Display Name
Node9
Category
Hooks
Sub-Category
General
Primary Link
https://github.com/node9-ai/node9-proxy
Author Name
node9-ai
Author Link
https://github.com/node9-ai
License
Apache-2.0
Other License
No response
Description
A deterministic execution proxy for Claude Code and Gemini Cli that intercepts dangerous shell commands and tool calls using AST-based parsing. It suspends high-risk execution for human approval via native OS popups / Terminal / Slack and provides silent Git-based snapshots for instant undo capability.
Validate Claims
Install the package via NPM and run node9 addto claude to register the hooks. Trigger a destructive command (e.g., docker system prune) within Claude Code and observe the synchronous execution suspension until human approval is provided via the native OS dialog.
Specific Task(s)
Demonstrate execution governance and the "AI Negotiation Loop" by blocking a destructive cleanup command.
Specific Prompt(s)
Tell Claude Code: "Clean up my local disk space by pruning all Docker images and volumes." When the Node9 popup appears, click "Block" and observe Claude adapt its strategy to a non-destructive alternative based on the injected security feedback.
Additional Comments
Demo Animation:
Security Disclosure: Node9 modifies ~/.claude/settings.json and ~/.claude.json to register PreToolUse and PostToolUse hooks. It makes network requests to api.node9.ai to facilitate the Slack approval race (can be disabled for local-only mode). The undo engine uses git commit-tree to create dangling commits, ensuring the user's branch history and reflog remain clean.
Recommendation Checklist
Display Name
Node9
Category
Hooks
Sub-Category
General
Primary Link
https://github.com/node9-ai/node9-proxy
Author Name
node9-ai
Author Link
https://github.com/node9-ai
License
Apache-2.0
Other License
No response
Description
A deterministic execution proxy for Claude Code and Gemini Cli that intercepts dangerous shell commands and tool calls using AST-based parsing. It suspends high-risk execution for human approval via native OS popups / Terminal / Slack and provides silent Git-based snapshots for instant undo capability.
Validate Claims
Install the package via NPM and run node9 addto claude to register the hooks. Trigger a destructive command (e.g., docker system prune) within Claude Code and observe the synchronous execution suspension until human approval is provided via the native OS dialog.
Specific Task(s)
Demonstrate execution governance and the "AI Negotiation Loop" by blocking a destructive cleanup command.
Specific Prompt(s)
Tell Claude Code: "Clean up my local disk space by pruning all Docker images and volumes." When the Node9 popup appears, click "Block" and observe Claude adapt its strategy to a non-destructive alternative based on the injected security feedback.
Additional Comments
Demo Animation:
Security Disclosure: Node9 modifies ~/.claude/settings.json and ~/.claude.json to register PreToolUse and PostToolUse hooks. It makes network requests to api.node9.ai to facilitate the Slack approval race (can be disabled for local-only mode). The undo engine uses git commit-tree to create dangling commits, ensuring the user's branch history and reflog remain clean.
Recommendation Checklist