@node9/proxy 1.1.5 → 1.1.7

package/dist/index.mjs

@@ -1,6 +1,4 @@
 // src/core.ts
-import chalk2 from "chalk";
-import { confirm } from "@inquirer/prompts";
 import fs3 from "fs";
 import path5 from "path";
 import os2 from "os";
@@ -14,7 +12,6 @@ import { parse } from "sh-syntax";
 // src/ui/native.ts
 import { spawn } from "child_process";
 import path2 from "path";
-import chalk from "chalk";
 
 // src/context-sniper.ts
 import path from "path";
@@ -200,21 +197,6 @@ ${smartTruncate(str, 500)}`
   }
   return { intent: "EXEC", message: smartTruncate(JSON.stringify(parsed), 200) };
 }
-function sendDesktopNotification(title, body) {
-  if (isTestEnv()) return;
-  try {
-    if (process.platform === "darwin") {
-      const script = `display notification "${body.replace(/"/g, '\\"')}" with title "${title.replace(/"/g, '\\"')}"`;
-      spawn("osascript", ["-e", script], { detached: true, stdio: "ignore" }).unref();
-    } else if (process.platform === "linux") {
-      spawn("notify-send", [title, body, "--icon=dialog-warning"], {
-        detached: true,
-        stdio: "ignore"
-      }).unref();
-    }
-  } catch {
-  }
-}
 function escapePango(text) {
   return text.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
 }
@@ -257,9 +239,6 @@ async function askNativePopup(toolName, args, agent, explainableLabel, locked =
   const intentLabel = intent === "EDIT" ? "Code Edit" : "Action Approval";
   const title = locked ? `\u26A1 Node9 \u2014 Locked` : `\u{1F6E1}\uFE0F Node9 \u2014 ${intentLabel}`;
   const message = buildPlainMessage(toolName, formattedArgs, agent, explainableLabel, locked);
-  process.stderr.write(chalk.yellow(`
-\u{1F6E1}\uFE0F  Node9: Intercepted "${toolName}" \u2014 awaiting user...
-`));
   return new Promise((resolve) => {
     let childProcess = null;
     const onAbort = () => {
@@ -383,6 +362,7 @@ var ConfigFileSchema = z.object({
     enableUndo: z.boolean().optional(),
     enableHookLogDebug: z.boolean().optional(),
     approvalTimeoutMs: z.number().nonnegative().optional(),
+    approvalTimeoutSeconds: z.number().nonnegative().optional(),
     flightRecorder: z.boolean().optional(),
     approvers: z.object({
       native: z.boolean().optional(),
@@ -716,9 +696,9 @@ var SENSITIVE_PATH_PATTERNS = [
   /[/\\][^/\\]+\.key$/i,
   /[/\\][^/\\]+\.p12$/i,
   /[/\\][^/\\]+\.pfx$/i,
-  /^\/etc\/passwd$/,
-  /^\/etc\/shadow$/,
-  /^\/etc\/sudoers$/,
+  /^(?:[a-zA-Z]:)?\/etc\/passwd$/,
+  /^(?:[a-zA-Z]:)?\/etc\/shadow$/,
+  /^(?:[a-zA-Z]:)?\/etc\/sudoers$/,
   /[/\\]credentials\.json$/i,
   /[/\\]id_rsa$/i,
   /[/\\]id_ed25519$/i,
@@ -1119,8 +1099,8 @@ var DEFAULT_CONFIG = {
     enableUndo: true,
     // 🔥 ALWAYS TRUE BY DEFAULT for the safety net
     enableHookLogDebug: true,
-    approvalTimeoutMs: 3e4,
-    // 30-second auto-deny timeout
+    approvalTimeoutMs: 12e4,
+    // 120-second auto-deny timeout
     flightRecorder: true,
     approvers: { native: true, browser: true, cloud: false, terminal: true }
   },
@@ -1504,14 +1484,12 @@ function getPersistentDecision(toolName) {
   }
   return null;
 }
-async function askDaemon(toolName, args, meta, signal, riskMetadata, activityId) {
+async function registerDaemonEntry(toolName, args, meta, riskMetadata, activityId, cwd) {
   const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
-  const checkCtrl = new AbortController();
-  const checkTimer = setTimeout(() => checkCtrl.abort(), 5e3);
-  const onAbort = () => checkCtrl.abort();
-  if (signal) signal.addEventListener("abort", onAbort);
+  const ctrl = new AbortController();
+  const timer = setTimeout(() => ctrl.abort(), 5e3);
   try {
-    const checkRes = await fetch(`${base}/check`, {
+    const res = await fetch(`${base}/check`, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify({
@@ -1522,32 +1500,34 @@ async function askDaemon(toolName, args, meta, signal, riskMetadata, activityId)
         fromCLI: true,
         // Pass the flight-recorder ID so the daemon uses the same UUID for
         // activity-result as the CLI used for the pending activity event.
-        // Without this, the two UUIDs never match and tail.ts never resolves
-        // the pending item.
         activityId,
-        ...riskMetadata && { riskMetadata }
+        ...riskMetadata && { riskMetadata },
+        ...cwd && { cwd }
       }),
-      signal: checkCtrl.signal
+      signal: ctrl.signal
     });
-    if (!checkRes.ok) throw new Error("Daemon fail");
-    const { id } = await checkRes.json();
-    const waitCtrl = new AbortController();
-    const waitTimer = setTimeout(() => waitCtrl.abort(), 12e4);
-    const onWaitAbort = () => waitCtrl.abort();
-    if (signal) signal.addEventListener("abort", onWaitAbort);
-    try {
-      const waitRes = await fetch(`${base}/wait/${id}`, { signal: waitCtrl.signal });
-      if (!waitRes.ok) return "deny";
-      const { decision } = await waitRes.json();
-      if (decision === "allow") return "allow";
-      if (decision === "abandoned") return "abandoned";
-      return "deny";
-    } finally {
-      clearTimeout(waitTimer);
-      if (signal) signal.removeEventListener("abort", onWaitAbort);
-    }
+    if (!res.ok) throw new Error("Daemon fail");
+    const { id } = await res.json();
+    return id;
   } finally {
-    clearTimeout(checkTimer);
+    clearTimeout(timer);
+  }
+}
+async function waitForDaemonDecision(id, signal) {
+  const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
+  const waitCtrl = new AbortController();
+  const waitTimer = setTimeout(() => waitCtrl.abort(), 12e4);
+  const onAbort = () => waitCtrl.abort();
+  if (signal) signal.addEventListener("abort", onAbort);
+  try {
+    const waitRes = await fetch(`${base}/wait/${id}`, { signal: waitCtrl.signal });
+    if (!waitRes.ok) return { decision: "deny" };
+    const { decision, source } = await waitRes.json();
+    if (decision === "allow") return { decision: "allow", source };
+    if (decision === "abandoned") return { decision: "abandoned", source };
+    return { decision: "deny", source };
+  } finally {
+    clearTimeout(waitTimer);
     if (signal) signal.removeEventListener("abort", onAbort);
   }
 }
@@ -1595,12 +1575,12 @@ function notifyActivity(data) {
     }
   });
 }
-async function authorizeHeadless(toolName, args, allowTerminalFallback = false, meta, options) {
+async function authorizeHeadless(toolName, args, meta, options) {
   if (!options?.calledFromDaemon) {
     const actId = randomUUID();
     const actTs = Date.now();
     await notifyActivity({ id: actId, ts: actTs, tool: toolName, args, status: "pending" });
-    const result = await _authorizeHeadlessCore(toolName, args, allowTerminalFallback, meta, {
+    const result = await _authorizeHeadlessCore(toolName, args, meta, {
       ...options,
       activityId: actId
     });
@@ -1615,14 +1595,14 @@ async function authorizeHeadless(toolName, args, allowTerminalFallback = false,
     }
     return result;
   }
-  return _authorizeHeadlessCore(toolName, args, allowTerminalFallback, meta, options);
+  return _authorizeHeadlessCore(toolName, args, meta, options);
 }
-async function _authorizeHeadlessCore(toolName, args, allowTerminalFallback = false, meta, options) {
+async function _authorizeHeadlessCore(toolName, args, meta, options) {
   if (process.env.NODE9_PAUSED === "1") return { approved: true, checkedBy: "paused" };
   const pauseState = checkPause();
   if (pauseState.paused) return { approved: true, checkedBy: "paused" };
   const creds = getCredentials();
-  const config = getConfig();
+  const config = getConfig(options?.cwd);
   const isTestEnv2 = !!(process.env.VITEST || process.env.NODE_ENV === "test" || process.env.CI || process.env.NODE9_TESTING === "1");
   const approvers = {
     ...config.settings.approvers || { native: true, browser: true, cloud: true, terminal: true }
@@ -1667,10 +1647,6 @@ async function _authorizeHeadlessCore(toolName, args, allowTerminalFallback = fa
         if (approvers.cloud && creds?.apiKey) {
           await auditLocalAllow(toolName, args, "audit-mode", creds, meta);
         }
-        sendDesktopNotification(
-          "Node9 Audit Mode",
-          `Would have blocked "${toolName}" (${policyResult.blockedByLabel || "Local Config"}) \u2014 running in audit mode`
-        );
       }
     }
     return { approved: true, checkedBy: "audit" };
@@ -1730,23 +1706,12 @@ async function _authorizeHeadlessCore(toolName, args, allowTerminalFallback = fa
     return { approved: true };
   }
   let cloudRequestId = null;
-  let isRemoteLocked = false;
   const cloudEnforced = approvers.cloud && !!creds?.apiKey;
   if (cloudEnforced) {
     try {
       const initResult = await initNode9SaaS(toolName, args, creds, meta, riskMetadata);
       if (!initResult.pending) {
         if (initResult.shadowMode) {
-          console.error(
-            chalk2.yellow(
-              `
-\u26A0\uFE0F  Node9 Shadow Mode: Action allowed, but would have been blocked by company policy.`
-            )
-          );
-          if (initResult.shadowReason) {
-            console.error(chalk2.dim(`   Reason: ${initResult.shadowReason}
-`));
-          }
           return { approved: true, checkedBy: "cloud" };
         }
         return {
@@ -1758,36 +1723,8 @@ async function _authorizeHeadlessCore(toolName, args, allowTerminalFallback = fa
         };
       }
       cloudRequestId = initResult.requestId || null;
-      isRemoteLocked = !!initResult.remoteApprovalOnly;
       explainableLabel = "Organization Policy (SaaS)";
-    } catch (err) {
-      const error = err;
-      const isAuthError = error.message.includes("401") || error.message.includes("403");
-      const isNetworkError = error.message.includes("fetch") || error.name === "AbortError" || error.message.includes("ECONNREFUSED");
-      const reason = isAuthError ? "Invalid or missing API key. Run `node9 login` to generate a key (must start with n9_live_)." : isNetworkError ? "Could not reach the Node9 cloud. Check your network or API URL." : error.message;
-      console.error(
-        chalk2.yellow(`
-\u26A0\uFE0F  Node9: Cloud API Handshake failed \u2014 ${reason}`) + chalk2.dim(`
-   Falling back to local rules...
-`)
-      );
-    }
-  }
-  if (!options?.calledFromDaemon) {
-    if (cloudEnforced && cloudRequestId) {
-      console.error(
-        chalk2.yellow("\n\u{1F6E1}\uFE0F  Node9: Action suspended \u2014 waiting for Organization approval.")
-      );
-      console.error(
-        chalk2.cyan("   Dashboard  \u2192 ") + chalk2.bold("Mission Control > Activity Feed\n")
-      );
-    } else if (!cloudEnforced) {
-      const cloudOffReason = !creds?.apiKey ? "no API key \u2014 run `node9 login` to connect" : "privacy mode (cloud disabled)";
-      console.error(
-        chalk2.dim(`
-\u{1F6E1}\uFE0F  Node9: intercepted "${toolName}" \u2014 cloud off (${cloudOffReason})
-`)
-      );
+    } catch {
     }
   }
   const abortController = new AbortController();
@@ -1814,15 +1751,29 @@ async function _authorizeHeadlessCore(toolName, args, allowTerminalFallback = fa
   }
   let viewerId = null;
   const internalToken = getInternalToken();
+  let daemonEntryId = null;
+  if ((approvers.browser || approvers.terminal) && isDaemonRunning() && !options?.calledFromDaemon) {
+    if (cloudEnforced && cloudRequestId) {
+      viewerId = await notifyDaemonViewer(toolName, args, meta, riskMetadata).catch(() => null);
+      daemonEntryId = viewerId;
+    } else {
+      try {
+        daemonEntryId = await registerDaemonEntry(
+          toolName,
+          args,
+          meta,
+          riskMetadata,
+          options?.activityId,
+          options?.cwd
+        );
+      } catch {
+      }
+    }
+  }
   if (cloudEnforced && cloudRequestId) {
     racePromises.push(
       (async () => {
         try {
-          if (isDaemonRunning() && internalToken && !options?.calledFromDaemon) {
-            viewerId = await notifyDaemonViewer(toolName, args, meta, riskMetadata).catch(
-              () => null
-            );
-          }
           const cloudResult = await pollNode9SaaS(cloudRequestId, creds, signal);
           return {
             approved: cloudResult.approved,
@@ -1847,7 +1798,7 @@ async function _authorizeHeadlessCore(toolName, args, allowTerminalFallback = fa
           args,
           meta?.agent,
           explainableLabel,
-          isRemoteLocked,
+          false,
           signal,
           policyMatchedField,
           policyMatchedWord
@@ -1862,96 +1813,31 @@ async function _authorizeHeadlessCore(toolName, args, allowTerminalFallback = fa
           reason: isApproved ? void 0 : "The human user clicked 'Block' on the system dialog window.",
           checkedBy: isApproved ? "daemon" : void 0,
           blockedBy: isApproved ? void 0 : "local-decision",
-          blockedByLabel: "User Decision (Native)"
+          blockedByLabel: "User Decision (Native)",
+          decisionSource: "native"
         };
       })()
     );
   }
-  if (approvers.browser && isDaemonRunning() && !options?.calledFromDaemon && !cloudEnforced) {
+  if (daemonEntryId && (approvers.browser || approvers.terminal)) {
     racePromises.push(
       (async () => {
-        try {
-          if (!approvers.native && !cloudEnforced) {
-            console.error(
-              chalk2.yellow("\n\u{1F6E1}\uFE0F  Node9: Action suspended \u2014 waiting for browser approval.")
-            );
-            console.error(chalk2.cyan(`   URL \u2192 http://${DAEMON_HOST}:${DAEMON_PORT}/
-`));
-          }
-          const daemonDecision = await askDaemon(
-            toolName,
-            args,
-            meta,
-            signal,
-            riskMetadata,
-            options?.activityId
-          );
-          if (daemonDecision === "abandoned") throw new Error("Abandoned");
-          const isApproved = daemonDecision === "allow";
-          return {
-            approved: isApproved,
-            reason: isApproved ? void 0 : "The human user rejected this action via the Node9 Browser Dashboard.",
-            checkedBy: isApproved ? "daemon" : void 0,
-            blockedBy: isApproved ? void 0 : "local-decision",
-            blockedByLabel: "User Decision (Browser)"
-          };
-        } catch (err) {
-          throw err;
-        }
-      })()
-    );
-  }
-  if (approvers.terminal && allowTerminalFallback && process.stdout.isTTY) {
-    racePromises.push(
-      (async () => {
-        try {
-          if (explainableLabel.includes("DLP")) {
-            console.log(chalk2.bgRed.white.bold(` \u{1F6A8} NODE9 DLP ALERT \u2014 CREDENTIAL DETECTED `));
-            console.log(
-              chalk2.red.bold(`   A sensitive secret was detected in the tool arguments!`)
-            );
-          } else {
-            console.log(chalk2.bgRed.white.bold(` \u{1F6D1} NODE9 INTERCEPTOR `));
-          }
-          console.log(`${chalk2.bold("Action:")} ${chalk2.red(toolName)}`);
-          console.log(`${chalk2.bold("Flagged By:")} ${chalk2.yellow(explainableLabel)}`);
-          if (isRemoteLocked) {
-            console.log(chalk2.yellow(`\u26A1 LOCKED BY ADMIN POLICY: Waiting for Slack Approval...
-`));
-            await new Promise((_, reject) => {
-              signal.addEventListener("abort", () => reject(new Error("Aborted by SaaS")));
-            });
-          }
-          const TIMEOUT_MS = 6e4;
-          let timer;
-          const result = await new Promise((resolve, reject) => {
-            timer = setTimeout(() => reject(new Error("Terminal Timeout")), TIMEOUT_MS);
-            confirm(
-              { message: `Authorize? (auto-deny in ${TIMEOUT_MS / 1e3}s)`, default: false },
-              { signal }
-            ).then(resolve).catch(reject);
-          });
-          clearTimeout(timer);
-          return {
-            approved: result,
-            reason: result ? void 0 : "The human user typed 'N' in the terminal to reject this action.",
-            checkedBy: result ? "terminal" : void 0,
-            blockedBy: result ? void 0 : "local-decision",
-            blockedByLabel: "User Decision (Terminal)"
-          };
-        } catch (err) {
-          const error = err;
-          if (error.name === "AbortError" || error.message?.includes("Prompt was canceled") || error.message?.includes("Aborted by SaaS"))
-            throw err;
-          if (error.message === "Terminal Timeout") {
-            return {
-              approved: false,
-              reason: "The terminal prompt timed out without a human response.",
-              blockedBy: "local-decision"
-            };
-          }
-          throw err;
-        }
+        const { decision: daemonDecision, source: decisionSource } = await waitForDaemonDecision(
+          daemonEntryId,
+          signal
+        );
+        if (daemonDecision === "abandoned") throw new Error("Abandoned");
+        const isApproved = daemonDecision === "allow";
+        const src = decisionSource === "terminal" || decisionSource === "browser" ? decisionSource : approvers.browser ? "browser" : "terminal";
+        const via = src === "terminal" ? "Terminal (node9 tail)" : "Browser Dashboard";
+        return {
+          approved: isApproved,
+          reason: isApproved ? void 0 : `The human user rejected this action via the Node9 ${via}.`,
+          checkedBy: isApproved ? "daemon" : void 0,
+          blockedBy: isApproved ? void 0 : "local-decision",
+          blockedByLabel: `User Decision (${via})`,
+          decisionSource: src
+        };
       })()
     );
   }
@@ -2002,7 +1888,12 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
     }
   });
   if (cloudRequestId && creds && finalResult.checkedBy !== "cloud") {
-    await resolveNode9SaaS(cloudRequestId, creds, finalResult.approved);
+    await resolveNode9SaaS(
+      cloudRequestId,
+      creds,
+      finalResult.approved,
+      finalResult.decisionSource ?? finalResult.checkedBy ?? "local"
+    );
   }
   if (!isManual) {
     appendLocalAudit(
@@ -2050,6 +1941,8 @@ function getConfig(cwd) {
       mergedSettings.enableHookLogDebug = s.enableHookLogDebug;
     if (s.approvers) mergedSettings.approvers = { ...mergedSettings.approvers, ...s.approvers };
     if (s.approvalTimeoutMs !== void 0) mergedSettings.approvalTimeoutMs = s.approvalTimeoutMs;
+    if (s.approvalTimeoutSeconds !== void 0 && s.approvalTimeoutMs === void 0)
+      mergedSettings.approvalTimeoutMs = s.approvalTimeoutSeconds * 1e3;
     if (s.environment !== void 0) mergedSettings.environment = s.environment;
     if (p.sandboxPaths) mergedPolicy.sandboxPaths.push(...p.sandboxPaths);
     if (p.ignoredTools) mergedPolicy.ignoredTools.push(...p.ignoredTools);
@@ -2209,7 +2102,7 @@ function getCredentials() {
   return null;
 }
 async function authorizeAction(toolName, args) {
-  const result = await authorizeHeadless(toolName, args, true);
+  const result = await authorizeHeadless(toolName, args);
   return result.approved;
 }
 function auditLocalAllow(toolName, args, checkedBy, creds, meta) {
@@ -2278,11 +2171,9 @@ async function pollNode9SaaS(requestId, creds, signal) {
       if (!statusRes.ok) continue;
       const { status, reason } = await statusRes.json();
       if (status === "APPROVED") {
-        console.error(chalk2.green("\u2705  Approved via Cloud.\n"));
         return { approved: true, reason };
       }
       if (status === "DENIED" || status === "AUTO_BLOCKED" || status === "TIMED_OUT") {
-        console.error(chalk2.red("\u274C  Denied via Cloud.\n"));
         return { approved: false, reason };
       }
     } catch {
@@ -2290,19 +2181,34 @@ async function pollNode9SaaS(requestId, creds, signal) {
   }
   return { approved: false, reason: "Cloud approval timed out after 10 minutes." };
 }
-async function resolveNode9SaaS(requestId, creds, approved) {
+async function resolveNode9SaaS(requestId, creds, approved, decidedBy) {
   try {
     const resolveUrl = `${creds.apiUrl}/requests/${requestId}`;
     const ctrl = new AbortController();
     const timer = setTimeout(() => ctrl.abort(), 5e3);
-    await fetch(resolveUrl, {
+    const res = await fetch(resolveUrl, {
       method: "PATCH",
       headers: { "Content-Type": "application/json", Authorization: `Bearer ${creds.apiKey}` },
-      body: JSON.stringify({ decision: approved ? "APPROVED" : "DENIED" }),
+      body: JSON.stringify({
+        decision: approved ? "APPROVED" : "DENIED",
+        ...decidedBy && { decidedBy }
+      }),
       signal: ctrl.signal
     });
     clearTimeout(timer);
-  } catch {
+    if (!res.ok) {
+      fs3.appendFileSync(
+        HOOK_DEBUG_LOG,
+        `[resolve-cloud] PATCH ${resolveUrl} \u2192 HTTP ${res.status}
+`
+      );
+    }
+  } catch (err) {
+    fs3.appendFileSync(
+      HOOK_DEBUG_LOG,
+      `[resolve-cloud] PATCH failed for ${requestId}: ${err.message}
+`
+    );
   }
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@node9/proxy",
-  "version": "1.1.5",
+  "version": "1.1.7",
   "description": "The Sudo Command for AI Agents. Execution Security for Claude Code & MCP.",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -61,9 +61,10 @@
     "test:e2e": "NODE9_TESTING=1 bash scripts/e2e.sh",
     "preuninstall": "node9 uninstall || echo 'node9 uninstall failed — remove hooks manually from ~/.claude/settings.json'",
     "prepublishOnly": "npm run validate",
-    "test": "NODE_ENV=test vitest --run",
-    "test:watch": "NODE_ENV=test vitest",
-    "test:ui": "NODE_ENV=test vitest --ui"
+    "test": "vitest --run",
+    "test:watch": "vitest",
+    "test:ui": "vitest --ui",
+    "dev:tail": "node -e \"try{const d=JSON.parse(require('fs').readFileSync(require('os').homedir()+'/.node9/daemon.pid','utf8'));process.kill(d.pid)}catch(e){if(e.code!=='ESRCH'&&e.code!=='ENOENT')process.stderr.write(e.message+'\\n')}\" && npm run build && node dist/cli.js tail"
   },
   "dependencies": {
     "@inquirer/prompts": "^8.3.0",