npm - node9-ai - Versions diffs - 1.11.3 → 1.11.11 - Mend

node9-ai 1.11.3 → 1.11.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+   1. Definitions.
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+   END OF TERMS AND CONDITIONS
+   APPENDIX: How to apply the Apache License to your work.
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+   Copyright [yyyy] [name of copyright owner]
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md CHANGED Viewed

@@ -1,30 +1,361 @@
-# node9
+# 🛡️ Node9 Proxy
-Security layer for AI coding agents — intercepts dangerous tool calls before they execute.
+### The "Sudo" Command for AI Agents.
-## Try it instantly (no install)
+[![NPM Version](https://img.shields.io/npm/v/node9-ai.svg)](https://www.npmjs.com/package/node9-ai)
+[![License: Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+[![Open in HF Spaces](https://huggingface.co/datasets/huggingface/badges/resolve/main/open-in-hf-spaces-sm.svg)](https://huggingface.co/spaces/Node9ai/node9-security-demo)
+[![Documentation](https://img.shields.io/badge/docs-node9.ai%2Fdocs-blue)](https://node9.ai/docs)
+**Node9** sits between your AI agent and your system. Every shell command, file write, and tool call passes through Node9 first — blocked, approved, or logged based on your policy. Works with Claude Code, Gemini CLI, Cursor, Codex, and any MCP server.
+📖 **[Full Documentation →](https://node9.ai/docs)**
+---
+## The "Aha!" Moment
+**AIs move fast.** Ask an agent to "ship the fix" and it might push straight to git without asking you.
+<p align="center">
+  <img src="https://github.com/user-attachments/assets/4aa6e45b-9aba-4953-9ce3-548226622588" width="100%">
+</p>
+With Node9:
+1. **AI attempts:** `Bash("git push origin main")`
+2. **Node9 intercepts:** OS-native popup appears instantly
+3. **You block it** — one click
+4. **AI pivots:** _"I'll create a PR for review instead"_
+---
+## Try it instantly — no install needed
+See what node9 would have caught in your existing Claude Code, Gemini CLI, and Codex history:
 ```bash
-npx node9 scan
+npx node9-ai scan
+```
+No account, no daemon, no config. Reads `~/.claude/projects/`, `~/.gemini/tmp/`, and `~/.codex/`, runs the full policy engine, and shows every operation that would have been blocked or flagged.
 ```
+🔍  Scanning your AI history  — what would node9 have caught?
-Scans your Claude Code / Gemini CLI history and shows what node9 would have blocked.
+  47 risky operations found — none were blocked
+    🛑  Would have blocked        2   operations stopped before execution
+    👁   Would have flagged       44   sent to you for approval
+    🔑  Credential leak           1   secret detected in tool call
+  ──────────────────────────────────────────────────────────────────
+  bash-safe  ·  12 findings  →  node9 shield enable bash-safe
+    🛑  block-pipe-to-shell ×8  — Pipe-to-shell is a common supply-chain attack vector
+    👁   review-eval ×4         — eval of dynamic content requires human approval
+  ⚡ 47 operations ran unprotected. node9 would have caught them.
+```
+---
 ## Install
 ```bash
-npm install -g node9
-node9 init
+# macOS / Linux
+brew tap node9-ai/node9 && brew install node9
+# or via npm
+npm install -g node9-ai
+```
+```bash
+node9 init       # auto-detects Claude Code, Gemini CLI, Cursor, Codex
+node9 doctor     # verify everything is wired correctly
+```
+---
+## Shields — one command per service
+Enable expert-crafted protection for the infrastructure your agent touches:
+```bash
+node9 shield enable postgres   # blocks DROP TABLE, TRUNCATE, DROP COLUMN
+node9 shield enable mongodb    # blocks dropDatabase, drop(), deleteMany({})
+node9 shield enable redis      # blocks FLUSHALL, FLUSHDB
+node9 shield enable aws        # blocks S3 delete, EC2 terminate, IAM changes
+node9 shield enable k8s        # blocks namespace delete, helm uninstall
+node9 shield enable docker     # blocks system prune, volume prune, rm -f
+node9 shield enable github     # blocks gh repo delete, remote branch deletion
+node9 shield enable bash-safe  # blocks curl|bash, base64|sh, rm -rf /
+node9 shield enable filesystem # reviews chmod 777, writes to /etc/
+node9 shield list              # see all shields and their status
+```
+---
+## MCP Gateway — protect any MCP server
+Wrap any MCP server transparently. The AI sees the same server — Node9 intercepts every tool call:
+```json
+{
+  "mcpServers": {
+    "postgres": {
+      "command": "node9",
+      "args": ["mcp", "--upstream", "npx -y @modelcontextprotocol/server-postgres postgresql://..."]
+    }
+  }
+}
+```
+Or use `node9 init` — it wraps existing MCP servers automatically.
+### MCP Tool Pinning — rug pull defense
+MCP servers can change their tool definitions between sessions. A compromised or malicious server could silently add, remove, or modify tools after initial trust — a **rug pull** attack.
+Node9 defends against this by **pinning** tool definitions on first use:
+1. **First connection** — the gateway records a SHA-256 hash of all tool definitions
+2. **Subsequent connections** — the hash is compared; if tools changed, the session is **quarantined** and all tool calls are blocked until a human reviews and approves the change
+3. **Corrupt pin state** — fails closed (blocks), never silently re-trusts
+```bash
+node9 mcp pin list                # show all pinned servers and hashes
+node9 mcp pin update <serverKey>  # remove pin, re-pin on next connection
+node9 mcp pin reset               # clear all pins (re-pin on next connection)
+```
+This is automatic — no configuration needed. The gateway pins on first `tools/list` and enforces on every subsequent session.
+### Skills Pinning — installed-plugin drift detection
+Marketplace plugins at `~/.claude/plugins/marketplaces/` come from registries, not your workspace — `git status` never sees them. Each installed plugin gets its own pin (same model as MCP server pinning): installing a new plugin creates a new pin silently; only changes to an already-pinned plugin trigger drift. Opt-in via `policy.skillPinning.enabled: true`; use `mode: 'block'` for strict enforcement. User-edited files are **not** in default scope. Extend via `policy.skillPinning.roots`.
+---
+## Python SDK — govern any Python agent
+```python
+from node9 import configure
+configure(agent_name="my-agent", policy="require_approval")
+# Your existing agent code runs unchanged — Node9 intercepts tool calls
+```
+**[Python SDK →](https://github.com/node9-ai/node9-python)** · **[Governed Agent examples →](https://github.com/node9-ai/governed-agent)**
+---
+## What's always on (no config needed)
+- **Git:** blocks `git push --force`, `git reset --hard`, `git clean -fd`
+- **SQL:** blocks `DELETE`/`UPDATE` without `WHERE`, `DROP TABLE`, `TRUNCATE`
+- **Shell:** blocks `curl | bash`, `sudo` commands
+- **DLP:** blocks AWS keys, GitHub tokens, Stripe keys, PEM private keys in any tool call argument
+- **Response DLP:** background scanner reads Claude's JSONL history hourly and alerts you if a secret appears in Claude's _response text_ (not just tool args) — see [`node9 dlp`](#node9-dlp--response-secret-scanner)
+- **Auto-undo:** git snapshot before every AI file edit → `node9 undo` to revert
+- **Skills Pinning:** SHA-256 verification of agent skill files between sessions; quarantines on drift (AST 02 + AST 07 — supply chain & update drift)
+---
+## Observability
+Every tool call your AI agent makes is recorded — command, arguments, result, and cost estimate. Node9 gives you four ways to see what your agent is doing.
+### Live HUD (statusline)
+Node9 wires a live statusline into Claude Code that shows you what's happening in real time:
+```
+🛡 node9 | standard | [bash-safe] | ✅ 12 allowed  🛑 2 blocked  🚨 0 dlp | ~$0.43 | ⚡ no-force-push
+📊 claude-opus-4-6 | ctx [████████░░░░░░░] 54% | 5h [██░░░░░░░░░░░░░] 12% | 7d [█░░░░░░░░░░░░░░] 7%
+🗂 2 CLAUDE.md | 8 rules | 3 MCPs | 4 hooks
+```
+**Line 1 — Security state:** active mode, enabled shields, session totals (allowed / blocked / DLP hits), estimated cost, last rule that fired.
+**Line 2 — Context & rate limits:** model name, context window usage, 5-hour and 7-day token rate-limit bars — so you can see when an agent is burning through quota.
+**Line 3 — Environment:** how many CLAUDE.md files, rules, MCP servers, and hooks are active in the current project.
+The HUD is wired automatically by `node9 init`. Full session logs land in `~/.node9/audit.log`.
+### `node9 scan` — flags
+```bash
+node9 scan                # last 90 days
+node9 scan --all          # all time
+node9 scan --drill-down   # full commands + session IDs
+```
+### `node9 tail` — live stream
+Stream every tool call as it happens. Useful when you send an agent off to work and want to watch what it's doing:
+```bash
+node9 tail          # stream tool calls for the active session
+node9 tail --all    # include all projects
+```
+Each line shows the tool name, a summary of its arguments, and the decision (allowed / blocked / DLP hit).
+At startup, `tail` prints a one-line context summary:
+```
+ctx: 34% (68k/200k  out 2k  · claude-sonnet-4-6)
+```
+This shows how full the context window is, how many output tokens were generated, and which model is running. Color-coded: cyan < 50%, yellow 50–79%, red ≥ 80%.
+### `node9 report` — security dashboard
+Run after a session to get a summary of what was allowed, blocked, DLP hits, cost, and daily activity:
+```
+$ node9 report --period 7d
+  🛡 node9 Report  ·  Last 7 Days  Apr 8 – Apr 14  2,255 events
+  ──────────────────────────────────────────────────────────────────────────────
+  ✅ 1,746 allowed   🛑 509 blocked   🚨 70 DLP hits   23% block rate   💰 $82.91
+  Top Tools                              Top Blocks
+  ─────────────────────────────────────  ─────────────────────────────────────
+  Bash                    ██████ 1,595   timeout                 ██████ 281
+  Read                    █░░░░░   196   smart-rule-block        ██░░░░  79
+  Edit                    █░░░░░   118   observe-mode-dlp-would… █░░░░░  69
+  drop_resource           █░░░░░    69   persistent-deny         █░░░░░  69
+  Grep                    █░░░░░    35   local-decision          █░░░░░   5
+  Daily Activity
+  ──────────────────────────────────────────────────────────────────────────────
+  Apr 9       ██████████████████████████████  833  216 blocked
+  Apr 10      █████░░░░░░░░░░░░░░░░░░░░░░░░░  145   24 blocked
+  Apr 11      ██████████████████████░░░░░░░░  617  139 blocked
+```
+The report also includes a **Tokens** section showing a breakdown of input, output, cache-write, and cache-read tokens with a cache hit-rate percentage — useful for spotting sessions that are burning tokens without getting cache savings.
+Periods: `today`, `7d` (default), `30d`, `month`. Cost data is read from `~/.claude/projects/` — no API calls, fully offline.
+If the response DLP scanner found secrets during the period, the report shows a `⚠️ DLP ALERT` banner at the top and a dedicated **Response DLP** section listing each finding with the pattern name, a masked sample, and the project it came from.
+### `node9 sessions` — session history
+See what your AI agent did across sessions — prompt, tool calls, cost, files modified, and whether a snapshot was taken. Useful when you hand off a task and come back to review what happened:
+```
+$ node9 sessions --all
+  📋  node9 sessions  — what your AI agent did
+  7   sessions    $178.93  total    2379  tool calls    122 files modified
+  avg $25.56    /session    7 of 7 sessions had snapshots
+  Tool breakdown:
+    Bash    ████████████████████  1165 (49%)
+    Read    ███████████░░░░░░░░░   613 (26%)
+    Edit    ██████░░░░░░░░░░░░░░   367 (15%)
+    Other   ███░░░░░░░░░░░░░░░░░   203 (9%)
+    Write   █░░░░░░░░░░░░░░░░░░░    31 (1%)
+  ─── Apr 15  ~/node9
+  14:47  implement delegated sessions feature       919 tools  $74.45  📸  00ac39e2
+  12:47  ok, it seems you crash and we have a bug…   95 tools  $6.40   📸  5a4e7fab
 ```
-## What it does
+Drill into any session for a full tool trace:
+```
+$ node9 sessions --detail 4812594b
+  Session  4812594b-c93f-4a26-91f0-44aa2e324918
+  Prompt   can you push node9-proxy to git dev?
+  Project  ~/node9
+  When     Apr 9, 2026, 20:49
+  Cost     ~$2.06
+  Snapshot ✓ taken
+  Tool calls (54):
+    20:49  Bash              git status && git branch -a
+    20:52  Write             /home/nadav/node9/node9-proxy/.git/hooks/pre-commit
+    20:56  Edit              /home/nadav/node9/node9-proxy/src/cli/commands/check.ts
+    ...
+  Files modified (3):
+    /home/nadav/node9/node9-proxy/.git/hooks/pre-commit
+    /home/nadav/node9/node9-proxy/src/cli/commands/check.ts
+    /home/nadav/node9/node9-proxy/src/cli/hud.ts
+```
+```bash
+node9 sessions              # last 7 days
+node9 sessions --all        # all time
+node9 sessions --days 30    # last 30 days
+node9 sessions --detail <session-id>   # full tool trace (prefix match on session ID)
+```
+Currently works with Claude Code. Support for other agents coming as they expose session history.
+### `node9 dlp` — response secret scanner
+Node9's tool-call DLP blocks secrets _before_ they leave your machine. But Claude can also write secrets into its **response text** — a curl example with a real token, a config snippet with a live key — and that text bypasses tool-call interception entirely.
+The **response DLP scanner** runs as a background daemon. It reads Claude's JSONL conversation history incrementally (delta scan — only new bytes since the last check), looks for secret patterns in assistant response text, and fires a desktop notification the moment it finds one.
+```
+⚠️  node9 DLP alert
+AWS Access Key found in Claude response text.
+Sample: AKIA****MPLE  — run: node9 dlp
+```
+```bash
+node9 dlp              # show all open findings with pattern, sample, project, date
+node9 dlp resolve      # acknowledge all current findings (clears the banner)
+```
+The `node9 dlp` command shows a guided remediation workflow:
+```
+🔐  node9 dlp  — secrets found in Claude response text
+  ⚠️  1 open finding
+  These secrets were included in Claude's response text — NOT blocked.
+  Rotate each affected key immediately.
+  ●  AWS Access Key ID   Apr 14, 2026
+     Sample: AKIA****MPLE
+     Project: ~/node9
+  Next steps:
+  1. Rotate any exposed keys shown above
+  2. Run node9 dlp resolve to acknowledge
+  3. Run node9 report for full audit history
+```
+Findings are never re-shown after `node9 dlp resolve`. The scanner stores resolved keys in `~/.node9/dlp-resolved.json` so only genuinely new secrets surface.
+---
+## 📖 Full docs
+Everything else — config reference, smart rules, stateful rules, trusted hosts, approval modes, CLI reference — is at **[node9.ai/docs](https://node9.ai/docs)**.
+---
+## Related
+- [node9-python](https://github.com/node9-ai/node9-python) — Python SDK
+- [governed-agent](https://github.com/node9-ai/governed-agent) — Reference governed agents (CI code review fixer)
-node9 sits between your AI agent (Claude Code, Gemini CLI, Cursor…) and the system.
-Every tool call is checked before it runs — dangerous commands are blocked or sent to you for approval.
+---
-- 🛑 **Blocks** irreversible operations (rm -rf, force push, disk wipes, eval of remote code)
-- 👁 **Reviews** risky commands — you approve or deny before they execute
-- 🔑 **DLP** — catches credentials and secrets before they leak
-- 📸 **Undo** — snapshots files before every edit so you can roll back
+## Enterprise
-→ [node9.ai](https://node9.ai) · [Docs](https://github.com/node9-ai/node9-proxy)
+Node9 Pro provides governance locking, SAML/SSO, and VPC deployment. Visit [node9.ai](https://node9.ai).

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "node9-ai",
-  "version": "1.11.3",
+  "version": "1.11.11",
   "description": "Security layer for AI coding agents — intercepts dangerous tool calls before they execute",
   "keywords": [
     "ai",
@@ -16,9 +16,13 @@
     "type": "git",
     "url": "https://github.com/node9-ai/node9-proxy"
   },
-  "license": "MIT",
+  "license": "Apache-2.0",
+  "scripts": {
+    "prepublishOnly": "cp ../node9-proxy/README.md ./README.md"
+  },
   "bin": {
-    "node9": "bin/node9.js"
+    "node9": "bin/node9.js",
+    "node9-ai": "bin/node9.js"
   },
   "dependencies": {
     "@node9/proxy": ">=1.11.3"

package/npm DELETED Viewed

	@@ -1 +0,0 @@
1	- nadav