@node9/proxy 1.20.0 → 1.20.1

package/README.md

@@ -1,5 +1,5 @@
 <h1 align="center">🛡️ Node9</h1>
-<p align="center"><strong>What did your AI agent actually do? Find out, and stop the dangerous stuff.</strong></p>
+<p align="center"><strong>What did your AI agent actually do? Find out.</strong></p>
 <p align="center">
   <a href="https://www.npmjs.com/package/node9-ai"><img src="https://img.shields.io/npm/v/node9-ai.svg" alt="npm version" /></a>
   <a href="https://www.npmjs.com/package/node9-ai"><img src="https://img.shields.io/npm/dm/node9-ai.svg" alt="monthly downloads" /></a>
@@ -8,13 +8,13 @@
   <a href="https://huggingface.co/spaces/Node9ai/node9-security-demo"><img src="https://huggingface.co/datasets/huggingface/badges/resolve/main/open-in-hf-spaces-sm.svg" alt="Try on HF Spaces" /></a>
 </p>
 
-Node9 sits between your AI agent and the tools it can use — recording every action, blocking the dangerous ones, and showing you what happened both live and in retrospect.
+Node9 sits between your AI agent and the tools it can use — recording every action, intervening on risky ones, and showing you what happened both live and in retrospect.
 
 Works with **Claude Code · Codex CLI · Gemini CLI · Cursor · Windsurf · any MCP server**.
 
 ## What Node9 does
 
-- 🛑 **Block** dangerous AI actions before they run — `rm -rf`, `git push --force`, `DROP TABLE`, credential reads, `curl | bash`
+- 🛡 **Review or block** risky commands before they run — `rm -rf`, `git push --force`, `DROP TABLE`, credential reads, `curl | bash`
 - 🔍 **Scan** what your AI has already been doing — loops, leaked secrets, blocked operations across every session
 - 🔑 **Catch credential leaks** — AWS keys, GitHub tokens, JWTs, GCP API keys, PEM private keys flagged in tool args, file contents, and shell config
 - 🔭 **Map your blast radius** — every SSH key, AWS credential, and `.env` file an AI agent on this machine could reach right now
@@ -22,7 +22,7 @@ Works with **Claude Code · Codex CLI · Gemini CLI · Cursor · Windsurf · any
 ## Live monitoring
 
 <p align="center">
-  <img src="https://github.com/user-attachments/assets/25c601db-221d-4553-8b8c-34af85ab30c8" width="720" alt="Node9 monitor dashboard" />
+  <img src="https://github.com/user-attachments/assets/997b7b42-b251-4046-b9c5-e000f8b5a481" width="720" alt="Node9 monitor dashboard" />
 </p>
 
 `node9 monitor` opens an interactive terminal dashboard with two views:
@@ -97,10 +97,10 @@ node9 shield list    # show all shields + status
 
 ## Always on — no config needed
 
-- **Git** — blocks `git push --force`, `git reset --hard`, `git clean -fd`
-- **SQL** — blocks `DELETE` / `UPDATE` without `WHERE`, `DROP TABLE`, `TRUNCATE`
-- **Shell** — blocks `curl | bash`, unauthorized `sudo`
-- **DLP** — blocks AWS keys, GitHub tokens, Stripe keys, PEM private keys in any tool argument, file contents, or shell config (`~/.zshrc`, `~/.bashrc`)
+- **Git** — catches `git push --force`, `git reset --hard`, `git clean -fd`
+- **SQL** — catches `DELETE` / `UPDATE` without `WHERE`, `DROP TABLE`, `TRUNCATE`
+- **Shell** — catches `curl | bash`, unauthorized `sudo`
+- **DLP** — flags AWS keys, GitHub tokens, Stripe keys, PEM private keys in any tool argument, file contents, or shell config (`~/.zshrc`, `~/.bashrc`)
 - **Response DLP** — background scanner reads Claude's conversation history and alerts you if Claude _wrote_ a secret in its response text
 - **Auto-undo** — git snapshot before every AI file edit → `node9 undo` to revert
 - **Skills pinning** — SHA-256 verification of installed Claude skills / plugins between sessions
@@ -167,7 +167,7 @@ Node9 surfaces the signal. Here are the patterns worth knowing:
 
 | Signal                                         | Likely meaning                                                                                     |
 | ---------------------------------------------- | -------------------------------------------------------------------------------------------------- |
-| `Would have blocked` ≥ 5 in a week             | Agent is attempting destructive ops; shields need review                                           |
+| `Would have blocked` ≥ 5 in a week             | Agent is attempting high-impact ops; shields are worth reviewing                                   |
 | Single `review-git-push` rule >50% of findings | Your own rule is firing as intended — not a risk, just supervision                                 |
 | DLP finding in `user-prompt` tool              | You pasted a secret into your own prompt — rotate the key                                          |
 | Agent Loop ×50+ on same file                   | Agent stuck in edit/test/fix cycle — check context or slow down                                    |

package/dist/cli.js

@@ -7780,8 +7780,9 @@ function boxPanel(title, bodyLines, width = PANEL_WIDTH) {
   const inner = width - 4;
   const out = [];
   const titlePad = ` ${title} `;
-  const titleSegment = titlePad.length <= inner ? titlePad : titlePad.slice(0, inner);
-  const dashFill = "\u2500".repeat(Math.max(0, inner - titleSegment.length));
+  const titleWidth = (0, import_string_width.default)(titlePad);
+  const titleSegment = titleWidth <= inner ? titlePad : titlePad.slice(0, inner);
+  const dashFill = "\u2500".repeat(Math.max(0, inner - (0, import_string_width.default)(titleSegment)));
   out.push(import_chalk3.default.dim("\u256D\u2500") + import_chalk3.default.bold(titleSegment) + import_chalk3.default.dim(`${dashFill}\u2500\u256E`));
   for (const line of bodyLines) {
     const padding = " ".repeat(Math.max(0, inner - line.width));
@@ -7798,11 +7799,12 @@ function relativeDate(timestamp, now = /* @__PURE__ */ new Date()) {
   if (days > 90) return "90d+";
   return `${days}d`;
 }
-var import_chalk3, PANEL_WIDTH;
+var import_chalk3, import_string_width, PANEL_WIDTH;
 var init_scan_derive = __esm({
   "src/cli/render/scan-derive.ts"() {
     "use strict";
     import_chalk3 = __toESM(require("chalk"));
+    import_string_width = __toESM(require("string-width"));
     PANEL_WIDTH = 76;
   }
 });
@@ -10246,7 +10248,7 @@ function mkLine(...parts) {
   let width = 0;
   for (const [text, fmt] of parts) {
     rendered += fmt ? fmt(text) : text;
-    width += text.length;
+    width += (0, import_string_width2.default)(text);
   }
   return { rendered, width };
 }
@@ -10367,7 +10369,11 @@ function renderPanelScorecard(input, now = /* @__PURE__ */ new Date()) {
       const origin = originForRule(r.name, summary.sections);
       reviewLines.push(
         mkLine(
-          ["\u{1F441}  ", import_chalk5.default.yellow],
+          // VS-16 (U+FE0F) forces emoji-presentation so string-width
+          // returns 2 cells (matching how modern terminals actually
+          // render it). Without VS-16 string-width says 1 cell — and
+          // the right border drifts off. Same applies to 🛡 / ⚠ below.
+          ["\u{1F441}\uFE0F  ", import_chalk5.default.yellow],
           [shortRule(r.name, 24), import_chalk5.default.bold],
           [" \xD7" + String(r.count).padEnd(4), import_chalk5.default.bold],
           [" "],
@@ -10425,7 +10431,7 @@ function renderPanelScorecard(input, now = /* @__PURE__ */ new Date()) {
     }
     for (const e of blast.envFindings.slice(0, 3)) {
       blastLines.push(
-        mkLine(["\u26A0  ", import_chalk5.default.yellow], [`${e.key} `], [`(${e.patternName})`, import_chalk5.default.dim])
+        mkLine(["\u26A0\uFE0F  ", import_chalk5.default.yellow], [`${e.key} `], [`(${e.patternName})`, import_chalk5.default.dim])
       );
     }
     const totalExposed = blast.reachable.length + blast.envFindings.length;
@@ -10449,7 +10455,7 @@ function renderPanelScorecard(input, now = /* @__PURE__ */ new Date()) {
     if (impact.totalCatches === 0) continue;
     const discount = PROTECTIVE_SHIELD_DISCOUNTS[impact.shieldName] ?? 0;
     const bonus = Math.round(exposed * discount);
-    const icon = discount > 0 ? "\u{1F6E1}  " : "\u2610   ";
+    const icon = discount > 0 ? "\u{1F6E1}\uFE0F  " : "\u2610   ";
     const wouldCatch = `would catch ${impact.totalCatches} op${impact.totalCatches !== 1 ? "s" : ""}`;
     const deltaSuffix = bonus > 0 ? `  \u2192  +${bonus} pts  (${blast.score} \u2192 ${blast.score + bonus})` : "";
     shieldLines.push(
@@ -10945,7 +10951,7 @@ function registerScanCommand(program2) {
     }
   );
 }
-var import_chalk5, import_fs19, import_path21, import_os18, CLAUDE_PRICING, GEMINI_PRICING, CODE_EXTENSIONS, SELF_OUTPUT_MARKERS, FIXTURE_TOKEN_PATTERNS, TERMINAL_ESCAPE_RE2, LOOP_TOOLS, LOOP_THRESHOLD, LOOP_TIMESPAN_THRESHOLD_MS, STUCK_TOOLS_MIN_WASTE, STUCK_TOOLS_LIMIT, RECURRING_SESSION_THRESHOLD, STALE_AGE_DAYS, classifyRuleSeverity2, narrativeRuleLabel2;
+var import_chalk5, import_fs19, import_path21, import_os18, import_string_width2, CLAUDE_PRICING, GEMINI_PRICING, CODE_EXTENSIONS, SELF_OUTPUT_MARKERS, FIXTURE_TOKEN_PATTERNS, TERMINAL_ESCAPE_RE2, LOOP_TOOLS, LOOP_THRESHOLD, LOOP_TIMESPAN_THRESHOLD_MS, STUCK_TOOLS_MIN_WASTE, STUCK_TOOLS_LIMIT, RECURRING_SESSION_THRESHOLD, STALE_AGE_DAYS, classifyRuleSeverity2, narrativeRuleLabel2;
 var init_scan = __esm({
   "src/cli/commands/scan.ts"() {
     "use strict";
@@ -10964,6 +10970,7 @@ var init_scan = __esm({
     init_blast();
     init_scan_derive();
     init_protection();
+    import_string_width2 = __toESM(require("string-width"));
     init_scan_json();
     init_scan_history();
     CLAUDE_PRICING = {

package/dist/cli.mjs

@@ -7708,6 +7708,7 @@ var init_blast = __esm({
 
 // src/cli/render/scan-derive.ts
 import chalk3 from "chalk";
+import stringWidth from "string-width";
 function classifyScore(score) {
   if (score >= 80) return { band: "good", label: "Good", color: chalk3.green };
   if (score >= 50) return { band: "at-risk", label: "At Risk", color: chalk3.yellow };
@@ -7756,8 +7757,9 @@ function boxPanel(title, bodyLines, width = PANEL_WIDTH) {
   const inner = width - 4;
   const out = [];
   const titlePad = ` ${title} `;
-  const titleSegment = titlePad.length <= inner ? titlePad : titlePad.slice(0, inner);
-  const dashFill = "\u2500".repeat(Math.max(0, inner - titleSegment.length));
+  const titleWidth = stringWidth(titlePad);
+  const titleSegment = titleWidth <= inner ? titlePad : titlePad.slice(0, inner);
+  const dashFill = "\u2500".repeat(Math.max(0, inner - stringWidth(titleSegment)));
   out.push(chalk3.dim("\u256D\u2500") + chalk3.bold(titleSegment) + chalk3.dim(`${dashFill}\u2500\u256E`));
   for (const line of bodyLines) {
     const padding = " ".repeat(Math.max(0, inner - line.width));
@@ -8903,6 +8905,7 @@ import chalk5 from "chalk";
 import fs19 from "fs";
 import path21 from "path";
 import os18 from "os";
+import stringWidth2 from "string-width";
 function claudeModelPrice(model) {
   const base = model.replace(/@.*$/, "").replace(/-\d{8}$/, "");
   for (const [key, p] of Object.entries(CLAUDE_PRICING)) {
@@ -10225,7 +10228,7 @@ function mkLine(...parts) {
   let width = 0;
   for (const [text, fmt] of parts) {
     rendered += fmt ? fmt(text) : text;
-    width += text.length;
+    width += stringWidth2(text);
   }
   return { rendered, width };
 }
@@ -10346,7 +10349,11 @@ function renderPanelScorecard(input, now = /* @__PURE__ */ new Date()) {
       const origin = originForRule(r.name, summary.sections);
       reviewLines.push(
         mkLine(
-          ["\u{1F441}  ", chalk5.yellow],
+          // VS-16 (U+FE0F) forces emoji-presentation so string-width
+          // returns 2 cells (matching how modern terminals actually
+          // render it). Without VS-16 string-width says 1 cell — and
+          // the right border drifts off. Same applies to 🛡 / ⚠ below.
+          ["\u{1F441}\uFE0F  ", chalk5.yellow],
           [shortRule(r.name, 24), chalk5.bold],
           [" \xD7" + String(r.count).padEnd(4), chalk5.bold],
           [" "],
@@ -10404,7 +10411,7 @@ function renderPanelScorecard(input, now = /* @__PURE__ */ new Date()) {
     }
     for (const e of blast.envFindings.slice(0, 3)) {
       blastLines.push(
-        mkLine(["\u26A0  ", chalk5.yellow], [`${e.key} `], [`(${e.patternName})`, chalk5.dim])
+        mkLine(["\u26A0\uFE0F  ", chalk5.yellow], [`${e.key} `], [`(${e.patternName})`, chalk5.dim])
       );
     }
     const totalExposed = blast.reachable.length + blast.envFindings.length;
@@ -10428,7 +10435,7 @@ function renderPanelScorecard(input, now = /* @__PURE__ */ new Date()) {
     if (impact.totalCatches === 0) continue;
     const discount = PROTECTIVE_SHIELD_DISCOUNTS[impact.shieldName] ?? 0;
     const bonus = Math.round(exposed * discount);
-    const icon = discount > 0 ? "\u{1F6E1}  " : "\u2610   ";
+    const icon = discount > 0 ? "\u{1F6E1}\uFE0F  " : "\u2610   ";
     const wouldCatch = `would catch ${impact.totalCatches} op${impact.totalCatches !== 1 ? "s" : ""}`;
     const deltaSuffix = bonus > 0 ? `  \u2192  +${bonus} pts  (${blast.score} \u2192 ${blast.score + bonus})` : "";
     shieldLines.push(

package/dist/dashboard.mjs

@@ -3308,6 +3308,7 @@ var init_setup = __esm({
 
 // src/cli/render/scan-derive.ts
 import chalk3 from "chalk";
+import stringWidth from "string-width";
 var init_scan_derive = __esm({
   "src/cli/render/scan-derive.ts"() {
     "use strict";
@@ -3334,6 +3335,7 @@ import chalk4 from "chalk";
 import fs5 from "fs";
 import path7 from "path";
 import os7 from "os";
+import stringWidth2 from "string-width";
 function claudeModelPrice2(model) {
   const base = model.replace(/@.*$/, "").replace(/-\d{8}$/, "");
   for (const [key, p] of Object.entries(CLAUDE_PRICING2)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@node9/proxy",
-  "version": "1.20.0",
+  "version": "1.20.1",
   "description": "The Sudo Command for AI Agents. Execution Security for Claude Code & MCP.",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -83,6 +83,7 @@
     "react": "^19.2.6",
     "safe-regex2": "^5.1.0",
     "smol-toml": "^1.6.1",
+    "string-width": "^4.2.3",
     "zod": "^3.25.76"
   },
   "bundleDependencies": [