{"id":"node9-ai-node9-proxy","name":"node9-proxy","af_score":53.5,"security_score":66.5,"reliability_score":35.0,"what_it_does":"@node9/proxy (Node9) is an execution security layer for agentic AI tools. It intercepts potentially dangerous shell/file/DB actions and MCP tool calls before execution, performs DLP scanning for secrets, routes high-risk actions through a human-in-the-loop approval “race engine” (native popup/browser/terminal/Slack), and can snapshot/undo file edits via shadow Git snapshots. It also supports an MCP Gateway as a transparent stdio proxy between AI clients and MCP servers.","best_when":"You run developer productivity agents that can execute commands/tools and you want deterministic guardrails (block/review/allow) plus audit trails and undo for filesystem changes.","avoid_when":"You cannot monitor/approve interactive prompts and/or need non-interactive CI/CD execution without guardrails causing interruptions.","last_evaluated":"2026-03-30T13:47:30.598516+00:00","has_mcp":true,"has_api":false,"auth_methods":["CLI-driven interception/approval flow (no specific auth mechanism described in README)","Optional human approval via Slack noted (auth/scopes not described)"],"has_free_tier":false,"known_gotchas":["Tool-call argument inspection may miss secrets not matching configured patterns (pattern-based DLP).","“Supply-chain warning” exists for .mcp.json upstream commands; using untrusted repo configs can cause unintended upstream execution even though Node9 provides a proxy/policy layer.","Approval prompts can interrupt agent workflows; agents should handle block/review responses and negotiate alternatives.","The MCP gateway intercepts tool calls, but correctness depends on accurate mapping of MCP tool names to protected actions (configuration/rules).","Shadow snapshot/undo helps with filesystem edits, but may not fully cover non-file side effects (e.g., external system changes) unless those are also intercepted/blocked."],"error_quality":0.0}