node9-ai 1.20.1 → 1.21.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +35 -36
  2. package/package.json +2 -2
package/README.md CHANGED
@@ -8,21 +8,33 @@
8
8
  <a href="https://huggingface.co/spaces/Node9ai/node9-security-demo"><img src="https://huggingface.co/datasets/huggingface/badges/resolve/main/open-in-hf-spaces-sm.svg" alt="Try on HF Spaces" /></a>
9
9
  </p>
10
10
 
11
- Node9 sits between your AI agent and the tools it can use — recording every action, intervening on risky ones, and showing you what happened both live and in retrospect.
11
+ Node9 sits between your AI agent and the tools it can use — **discover** what it's already been doing, **protect** against risky actions in real time, and **review** what happened over any time window.
12
12
 
13
13
  Works with **Claude Code · Codex CLI · Gemini CLI · Cursor · Windsurf · any MCP server**.
14
14
 
15
15
  ## What Node9 does
16
16
 
17
- - 🛡 **Review or block** risky commands before they run `rm -rf`, `git push --force`, `DROP TABLE`, credential reads, `curl | bash`
18
- - 🔍 **Scan** what your AI has already been doingloops, leaked secrets, blocked operations across every session
19
- - 🔑 **Catch credential leaks** — AWS keys, GitHub tokens, JWTs, GCP API keys, PEM private keys flagged in tool args, file contents, and shell config
20
- - 🔭 **Map your blast radius** — every SSH key, AWS credential, and `.env` file an AI agent on this machine could reach right now
17
+ - 🔍 **Discover** scan every past AI session for credential leaks, agent loops, blocked operations, and every secret on disk an agent could reach right now
18
+ - 🛡 **Protect** review or block risky commands before they run `rm -rf`, `git push --force`, `DROP TABLE`, credential reads, `curl | bash`, AWS/GitHub/Stripe key leaks
19
+ - 📊 **Review** — period-windowed report (today / week / month / 90 days) cost per agent, top tools, shields fired, blast radius
20
+
21
+ ## Retrospective scan
22
+
23
+ This is my own machine — 90 days while building Node9. Score 25/100, 5 credential files an AI agent could reach right now.
24
+
25
+ ```bash
26
+ npx node9-ai scan # before installation, runs in ~10s, nothing uploads
27
+ node9 scan # after installation, same output
28
+ ```
29
+
30
+ <p align="center">
31
+ <img src="https://github.com/user-attachments/assets/7c5b30f1-1ca1-40b4-bfd5-d6671002e98e" width="720" alt="Node9 scan scorecard" />
32
+ </p>
21
33
 
22
34
  ## Live monitoring
23
35
 
24
36
  <p align="center">
25
- <img src="https://github.com/user-attachments/assets/997b7b42-b251-4046-b9c5-e000f8b5a481" width="720" alt="Node9 monitor dashboard" />
37
+ <img src="https://github.com/user-attachments/assets/4661da97-c174-4bae-ae54-4c52a1d69213" width="720" alt="Node9 monitor dashboard" />
26
38
  </p>
27
39
 
28
40
  `node9 monitor` opens an interactive terminal dashboard with two views:
@@ -30,31 +42,18 @@ Works with **Claude Code · Codex CLI · Gemini CLI · Cursor · Windsurf · any
30
42
  - **`[1]` Realtime** — live activity, approvals, security alerts, current risk score
31
43
  - **`[2]` Report** — period-windowed summary: cost, top tools, shields fired, blast radius
32
44
 
33
- ## Retrospective scan
45
+ ## Report
34
46
 
35
- This is my own machine 30 days while building Node9. Score 25/100, 5 credential files an AI agent could reach right now.
47
+ Press `[2]` in monitor for a period-windowed summary. Toggle the window with `[T]oday` · `[W]eek` · `[M]onth` · `[N]inety` same panels as the scan above, driven by your post-install audit log.
36
48
 
37
49
  <p align="center">
38
- <img src="https://github.com/user-attachments/assets/bc165779-4200-438d-967a-20d42bbfe69e" width="720" alt="Node9 scan scorecard" />
50
+ <img src="https://github.com/user-attachments/assets/66c02a72-e477-443d-807f-d65a21d096cd" width="720" alt="Node9 monitor [2] Report" />
39
51
  </p>
40
52
 
53
+ ```bash
54
+ node9 monitor # press [2] for Report view
55
+ node9 report --period 7d # CLI form, no TUI
41
56
  ```
42
- 🛡 Node9 Scan · 21 sessions · 8,114 tool calls · Apr 6 – May 1, 2026
43
-
44
- Security Score: 25/100 · Critical
45
- $3,789 AI spend · 62 risky operations
46
-
47
- 🔑 14 credential leak (Bearer Token ×4, GCP API Key ×4, JWT ×2)
48
- 🛑 15 would have blocked (force-push ×5, read-ssh ×4, read-aws ×4)
49
- 🔁 193 agent loops (18% wasted · ~$6.51)
50
- 👁 33 flagged for review (git-destructive ×19, rm ×9, sudo ×2)
51
-
52
- 🔭 Blast radius ssh × gcp × npm × other (5 exposures)
53
-
54
- → npx node9-ai scan run this on your machine
55
- ```
56
-
57
- Run it on yours — `npx node9-ai scan` finishes in ~10 seconds and runs entirely local. Nothing uploads.
58
57
 
59
58
  ## Install
60
59
 
@@ -141,17 +140,17 @@ node9 mcp pin reset # clear all pins
141
140
 
142
141
  </details>
143
142
 
144
- ## Observability — five views
145
-
146
- | Command | What it shows | When to use |
147
- | ---------------- | --------------------------------------------------------- | ----------------------------------------- |
148
- | `node9 blast` | What an AI agent can reach right now — files, creds, env | First thing to run on any machine |
149
- | `node9 scan` | Retrospective audit of existing agent history | Before installing, or to review past risk |
150
- | `node9 tail` | Live stream of every tool call | Watching an agent work in real time |
151
- | `node9 report` | Per-period summary: allowed/blocked/DLP/cost + top tools | Reviewing what happened after a session |
152
- | `node9 sessions` | Session history with prompt, tool trace, cost, snapshot | Reviewing a handoff or past work |
153
- | `node9 dlp` | Credential-leak findings in Claude response text | Any time a DLP desktop alert fires |
154
- | `node9 mask` | Redact plaintext secrets from local session history files | After a DLP finding — cleans local disk |
143
+ ## Other commands
144
+
145
+ Beyond the three flow commands above (`scan` / `monitor` / `report`):
146
+
147
+ | Command | What it shows | When to use |
148
+ | ---------------- | --------------------------------------------------------- | --------------------------------------- |
149
+ | `node9 blast` | What an AI agent can reach right now — files, creds, env | First thing to run on any machine |
150
+ | `node9 tail` | Live stream of every tool call (text-only, no TUI) | Piping into other tools, CI, logs |
151
+ | `node9 sessions` | Session history with prompt, tool trace, cost, snapshot | Reviewing a handoff or past work |
152
+ | `node9 dlp` | Credential-leak findings in Claude response text | Any time a DLP desktop alert fires |
153
+ | `node9 mask` | Redact plaintext secrets from local session history files | After a DLP finding — cleans local disk |
155
154
 
156
155
  Plus a **live HUD** in your Claude Code statusline:
157
156
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "node9-ai",
3
- "version": "1.20.1",
3
+ "version": "1.21.1",
4
4
  "description": "Security layer for AI coding agents — intercepts dangerous tool calls before they execute",
5
5
  "keywords": [
6
6
  "ai",
@@ -25,7 +25,7 @@
25
25
  "node9-ai": "bin/node9.js"
26
26
  },
27
27
  "dependencies": {
28
- "@node9/proxy": "1.20.1"
28
+ "@node9/proxy": "1.21.1"
29
29
  },
30
30
  "type": "module",
31
31
  "engines": {