@solongate/proxy 0.1.2 → 0.1.4

package/dist/index.js

@@ -285,6 +285,730 @@ var init_init = __esm({
   }
 });
 
+// src/inject.ts
+var inject_exports = {};
+import { readFileSync as readFileSync3, writeFileSync as writeFileSync2, existsSync as existsSync3, copyFileSync as copyFileSync2 } from "fs";
+import { resolve as resolve3 } from "path";
+import { execSync } from "child_process";
+function parseInjectArgs(argv) {
+  const args = argv.slice(2);
+  const opts = {
+    dryRun: false,
+    restore: false,
+    skipInstall: false
+  };
+  for (let i = 0; i < args.length; i++) {
+    switch (args[i]) {
+      case "--file":
+        opts.file = args[++i];
+        break;
+      case "--dry-run":
+        opts.dryRun = true;
+        break;
+      case "--restore":
+        opts.restore = true;
+        break;
+      case "--skip-install":
+        opts.skipInstall = true;
+        break;
+      case "--help":
+      case "-h":
+        printHelp2();
+        process.exit(0);
+    }
+  }
+  return opts;
+}
+function printHelp2() {
+  log2(`
+SolonGate Inject \u2014 Add security to your MCP server in seconds
+
+USAGE
+  npx @solongate/proxy inject [options]
+
+OPTIONS
+  --file <path>       Entry file to modify (default: auto-detect)
+  --dry-run           Preview changes without writing
+  --restore           Restore original file from backup
+  --skip-install      Don't install SDK package
+  -h, --help          Show this help message
+
+EXAMPLES
+  npx @solongate/proxy inject                    # Auto-detect and inject
+  npx @solongate/proxy inject --file src/main.ts # Specify entry file
+  npx @solongate/proxy inject --dry-run          # Preview changes
+  npx @solongate/proxy inject --restore          # Undo injection
+
+WHAT IT DOES
+  Replaces McpServer with SecureMcpServer (2 lines changed)
+  All tool() calls are automatically protected by SolonGate.
+`);
+}
+function log2(msg) {
+  process.stderr.write(msg + "\n");
+}
+function detectProject() {
+  if (!existsSync3(resolve3("package.json"))) return false;
+  try {
+    const pkg = JSON.parse(readFileSync3(resolve3("package.json"), "utf-8"));
+    const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+    return !!(allDeps["@modelcontextprotocol/sdk"] || allDeps["@modelcontextprotocol/server"]);
+  } catch {
+    return false;
+  }
+}
+function findTsEntryFile() {
+  try {
+    const pkg = JSON.parse(readFileSync3(resolve3("package.json"), "utf-8"));
+    if (pkg.bin) {
+      const binPath = typeof pkg.bin === "string" ? pkg.bin : Object.values(pkg.bin)[0];
+      if (typeof binPath === "string") {
+        const srcPath = binPath.replace(/^\.\/dist\//, "./src/").replace(/\.js$/, ".ts");
+        if (existsSync3(resolve3(srcPath))) return resolve3(srcPath);
+        if (existsSync3(resolve3(binPath))) return resolve3(binPath);
+      }
+    }
+    if (pkg.main) {
+      const srcPath = pkg.main.replace(/^\.\/dist\//, "./src/").replace(/\.js$/, ".ts");
+      if (existsSync3(resolve3(srcPath))) return resolve3(srcPath);
+    }
+  } catch {
+  }
+  const candidates = [
+    "src/index.ts",
+    "src/server.ts",
+    "src/main.ts",
+    "index.ts",
+    "server.ts",
+    "main.ts"
+  ];
+  for (const c of candidates) {
+    const full = resolve3(c);
+    if (existsSync3(full)) {
+      try {
+        const content = readFileSync3(full, "utf-8");
+        if (content.includes("McpServer") || content.includes("McpServer")) {
+          return full;
+        }
+      } catch {
+      }
+    }
+  }
+  for (const c of candidates) {
+    if (existsSync3(resolve3(c))) return resolve3(c);
+  }
+  return null;
+}
+function detectPackageManager() {
+  if (existsSync3(resolve3("pnpm-lock.yaml"))) return "pnpm";
+  if (existsSync3(resolve3("yarn.lock"))) return "yarn";
+  return "npm";
+}
+function installSdk() {
+  try {
+    const pkg = JSON.parse(readFileSync3(resolve3("package.json"), "utf-8"));
+    const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+    if (allDeps["@solongate/sdk"]) {
+      log2("  @solongate/sdk already installed");
+      return true;
+    }
+  } catch {
+  }
+  const pm = detectPackageManager();
+  const cmd = pm === "yarn" ? "yarn add @solongate/sdk" : `${pm} install @solongate/sdk`;
+  log2(`  Installing @solongate/sdk via ${pm}...`);
+  try {
+    execSync(cmd, { stdio: "pipe", cwd: process.cwd() });
+    return true;
+  } catch (err) {
+    log2(`  Failed to install: ${err instanceof Error ? err.message : String(err)}`);
+    log2("  You can install manually: npm install @solongate/sdk");
+    return false;
+  }
+}
+function injectTypeScript(filePath) {
+  const original = readFileSync3(filePath, "utf-8");
+  const changes = [];
+  let modified = original;
+  if (modified.includes("SecureMcpServer")) {
+    return { file: filePath, changes: ["Already injected \u2014 skipping"], original, modified };
+  }
+  const mcpImportPatterns = [
+    // Solo import: import { McpServer } from '...'
+    /import\s*\{\s*McpServer\s*\}\s*from\s*['"][^'"]+['"]/,
+    // Import with others: import { McpServer, ... } from '...'
+    /import\s*\{[^}]*McpServer[^}]*\}\s*from\s*['"][^'"]+['"]/
+  ];
+  let importReplaced = false;
+  for (const pattern of mcpImportPatterns) {
+    const match = modified.match(pattern);
+    if (match) {
+      const importLine = match[0];
+      const namedImports = importLine.match(/\{([^}]+)\}/)?.[1] ?? "";
+      const importNames = namedImports.split(",").map((s) => s.trim()).filter(Boolean);
+      if (importNames.length === 1 && importNames[0] === "McpServer") {
+        modified = modified.replace(
+          importLine,
+          `import { SecureMcpServer } from '@solongate/sdk'`
+        );
+        changes.push("Replaced McpServer import with SecureMcpServer from @solongate/sdk");
+      } else {
+        const otherImports = importNames.filter((n) => n !== "McpServer");
+        const fromModule = importLine.match(/from\s*['"]([^'"]+)['"]/)?.[1] ?? "";
+        modified = modified.replace(
+          importLine,
+          `import { ${otherImports.join(", ")} } from '${fromModule}';
+import { SecureMcpServer } from '@solongate/sdk'`
+        );
+        changes.push("Removed McpServer from existing import, added SecureMcpServer import from @solongate/sdk");
+      }
+      importReplaced = true;
+      break;
+    }
+  }
+  if (!importReplaced) {
+    const insertPos = findImportInsertPosition(modified);
+    modified = modified.slice(0, insertPos) + `import { SecureMcpServer } from '@solongate/sdk';
+` + modified.slice(insertPos);
+    changes.push("Added SecureMcpServer import from @solongate/sdk");
+  }
+  const constructorPattern = /new\s+McpServer\s*\(/g;
+  const constructorCount = (modified.match(constructorPattern) || []).length;
+  if (constructorCount > 0) {
+    modified = modified.replace(constructorPattern, "new SecureMcpServer(");
+    changes.push(`Replaced ${constructorCount} McpServer constructor(s) with SecureMcpServer`);
+  }
+  return { file: filePath, changes, original, modified };
+}
+function findImportInsertPosition(content) {
+  let pos = 0;
+  if (content.startsWith("#!")) {
+    pos = content.indexOf("\n") + 1;
+  }
+  const lines = content.slice(pos).split("\n");
+  let offset = pos;
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (trimmed === "" || trimmed.startsWith("//") || trimmed.startsWith("/*") || trimmed.startsWith("*") || trimmed.startsWith("*/")) {
+      offset += line.length + 1;
+    } else {
+      break;
+    }
+  }
+  const importRegex = /^import\s+.+$/gm;
+  let lastImportEnd = offset;
+  let importMatch;
+  while ((importMatch = importRegex.exec(content)) !== null) {
+    lastImportEnd = importMatch.index + importMatch[0].length + 1;
+  }
+  return lastImportEnd > offset ? lastImportEnd : offset;
+}
+function showDiff(result) {
+  if (result.original === result.modified) {
+    log2("  No changes needed.");
+    return;
+  }
+  const origLines = result.original.split("\n");
+  const modLines = result.modified.split("\n");
+  log2("");
+  log2(`  File: ${result.file}`);
+  log2("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
+  const maxLines = Math.max(origLines.length, modLines.length);
+  let diffCount = 0;
+  for (let i = 0; i < maxLines; i++) {
+    const orig = origLines[i];
+    const mod = modLines[i];
+    if (orig !== mod) {
+      if (diffCount < 30) {
+        if (orig !== void 0) log2(`  - ${orig}`);
+        if (mod !== void 0) log2(`  + ${mod}`);
+      }
+      diffCount++;
+    }
+  }
+  if (diffCount > 30) {
+    log2(`  ... and ${diffCount - 30} more line changes`);
+  }
+  log2("");
+}
+async function main2() {
+  const opts = parseInjectArgs(process.argv);
+  log2("");
+  log2("  \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557");
+  log2("  \u2551      SolonGate \u2014 Inject SDK              \u2551");
+  log2("  \u2551   Add security to your MCP server        \u2551");
+  log2("  \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D");
+  log2("");
+  if (!detectProject()) {
+    log2("  Could not detect a TypeScript MCP server project.");
+    log2("  Make sure you are in a project directory with:");
+    log2("    package.json + @modelcontextprotocol/sdk in dependencies");
+    log2("");
+    log2("  To create a new MCP server: npx @solongate/proxy create <name>");
+    process.exit(1);
+  }
+  log2("  Language: TypeScript");
+  const entryFile = opts.file ? resolve3(opts.file) : findTsEntryFile();
+  if (!entryFile || !existsSync3(entryFile)) {
+    log2(`  Could not find entry file.${opts.file ? ` File not found: ${opts.file}` : ""}`);
+    log2("");
+    log2("  Specify it manually: --file <path>");
+    log2("");
+    log2("  Common entry points:");
+    log2("    src/index.ts, src/server.ts, index.ts");
+    process.exit(1);
+  }
+  log2(`  Entry:    ${entryFile}`);
+  log2("");
+  const backupPath = entryFile + ".solongate-backup";
+  if (opts.restore) {
+    if (!existsSync3(backupPath)) {
+      log2("  No backup found. Nothing to restore.");
+      process.exit(1);
+    }
+    copyFileSync2(backupPath, entryFile);
+    log2(`  Restored original file from backup.`);
+    log2(`  Backup: ${backupPath}`);
+    process.exit(0);
+  }
+  if (!opts.skipInstall && !opts.dryRun) {
+    installSdk();
+    log2("");
+  }
+  const result = injectTypeScript(entryFile);
+  log2(`  Changes (${result.changes.length}):`);
+  for (const change of result.changes) {
+    log2(`    - ${change}`);
+  }
+  if (result.changes.length === 1 && result.changes[0].includes("Already injected")) {
+    log2("");
+    log2("  Your MCP server is already protected by SolonGate!");
+    process.exit(0);
+  }
+  if (result.original === result.modified) {
+    log2("");
+    log2("  No changes were made. The file may not contain recognizable MCP patterns.");
+    log2("  See docs: https://solongate.com/docs/integration");
+    process.exit(0);
+  }
+  if (opts.dryRun) {
+    log2("");
+    log2("  --- DRY RUN (no changes written) ---");
+    showDiff(result);
+    log2("  To apply: npx @solongate/proxy inject");
+    process.exit(0);
+  }
+  if (!existsSync3(backupPath)) {
+    copyFileSync2(entryFile, backupPath);
+    log2("");
+    log2(`  Backup: ${backupPath}`);
+  }
+  writeFileSync2(entryFile, result.modified);
+  log2("");
+  log2("  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510");
+  log2("  \u2502  SolonGate SDK injected successfully!         \u2502");
+  log2("  \u2502                                               \u2502");
+  log2("  \u2502  McpServer \u2192 SecureMcpServer                  \u2502");
+  log2("  \u2502  All tool() calls are now auto-protected.     \u2502");
+  log2("  \u2502                                               \u2502");
+  log2("  \u2502  Set your API key:                             \u2502");
+  log2("  \u2502    export SOLONGATE_API_KEY=sg_live_xxx        \u2502");
+  log2("  \u2502                                               \u2502");
+  log2("  \u2502  To undo:                                     \u2502");
+  log2("  \u2502    npx @solongate/proxy inject --restore       \u2502");
+  log2("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518");
+  log2("");
+}
+var init_inject = __esm({
+  "src/inject.ts"() {
+    "use strict";
+    main2().catch((err) => {
+      log2(`Fatal: ${err instanceof Error ? err.message : String(err)}`);
+      process.exit(1);
+    });
+  }
+});
+
+// src/create.ts
+var create_exports = {};
+import { mkdirSync, writeFileSync as writeFileSync3, existsSync as existsSync4 } from "fs";
+import { resolve as resolve4, join as join2 } from "path";
+import { execSync as execSync2 } from "child_process";
+function log3(msg) {
+  process.stderr.write(msg + "\n");
+}
+function parseCreateArgs(argv) {
+  const args = argv.slice(2);
+  const opts = {
+    name: "",
+    policy: "restricted",
+    noInstall: false
+  };
+  for (let i = 0; i < args.length; i++) {
+    switch (args[i]) {
+      case "--policy":
+        opts.policy = args[++i];
+        break;
+      case "--no-install":
+        opts.noInstall = true;
+        break;
+      case "--help":
+      case "-h":
+        printHelp3();
+        process.exit(0);
+        break;
+      default:
+        if (!args[i].startsWith("-") && !opts.name) {
+          opts.name = args[i];
+        }
+    }
+  }
+  if (!opts.name) {
+    log3("");
+    log3("  Error: Project name required.");
+    log3("");
+    log3("  Usage: npx @solongate/proxy create <name>");
+    log3("");
+    log3("  Examples:");
+    log3("    npx @solongate/proxy create my-mcp-server");
+    log3("    npx @solongate/proxy create weather-api");
+    process.exit(1);
+  }
+  return opts;
+}
+function printHelp3() {
+  log3(`
+SolonGate Create \u2014 Scaffold a secure MCP server in seconds
+
+USAGE
+  npx @solongate/proxy create <name> [options]
+
+OPTIONS
+  --policy <preset>   Policy preset (default: restricted)
+  --no-install        Skip dependency installation
+  -h, --help          Show this help message
+
+EXAMPLES
+  npx @solongate/proxy create my-server
+  npx @solongate/proxy create db-tools --policy read-only
+`);
+}
+function createProject(dir, name, _policy) {
+  writeFileSync3(
+    join2(dir, "package.json"),
+    JSON.stringify(
+      {
+        name,
+        version: "0.1.0",
+        type: "module",
+        private: true,
+        bin: { [name]: "./dist/index.js" },
+        scripts: {
+          build: "tsup src/index.ts --format esm",
+          dev: "tsx src/index.ts",
+          start: "node dist/index.js"
+        },
+        dependencies: {
+          "@modelcontextprotocol/sdk": "^1.26.0",
+          "@solongate/sdk": "latest",
+          zod: "^3.25.0"
+        },
+        devDependencies: {
+          tsup: "^8.3.0",
+          tsx: "^4.19.0",
+          typescript: "^5.7.0"
+        }
+      },
+      null,
+      2
+    ) + "\n"
+  );
+  writeFileSync3(
+    join2(dir, "tsconfig.json"),
+    JSON.stringify(
+      {
+        compilerOptions: {
+          target: "ES2022",
+          module: "ESNext",
+          moduleResolution: "bundler",
+          esModuleInterop: true,
+          strict: true,
+          outDir: "dist",
+          rootDir: "src",
+          declaration: true,
+          skipLibCheck: true
+        },
+        include: ["src"]
+      },
+      null,
+      2
+    ) + "\n"
+  );
+  mkdirSync(join2(dir, "src"), { recursive: true });
+  writeFileSync3(
+    join2(dir, "src", "index.ts"),
+    `#!/usr/bin/env node
+
+// MCP uses stdout for JSON-RPC \u2014 redirect console to stderr
+console.log = (...args: unknown[]) => {
+  process.stderr.write(args.map(String).join(' ') + '\\n');
+};
+
+import { SecureMcpServer } from '@solongate/sdk';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { z } from 'zod';
+
+// Create a secure MCP server (API key from SOLONGATE_API_KEY env var)
+const server = new SecureMcpServer({
+  name: '${name}',
+  version: '0.1.0',
+});
+
+// \u2500\u2500 Register your tools below \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+
+server.tool(
+  'hello',
+  'Say hello to someone',
+  { name: z.string().describe('Name of the person to greet') },
+  async ({ name }) => ({
+    content: [{ type: 'text', text: \`Hello, \${name}! Welcome to ${name}.\` }],
+  }),
+);
+
+// Example: Add more tools here
+// server.tool(
+//   'read_data',
+//   'Read data from a source',
+//   { query: z.string().describe('What to read') },
+//   async ({ query }) => ({
+//     content: [{ type: 'text', text: \`Result for: \${query}\` }],
+//   }),
+// );
+
+// \u2500\u2500 Start the server \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+
+const transport = new StdioServerTransport();
+await server.connect(transport);
+console.log('${name} is running');
+`
+  );
+  writeFileSync3(
+    join2(dir, ".mcp.json"),
+    JSON.stringify(
+      {
+        mcpServers: {
+          [name]: {
+            command: "node",
+            args: ["dist/index.js"],
+            env: {
+              SOLONGATE_API_KEY: "sg_test_e4460d32_replace_with_your_key"
+            }
+          }
+        }
+      },
+      null,
+      2
+    ) + "\n"
+  );
+  writeFileSync3(
+    join2(dir, ".gitignore"),
+    `node_modules/
+dist/
+*.solongate-backup
+.env
+.env.local
+`
+  );
+}
+function withSpinner(message, fn) {
+  const frames = ["\u280B", "\u2819", "\u2839", "\u2838", "\u283C", "\u2834", "\u2826", "\u2827", "\u2807", "\u280F"];
+  let i = 0;
+  const id = setInterval(() => {
+    process.stderr.write(`\r  ${frames[i++ % frames.length]} ${message}`);
+  }, 80);
+  try {
+    fn();
+    clearInterval(id);
+    process.stderr.write(`\r  \u2713 ${message}
+`);
+  } catch {
+    clearInterval(id);
+    process.stderr.write(`\r  \u2717 ${message} \u2014 failed
+`);
+  }
+}
+function installDeps(dir) {
+  withSpinner("Installing dependencies...", () => {
+    execSync2("npm install", { cwd: dir, stdio: "pipe" });
+  });
+}
+async function main3() {
+  const opts = parseCreateArgs(process.argv);
+  const dir = resolve4(opts.name);
+  log3("");
+  log3("  \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557");
+  log3("  \u2551     SolonGate \u2014 Create MCP Server        \u2551");
+  log3("  \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D");
+  log3("");
+  if (existsSync4(dir)) {
+    log3(`  Error: Directory "${opts.name}" already exists.`);
+    process.exit(1);
+  }
+  mkdirSync(dir, { recursive: true });
+  log3(`  Project:  ${opts.name}`);
+  log3(`  Language: TypeScript`);
+  log3(`  Policy:   ${opts.policy}`);
+  log3("");
+  createProject(dir, opts.name, opts.policy);
+  log3("  Files created:");
+  log3("    package.json");
+  log3("    tsconfig.json");
+  log3("    src/index.ts");
+  log3("    .mcp.json");
+  log3("    .gitignore");
+  log3("");
+  if (!opts.noInstall) {
+    installDeps(dir);
+    log3("");
+  }
+  const W = 46;
+  const line = (s) => log3(`  \u2502 ${s.padEnd(W)} \u2502`);
+  log3(`  \u250C${"\u2500".repeat(W + 2)}\u2510`);
+  line("Project created!");
+  line("");
+  line(`cd ${opts.name}`);
+  line("");
+  line("npm run build     # Build");
+  line("npm run dev       # Dev mode (tsx)");
+  line("npm start         # Run built server");
+  line("");
+  line("Set your API key:");
+  line("export SOLONGATE_API_KEY=sg_live_xxx");
+  log3(`  \u2514${"\u2500".repeat(W + 2)}\u2518`);
+  log3("");
+}
+var init_create = __esm({
+  "src/create.ts"() {
+    "use strict";
+    main3().catch((err) => {
+      log3(`Fatal: ${err instanceof Error ? err.message : String(err)}`);
+      process.exit(1);
+    });
+  }
+});
+
+// ../core/dist/index.js
+import { z } from "zod";
+var Permission = {
+  READ: "READ",
+  WRITE: "WRITE",
+  EXECUTE: "EXECUTE"
+};
+var PermissionSchema = z.enum(["READ", "WRITE", "EXECUTE"]);
+var NO_PERMISSIONS = Object.freeze(
+  /* @__PURE__ */ new Set()
+);
+var READ_ONLY = Object.freeze(
+  /* @__PURE__ */ new Set([Permission.READ])
+);
+var PolicyRuleSchema = z.object({
+  id: z.string().min(1).max(256),
+  description: z.string().max(1024),
+  effect: z.enum(["ALLOW", "DENY"]),
+  priority: z.number().int().min(0).max(1e4).default(1e3),
+  toolPattern: z.string().min(1).max(512),
+  permission: z.enum(["READ", "WRITE", "EXECUTE"]),
+  minimumTrustLevel: z.enum(["UNTRUSTED", "VERIFIED", "TRUSTED"]),
+  argumentConstraints: z.record(z.unknown()).optional(),
+  pathConstraints: z.object({
+    allowed: z.array(z.string()).optional(),
+    denied: z.array(z.string()).optional(),
+    rootDirectory: z.string().optional(),
+    allowSymlinks: z.boolean().optional()
+  }).optional(),
+  enabled: z.boolean().default(true),
+  createdAt: z.string().datetime(),
+  updatedAt: z.string().datetime()
+});
+var PolicySetSchema = z.object({
+  id: z.string().min(1).max(256),
+  name: z.string().min(1).max(256),
+  description: z.string().max(2048),
+  version: z.number().int().min(0),
+  rules: z.array(PolicyRuleSchema),
+  createdAt: z.string().datetime(),
+  updatedAt: z.string().datetime()
+});
+var SECURITY_CONTEXT_TIMEOUT_MS = 5 * 60 * 1e3;
+var DEFAULT_INPUT_GUARD_CONFIG = Object.freeze({
+  pathTraversal: true,
+  shellInjection: true,
+  wildcardAbuse: true,
+  lengthLimit: 4096,
+  entropyLimit: true,
+  ssrf: true,
+  sqlInjection: true
+});
+var SSRF_PATTERNS = [
+  /^https?:\/\/localhost\b/i,
+  /^https?:\/\/127\.\d{1,3}\.\d{1,3}\.\d{1,3}/,
+  /^https?:\/\/0\.0\.0\.0/,
+  /^https?:\/\/\[::1\]/,
+  // IPv6 loopback
+  /^https?:\/\/10\.\d{1,3}\.\d{1,3}\.\d{1,3}/,
+  // 10.x.x.x
+  /^https?:\/\/172\.(1[6-9]|2\d|3[01])\./,
+  // 172.16-31.x.x
+  /^https?:\/\/192\.168\./,
+  // 192.168.x.x
+  /^https?:\/\/169\.254\./,
+  // Link-local / AWS metadata
+  /metadata\.google\.internal/i,
+  // GCP metadata
+  /^https?:\/\/metadata\b/i,
+  // Generic metadata endpoint
+  // IPv6 bypass patterns
+  /^https?:\/\/\[fe80:/i,
+  // IPv6 link-local
+  /^https?:\/\/\[fc00:/i,
+  // IPv6 unique local
+  /^https?:\/\/\[fd[0-9a-f]{2}:/i,
+  // IPv6 unique local (fd00::/8)
+  /^https?:\/\/\[::ffff:127\./i,
+  // IPv4-mapped IPv6 loopback
+  /^https?:\/\/\[::ffff:10\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:172\.(1[6-9]|2\d|3[01])\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:192\.168\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:169\.254\./i,
+  // IPv4-mapped IPv6 link-local
+  // Hex IP bypass (e.g., 0x7f000001 = 127.0.0.1)
+  /^https?:\/\/0x[0-9a-f]+\b/i,
+  // Octal IP bypass (e.g., 0177.0.0.1 = 127.0.0.1)
+  /^https?:\/\/0[0-7]{1,3}\./
+];
+function detectDecimalIP(value) {
+  const match = value.match(/^https?:\/\/(\d{8,10})(?:[:/]|$)/);
+  if (!match || !match[1]) return false;
+  const decimal = parseInt(match[1], 10);
+  if (isNaN(decimal) || decimal > 4294967295) return false;
+  return decimal >= 2130706432 && decimal <= 2147483647 || // 127.0.0.0/8
+  decimal >= 167772160 && decimal <= 184549375 || // 10.0.0.0/8
+  decimal >= 2886729728 && decimal <= 2887778303 || // 172.16.0.0/12
+  decimal >= 3232235520 && decimal <= 3232301055 || // 192.168.0.0/16
+  decimal >= 2851995648 && decimal <= 2852061183 || // 169.254.0.0/16
+  decimal === 0;
+}
+function detectSSRF(value) {
+  for (const pattern of SSRF_PATTERNS) {
+    if (pattern.test(value)) return true;
+  }
+  if (detectDecimalIP(value)) return true;
+  return false;
+}
+
 // src/config.ts
 import { readFileSync, existsSync } from "fs";
 import { resolve } from "path";
@@ -504,6 +1228,9 @@ function parseArgs(argv) {
   let configFile;
   let apiKey;
   let apiUrl;
+  let upstreamUrl;
+  let upstreamTransport;
+  let port;
   let separatorIndex = args.indexOf("--");
   const flags = separatorIndex >= 0 ? args.slice(0, separatorIndex) : args;
   const upstreamArgs = separatorIndex >= 0 ? args.slice(separatorIndex + 1) : [];
@@ -536,14 +1263,43 @@ function parseArgs(argv) {
       case "--api-url":
         apiUrl = flags[++i];
         break;
+      case "--upstream-url":
+        upstreamUrl = flags[++i];
+        break;
+      case "--upstream-transport":
+        upstreamTransport = flags[++i];
+        break;
+      case "--port":
+        port = parseInt(flags[++i], 10);
+        break;
+    }
+  }
+  if (!apiKey) {
+    const envKey = process.env.SOLONGATE_API_KEY;
+    if (envKey) {
+      apiKey = envKey;
+    } else {
+      throw new Error(
+        "A valid SolonGate API key is required.\n\nUsage: solongate-proxy --api-key sg_live_xxx -- <command>\n   or: set SOLONGATE_API_KEY=sg_live_xxx\n\nGet your API key at https://solongate.com\n"
+      );
     }
   }
+  if (!apiKey.startsWith("sg_live_") && !apiKey.startsWith("sg_test_")) {
+    throw new Error(
+      "Invalid API key format. Keys must start with 'sg_live_' or 'sg_test_'.\nGet your API key at https://solongate.com\n"
+    );
+  }
   if (configFile) {
     const filePath = resolve(configFile);
     const content = readFileSync(filePath, "utf-8");
     const fileConfig = JSON.parse(content);
     if (!fileConfig.upstream) {
-      throw new Error('Config file must include "upstream" with at least "command"');
+      throw new Error('Config file must include "upstream" with at least "command" or "url"');
+    }
+    if (fileConfig.upstream.url && detectSSRF(fileConfig.upstream.url)) {
+      throw new Error(
+        `Upstream URL blocked: "${fileConfig.upstream.url}" points to an internal or private network address.`
+      );
     }
     return {
       upstream: fileConfig.upstream,
@@ -554,17 +1310,45 @@ function parseArgs(argv) {
       rateLimitPerTool: fileConfig.rateLimitPerTool ?? rateLimitPerTool,
       globalRateLimit: fileConfig.globalRateLimit ?? globalRateLimit,
       apiKey: apiKey ?? fileConfig.apiKey,
-      apiUrl: apiUrl ?? fileConfig.apiUrl
+      apiUrl: apiUrl ?? fileConfig.apiUrl,
+      port: port ?? fileConfig.port
+    };
+  }
+  if (upstreamUrl) {
+    if (detectSSRF(upstreamUrl)) {
+      throw new Error(
+        `Upstream URL blocked: "${upstreamUrl}" points to an internal or private network address.
+SSRF protection prevents connecting to localhost, private IPs, or cloud metadata endpoints.`
+      );
+    }
+    const transport = upstreamTransport ?? (upstreamUrl.includes("/sse") ? "sse" : "http");
+    return {
+      upstream: {
+        transport,
+        command: "",
+        // not used for URL-based transports
+        url: upstreamUrl
+      },
+      policy: loadPolicy(policySource),
+      name,
+      verbose,
+      validateInput,
+      rateLimitPerTool,
+      globalRateLimit,
+      apiKey,
+      apiUrl,
+      port
     };
   }
   if (upstreamArgs.length === 0) {
     throw new Error(
-      "No upstream server command provided.\n\nUsage: solongate-proxy [options] -- <command> [args...]\n\nExamples:\n  solongate-proxy -- node my-server.js\n  solongate-proxy --policy restricted -- npx @openclaw/server\n  solongate-proxy --config solongate.json\n"
+      "No upstream server command provided.\n\nUsage: solongate-proxy [options] -- <command> [args...]\n\nExamples:\n  solongate-proxy -- node my-server.js\n  solongate-proxy --policy restricted -- npx @openclaw/server\n  solongate-proxy --upstream-url http://localhost:3001/mcp\n  solongate-proxy --config solongate.json\n"
     );
   }
   const [command, ...commandArgs] = upstreamArgs;
   return {
     upstream: {
+      transport: upstreamTransport ?? "stdio",
       command,
       args: commandArgs,
       env: { ...process.env }
@@ -576,15 +1360,19 @@ function parseArgs(argv) {
     rateLimitPerTool,
     globalRateLimit,
     apiKey,
-    apiUrl
+    apiUrl,
+    port
   };
 }
 
 // src/proxy.ts
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { Client } from "@modelcontextprotocol/sdk/client/index.js";
 import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
 import {
   ListToolsRequestSchema,
   CallToolRequestSchema,
@@ -594,9 +1382,12 @@ import {
   ReadResourceRequestSchema,
   ListResourceTemplatesRequestSchema
 } from "@modelcontextprotocol/sdk/types.js";
+import { createServer as createHttpServer } from "http";
 
-// ../core/dist/index.js
-import { z } from "zod";
+// ../sdk-ts/dist/index.js
+import { z as z2 } from "zod";
+import { createHash, randomUUID, createHmac } from "crypto";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 var SolonGateError = class extends Error {
   code;
   timestamp;
@@ -658,49 +1449,49 @@ var TrustLevel = {
   VERIFIED: "VERIFIED",
   TRUSTED: "TRUSTED"
 };
-var Permission = {
+var Permission2 = {
   READ: "READ",
   WRITE: "WRITE",
   EXECUTE: "EXECUTE"
 };
-var PermissionSchema = z.enum(["READ", "WRITE", "EXECUTE"]);
-var NO_PERMISSIONS = Object.freeze(
+z2.enum(["READ", "WRITE", "EXECUTE"]);
+Object.freeze(
   /* @__PURE__ */ new Set()
 );
-var READ_ONLY = Object.freeze(
-  /* @__PURE__ */ new Set([Permission.READ])
+Object.freeze(
+  /* @__PURE__ */ new Set([Permission2.READ])
 );
 var PolicyEffect = {
   ALLOW: "ALLOW",
   DENY: "DENY"
 };
-var PolicyRuleSchema = z.object({
-  id: z.string().min(1).max(256),
-  description: z.string().max(1024),
-  effect: z.enum(["ALLOW", "DENY"]),
-  priority: z.number().int().min(0).max(1e4).default(1e3),
-  toolPattern: z.string().min(1).max(512),
-  permission: z.enum(["READ", "WRITE", "EXECUTE"]),
-  minimumTrustLevel: z.enum(["UNTRUSTED", "VERIFIED", "TRUSTED"]),
-  argumentConstraints: z.record(z.unknown()).optional(),
-  pathConstraints: z.object({
-    allowed: z.array(z.string()).optional(),
-    denied: z.array(z.string()).optional(),
-    rootDirectory: z.string().optional(),
-    allowSymlinks: z.boolean().optional()
+var PolicyRuleSchema2 = z2.object({
+  id: z2.string().min(1).max(256),
+  description: z2.string().max(1024),
+  effect: z2.enum(["ALLOW", "DENY"]),
+  priority: z2.number().int().min(0).max(1e4).default(1e3),
+  toolPattern: z2.string().min(1).max(512),
+  permission: z2.enum(["READ", "WRITE", "EXECUTE"]),
+  minimumTrustLevel: z2.enum(["UNTRUSTED", "VERIFIED", "TRUSTED"]),
+  argumentConstraints: z2.record(z2.unknown()).optional(),
+  pathConstraints: z2.object({
+    allowed: z2.array(z2.string()).optional(),
+    denied: z2.array(z2.string()).optional(),
+    rootDirectory: z2.string().optional(),
+    allowSymlinks: z2.boolean().optional()
   }).optional(),
-  enabled: z.boolean().default(true),
-  createdAt: z.string().datetime(),
-  updatedAt: z.string().datetime()
+  enabled: z2.boolean().default(true),
+  createdAt: z2.string().datetime(),
+  updatedAt: z2.string().datetime()
 });
-var PolicySetSchema = z.object({
-  id: z.string().min(1).max(256),
-  name: z.string().min(1).max(256),
-  description: z.string().max(2048),
-  version: z.number().int().min(0),
-  rules: z.array(PolicyRuleSchema),
-  createdAt: z.string().datetime(),
-  updatedAt: z.string().datetime()
+var PolicySetSchema2 = z2.object({
+  id: z2.string().min(1).max(256),
+  name: z2.string().min(1).max(256),
+  description: z2.string().max(2048),
+  version: z2.number().int().min(0),
+  rules: z2.array(PolicyRuleSchema2),
+  createdAt: z2.string().datetime(),
+  updatedAt: z2.string().datetime()
 });
 function createSecurityContext(params) {
   return {
@@ -714,14 +1505,12 @@ function createSecurityContext(params) {
 }
 var DEFAULT_POLICY_EFFECT = "DENY";
 var MAX_RULES_PER_POLICY_SET = 1e3;
-var SECURITY_CONTEXT_TIMEOUT_MS = 5 * 60 * 1e3;
 var POLICY_EVALUATION_TIMEOUT_MS = 100;
 var RATE_LIMIT_WINDOW_MS = 6e4;
 var RATE_LIMIT_MAX_ENTRIES = 1e4;
 var UNSAFE_CONFIGURATION_WARNINGS = {
   WILDCARD_ALLOW: "Wildcard ALLOW rules grant permission to ALL tools. This bypasses the default-deny model.",
   TRUSTED_LEVEL_EXTERNAL: "Setting trust level to TRUSTED for external requests bypasses all security checks.",
-  WRITE_WITHOUT_READ: "Granting WRITE without READ is unusual and may indicate a misconfiguration.",
   EXECUTE_WITHOUT_REVIEW: "EXECUTE permission allows tools to perform arbitrary actions. Review carefully.",
   RATE_LIMIT_ZERO: "A rate limit of 0 means unlimited calls. This removes protection against runaway loops.",
   DISABLED_VALIDATION: "Disabling schema validation removes input sanitization protections."
@@ -741,12 +1530,14 @@ function createDeniedToolResult(reason) {
     isError: true
   };
 }
-var DEFAULT_INPUT_GUARD_CONFIG = Object.freeze({
+var DEFAULT_INPUT_GUARD_CONFIG2 = Object.freeze({
   pathTraversal: true,
   shellInjection: true,
   wildcardAbuse: true,
   lengthLimit: 4096,
-  entropyLimit: true
+  entropyLimit: true,
+  ssrf: true,
+  sqlInjection: true
 });
 var PATH_TRAVERSAL_PATTERNS = [
   /\.\.\//,
@@ -772,7 +1563,23 @@ var SENSITIVE_PATHS = [
   /c:\\windows\\system32/i,
   /c:\\windows\\syswow64/i,
   /\/root\//i,
-  /~\//
+  /~\//,
+  /\.env(\.|$)/i,
+  // .env, .env.local, .env.production
+  /\.aws\/credentials/i,
+  // AWS credentials
+  /\.ssh\/id_/i,
+  // SSH keys
+  /\.kube\/config/i,
+  // Kubernetes config
+  /wp-config\.php/i,
+  // WordPress config
+  /\.git\/config/i,
+  // Git config
+  /\.npmrc/i,
+  // npm credentials
+  /\.pypirc/i
+  // PyPI credentials
 ];
 function detectPathTraversal(value) {
   for (const pattern of PATH_TRAVERSAL_PATTERNS) {
@@ -802,8 +1609,18 @@ var SHELL_INJECTION_PATTERNS = [
   // eval command
   /\bexec\b/i,
   // exec command
-  /\bsystem\b/i
+  /\bsystem\b/i,
   // system call
+  /%0a/i,
+  // URL-encoded newline
+  /%0d/i,
+  // URL-encoded carriage return
+  /%09/i,
+  // URL-encoded tab
+  /\r\n/,
+  // CRLF injection
+  /\n/
+  // Newline (command separator on Unix)
 ];
 function detectShellInjection(value) {
   for (const pattern of SHELL_INJECTION_PATTERNS) {
@@ -818,6 +1635,91 @@ function detectWildcardAbuse(value) {
   if (wildcardCount > MAX_WILDCARDS_PER_VALUE) return true;
   return false;
 }
+var SSRF_PATTERNS2 = [
+  /^https?:\/\/localhost\b/i,
+  /^https?:\/\/127\.\d{1,3}\.\d{1,3}\.\d{1,3}/,
+  /^https?:\/\/0\.0\.0\.0/,
+  /^https?:\/\/\[::1\]/,
+  // IPv6 loopback
+  /^https?:\/\/10\.\d{1,3}\.\d{1,3}\.\d{1,3}/,
+  // 10.x.x.x
+  /^https?:\/\/172\.(1[6-9]|2\d|3[01])\./,
+  // 172.16-31.x.x
+  /^https?:\/\/192\.168\./,
+  // 192.168.x.x
+  /^https?:\/\/169\.254\./,
+  // Link-local / AWS metadata
+  /metadata\.google\.internal/i,
+  // GCP metadata
+  /^https?:\/\/metadata\b/i,
+  // Generic metadata endpoint
+  // IPv6 bypass patterns
+  /^https?:\/\/\[fe80:/i,
+  // IPv6 link-local
+  /^https?:\/\/\[fc00:/i,
+  // IPv6 unique local
+  /^https?:\/\/\[fd[0-9a-f]{2}:/i,
+  // IPv6 unique local (fd00::/8)
+  /^https?:\/\/\[::ffff:127\./i,
+  // IPv4-mapped IPv6 loopback
+  /^https?:\/\/\[::ffff:10\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:172\.(1[6-9]|2\d|3[01])\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:192\.168\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:169\.254\./i,
+  // IPv4-mapped IPv6 link-local
+  // Hex IP bypass (e.g., 0x7f000001 = 127.0.0.1)
+  /^https?:\/\/0x[0-9a-f]+\b/i,
+  // Octal IP bypass (e.g., 0177.0.0.1 = 127.0.0.1)
+  /^https?:\/\/0[0-7]{1,3}\./
+];
+function detectDecimalIP2(value) {
+  const match = value.match(/^https?:\/\/(\d{8,10})(?:[:/]|$)/);
+  if (!match || !match[1]) return false;
+  const decimal = parseInt(match[1], 10);
+  if (isNaN(decimal) || decimal > 4294967295) return false;
+  return decimal >= 2130706432 && decimal <= 2147483647 || // 127.0.0.0/8
+  decimal >= 167772160 && decimal <= 184549375 || // 10.0.0.0/8
+  decimal >= 2886729728 && decimal <= 2887778303 || // 172.16.0.0/12
+  decimal >= 3232235520 && decimal <= 3232301055 || // 192.168.0.0/16
+  decimal >= 2851995648 && decimal <= 2852061183 || // 169.254.0.0/16
+  decimal === 0;
+}
+function detectSSRF2(value) {
+  for (const pattern of SSRF_PATTERNS2) {
+    if (pattern.test(value)) return true;
+  }
+  if (detectDecimalIP2(value)) return true;
+  return false;
+}
+var SQL_INJECTION_PATTERNS = [
+  /'\s{0,20}(OR|AND)\s{0,20}'.{0,200}'/i,
+  // ' OR '1'='1 — bounded to prevent ReDoS
+  /'\s{0,10};\s{0,10}(DROP|DELETE|UPDATE|INSERT|ALTER|CREATE|EXEC)/i,
+  // '; DROP TABLE
+  /UNION\s+(ALL\s+)?SELECT/i,
+  // UNION SELECT
+  /--\s*$/m,
+  // SQL comment at end of line
+  /\/\*.{0,500}?\*\//,
+  // SQL block comment — bounded + non-greedy
+  /\bSLEEP\s*\(/i,
+  // Time-based injection
+  /\bBENCHMARK\s*\(/i,
+  // MySQL benchmark
+  /\bWAITFOR\s+DELAY/i,
+  // MSSQL delay
+  /\b(LOAD_FILE|INTO\s+OUTFILE|INTO\s+DUMPFILE)\b/i
+  // File operations
+];
+function detectSQLInjection(value) {
+  for (const pattern of SQL_INJECTION_PATTERNS) {
+    if (pattern.test(value)) return true;
+  }
+  return false;
+}
 function checkLengthLimits(value, maxLength = 4096) {
   return value.length <= maxLength;
 }
@@ -843,7 +1745,7 @@ function calculateShannonEntropy(str) {
   }
   return entropy;
 }
-function sanitizeInput(field, value, config = DEFAULT_INPUT_GUARD_CONFIG) {
+function sanitizeInput(field, value, config = DEFAULT_INPUT_GUARD_CONFIG2) {
   const threats = [];
   if (typeof value !== "string") {
     if (typeof value === "object" && value !== null) {
@@ -891,6 +1793,22 @@ function sanitizeInput(field, value, config = DEFAULT_INPUT_GUARD_CONFIG) {
       description: "High entropy string detected - possible encoded payload"
     });
   }
+  if (config.ssrf && detectSSRF2(value)) {
+    threats.push({
+      type: "SSRF",
+      field,
+      value: truncate(value, 100),
+      description: "Server-side request forgery pattern detected \u2014 internal/metadata URL blocked"
+    });
+  }
+  if (config.sqlInjection && detectSQLInjection(value)) {
+    threats.push({
+      type: "SQL_INJECTION",
+      field,
+      value: truncate(value, 100),
+      description: "SQL injection pattern detected"
+    });
+  }
   return { safe: threats.length === 0, threats };
 }
 function sanitizeObject(basePath, obj, config) {
@@ -914,9 +1832,6 @@ function truncate(str, maxLen) {
 var DEFAULT_TOKEN_TTL_SECONDS = 30;
 var TOKEN_ALGORITHM = "HS256";
 var MIN_SECRET_LENGTH = 32;
-
-// ../policy-engine/dist/index.js
-import { createHash } from "crypto";
 function normalizePath(path) {
   let normalized = path.replace(/\\/g, "/");
   if (normalized.length > 1 && normalized.endsWith("/")) {
@@ -1064,8 +1979,51 @@ function trustLevelMeetsMinimum(actual, minimum) {
 function argumentConstraintsMatch(constraints, args) {
   for (const [key, constraint] of Object.entries(constraints)) {
     if (!(key in args)) return false;
-    if (typeof constraint === "string" && typeof args[key] === "string") {
-      if (constraint !== "*" && args[key] !== constraint) return false;
+    const argValue = args[key];
+    if (typeof constraint === "string") {
+      if (constraint === "*") continue;
+      if (typeof argValue === "string") {
+        if (argValue !== constraint) return false;
+      } else {
+        return false;
+      }
+      continue;
+    }
+    if (typeof constraint === "object" && constraint !== null && !Array.isArray(constraint)) {
+      const ops = constraint;
+      const strValue = typeof argValue === "string" ? argValue : void 0;
+      const numValue = typeof argValue === "number" ? argValue : void 0;
+      if ("$contains" in ops && typeof ops.$contains === "string") {
+        if (!strValue || !strValue.includes(ops.$contains)) return false;
+      }
+      if ("$notContains" in ops && typeof ops.$notContains === "string") {
+        if (strValue && strValue.includes(ops.$notContains)) return false;
+      }
+      if ("$startsWith" in ops && typeof ops.$startsWith === "string") {
+        if (!strValue || !strValue.startsWith(ops.$startsWith)) return false;
+      }
+      if ("$endsWith" in ops && typeof ops.$endsWith === "string") {
+        if (!strValue || !strValue.endsWith(ops.$endsWith)) return false;
+      }
+      if ("$in" in ops && Array.isArray(ops.$in)) {
+        if (!ops.$in.includes(argValue)) return false;
+      }
+      if ("$notIn" in ops && Array.isArray(ops.$notIn)) {
+        if (ops.$notIn.includes(argValue)) return false;
+      }
+      if ("$gt" in ops && typeof ops.$gt === "number") {
+        if (numValue === void 0 || numValue <= ops.$gt) return false;
+      }
+      if ("$lt" in ops && typeof ops.$lt === "number") {
+        if (numValue === void 0 || numValue >= ops.$lt) return false;
+      }
+      if ("$gte" in ops && typeof ops.$gte === "number") {
+        if (numValue === void 0 || numValue < ops.$gte) return false;
+      }
+      if ("$lte" in ops && typeof ops.$lte === "number") {
+        if (numValue === void 0 || numValue > ops.$lte) return false;
+      }
+      continue;
     }
   }
   return true;
@@ -1098,13 +2056,21 @@ function evaluatePolicy(policySet, request) {
     matchedRule: null,
     reason: "No matching policy rule found. Default action: DENY.",
     timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-    evaluationTimeMs: endTime - startTime
+    evaluationTimeMs: endTime - startTime,
+    metadata: {
+      evaluatedRules: sortedRules.length,
+      ruleIds: sortedRules.map((r) => r.id),
+      requestContext: {
+        tool: request.toolName,
+        arguments: Object.keys(request.arguments ?? {})
+      }
+    }
   };
 }
 function validatePolicyRule(input) {
   const errors = [];
   const warnings = [];
-  const result = PolicyRuleSchema.safeParse(input);
+  const result = PolicyRuleSchema2.safeParse(input);
   if (!result.success) {
     return {
       valid: false,
@@ -1129,7 +2095,7 @@ function validatePolicyRule(input) {
 function validatePolicySet(input) {
   const errors = [];
   const warnings = [];
-  const result = PolicySetSchema.safeParse(input);
+  const result = PolicySetSchema2.safeParse(input);
   if (!result.success) {
     return {
       valid: false,
@@ -1223,7 +2189,7 @@ function createDefaultDenyPolicySet() {
         effect: PolicyEffect.DENY,
         priority: 1e4,
         toolPattern: "*",
-        permission: Permission.EXECUTE,
+        permission: Permission2.EXECUTE,
         minimumTrustLevel: TrustLevel.UNTRUSTED,
         enabled: true,
         createdAt: now,
@@ -1235,7 +2201,7 @@ function createDefaultDenyPolicySet() {
         effect: PolicyEffect.DENY,
         priority: 1e4,
         toolPattern: "*",
-        permission: Permission.WRITE,
+        permission: Permission2.WRITE,
         minimumTrustLevel: TrustLevel.UNTRUSTED,
         enabled: true,
         createdAt: now,
@@ -1247,7 +2213,7 @@ function createDefaultDenyPolicySet() {
         effect: PolicyEffect.DENY,
         priority: 1e4,
         toolPattern: "*",
-        permission: Permission.READ,
+        permission: Permission2.READ,
         minimumTrustLevel: TrustLevel.UNTRUSTED,
         enabled: true,
         createdAt: now,
@@ -1417,9 +2383,6 @@ var PolicyStore = class {
     return createHash("sha256").update(serialized).digest("hex");
   }
 };
-
-// ../sdk-ts/dist/index.js
-import { randomUUID, createHmac } from "crypto";
 var DEFAULT_CONFIG = Object.freeze({
   validateSchemas: true,
   enableLogging: true,
@@ -1429,7 +2392,7 @@ var DEFAULT_CONFIG = Object.freeze({
   globalRateLimitPerMinute: 600,
   rateLimitPerTool: 60,
   tokenTtlSeconds: 30,
-  inputGuardConfig: DEFAULT_INPUT_GUARD_CONFIG,
+  inputGuardConfig: DEFAULT_INPUT_GUARD_CONFIG2,
   enableVersionedPolicies: true
 });
 function resolveConfig(userConfig) {
@@ -1462,7 +2425,7 @@ async function interceptToolCall(params, upstreamCall, options) {
     toolName: params.name,
     serverName: "default",
     arguments: params.arguments ?? {},
-    requiredPermission: Permission.EXECUTE,
+    requiredPermission: Permission2.EXECUTE,
     timestamp
   };
   if (options.rateLimiter) {
@@ -1501,7 +2464,7 @@ async function interceptToolCall(params, upstreamCall, options) {
     }
   }
   if (options.validateSchemas && params.arguments) {
-    const guardConfig = options.inputGuardConfig ?? DEFAULT_INPUT_GUARD_CONFIG;
+    const guardConfig = options.inputGuardConfig ?? DEFAULT_INPUT_GUARD_CONFIG2;
     const sanitization = sanitizeInput("arguments", params.arguments, guardConfig);
     if (!sanitization.safe) {
       const threatDescriptions = sanitization.threats.map(
@@ -1514,7 +2477,7 @@ async function interceptToolCall(params, upstreamCall, options) {
         timestamp: (/* @__PURE__ */ new Date()).toISOString()
       };
       options.onDecision?.(result);
-      const reason = options.verboseErrors ? `Input validation failed: ${threatDescriptions.join("; ")}` : "Input validation failed.";
+      const reason = options.verboseErrors ? `Input validation failed: ${sanitization.threats.length} threat(s) detected` : "Input validation failed.";
       return createDeniedToolResult(reason);
     }
   }
@@ -1534,7 +2497,7 @@ async function interceptToolCall(params, upstreamCall, options) {
   if (options.tokenIssuer) {
     capabilityToken = options.tokenIssuer.issue(
       requestId,
-      [Permission.EXECUTE],
+      [Permission2.EXECUTE],
       [params.name]
     );
   }
@@ -1832,6 +2795,25 @@ var RateLimiter = class {
     const resetAt = this.globalRecords.length > 0 ? this.globalRecords[0].timestamp + this.windowMs : now + this.windowMs;
     return { allowed, remaining, resetAt };
   }
+  /**
+   * Atomically checks and records a tool call.
+   * Prevents TOCTOU race conditions between check and record.
+   * Returns the rate limit result; if allowed, the call is already recorded.
+   */
+  checkAndRecord(toolName, limitPerWindow, globalLimit) {
+    const result = this.checkLimit(toolName, limitPerWindow);
+    if (!result.allowed) {
+      return result;
+    }
+    if (globalLimit !== void 0) {
+      const globalResult = this.checkGlobalLimit(globalLimit);
+      if (!globalResult.allowed) {
+        return globalResult;
+      }
+    }
+    this.recordCall(toolName);
+    return result;
+  }
   /**
    * Records a tool call for rate limiting.
    * Call this after successful execution.
@@ -1887,6 +2869,16 @@ var RateLimiter = class {
     return active;
   }
 };
+var LicenseError = class extends Error {
+  constructor(message) {
+    super(
+      `${message}
+  Get your API key at https://solongate.com
+  Usage: new SolonGate({ name: '...', apiKey: 'sg_live_xxx' })`
+    );
+    this.name = "LicenseError";
+  }
+};
 var SolonGate = class {
   policyEngine;
   config;
@@ -1895,7 +2887,19 @@ var SolonGate = class {
   tokenIssuer;
   serverVerifier;
   rateLimiter;
+  apiKey;
+  licenseValidated = false;
   constructor(options) {
+    const apiKey = options.apiKey || process.env.SOLONGATE_API_KEY || "";
+    if (!apiKey) {
+      throw new LicenseError("A valid SolonGate API key is required.");
+    }
+    if (!apiKey.startsWith("sg_live_") && !apiKey.startsWith("sg_test_")) {
+      throw new LicenseError(
+        "Invalid API key format. Keys must start with 'sg_live_' or 'sg_test_'."
+      );
+    }
+    this.apiKey = apiKey;
     const { config, warnings } = resolveConfig(options.config);
     this.config = config;
     this.configWarnings = warnings;
@@ -1921,12 +2925,47 @@ var SolonGate = class {
     this.serverVerifier = config.gatewaySecret ? new ServerVerifier({ gatewaySecret: config.gatewaySecret }) : null;
     this.rateLimiter = new RateLimiter();
   }
+  /**
+   * Validate the API key against the SolonGate cloud API.
+   * Called once on first executeToolCall. Throws LicenseError if invalid.
+   * Test keys (sg_test_) skip online validation.
+   */
+  async validateLicense() {
+    if (this.licenseValidated) return;
+    if (this.apiKey.startsWith("sg_test_")) {
+      this.licenseValidated = true;
+      return;
+    }
+    const apiUrl = this.config.apiUrl ?? "https://api.solongate.com";
+    try {
+      const res = await fetch(`${apiUrl}/api/v1/auth/me`, {
+        headers: {
+          "X-API-Key": this.apiKey,
+          "Authorization": `Bearer ${this.apiKey}`
+        },
+        signal: AbortSignal.timeout(1e4)
+      });
+      if (res.status === 401) {
+        throw new LicenseError("Invalid or expired API key.");
+      }
+      if (res.status === 403) {
+        throw new LicenseError("Your subscription is inactive. Renew at https://solongate.com");
+      }
+      this.licenseValidated = true;
+    } catch (err) {
+      if (err instanceof LicenseError) throw err;
+      throw new LicenseError(
+        "Unable to reach SolonGate license server. Check your internet connection."
+      );
+    }
+  }
   /**
    * Intercept and evaluate a tool call against the full security pipeline.
    * If denied at any stage, returns an error result without calling upstream.
    * If allowed, calls upstream and returns the result.
    */
   async executeToolCall(params, upstreamCall) {
+    await this.validateLicense();
     return interceptToolCall(params, upstreamCall, {
       policyEngine: this.policyEngine,
       validateSchemas: this.config.validateSchemas,
@@ -1976,8 +3015,8 @@ var Mutex = class {
       this.locked = true;
       return;
     }
-    return new Promise((resolve3) => {
-      this.queue.push(resolve3);
+    return new Promise((resolve5) => {
+      this.queue.push(resolve5);
     });
   }
   release() {
@@ -2018,9 +3057,31 @@ var SolonGateProxy = class {
    */
   async start() {
     log("Starting SolonGate Proxy...");
+    const apiUrl = this.config.apiUrl ?? "https://api.solongate.com";
     if (this.config.apiKey) {
-      const apiUrl = this.config.apiUrl ?? "https://api.solongate.com";
-      log(`Cloud API: ${apiUrl}`);
+      log(`Validating license with ${apiUrl}...`);
+      try {
+        const res = await fetch(`${apiUrl}/api/v1/auth/me`, {
+          headers: {
+            "X-API-Key": this.config.apiKey,
+            "Authorization": `Bearer ${this.config.apiKey}`
+          },
+          signal: AbortSignal.timeout(1e4)
+        });
+        if (res.status === 401) {
+          log("ERROR: Invalid or expired API key.");
+          process.exit(1);
+        }
+        if (res.status === 403) {
+          log("ERROR: Your subscription is inactive. Renew at https://solongate.com");
+          process.exit(1);
+        }
+        log("License validated.");
+      } catch (err) {
+        log(`ERROR: Unable to reach SolonGate license server. Check your internet connection.`);
+        log(`Details: ${err instanceof Error ? err.message : String(err)}`);
+        process.exit(1);
+      }
       try {
         const cloudPolicy = await fetchCloudPolicy(this.config.apiKey, apiUrl);
         this.config.policy = cloudPolicy;
@@ -2030,29 +3091,54 @@ var SolonGateProxy = class {
       }
     }
     log(`Policy: ${this.config.policy.name} (${this.config.policy.rules.length} rules)`);
-    log(`Upstream: ${this.config.upstream.command} ${(this.config.upstream.args ?? []).join(" ")}`);
+    const transport = this.config.upstream.transport ?? "stdio";
+    if (transport === "stdio") {
+      log(`Upstream: [stdio] ${this.config.upstream.command} ${(this.config.upstream.args ?? []).join(" ")}`);
+    } else {
+      log(`Upstream: [${transport}] ${this.config.upstream.url}`);
+    }
     await this.connectUpstream();
     await this.discoverTools();
     this.createServer();
     await this.serve();
   }
   /**
-   * Connect to the upstream MCP server by spawning it as a child process.
+   * Connect to the upstream MCP server.
+   * Supports stdio (child process), SSE, and StreamableHTTP transports.
    */
   async connectUpstream() {
     this.client = new Client(
       { name: "solongate-proxy-client", version: "0.1.0" },
       { capabilities: {} }
     );
-    const transport = new StdioClientTransport({
-      command: this.config.upstream.command,
-      args: this.config.upstream.args,
-      env: this.config.upstream.env,
-      cwd: this.config.upstream.cwd,
-      stderr: "pipe"
-    });
-    await this.client.connect(transport);
-    log("Connected to upstream server");
+    const upstreamTransport = this.config.upstream.transport ?? "stdio";
+    switch (upstreamTransport) {
+      case "sse": {
+        if (!this.config.upstream.url) throw new Error("--upstream-url required for SSE transport");
+        const transport = new SSEClientTransport(new URL(this.config.upstream.url));
+        await this.client.connect(transport);
+        break;
+      }
+      case "http": {
+        if (!this.config.upstream.url) throw new Error("--upstream-url required for HTTP transport");
+        const transport = new StreamableHTTPClientTransport(new URL(this.config.upstream.url));
+        await this.client.connect(transport);
+        break;
+      }
+      case "stdio":
+      default: {
+        const transport = new StdioClientTransport({
+          command: this.config.upstream.command,
+          args: this.config.upstream.args,
+          env: this.config.upstream.env,
+          cwd: this.config.upstream.cwd,
+          stderr: "pipe"
+        });
+        await this.client.connect(transport);
+        break;
+      }
+    }
+    log(`Connected to upstream server (${upstreamTransport})`);
   }
   /**
    * Discover tools from the upstream server.
@@ -2091,8 +3177,17 @@ var SolonGateProxy = class {
     this.server.setRequestHandler(ListToolsRequestSchema, async () => {
       return { tools: this.upstreamTools };
     });
+    const MAX_ARGUMENT_SIZE = 1024 * 1024;
     this.server.setRequestHandler(CallToolRequestSchema, async (request) => {
       const { name, arguments: args } = request.params;
+      const argsSize = JSON.stringify(args ?? {}).length;
+      if (argsSize > MAX_ARGUMENT_SIZE) {
+        log(`DENY: ${name} \u2014 payload size ${argsSize} exceeds limit ${MAX_ARGUMENT_SIZE}`);
+        return {
+          content: [{ type: "text", text: `Request payload too large (${Math.round(argsSize / 1024)}KB > ${Math.round(MAX_ARGUMENT_SIZE / 1024)}KB limit)` }],
+          isError: true
+        };
+      }
       log(`Tool call: ${name}`);
       await this.callMutex.acquire();
       const startTime = Date.now();
@@ -2166,14 +3261,38 @@ var SolonGateProxy = class {
     });
   }
   /**
-   * Start serving on stdio (downstream to Claude).
+   * Start serving downstream.
+   * If --port is set, serves via StreamableHTTP on that port.
+   * Otherwise, serves on stdio (default for Claude Code / Cursor / etc).
    */
   async serve() {
     if (!this.server) throw new Error("Server not created");
-    const transport = new StdioServerTransport();
-    await this.server.connect(transport);
-    log("Proxy is live. All tool calls are now protected by SolonGate.");
-    log("Waiting for requests...");
+    if (this.config.port) {
+      const httpTransport = new StreamableHTTPServerTransport({
+        sessionIdGenerator: () => crypto.randomUUID()
+      });
+      await this.server.connect(httpTransport);
+      const httpServer = createHttpServer(async (req, res) => {
+        if (req.url === "/mcp" || req.url?.startsWith("/mcp?")) {
+          await httpTransport.handleRequest(req, res);
+        } else if (req.url === "/health") {
+          res.writeHead(200, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ status: "healthy", proxy: this.config.name ?? "solongate-proxy" }));
+        } else {
+          res.writeHead(404);
+          res.end("Not found. Use /mcp for MCP protocol or /health for health check.");
+        }
+      });
+      httpServer.listen(this.config.port, () => {
+        log(`Proxy is live on http://localhost:${this.config.port}/mcp`);
+        log("All tool calls are now protected by SolonGate.");
+      });
+    } else {
+      const transport = new StdioServerTransport();
+      await this.server.connect(transport);
+      log("Proxy is live. All tool calls are now protected by SolonGate.");
+      log("Waiting for requests...");
+    }
   }
 };
 
@@ -2190,13 +3309,23 @@ console.error = (...args) => {
   process.stderr.write(`[SolonGate ERROR] ${args.map(String).join(" ")}
 `);
 };
-async function main2() {
+async function main4() {
   const subcommand = process.argv[2];
   if (subcommand === "init") {
     process.argv.splice(2, 1);
     await Promise.resolve().then(() => (init_init(), init_exports));
     return;
   }
+  if (subcommand === "inject") {
+    process.argv.splice(2, 1);
+    await Promise.resolve().then(() => (init_inject(), inject_exports));
+    return;
+  }
+  if (subcommand === "create") {
+    process.argv.splice(2, 1);
+    await Promise.resolve().then(() => (init_create(), create_exports));
+    return;
+  }
   try {
     const config = parseArgs(process.argv);
     const proxy = new SolonGateProxy(config);
@@ -2208,4 +3337,4 @@ async function main2() {
     process.exit(1);
   }
 }
-main2();
+main4();