node9 1.1.1__tar.gz → 1.1.2__tar.gz

{node9-1.1.1 → node9-1.1.2}/.github/workflows/ai-review.yml

@@ -3,6 +3,9 @@ name: AI Code Review
 on:
   pull_request:
     branches: [main]
+    paths-ignore:
+      - '.github/workflows/ai-review.yml'
+      - 'scripts/ai-review.mjs'
 
 jobs:
   review:

{node9-1.1.1 → node9-1.1.2}/CHANGELOG.md

@@ -2,6 +2,14 @@
 
 <!-- version list -->
 
+## v1.1.2 (2026-04-04)
+
+### Bug Fixes
+
+- Merge latest dev updates into main ([#3](https://github.com/node9-ai/node9-python/pull/3),
+  [`f5659b0`](https://github.com/node9-ai/node9-python/commit/f5659b0eca4182afdcf58070b0ec4c1ffccccc09))
+
+
 ## v1.1.1 (2026-03-17)
 
 ### Bug Fixes

{node9-1.1.1 → node9-1.1.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: node9
-Version: 1.1.1
+Version: 1.1.2
 Summary: Execution security for Python AI agents — seatbelt for LangChain, CrewAI, and plain Python.
 Project-URL: Homepage, https://node9.ai
 Project-URL: Repository, https://github.com/node9-ai/node9-python

{node9-1.1.1 → node9-1.1.2}/node9/__init__.py

@@ -1,20 +1,10 @@
 """
 node9 — Execution security for Python AI agents.
-
-Quick start:
-    from node9 import protect
-
-    @protect("write_file")
-    def write_file(path: str, content: str):
-        ...
-
-    @protect("bash")
-    def run_shell(cmd: str):
-        ...
+Bundled version with CI cloud routing support (NODE9_API_KEY).
 """
 
 from ._decorator import protect
 from ._exceptions import ActionDeniedException, DaemonNotFoundError
 
 __all__ = ["protect", "ActionDeniedException", "DaemonNotFoundError"]
-__version__ = "0.1.0"
+__version__ = "0.1.1"

node9-1.1.2/node9/_client.py

@@ -0,0 +1,244 @@
+"""
+Thin HTTP client — talks to the local Node9 daemon on localhost:7391.
+
+Flow:
+  POST /check  → { id }                      registers the action
+  GET  /wait/:id → { decision, reason? }     blocks until approved / denied
+"""
+
+import json
+import os
+import platform
+import re
+import shutil
+import subprocess
+import time
+import http.client
+import urllib.error
+import urllib.request
+from typing import Any
+
+from ._config import DAEMON_PORT
+from ._exceptions import ActionDeniedException, DaemonNotFoundError
+
+_DAEMON_BASE = f"http://127.0.0.1:{DAEMON_PORT}"
+# The daemon auto-denies after ~55s; we wait slightly longer to get that response.
+_CHECK_TIMEOUT = 5      # seconds to establish connection
+_WAIT_TIMEOUT = 65      # seconds to wait for human decision
+
+_CI_CONTEXT_MAX_BYTES = 10_000
+_CI_CONTEXT_ALLOWED_KEYS = {
+    "tests_after", "files_changed", "issues_found", "issues_fixed",
+    "github_repository", "github_head_ref", "iteration",
+    "draft_pr_number", "draft_pr_url",
+}
+_REQUEST_ID_RE = re.compile(r'^[a-zA-Z0-9_\-]{1,128}$')
+
+
+def _daemon_reachable() -> bool:
+    try:
+        req = urllib.request.Request(f"{_DAEMON_BASE}/settings", method="GET")
+        with urllib.request.urlopen(req, timeout=1.0):
+            return True
+    except urllib.error.URLError:
+        return False
+
+
+def _auto_start_daemon() -> None:
+    """Opt-in: start the daemon in the background when NODE9_AUTO_START=1."""
+    if shutil.which("node9"):
+        cmd = ["node9", "daemon"]
+    elif shutil.which("npx"):
+        cmd = ["npx", "@node9/proxy", "daemon"]
+    else:
+        raise DaemonNotFoundError(DAEMON_PORT)
+    subprocess.Popen(
+        cmd,
+        stdout=subprocess.DEVNULL,
+        stderr=subprocess.DEVNULL,
+    )
+    for _ in range(10):
+        time.sleep(0.5)
+        if _daemon_reachable():
+            return
+    raise DaemonNotFoundError(DAEMON_PORT)
+
+
+def _post(path: str, payload: dict) -> dict:
+    # default=str: safely serialize non-JSON-native objects (loggers, datetimes, etc.)
+    data = json.dumps(payload, default=str).encode()
+    req = urllib.request.Request(
+        f"{_DAEMON_BASE}{path}",
+        data=data,
+        headers={"Content-Type": "application/json"},
+        method="POST",
+    )
+    try:
+        with urllib.request.urlopen(req, timeout=_CHECK_TIMEOUT) as resp:
+            return json.loads(resp.read())
+    except urllib.error.URLError:
+        raise DaemonNotFoundError(DAEMON_PORT)
+
+
+def _get(path: str) -> dict:
+    req = urllib.request.Request(f"{_DAEMON_BASE}{path}", method="GET")
+    try:
+        with urllib.request.urlopen(req, timeout=_WAIT_TIMEOUT) as resp:
+            return json.loads(resp.read())
+    except (urllib.error.URLError, http.client.HTTPException):
+        # URLError = timeout / connection error
+        # HTTPException (incl. RemoteDisconnected) = daemon closed connection → treat as deny
+        return {"decision": "deny", "reason": "Node9 daemon connection timed out or closed."}
+
+
+def _read_ci_context() -> dict | None:
+    """Read ~/.node9/ci-context.json if present (written by the CI agent before git push).
+    Size-capped and key-allowlisted so an attacker-controlled file cannot poison the payload."""
+    ci_context_path = os.path.join(os.path.expanduser("~"), ".node9", "ci-context.json")
+    try:
+        with open(ci_context_path, "rb") as f:
+            raw_bytes = f.read(_CI_CONTEXT_MAX_BYTES + 1)
+        if len(raw_bytes) > _CI_CONTEXT_MAX_BYTES:
+            return None
+        raw = json.loads(raw_bytes)
+        if not isinstance(raw, dict):
+            return None
+        return {k: v for k, v in raw.items() if k in _CI_CONTEXT_ALLOWED_KEYS}
+    except (OSError, json.JSONDecodeError, ValueError):
+        return None
+
+
+def _evaluate_cloud(tool_name: str, args: dict[str, Any]) -> None:
+    """
+    Cloud routing: POST directly to node9 SaaS when NODE9_API_KEY is set.
+    Used in CI environments where the local daemon is not running.
+    """
+    api_key = os.environ.get("NODE9_API_KEY", "")
+    if not api_key:
+        raise RuntimeError("[Node9] NODE9_API_KEY is set but empty — cannot authenticate.")
+
+    api_url = os.environ.get("NODE9_API_URL", "https://api.node9.ai/api/v1/intercept").rstrip("/")
+
+    if not api_url.startswith("https://"):
+        raise RuntimeError(
+            f"[Node9] NODE9_API_URL must use HTTPS to protect credentials (got: {api_url!r})"
+        )
+
+    payload: dict = {
+        "toolName": tool_name,
+        "args": args,
+        "context": {
+            "agent": "Python SDK",
+            "hostname": platform.node(),
+            "platform": platform.system().lower(),
+            "cwd": os.getcwd(),
+        },
+    }
+
+    ci_context = _read_ci_context()
+    if ci_context:
+        payload["ciContext"] = ci_context
+
+    data = json.dumps(payload, default=str).encode()
+    req = urllib.request.Request(
+        api_url,
+        data=data,
+        headers={
+            "Content-Type": "application/json",
+            "Authorization": f"Bearer {api_key}",
+        },
+        method="POST",
+    )
+    try:
+        with urllib.request.urlopen(req, timeout=_CHECK_TIMEOUT) as resp:
+            result = json.loads(resp.read())
+    except urllib.error.HTTPError as e:
+        body = ""
+        try:
+            body = e.read().decode("utf-8", errors="replace")[:500]
+        except Exception:
+            pass
+        raise RuntimeError(
+            f"[Node9] SaaS returned HTTP {e.code} {e.reason} — body: {body}"
+        ) from e
+    except urllib.error.URLError as e:
+        raise RuntimeError(f"[Node9] Failed to reach node9 SaaS: {e}") from e
+
+    if result.get("approved"):
+        return
+
+    if not result.get("pending"):
+        reason = result.get("reason", "Denied by Node9 policy")
+        raise ActionDeniedException(tool_name, reason)
+
+    request_id = result.get("requestId")
+    if not request_id:
+        raise RuntimeError(f"[Node9] Unexpected SaaS response: {result}")
+    if not _REQUEST_ID_RE.match(str(request_id)):
+        raise RuntimeError(f"[Node9] Invalid requestId format: {request_id!r}")
+
+    print(f"🛡️  Node9: waiting for approval of '{tool_name}'...", flush=True)
+
+    poll_timeout = max(30, min(3600, int(os.environ.get("NODE9_CLOUD_TIMEOUT", "600"))))
+    status_url = f"{api_url}/status/{request_id}"
+    poll_deadline = time.time() + poll_timeout
+
+    while time.time() < poll_deadline:
+        time.sleep(1)
+        try:
+            poll_req = urllib.request.Request(
+                status_url,
+                headers={"Authorization": f"Bearer {api_key}"},
+                method="GET",
+            )
+            with urllib.request.urlopen(poll_req, timeout=5) as resp:
+                status_result = json.loads(resp.read())
+        except urllib.error.HTTPError as e:
+            if e.code in (401, 403):
+                raise RuntimeError(
+                    f"[Node9] Authentication failed during polling (HTTP {e.code}) — check NODE9_API_KEY."
+                ) from e
+            continue
+        except (urllib.error.URLError, http.client.HTTPException):
+            continue
+
+        status = status_result.get("status", "").upper()
+        if status == "APPROVED":
+            return
+        if status in ("DENIED", "AUTO_BLOCKED", "TIMED_OUT", "FIX"):
+            reason = status_result.get("reason", "Denied by Node9 policy")
+            raise ActionDeniedException(tool_name, reason)
+
+    raise ActionDeniedException(tool_name, f"Cloud approval timed out after {poll_timeout}s.")
+
+
+def evaluate(tool_name: str, args: dict[str, Any]) -> None:
+    """
+    Sends the action to the daemon and blocks until a decision is made.
+    Raises ActionDeniedException if the action is denied.
+    Does nothing if NODE9_SKIP=1 is set (unsafe bypass for testing).
+    Set NODE9_AUTO_START=1 to automatically launch the daemon if it's not running.
+    When NODE9_API_KEY is set, routes directly to node9 SaaS (no local daemon needed).
+    """
+    if os.environ.get("NODE9_SKIP") == "1":
+        return
+
+    if os.environ.get("NODE9_API_KEY"):
+        _evaluate_cloud(tool_name, args)
+        return
+
+    if os.environ.get("NODE9_AUTO_START") == "1" and not _daemon_reachable():
+        _auto_start_daemon()
+
+    result = _post("/check", {"toolName": tool_name, "args": args, "cwd": os.getcwd(), "agent": "Python SDK"})
+    request_id = result.get("id")
+    if not request_id:
+        raise RuntimeError(f"[Node9] Unexpected daemon response: {result}")
+
+    print(f"🛡️  Node9: waiting for approval of '{tool_name}'...", flush=True)
+    decision_result = _get(f"/wait/{request_id}")
+    decision = decision_result.get("decision", "deny")
+
+    if decision != "allow":
+        reason = decision_result.get("reason", "Denied by Node9 policy")
+        raise ActionDeniedException(tool_name, reason)

{node9-1.1.1 → node9-1.1.2}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "node9"
-version = "1.1.1"
+version = "1.1.2"
 description = "Execution security for Python AI agents — seatbelt for LangChain, CrewAI, and plain Python."
 readme = "README.md"
 license = { text = "Apache-2.0" }

node9-1.1.1/node9/_client.py

@@ -1,108 +0,0 @@
-"""
-Thin HTTP client — talks to the local Node9 daemon on localhost:7391.
-
-Flow:
-  POST /check  → { id }                      registers the action
-  GET  /wait/:id → { decision, reason? }     blocks until approved / denied
-"""
-
-import json
-import os
-import shutil
-import subprocess
-import time
-import http.client
-import urllib.error
-import urllib.request
-from typing import Any
-
-from ._config import DAEMON_PORT
-from ._exceptions import ActionDeniedException, DaemonNotFoundError
-
-_DAEMON_BASE = f"http://127.0.0.1:{DAEMON_PORT}"
-# The daemon auto-denies after ~55s; we wait slightly longer to get that response.
-_CHECK_TIMEOUT = 5      # seconds to establish connection
-_WAIT_TIMEOUT = 65      # seconds to wait for human decision
-
-
-def _daemon_reachable() -> bool:
-    try:
-        req = urllib.request.Request(f"{_DAEMON_BASE}/settings", method="GET")
-        with urllib.request.urlopen(req, timeout=1.0):
-            return True
-    except urllib.error.URLError:
-        return False
-
-
-def _auto_start_daemon() -> None:
-    """Opt-in: start the daemon in the background when NODE9_AUTO_START=1."""
-    if shutil.which("node9"):
-        cmd = ["node9", "daemon"]
-    elif shutil.which("npx"):
-        cmd = ["npx", "@node9/proxy", "daemon"]
-    else:
-        raise DaemonNotFoundError(DAEMON_PORT)
-    subprocess.Popen(
-        cmd,
-        stdout=subprocess.DEVNULL,
-        stderr=subprocess.DEVNULL,
-    )
-    for _ in range(10):
-        time.sleep(0.5)
-        if _daemon_reachable():
-            return
-    raise DaemonNotFoundError(DAEMON_PORT)
-
-
-def _post(path: str, payload: dict) -> dict:
-    # default=str: safely serialize non-JSON-native objects (loggers, datetimes, etc.)
-    data = json.dumps(payload, default=str).encode()
-    req = urllib.request.Request(
-        f"{_DAEMON_BASE}{path}",
-        data=data,
-        headers={"Content-Type": "application/json"},
-        method="POST",
-    )
-    try:
-        with urllib.request.urlopen(req, timeout=_CHECK_TIMEOUT) as resp:
-            return json.loads(resp.read())
-    except urllib.error.URLError:
-        raise DaemonNotFoundError(DAEMON_PORT)
-
-
-def _get(path: str) -> dict:
-    req = urllib.request.Request(f"{_DAEMON_BASE}{path}", method="GET")
-    try:
-        with urllib.request.urlopen(req, timeout=_WAIT_TIMEOUT) as resp:
-            return json.loads(resp.read())
-    except (urllib.error.URLError, http.client.HTTPException):
-        # URLError = timeout / connection error
-        # HTTPException (incl. RemoteDisconnected) = daemon closed connection → treat as deny
-        return {"decision": "deny", "reason": "Node9 daemon connection timed out or closed."}
-
-
-def evaluate(tool_name: str, args: dict[str, Any]) -> None:
-    """
-    Sends the action to the daemon and blocks until a decision is made.
-    Raises ActionDeniedException if the action is denied.
-    Does nothing if NODE9_SKIP=1 is set (unsafe bypass for testing).
-    Set NODE9_AUTO_START=1 to automatically launch the daemon if it's not running.
-    """
-    if os.environ.get("NODE9_SKIP") == "1":
-        return
-
-    if os.environ.get("NODE9_AUTO_START") == "1" and not _daemon_reachable():
-        _auto_start_daemon()
-
-    result = _post("/check", {"toolName": tool_name, "args": args, "cwd": os.getcwd(), "agent": "Python SDK"})
-    request_id = result.get("id")
-    if not request_id:
-        raise RuntimeError(f"[Node9] Unexpected daemon response: {result}")
-
-    print(f"🛡️  Node9: waiting for approval of '{tool_name}'...", flush=True)
-    decision_result = _get(f"/wait/{request_id}")
-    decision = decision_result.get("decision", "deny")
-
-    if decision != "allow":
-        reason = decision_result.get("reason", "Denied by Node9 policy")
-        raise ActionDeniedException(tool_name, reason)