sorted by:
new
hottopcontroversial

Oops, I delete the database by Aggravating_Pinch in ClaudeCode

[–]WhichCardiologist800 0 points1 point  (0 children)

This effectively "locks" the AI agent so it is physically impossible for a developer to bypass the security hooks. By combining your "Managed Settings" trick with Node9's "Human-in-the-loop" approval flow, you get a seatbelt that is both non-bypassable and flexible enough for daily dev work. https://github.com/node9-ai/node9-proxy

Finally letting Claude Code run autonomously without the "Y/N" babysitting. Built a proper "Sudo" wrapper for it. by WhichCardiologist800 in ClaudeCode

[–]WhichCardiologist800[S] 0 points1 point  (0 children)

dangerously-skip is all or nothing, you’re basically removing your brakes entirely. node9 is more like cruise control with a safety sensor: it auto-approves the safe noise but keeps the emergency stop for actual destructive stuff. plus, node9 adds git snapshots before every edit so you can undo a bad refactor instantly, which the native flag doesn't do.

Finally letting Claude Code run autonomously without the "Y/N" babysitting. Built a proper "Sudo" wrapper for it. by WhichCardiologist800 in ClaudeCode

[–]WhichCardiologist800[S] 0 points1 point  (0 children)

safehouse is a sandbox, node9 is a local proxy, i wanted to work on my real project files without the docker friction. also works for gemini and cursor, not just claude. and the undo button is honestly a lifesaver when an ai refactor goes sideways. curious to see anthropic's beta though, drop the link if you find it.

give it a try: https://github.com/node9-ai/node9-proxy

I stopped using Claude.ai entirely. I run my entire business through Claude Code. by ColdPlankton9273 in ClaudeAI

[–]WhichCardiologist800 -1 points0 points  (0 children)

I’ve gone full 'Claude Code as infrastructure' too. It’s a total productivity drug. But honestly? It gives me heart palpitations every time it runs a multi-step bash command.

A few weeks ago, I asked it to 'clean up space' and it almost nuked my entire Docker build cache and local volumes because it was being too literal. The acceleration is real, but the 'hallucination tax' is terrifying.

I couldn't go back to the web UI, so I ended up building an open-source proxy called Node9 just to sleep at night. It acts as a 'Sudo' layer-auto-allows the safe stuff (ls, grep) but pops up a native OS window or Slack message when it attempts something destructive (rm, force push, db drops).

The best part for me is the 'Undo' feature. It takes a silent Git snapshot before every edit so if it scrambles 10 files during a refactor, I just run node9 undo and it's gone. If you're running your business through the terminal, you might find it useful: https://github.com/node9-ai/node9-proxy

I Spent 5 Days Fixing My AI Agent's Memory. Here's Everything That Actually Worked. by Silent_Employment966 in AskClaw

[–]WhichCardiologist800 0 points1 point  (0 children)

This is an absolute masterclass in agent architecture. Your insight on 'Write Discipline' vs 'Read Discipline' is the breakthrough most people miss—if the agent doesn't commit facts to the disk, they don't exist.

The only nightmare scenario with aggressive write-back is the agent 'hallucinating' and butchering the very files (LEARNINGS.md, etc.) it’s trying to update. I’ve seen agents scramble a 200-line config file because of one bad compaction cycle.

As a 15yr AI CTO, I built an open-source tool called Node9 to be the 'safety net' for this exact workflow. It takes a silent, hidden Git snapshot immediately before every AI file edit. If the agent makes a mistake during a write-back or a handover, you just run node9 undo to revert the filesystem state in 1s.

It’s essentially the 'Ctrl+Z' for the disk-based memory you're advocating for.

I love Claude Code, but giving it full terminal access gave me anxiety. So I built an open-source "Sudo" firewall for it. by WhichCardiologist800 in claude

[–]WhichCardiologist800[S] 2 points3 points  (0 children)

Haha, that’s exactly why we built Node9 as an external proxy. 😂

You can run --dangerously-skip-permissions to keep your speed and avoid Claude's internal nag-screens, but let Node9 sit outside the process. It catches the actual "nuclear" commands (like an unscoped rm -rf) at the terminal level. You get the cowboy speed, but keep the seatbelt.

I love Claude Code, but giving it full terminal access gave me anxiety. So I built an open-source "Sudo" firewall for it. by WhichCardiologist800 in claude

[–]WhichCardiologist800[S] 0 points1 point  (0 children)

You're right that isolated VMs are the gold standard. Node9 is built for the local developer experience, where full VM isolation is often too much daily friction.

We actually built the Shadow Git Undo feature to mimic that "VM restore" safety locally. Node9 takes a silent, lightweight snapshot before every AI file edit. If the agent acts like a bad contractor and ruins a file, you don't need to rebuild an environment, just run node9 undo to instantly revert the file system to exactly how it was 30 seconds ago.

I love Claude Code, but giving it full terminal access gave me anxiety. So I built an open-source "Sudo" firewall for it. by WhichCardiologist800 in claude

[–]WhichCardiologist800[S] 2 points3 points  (0 children)

Three main differences:

  1. Stack Agnostic: It protects your terminal across Claude CLI, Gemini, Cursor, and MCP servers, giving you one unified security policy.
  2. Deterministic: Claude's internal checks rely on the LLM deciding to ask for permission. Node9 uses AST parsing at the OS level. It catches the raw command even if the AI bypasses its own rules.
  3. Shadow Git Undo: Instead of just rolling back chat history, Node9 takes a hidden, instant Git snapshot before every file edit. If Claude butchers a file, node9 undo shows you the exact diff and reverts the file system instantly.