@node9/proxy 1.7.1 → 1.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/README.md +50 -657
  2. package/dist/cli.js +404 -333
  3. package/dist/cli.mjs +396 -325
  4. package/dist/index.js +90 -260
  5. package/dist/index.mjs +90 -260
  6. package/dist/shields/builtin/aws.json +59 -0
  7. package/dist/shields/builtin/bash-safe.json +78 -0
  8. package/dist/shields/builtin/docker.json +120 -0
  9. package/dist/shields/builtin/filesystem.json +30 -0
  10. package/dist/shields/builtin/github.json +26 -0
  11. package/dist/shields/builtin/k8s.json +92 -0
  12. package/dist/shields/builtin/mongodb.json +78 -0
  13. package/dist/shields/builtin/postgres.json +42 -0
  14. package/dist/shields/builtin/redis.json +78 -0
  15. package/package.json +2 -2
package/dist/shields/builtin/filesystem.json ADDED
@@ -0,0 +1,30 @@
1
+ {
2
+ "name": "filesystem",
3
+ "description": "Protects the local filesystem from dangerous AI operations",
4
+ "aliases": ["fs"],
5
+ "smartRules": [
6
+ {
7
+ "name": "shield:filesystem:review-chmod-777",
8
+ "tool": "bash",
9
+ "conditions": [
10
+ { "field": "command", "op": "matches", "value": "chmod\\s+(777|a\\+rwx)", "flags": "i" }
11
+ ],
12
+ "verdict": "review",
13
+ "reason": "chmod 777 requires human approval (filesystem shield)"
14
+ },
15
+ {
16
+ "name": "shield:filesystem:review-write-etc",
17
+ "tool": "bash",
18
+ "conditions": [
19
+ {
20
+ "field": "command",
21
+ "op": "matches",
22
+ "value": "(tee|\\bcp\\b|\\bmv\\b|install|>+)\\s+.*\\/etc\\/"
23
+ }
24
+ ],
25
+ "verdict": "review",
26
+ "reason": "Writing to /etc requires human approval (filesystem shield)"
27
+ }
28
+ ],
29
+ "dangerousWords": ["wipefs"]
30
+ }
package/dist/shields/builtin/github.json ADDED
@@ -0,0 +1,26 @@
1
+ {
2
+ "name": "github",
3
+ "description": "Protects GitHub repositories from destructive AI operations",
4
+ "aliases": ["git"],
5
+ "smartRules": [
6
+ {
7
+ "name": "shield:github:review-delete-branch-remote",
8
+ "tool": "bash",
9
+ "conditions": [
10
+ { "field": "command", "op": "matches", "value": "git\\s+push\\s+.*--delete", "flags": "i" }
11
+ ],
12
+ "verdict": "review",
13
+ "reason": "Remote branch deletion requires human approval (GitHub shield)"
14
+ },
15
+ {
16
+ "name": "shield:github:block-delete-repo",
17
+ "tool": "*",
18
+ "conditions": [
19
+ { "field": "command", "op": "matches", "value": "gh\\s+repo\\s+delete", "flags": "i" }
20
+ ],
21
+ "verdict": "block",
22
+ "reason": "Repository deletion is irreversible — blocked by GitHub shield"
23
+ }
24
+ ],
25
+ "dangerousWords": []
26
+ }
package/dist/shields/builtin/k8s.json ADDED
@@ -0,0 +1,92 @@
1
+ {
2
+ "name": "k8s",
3
+ "description": "Protects Kubernetes clusters from destructive AI operations",
4
+ "aliases": ["kubernetes", "kubectl"],
5
+ "smartRules": [
6
+ {
7
+ "name": "shield:k8s:block-delete-namespace",
8
+ "tool": "*",
9
+ "conditions": [
10
+ {
11
+ "field": "command",
12
+ "op": "matches",
13
+ "value": "kubectl\\s+delete\\s+(ns|namespace)\\s+",
14
+ "flags": "i"
15
+ }
16
+ ],
17
+ "verdict": "block",
18
+ "reason": "Deleting a namespace destroys all resources inside it — blocked by k8s shield"
19
+ },
20
+ {
21
+ "name": "shield:k8s:block-delete-all",
22
+ "tool": "*",
23
+ "conditions": [
24
+ {
25
+ "field": "command",
26
+ "op": "matches",
27
+ "value": "kubectl\\s+delete\\s+.*--all\\b",
28
+ "flags": "i"
29
+ }
30
+ ],
31
+ "verdict": "block",
32
+ "reason": "kubectl delete --all is irreversible — blocked by k8s shield"
33
+ },
34
+ {
35
+ "name": "shield:k8s:block-helm-uninstall",
36
+ "tool": "*",
37
+ "conditions": [
38
+ {
39
+ "field": "command",
40
+ "op": "matches",
41
+ "value": "helm\\s+(uninstall|delete|del)\\s+",
42
+ "flags": "i"
43
+ }
44
+ ],
45
+ "verdict": "block",
46
+ "reason": "helm uninstall removes a release and its resources — blocked by k8s shield"
47
+ },
48
+ {
49
+ "name": "shield:k8s:review-scale-zero",
50
+ "tool": "*",
51
+ "conditions": [
52
+ {
53
+ "field": "command",
54
+ "op": "matches",
55
+ "value": "kubectl\\s+scale\\s+.*--replicas=0",
56
+ "flags": "i"
57
+ }
58
+ ],
59
+ "verdict": "review",
60
+ "reason": "Scaling to zero takes down a workload and requires human approval (k8s shield)"
61
+ },
62
+ {
63
+ "name": "shield:k8s:review-delete-deployment",
64
+ "tool": "*",
65
+ "conditions": [
66
+ {
67
+ "field": "command",
68
+ "op": "matches",
69
+ "value": "kubectl\\s+delete\\s+(deployment|deploy|statefulset|sts|daemonset|ds)\\s+",
70
+ "flags": "i"
71
+ }
72
+ ],
73
+ "verdict": "review",
74
+ "reason": "Deleting a workload requires human approval (k8s shield)"
75
+ },
76
+ {
77
+ "name": "shield:k8s:review-apply-force",
78
+ "tool": "*",
79
+ "conditions": [
80
+ {
81
+ "field": "command",
82
+ "op": "matches",
83
+ "value": "kubectl\\s+(apply|replace)\\s+.*--force",
84
+ "flags": "i"
85
+ }
86
+ ],
87
+ "verdict": "review",
88
+ "reason": "Force-apply overwrites live resources and requires human approval (k8s shield)"
89
+ }
90
+ ],
91
+ "dangerousWords": []
92
+ }
package/dist/shields/builtin/mongodb.json ADDED
@@ -0,0 +1,78 @@
1
+ {
2
+ "name": "mongodb",
3
+ "description": "Protects MongoDB databases from destructive AI operations",
4
+ "aliases": ["mongo"],
5
+ "smartRules": [
6
+ {
7
+ "name": "shield:mongodb:block-drop-database",
8
+ "tool": "*",
9
+ "conditions": [
10
+ {
11
+ "field": "command",
12
+ "op": "matches",
13
+ "value": "\\.dropDatabase\\s*\\(",
14
+ "flags": "i"
15
+ }
16
+ ],
17
+ "verdict": "block",
18
+ "reason": "dropDatabase is irreversible — blocked by MongoDB shield"
19
+ },
20
+ {
21
+ "name": "shield:mongodb:block-drop-collection",
22
+ "tool": "*",
23
+ "conditions": [
24
+ {
25
+ "field": "command",
26
+ "op": "matches",
27
+ "value": "\\.drop\\s*\\(|db\\.getCollection\\([^)]+\\)\\.drop\\s*\\(",
28
+ "flags": "i"
29
+ }
30
+ ],
31
+ "verdict": "block",
32
+ "reason": "Collection drop is irreversible — blocked by MongoDB shield"
33
+ },
34
+ {
35
+ "name": "shield:mongodb:block-delete-many-empty-filter",
36
+ "tool": "*",
37
+ "conditions": [
38
+ {
39
+ "field": "command",
40
+ "op": "matches",
41
+ "value": "\\.deleteMany\\s*\\(\\s*\\{\\s*\\}\\s*\\)",
42
+ "flags": "i"
43
+ }
44
+ ],
45
+ "verdict": "block",
46
+ "reason": "deleteMany({}) with empty filter wipes the entire collection — blocked by MongoDB shield"
47
+ },
48
+ {
49
+ "name": "shield:mongodb:review-delete-many",
50
+ "tool": "*",
51
+ "conditions": [
52
+ {
53
+ "field": "command",
54
+ "op": "matches",
55
+ "value": "\\.deleteMany\\s*\\(",
56
+ "flags": "i"
57
+ }
58
+ ],
59
+ "verdict": "review",
60
+ "reason": "deleteMany requires human approval (MongoDB shield)"
61
+ },
62
+ {
63
+ "name": "shield:mongodb:review-drop-index",
64
+ "tool": "*",
65
+ "conditions": [
66
+ {
67
+ "field": "command",
68
+ "op": "matches",
69
+ "value": "\\.dropIndex\\s*\\(|\\.dropIndexes\\s*\\(",
70
+ "flags": "i"
71
+ }
72
+ ],
73
+ "verdict": "review",
74
+ "reason": "Index drops affect query performance and require human approval (MongoDB shield)"
75
+ }
76
+ ],
77
+ "dangerousWords": ["dropDatabase", "dropCollection", "mongodrop"]
78
+ }
package/dist/shields/builtin/postgres.json ADDED
@@ -0,0 +1,42 @@
1
+ {
2
+ "name": "postgres",
3
+ "description": "Protects PostgreSQL databases from destructive AI operations",
4
+ "aliases": ["pg", "postgresql"],
5
+ "smartRules": [
6
+ {
7
+ "name": "shield:postgres:block-drop-table",
8
+ "tool": "*",
9
+ "conditions": [{ "field": "sql", "op": "matches", "value": "DROP\\s+TABLE", "flags": "i" }],
10
+ "verdict": "block",
11
+ "reason": "DROP TABLE is irreversible — blocked by Postgres shield"
12
+ },
13
+ {
14
+ "name": "shield:postgres:block-truncate",
15
+ "tool": "*",
16
+ "conditions": [
17
+ { "field": "sql", "op": "matches", "value": "TRUNCATE\\s+TABLE", "flags": "i" }
18
+ ],
19
+ "verdict": "block",
20
+ "reason": "TRUNCATE is irreversible — blocked by Postgres shield"
21
+ },
22
+ {
23
+ "name": "shield:postgres:block-drop-column",
24
+ "tool": "*",
25
+ "conditions": [
26
+ { "field": "sql", "op": "matches", "value": "ALTER\\s+TABLE.*DROP\\s+COLUMN", "flags": "i" }
27
+ ],
28
+ "verdict": "block",
29
+ "reason": "DROP COLUMN is irreversible — blocked by Postgres shield"
30
+ },
31
+ {
32
+ "name": "shield:postgres:review-grant-revoke",
33
+ "tool": "*",
34
+ "conditions": [
35
+ { "field": "sql", "op": "matches", "value": "\\b(GRANT|REVOKE)\\b", "flags": "i" }
36
+ ],
37
+ "verdict": "review",
38
+ "reason": "Permission changes require human approval (Postgres shield)"
39
+ }
40
+ ],
41
+ "dangerousWords": ["dropdb", "pg_dropcluster"]
42
+ }
package/dist/shields/builtin/redis.json ADDED
@@ -0,0 +1,78 @@
1
+ {
2
+ "name": "redis",
3
+ "description": "Protects Redis instances from destructive AI operations",
4
+ "aliases": [],
5
+ "smartRules": [
6
+ {
7
+ "name": "shield:redis:block-flushall",
8
+ "tool": "*",
9
+ "conditions": [
10
+ {
11
+ "field": "command",
12
+ "op": "matches",
13
+ "value": "\\bFLUSHALL\\b",
14
+ "flags": "i"
15
+ }
16
+ ],
17
+ "verdict": "block",
18
+ "reason": "FLUSHALL deletes every key in every database — blocked by Redis shield"
19
+ },
20
+ {
21
+ "name": "shield:redis:block-flushdb",
22
+ "tool": "*",
23
+ "conditions": [
24
+ {
25
+ "field": "command",
26
+ "op": "matches",
27
+ "value": "\\bFLUSHDB\\b",
28
+ "flags": "i"
29
+ }
30
+ ],
31
+ "verdict": "block",
32
+ "reason": "FLUSHDB deletes all keys in the current database — blocked by Redis shield"
33
+ },
34
+ {
35
+ "name": "shield:redis:block-config-resetstat",
36
+ "tool": "*",
37
+ "conditions": [
38
+ {
39
+ "field": "command",
40
+ "op": "matches",
41
+ "value": "\\bCONFIG\\s+RESETSTAT\\b",
42
+ "flags": "i"
43
+ }
44
+ ],
45
+ "verdict": "block",
46
+ "reason": "CONFIG RESETSTAT resets server statistics irreversibly — blocked by Redis shield"
47
+ },
48
+ {
49
+ "name": "shield:redis:review-config-set",
50
+ "tool": "*",
51
+ "conditions": [
52
+ {
53
+ "field": "command",
54
+ "op": "matches",
55
+ "value": "\\bCONFIG\\s+SET\\b",
56
+ "flags": "i"
57
+ }
58
+ ],
59
+ "verdict": "review",
60
+ "reason": "CONFIG SET changes live server configuration and requires human approval (Redis shield)"
61
+ },
62
+ {
63
+ "name": "shield:redis:review-del-wildcard",
64
+ "tool": "*",
65
+ "conditions": [
66
+ {
67
+ "field": "command",
68
+ "op": "matches",
69
+ "value": "\\bDEL\\b.*[*?\\[]|redis-cli.*--scan.*\\|.*xargs.*del",
70
+ "flags": "i"
71
+ }
72
+ ],
73
+ "verdict": "review",
74
+ "reason": "Wildcard key deletion requires human approval (Redis shield)"
75
+ }
76
+ ],
77
+ "dangerousWords": ["FLUSHALL", "FLUSHDB"]
78
+ }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@node9/proxy",
3
- "version": "1.7.1",
3
+ "version": "1.8.3",
4
4
  "description": "The Sudo Command for AI Agents. Execution Security for Claude Code & MCP.",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",
@@ -48,7 +48,7 @@
48
48
  "LICENSE"
49
49
  ],
50
50
  "scripts": {
51
- "build": "tsup",
51
+ "build": "tsup && node scripts/copy-shield-assets.js",
52
52
  "dev": "tsup --watch",
53
53
  "demo": "tsx examples/demo.ts",
54
54
  "typecheck": "tsc --noEmit",