fix: merge latest dev updates into main#15
Merged
nadav-node9 merged 41 commits intomainfrom Mar 14, 2026
Merged
Conversation
…tcut labels - Show actual matched rule/word in blocked label (e.g. rule "rm", dangerous word "drop") - Add ↵/⎋ shortcut symbols to Allow/Block button labels on macOS and Linux - Compact popup message layout to reduce window height - Remove hardcoded zenity height so dialog auto-sizes to content - Minor README and cli.ts formatting cleanup Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…g merge Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Use @node9/proxy import instead of relative src path - Add comment explaining CLI proxy vs SDK protect() use cases - Clarify error message: "blocked" instead of "caught" Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove unknown "version" field (not in Config schema) - Fix duplicate mcp__github__* key in toolInspection (invalid JSON) - Restore missing dangerousWords defaults (format, truncate, docker, psql) - Remove overly aggressive git/push block-all rules - Add environments section showing production/development config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Previously the active environment was read from NODE_ENV only, which
nobody sets before running an AI CLI tool. Now you can set it directly
in node9.config.json:
{ "settings": { "environment": "production" } }
Priority: config.settings.environment > NODE_ENV > "development"
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…shboard only Slack channel config belongs in the workspace dashboard (admin-controlled), not in local config files (dev-controlled). Removes the override path entirely. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ion messages - node9 setup: alias for addto (fixes routing bug where "setup" fell through to runProxy) - node9 doctor: health check command verifying binary, config, hooks, daemon, and credentials - node9 explain: waterfall + step-by-step policy trace showing exactly why a tool call is allowed or blocked - node9 undo: snapshot stack with --steps flag, diff preview, and metadata (tool name, timestamp, cwd) - Smart SQL check: DELETE/UPDATE without WHERE clause flagged as dangerous; scoped mutations allowed - Context-specific negotiation messages: AI gets actionable instructions based on why it was blocked (dangerous word, sandbox, SQL safety, strict mode, human rejection) - New tests: doctor.test.ts (14 integration tests) and undo.test.ts (22 unit tests) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The doctor.test.ts integration tests spawn the built CLI binary. The test job previously ran before the build job, causing MODULE_NOT_FOUND errors. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
node9 not being on PATH is not a hard failure — if the user is running "node9 doctor" the binary clearly exists. The check is really about whether agent hooks can find it. This also fixes CI where node9 is not globally installed but the integration tests still need to pass. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Documents node9 setup, doctor, and explain in Quick Start and a new CLI Reference table. Includes sample doctor and explain output. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When settings.approvalTimeoutMs > 0, a timeout racer is added to the multi-channel race. If no human approves or denies within the window, the action is auto-denied with reason "Approval Timeout". The timeout is cleanly cancelled via AbortSignal if a human responds first. Default is 0 (disabled) — added to DEFAULT_CONFIG and generated by node9 init so users can configure it in ~/.node9/config.json. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Reads ~/.node9/audit.log (NDJSON) and prints a formatted table of recent decisions. Supports --tail N, --tool <substring>, --deny, and --json flags. Normalizes legacy "allowed"/"denied" decision values. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds a SmartRule/SmartCondition system to the policy engine that evaluates raw tool args before tokenization, supporting 6 operators (matches, notMatches, contains, notContains, exists, notExists) with dot-notation field paths and regex flags. - 'block' verdict hard-denies without showing the approval prompt - 'review' verdict flows to the race engine as before - 'allow' verdict short-circuits all further checks - Whitespace normalization on field values so regex rules are robust - Additive merge in getConfig() — user smartRules append to defaults - explainPolicy shows smart rules as a named waterfall step - Removes hardcoded checkDangerousSql() call — replaced by default smart rule "no-delete-without-where" in DEFAULT_CONFIG Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Expands the Configuration section with a settings reference table, smart rules reference (fields, operators, examples, built-in default), and approvalTimeoutMs. Updates the config example to show rules and smartRules alongside existing policy fields. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Unit tests for evaluateSmartConditions: - all 6 operators (matches, notMatches, contains, notContains, exists, notExists) - conditionMode all/any - dot-notation nested field paths - whitespace normalization - invalid regex safety (no throw) - null/non-object args guard Integration tests for evaluatePolicy: - default SQL WHERE rule (DELETE/UPDATE without WHERE → review) - custom block verdict - custom allow verdict short-circuiting dangerous words - glob tool pattern matching - non-matching tool does not trigger rule - user smartRules append to defaults (both active) authorizeHeadless hard-block: - block verdict bypasses race engine, returns approved:false directly Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
nadav-node9
pushed a commit
that referenced
this pull request
Mar 14, 2026
## [1.0.6](v1.0.5...v1.0.6) (2026-03-14) ### Bug Fixes * merge latest dev updates into main ([#15](#15)) ([d87bc62](d87bc62))
Contributor
Author
|
🎉 This PR is included in version 1.0.6 🎉 The release is available on: Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Auto-generated PR
Merge latest
devchanges intomainto trigger a release.