npm - @solongate/proxy - Versions diffs - 0.1.20 → 0.1.22 - Mend

@solongate/proxy 0.1.20 → 0.1.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/create.js CHANGED Viewed

@@ -132,8 +132,8 @@ function createProject(dir, name, _policy) {
         bin: { [name]: "./dist/index.js" },
         scripts: {
           build: "tsup src/index.ts --format esm",
-          dev: "tsx src/index.ts",
-          start: "node dist/index.js"
+          dev: "tsx --env-file=.env src/index.ts",
+          start: "node --env-file=.env dist/index.js"
         },
         dependencies: {
           "@modelcontextprotocol/sdk": "^1.26.0",
@@ -181,13 +181,14 @@ console.log = (...args: unknown[]) => {
   process.stderr.write(args.map(String).join(' ') + '\\n');
 };
-import { SecureMcpServer, createPermissivePolicySet } from '@solongate/sdk';
+import { SecureMcpServer } from '@solongate/sdk';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { z } from 'zod';
+// Policy is managed from the SolonGate Dashboard (https://solongate.com)
+// No local policySet needed \u2014 it's fetched from the cloud via your API key.
 const server = new SecureMcpServer(
   { name: '${name}', version: '0.1.0' },
-  { policySet: createPermissivePolicySet() },
 );
 server.tool(
@@ -213,7 +214,7 @@ console.log('${name} is running');
             command: "node",
             args: ["dist/index.js"],
             env: {
-              SOLONGATE_API_KEY: "sg_test_YOUR_KEY_HERE"
+              SOLONGATE_API_KEY: "sg_live_YOUR_KEY_HERE"
             }
           }
         }
@@ -222,6 +223,11 @@ console.log('${name} is running');
       2
     ) + "\n"
   );
+  writeFileSync(
+    join(dir, ".env"),
+    `SOLONGATE_API_KEY=sg_live_YOUR_KEY_HERE
+`
+  );
   writeFileSync(
     join(dir, ".gitignore"),
     `node_modules/
@@ -288,11 +294,16 @@ async function main() {
   bEmpty();
   log(`  ${c.dim}\u251C${hr}\u2524${c.reset}`);
   bEmpty();
-  bLine(`${c.yellow}Use with Claude Code:${c.reset}`);
+  bLine(`${c.yellow}Use with Claude Code / Cursor / MCP client:${c.reset}`);
+  bEmpty();
+  bLine(`  ${c.dim}1.${c.reset} Replace ${c.blue3}sg_live_YOUR_KEY_HERE${c.reset} in .mcp.json`);
+  bLine(`  ${c.dim}2.${c.reset} Open this folder in your MCP client`);
+  bLine(`  ${c.dim}3.${c.reset} .mcp.json is auto-detected on startup`);
+  bEmpty();
+  bLine(`${c.yellow}Direct test (without MCP client):${c.reset}`);
   bEmpty();
-  bLine(`  ${c.dim}1.${c.reset} Open the project folder in Claude Code`);
-  bLine(`  ${c.dim}2.${c.reset} .mcp.json is auto-detected on startup`);
-  bLine(`  ${c.dim}3.${c.reset} Restart Claude Code if already open`);
+  bLine(`  ${c.dim}1.${c.reset} Replace ${c.blue3}sg_live_YOUR_KEY_HERE${c.reset} in .env`);
+  bLine(`  ${c.dim}2.${c.reset} ${c.cyan}$${c.reset} npm run build && npm start`);
   bEmpty();
   log(`  ${c.dim}\u2570${hr}\u256F${c.reset}`);
   log("");

package/dist/index.js CHANGED Viewed

@@ -844,8 +844,8 @@ function createProject(dir, name, _policy) {
         bin: { [name]: "./dist/index.js" },
         scripts: {
           build: "tsup src/index.ts --format esm",
-          dev: "tsx src/index.ts",
-          start: "node dist/index.js"
+          dev: "tsx --env-file=.env src/index.ts",
+          start: "node --env-file=.env dist/index.js"
         },
         dependencies: {
           "@modelcontextprotocol/sdk": "^1.26.0",
@@ -893,13 +893,14 @@ console.log = (...args: unknown[]) => {
   process.stderr.write(args.map(String).join(' ') + '\\n');
 };
-import { SecureMcpServer, createPermissivePolicySet } from '@solongate/sdk';
+import { SecureMcpServer } from '@solongate/sdk';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { z } from 'zod';
+// Policy is managed from the SolonGate Dashboard (https://solongate.com)
+// No local policySet needed \u2014 it's fetched from the cloud via your API key.
 const server = new SecureMcpServer(
   { name: '${name}', version: '0.1.0' },
-  { policySet: createPermissivePolicySet() },
 );
 server.tool(
@@ -925,7 +926,7 @@ console.log('${name} is running');
             command: "node",
             args: ["dist/index.js"],
             env: {
-              SOLONGATE_API_KEY: "sg_test_YOUR_KEY_HERE"
+              SOLONGATE_API_KEY: "sg_live_YOUR_KEY_HERE"
             }
           }
         }
@@ -934,6 +935,11 @@ console.log('${name} is running');
       2
     ) + "\n"
   );
+  writeFileSync3(
+    join2(dir, ".env"),
+    `SOLONGATE_API_KEY=sg_live_YOUR_KEY_HERE
+`
+  );
   writeFileSync3(
     join2(dir, ".gitignore"),
     `node_modules/
@@ -1000,11 +1006,16 @@ async function main3() {
   bEmpty();
   log3(`  ${c2.dim}\u251C${hr}\u2524${c2.reset}`);
   bEmpty();
-  bLine(`${c2.yellow}Use with Claude Code:${c2.reset}`);
+  bLine(`${c2.yellow}Use with Claude Code / Cursor / MCP client:${c2.reset}`);
+  bEmpty();
+  bLine(`  ${c2.dim}1.${c2.reset} Replace ${c2.blue3}sg_live_YOUR_KEY_HERE${c2.reset} in .mcp.json`);
+  bLine(`  ${c2.dim}2.${c2.reset} Open this folder in your MCP client`);
+  bLine(`  ${c2.dim}3.${c2.reset} .mcp.json is auto-detected on startup`);
   bEmpty();
-  bLine(`  ${c2.dim}1.${c2.reset} Open the project folder in Claude Code`);
-  bLine(`  ${c2.dim}2.${c2.reset} .mcp.json is auto-detected on startup`);
-  bLine(`  ${c2.dim}3.${c2.reset} Restart Claude Code if already open`);
+  bLine(`${c2.yellow}Direct test (without MCP client):${c2.reset}`);
+  bEmpty();
+  bLine(`  ${c2.dim}1.${c2.reset} Replace ${c2.blue3}sg_live_YOUR_KEY_HERE${c2.reset} in .env`);
+  bLine(`  ${c2.dim}2.${c2.reset} ${c2.cyan}$${c2.reset} npm run build && npm start`);
   bEmpty();
   log3(`  ${c2.dim}\u2570${hr}\u256F${c2.reset}`);
   log3("");
@@ -3058,6 +3069,9 @@ var SolonGate = class {
       timeoutMs: config.evaluationTimeoutMs,
       store
     });
+    if (!options.policySet && !config.policySet && apiKey.startsWith("sg_live_")) {
+      this.fetchCloudPolicyOnce();
+    }
     this.tokenIssuer = config.tokenSecret ? new TokenIssuer({
       secret: config.tokenSecret,
       ttlSeconds: config.tokenTtlSeconds,
@@ -3101,6 +3115,47 @@ var SolonGate = class {
       );
     }
   }
+  /**
+   * Fetch policy from SolonGate Cloud API (fire once, non-blocking).
+   */
+  fetchCloudPolicyOnce() {
+    const apiUrl = this.config.apiUrl ?? "https://api.solongate.com";
+    fetch(`${apiUrl}/api/v1/policies/default`, {
+      headers: { "Authorization": `Bearer ${this.apiKey}` },
+      signal: AbortSignal.timeout(1e4)
+    }).then(async (res) => {
+      if (!res.ok) return;
+      const data = await res.json();
+      const policySet = {
+        id: String(data.id ?? "cloud"),
+        name: String(data.name ?? "Cloud Policy"),
+        description: String(data.description ?? ""),
+        version: Number(data._version ?? 1),
+        rules: data.rules ?? [],
+        createdAt: String(data._created_at ?? ""),
+        updatedAt: ""
+      };
+      this.policyEngine.loadPolicySet(policySet);
+      console.warn(`[SolonGate] Loaded cloud policy: ${policySet.name} (${policySet.rules.length} rules)`);
+    }).catch(() => {
+    });
+  }
+  /**
+   * Send audit log to SolonGate Cloud API (fire-and-forget).
+   */
+  sendAuditLog(entry) {
+    if (!this.apiKey.startsWith("sg_live_")) return;
+    const apiUrl = this.config.apiUrl ?? "https://api.solongate.com";
+    fetch(`${apiUrl}/api/v1/audit-logs`, {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${this.apiKey}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(entry)
+    }).catch(() => {
+    });
+  }
   /**
    * Intercept and evaluate a tool call against the full security pipeline.
    * If denied at any stage, returns an error result without calling upstream.
@@ -3108,11 +3163,32 @@ var SolonGate = class {
    */
   async executeToolCall(params, upstreamCall) {
     await this.validateLicense();
+    const startTime = performance.now();
     return interceptToolCall(params, upstreamCall, {
       policyEngine: this.policyEngine,
       validateSchemas: this.config.validateSchemas,
       verboseErrors: this.config.verboseErrors,
-      onDecision: (result) => this.logger.logDecision(result),
+      onDecision: (result) => {
+        this.logger.logDecision(result);
+        if (result.status === "ALLOWED" || result.status === "DENIED") {
+          this.sendAuditLog({
+            tool: params.name,
+            arguments: params.arguments ?? {},
+            decision: result.decision.effect === "ALLOW" ? "ALLOW" : "DENY",
+            reason: result.decision.reason,
+            matchedRule: result.decision.matchedRule?.id,
+            evaluationTimeMs: performance.now() - startTime
+          });
+        } else if (result.status === "ERROR") {
+          this.sendAuditLog({
+            tool: params.name,
+            arguments: params.arguments ?? {},
+            decision: "DENY",
+            reason: result.error.message,
+            evaluationTimeMs: performance.now() - startTime
+          });
+        }
+      },
       tokenIssuer: this.tokenIssuer ?? void 0,
       serverVerifier: this.serverVerifier ?? void 0,
       rateLimiter: this.rateLimiter,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@solongate/proxy",
-  "version": "0.1.20",
+  "version": "0.1.22",
   "description": "MCP security proxy \u00e2\u20ac\u201d protect any MCP server with policies, input validation, rate limiting, and audit logging. Zero code changes required.",
   "type": "module",
   "bin": {