A few weeks ago, I decided to write an open source tool (Apache-2.0) that tracks, blocks, and auto reverts AI actions. Every tool call, shell command, and file edit passes through it before executing.
When an agent tries to run something dangerous (like docker prune or rm -rf), execution pauses. It fires a concurrent approval race to a native desktop popup, the terminal, and Slack. The first response wins. If an AI hallucination does slip through, Node9 takes hidden git snapshots (using dangling commits so it doesn't pollute your branch) right before the AI edits a file, letting you run node9 undo. I also built a Python SDK with a @protect decorator for custom agents.
I'm at a friction point considering whether to take this further and build a SaaS layer on top of the open source core for enterprise teams (centralized audit logs, team policies, etc.).
Would love honest feedback, is this solving a real problem or am I over engineering it?
(GIF in the GitHub-README)