npm - @node9/proxy - Versions diffs - 1.20.1 → 1.21.0 - Mend

@node9/proxy 1.20.1 → 1.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -8,21 +8,33 @@
   <a href="https://huggingface.co/spaces/Node9ai/node9-security-demo"><img src="https://huggingface.co/datasets/huggingface/badges/resolve/main/open-in-hf-spaces-sm.svg" alt="Try on HF Spaces" /></a>
 </p>
-Node9 sits between your AI agent and the tools it can use — recording every action, intervening on risky ones, and showing you what happened both live and in retrospect.
+Node9 sits between your AI agent and the tools it can use — **discover** what it's already been doing, **protect** against risky actions in real time, and **review** what happened over any time window.
 Works with **Claude Code · Codex CLI · Gemini CLI · Cursor · Windsurf · any MCP server**.
 ## What Node9 does
-- 🛡 **Review or block** risky commands before they run — `rm -rf`, `git push --force`, `DROP TABLE`, credential reads, `curl | bash`
-- 🔍 **Scan** what your AI has already been doing — loops, leaked secrets, blocked operations across every session
-- 🔑 **Catch credential leaks** — AWS keys, GitHub tokens, JWTs, GCP API keys, PEM private keys flagged in tool args, file contents, and shell config
-- 🔭 **Map your blast radius** — every SSH key, AWS credential, and `.env` file an AI agent on this machine could reach right now
+- 🔍 **Discover** — scan every past AI session for credential leaks, agent loops, blocked operations, and every secret on disk an agent could reach right now
+- 🛡 **Protect** — review or block risky commands before they run — `rm -rf`, `git push --force`, `DROP TABLE`, credential reads, `curl | bash`, AWS/GitHub/Stripe key leaks
+- 📊 **Review** — period-windowed report (today / week / month / 90 days) — cost per agent, top tools, shields fired, blast radius
+## Retrospective scan
+This is my own machine — 90 days while building Node9. Score 25/100, 5 credential files an AI agent could reach right now.
+```bash
+npx node9-ai scan   # before installation, runs in ~10s, nothing uploads
+node9 scan          # after installation, same output
+```
+<p align="center">
+  <img src="https://github.com/user-attachments/assets/7c5b30f1-1ca1-40b4-bfd5-d6671002e98e" width="720" alt="Node9 scan scorecard" />
+</p>
 ## Live monitoring
 <p align="center">
-  <img src="https://github.com/user-attachments/assets/997b7b42-b251-4046-b9c5-e000f8b5a481" width="720" alt="Node9 monitor dashboard" />
+  <img src="https://github.com/user-attachments/assets/4661da97-c174-4bae-ae54-4c52a1d69213" width="720" alt="Node9 monitor dashboard" />
 </p>
 `node9 monitor` opens an interactive terminal dashboard with two views:
@@ -30,31 +42,18 @@ Works with **Claude Code · Codex CLI · Gemini CLI · Cursor · Windsurf · any
 - **`[1]` Realtime** — live activity, approvals, security alerts, current risk score
 - **`[2]` Report** — period-windowed summary: cost, top tools, shields fired, blast radius
-## Retrospective scan
+## Report
-This is my own machine — 30 days while building Node9. Score 25/100, 5 credential files an AI agent could reach right now.
+Press `[2]` in monitor for a period-windowed summary. Toggle the window with `[T]oday` · `[W]eek` · `[M]onth` · `[N]inety` — same panels as the scan above, driven by your post-install audit log.
 <p align="center">
-  <img src="https://github.com/user-attachments/assets/bc165779-4200-438d-967a-20d42bbfe69e" width="720" alt="Node9 scan scorecard" />
+  <img src="https://github.com/user-attachments/assets/66c02a72-e477-443d-807f-d65a21d096cd" width="720" alt="Node9 monitor [2] Report" />
 </p>
+```bash
+node9 monitor              # press [2] for Report view
+node9 report --period 7d   # CLI form, no TUI
 ```
-🛡  Node9 Scan  ·  21 sessions  ·  8,114 tool calls  ·  Apr 6 – May 1, 2026
-Security Score: 25/100  ·  Critical
-$3,789 AI spend  ·  62 risky operations
-🔑  14   credential leak     (Bearer Token ×4, GCP API Key ×4, JWT ×2)
-🛑  15   would have blocked  (force-push ×5, read-ssh ×4, read-aws ×4)
-🔁  193  agent loops         (18% wasted  ·  ~$6.51)
-👁  33   flagged for review  (git-destructive ×19, rm ×9, sudo ×2)
-🔭  Blast radius             ssh × gcp × npm × other (5 exposures)
-→  npx node9-ai scan         run this on your machine
-```
-Run it on yours — `npx node9-ai scan` finishes in ~10 seconds and runs entirely local. Nothing uploads.
 ## Install
@@ -141,17 +140,17 @@ node9 mcp pin reset               # clear all pins
 </details>
-## Observability — five views
-| Command          | What it shows                                             | When to use                               |
-| ---------------- | --------------------------------------------------------- | ----------------------------------------- |
-| `node9 blast`    | What an AI agent can reach right now — files, creds, env  | First thing to run on any machine         |
-| `node9 scan`     | Retrospective audit of existing agent history             | Before installing, or to review past risk |
-| `node9 tail`     | Live stream of every tool call                            | Watching an agent work in real time       |
-| `node9 report`   | Per-period summary: allowed/blocked/DLP/cost + top tools  | Reviewing what happened after a session   |
-| `node9 sessions` | Session history with prompt, tool trace, cost, snapshot   | Reviewing a handoff or past work          |
-| `node9 dlp`      | Credential-leak findings in Claude response text          | Any time a DLP desktop alert fires        |
-| `node9 mask`     | Redact plaintext secrets from local session history files | After a DLP finding — cleans local disk   |
+## Other commands
+Beyond the three flow commands above (`scan` / `monitor` / `report`):
+| Command          | What it shows                                             | When to use                             |
+| ---------------- | --------------------------------------------------------- | --------------------------------------- |
+| `node9 blast`    | What an AI agent can reach right now — files, creds, env  | First thing to run on any machine       |
+| `node9 tail`     | Live stream of every tool call (text-only, no TUI)        | Piping into other tools, CI, logs       |
+| `node9 sessions` | Session history with prompt, tool trace, cost, snapshot   | Reviewing a handoff or past work        |
+| `node9 dlp`      | Credential-leak findings in Claude response text          | Any time a DLP desktop alert fires      |
+| `node9 mask`     | Redact plaintext secrets from local session history files | After a DLP finding — cleans local disk |
 Plus a **live HUD** in your Claude Code statusline:

package/dist/cli.js CHANGED Viewed

@@ -10505,7 +10505,7 @@ function originForRule(ruleName, sections) {
   return "";
 }
 function registerScanCommand(program2) {
-  program2.command("scan").description("Forecast: scan agent history and show what node9 would catch if installed").option("--all", "Scan all history (default: last 90 days)").option("--days <n>", "Scan last N days of history", "90").option("--top <n>", "Max findings to show per rule (default: 5)", "5").option("--drill-down", "Show all findings with full commands and session IDs").option("--compact", "Compact one-screen scorecard \u2014 for screenshots and sharing").option("--narrative", "Severity-grouped report \u2014 for video / dramatic sharing").option(
+  program2.command("scan").description("Forecast: scan agent history and show what node9 would catch if installed").option("--all", "Scan all history (default: last 90 days)").option("--days <n>", "Scan last N days of history", "90").option("--top <n>", "Max findings to show per rule (default: 5)", "5").option("--drill-down", "Show all findings with full commands and session IDs").option("--compact", "Compact one-screen scorecard \u2014 for screenshots and sharing").option("--narrative", "Severity-grouped report \u2014 for video / dramatic sharing").option("--classic", "Original chalk-based scorecard layout (default: new Ink-rendered view)").option(
     "--json",
     "Emit machine-readable JSON to stdout (suppresses banner, progress, and renderer)"
   ).option(
@@ -10539,7 +10539,8 @@ function registerScanCommand(program2) {
       })();
       const isWired = getAgentsStatus().some((a) => a.wired);
       const screenshotMode = options.compact || options.narrative;
-      const quiet = screenshotMode || options.json;
+      const useInk = !options.classic && !drillDown;
+      const quiet = screenshotMode || options.json || useInk;
       if (!quiet) {
         console.log("");
         if (!isWired) {
@@ -10677,6 +10678,7 @@ function registerScanCommand(program2) {
         });
         return;
       }
+      const useInkForHero = !options.classic && !drillDown;
       if (totalFindings === 0 && scan.dlpFindings.length === 0) {
         console.log(import_chalk5.default.green("  \u2705 No risky operations found in your history."));
         console.log(
@@ -10696,9 +10698,11 @@ function registerScanCommand(program2) {
           const since = daysAgo === 0 ? "today" : daysAgo === 1 ? "yesterday" : `${daysAgo} days ago`;
           return import_chalk5.default.dim("  \xB7  ") + arrow + import_chalk5.default.dim(` since ${since}`);
         })();
-        console.log(
-          "  " + (score.band === "critical" ? import_chalk5.default.red.bold("\u26A0  ") : "") + import_chalk5.default.bold("Security Score ") + score.color.bold(`${blast.score}/100`) + "  " + severityDisplay + trendSuffix + import_chalk5.default.dim("  \xB7  ") + (totalRisky > 0 ? import_chalk5.default.red.bold(`${totalRisky} risky operation${totalRisky !== 1 ? "s" : ""}`) : import_chalk5.default.green("No risky operations"))
-        );
+        if (!useInkForHero) {
+          console.log(
+            "  " + (score.band === "critical" ? import_chalk5.default.red.bold("\u26A0  ") : "") + import_chalk5.default.bold("Security Score ") + score.color.bold(`${blast.score}/100`) + "  " + severityDisplay + trendSuffix + import_chalk5.default.dim("  \xB7  ") + (totalRisky > 0 ? import_chalk5.default.red.bold(`${totalRisky} risky operation${totalRisky !== 1 ? "s" : ""}`) : import_chalk5.default.green("No risky operations"))
+          );
+        }
         const cardParts = [];
         if (scan.dlpFindings.length > 0) {
           cardParts.push(
@@ -10727,10 +10731,10 @@ function registerScanCommand(program2) {
             import_chalk5.default.red("\u{1F52D} ") + import_chalk5.default.red.bold(String(blastExposures)) + import_chalk5.default.dim(" exposures")
           );
         }
-        if (cardParts.length > 0) {
+        if (cardParts.length > 0 && !useInkForHero) {
           console.log("  " + cardParts.join(import_chalk5.default.dim("   ")));
         }
-        if (scan.totalCostUSD > 0) {
+        if (scan.totalCostUSD > 0 && !useInkForHero) {
           console.log(
             "  " + import_chalk5.default.dim("AI spend  ") + import_chalk5.default.bold(fmtCost(scan.totalCostUSD)) + (summary.loopWastedUSD > 0 ? import_chalk5.default.dim("   \xB7   wasted on loops  ") + import_chalk5.default.yellow("~" + fmtCost(summary.loopWastedUSD)) : "")
           );
@@ -10742,16 +10746,38 @@ function registerScanCommand(program2) {
             )
           );
         }
-        console.log("");
+        if (!useInkForHero) {
+          console.log("");
+        }
         if (!drillDown) {
-          renderPanelScorecard({
-            scan,
-            summary,
-            blast,
-            blastExposures,
-            blockedCount,
-            reviewCount
-          });
+          const useInk2 = !options.classic;
+          if (useInk2) {
+            const scanInkPath = import_path21.default.join(__dirname, "scan-ink.mjs");
+            const dynamicImport = new Function("id", "return import(id)");
+            const mod = await dynamicImport(`file://${scanInkPath}`);
+            const rangeLabel2 = options.all ? "all time" : `last ${options.days ?? 90} days`;
+            mod.renderScanScorecardInk(
+              {
+                scan,
+                summary,
+                blast,
+                blastExposures,
+                blockedCount,
+                reviewCount
+              },
+              rangeLabel2
+            );
+            console.log("");
+          } else {
+            renderPanelScorecard({
+              scan,
+              summary,
+              blast,
+              blastExposures,
+              blockedCount,
+              reviewCount
+            });
+          }
           const cta = isWired ? "\u2705 node9 is active" : "\u2192 install node9 to enable protection";
           console.log("  " + import_chalk5.default.green(cta));
           console.log(

package/dist/cli.mjs CHANGED Viewed

@@ -10485,7 +10485,7 @@ function originForRule(ruleName, sections) {
   return "";
 }
 function registerScanCommand(program2) {
-  program2.command("scan").description("Forecast: scan agent history and show what node9 would catch if installed").option("--all", "Scan all history (default: last 90 days)").option("--days <n>", "Scan last N days of history", "90").option("--top <n>", "Max findings to show per rule (default: 5)", "5").option("--drill-down", "Show all findings with full commands and session IDs").option("--compact", "Compact one-screen scorecard \u2014 for screenshots and sharing").option("--narrative", "Severity-grouped report \u2014 for video / dramatic sharing").option(
+  program2.command("scan").description("Forecast: scan agent history and show what node9 would catch if installed").option("--all", "Scan all history (default: last 90 days)").option("--days <n>", "Scan last N days of history", "90").option("--top <n>", "Max findings to show per rule (default: 5)", "5").option("--drill-down", "Show all findings with full commands and session IDs").option("--compact", "Compact one-screen scorecard \u2014 for screenshots and sharing").option("--narrative", "Severity-grouped report \u2014 for video / dramatic sharing").option("--classic", "Original chalk-based scorecard layout (default: new Ink-rendered view)").option(
     "--json",
     "Emit machine-readable JSON to stdout (suppresses banner, progress, and renderer)"
   ).option(
@@ -10519,7 +10519,8 @@ function registerScanCommand(program2) {
       })();
       const isWired = getAgentsStatus().some((a) => a.wired);
       const screenshotMode = options.compact || options.narrative;
-      const quiet = screenshotMode || options.json;
+      const useInk = !options.classic && !drillDown;
+      const quiet = screenshotMode || options.json || useInk;
       if (!quiet) {
         console.log("");
         if (!isWired) {
@@ -10657,6 +10658,7 @@ function registerScanCommand(program2) {
         });
         return;
       }
+      const useInkForHero = !options.classic && !drillDown;
       if (totalFindings === 0 && scan.dlpFindings.length === 0) {
         console.log(chalk5.green("  \u2705 No risky operations found in your history."));
         console.log(
@@ -10676,9 +10678,11 @@ function registerScanCommand(program2) {
           const since = daysAgo === 0 ? "today" : daysAgo === 1 ? "yesterday" : `${daysAgo} days ago`;
           return chalk5.dim("  \xB7  ") + arrow + chalk5.dim(` since ${since}`);
         })();
-        console.log(
-          "  " + (score.band === "critical" ? chalk5.red.bold("\u26A0  ") : "") + chalk5.bold("Security Score ") + score.color.bold(`${blast.score}/100`) + "  " + severityDisplay + trendSuffix + chalk5.dim("  \xB7  ") + (totalRisky > 0 ? chalk5.red.bold(`${totalRisky} risky operation${totalRisky !== 1 ? "s" : ""}`) : chalk5.green("No risky operations"))
-        );
+        if (!useInkForHero) {
+          console.log(
+            "  " + (score.band === "critical" ? chalk5.red.bold("\u26A0  ") : "") + chalk5.bold("Security Score ") + score.color.bold(`${blast.score}/100`) + "  " + severityDisplay + trendSuffix + chalk5.dim("  \xB7  ") + (totalRisky > 0 ? chalk5.red.bold(`${totalRisky} risky operation${totalRisky !== 1 ? "s" : ""}`) : chalk5.green("No risky operations"))
+          );
+        }
         const cardParts = [];
         if (scan.dlpFindings.length > 0) {
           cardParts.push(
@@ -10707,10 +10711,10 @@ function registerScanCommand(program2) {
             chalk5.red("\u{1F52D} ") + chalk5.red.bold(String(blastExposures)) + chalk5.dim(" exposures")
           );
         }
-        if (cardParts.length > 0) {
+        if (cardParts.length > 0 && !useInkForHero) {
           console.log("  " + cardParts.join(chalk5.dim("   ")));
         }
-        if (scan.totalCostUSD > 0) {
+        if (scan.totalCostUSD > 0 && !useInkForHero) {
           console.log(
             "  " + chalk5.dim("AI spend  ") + chalk5.bold(fmtCost(scan.totalCostUSD)) + (summary.loopWastedUSD > 0 ? chalk5.dim("   \xB7   wasted on loops  ") + chalk5.yellow("~" + fmtCost(summary.loopWastedUSD)) : "")
           );
@@ -10722,16 +10726,38 @@ function registerScanCommand(program2) {
             )
           );
         }
-        console.log("");
+        if (!useInkForHero) {
+          console.log("");
+        }
         if (!drillDown) {
-          renderPanelScorecard({
-            scan,
-            summary,
-            blast,
-            blastExposures,
-            blockedCount,
-            reviewCount
-          });
+          const useInk2 = !options.classic;
+          if (useInk2) {
+            const scanInkPath = path21.join(__dirname, "scan-ink.mjs");
+            const dynamicImport = new Function("id", "return import(id)");
+            const mod = await dynamicImport(`file://${scanInkPath}`);
+            const rangeLabel2 = options.all ? "all time" : `last ${options.days ?? 90} days`;
+            mod.renderScanScorecardInk(
+              {
+                scan,
+                summary,
+                blast,
+                blastExposures,
+                blockedCount,
+                reviewCount
+              },
+              rangeLabel2
+            );
+            console.log("");
+          } else {
+            renderPanelScorecard({
+              scan,
+              summary,
+              blast,
+              blastExposures,
+              blockedCount,
+              reviewCount
+            });
+          }
           const cta = isWired ? "\u2705 node9 is active" : "\u2192 install node9 to enable protection";
           console.log("  " + chalk5.green(cta));
           console.log(