{"id":47239102,"url":"https://github.com/node9-ai/node9-proxy","last_synced_at":"2026-04-11T18:11:56.718Z","repository":{"id":341237424,"uuid":"1168844155","full_name":"node9-ai/node9-proxy","owner":"node9-ai","description":"The Execution Security Layer for the Agentic Era. Providing deterministic \"Sudo\" governance and audit logs for autonomous AI agents.","archived":false,"fork":false,"pushed_at":"2026-04-09T18:40:10.000Z","size":2193,"stargazers_count":111,"open_issues_count":0,"forks_count":11,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-09T19:37:10.849Z","etag":null,"topics":["ai-safety","ai-security","claude-code","gemini","gemini-cli","llm","llm-agent","mcp-server"],"latest_commit_sha":null,"homepage":"https://node9.ai/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/node9-ai.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-27T21:32:52.000Z","updated_at":"2026-04-09T18:40:13.000Z","dependencies_parsed_at":"2026-03-08T16:04:23.662Z","dependency_job_id":null,"html_url":"https://github.com/node9-ai/node9-proxy","commit_stats":null,"previous_names":["node9-ai/node9-proxy"],"tags_count":48,"template":false,"template_full_name":null,"purl":"pkg:github/node9-ai/node9-proxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node9-ai%2Fnode9-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node9-ai%2Fnode9-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node9-ai%2Fnode9-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node9-ai%2Fnode9-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/node9-ai","download_url":"https://codeload.github.com/node9-ai/node9-proxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node9-ai%2Fnode9-proxy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31686262,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-11T13:07:20.380Z","status":"ssl_error","status_checked_at":"2026-04-11T13:06:47.903Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-safety","ai-security","claude-code","gemini","gemini-cli","llm","llm-agent","mcp-server"],"created_at":"2026-03-14T00:51:39.527Z","updated_at":"2026-04-11T18:11:56.706Z","avatar_url":"https://github.com/node9-ai.png","language":"TypeScript","readme":"# 🛡️ Node9 Proxy\n\n### The \"Sudo\" Command for AI Agents.\n\n[![NPM Version](https://img.shields.io/npm/v/@node9/proxy.svg)](https://www.npmjs.com/package/@node9/proxy)\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)\n[![Open in HF Spaces](https://huggingface.co/datasets/huggingface/badges/resolve/main/open-in-hf-spaces-sm.svg)](https://huggingface.co/spaces/Node9ai/node9-security-demo)\n[![Documentation](https://img.shields.io/badge/docs-node9.ai%2Fdocs-blue)](https://node9.ai/docs)\n\n**Node9** sits between your AI agent and your system. Every shell command, file write, and tool call passes through Node9 first — blocked, approved, or logged based on your policy. Works with Claude Code, Gemini CLI, Cursor, Codex, and any MCP server.\n\n📖 **[Full Documentation →](https://node9.ai/docs)**\n\n---\n\n## The \"Aha!\" Moment\n\n**AIs are literal.** Ask an agent to \"fix disk space\" and it might run `docker system prune -af --volumes`.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/user-attachments/assets/7b22e0fb-35ff-4088-8ee9-cc23216f362f\" width=\"100%\"\u003e\n\u003c/p\u003e\n\nWith Node9:\n\n1. **AI attempts:** `Bash(\"docker system prune -af --volumes\")`\n2. **Node9 intercepts:** OS-native popup appears instantly\n3. **You block it** — one click\n4. **AI pivots:** _\"I'll remove large log files instead\"_\n\n---\n\n## Install\n\n```bash\n# macOS / Linux\nbrew tap node9-ai/node9 \u0026\u0026 brew install node9\n\n# or via npm\nnpm install -g @node9/proxy\n```\n\n```bash\nnode9 setup      # auto-detects Claude Code, Gemini CLI, Cursor, Codex\nnode9 doctor     # verify everything is wired correctly\n```\n\n---\n\n## Shields — one command per service\n\nEnable expert-crafted protection for the infrastructure your agent touches:\n\n```bash\nnode9 shield enable postgres   # blocks DROP TABLE, TRUNCATE, DROP COLUMN\nnode9 shield enable mongodb    # blocks dropDatabase, drop(), deleteMany({})\nnode9 shield enable redis      # blocks FLUSHALL, FLUSHDB\nnode9 shield enable aws        # blocks S3 delete, EC2 terminate, IAM changes\nnode9 shield enable k8s        # blocks namespace delete, helm uninstall\nnode9 shield enable docker     # blocks system prune, volume prune, rm -f\nnode9 shield enable github     # blocks gh repo delete, remote branch deletion\nnode9 shield enable bash-safe  # blocks curl|bash, base64|sh, rm -rf /\nnode9 shield enable filesystem # reviews chmod 777, writes to /etc/\n\nnode9 shield list              # see all shields and their status\n```\n\n---\n\n## MCP Gateway — protect any MCP server\n\nWrap any MCP server transparently. The AI sees the same server — Node9 intercepts every tool call:\n\n```json\n{\n  \"mcpServers\": {\n    \"postgres\": {\n      \"command\": \"node9\",\n      \"args\": [\"mcp\", \"--upstream\", \"npx -y @modelcontextprotocol/server-postgres postgresql://...\"]\n    }\n  }\n}\n```\n\nOr use `node9 setup` — it wraps existing MCP servers automatically.\n\n### MCP Tool Pinning — rug pull defense\n\nMCP servers can change their tool definitions between sessions. A compromised or malicious server could silently add, remove, or modify tools after initial trust — a **rug pull** attack.\n\nNode9 defends against this by **pinning** tool definitions on first use:\n\n1. **First connection** — the gateway records a SHA-256 hash of all tool definitions\n2. **Subsequent connections** — the hash is compared; if tools changed, the session is **quarantined** and all tool calls are blocked until a human reviews and approves the change\n3. **Corrupt pin state** — fails closed (blocks), never silently re-trusts\n\n```bash\nnode9 mcp pin list                # show all pinned servers and hashes\nnode9 mcp pin update \u003cserverKey\u003e  # remove pin, re-pin on next connection\nnode9 mcp pin reset               # clear all pins (re-pin on next connection)\n```\n\nThis is automatic — no configuration needed. The gateway pins on first `tools/list` and enforces on every subsequent session.\n\n---\n\n## Python SDK — govern any Python agent\n\n```python\nfrom node9 import configure\n\nconfigure(agent_name=\"my-agent\", policy=\"require_approval\")\n\n# Your existing agent code runs unchanged — Node9 intercepts tool calls\n```\n\n**[Python SDK →](https://github.com/node9-ai/node9-python)** · **[Governed Agent examples →](https://github.com/node9-ai/governed-agent)**\n\n---\n\n## What's always on (no config needed)\n\n- **Git:** blocks `git push --force`, `git reset --hard`, `git clean -fd`\n- **SQL:** blocks `DELETE`/`UPDATE` without `WHERE`, `DROP TABLE`, `TRUNCATE`\n- **Shell:** blocks `curl | bash`, `sudo` commands\n- **DLP:** blocks AWS keys, GitHub tokens, Stripe keys, PEM private keys in any tool call argument\n- **Auto-undo:** git snapshot before every AI file edit → `node9 undo` to revert\n\n---\n\n## 📖 Full docs\n\nEverything else — config reference, smart rules, stateful rules, trusted hosts, approval modes, CLI reference — is at **[node9.ai/docs](https://node9.ai/docs)**.\n\n---\n\n## Related\n\n- [node9-python](https://github.com/node9-ai/node9-python) — Python SDK\n- [governed-agent](https://github.com/node9-ai/governed-agent) — Reference governed agents (CI code review fixer)\n\n---\n\n## Enterprise\n\nNode9 Pro provides governance locking, SAML/SSO, and VPC deployment. Visit [node9.ai](https://node9.ai).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnode9-ai%2Fnode9-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnode9-ai%2Fnode9-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnode9-ai%2Fnode9-proxy/lists"}