node9-ai 1.41.0 → 1.43.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -0
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -141,6 +141,23 @@ node9 shield list # show all shields + status
|
|
|
141
141
|
- **Auto-undo** — git snapshot before every AI file edit → `node9 undo` to revert
|
|
142
142
|
- **Skills pinning** — SHA-256 verification of installed Claude skills / plugins between sessions
|
|
143
143
|
|
|
144
|
+
## Review prompts — approve inline, in your agent
|
|
145
|
+
|
|
146
|
+
When node9 flags an action for **review** (e.g. `git push --force`, a `DROP TABLE`), the approve/deny prompt renders **inline in the agent conversation** — no frozen session, no separate terminal, no hook-timeout race. node9 still runs the full evaluator and makes the decision; only the prompt _surface_ moves to the agent.
|
|
147
|
+
|
|
148
|
+
- **On by default** for **Claude Code** and **GitHub Copilot CLI** — the agents whose hook contract honors a native `ask`. Every other agent (Codex, Gemini, Antigravity, Hermes, Cursor, OpenCode, Pi) uses node9's own approver.
|
|
149
|
+
- **Control it** with `reviewChannel` in `~/.node9/config.json` (or `--no-ask` on the hook):
|
|
150
|
+
|
|
151
|
+
```jsonc
|
|
152
|
+
{
|
|
153
|
+
"settings": {
|
|
154
|
+
"reviewChannel": "ask", // "ask" = inline agent prompt (default) | "approver" = node9's own approver
|
|
155
|
+
},
|
|
156
|
+
}
|
|
157
|
+
```
|
|
158
|
+
|
|
159
|
+
- **Team setups:** when a cloud/team approver is configured (`approvers.cloud: true`), reviews route to that approver instead — node9 won't let an inline self-approval bypass routed/second-party approval.
|
|
160
|
+
|
|
144
161
|
## Sandbox — run an agent in a jail
|
|
145
162
|
|
|
146
163
|
When watching isn't enough, **`node9 sandbox`** runs the agent inside a disposable container with a **kernel-enforced egress allowlist** and **scoped mounts** — while node9's hooks govern and audit every tool call _inside_ the box. The hard version of protection: the agent can only touch the folder you mount and reach the hosts you allow; everything else is dropped at the kernel.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "node9-ai",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.43.0",
|
|
4
4
|
"description": "Security layer for AI coding agents — intercepts dangerous tool calls before they execute",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"ai",
|
|
@@ -25,7 +25,7 @@
|
|
|
25
25
|
"node9-ai": "bin/node9.js"
|
|
26
26
|
},
|
|
27
27
|
"dependencies": {
|
|
28
|
-
"@node9/proxy": "1.
|
|
28
|
+
"@node9/proxy": "1.43.0"
|
|
29
29
|
},
|
|
30
30
|
"type": "module",
|
|
31
31
|
"engines": {
|