@node9/proxy 1.5.2 → 1.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +60 -7
- package/dist/cli.js +945 -190
- package/dist/cli.mjs +942 -187
- package/dist/index.js +156 -47
- package/dist/index.mjs +156 -47
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -409,13 +409,66 @@ Smart Rules match on **raw tool arguments** using structured conditions:
|
|
|
409
409
|
|
|
410
410
|
**Smart Rule fields:**
|
|
411
411
|
|
|
412
|
-
| Field
|
|
413
|
-
|
|
|
414
|
-
| `tool`
|
|
415
|
-
| `conditions`
|
|
416
|
-
| `conditionMode`
|
|
417
|
-
| `verdict`
|
|
418
|
-
| `reason`
|
|
412
|
+
| Field | Description |
|
|
413
|
+
| :---------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
|
414
|
+
| `tool` | Tool name or glob (`"bash"`, `"mcp__postgres__*"`, `"*"`) |
|
|
415
|
+
| `conditions` | Array of conditions evaluated against the raw args object |
|
|
416
|
+
| `conditionMode` | `"all"` (AND, default) or `"any"` (OR) |
|
|
417
|
+
| `verdict` | `"review"` (approval prompt) \| `"block"` (hard deny) \| `"allow"` (skip all checks) |
|
|
418
|
+
| `reason` | Human-readable explanation shown in the approval prompt and audit log |
|
|
419
|
+
| `dependsOnState` | _(optional)_ Array of state predicates — block only fires when **all** are true. If any predicate is false or the daemon is unreachable the rule is downgraded to review (fail-open). See [Stateful Rules](#stateful-smart-rules) below. |
|
|
420
|
+
| `recoveryCommand` | _(optional)_ Shell command to suggest when the rule blocks — shown on terminal as `💡 Run: npm test` and sent to the AI as a negotiation hint. |
|
|
421
|
+
|
|
422
|
+
### Stateful Smart Rules
|
|
423
|
+
|
|
424
|
+
Stateful rules let you block actions based on **what the AI has done earlier in the session**, not just what it's doing now. The canonical use case: block deployment unless a test has passed since the last file edit.
|
|
425
|
+
|
|
426
|
+
```json
|
|
427
|
+
{
|
|
428
|
+
"policy": {
|
|
429
|
+
"smartRules": [
|
|
430
|
+
{
|
|
431
|
+
"name": "require-tests-before-deploy",
|
|
432
|
+
"tool": "Bash",
|
|
433
|
+
"conditions": [
|
|
434
|
+
{
|
|
435
|
+
"field": "command",
|
|
436
|
+
"op": "matches",
|
|
437
|
+
"value": "./deploy.sh|kubectl apply|npm run deploy"
|
|
438
|
+
}
|
|
439
|
+
],
|
|
440
|
+
"verdict": "block",
|
|
441
|
+
"reason": "Run tests before deploying",
|
|
442
|
+
"dependsOnState": ["no_test_passed_since_last_edit"],
|
|
443
|
+
"recoveryCommand": "npm test"
|
|
444
|
+
}
|
|
445
|
+
]
|
|
446
|
+
}
|
|
447
|
+
}
|
|
448
|
+
```
|
|
449
|
+
|
|
450
|
+
**How it works:**
|
|
451
|
+
|
|
452
|
+
1. The AI attempts a deploy command.
|
|
453
|
+
2. Node9 checks the daemon: _"Has a test passed since the last file edit?"_
|
|
454
|
+
3. **If no** → routes to the race engine. Terminal shows the STATE GUARD card with `[1] Allow / [2] Redirect AI to run tests / [3] Deny`. The AI receives a negotiation hint to run `npm test` first if the human redirects.
|
|
455
|
+
4. **If yes** → the rule is skipped, normal approval flow continues.
|
|
456
|
+
5. **Daemon unreachable** → fail-open, rule is skipped.
|
|
457
|
+
|
|
458
|
+
> **⚠️ Security note — fail-open behaviour:** When the daemon is unreachable, stateful block rules are silently downgraded to review. This is intentional (availability over lockout), but it means a network disruption can temporarily weaken these rules. A per-rule `failMode: 'closed'` option is planned. If you need a hard guarantee, use a plain block rule (no `dependsOnState`) instead.
|
|
459
|
+
|
|
460
|
+
**State is tracked automatically** — no config required beyond the rule itself:
|
|
461
|
+
|
|
462
|
+
- File edits are detected from `Edit`, `Write`, `MultiEdit` tool calls.
|
|
463
|
+
- Test results are detected from the PostToolUse hook reading command output. Supported runners: `vitest`, `jest`, `mocha`, `pytest`, `cargo test`, `go test`, `rspec`, `phpunit`, `dotnet test`.
|
|
464
|
+
|
|
465
|
+
**Available predicates:**
|
|
466
|
+
|
|
467
|
+
| Predicate | True when |
|
|
468
|
+
| :------------------------------- | :------------------------------------------------------------ |
|
|
469
|
+
| `no_test_passed_since_last_edit` | A file was edited and no passing test has been recorded since |
|
|
470
|
+
|
|
471
|
+
> **Requires the node9 daemon** (`node9 daemon start`). Without the daemon the predicate is always unknown → fail-open.
|
|
419
472
|
|
|
420
473
|
**Condition operators:**
|
|
421
474
|
|