@node9/proxy 1.14.0 → 1.14.1

package/dist/cli.js

@@ -3674,14 +3674,46 @@ var init_native = __esm({
 });
 
 // src/auth/cloud.ts
-function auditLocalAllow(toolName, args, checkedBy, creds, meta) {
-  return fetch(`${creds.apiUrl}/audit`, {
+function validateApiUrl(raw) {
+  let u;
+  try {
+    u = new URL(raw);
+  } catch {
+    return null;
+  }
+  if (u.username || u.password) return null;
+  if (u.protocol === "https:") return u;
+  if (u.protocol === "http:") {
+    const h = u.hostname;
+    if (h === "127.0.0.1" || h === "localhost" || h === "::1" || h === "[::1]") return u;
+  }
+  return null;
+}
+function auditLocalAllow(toolName, args, checkedBy, creds, meta, dlpInfo, containsSensitiveArgs = false) {
+  const validated = validateApiUrl(creds.apiUrl);
+  if (!validated) {
+    try {
+      import_fs10.default.appendFileSync(
+        HOOK_DEBUG_LOG,
+        `[audit] refused to send: invalid apiUrl scheme/host (got "${String(creds.apiUrl).slice(0, 200)}")
+`
+      );
+    } catch {
+    }
+    return Promise.resolve();
+  }
+  const safeArgs = containsSensitiveArgs ? { tool: toolName, redacted: true } : args;
+  const dlpSample = dlpInfo && typeof dlpInfo.redactedSample === "string" ? dlpInfo.redactedSample.slice(0, DLP_SAMPLE_MAX_LEN) : void 0;
+  const dlpPattern = dlpInfo && typeof dlpInfo.pattern === "string" ? dlpInfo.pattern.slice(0, DLP_PATTERN_MAX_LEN) : void 0;
+  const safeCheckedBy = KNOWN_CHECKED_BY.has(checkedBy) ? checkedBy : "unknown";
+  return fetch(`${validated.toString().replace(/\/$/, "")}/audit`, {
     method: "POST",
     headers: { "Content-Type": "application/json", Authorization: `Bearer ${creds.apiKey}` },
     body: JSON.stringify({
       toolName,
-      args,
-      checkedBy,
+      args: safeArgs,
+      checkedBy: safeCheckedBy,
+      ...dlpInfo && { dlpPattern, dlpSample },
       context: {
         agent: meta?.agent,
         mcpServer: meta?.mcpServer,
@@ -3815,7 +3847,7 @@ async function resolveNode9SaaS(requestId, creds, approved, decidedBy) {
     );
   }
 }
-var import_fs10, import_os9, import_path13;
+var import_fs10, import_os9, import_path13, DLP_SAMPLE_MAX_LEN, DLP_PATTERN_MAX_LEN, KNOWN_CHECKED_BY;
 var init_cloud = __esm({
   "src/auth/cloud.ts"() {
     "use strict";
@@ -3823,6 +3855,21 @@ var init_cloud = __esm({
     import_os9 = __toESM(require("os"));
     import_path13 = __toESM(require("path"));
     init_audit();
+    DLP_SAMPLE_MAX_LEN = 200;
+    DLP_PATTERN_MAX_LEN = 100;
+    KNOWN_CHECKED_BY = /* @__PURE__ */ new Set([
+      "dlp-block",
+      "observe-mode-dlp-would-block",
+      "dlp-review-flagged",
+      "loop-detected",
+      "audit-mode",
+      "local-policy",
+      "smart-rule-block",
+      "persistent",
+      "trust",
+      "observe-mode",
+      "observe-mode-would-block"
+    ]);
   }
 });
 
@@ -4010,6 +4057,16 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
             meta,
             true
           );
+        if (approvers.cloud && creds?.apiKey)
+          auditLocalAllow(
+            toolName,
+            args,
+            isObserveMode ? "observe-mode-dlp-would-block" : "dlp-block",
+            creds,
+            meta,
+            { pattern: dlpMatch.patternName, redactedSample: dlpMatch.redactedSample },
+            true
+          );
         if (isWriteTool(toolName) && filePath) {
           await notifyTaint(filePath, `DLP:${dlpMatch.patternName}`);
         }
@@ -4078,6 +4135,8 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
         const reason = `It looks like you've called "${toolName}" ${loopResult.count} times with identical arguments in the last ${ld.windowSeconds}s. Are you stuck? Step back and reconsider your approach \u2014 what are you actually trying to accomplish, and is there a different way to get there?`;
         if (!isManual)
           appendLocalAudit(toolName, args, "deny", "loop-detected", meta, hashAuditArgs);
+        if (approvers.cloud && creds?.apiKey)
+          auditLocalAllow(toolName, args, "loop-detected", creds, meta, void 0, true);
         return {
           approved: false,
           reason,

package/dist/cli.mjs

@@ -3655,14 +3655,46 @@ var init_native = __esm({
 import fs10 from "fs";
 import os9 from "os";
 import path13 from "path";
-function auditLocalAllow(toolName, args, checkedBy, creds, meta) {
-  return fetch(`${creds.apiUrl}/audit`, {
+function validateApiUrl(raw) {
+  let u;
+  try {
+    u = new URL(raw);
+  } catch {
+    return null;
+  }
+  if (u.username || u.password) return null;
+  if (u.protocol === "https:") return u;
+  if (u.protocol === "http:") {
+    const h = u.hostname;
+    if (h === "127.0.0.1" || h === "localhost" || h === "::1" || h === "[::1]") return u;
+  }
+  return null;
+}
+function auditLocalAllow(toolName, args, checkedBy, creds, meta, dlpInfo, containsSensitiveArgs = false) {
+  const validated = validateApiUrl(creds.apiUrl);
+  if (!validated) {
+    try {
+      fs10.appendFileSync(
+        HOOK_DEBUG_LOG,
+        `[audit] refused to send: invalid apiUrl scheme/host (got "${String(creds.apiUrl).slice(0, 200)}")
+`
+      );
+    } catch {
+    }
+    return Promise.resolve();
+  }
+  const safeArgs = containsSensitiveArgs ? { tool: toolName, redacted: true } : args;
+  const dlpSample = dlpInfo && typeof dlpInfo.redactedSample === "string" ? dlpInfo.redactedSample.slice(0, DLP_SAMPLE_MAX_LEN) : void 0;
+  const dlpPattern = dlpInfo && typeof dlpInfo.pattern === "string" ? dlpInfo.pattern.slice(0, DLP_PATTERN_MAX_LEN) : void 0;
+  const safeCheckedBy = KNOWN_CHECKED_BY.has(checkedBy) ? checkedBy : "unknown";
+  return fetch(`${validated.toString().replace(/\/$/, "")}/audit`, {
     method: "POST",
     headers: { "Content-Type": "application/json", Authorization: `Bearer ${creds.apiKey}` },
     body: JSON.stringify({
       toolName,
-      args,
-      checkedBy,
+      args: safeArgs,
+      checkedBy: safeCheckedBy,
+      ...dlpInfo && { dlpPattern, dlpSample },
       context: {
         agent: meta?.agent,
         mcpServer: meta?.mcpServer,
@@ -3796,10 +3828,26 @@ async function resolveNode9SaaS(requestId, creds, approved, decidedBy) {
     );
   }
 }
+var DLP_SAMPLE_MAX_LEN, DLP_PATTERN_MAX_LEN, KNOWN_CHECKED_BY;
 var init_cloud = __esm({
   "src/auth/cloud.ts"() {
     "use strict";
     init_audit();
+    DLP_SAMPLE_MAX_LEN = 200;
+    DLP_PATTERN_MAX_LEN = 100;
+    KNOWN_CHECKED_BY = /* @__PURE__ */ new Set([
+      "dlp-block",
+      "observe-mode-dlp-would-block",
+      "dlp-review-flagged",
+      "loop-detected",
+      "audit-mode",
+      "local-policy",
+      "smart-rule-block",
+      "persistent",
+      "trust",
+      "observe-mode",
+      "observe-mode-would-block"
+    ]);
   }
 });
 
@@ -3988,6 +4036,16 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
             meta,
             true
           );
+        if (approvers.cloud && creds?.apiKey)
+          auditLocalAllow(
+            toolName,
+            args,
+            isObserveMode ? "observe-mode-dlp-would-block" : "dlp-block",
+            creds,
+            meta,
+            { pattern: dlpMatch.patternName, redactedSample: dlpMatch.redactedSample },
+            true
+          );
         if (isWriteTool(toolName) && filePath) {
           await notifyTaint(filePath, `DLP:${dlpMatch.patternName}`);
         }
@@ -4056,6 +4114,8 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
         const reason = `It looks like you've called "${toolName}" ${loopResult.count} times with identical arguments in the last ${ld.windowSeconds}s. Are you stuck? Step back and reconsider your approach \u2014 what are you actually trying to accomplish, and is there a different way to get there?`;
         if (!isManual)
           appendLocalAudit(toolName, args, "deny", "loop-detected", meta, hashAuditArgs);
+        if (approvers.cloud && creds?.apiKey)
+          auditLocalAllow(toolName, args, "loop-detected", creds, meta, void 0, true);
         return {
           approved: false,
           reason,

package/dist/index.js

@@ -3102,14 +3102,61 @@ var import_fs9 = __toESM(require("fs"));
 var import_os8 = __toESM(require("os"));
 var import_path13 = __toESM(require("path"));
 init_audit();
-function auditLocalAllow(toolName, args, checkedBy, creds, meta) {
-  return fetch(`${creds.apiUrl}/audit`, {
+var DLP_SAMPLE_MAX_LEN = 200;
+var DLP_PATTERN_MAX_LEN = 100;
+var KNOWN_CHECKED_BY = /* @__PURE__ */ new Set([
+  "dlp-block",
+  "observe-mode-dlp-would-block",
+  "dlp-review-flagged",
+  "loop-detected",
+  "audit-mode",
+  "local-policy",
+  "smart-rule-block",
+  "persistent",
+  "trust",
+  "observe-mode",
+  "observe-mode-would-block"
+]);
+function validateApiUrl(raw) {
+  let u;
+  try {
+    u = new URL(raw);
+  } catch {
+    return null;
+  }
+  if (u.username || u.password) return null;
+  if (u.protocol === "https:") return u;
+  if (u.protocol === "http:") {
+    const h = u.hostname;
+    if (h === "127.0.0.1" || h === "localhost" || h === "::1" || h === "[::1]") return u;
+  }
+  return null;
+}
+function auditLocalAllow(toolName, args, checkedBy, creds, meta, dlpInfo, containsSensitiveArgs = false) {
+  const validated = validateApiUrl(creds.apiUrl);
+  if (!validated) {
+    try {
+      import_fs9.default.appendFileSync(
+        HOOK_DEBUG_LOG,
+        `[audit] refused to send: invalid apiUrl scheme/host (got "${String(creds.apiUrl).slice(0, 200)}")
+`
+      );
+    } catch {
+    }
+    return Promise.resolve();
+  }
+  const safeArgs = containsSensitiveArgs ? { tool: toolName, redacted: true } : args;
+  const dlpSample = dlpInfo && typeof dlpInfo.redactedSample === "string" ? dlpInfo.redactedSample.slice(0, DLP_SAMPLE_MAX_LEN) : void 0;
+  const dlpPattern = dlpInfo && typeof dlpInfo.pattern === "string" ? dlpInfo.pattern.slice(0, DLP_PATTERN_MAX_LEN) : void 0;
+  const safeCheckedBy = KNOWN_CHECKED_BY.has(checkedBy) ? checkedBy : "unknown";
+  return fetch(`${validated.toString().replace(/\/$/, "")}/audit`, {
     method: "POST",
     headers: { "Content-Type": "application/json", Authorization: `Bearer ${creds.apiKey}` },
     body: JSON.stringify({
       toolName,
-      args,
-      checkedBy,
+      args: safeArgs,
+      checkedBy: safeCheckedBy,
+      ...dlpInfo && { dlpPattern, dlpSample },
       context: {
         agent: meta?.agent,
         mcpServer: meta?.mcpServer,
@@ -3433,6 +3480,16 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
             meta,
             true
           );
+        if (approvers.cloud && creds?.apiKey)
+          auditLocalAllow(
+            toolName,
+            args,
+            isObserveMode ? "observe-mode-dlp-would-block" : "dlp-block",
+            creds,
+            meta,
+            { pattern: dlpMatch.patternName, redactedSample: dlpMatch.redactedSample },
+            true
+          );
         if (isWriteTool(toolName) && filePath) {
           await notifyTaint(filePath, `DLP:${dlpMatch.patternName}`);
         }
@@ -3501,6 +3558,8 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
         const reason = `It looks like you've called "${toolName}" ${loopResult.count} times with identical arguments in the last ${ld.windowSeconds}s. Are you stuck? Step back and reconsider your approach \u2014 what are you actually trying to accomplish, and is there a different way to get there?`;
         if (!isManual)
           appendLocalAudit(toolName, args, "deny", "loop-detected", meta, hashAuditArgs);
+        if (approvers.cloud && creds?.apiKey)
+          auditLocalAllow(toolName, args, "loop-detected", creds, meta, void 0, true);
         return {
           approved: false,
           reason,

package/dist/index.mjs

@@ -3072,14 +3072,61 @@ init_audit();
 import fs9 from "fs";
 import os8 from "os";
 import path13 from "path";
-function auditLocalAllow(toolName, args, checkedBy, creds, meta) {
-  return fetch(`${creds.apiUrl}/audit`, {
+var DLP_SAMPLE_MAX_LEN = 200;
+var DLP_PATTERN_MAX_LEN = 100;
+var KNOWN_CHECKED_BY = /* @__PURE__ */ new Set([
+  "dlp-block",
+  "observe-mode-dlp-would-block",
+  "dlp-review-flagged",
+  "loop-detected",
+  "audit-mode",
+  "local-policy",
+  "smart-rule-block",
+  "persistent",
+  "trust",
+  "observe-mode",
+  "observe-mode-would-block"
+]);
+function validateApiUrl(raw) {
+  let u;
+  try {
+    u = new URL(raw);
+  } catch {
+    return null;
+  }
+  if (u.username || u.password) return null;
+  if (u.protocol === "https:") return u;
+  if (u.protocol === "http:") {
+    const h = u.hostname;
+    if (h === "127.0.0.1" || h === "localhost" || h === "::1" || h === "[::1]") return u;
+  }
+  return null;
+}
+function auditLocalAllow(toolName, args, checkedBy, creds, meta, dlpInfo, containsSensitiveArgs = false) {
+  const validated = validateApiUrl(creds.apiUrl);
+  if (!validated) {
+    try {
+      fs9.appendFileSync(
+        HOOK_DEBUG_LOG,
+        `[audit] refused to send: invalid apiUrl scheme/host (got "${String(creds.apiUrl).slice(0, 200)}")
+`
+      );
+    } catch {
+    }
+    return Promise.resolve();
+  }
+  const safeArgs = containsSensitiveArgs ? { tool: toolName, redacted: true } : args;
+  const dlpSample = dlpInfo && typeof dlpInfo.redactedSample === "string" ? dlpInfo.redactedSample.slice(0, DLP_SAMPLE_MAX_LEN) : void 0;
+  const dlpPattern = dlpInfo && typeof dlpInfo.pattern === "string" ? dlpInfo.pattern.slice(0, DLP_PATTERN_MAX_LEN) : void 0;
+  const safeCheckedBy = KNOWN_CHECKED_BY.has(checkedBy) ? checkedBy : "unknown";
+  return fetch(`${validated.toString().replace(/\/$/, "")}/audit`, {
     method: "POST",
     headers: { "Content-Type": "application/json", Authorization: `Bearer ${creds.apiKey}` },
     body: JSON.stringify({
       toolName,
-      args,
-      checkedBy,
+      args: safeArgs,
+      checkedBy: safeCheckedBy,
+      ...dlpInfo && { dlpPattern, dlpSample },
       context: {
         agent: meta?.agent,
         mcpServer: meta?.mcpServer,
@@ -3403,6 +3450,16 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
             meta,
             true
           );
+        if (approvers.cloud && creds?.apiKey)
+          auditLocalAllow(
+            toolName,
+            args,
+            isObserveMode ? "observe-mode-dlp-would-block" : "dlp-block",
+            creds,
+            meta,
+            { pattern: dlpMatch.patternName, redactedSample: dlpMatch.redactedSample },
+            true
+          );
         if (isWriteTool(toolName) && filePath) {
           await notifyTaint(filePath, `DLP:${dlpMatch.patternName}`);
         }
@@ -3471,6 +3528,8 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
         const reason = `It looks like you've called "${toolName}" ${loopResult.count} times with identical arguments in the last ${ld.windowSeconds}s. Are you stuck? Step back and reconsider your approach \u2014 what are you actually trying to accomplish, and is there a different way to get there?`;
         if (!isManual)
           appendLocalAudit(toolName, args, "deny", "loop-detected", meta, hashAuditArgs);
+        if (approvers.cloud && creds?.apiKey)
+          auditLocalAllow(toolName, args, "loop-detected", creds, meta, void 0, true);
         return {
           approved: false,
           reason,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@node9/proxy",
-  "version": "1.14.0",
+  "version": "1.14.1",
   "description": "The Sudo Command for AI Agents. Execution Security for Claude Code & MCP.",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",