@solongate/proxy 0.1.0 → 0.1.2

package/README.md

@@ -3,14 +3,16 @@
 **MCP Security Proxy** — Protect any MCP server with security policies, input validation, rate limiting, and audit logging. Zero code changes required.
 
 ```
-Claude ──(stdio)──> SolonGate Proxy ──(stdio)──> MCP Server
-                         │
-                    [rate limit]
-                    [input guard]
-                    [policy eval]
-                    [audit log]
+MCP Client ──(stdio)──> SolonGate Proxy ──(stdio)──> MCP Server
+                             │
+                        [rate limit]
+                        [input guard]
+                        [policy eval]
+                        [audit log]
 ```
 
+**Works with every MCP client:** Claude Code, Claude Desktop, Cursor, Windsurf, Cline, Zed, and any application that supports the Model Context Protocol over stdio.
+
 ## Quick Start
 
 ### Automatic Setup
@@ -21,7 +23,7 @@ Run this in your project directory (where your `.mcp.json` lives):
 npx @solongate/proxy init --all
 ```
 
-Restart Claude Code / Claude Desktop. Done.
+Restart your MCP client. Done.
 
 ### Manual Setup
 
@@ -115,6 +117,8 @@ Options:
   --rate-limit <n>         Per-tool rate limit (calls/min)
   --global-rate-limit <n>  Global rate limit (calls/min)
   --config <file>          Load full config from JSON file
+  --api-key <key>          SolonGate Cloud API key (cloud policy + audit)
+  --api-url <url>          Custom API URL (default: api.solongate.com)
 ```
 
 ## Restore Original Config

package/dist/index.js

@@ -1,8 +1,325 @@
 #!/usr/bin/env node
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+
+// src/init.ts
+var init_exports = {};
+import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync2, copyFileSync } from "fs";
+import { resolve as resolve2, join, dirname } from "path";
+import { createInterface } from "readline";
+function findProxyPath() {
+  const candidates = [
+    resolve2(dirname(new URL(import.meta.url).pathname.replace(/^\/([A-Z]:)/, "$1")), "index.js"),
+    resolve2("node_modules", "@solongate", "proxy", "dist", "index.js"),
+    resolve2("packages", "proxy", "dist", "index.js")
+  ];
+  for (const p of candidates) {
+    if (existsSync2(p)) return p.replace(/\\/g, "/");
+  }
+  return "solongate-proxy";
+}
+function findConfigFile(explicitPath) {
+  if (explicitPath) {
+    if (existsSync2(explicitPath)) {
+      return { path: resolve2(explicitPath), type: "mcp" };
+    }
+    return null;
+  }
+  for (const searchPath of SEARCH_PATHS) {
+    const full = resolve2(searchPath);
+    if (existsSync2(full)) return { path: full, type: "mcp" };
+  }
+  for (const desktopPath of CLAUDE_DESKTOP_PATHS) {
+    if (existsSync2(desktopPath)) return { path: desktopPath, type: "claude-desktop" };
+  }
+  return null;
+}
+function readConfig(filePath) {
+  const content = readFileSync2(filePath, "utf-8");
+  const parsed = JSON.parse(content);
+  if (parsed.mcpServers) return parsed;
+  throw new Error(`Unrecognized config format in ${filePath}`);
+}
+function isAlreadyProtected(server) {
+  const cmdStr = [server.command, ...server.args ?? []].join(" ");
+  return cmdStr.includes("solongate") || cmdStr.includes("solongate-proxy");
+}
+function wrapServer(server, policy, proxyPath) {
+  return {
+    command: "node",
+    args: [
+      proxyPath,
+      "--policy",
+      policy,
+      "--verbose",
+      "--",
+      server.command,
+      ...server.args ?? []
+    ],
+    env: server.env
+  };
+}
+async function prompt(question) {
+  const rl = createInterface({ input: process.stdin, output: process.stderr });
+  return new Promise((res) => {
+    rl.question(question, (answer) => {
+      rl.close();
+      res(answer.trim());
+    });
+  });
+}
+function parseInitArgs(argv) {
+  const args = argv.slice(2);
+  const options = {
+    policy: "restricted",
+    all: false,
+    dryRun: false,
+    restore: false
+  };
+  for (let i = 0; i < args.length; i++) {
+    switch (args[i]) {
+      case "--config":
+        options.configPath = args[++i];
+        break;
+      case "--policy":
+        options.policy = args[++i];
+        break;
+      case "--all":
+        options.all = true;
+        break;
+      case "--dry-run":
+        options.dryRun = true;
+        break;
+      case "--restore":
+        options.restore = true;
+        break;
+      case "--help":
+      case "-h":
+        printHelp();
+        process.exit(0);
+    }
+  }
+  if (!POLICY_PRESETS.includes(options.policy)) {
+    if (!existsSync2(resolve2(options.policy))) {
+      console.error(`Unknown policy: ${options.policy}`);
+      console.error(`Available presets: ${POLICY_PRESETS.join(", ")}`);
+      process.exit(1);
+    }
+  }
+  return options;
+}
+function printHelp() {
+  const help = `
+SolonGate Init \u2014 Protect your MCP servers in seconds
+
+USAGE
+  solongate-init [options]
+
+OPTIONS
+  --config <path>     Path to MCP config file (default: auto-detect)
+  --policy <preset>   Policy preset or JSON file (default: restricted)
+                      Presets: ${POLICY_PRESETS.join(", ")}
+  --all               Protect all servers without prompting
+  --dry-run           Preview changes without writing
+  --restore           Restore original config from backup
+  -h, --help          Show this help message
+
+EXAMPLES
+  solongate-init                          # Interactive setup
+  solongate-init --all                    # Protect everything
+  solongate-init --policy read-only       # Use read-only policy
+  solongate-init --dry-run                # Preview changes
+  solongate-init --restore                # Undo protection
+
+POLICY PRESETS
+  restricted    Block shell/exec/eval, allow reads and writes (recommended)
+  read-only     Only allow read/list/get/search/query operations
+  permissive    Allow everything (monitoring + audit only)
+  deny-all      Block all tool calls
+`;
+  console.error(help);
+}
+async function main() {
+  const options = parseInitArgs(process.argv);
+  console.error("");
+  console.error("  \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557");
+  console.error("  \u2551         SolonGate \u2014 Init Setup           \u2551");
+  console.error("  \u2551   Secure your MCP servers in seconds     \u2551");
+  console.error("  \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D");
+  console.error("");
+  const configInfo = findConfigFile(options.configPath);
+  if (!configInfo) {
+    console.error("  No MCP config file found.");
+    console.error("  Searched: .mcp.json, mcp.json, Claude Desktop config");
+    console.error("");
+    console.error("  Create a .mcp.json file first, or specify --config <path>");
+    process.exit(1);
+  }
+  console.error(`  Config: ${configInfo.path}`);
+  console.error(`  Type:   ${configInfo.type === "claude-desktop" ? "Claude Desktop" : "MCP JSON"}`);
+  console.error("");
+  const backupPath = configInfo.path + ".solongate-backup";
+  if (options.restore) {
+    if (!existsSync2(backupPath)) {
+      console.error("  No backup found. Nothing to restore.");
+      process.exit(1);
+    }
+    copyFileSync(backupPath, configInfo.path);
+    console.error("  Restored original config from backup.");
+    process.exit(0);
+  }
+  const config = readConfig(configInfo.path);
+  const serverNames = Object.keys(config.mcpServers);
+  if (serverNames.length === 0) {
+    console.error("  No MCP servers found in config.");
+    process.exit(1);
+  }
+  console.error(`  Found ${serverNames.length} MCP server(s):`);
+  console.error("");
+  const toProtect = [];
+  const alreadyProtected = [];
+  const skipped = [];
+  for (const name of serverNames) {
+    const server = config.mcpServers[name];
+    if (isAlreadyProtected(server)) {
+      alreadyProtected.push(name);
+      console.error(`    [protected] ${name}`);
+    } else {
+      console.error(`    [exposed]   ${name} \u2192 ${server.command} ${(server.args ?? []).join(" ")}`);
+      if (options.all) {
+        toProtect.push(name);
+      }
+    }
+  }
+  console.error("");
+  if (alreadyProtected.length === serverNames.length) {
+    console.error("  All servers are already protected by SolonGate!");
+    process.exit(0);
+  }
+  if (!options.all) {
+    const exposed = serverNames.filter((n) => !alreadyProtected.includes(n));
+    for (const name of exposed) {
+      const answer = await prompt(`  Protect "${name}"? [Y/n] `);
+      if (answer === "" || answer.toLowerCase() === "y" || answer.toLowerCase() === "yes") {
+        toProtect.push(name);
+      } else {
+        skipped.push(name);
+      }
+    }
+  }
+  if (toProtect.length === 0) {
+    console.error("  No servers selected for protection.");
+    process.exit(0);
+  }
+  console.error("");
+  console.error(`  Policy: ${options.policy}`);
+  console.error(`  Protecting: ${toProtect.join(", ")}`);
+  console.error("");
+  const proxyPath = findProxyPath();
+  const newConfig = { mcpServers: {} };
+  for (const name of serverNames) {
+    if (toProtect.includes(name)) {
+      newConfig.mcpServers[name] = wrapServer(config.mcpServers[name], options.policy, proxyPath);
+    } else {
+      newConfig.mcpServers[name] = config.mcpServers[name];
+    }
+  }
+  if (options.dryRun) {
+    console.error("  --- DRY RUN (no changes written) ---");
+    console.error("");
+    console.error("  New config:");
+    console.error(JSON.stringify(newConfig, null, 2));
+    process.exit(0);
+  }
+  if (!existsSync2(backupPath)) {
+    copyFileSync(configInfo.path, backupPath);
+    console.error(`  Backup: ${backupPath}`);
+  }
+  if (configInfo.type === "claude-desktop") {
+    const original = JSON.parse(readFileSync2(configInfo.path, "utf-8"));
+    original.mcpServers = newConfig.mcpServers;
+    writeFileSync(configInfo.path, JSON.stringify(original, null, 2) + "\n");
+  } else {
+    writeFileSync(configInfo.path, JSON.stringify(newConfig, null, 2) + "\n");
+  }
+  console.error("  Config updated!");
+  console.error("");
+  console.error("  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510");
+  console.error("  \u2502  Your MCP servers are now protected by   \u2502");
+  console.error("  \u2502  SolonGate security policies.            \u2502");
+  console.error("  \u2502                                          \u2502");
+  console.error("  \u2502  Restart your MCP client (Claude Code    \u2502");
+  console.error("  \u2502  or Claude Desktop) to apply changes.    \u2502");
+  console.error("  \u2502                                          \u2502");
+  console.error("  \u2502  To undo: solongate-init --restore       \u2502");
+  console.error("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518");
+  console.error("");
+  for (const name of toProtect) {
+    console.error(`  \u2713 ${name} \u2014 protected (${options.policy})`);
+  }
+  for (const name of alreadyProtected) {
+    console.error(`  \u25CF ${name} \u2014 already protected`);
+  }
+  for (const name of skipped) {
+    console.error(`  \u25CB ${name} \u2014 skipped`);
+  }
+  console.error("");
+}
+var POLICY_PRESETS, SEARCH_PATHS, CLAUDE_DESKTOP_PATHS;
+var init_init = __esm({
+  "src/init.ts"() {
+    "use strict";
+    POLICY_PRESETS = ["restricted", "read-only", "permissive", "deny-all"];
+    SEARCH_PATHS = [
+      ".mcp.json",
+      "mcp.json",
+      ".claude/mcp.json"
+    ];
+    CLAUDE_DESKTOP_PATHS = process.platform === "win32" ? [join(process.env["APPDATA"] ?? "", "Claude", "claude_desktop_config.json")] : process.platform === "darwin" ? [join(process.env["HOME"] ?? "", "Library", "Application Support", "Claude", "claude_desktop_config.json")] : [join(process.env["HOME"] ?? "", ".config", "claude", "claude_desktop_config.json")];
+    main().catch((err) => {
+      console.error(`Fatal: ${err instanceof Error ? err.message : String(err)}`);
+      process.exit(1);
+    });
+  }
+});
 
 // src/config.ts
 import { readFileSync, existsSync } from "fs";
 import { resolve } from "path";
+async function fetchCloudPolicy(apiKey, apiUrl, policyId) {
+  const url = `${apiUrl}/api/v1/policies/${policyId ?? "default"}`;
+  const res = await fetch(url, {
+    headers: { "Authorization": `Bearer ${apiKey}` }
+  });
+  if (!res.ok) {
+    const body = await res.text().catch(() => "");
+    throw new Error(`Failed to fetch policy from cloud (${res.status}): ${body}`);
+  }
+  const data = await res.json();
+  return {
+    id: String(data.id ?? "cloud"),
+    name: String(data.name ?? "Cloud Policy"),
+    version: Number(data._version ?? 1),
+    rules: data.rules ?? [],
+    createdAt: String(data._created_at ?? ""),
+    updatedAt: ""
+  };
+}
+async function sendAuditLog(apiKey, apiUrl, entry) {
+  try {
+    await fetch(`${apiUrl}/api/v1/audit-logs`, {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${apiKey}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(entry)
+    });
+  } catch {
+  }
+}
 var PRESETS = {
   restricted: {
     id: "restricted",
@@ -185,6 +502,8 @@ function parseArgs(argv) {
   let rateLimitPerTool;
   let globalRateLimit;
   let configFile;
+  let apiKey;
+  let apiUrl;
   let separatorIndex = args.indexOf("--");
   const flags = separatorIndex >= 0 ? args.slice(0, separatorIndex) : args;
   const upstreamArgs = separatorIndex >= 0 ? args.slice(separatorIndex + 1) : [];
@@ -211,6 +530,12 @@ function parseArgs(argv) {
       case "--config":
         configFile = flags[++i];
         break;
+      case "--api-key":
+        apiKey = flags[++i];
+        break;
+      case "--api-url":
+        apiUrl = flags[++i];
+        break;
     }
   }
   if (configFile) {
@@ -227,7 +552,9 @@ function parseArgs(argv) {
       verbose: fileConfig.verbose ?? verbose,
       validateInput: fileConfig.validateInput ?? validateInput,
       rateLimitPerTool: fileConfig.rateLimitPerTool ?? rateLimitPerTool,
-      globalRateLimit: fileConfig.globalRateLimit ?? globalRateLimit
+      globalRateLimit: fileConfig.globalRateLimit ?? globalRateLimit,
+      apiKey: apiKey ?? fileConfig.apiKey,
+      apiUrl: apiUrl ?? fileConfig.apiUrl
     };
   }
   if (upstreamArgs.length === 0) {
@@ -247,7 +574,9 @@ function parseArgs(argv) {
     verbose,
     validateInput,
     rateLimitPerTool,
-    globalRateLimit
+    globalRateLimit,
+    apiKey,
+    apiUrl
   };
 }
 
@@ -1647,8 +1976,8 @@ var Mutex = class {
       this.locked = true;
       return;
     }
-    return new Promise((resolve2) => {
-      this.queue.push(resolve2);
+    return new Promise((resolve3) => {
+      this.queue.push(resolve3);
     });
   }
   release() {
@@ -1689,6 +2018,17 @@ var SolonGateProxy = class {
    */
   async start() {
     log("Starting SolonGate Proxy...");
+    if (this.config.apiKey) {
+      const apiUrl = this.config.apiUrl ?? "https://api.solongate.com";
+      log(`Cloud API: ${apiUrl}`);
+      try {
+        const cloudPolicy = await fetchCloudPolicy(this.config.apiKey, apiUrl);
+        this.config.policy = cloudPolicy;
+        log(`Loaded cloud policy: ${cloudPolicy.name} (${cloudPolicy.rules.length} rules)`);
+      } catch (err) {
+        log(`Cloud policy fetch failed, using local policy: ${err instanceof Error ? err.message : String(err)}`);
+      }
+    }
     log(`Policy: ${this.config.policy.name} (${this.config.policy.rules.length} rules)`);
     log(`Upstream: ${this.config.upstream.command} ${(this.config.upstream.args ?? []).join(" ")}`);
     await this.connectUpstream();
@@ -1755,6 +2095,7 @@ var SolonGateProxy = class {
       const { name, arguments: args } = request.params;
       log(`Tool call: ${name}`);
       await this.callMutex.acquire();
+      const startTime = Date.now();
       try {
         const result = await this.gate.executeToolCall(
           { name, arguments: args ?? {} },
@@ -1767,7 +2108,19 @@ var SolonGateProxy = class {
             return upstreamResult;
           }
         );
-        log(`Result: ${result.isError ? "DENIED/ERROR" : "ALLOWED"}`);
+        const decision = result.isError ? "DENY" : "ALLOW";
+        const evaluationTimeMs = Date.now() - startTime;
+        log(`Result: ${decision} (${evaluationTimeMs}ms)`);
+        if (this.config.apiKey) {
+          const apiUrl = this.config.apiUrl ?? "https://api.solongate.com";
+          sendAuditLog(this.config.apiKey, apiUrl, {
+            tool: name,
+            arguments: args ?? {},
+            decision,
+            reason: result.isError ? result.content[0]?.text ?? "denied" : "allowed",
+            evaluationTimeMs
+          });
+        }
         return {
           content: [...result.content],
           isError: result.isError
@@ -1837,7 +2190,13 @@ console.error = (...args) => {
   process.stderr.write(`[SolonGate ERROR] ${args.map(String).join(" ")}
 `);
 };
-async function main() {
+async function main2() {
+  const subcommand = process.argv[2];
+  if (subcommand === "init") {
+    process.argv.splice(2, 1);
+    await Promise.resolve().then(() => (init_init(), init_exports));
+    return;
+  }
   try {
     const config = parseArgs(process.argv);
     const proxy = new SolonGateProxy(config);
@@ -1849,4 +2208,4 @@ async function main() {
     process.exit(1);
   }
 }
-main();
+main2();

package/package.json

@@ -1,11 +1,12 @@
 {
   "name": "@solongate/proxy",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "MCP security proxy — protect any MCP server with policies, input validation, rate limiting, and audit logging. Zero code changes required.",
   "type": "module",
   "bin": {
     "solongate-proxy": "./dist/index.js",
-    "solongate-init": "./dist/init.js"
+    "solongate-init": "./dist/init.js",
+    "proxy": "./dist/index.js"
   },
   "main": "./dist/index.js",
   "exports": {