@solongate/proxy 0.1.21 → 0.1.23

package/dist/create.js

@@ -181,13 +181,14 @@ console.log = (...args: unknown[]) => {
   process.stderr.write(args.map(String).join(' ') + '\\n');
 };
 
-import { SecureMcpServer, createPermissivePolicySet } from '@solongate/sdk';
+import { SecureMcpServer } from '@solongate/sdk';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { z } from 'zod';
 
+// Policy is managed from the SolonGate Dashboard (https://solongate.com)
+// No local policySet needed \u2014 it's fetched from the cloud via your API key.
 const server = new SecureMcpServer(
   { name: '${name}', version: '0.1.0' },
-  { policySet: createPermissivePolicySet() },
 );
 
 server.tool(
@@ -201,7 +202,18 @@ server.tool(
 
 const transport = new StdioServerTransport();
 await server.connect(transport);
-console.log('${name} is running');
+console.log('');
+console.log('${name} is running (stdio mode)');
+console.log('');
+console.log('This server communicates over stdin/stdout (MCP protocol).');
+console.log('It does NOT open a URL or port \u2014 it is used by MCP clients.');
+console.log('');
+console.log('To connect:');
+console.log('  1. Open this folder in Claude Code, Cursor, or another MCP client');
+console.log('  2. .mcp.json is auto-detected \u2014 your tools are ready to use');
+console.log('  3. Try asking: "Use the hello tool to greet Alice"');
+console.log('');
+console.log('Press Ctrl+C to stop.');
 `
   );
   writeFileSync(
@@ -213,7 +225,7 @@ console.log('${name} is running');
             command: "node",
             args: ["dist/index.js"],
             env: {
-              SOLONGATE_API_KEY: "sg_test_YOUR_KEY_HERE"
+              SOLONGATE_API_KEY: "sg_live_YOUR_KEY_HERE"
             }
           }
         }
@@ -293,11 +305,16 @@ async function main() {
   bEmpty();
   log(`  ${c.dim}\u251C${hr}\u2524${c.reset}`);
   bEmpty();
-  bLine(`${c.yellow}Use with Claude Code:${c.reset}`);
+  bLine(`${c.yellow}Use with Claude Code / Cursor / MCP client:${c.reset}`);
   bEmpty();
-  bLine(`  ${c.dim}1.${c.reset} Open the project folder in Claude Code`);
-  bLine(`  ${c.dim}2.${c.reset} .mcp.json is auto-detected on startup`);
-  bLine(`  ${c.dim}3.${c.reset} Restart Claude Code if already open`);
+  bLine(`  ${c.dim}1.${c.reset} Replace ${c.blue3}sg_live_YOUR_KEY_HERE${c.reset} in .mcp.json`);
+  bLine(`  ${c.dim}2.${c.reset} Open this folder in your MCP client`);
+  bLine(`  ${c.dim}3.${c.reset} .mcp.json is auto-detected on startup`);
+  bEmpty();
+  bLine(`${c.yellow}Direct test (without MCP client):${c.reset}`);
+  bEmpty();
+  bLine(`  ${c.dim}1.${c.reset} Replace ${c.blue3}sg_live_YOUR_KEY_HERE${c.reset} in .env`);
+  bLine(`  ${c.dim}2.${c.reset} ${c.cyan}$${c.reset} npm run build && npm start`);
   bEmpty();
   log(`  ${c.dim}\u2570${hr}\u256F${c.reset}`);
   log("");

package/dist/index.js

@@ -893,13 +893,14 @@ console.log = (...args: unknown[]) => {
   process.stderr.write(args.map(String).join(' ') + '\\n');
 };
 
-import { SecureMcpServer, createPermissivePolicySet } from '@solongate/sdk';
+import { SecureMcpServer } from '@solongate/sdk';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { z } from 'zod';
 
+// Policy is managed from the SolonGate Dashboard (https://solongate.com)
+// No local policySet needed \u2014 it's fetched from the cloud via your API key.
 const server = new SecureMcpServer(
   { name: '${name}', version: '0.1.0' },
-  { policySet: createPermissivePolicySet() },
 );
 
 server.tool(
@@ -913,7 +914,18 @@ server.tool(
 
 const transport = new StdioServerTransport();
 await server.connect(transport);
-console.log('${name} is running');
+console.log('');
+console.log('${name} is running (stdio mode)');
+console.log('');
+console.log('This server communicates over stdin/stdout (MCP protocol).');
+console.log('It does NOT open a URL or port \u2014 it is used by MCP clients.');
+console.log('');
+console.log('To connect:');
+console.log('  1. Open this folder in Claude Code, Cursor, or another MCP client');
+console.log('  2. .mcp.json is auto-detected \u2014 your tools are ready to use');
+console.log('  3. Try asking: "Use the hello tool to greet Alice"');
+console.log('');
+console.log('Press Ctrl+C to stop.');
 `
   );
   writeFileSync3(
@@ -925,7 +937,7 @@ console.log('${name} is running');
             command: "node",
             args: ["dist/index.js"],
             env: {
-              SOLONGATE_API_KEY: "sg_test_YOUR_KEY_HERE"
+              SOLONGATE_API_KEY: "sg_live_YOUR_KEY_HERE"
             }
           }
         }
@@ -1005,11 +1017,16 @@ async function main3() {
   bEmpty();
   log3(`  ${c2.dim}\u251C${hr}\u2524${c2.reset}`);
   bEmpty();
-  bLine(`${c2.yellow}Use with Claude Code:${c2.reset}`);
+  bLine(`${c2.yellow}Use with Claude Code / Cursor / MCP client:${c2.reset}`);
   bEmpty();
-  bLine(`  ${c2.dim}1.${c2.reset} Open the project folder in Claude Code`);
-  bLine(`  ${c2.dim}2.${c2.reset} .mcp.json is auto-detected on startup`);
-  bLine(`  ${c2.dim}3.${c2.reset} Restart Claude Code if already open`);
+  bLine(`  ${c2.dim}1.${c2.reset} Replace ${c2.blue3}sg_live_YOUR_KEY_HERE${c2.reset} in .mcp.json`);
+  bLine(`  ${c2.dim}2.${c2.reset} Open this folder in your MCP client`);
+  bLine(`  ${c2.dim}3.${c2.reset} .mcp.json is auto-detected on startup`);
+  bEmpty();
+  bLine(`${c2.yellow}Direct test (without MCP client):${c2.reset}`);
+  bEmpty();
+  bLine(`  ${c2.dim}1.${c2.reset} Replace ${c2.blue3}sg_live_YOUR_KEY_HERE${c2.reset} in .env`);
+  bLine(`  ${c2.dim}2.${c2.reset} ${c2.cyan}$${c2.reset} npm run build && npm start`);
   bEmpty();
   log3(`  ${c2.dim}\u2570${hr}\u256F${c2.reset}`);
   log3("");
@@ -3063,6 +3080,9 @@ var SolonGate = class {
       timeoutMs: config.evaluationTimeoutMs,
       store
     });
+    if (!options.policySet && !config.policySet && apiKey.startsWith("sg_live_")) {
+      this.fetchCloudPolicyOnce();
+    }
     this.tokenIssuer = config.tokenSecret ? new TokenIssuer({
       secret: config.tokenSecret,
       ttlSeconds: config.tokenTtlSeconds,
@@ -3106,6 +3126,47 @@ var SolonGate = class {
       );
     }
   }
+  /**
+   * Fetch policy from SolonGate Cloud API (fire once, non-blocking).
+   */
+  fetchCloudPolicyOnce() {
+    const apiUrl = this.config.apiUrl ?? "https://api.solongate.com";
+    fetch(`${apiUrl}/api/v1/policies/default`, {
+      headers: { "Authorization": `Bearer ${this.apiKey}` },
+      signal: AbortSignal.timeout(1e4)
+    }).then(async (res) => {
+      if (!res.ok) return;
+      const data = await res.json();
+      const policySet = {
+        id: String(data.id ?? "cloud"),
+        name: String(data.name ?? "Cloud Policy"),
+        description: String(data.description ?? ""),
+        version: Number(data._version ?? 1),
+        rules: data.rules ?? [],
+        createdAt: String(data._created_at ?? ""),
+        updatedAt: ""
+      };
+      this.policyEngine.loadPolicySet(policySet);
+      console.warn(`[SolonGate] Loaded cloud policy: ${policySet.name} (${policySet.rules.length} rules)`);
+    }).catch(() => {
+    });
+  }
+  /**
+   * Send audit log to SolonGate Cloud API (fire-and-forget).
+   */
+  sendAuditLog(entry) {
+    if (!this.apiKey.startsWith("sg_live_")) return;
+    const apiUrl = this.config.apiUrl ?? "https://api.solongate.com";
+    fetch(`${apiUrl}/api/v1/audit-logs`, {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${this.apiKey}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(entry)
+    }).catch(() => {
+    });
+  }
   /**
    * Intercept and evaluate a tool call against the full security pipeline.
    * If denied at any stage, returns an error result without calling upstream.
@@ -3113,11 +3174,32 @@ var SolonGate = class {
    */
   async executeToolCall(params, upstreamCall) {
     await this.validateLicense();
+    const startTime = performance.now();
     return interceptToolCall(params, upstreamCall, {
       policyEngine: this.policyEngine,
       validateSchemas: this.config.validateSchemas,
       verboseErrors: this.config.verboseErrors,
-      onDecision: (result) => this.logger.logDecision(result),
+      onDecision: (result) => {
+        this.logger.logDecision(result);
+        if (result.status === "ALLOWED" || result.status === "DENIED") {
+          this.sendAuditLog({
+            tool: params.name,
+            arguments: params.arguments ?? {},
+            decision: result.decision.effect === "ALLOW" ? "ALLOW" : "DENY",
+            reason: result.decision.reason,
+            matchedRule: result.decision.matchedRule?.id,
+            evaluationTimeMs: performance.now() - startTime
+          });
+        } else if (result.status === "ERROR") {
+          this.sendAuditLog({
+            tool: params.name,
+            arguments: params.arguments ?? {},
+            decision: "DENY",
+            reason: result.error.message,
+            evaluationTimeMs: performance.now() - startTime
+          });
+        }
+      },
       tokenIssuer: this.tokenIssuer ?? void 0,
       serverVerifier: this.serverVerifier ?? void 0,
       rateLimiter: this.rateLimiter,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@solongate/proxy",
-  "version": "0.1.21",
+  "version": "0.1.23",
   "description": "MCP security proxy \u00e2\u20ac\u201d protect any MCP server with policies, input validation, rate limiting, and audit logging. Zero code changes required.",
   "type": "module",
   "bin": {