git ls-tree failed for hash ${hash}
+`);
+      return false;
+    }
     const snapshotFiles = new Set(
       lsTree.stdout?.toString().trim().split("\n").filter(Boolean) ?? []
     );
+    if (snapshotFiles.size === 0) {
+      process.stderr.write(`[Node9] applyUndo: ls-tree returned no files for hash ${hash}
+`);
+      return false;
+    }
     const tracked = (0, import_child_process4.spawnSync)("git", ["ls-files"], { cwd: dir, env, timeout: GIT_TIMEOUT }).stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
     const untracked = (0, import_child_process4.spawnSync)("git", ["ls-files", "--others", "--exclude-standard"], {
       cwd: dir,
@@ -5840,7 +5826,7 @@ async function runProxy(targetCommand) {
     if (stdout) executable = stdout.trim();
   } catch {
   }
-  console.log(import_chalk6.default.green(`\u{1F680} Node9 Proxy Active: Monitoring [${targetCommand}]`));
+  console.error(import_chalk6.default.green(`\u{1F680} Node9 Proxy Active: Monitoring [${targetCommand}]`));
   const child = (0, import_child_process6.spawn)(executable, args, {
     stdio: ["pipe", "pipe", "inherit"],
     // We control STDIN and STDOUT
@@ -6511,14 +6497,7 @@ RAW: ${raw}
         }
         process.exit(0);
       }
-      if (payload.cwd) {
-        try {
-          process.chdir(payload.cwd);
-          _resetConfigCache();
-        } catch {
-        }
-      }
-      const config = getConfig();
+      const config = getConfig(payload.cwd || void 0);
       if (process.env.NODE9_DEBUG === "1" || config.settings.enableHookLogDebug) {
         const logPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
         if (!import_fs8.default.existsSync(import_path10.default.dirname(logPath)))
@@ -6651,11 +6630,21 @@ program.command("log").description("PostToolUse hook \u2014 records executed too
       if (!import_fs8.default.existsSync(import_path10.default.dirname(logPath)))
         import_fs8.default.mkdirSync(import_path10.default.dirname(logPath), { recursive: true });
       import_fs8.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
-      const config = getConfig();
+      const safeCwd = typeof payload.cwd === "string" && import_path10.default.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+      const config = getConfig(safeCwd);
       if (shouldSnapshot(tool, {}, config)) {
         await createShadowSnapshot("unknown", {}, config.policy.snapshot.ignorePaths);
       }
-    } catch {
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      process.stderr.write(`[Node9] audit log error: ${msg}
+`);
+      const debugPath = import_path10.default.join(import_os7.default.homedir(), ".node9", "hook-debug.log");
+      try {
+        import_fs8.default.appendFileSync(debugPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] LOG_ERROR: ${msg}
+`);
+      } catch {
+      }
     }
     process.exit(0);
   };

package/dist/cli.mjs

@@ -769,7 +769,9 @@ var init_dlp = __esm({
     DLP_PATTERNS = [
       { name: "AWS Access Key ID", regex: /\bAKIA[0-9A-Z]{16}\b/, severity: "block" },
       { name: "GitHub Token", regex: /\bgh[pous]_[A-Za-z0-9]{36}\b/, severity: "block" },
-      { name: "Slack Bot Token", regex: /\bxoxb-[0-9A-Za-z-]+\b/, severity: "block" },
+      // Slack bot tokens: xoxb- + variable segment. Real tokens are ~50–80 chars;
+      // lower bound 20 avoids false negatives on partial tokens, upper 100 caps scan cost.
+      { name: "Slack Bot Token", regex: /\bxoxb-[0-9A-Za-z-]{20,100}\b/, severity: "block" },
       { name: "OpenAI API Key", regex: /\bsk-[a-zA-Z0-9_-]{20,}\b/, severity: "block" },
       { name: "Stripe Secret Key", regex: /\bsk_(?:live|test)_[0-9a-zA-Z]{24}\b/, severity: "block" },
       {
@@ -868,40 +870,13 @@ function resumeNode9() {
 function validateRegex(pattern) {
   if (!pattern) return "Pattern is required";
   if (pattern.length > MAX_REGEX_LENGTH) return `Pattern exceeds max length of ${MAX_REGEX_LENGTH}`;
-  let parens = 0, brackets = 0, isEscaped = false, inCharClass = false;
-  for (let i = 0; i < pattern.length; i++) {
-    const char = pattern[i];
-    if (isEscaped) {
-      isEscaped = false;
-      continue;
-    }
-    if (char === "\\") {
-      isEscaped = true;
-      continue;
-    }
-    if (char === "[" && !inCharClass) {
-      inCharClass = true;
-      brackets++;
-      continue;
-    }
-    if (char === "]" && inCharClass) {
-      inCharClass = false;
-      brackets--;
-      continue;
-    }
-    if (inCharClass) continue;
-    if (char === "(") parens++;
-    else if (char === ")") parens--;
-  }
-  if (parens !== 0) return "Unbalanced parentheses";
-  if (brackets !== 0) return "Unbalanced brackets";
-  if (/\\\d+[*+{]/.test(pattern)) return "Quantified backreferences are forbidden (ReDoS risk)";
-  if (!safeRegex(pattern)) return "Pattern rejected: potential ReDoS vulnerability detected";
   try {
     new RegExp(pattern);
   } catch (e) {
     return `Invalid regex syntax: ${e.message}`;
   }
+  if (/\\\d+[*+{]/.test(pattern)) return "Quantified backreferences are forbidden (ReDoS risk)";
+  if (!safeRegex(pattern)) return "Pattern rejected: potential ReDoS vulnerability detected";
   return null;
 }
 function getCompiledRegex(pattern, flags = "") {
@@ -2115,10 +2090,10 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
   }
   return finalResult;
 }
-function getConfig() {
-  if (cachedConfig) return cachedConfig;
+function getConfig(cwd) {
+  if (!cwd && cachedConfig) return cachedConfig;
   const globalPath = path5.join(os2.homedir(), ".node9", "config.json");
-  const projectPath = path5.join(process.cwd(), "node9.config.json");
+  const projectPath = path5.join(cwd ?? process.cwd(), "node9.config.json");
   const globalConfig = tryLoadConfig(globalPath);
   const projectConfig = tryLoadConfig(projectPath);
   const mergedSettings = {
@@ -2205,12 +2180,13 @@ function getConfig() {
   mergedPolicy.snapshot.tools = [...new Set(mergedPolicy.snapshot.tools)];
   mergedPolicy.snapshot.onlyPaths = [...new Set(mergedPolicy.snapshot.onlyPaths)];
   mergedPolicy.snapshot.ignorePaths = [...new Set(mergedPolicy.snapshot.ignorePaths)];
-  cachedConfig = {
+  const result = {
     settings: mergedSettings,
     policy: mergedPolicy,
     environments: mergedEnvironments
   };
-  return cachedConfig;
+  if (!cwd) cachedConfig = result;
+  return result;
 }
 function tryLoadConfig(filePath) {
   if (!fs3.existsSync(filePath)) return null;
@@ -5662,9 +5638,19 @@ function applyUndo(hash, cwd) {
       env,
       timeout: GIT_TIMEOUT
     });
+    if (lsTree.status !== 0) {
+      process.stderr.write(`[Node9] applyUndo: git ls-tree failed for hash ${hash}
+`);
+      return false;
+    }
     const snapshotFiles = new Set(
       lsTree.stdout?.toString().trim().split("\n").filter(Boolean) ?? []
     );
+    if (snapshotFiles.size === 0) {
+      process.stderr.write(`[Node9] applyUndo: ls-tree returned no files for hash ${hash}
+`);
+      return false;
+    }
     const tracked = spawnSync3("git", ["ls-files"], { cwd: dir, env, timeout: GIT_TIMEOUT }).stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
     const untracked = spawnSync3("git", ["ls-files", "--others", "--exclude-standard"], {
       cwd: dir,
@@ -5819,7 +5805,7 @@ async function runProxy(targetCommand) {
     if (stdout) executable = stdout.trim();
   } catch {
   }
-  console.log(chalk6.green(`\u{1F680} Node9 Proxy Active: Monitoring [${targetCommand}]`));
+  console.error(chalk6.green(`\u{1F680} Node9 Proxy Active: Monitoring [${targetCommand}]`));
   const child = spawn5(executable, args, {
     stdio: ["pipe", "pipe", "inherit"],
     // We control STDIN and STDOUT
@@ -6490,14 +6476,7 @@ RAW: ${raw}
         }
         process.exit(0);
       }
-      if (payload.cwd) {
-        try {
-          process.chdir(payload.cwd);
-          _resetConfigCache();
-        } catch {
-        }
-      }
-      const config = getConfig();
+      const config = getConfig(payload.cwd || void 0);
       if (process.env.NODE9_DEBUG === "1" || config.settings.enableHookLogDebug) {
         const logPath = path10.join(os7.homedir(), ".node9", "hook-debug.log");
         if (!fs8.existsSync(path10.dirname(logPath)))
@@ -6630,11 +6609,21 @@ program.command("log").description("PostToolUse hook \u2014 records executed too
       if (!fs8.existsSync(path10.dirname(logPath)))
         fs8.mkdirSync(path10.dirname(logPath), { recursive: true });
       fs8.appendFileSync(logPath, JSON.stringify(entry) + "\n");
-      const config = getConfig();
+      const safeCwd = typeof payload.cwd === "string" && path10.isAbsolute(payload.cwd) ? payload.cwd : void 0;
+      const config = getConfig(safeCwd);
       if (shouldSnapshot(tool, {}, config)) {
         await createShadowSnapshot("unknown", {}, config.policy.snapshot.ignorePaths);
       }
-    } catch {
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      process.stderr.write(`[Node9] audit log error: ${msg}
+`);
+      const debugPath = path10.join(os7.homedir(), ".node9", "hook-debug.log");
+      try {
+        fs8.appendFileSync(debugPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] LOG_ERROR: ${msg}
+`);
+      } catch {
+      }
     }
     process.exit(0);
   };

package/dist/index.js

@@ -685,7 +685,9 @@ var import_path4 = __toESM(require("path"));
 var DLP_PATTERNS = [
   { name: "AWS Access Key ID", regex: /\bAKIA[0-9A-Z]{16}\b/, severity: "block" },
   { name: "GitHub Token", regex: /\bgh[pous]_[A-Za-z0-9]{36}\b/, severity: "block" },
-  { name: "Slack Bot Token", regex: /\bxoxb-[0-9A-Za-z-]+\b/, severity: "block" },
+  // Slack bot tokens: xoxb- + variable segment. Real tokens are ~50–80 chars;
+  // lower bound 20 avoids false negatives on partial tokens, upper 100 caps scan cost.
+  { name: "Slack Bot Token", regex: /\bxoxb-[0-9A-Za-z-]{20,100}\b/, severity: "block" },
   { name: "OpenAI API Key", regex: /\bsk-[a-zA-Z0-9_-]{20,}\b/, severity: "block" },
   { name: "Stripe Secret Key", regex: /\bsk_(?:live|test)_[0-9a-zA-Z]{24}\b/, severity: "block" },
   {
@@ -853,40 +855,13 @@ var regexCache = /* @__PURE__ */ new Map();
 function validateRegex(pattern) {
   if (!pattern) return "Pattern is required";
   if (pattern.length > MAX_REGEX_LENGTH) return `Pattern exceeds max length of ${MAX_REGEX_LENGTH}`;
-  let parens = 0, brackets = 0, isEscaped = false, inCharClass = false;
-  for (let i = 0; i < pattern.length; i++) {
-    const char = pattern[i];
-    if (isEscaped) {
-      isEscaped = false;
-      continue;
-    }
-    if (char === "\\") {
-      isEscaped = true;
-      continue;
-    }
-    if (char === "[" && !inCharClass) {
-      inCharClass = true;
-      brackets++;
-      continue;
-    }
-    if (char === "]" && inCharClass) {
-      inCharClass = false;
-      brackets--;
-      continue;
-    }
-    if (inCharClass) continue;
-    if (char === "(") parens++;
-    else if (char === ")") parens--;
-  }
-  if (parens !== 0) return "Unbalanced parentheses";
-  if (brackets !== 0) return "Unbalanced brackets";
-  if (/\\\d+[*+{]/.test(pattern)) return "Quantified backreferences are forbidden (ReDoS risk)";
-  if (!(0, import_safe_regex2.default)(pattern)) return "Pattern rejected: potential ReDoS vulnerability detected";
   try {
     new RegExp(pattern);
   } catch (e) {
     return `Invalid regex syntax: ${e.message}`;
   }
+  if (/\\\d+[*+{]/.test(pattern)) return "Quantified backreferences are forbidden (ReDoS risk)";
+  if (!(0, import_safe_regex2.default)(pattern)) return "Pattern rejected: potential ReDoS vulnerability detected";
   return null;
 }
 function getCompiledRegex(pattern, flags = "") {
@@ -2016,10 +1991,10 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
   }
   return finalResult;
 }
-function getConfig() {
-  if (cachedConfig) return cachedConfig;
+function getConfig(cwd) {
+  if (!cwd && cachedConfig) return cachedConfig;
   const globalPath = import_path5.default.join(import_os2.default.homedir(), ".node9", "config.json");
-  const projectPath = import_path5.default.join(process.cwd(), "node9.config.json");
+  const projectPath = import_path5.default.join(cwd ?? process.cwd(), "node9.config.json");
   const globalConfig = tryLoadConfig(globalPath);
   const projectConfig = tryLoadConfig(projectPath);
   const mergedSettings = {
@@ -2106,12 +2081,13 @@ function getConfig() {
   mergedPolicy.snapshot.tools = [...new Set(mergedPolicy.snapshot.tools)];
   mergedPolicy.snapshot.onlyPaths = [...new Set(mergedPolicy.snapshot.onlyPaths)];
   mergedPolicy.snapshot.ignorePaths = [...new Set(mergedPolicy.snapshot.ignorePaths)];
-  cachedConfig = {
+  const result = {
     settings: mergedSettings,
     policy: mergedPolicy,
     environments: mergedEnvironments
   };
-  return cachedConfig;
+  if (!cwd) cachedConfig = result;
+  return result;
 }
 function tryLoadConfig(filePath) {
   if (!import_fs3.default.existsSync(filePath)) return null;

package/dist/index.mjs

@@ -649,7 +649,9 @@ import path4 from "path";
 var DLP_PATTERNS = [
   { name: "AWS Access Key ID", regex: /\bAKIA[0-9A-Z]{16}\b/, severity: "block" },
   { name: "GitHub Token", regex: /\bgh[pous]_[A-Za-z0-9]{36}\b/, severity: "block" },
-  { name: "Slack Bot Token", regex: /\bxoxb-[0-9A-Za-z-]+\b/, severity: "block" },
+  // Slack bot tokens: xoxb- + variable segment. Real tokens are ~50–80 chars;
+  // lower bound 20 avoids false negatives on partial tokens, upper 100 caps scan cost.
+  { name: "Slack Bot Token", regex: /\bxoxb-[0-9A-Za-z-]{20,100}\b/, severity: "block" },
   { name: "OpenAI API Key", regex: /\bsk-[a-zA-Z0-9_-]{20,}\b/, severity: "block" },
   { name: "Stripe Secret Key", regex: /\bsk_(?:live|test)_[0-9a-zA-Z]{24}\b/, severity: "block" },
   {
@@ -817,40 +819,13 @@ var regexCache = /* @__PURE__ */ new Map();
 function validateRegex(pattern) {
   if (!pattern) return "Pattern is required";
   if (pattern.length > MAX_REGEX_LENGTH) return `Pattern exceeds max length of ${MAX_REGEX_LENGTH}`;
-  let parens = 0, brackets = 0, isEscaped = false, inCharClass = false;
-  for (let i = 0; i < pattern.length; i++) {
-    const char = pattern[i];
-    if (isEscaped) {
-      isEscaped = false;
-      continue;
-    }
-    if (char === "\\") {
-      isEscaped = true;
-      continue;
-    }
-    if (char === "[" && !inCharClass) {
-      inCharClass = true;
-      brackets++;
-      continue;
-    }
-    if (char === "]" && inCharClass) {
-      inCharClass = false;
-      brackets--;
-      continue;
-    }
-    if (inCharClass) continue;
-    if (char === "(") parens++;
-    else if (char === ")") parens--;
-  }
-  if (parens !== 0) return "Unbalanced parentheses";
-  if (brackets !== 0) return "Unbalanced brackets";
-  if (/\\\d+[*+{]/.test(pattern)) return "Quantified backreferences are forbidden (ReDoS risk)";
-  if (!safeRegex(pattern)) return "Pattern rejected: potential ReDoS vulnerability detected";
   try {
     new RegExp(pattern);
   } catch (e) {
     return `Invalid regex syntax: ${e.message}`;
   }
+  if (/\\\d+[*+{]/.test(pattern)) return "Quantified backreferences are forbidden (ReDoS risk)";
+  if (!safeRegex(pattern)) return "Pattern rejected: potential ReDoS vulnerability detected";
   return null;
 }
 function getCompiledRegex(pattern, flags = "") {
@@ -1980,10 +1955,10 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
   }
   return finalResult;
 }
-function getConfig() {
-  if (cachedConfig) return cachedConfig;
+function getConfig(cwd) {
+  if (!cwd && cachedConfig) return cachedConfig;
   const globalPath = path5.join(os2.homedir(), ".node9", "config.json");
-  const projectPath = path5.join(process.cwd(), "node9.config.json");
+  const projectPath = path5.join(cwd ?? process.cwd(), "node9.config.json");
   const globalConfig = tryLoadConfig(globalPath);
   const projectConfig = tryLoadConfig(projectPath);
   const mergedSettings = {
@@ -2070,12 +2045,13 @@ function getConfig() {
   mergedPolicy.snapshot.tools = [...new Set(mergedPolicy.snapshot.tools)];
   mergedPolicy.snapshot.onlyPaths = [...new Set(mergedPolicy.snapshot.onlyPaths)];
   mergedPolicy.snapshot.ignorePaths = [...new Set(mergedPolicy.snapshot.ignorePaths)];
-  cachedConfig = {
+  const result = {
     settings: mergedSettings,
     policy: mergedPolicy,
     environments: mergedEnvironments
   };
-  return cachedConfig;
+  if (!cwd) cachedConfig = result;
+  return result;
 }
 function tryLoadConfig(filePath) {
   if (!fs3.existsSync(filePath)) return null;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@node9/proxy",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "description": "The Sudo Command for AI Agents. Execution Security for Claude Code & MCP.",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",