@solongate/proxy 0.1.1 → 0.1.3

package/dist/index.js

@@ -1,270 +1,885 @@
 #!/usr/bin/env node
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
 
-// src/config.ts
-import { readFileSync, existsSync } from "fs";
-import { resolve } from "path";
-var PRESETS = {
-  restricted: {
-    id: "restricted",
-    name: "Restricted",
-    description: "Blocks dangerous tools (shell, web), allows safe tools",
-    version: 1,
-    rules: [
-      {
-        id: "deny-shell",
-        description: "Block shell execution",
-        effect: "DENY",
-        priority: 100,
-        toolPattern: "*shell*",
-        permission: "EXECUTE",
-        minimumTrustLevel: "UNTRUSTED",
-        enabled: true,
-        createdAt: "",
-        updatedAt: ""
-      },
-      {
-        id: "deny-exec",
-        description: "Block command execution",
-        effect: "DENY",
-        priority: 101,
-        toolPattern: "*exec*",
-        permission: "EXECUTE",
-        minimumTrustLevel: "UNTRUSTED",
-        enabled: true,
-        createdAt: "",
-        updatedAt: ""
-      },
-      {
-        id: "deny-eval",
-        description: "Block code eval",
-        effect: "DENY",
-        priority: 102,
-        toolPattern: "*eval*",
-        permission: "EXECUTE",
-        minimumTrustLevel: "UNTRUSTED",
-        enabled: true,
-        createdAt: "",
-        updatedAt: ""
-      },
-      {
-        id: "allow-rest",
-        description: "Allow all other tools",
-        effect: "ALLOW",
-        priority: 1e3,
-        toolPattern: "*",
-        permission: "EXECUTE",
-        minimumTrustLevel: "UNTRUSTED",
-        enabled: true,
-        createdAt: "",
-        updatedAt: ""
-      }
-    ],
-    createdAt: "",
-    updatedAt: ""
-  },
-  "read-only": {
-    id: "read-only",
-    name: "Read Only",
-    description: "Only allows read operations, blocks writes and execution",
-    version: 1,
-    rules: [
-      {
-        id: "allow-read",
-        description: "Allow read tools",
-        effect: "ALLOW",
-        priority: 100,
-        toolPattern: "*read*",
-        permission: "EXECUTE",
-        minimumTrustLevel: "UNTRUSTED",
-        enabled: true,
-        createdAt: "",
-        updatedAt: ""
-      },
-      {
-        id: "allow-list",
-        description: "Allow list tools",
-        effect: "ALLOW",
-        priority: 101,
-        toolPattern: "*list*",
-        permission: "EXECUTE",
-        minimumTrustLevel: "UNTRUSTED",
-        enabled: true,
-        createdAt: "",
-        updatedAt: ""
-      },
-      {
-        id: "allow-get",
-        description: "Allow get tools",
-        effect: "ALLOW",
-        priority: 102,
-        toolPattern: "*get*",
-        permission: "EXECUTE",
-        minimumTrustLevel: "UNTRUSTED",
-        enabled: true,
-        createdAt: "",
-        updatedAt: ""
-      },
-      {
-        id: "allow-search",
-        description: "Allow search tools",
-        effect: "ALLOW",
-        priority: 103,
-        toolPattern: "*search*",
-        permission: "EXECUTE",
-        minimumTrustLevel: "UNTRUSTED",
-        enabled: true,
-        createdAt: "",
-        updatedAt: ""
-      },
-      {
-        id: "allow-query",
-        description: "Allow query tools",
-        effect: "ALLOW",
-        priority: 104,
-        toolPattern: "*query*",
-        permission: "EXECUTE",
-        minimumTrustLevel: "UNTRUSTED",
-        enabled: true,
-        createdAt: "",
-        updatedAt: ""
-      }
-    ],
-    createdAt: "",
-    updatedAt: ""
-  },
-  permissive: {
-    id: "permissive",
-    name: "Permissive",
-    description: "Allows all tool calls (monitoring only)",
-    version: 1,
-    rules: [
-      {
-        id: "allow-all",
-        description: "Allow all",
-        effect: "ALLOW",
-        priority: 1e3,
-        toolPattern: "*",
-        permission: "EXECUTE",
-        minimumTrustLevel: "UNTRUSTED",
-        enabled: true,
-        createdAt: "",
-        updatedAt: ""
-      }
-    ],
-    createdAt: "",
-    updatedAt: ""
-  },
-  "deny-all": {
-    id: "deny-all",
-    name: "Deny All",
-    description: "Blocks all tool calls",
-    version: 1,
-    rules: [],
-    createdAt: "",
-    updatedAt: ""
+// src/init.ts
+var init_exports = {};
+import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync2, copyFileSync } from "fs";
+import { resolve as resolve2, join, dirname } from "path";
+import { createInterface } from "readline";
+function findProxyPath() {
+  const candidates = [
+    resolve2(dirname(new URL(import.meta.url).pathname.replace(/^\/([A-Z]:)/, "$1")), "index.js"),
+    resolve2("node_modules", "@solongate", "proxy", "dist", "index.js"),
+    resolve2("packages", "proxy", "dist", "index.js")
+  ];
+  for (const p of candidates) {
+    if (existsSync2(p)) return p.replace(/\\/g, "/");
+  }
+  return "solongate-proxy";
+}
+function findConfigFile(explicitPath) {
+  if (explicitPath) {
+    if (existsSync2(explicitPath)) {
+      return { path: resolve2(explicitPath), type: "mcp" };
+    }
+    return null;
   }
-};
-function loadPolicy(source) {
-  if (typeof source === "object") return source;
-  if (PRESETS[source]) return PRESETS[source];
-  const filePath = resolve(source);
-  if (existsSync(filePath)) {
-    const content = readFileSync(filePath, "utf-8");
-    return JSON.parse(content);
+  for (const searchPath of SEARCH_PATHS) {
+    const full = resolve2(searchPath);
+    if (existsSync2(full)) return { path: full, type: "mcp" };
   }
-  throw new Error(
-    `Unknown policy "${source}". Use a preset (${Object.keys(PRESETS).join(", ")}), a JSON file path, or a PolicySet object.`
-  );
+  for (const desktopPath of CLAUDE_DESKTOP_PATHS) {
+    if (existsSync2(desktopPath)) return { path: desktopPath, type: "claude-desktop" };
+  }
+  return null;
 }
-function parseArgs(argv) {
+function readConfig(filePath) {
+  const content = readFileSync2(filePath, "utf-8");
+  const parsed = JSON.parse(content);
+  if (parsed.mcpServers) return parsed;
+  throw new Error(`Unrecognized config format in ${filePath}`);
+}
+function isAlreadyProtected(server) {
+  const cmdStr = [server.command, ...server.args ?? []].join(" ");
+  return cmdStr.includes("solongate") || cmdStr.includes("solongate-proxy");
+}
+function wrapServer(server, policy, proxyPath) {
+  return {
+    command: "node",
+    args: [
+      proxyPath,
+      "--policy",
+      policy,
+      "--verbose",
+      "--",
+      server.command,
+      ...server.args ?? []
+    ],
+    env: server.env
+  };
+}
+async function prompt(question) {
+  const rl = createInterface({ input: process.stdin, output: process.stderr });
+  return new Promise((res) => {
+    rl.question(question, (answer) => {
+      rl.close();
+      res(answer.trim());
+    });
+  });
+}
+function parseInitArgs(argv) {
   const args = argv.slice(2);
-  let policySource = "restricted";
-  let name = "solongate-proxy";
-  let verbose = false;
-  let validateInput = true;
-  let rateLimitPerTool;
-  let globalRateLimit;
-  let configFile;
-  let separatorIndex = args.indexOf("--");
-  const flags = separatorIndex >= 0 ? args.slice(0, separatorIndex) : args;
-  const upstreamArgs = separatorIndex >= 0 ? args.slice(separatorIndex + 1) : [];
-  for (let i = 0; i < flags.length; i++) {
-    switch (flags[i]) {
-      case "--policy":
-        policySource = flags[++i];
-        break;
-      case "--name":
-        name = flags[++i];
-        break;
-      case "--verbose":
-        verbose = true;
+  const options = {
+    policy: "restricted",
+    all: false,
+    dryRun: false,
+    restore: false
+  };
+  for (let i = 0; i < args.length; i++) {
+    switch (args[i]) {
+      case "--config":
+        options.configPath = args[++i];
         break;
-      case "--no-input-guard":
-        validateInput = false;
+      case "--policy":
+        options.policy = args[++i];
         break;
-      case "--rate-limit":
-        rateLimitPerTool = parseInt(flags[++i], 10);
+      case "--all":
+        options.all = true;
         break;
-      case "--global-rate-limit":
-        globalRateLimit = parseInt(flags[++i], 10);
+      case "--dry-run":
+        options.dryRun = true;
         break;
-      case "--config":
-        configFile = flags[++i];
+      case "--restore":
+        options.restore = true;
         break;
+      case "--help":
+      case "-h":
+        printHelp();
+        process.exit(0);
     }
   }
-  if (configFile) {
-    const filePath = resolve(configFile);
-    const content = readFileSync(filePath, "utf-8");
-    const fileConfig = JSON.parse(content);
-    if (!fileConfig.upstream) {
-      throw new Error('Config file must include "upstream" with at least "command"');
+  if (!POLICY_PRESETS.includes(options.policy)) {
+    if (!existsSync2(resolve2(options.policy))) {
+      console.error(`Unknown policy: ${options.policy}`);
+      console.error(`Available presets: ${POLICY_PRESETS.join(", ")}`);
+      process.exit(1);
     }
-    return {
-      upstream: fileConfig.upstream,
-      policy: loadPolicy(fileConfig.policy ?? policySource),
-      name: fileConfig.name ?? name,
-      verbose: fileConfig.verbose ?? verbose,
-      validateInput: fileConfig.validateInput ?? validateInput,
-      rateLimitPerTool: fileConfig.rateLimitPerTool ?? rateLimitPerTool,
-      globalRateLimit: fileConfig.globalRateLimit ?? globalRateLimit
-    };
-  }
-  if (upstreamArgs.length === 0) {
-    throw new Error(
-      "No upstream server command provided.\n\nUsage: solongate-proxy [options] -- <command> [args...]\n\nExamples:\n  solongate-proxy -- node my-server.js\n  solongate-proxy --policy restricted -- npx @openclaw/server\n  solongate-proxy --config solongate.json\n"
-    );
   }
-  const [command, ...commandArgs] = upstreamArgs;
-  return {
-    upstream: {
-      command,
-      args: commandArgs,
-      env: { ...process.env }
-    },
-    policy: loadPolicy(policySource),
-    name,
-    verbose,
-    validateInput,
-    rateLimitPerTool,
-    globalRateLimit
-  };
+  return options;
 }
+function printHelp() {
+  const help = `
+SolonGate Init \u2014 Protect your MCP servers in seconds
 
-// src/proxy.ts
-import { Server } from "@modelcontextprotocol/sdk/server/index.js";
-import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-import { Client } from "@modelcontextprotocol/sdk/client/index.js";
-import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
-import {
-  ListToolsRequestSchema,
-  CallToolRequestSchema,
-  ListResourcesRequestSchema,
-  ListPromptsRequestSchema,
-  GetPromptRequestSchema,
-  ReadResourceRequestSchema,
-  ListResourceTemplatesRequestSchema
-} from "@modelcontextprotocol/sdk/types.js";
+USAGE
+  solongate-init [options]
+
+OPTIONS
+  --config <path>     Path to MCP config file (default: auto-detect)
+  --policy <preset>   Policy preset or JSON file (default: restricted)
+                      Presets: ${POLICY_PRESETS.join(", ")}
+  --all               Protect all servers without prompting
+  --dry-run           Preview changes without writing
+  --restore           Restore original config from backup
+  -h, --help          Show this help message
+
+EXAMPLES
+  solongate-init                          # Interactive setup
+  solongate-init --all                    # Protect everything
+  solongate-init --policy read-only       # Use read-only policy
+  solongate-init --dry-run                # Preview changes
+  solongate-init --restore                # Undo protection
+
+POLICY PRESETS
+  restricted    Block shell/exec/eval, allow reads and writes (recommended)
+  read-only     Only allow read/list/get/search/query operations
+  permissive    Allow everything (monitoring + audit only)
+  deny-all      Block all tool calls
+`;
+  console.error(help);
+}
+async function main() {
+  const options = parseInitArgs(process.argv);
+  console.error("");
+  console.error("  \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557");
+  console.error("  \u2551         SolonGate \u2014 Init Setup           \u2551");
+  console.error("  \u2551   Secure your MCP servers in seconds     \u2551");
+  console.error("  \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D");
+  console.error("");
+  const configInfo = findConfigFile(options.configPath);
+  if (!configInfo) {
+    console.error("  No MCP config file found.");
+    console.error("  Searched: .mcp.json, mcp.json, Claude Desktop config");
+    console.error("");
+    console.error("  Create a .mcp.json file first, or specify --config <path>");
+    process.exit(1);
+  }
+  console.error(`  Config: ${configInfo.path}`);
+  console.error(`  Type:   ${configInfo.type === "claude-desktop" ? "Claude Desktop" : "MCP JSON"}`);
+  console.error("");
+  const backupPath = configInfo.path + ".solongate-backup";
+  if (options.restore) {
+    if (!existsSync2(backupPath)) {
+      console.error("  No backup found. Nothing to restore.");
+      process.exit(1);
+    }
+    copyFileSync(backupPath, configInfo.path);
+    console.error("  Restored original config from backup.");
+    process.exit(0);
+  }
+  const config = readConfig(configInfo.path);
+  const serverNames = Object.keys(config.mcpServers);
+  if (serverNames.length === 0) {
+    console.error("  No MCP servers found in config.");
+    process.exit(1);
+  }
+  console.error(`  Found ${serverNames.length} MCP server(s):`);
+  console.error("");
+  const toProtect = [];
+  const alreadyProtected = [];
+  const skipped = [];
+  for (const name of serverNames) {
+    const server = config.mcpServers[name];
+    if (isAlreadyProtected(server)) {
+      alreadyProtected.push(name);
+      console.error(`    [protected] ${name}`);
+    } else {
+      console.error(`    [exposed]   ${name} \u2192 ${server.command} ${(server.args ?? []).join(" ")}`);
+      if (options.all) {
+        toProtect.push(name);
+      }
+    }
+  }
+  console.error("");
+  if (alreadyProtected.length === serverNames.length) {
+    console.error("  All servers are already protected by SolonGate!");
+    process.exit(0);
+  }
+  if (!options.all) {
+    const exposed = serverNames.filter((n) => !alreadyProtected.includes(n));
+    for (const name of exposed) {
+      const answer = await prompt(`  Protect "${name}"? [Y/n] `);
+      if (answer === "" || answer.toLowerCase() === "y" || answer.toLowerCase() === "yes") {
+        toProtect.push(name);
+      } else {
+        skipped.push(name);
+      }
+    }
+  }
+  if (toProtect.length === 0) {
+    console.error("  No servers selected for protection.");
+    process.exit(0);
+  }
+  console.error("");
+  console.error(`  Policy: ${options.policy}`);
+  console.error(`  Protecting: ${toProtect.join(", ")}`);
+  console.error("");
+  const proxyPath = findProxyPath();
+  const newConfig = { mcpServers: {} };
+  for (const name of serverNames) {
+    if (toProtect.includes(name)) {
+      newConfig.mcpServers[name] = wrapServer(config.mcpServers[name], options.policy, proxyPath);
+    } else {
+      newConfig.mcpServers[name] = config.mcpServers[name];
+    }
+  }
+  if (options.dryRun) {
+    console.error("  --- DRY RUN (no changes written) ---");
+    console.error("");
+    console.error("  New config:");
+    console.error(JSON.stringify(newConfig, null, 2));
+    process.exit(0);
+  }
+  if (!existsSync2(backupPath)) {
+    copyFileSync(configInfo.path, backupPath);
+    console.error(`  Backup: ${backupPath}`);
+  }
+  if (configInfo.type === "claude-desktop") {
+    const original = JSON.parse(readFileSync2(configInfo.path, "utf-8"));
+    original.mcpServers = newConfig.mcpServers;
+    writeFileSync(configInfo.path, JSON.stringify(original, null, 2) + "\n");
+  } else {
+    writeFileSync(configInfo.path, JSON.stringify(newConfig, null, 2) + "\n");
+  }
+  console.error("  Config updated!");
+  console.error("");
+  console.error("  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510");
+  console.error("  \u2502  Your MCP servers are now protected by   \u2502");
+  console.error("  \u2502  SolonGate security policies.            \u2502");
+  console.error("  \u2502                                          \u2502");
+  console.error("  \u2502  Restart your MCP client (Claude Code    \u2502");
+  console.error("  \u2502  or Claude Desktop) to apply changes.    \u2502");
+  console.error("  \u2502                                          \u2502");
+  console.error("  \u2502  To undo: solongate-init --restore       \u2502");
+  console.error("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518");
+  console.error("");
+  for (const name of toProtect) {
+    console.error(`  \u2713 ${name} \u2014 protected (${options.policy})`);
+  }
+  for (const name of alreadyProtected) {
+    console.error(`  \u25CF ${name} \u2014 already protected`);
+  }
+  for (const name of skipped) {
+    console.error(`  \u25CB ${name} \u2014 skipped`);
+  }
+  console.error("");
+}
+var POLICY_PRESETS, SEARCH_PATHS, CLAUDE_DESKTOP_PATHS;
+var init_init = __esm({
+  "src/init.ts"() {
+    "use strict";
+    POLICY_PRESETS = ["restricted", "read-only", "permissive", "deny-all"];
+    SEARCH_PATHS = [
+      ".mcp.json",
+      "mcp.json",
+      ".claude/mcp.json"
+    ];
+    CLAUDE_DESKTOP_PATHS = process.platform === "win32" ? [join(process.env["APPDATA"] ?? "", "Claude", "claude_desktop_config.json")] : process.platform === "darwin" ? [join(process.env["HOME"] ?? "", "Library", "Application Support", "Claude", "claude_desktop_config.json")] : [join(process.env["HOME"] ?? "", ".config", "claude", "claude_desktop_config.json")];
+    main().catch((err) => {
+      console.error(`Fatal: ${err instanceof Error ? err.message : String(err)}`);
+      process.exit(1);
+    });
+  }
+});
+
+// src/inject.ts
+var inject_exports = {};
+import { readFileSync as readFileSync3, writeFileSync as writeFileSync2, existsSync as existsSync3, copyFileSync as copyFileSync2 } from "fs";
+import { resolve as resolve3 } from "path";
+import { execSync } from "child_process";
+function parseInjectArgs(argv) {
+  const args = argv.slice(2);
+  const opts = {
+    dryRun: false,
+    restore: false,
+    skipInstall: false
+  };
+  for (let i = 0; i < args.length; i++) {
+    switch (args[i]) {
+      case "--file":
+        opts.file = args[++i];
+        break;
+      case "--dry-run":
+        opts.dryRun = true;
+        break;
+      case "--restore":
+        opts.restore = true;
+        break;
+      case "--skip-install":
+        opts.skipInstall = true;
+        break;
+      case "--help":
+      case "-h":
+        printHelp2();
+        process.exit(0);
+    }
+  }
+  return opts;
+}
+function printHelp2() {
+  log2(`
+SolonGate Inject \u2014 Add security to your MCP server in seconds
+
+USAGE
+  npx @solongate/proxy inject [options]
+
+OPTIONS
+  --file <path>       Entry file to modify (default: auto-detect)
+  --dry-run           Preview changes without writing
+  --restore           Restore original file from backup
+  --skip-install      Don't install SDK package
+  -h, --help          Show this help message
+
+EXAMPLES
+  npx @solongate/proxy inject                    # Auto-detect and inject
+  npx @solongate/proxy inject --file src/main.ts # Specify entry file
+  npx @solongate/proxy inject --dry-run          # Preview changes
+  npx @solongate/proxy inject --restore          # Undo injection
+
+WHAT IT DOES
+  Replaces McpServer with SecureMcpServer (2 lines changed)
+  All tool() calls are automatically protected by SolonGate.
+`);
+}
+function log2(msg) {
+  process.stderr.write(msg + "\n");
+}
+function detectProject() {
+  if (!existsSync3(resolve3("package.json"))) return false;
+  try {
+    const pkg = JSON.parse(readFileSync3(resolve3("package.json"), "utf-8"));
+    const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+    return !!(allDeps["@modelcontextprotocol/sdk"] || allDeps["@modelcontextprotocol/server"]);
+  } catch {
+    return false;
+  }
+}
+function findTsEntryFile() {
+  try {
+    const pkg = JSON.parse(readFileSync3(resolve3("package.json"), "utf-8"));
+    if (pkg.bin) {
+      const binPath = typeof pkg.bin === "string" ? pkg.bin : Object.values(pkg.bin)[0];
+      if (typeof binPath === "string") {
+        const srcPath = binPath.replace(/^\.\/dist\//, "./src/").replace(/\.js$/, ".ts");
+        if (existsSync3(resolve3(srcPath))) return resolve3(srcPath);
+        if (existsSync3(resolve3(binPath))) return resolve3(binPath);
+      }
+    }
+    if (pkg.main) {
+      const srcPath = pkg.main.replace(/^\.\/dist\//, "./src/").replace(/\.js$/, ".ts");
+      if (existsSync3(resolve3(srcPath))) return resolve3(srcPath);
+    }
+  } catch {
+  }
+  const candidates = [
+    "src/index.ts",
+    "src/server.ts",
+    "src/main.ts",
+    "index.ts",
+    "server.ts",
+    "main.ts"
+  ];
+  for (const c of candidates) {
+    const full = resolve3(c);
+    if (existsSync3(full)) {
+      try {
+        const content = readFileSync3(full, "utf-8");
+        if (content.includes("McpServer") || content.includes("McpServer")) {
+          return full;
+        }
+      } catch {
+      }
+    }
+  }
+  for (const c of candidates) {
+    if (existsSync3(resolve3(c))) return resolve3(c);
+  }
+  return null;
+}
+function detectPackageManager() {
+  if (existsSync3(resolve3("pnpm-lock.yaml"))) return "pnpm";
+  if (existsSync3(resolve3("yarn.lock"))) return "yarn";
+  return "npm";
+}
+function installSdk() {
+  try {
+    const pkg = JSON.parse(readFileSync3(resolve3("package.json"), "utf-8"));
+    const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+    if (allDeps["@solongate/sdk"]) {
+      log2("  @solongate/sdk already installed");
+      return true;
+    }
+  } catch {
+  }
+  const pm = detectPackageManager();
+  const cmd = pm === "yarn" ? "yarn add @solongate/sdk" : `${pm} install @solongate/sdk`;
+  log2(`  Installing @solongate/sdk via ${pm}...`);
+  try {
+    execSync(cmd, { stdio: "pipe", cwd: process.cwd() });
+    return true;
+  } catch (err) {
+    log2(`  Failed to install: ${err instanceof Error ? err.message : String(err)}`);
+    log2("  You can install manually: npm install @solongate/sdk");
+    return false;
+  }
+}
+function injectTypeScript(filePath) {
+  const original = readFileSync3(filePath, "utf-8");
+  const changes = [];
+  let modified = original;
+  if (modified.includes("SecureMcpServer")) {
+    return { file: filePath, changes: ["Already injected \u2014 skipping"], original, modified };
+  }
+  const mcpImportPatterns = [
+    // Solo import: import { McpServer } from '...'
+    /import\s*\{\s*McpServer\s*\}\s*from\s*['"][^'"]+['"]/,
+    // Import with others: import { McpServer, ... } from '...'
+    /import\s*\{[^}]*McpServer[^}]*\}\s*from\s*['"][^'"]+['"]/
+  ];
+  let importReplaced = false;
+  for (const pattern of mcpImportPatterns) {
+    const match = modified.match(pattern);
+    if (match) {
+      const importLine = match[0];
+      const namedImports = importLine.match(/\{([^}]+)\}/)?.[1] ?? "";
+      const importNames = namedImports.split(",").map((s) => s.trim()).filter(Boolean);
+      if (importNames.length === 1 && importNames[0] === "McpServer") {
+        modified = modified.replace(
+          importLine,
+          `import { SecureMcpServer } from '@solongate/sdk'`
+        );
+        changes.push("Replaced McpServer import with SecureMcpServer from @solongate/sdk");
+      } else {
+        const otherImports = importNames.filter((n) => n !== "McpServer");
+        const fromModule = importLine.match(/from\s*['"]([^'"]+)['"]/)?.[1] ?? "";
+        modified = modified.replace(
+          importLine,
+          `import { ${otherImports.join(", ")} } from '${fromModule}';
+import { SecureMcpServer } from '@solongate/sdk'`
+        );
+        changes.push("Removed McpServer from existing import, added SecureMcpServer import from @solongate/sdk");
+      }
+      importReplaced = true;
+      break;
+    }
+  }
+  if (!importReplaced) {
+    const insertPos = findImportInsertPosition(modified);
+    modified = modified.slice(0, insertPos) + `import { SecureMcpServer } from '@solongate/sdk';
+` + modified.slice(insertPos);
+    changes.push("Added SecureMcpServer import from @solongate/sdk");
+  }
+  const constructorPattern = /new\s+McpServer\s*\(/g;
+  const constructorCount = (modified.match(constructorPattern) || []).length;
+  if (constructorCount > 0) {
+    modified = modified.replace(constructorPattern, "new SecureMcpServer(");
+    changes.push(`Replaced ${constructorCount} McpServer constructor(s) with SecureMcpServer`);
+  }
+  return { file: filePath, changes, original, modified };
+}
+function findImportInsertPosition(content) {
+  let pos = 0;
+  if (content.startsWith("#!")) {
+    pos = content.indexOf("\n") + 1;
+  }
+  const lines = content.slice(pos).split("\n");
+  let offset = pos;
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (trimmed === "" || trimmed.startsWith("//") || trimmed.startsWith("/*") || trimmed.startsWith("*") || trimmed.startsWith("*/")) {
+      offset += line.length + 1;
+    } else {
+      break;
+    }
+  }
+  const importRegex = /^import\s+.+$/gm;
+  let lastImportEnd = offset;
+  let importMatch;
+  while ((importMatch = importRegex.exec(content)) !== null) {
+    lastImportEnd = importMatch.index + importMatch[0].length + 1;
+  }
+  return lastImportEnd > offset ? lastImportEnd : offset;
+}
+function showDiff(result) {
+  if (result.original === result.modified) {
+    log2("  No changes needed.");
+    return;
+  }
+  const origLines = result.original.split("\n");
+  const modLines = result.modified.split("\n");
+  log2("");
+  log2(`  File: ${result.file}`);
+  log2("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
+  const maxLines = Math.max(origLines.length, modLines.length);
+  let diffCount = 0;
+  for (let i = 0; i < maxLines; i++) {
+    const orig = origLines[i];
+    const mod = modLines[i];
+    if (orig !== mod) {
+      if (diffCount < 30) {
+        if (orig !== void 0) log2(`  - ${orig}`);
+        if (mod !== void 0) log2(`  + ${mod}`);
+      }
+      diffCount++;
+    }
+  }
+  if (diffCount > 30) {
+    log2(`  ... and ${diffCount - 30} more line changes`);
+  }
+  log2("");
+}
+async function main2() {
+  const opts = parseInjectArgs(process.argv);
+  log2("");
+  log2("  \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557");
+  log2("  \u2551      SolonGate \u2014 Inject SDK              \u2551");
+  log2("  \u2551   Add security to your MCP server        \u2551");
+  log2("  \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D");
+  log2("");
+  if (!detectProject()) {
+    log2("  Could not detect a TypeScript MCP server project.");
+    log2("  Make sure you are in a project directory with:");
+    log2("    package.json + @modelcontextprotocol/sdk in dependencies");
+    log2("");
+    log2("  To create a new MCP server: npx @solongate/proxy create <name>");
+    process.exit(1);
+  }
+  log2("  Language: TypeScript");
+  const entryFile = opts.file ? resolve3(opts.file) : findTsEntryFile();
+  if (!entryFile || !existsSync3(entryFile)) {
+    log2(`  Could not find entry file.${opts.file ? ` File not found: ${opts.file}` : ""}`);
+    log2("");
+    log2("  Specify it manually: --file <path>");
+    log2("");
+    log2("  Common entry points:");
+    log2("    src/index.ts, src/server.ts, index.ts");
+    process.exit(1);
+  }
+  log2(`  Entry:    ${entryFile}`);
+  log2("");
+  const backupPath = entryFile + ".solongate-backup";
+  if (opts.restore) {
+    if (!existsSync3(backupPath)) {
+      log2("  No backup found. Nothing to restore.");
+      process.exit(1);
+    }
+    copyFileSync2(backupPath, entryFile);
+    log2(`  Restored original file from backup.`);
+    log2(`  Backup: ${backupPath}`);
+    process.exit(0);
+  }
+  if (!opts.skipInstall && !opts.dryRun) {
+    installSdk();
+    log2("");
+  }
+  const result = injectTypeScript(entryFile);
+  log2(`  Changes (${result.changes.length}):`);
+  for (const change of result.changes) {
+    log2(`    - ${change}`);
+  }
+  if (result.changes.length === 1 && result.changes[0].includes("Already injected")) {
+    log2("");
+    log2("  Your MCP server is already protected by SolonGate!");
+    process.exit(0);
+  }
+  if (result.original === result.modified) {
+    log2("");
+    log2("  No changes were made. The file may not contain recognizable MCP patterns.");
+    log2("  See docs: https://solongate.com/docs/integration");
+    process.exit(0);
+  }
+  if (opts.dryRun) {
+    log2("");
+    log2("  --- DRY RUN (no changes written) ---");
+    showDiff(result);
+    log2("  To apply: npx @solongate/proxy inject");
+    process.exit(0);
+  }
+  if (!existsSync3(backupPath)) {
+    copyFileSync2(entryFile, backupPath);
+    log2("");
+    log2(`  Backup: ${backupPath}`);
+  }
+  writeFileSync2(entryFile, result.modified);
+  log2("");
+  log2("  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510");
+  log2("  \u2502  SolonGate SDK injected successfully!         \u2502");
+  log2("  \u2502                                               \u2502");
+  log2("  \u2502  McpServer \u2192 SecureMcpServer                  \u2502");
+  log2("  \u2502  All tool() calls are now auto-protected.     \u2502");
+  log2("  \u2502                                               \u2502");
+  log2("  \u2502  Set your API key:                             \u2502");
+  log2("  \u2502    export SOLONGATE_API_KEY=sg_live_xxx        \u2502");
+  log2("  \u2502                                               \u2502");
+  log2("  \u2502  To undo:                                     \u2502");
+  log2("  \u2502    npx @solongate/proxy inject --restore       \u2502");
+  log2("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518");
+  log2("");
+}
+var init_inject = __esm({
+  "src/inject.ts"() {
+    "use strict";
+    main2().catch((err) => {
+      log2(`Fatal: ${err instanceof Error ? err.message : String(err)}`);
+      process.exit(1);
+    });
+  }
+});
+
+// src/create.ts
+var create_exports = {};
+import { mkdirSync, writeFileSync as writeFileSync3, existsSync as existsSync4 } from "fs";
+import { resolve as resolve4, join as join2 } from "path";
+import { execSync as execSync2 } from "child_process";
+function log3(msg) {
+  process.stderr.write(msg + "\n");
+}
+function parseCreateArgs(argv) {
+  const args = argv.slice(2);
+  const opts = {
+    name: "",
+    policy: "restricted",
+    noInstall: false
+  };
+  for (let i = 0; i < args.length; i++) {
+    switch (args[i]) {
+      case "--policy":
+        opts.policy = args[++i];
+        break;
+      case "--no-install":
+        opts.noInstall = true;
+        break;
+      case "--help":
+      case "-h":
+        printHelp3();
+        process.exit(0);
+        break;
+      default:
+        if (!args[i].startsWith("-") && !opts.name) {
+          opts.name = args[i];
+        }
+    }
+  }
+  if (!opts.name) {
+    log3("");
+    log3("  Error: Project name required.");
+    log3("");
+    log3("  Usage: npx @solongate/proxy create <name>");
+    log3("");
+    log3("  Examples:");
+    log3("    npx @solongate/proxy create my-mcp-server");
+    log3("    npx @solongate/proxy create weather-api");
+    process.exit(1);
+  }
+  return opts;
+}
+function printHelp3() {
+  log3(`
+SolonGate Create \u2014 Scaffold a secure MCP server in seconds
+
+USAGE
+  npx @solongate/proxy create <name> [options]
+
+OPTIONS
+  --policy <preset>   Policy preset (default: restricted)
+  --no-install        Skip dependency installation
+  -h, --help          Show this help message
+
+EXAMPLES
+  npx @solongate/proxy create my-server
+  npx @solongate/proxy create db-tools --policy read-only
+`);
+}
+function createProject(dir, name, _policy) {
+  writeFileSync3(
+    join2(dir, "package.json"),
+    JSON.stringify(
+      {
+        name,
+        version: "0.1.0",
+        type: "module",
+        private: true,
+        bin: { [name]: "./dist/index.js" },
+        scripts: {
+          build: "tsup src/index.ts --format esm",
+          dev: "tsx src/index.ts",
+          start: "node dist/index.js"
+        },
+        dependencies: {
+          "@modelcontextprotocol/sdk": "^1.26.0",
+          "@solongate/sdk": "latest",
+          zod: "^3.25.0"
+        },
+        devDependencies: {
+          tsup: "^8.3.0",
+          tsx: "^4.19.0",
+          typescript: "^5.7.0"
+        }
+      },
+      null,
+      2
+    ) + "\n"
+  );
+  writeFileSync3(
+    join2(dir, "tsconfig.json"),
+    JSON.stringify(
+      {
+        compilerOptions: {
+          target: "ES2022",
+          module: "ESNext",
+          moduleResolution: "bundler",
+          esModuleInterop: true,
+          strict: true,
+          outDir: "dist",
+          rootDir: "src",
+          declaration: true,
+          skipLibCheck: true
+        },
+        include: ["src"]
+      },
+      null,
+      2
+    ) + "\n"
+  );
+  mkdirSync(join2(dir, "src"), { recursive: true });
+  writeFileSync3(
+    join2(dir, "src", "index.ts"),
+    `#!/usr/bin/env node
+
+// MCP uses stdout for JSON-RPC \u2014 redirect console to stderr
+console.log = (...args: unknown[]) => {
+  process.stderr.write(args.map(String).join(' ') + '\\n');
+};
+
+import { SecureMcpServer } from '@solongate/sdk';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { z } from 'zod';
+
+// Create a secure MCP server (API key from SOLONGATE_API_KEY env var)
+const server = new SecureMcpServer({
+  name: '${name}',
+  version: '0.1.0',
+});
+
+// \u2500\u2500 Register your tools below \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+
+server.tool(
+  'hello',
+  'Say hello to someone',
+  { name: z.string().describe('Name of the person to greet') },
+  async ({ name }) => ({
+    content: [{ type: 'text', text: \`Hello, \${name}! Welcome to ${name}.\` }],
+  }),
+);
+
+// Example: Add more tools here
+// server.tool(
+//   'read_data',
+//   'Read data from a source',
+//   { query: z.string().describe('What to read') },
+//   async ({ query }) => ({
+//     content: [{ type: 'text', text: \`Result for: \${query}\` }],
+//   }),
+// );
+
+// \u2500\u2500 Start the server \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+
+const transport = new StdioServerTransport();
+await server.connect(transport);
+console.log('${name} is running');
+`
+  );
+  writeFileSync3(
+    join2(dir, ".mcp.json"),
+    JSON.stringify(
+      {
+        mcpServers: {
+          [name]: {
+            command: "node",
+            args: ["dist/index.js"],
+            env: {
+              SOLONGATE_API_KEY: "sg_test_e4460d32_replace_with_your_key"
+            }
+          }
+        }
+      },
+      null,
+      2
+    ) + "\n"
+  );
+  writeFileSync3(
+    join2(dir, ".gitignore"),
+    `node_modules/
+dist/
+*.solongate-backup
+.env
+.env.local
+`
+  );
+}
+function installDeps(dir) {
+  log3("  Installing dependencies with npm...");
+  try {
+    execSync2("npm install", { cwd: dir, stdio: "pipe" });
+  } catch {
+    log3("  npm install failed \u2014 run it manually.");
+  }
+}
+async function main3() {
+  const opts = parseCreateArgs(process.argv);
+  const dir = resolve4(opts.name);
+  log3("");
+  log3("  \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557");
+  log3("  \u2551     SolonGate \u2014 Create MCP Server        \u2551");
+  log3("  \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D");
+  log3("");
+  if (existsSync4(dir)) {
+    log3(`  Error: Directory "${opts.name}" already exists.`);
+    process.exit(1);
+  }
+  mkdirSync(dir, { recursive: true });
+  log3(`  Project:  ${opts.name}`);
+  log3(`  Language: TypeScript`);
+  log3(`  Policy:   ${opts.policy}`);
+  log3("");
+  createProject(dir, opts.name, opts.policy);
+  log3("  Files created:");
+  log3("    package.json");
+  log3("    tsconfig.json");
+  log3("    src/index.ts");
+  log3("    .mcp.json");
+  log3("    .gitignore");
+  log3("");
+  if (!opts.noInstall) {
+    installDeps(dir);
+    log3("");
+  }
+  log3("  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510");
+  log3("  \u2502  Project created!                             \u2502");
+  log3("  \u2502                                               \u2502");
+  log3(`  \u2502  cd ${opts.name.padEnd(39)}\u2502`);
+  log3("  \u2502                                               \u2502");
+  log3("  \u2502  npm run build        # Build                 \u2502");
+  log3("  \u2502  npm run dev          # Dev mode (tsx)         \u2502");
+  log3("  \u2502  npm start            # Run built server       \u2502");
+  log3("  \u2502                                               \u2502");
+  log3("  \u2502  Set your API key:                             \u2502");
+  log3("  \u2502  export SOLONGATE_API_KEY=sg_live_xxx          \u2502");
+  log3("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518");
+  log3("");
+}
+var init_create = __esm({
+  "src/create.ts"() {
+    "use strict";
+    main3().catch((err) => {
+      log3(`Fatal: ${err instanceof Error ? err.message : String(err)}`);
+      process.exit(1);
+    });
+  }
+});
 
 // ../core/dist/index.js
 import { z } from "zod";
@@ -417,7 +1032,9 @@ var DEFAULT_INPUT_GUARD_CONFIG = Object.freeze({
   shellInjection: true,
   wildcardAbuse: true,
   lengthLimit: 4096,
-  entropyLimit: true
+  entropyLimit: true,
+  ssrf: true,
+  sqlInjection: true
 });
 var PATH_TRAVERSAL_PATTERNS = [
   /\.\.\//,
@@ -443,7 +1060,23 @@ var SENSITIVE_PATHS = [
   /c:\\windows\\system32/i,
   /c:\\windows\\syswow64/i,
   /\/root\//i,
-  /~\//
+  /~\//,
+  /\.env(\.|$)/i,
+  // .env, .env.local, .env.production
+  /\.aws\/credentials/i,
+  // AWS credentials
+  /\.ssh\/id_/i,
+  // SSH keys
+  /\.kube\/config/i,
+  // Kubernetes config
+  /wp-config\.php/i,
+  // WordPress config
+  /\.git\/config/i,
+  // Git config
+  /\.npmrc/i,
+  // npm credentials
+  /\.pypirc/i
+  // PyPI credentials
 ];
 function detectPathTraversal(value) {
   for (const pattern of PATH_TRAVERSAL_PATTERNS) {
@@ -473,8 +1106,18 @@ var SHELL_INJECTION_PATTERNS = [
   // eval command
   /\bexec\b/i,
   // exec command
-  /\bsystem\b/i
+  /\bsystem\b/i,
   // system call
+  /%0a/i,
+  // URL-encoded newline
+  /%0d/i,
+  // URL-encoded carriage return
+  /%09/i,
+  // URL-encoded tab
+  /\r\n/,
+  // CRLF injection
+  /\n/
+  // Newline (command separator on Unix)
 ];
 function detectShellInjection(value) {
   for (const pattern of SHELL_INJECTION_PATTERNS) {
@@ -489,6 +1132,91 @@ function detectWildcardAbuse(value) {
   if (wildcardCount > MAX_WILDCARDS_PER_VALUE) return true;
   return false;
 }
+var SSRF_PATTERNS = [
+  /^https?:\/\/localhost\b/i,
+  /^https?:\/\/127\.\d{1,3}\.\d{1,3}\.\d{1,3}/,
+  /^https?:\/\/0\.0\.0\.0/,
+  /^https?:\/\/\[::1\]/,
+  // IPv6 loopback
+  /^https?:\/\/10\.\d{1,3}\.\d{1,3}\.\d{1,3}/,
+  // 10.x.x.x
+  /^https?:\/\/172\.(1[6-9]|2\d|3[01])\./,
+  // 172.16-31.x.x
+  /^https?:\/\/192\.168\./,
+  // 192.168.x.x
+  /^https?:\/\/169\.254\./,
+  // Link-local / AWS metadata
+  /metadata\.google\.internal/i,
+  // GCP metadata
+  /^https?:\/\/metadata\b/i,
+  // Generic metadata endpoint
+  // IPv6 bypass patterns
+  /^https?:\/\/\[fe80:/i,
+  // IPv6 link-local
+  /^https?:\/\/\[fc00:/i,
+  // IPv6 unique local
+  /^https?:\/\/\[fd[0-9a-f]{2}:/i,
+  // IPv6 unique local (fd00::/8)
+  /^https?:\/\/\[::ffff:127\./i,
+  // IPv4-mapped IPv6 loopback
+  /^https?:\/\/\[::ffff:10\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:172\.(1[6-9]|2\d|3[01])\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:192\.168\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:169\.254\./i,
+  // IPv4-mapped IPv6 link-local
+  // Hex IP bypass (e.g., 0x7f000001 = 127.0.0.1)
+  /^https?:\/\/0x[0-9a-f]+\b/i,
+  // Octal IP bypass (e.g., 0177.0.0.1 = 127.0.0.1)
+  /^https?:\/\/0[0-7]{1,3}\./
+];
+function detectDecimalIP(value) {
+  const match = value.match(/^https?:\/\/(\d{8,10})(?:[:/]|$)/);
+  if (!match || !match[1]) return false;
+  const decimal = parseInt(match[1], 10);
+  if (isNaN(decimal) || decimal > 4294967295) return false;
+  return decimal >= 2130706432 && decimal <= 2147483647 || // 127.0.0.0/8
+  decimal >= 167772160 && decimal <= 184549375 || // 10.0.0.0/8
+  decimal >= 2886729728 && decimal <= 2887778303 || // 172.16.0.0/12
+  decimal >= 3232235520 && decimal <= 3232301055 || // 192.168.0.0/16
+  decimal >= 2851995648 && decimal <= 2852061183 || // 169.254.0.0/16
+  decimal === 0;
+}
+function detectSSRF(value) {
+  for (const pattern of SSRF_PATTERNS) {
+    if (pattern.test(value)) return true;
+  }
+  if (detectDecimalIP(value)) return true;
+  return false;
+}
+var SQL_INJECTION_PATTERNS = [
+  /'\s{0,20}(OR|AND)\s{0,20}'.{0,200}'/i,
+  // ' OR '1'='1 — bounded to prevent ReDoS
+  /'\s{0,10};\s{0,10}(DROP|DELETE|UPDATE|INSERT|ALTER|CREATE|EXEC)/i,
+  // '; DROP TABLE
+  /UNION\s+(ALL\s+)?SELECT/i,
+  // UNION SELECT
+  /--\s*$/m,
+  // SQL comment at end of line
+  /\/\*.{0,500}?\*\//,
+  // SQL block comment — bounded + non-greedy
+  /\bSLEEP\s*\(/i,
+  // Time-based injection
+  /\bBENCHMARK\s*\(/i,
+  // MySQL benchmark
+  /\bWAITFOR\s+DELAY/i,
+  // MSSQL delay
+  /\b(LOAD_FILE|INTO\s+OUTFILE|INTO\s+DUMPFILE)\b/i
+  // File operations
+];
+function detectSQLInjection(value) {
+  for (const pattern of SQL_INJECTION_PATTERNS) {
+    if (pattern.test(value)) return true;
+  }
+  return false;
+}
 function checkLengthLimits(value, maxLength = 4096) {
   return value.length <= maxLength;
 }
@@ -504,87 +1232,478 @@ function calculateShannonEntropy(str) {
   for (const char of str) {
     freq.set(char, (freq.get(char) ?? 0) + 1);
   }
-  let entropy = 0;
-  const len = str.length;
-  for (const count of freq.values()) {
-    const p = count / len;
-    if (p > 0) {
-      entropy -= p * Math.log2(p);
-    }
+  let entropy = 0;
+  const len = str.length;
+  for (const count of freq.values()) {
+    const p = count / len;
+    if (p > 0) {
+      entropy -= p * Math.log2(p);
+    }
+  }
+  return entropy;
+}
+function sanitizeInput(field, value, config = DEFAULT_INPUT_GUARD_CONFIG) {
+  const threats = [];
+  if (typeof value !== "string") {
+    if (typeof value === "object" && value !== null) {
+      return sanitizeObject(field, value, config);
+    }
+    return { safe: true, threats: [] };
+  }
+  if (config.pathTraversal && detectPathTraversal(value)) {
+    threats.push({
+      type: "PATH_TRAVERSAL",
+      field,
+      value: truncate(value, 100),
+      description: "Path traversal pattern detected"
+    });
+  }
+  if (config.shellInjection && detectShellInjection(value)) {
+    threats.push({
+      type: "SHELL_INJECTION",
+      field,
+      value: truncate(value, 100),
+      description: "Shell injection pattern detected"
+    });
+  }
+  if (config.wildcardAbuse && detectWildcardAbuse(value)) {
+    threats.push({
+      type: "WILDCARD_ABUSE",
+      field,
+      value: truncate(value, 100),
+      description: "Wildcard abuse pattern detected"
+    });
+  }
+  if (!checkLengthLimits(value, config.lengthLimit)) {
+    threats.push({
+      type: "LENGTH_EXCEEDED",
+      field,
+      value: `[${value.length} chars]`,
+      description: `Value exceeds maximum length of ${config.lengthLimit}`
+    });
+  }
+  if (config.entropyLimit && !checkEntropyLimits(value)) {
+    threats.push({
+      type: "HIGH_ENTROPY",
+      field,
+      value: truncate(value, 100),
+      description: "High entropy string detected - possible encoded payload"
+    });
+  }
+  if (config.ssrf && detectSSRF(value)) {
+    threats.push({
+      type: "SSRF",
+      field,
+      value: truncate(value, 100),
+      description: "Server-side request forgery pattern detected \u2014 internal/metadata URL blocked"
+    });
+  }
+  if (config.sqlInjection && detectSQLInjection(value)) {
+    threats.push({
+      type: "SQL_INJECTION",
+      field,
+      value: truncate(value, 100),
+      description: "SQL injection pattern detected"
+    });
+  }
+  return { safe: threats.length === 0, threats };
+}
+function sanitizeObject(basePath, obj, config) {
+  const threats = [];
+  if (Array.isArray(obj)) {
+    for (let i = 0; i < obj.length; i++) {
+      const result = sanitizeInput(`${basePath}[${i}]`, obj[i], config);
+      threats.push(...result.threats);
+    }
+  } else {
+    for (const [key, val] of Object.entries(obj)) {
+      const result = sanitizeInput(`${basePath}.${key}`, val, config);
+      threats.push(...result.threats);
+    }
+  }
+  return { safe: threats.length === 0, threats };
+}
+function truncate(str, maxLen) {
+  return str.length > maxLen ? str.slice(0, maxLen) + "..." : str;
+}
+var DEFAULT_TOKEN_TTL_SECONDS = 30;
+var TOKEN_ALGORITHM = "HS256";
+var MIN_SECRET_LENGTH = 32;
+
+// src/config.ts
+import { readFileSync, existsSync } from "fs";
+import { resolve } from "path";
+async function fetchCloudPolicy(apiKey, apiUrl, policyId) {
+  const url = `${apiUrl}/api/v1/policies/${policyId ?? "default"}`;
+  const res = await fetch(url, {
+    headers: { "Authorization": `Bearer ${apiKey}` }
+  });
+  if (!res.ok) {
+    const body = await res.text().catch(() => "");
+    throw new Error(`Failed to fetch policy from cloud (${res.status}): ${body}`);
+  }
+  const data = await res.json();
+  return {
+    id: String(data.id ?? "cloud"),
+    name: String(data.name ?? "Cloud Policy"),
+    version: Number(data._version ?? 1),
+    rules: data.rules ?? [],
+    createdAt: String(data._created_at ?? ""),
+    updatedAt: ""
+  };
+}
+async function sendAuditLog(apiKey, apiUrl, entry) {
+  try {
+    await fetch(`${apiUrl}/api/v1/audit-logs`, {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${apiKey}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(entry)
+    });
+  } catch {
+  }
+}
+var PRESETS = {
+  restricted: {
+    id: "restricted",
+    name: "Restricted",
+    description: "Blocks dangerous tools (shell, web), allows safe tools",
+    version: 1,
+    rules: [
+      {
+        id: "deny-shell",
+        description: "Block shell execution",
+        effect: "DENY",
+        priority: 100,
+        toolPattern: "*shell*",
+        permission: "EXECUTE",
+        minimumTrustLevel: "UNTRUSTED",
+        enabled: true,
+        createdAt: "",
+        updatedAt: ""
+      },
+      {
+        id: "deny-exec",
+        description: "Block command execution",
+        effect: "DENY",
+        priority: 101,
+        toolPattern: "*exec*",
+        permission: "EXECUTE",
+        minimumTrustLevel: "UNTRUSTED",
+        enabled: true,
+        createdAt: "",
+        updatedAt: ""
+      },
+      {
+        id: "deny-eval",
+        description: "Block code eval",
+        effect: "DENY",
+        priority: 102,
+        toolPattern: "*eval*",
+        permission: "EXECUTE",
+        minimumTrustLevel: "UNTRUSTED",
+        enabled: true,
+        createdAt: "",
+        updatedAt: ""
+      },
+      {
+        id: "allow-rest",
+        description: "Allow all other tools",
+        effect: "ALLOW",
+        priority: 1e3,
+        toolPattern: "*",
+        permission: "EXECUTE",
+        minimumTrustLevel: "UNTRUSTED",
+        enabled: true,
+        createdAt: "",
+        updatedAt: ""
+      }
+    ],
+    createdAt: "",
+    updatedAt: ""
+  },
+  "read-only": {
+    id: "read-only",
+    name: "Read Only",
+    description: "Only allows read operations, blocks writes and execution",
+    version: 1,
+    rules: [
+      {
+        id: "allow-read",
+        description: "Allow read tools",
+        effect: "ALLOW",
+        priority: 100,
+        toolPattern: "*read*",
+        permission: "EXECUTE",
+        minimumTrustLevel: "UNTRUSTED",
+        enabled: true,
+        createdAt: "",
+        updatedAt: ""
+      },
+      {
+        id: "allow-list",
+        description: "Allow list tools",
+        effect: "ALLOW",
+        priority: 101,
+        toolPattern: "*list*",
+        permission: "EXECUTE",
+        minimumTrustLevel: "UNTRUSTED",
+        enabled: true,
+        createdAt: "",
+        updatedAt: ""
+      },
+      {
+        id: "allow-get",
+        description: "Allow get tools",
+        effect: "ALLOW",
+        priority: 102,
+        toolPattern: "*get*",
+        permission: "EXECUTE",
+        minimumTrustLevel: "UNTRUSTED",
+        enabled: true,
+        createdAt: "",
+        updatedAt: ""
+      },
+      {
+        id: "allow-search",
+        description: "Allow search tools",
+        effect: "ALLOW",
+        priority: 103,
+        toolPattern: "*search*",
+        permission: "EXECUTE",
+        minimumTrustLevel: "UNTRUSTED",
+        enabled: true,
+        createdAt: "",
+        updatedAt: ""
+      },
+      {
+        id: "allow-query",
+        description: "Allow query tools",
+        effect: "ALLOW",
+        priority: 104,
+        toolPattern: "*query*",
+        permission: "EXECUTE",
+        minimumTrustLevel: "UNTRUSTED",
+        enabled: true,
+        createdAt: "",
+        updatedAt: ""
+      }
+    ],
+    createdAt: "",
+    updatedAt: ""
+  },
+  permissive: {
+    id: "permissive",
+    name: "Permissive",
+    description: "Allows all tool calls (monitoring only)",
+    version: 1,
+    rules: [
+      {
+        id: "allow-all",
+        description: "Allow all",
+        effect: "ALLOW",
+        priority: 1e3,
+        toolPattern: "*",
+        permission: "EXECUTE",
+        minimumTrustLevel: "UNTRUSTED",
+        enabled: true,
+        createdAt: "",
+        updatedAt: ""
+      }
+    ],
+    createdAt: "",
+    updatedAt: ""
+  },
+  "deny-all": {
+    id: "deny-all",
+    name: "Deny All",
+    description: "Blocks all tool calls",
+    version: 1,
+    rules: [],
+    createdAt: "",
+    updatedAt: ""
+  }
+};
+function loadPolicy(source) {
+  if (typeof source === "object") return source;
+  if (PRESETS[source]) return PRESETS[source];
+  const filePath = resolve(source);
+  if (existsSync(filePath)) {
+    const content = readFileSync(filePath, "utf-8");
+    return JSON.parse(content);
   }
-  return entropy;
+  throw new Error(
+    `Unknown policy "${source}". Use a preset (${Object.keys(PRESETS).join(", ")}), a JSON file path, or a PolicySet object.`
+  );
 }
-function sanitizeInput(field, value, config = DEFAULT_INPUT_GUARD_CONFIG) {
-  const threats = [];
-  if (typeof value !== "string") {
-    if (typeof value === "object" && value !== null) {
-      return sanitizeObject(field, value, config);
+function parseArgs(argv) {
+  const args = argv.slice(2);
+  let policySource = "restricted";
+  let name = "solongate-proxy";
+  let verbose = false;
+  let validateInput = true;
+  let rateLimitPerTool;
+  let globalRateLimit;
+  let configFile;
+  let apiKey;
+  let apiUrl;
+  let upstreamUrl;
+  let upstreamTransport;
+  let port;
+  let separatorIndex = args.indexOf("--");
+  const flags = separatorIndex >= 0 ? args.slice(0, separatorIndex) : args;
+  const upstreamArgs = separatorIndex >= 0 ? args.slice(separatorIndex + 1) : [];
+  for (let i = 0; i < flags.length; i++) {
+    switch (flags[i]) {
+      case "--policy":
+        policySource = flags[++i];
+        break;
+      case "--name":
+        name = flags[++i];
+        break;
+      case "--verbose":
+        verbose = true;
+        break;
+      case "--no-input-guard":
+        validateInput = false;
+        break;
+      case "--rate-limit":
+        rateLimitPerTool = parseInt(flags[++i], 10);
+        break;
+      case "--global-rate-limit":
+        globalRateLimit = parseInt(flags[++i], 10);
+        break;
+      case "--config":
+        configFile = flags[++i];
+        break;
+      case "--api-key":
+        apiKey = flags[++i];
+        break;
+      case "--api-url":
+        apiUrl = flags[++i];
+        break;
+      case "--upstream-url":
+        upstreamUrl = flags[++i];
+        break;
+      case "--upstream-transport":
+        upstreamTransport = flags[++i];
+        break;
+      case "--port":
+        port = parseInt(flags[++i], 10);
+        break;
     }
-    return { safe: true, threats: [] };
-  }
-  if (config.pathTraversal && detectPathTraversal(value)) {
-    threats.push({
-      type: "PATH_TRAVERSAL",
-      field,
-      value: truncate(value, 100),
-      description: "Path traversal pattern detected"
-    });
-  }
-  if (config.shellInjection && detectShellInjection(value)) {
-    threats.push({
-      type: "SHELL_INJECTION",
-      field,
-      value: truncate(value, 100),
-      description: "Shell injection pattern detected"
-    });
-  }
-  if (config.wildcardAbuse && detectWildcardAbuse(value)) {
-    threats.push({
-      type: "WILDCARD_ABUSE",
-      field,
-      value: truncate(value, 100),
-      description: "Wildcard abuse pattern detected"
-    });
   }
-  if (!checkLengthLimits(value, config.lengthLimit)) {
-    threats.push({
-      type: "LENGTH_EXCEEDED",
-      field,
-      value: `[${value.length} chars]`,
-      description: `Value exceeds maximum length of ${config.lengthLimit}`
-    });
+  if (!apiKey) {
+    const envKey = process.env.SOLONGATE_API_KEY;
+    if (envKey) {
+      apiKey = envKey;
+    } else {
+      throw new Error(
+        "A valid SolonGate API key is required.\n\nUsage: solongate-proxy --api-key sg_live_xxx -- <command>\n   or: set SOLONGATE_API_KEY=sg_live_xxx\n\nGet your API key at https://solongate.com\n"
+      );
+    }
   }
-  if (config.entropyLimit && !checkEntropyLimits(value)) {
-    threats.push({
-      type: "HIGH_ENTROPY",
-      field,
-      value: truncate(value, 100),
-      description: "High entropy string detected - possible encoded payload"
-    });
+  if (!apiKey.startsWith("sg_live_") && !apiKey.startsWith("sg_test_")) {
+    throw new Error(
+      "Invalid API key format. Keys must start with 'sg_live_' or 'sg_test_'.\nGet your API key at https://solongate.com\n"
+    );
   }
-  return { safe: threats.length === 0, threats };
-}
-function sanitizeObject(basePath, obj, config) {
-  const threats = [];
-  if (Array.isArray(obj)) {
-    for (let i = 0; i < obj.length; i++) {
-      const result = sanitizeInput(`${basePath}[${i}]`, obj[i], config);
-      threats.push(...result.threats);
+  if (configFile) {
+    const filePath = resolve(configFile);
+    const content = readFileSync(filePath, "utf-8");
+    const fileConfig = JSON.parse(content);
+    if (!fileConfig.upstream) {
+      throw new Error('Config file must include "upstream" with at least "command" or "url"');
     }
-  } else {
-    for (const [key, val] of Object.entries(obj)) {
-      const result = sanitizeInput(`${basePath}.${key}`, val, config);
-      threats.push(...result.threats);
+    if (fileConfig.upstream.url && detectSSRF(fileConfig.upstream.url)) {
+      throw new Error(
+        `Upstream URL blocked: "${fileConfig.upstream.url}" points to an internal or private network address.`
+      );
     }
+    return {
+      upstream: fileConfig.upstream,
+      policy: loadPolicy(fileConfig.policy ?? policySource),
+      name: fileConfig.name ?? name,
+      verbose: fileConfig.verbose ?? verbose,
+      validateInput: fileConfig.validateInput ?? validateInput,
+      rateLimitPerTool: fileConfig.rateLimitPerTool ?? rateLimitPerTool,
+      globalRateLimit: fileConfig.globalRateLimit ?? globalRateLimit,
+      apiKey: apiKey ?? fileConfig.apiKey,
+      apiUrl: apiUrl ?? fileConfig.apiUrl,
+      port: port ?? fileConfig.port
+    };
   }
-  return { safe: threats.length === 0, threats };
-}
-function truncate(str, maxLen) {
-  return str.length > maxLen ? str.slice(0, maxLen) + "..." : str;
+  if (upstreamUrl) {
+    if (detectSSRF(upstreamUrl)) {
+      throw new Error(
+        `Upstream URL blocked: "${upstreamUrl}" points to an internal or private network address.
+SSRF protection prevents connecting to localhost, private IPs, or cloud metadata endpoints.`
+      );
+    }
+    const transport = upstreamTransport ?? (upstreamUrl.includes("/sse") ? "sse" : "http");
+    return {
+      upstream: {
+        transport,
+        command: "",
+        // not used for URL-based transports
+        url: upstreamUrl
+      },
+      policy: loadPolicy(policySource),
+      name,
+      verbose,
+      validateInput,
+      rateLimitPerTool,
+      globalRateLimit,
+      apiKey,
+      apiUrl,
+      port
+    };
+  }
+  if (upstreamArgs.length === 0) {
+    throw new Error(
+      "No upstream server command provided.\n\nUsage: solongate-proxy [options] -- <command> [args...]\n\nExamples:\n  solongate-proxy -- node my-server.js\n  solongate-proxy --policy restricted -- npx @openclaw/server\n  solongate-proxy --upstream-url http://localhost:3001/mcp\n  solongate-proxy --config solongate.json\n"
+    );
+  }
+  const [command, ...commandArgs] = upstreamArgs;
+  return {
+    upstream: {
+      transport: upstreamTransport ?? "stdio",
+      command,
+      args: commandArgs,
+      env: { ...process.env }
+    },
+    policy: loadPolicy(policySource),
+    name,
+    verbose,
+    validateInput,
+    rateLimitPerTool,
+    globalRateLimit,
+    apiKey,
+    apiUrl,
+    port
+  };
 }
-var DEFAULT_TOKEN_TTL_SECONDS = 30;
-var TOKEN_ALGORITHM = "HS256";
-var MIN_SECRET_LENGTH = 32;
+
+// src/proxy.ts
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
+import {
+  ListToolsRequestSchema,
+  CallToolRequestSchema,
+  ListResourcesRequestSchema,
+  ListPromptsRequestSchema,
+  GetPromptRequestSchema,
+  ReadResourceRequestSchema,
+  ListResourceTemplatesRequestSchema
+} from "@modelcontextprotocol/sdk/types.js";
+import { createServer as createHttpServer } from "http";
 
 // ../policy-engine/dist/index.js
 import { createHash } from "crypto";
@@ -735,8 +1854,51 @@ function trustLevelMeetsMinimum(actual, minimum) {
 function argumentConstraintsMatch(constraints, args) {
   for (const [key, constraint] of Object.entries(constraints)) {
     if (!(key in args)) return false;
-    if (typeof constraint === "string" && typeof args[key] === "string") {
-      if (constraint !== "*" && args[key] !== constraint) return false;
+    const argValue = args[key];
+    if (typeof constraint === "string") {
+      if (constraint === "*") continue;
+      if (typeof argValue === "string") {
+        if (argValue !== constraint) return false;
+      } else {
+        return false;
+      }
+      continue;
+    }
+    if (typeof constraint === "object" && constraint !== null && !Array.isArray(constraint)) {
+      const ops = constraint;
+      const strValue = typeof argValue === "string" ? argValue : void 0;
+      const numValue = typeof argValue === "number" ? argValue : void 0;
+      if ("$contains" in ops && typeof ops.$contains === "string") {
+        if (!strValue || !strValue.includes(ops.$contains)) return false;
+      }
+      if ("$notContains" in ops && typeof ops.$notContains === "string") {
+        if (strValue && strValue.includes(ops.$notContains)) return false;
+      }
+      if ("$startsWith" in ops && typeof ops.$startsWith === "string") {
+        if (!strValue || !strValue.startsWith(ops.$startsWith)) return false;
+      }
+      if ("$endsWith" in ops && typeof ops.$endsWith === "string") {
+        if (!strValue || !strValue.endsWith(ops.$endsWith)) return false;
+      }
+      if ("$in" in ops && Array.isArray(ops.$in)) {
+        if (!ops.$in.includes(argValue)) return false;
+      }
+      if ("$notIn" in ops && Array.isArray(ops.$notIn)) {
+        if (ops.$notIn.includes(argValue)) return false;
+      }
+      if ("$gt" in ops && typeof ops.$gt === "number") {
+        if (numValue === void 0 || numValue <= ops.$gt) return false;
+      }
+      if ("$lt" in ops && typeof ops.$lt === "number") {
+        if (numValue === void 0 || numValue >= ops.$lt) return false;
+      }
+      if ("$gte" in ops && typeof ops.$gte === "number") {
+        if (numValue === void 0 || numValue < ops.$gte) return false;
+      }
+      if ("$lte" in ops && typeof ops.$lte === "number") {
+        if (numValue === void 0 || numValue > ops.$lte) return false;
+      }
+      continue;
     }
   }
   return true;
@@ -769,7 +1931,15 @@ function evaluatePolicy(policySet, request) {
     matchedRule: null,
     reason: "No matching policy rule found. Default action: DENY.",
     timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-    evaluationTimeMs: endTime - startTime
+    evaluationTimeMs: endTime - startTime,
+    metadata: {
+      evaluatedRules: sortedRules.length,
+      ruleIds: sortedRules.map((r) => r.id),
+      requestContext: {
+        tool: request.toolName,
+        arguments: Object.keys(request.arguments ?? {})
+      }
+    }
   };
 }
 function validatePolicyRule(input) {
@@ -1091,6 +2261,7 @@ var PolicyStore = class {
 
 // ../sdk-ts/dist/index.js
 import { randomUUID, createHmac } from "crypto";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 var DEFAULT_CONFIG = Object.freeze({
   validateSchemas: true,
   enableLogging: true,
@@ -1185,7 +2356,7 @@ async function interceptToolCall(params, upstreamCall, options) {
         timestamp: (/* @__PURE__ */ new Date()).toISOString()
       };
       options.onDecision?.(result);
-      const reason = options.verboseErrors ? `Input validation failed: ${threatDescriptions.join("; ")}` : "Input validation failed.";
+      const reason = options.verboseErrors ? `Input validation failed: ${sanitization.threats.length} threat(s) detected` : "Input validation failed.";
       return createDeniedToolResult(reason);
     }
   }
@@ -1503,6 +2674,25 @@ var RateLimiter = class {
     const resetAt = this.globalRecords.length > 0 ? this.globalRecords[0].timestamp + this.windowMs : now + this.windowMs;
     return { allowed, remaining, resetAt };
   }
+  /**
+   * Atomically checks and records a tool call.
+   * Prevents TOCTOU race conditions between check and record.
+   * Returns the rate limit result; if allowed, the call is already recorded.
+   */
+  checkAndRecord(toolName, limitPerWindow, globalLimit) {
+    const result = this.checkLimit(toolName, limitPerWindow);
+    if (!result.allowed) {
+      return result;
+    }
+    if (globalLimit !== void 0) {
+      const globalResult = this.checkGlobalLimit(globalLimit);
+      if (!globalResult.allowed) {
+        return globalResult;
+      }
+    }
+    this.recordCall(toolName);
+    return result;
+  }
   /**
    * Records a tool call for rate limiting.
    * Call this after successful execution.
@@ -1558,6 +2748,16 @@ var RateLimiter = class {
     return active;
   }
 };
+var LicenseError = class extends Error {
+  constructor(message) {
+    super(
+      `${message}
+  Get your API key at https://solongate.com
+  Usage: new SolonGate({ name: '...', apiKey: 'sg_live_xxx' })`
+    );
+    this.name = "LicenseError";
+  }
+};
 var SolonGate = class {
   policyEngine;
   config;
@@ -1566,7 +2766,19 @@ var SolonGate = class {
   tokenIssuer;
   serverVerifier;
   rateLimiter;
+  apiKey;
+  licenseValidated = false;
   constructor(options) {
+    const apiKey = options.apiKey || process.env.SOLONGATE_API_KEY || "";
+    if (!apiKey) {
+      throw new LicenseError("A valid SolonGate API key is required.");
+    }
+    if (!apiKey.startsWith("sg_live_") && !apiKey.startsWith("sg_test_")) {
+      throw new LicenseError(
+        "Invalid API key format. Keys must start with 'sg_live_' or 'sg_test_'."
+      );
+    }
+    this.apiKey = apiKey;
     const { config, warnings } = resolveConfig(options.config);
     this.config = config;
     this.configWarnings = warnings;
@@ -1592,12 +2804,47 @@ var SolonGate = class {
     this.serverVerifier = config.gatewaySecret ? new ServerVerifier({ gatewaySecret: config.gatewaySecret }) : null;
     this.rateLimiter = new RateLimiter();
   }
+  /**
+   * Validate the API key against the SolonGate cloud API.
+   * Called once on first executeToolCall. Throws LicenseError if invalid.
+   * Test keys (sg_test_) skip online validation.
+   */
+  async validateLicense() {
+    if (this.licenseValidated) return;
+    if (this.apiKey.startsWith("sg_test_")) {
+      this.licenseValidated = true;
+      return;
+    }
+    const apiUrl = this.config.apiUrl ?? "https://api.solongate.com";
+    try {
+      const res = await fetch(`${apiUrl}/api/v1/auth/me`, {
+        headers: {
+          "X-API-Key": this.apiKey,
+          "Authorization": `Bearer ${this.apiKey}`
+        },
+        signal: AbortSignal.timeout(1e4)
+      });
+      if (res.status === 401) {
+        throw new LicenseError("Invalid or expired API key.");
+      }
+      if (res.status === 403) {
+        throw new LicenseError("Your subscription is inactive. Renew at https://solongate.com");
+      }
+      this.licenseValidated = true;
+    } catch (err) {
+      if (err instanceof LicenseError) throw err;
+      throw new LicenseError(
+        "Unable to reach SolonGate license server. Check your internet connection."
+      );
+    }
+  }
   /**
    * Intercept and evaluate a tool call against the full security pipeline.
    * If denied at any stage, returns an error result without calling upstream.
    * If allowed, calls upstream and returns the result.
    */
   async executeToolCall(params, upstreamCall) {
+    await this.validateLicense();
     return interceptToolCall(params, upstreamCall, {
       policyEngine: this.policyEngine,
       validateSchemas: this.config.validateSchemas,
@@ -1647,8 +2894,8 @@ var Mutex = class {
       this.locked = true;
       return;
     }
-    return new Promise((resolve2) => {
-      this.queue.push(resolve2);
+    return new Promise((resolve5) => {
+      this.queue.push(resolve5);
     });
   }
   release() {
@@ -1689,30 +2936,88 @@ var SolonGateProxy = class {
    */
   async start() {
     log("Starting SolonGate Proxy...");
+    const apiUrl = this.config.apiUrl ?? "https://api.solongate.com";
+    if (this.config.apiKey) {
+      log(`Validating license with ${apiUrl}...`);
+      try {
+        const res = await fetch(`${apiUrl}/api/v1/auth/me`, {
+          headers: {
+            "X-API-Key": this.config.apiKey,
+            "Authorization": `Bearer ${this.config.apiKey}`
+          },
+          signal: AbortSignal.timeout(1e4)
+        });
+        if (res.status === 401) {
+          log("ERROR: Invalid or expired API key.");
+          process.exit(1);
+        }
+        if (res.status === 403) {
+          log("ERROR: Your subscription is inactive. Renew at https://solongate.com");
+          process.exit(1);
+        }
+        log("License validated.");
+      } catch (err) {
+        log(`ERROR: Unable to reach SolonGate license server. Check your internet connection.`);
+        log(`Details: ${err instanceof Error ? err.message : String(err)}`);
+        process.exit(1);
+      }
+      try {
+        const cloudPolicy = await fetchCloudPolicy(this.config.apiKey, apiUrl);
+        this.config.policy = cloudPolicy;
+        log(`Loaded cloud policy: ${cloudPolicy.name} (${cloudPolicy.rules.length} rules)`);
+      } catch (err) {
+        log(`Cloud policy fetch failed, using local policy: ${err instanceof Error ? err.message : String(err)}`);
+      }
+    }
     log(`Policy: ${this.config.policy.name} (${this.config.policy.rules.length} rules)`);
-    log(`Upstream: ${this.config.upstream.command} ${(this.config.upstream.args ?? []).join(" ")}`);
+    const transport = this.config.upstream.transport ?? "stdio";
+    if (transport === "stdio") {
+      log(`Upstream: [stdio] ${this.config.upstream.command} ${(this.config.upstream.args ?? []).join(" ")}`);
+    } else {
+      log(`Upstream: [${transport}] ${this.config.upstream.url}`);
+    }
     await this.connectUpstream();
     await this.discoverTools();
     this.createServer();
     await this.serve();
   }
   /**
-   * Connect to the upstream MCP server by spawning it as a child process.
+   * Connect to the upstream MCP server.
+   * Supports stdio (child process), SSE, and StreamableHTTP transports.
    */
   async connectUpstream() {
     this.client = new Client(
       { name: "solongate-proxy-client", version: "0.1.0" },
       { capabilities: {} }
     );
-    const transport = new StdioClientTransport({
-      command: this.config.upstream.command,
-      args: this.config.upstream.args,
-      env: this.config.upstream.env,
-      cwd: this.config.upstream.cwd,
-      stderr: "pipe"
-    });
-    await this.client.connect(transport);
-    log("Connected to upstream server");
+    const upstreamTransport = this.config.upstream.transport ?? "stdio";
+    switch (upstreamTransport) {
+      case "sse": {
+        if (!this.config.upstream.url) throw new Error("--upstream-url required for SSE transport");
+        const transport = new SSEClientTransport(new URL(this.config.upstream.url));
+        await this.client.connect(transport);
+        break;
+      }
+      case "http": {
+        if (!this.config.upstream.url) throw new Error("--upstream-url required for HTTP transport");
+        const transport = new StreamableHTTPClientTransport(new URL(this.config.upstream.url));
+        await this.client.connect(transport);
+        break;
+      }
+      case "stdio":
+      default: {
+        const transport = new StdioClientTransport({
+          command: this.config.upstream.command,
+          args: this.config.upstream.args,
+          env: this.config.upstream.env,
+          cwd: this.config.upstream.cwd,
+          stderr: "pipe"
+        });
+        await this.client.connect(transport);
+        break;
+      }
+    }
+    log(`Connected to upstream server (${upstreamTransport})`);
   }
   /**
    * Discover tools from the upstream server.
@@ -1751,10 +3056,20 @@ var SolonGateProxy = class {
     this.server.setRequestHandler(ListToolsRequestSchema, async () => {
       return { tools: this.upstreamTools };
     });
+    const MAX_ARGUMENT_SIZE = 1024 * 1024;
     this.server.setRequestHandler(CallToolRequestSchema, async (request) => {
       const { name, arguments: args } = request.params;
+      const argsSize = JSON.stringify(args ?? {}).length;
+      if (argsSize > MAX_ARGUMENT_SIZE) {
+        log(`DENY: ${name} \u2014 payload size ${argsSize} exceeds limit ${MAX_ARGUMENT_SIZE}`);
+        return {
+          content: [{ type: "text", text: `Request payload too large (${Math.round(argsSize / 1024)}KB > ${Math.round(MAX_ARGUMENT_SIZE / 1024)}KB limit)` }],
+          isError: true
+        };
+      }
       log(`Tool call: ${name}`);
       await this.callMutex.acquire();
+      const startTime = Date.now();
       try {
         const result = await this.gate.executeToolCall(
           { name, arguments: args ?? {} },
@@ -1767,7 +3082,19 @@ var SolonGateProxy = class {
             return upstreamResult;
           }
         );
-        log(`Result: ${result.isError ? "DENIED/ERROR" : "ALLOWED"}`);
+        const decision = result.isError ? "DENY" : "ALLOW";
+        const evaluationTimeMs = Date.now() - startTime;
+        log(`Result: ${decision} (${evaluationTimeMs}ms)`);
+        if (this.config.apiKey) {
+          const apiUrl = this.config.apiUrl ?? "https://api.solongate.com";
+          sendAuditLog(this.config.apiKey, apiUrl, {
+            tool: name,
+            arguments: args ?? {},
+            decision,
+            reason: result.isError ? result.content[0]?.text ?? "denied" : "allowed",
+            evaluationTimeMs
+          });
+        }
         return {
           content: [...result.content],
           isError: result.isError
@@ -1813,14 +3140,38 @@ var SolonGateProxy = class {
     });
   }
   /**
-   * Start serving on stdio (downstream to Claude).
+   * Start serving downstream.
+   * If --port is set, serves via StreamableHTTP on that port.
+   * Otherwise, serves on stdio (default for Claude Code / Cursor / etc).
    */
   async serve() {
     if (!this.server) throw new Error("Server not created");
-    const transport = new StdioServerTransport();
-    await this.server.connect(transport);
-    log("Proxy is live. All tool calls are now protected by SolonGate.");
-    log("Waiting for requests...");
+    if (this.config.port) {
+      const httpTransport = new StreamableHTTPServerTransport({
+        sessionIdGenerator: () => crypto.randomUUID()
+      });
+      await this.server.connect(httpTransport);
+      const httpServer = createHttpServer(async (req, res) => {
+        if (req.url === "/mcp" || req.url?.startsWith("/mcp?")) {
+          await httpTransport.handleRequest(req, res);
+        } else if (req.url === "/health") {
+          res.writeHead(200, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ status: "healthy", proxy: this.config.name ?? "solongate-proxy" }));
+        } else {
+          res.writeHead(404);
+          res.end("Not found. Use /mcp for MCP protocol or /health for health check.");
+        }
+      });
+      httpServer.listen(this.config.port, () => {
+        log(`Proxy is live on http://localhost:${this.config.port}/mcp`);
+        log("All tool calls are now protected by SolonGate.");
+      });
+    } else {
+      const transport = new StdioServerTransport();
+      await this.server.connect(transport);
+      log("Proxy is live. All tool calls are now protected by SolonGate.");
+      log("Waiting for requests...");
+    }
   }
 };
 
@@ -1837,7 +3188,23 @@ console.error = (...args) => {
   process.stderr.write(`[SolonGate ERROR] ${args.map(String).join(" ")}
 `);
 };
-async function main() {
+async function main4() {
+  const subcommand = process.argv[2];
+  if (subcommand === "init") {
+    process.argv.splice(2, 1);
+    await Promise.resolve().then(() => (init_init(), init_exports));
+    return;
+  }
+  if (subcommand === "inject") {
+    process.argv.splice(2, 1);
+    await Promise.resolve().then(() => (init_inject(), inject_exports));
+    return;
+  }
+  if (subcommand === "create") {
+    process.argv.splice(2, 1);
+    await Promise.resolve().then(() => (init_create(), create_exports));
+    return;
+  }
   try {
     const config = parseArgs(process.argv);
     const proxy = new SolonGateProxy(config);
@@ -1849,4 +3216,4 @@ async function main() {
     process.exit(1);
   }
 }
-main();
+main4();