@solongate/proxy 0.1.3 → 0.1.4

package/dist/index.js

@@ -820,14 +820,28 @@ dist/
 `
   );
 }
-function installDeps(dir) {
-  log3("  Installing dependencies with npm...");
+function withSpinner(message, fn) {
+  const frames = ["\u280B", "\u2819", "\u2839", "\u2838", "\u283C", "\u2834", "\u2826", "\u2827", "\u2807", "\u280F"];
+  let i = 0;
+  const id = setInterval(() => {
+    process.stderr.write(`\r  ${frames[i++ % frames.length]} ${message}`);
+  }, 80);
   try {
-    execSync2("npm install", { cwd: dir, stdio: "pipe" });
+    fn();
+    clearInterval(id);
+    process.stderr.write(`\r  \u2713 ${message}
+`);
   } catch {
-    log3("  npm install failed \u2014 run it manually.");
+    clearInterval(id);
+    process.stderr.write(`\r  \u2717 ${message} \u2014 failed
+`);
   }
 }
+function installDeps(dir) {
+  withSpinner("Installing dependencies...", () => {
+    execSync2("npm install", { cwd: dir, stdio: "pipe" });
+  });
+}
 async function main3() {
   const opts = parseCreateArgs(process.argv);
   const dir = resolve4(opts.name);
@@ -857,18 +871,20 @@ async function main3() {
     installDeps(dir);
     log3("");
   }
-  log3("  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510");
-  log3("  \u2502  Project created!                             \u2502");
-  log3("  \u2502                                               \u2502");
-  log3(`  \u2502  cd ${opts.name.padEnd(39)}\u2502`);
-  log3("  \u2502                                               \u2502");
-  log3("  \u2502  npm run build        # Build                 \u2502");
-  log3("  \u2502  npm run dev          # Dev mode (tsx)         \u2502");
-  log3("  \u2502  npm start            # Run built server       \u2502");
-  log3("  \u2502                                               \u2502");
-  log3("  \u2502  Set your API key:                             \u2502");
-  log3("  \u2502  export SOLONGATE_API_KEY=sg_live_xxx          \u2502");
-  log3("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518");
+  const W = 46;
+  const line = (s) => log3(`  \u2502 ${s.padEnd(W)} \u2502`);
+  log3(`  \u250C${"\u2500".repeat(W + 2)}\u2510`);
+  line("Project created!");
+  line("");
+  line(`cd ${opts.name}`);
+  line("");
+  line("npm run build     # Build");
+  line("npm run dev       # Dev mode (tsx)");
+  line("npm start         # Run built server");
+  line("");
+  line("Set your API key:");
+  line("export SOLONGATE_API_KEY=sg_live_xxx");
+  log3(`  \u2514${"\u2500".repeat(W + 2)}\u2518`);
   log3("");
 }
 var init_create = __esm({
@@ -883,67 +899,6 @@ var init_create = __esm({
 
 // ../core/dist/index.js
 import { z } from "zod";
-var SolonGateError = class extends Error {
-  code;
-  timestamp;
-  details;
-  constructor(message, code, details = {}) {
-    super(message);
-    this.name = "SolonGateError";
-    this.code = code;
-    this.timestamp = (/* @__PURE__ */ new Date()).toISOString();
-    this.details = Object.freeze({ ...details });
-    Object.setPrototypeOf(this, new.target.prototype);
-  }
-  /**
-   * Serializable representation for logging and API responses.
-   * Never includes stack traces (information leakage prevention).
-   */
-  toJSON() {
-    return {
-      name: this.name,
-      code: this.code,
-      message: this.message,
-      timestamp: this.timestamp,
-      details: this.details
-    };
-  }
-};
-var PolicyDeniedError = class extends SolonGateError {
-  constructor(toolName, reason, details = {}) {
-    super(
-      `Policy denied execution of tool "${toolName}": ${reason}`,
-      "POLICY_DENIED",
-      { toolName, reason, ...details }
-    );
-    this.name = "PolicyDeniedError";
-  }
-};
-var SchemaValidationError = class extends SolonGateError {
-  constructor(toolName, validationErrors) {
-    super(
-      `Schema validation failed for tool "${toolName}": ${validationErrors.join("; ")}`,
-      "SCHEMA_VALIDATION_FAILED",
-      { toolName, validationErrors }
-    );
-    this.name = "SchemaValidationError";
-  }
-};
-var RateLimitError = class extends SolonGateError {
-  constructor(toolName, limitPerMinute) {
-    super(
-      `Rate limit exceeded for tool "${toolName}": max ${limitPerMinute}/min`,
-      "RATE_LIMIT_EXCEEDED",
-      { toolName, limitPerMinute }
-    );
-    this.name = "RateLimitError";
-  }
-};
-var TrustLevel = {
-  UNTRUSTED: "UNTRUSTED",
-  VERIFIED: "VERIFIED",
-  TRUSTED: "TRUSTED"
-};
 var Permission = {
   READ: "READ",
   WRITE: "WRITE",
@@ -956,10 +911,6 @@ var NO_PERMISSIONS = Object.freeze(
 var READ_ONLY = Object.freeze(
   /* @__PURE__ */ new Set([Permission.READ])
 );
-var PolicyEffect = {
-  ALLOW: "ALLOW",
-  DENY: "DENY"
-};
 var PolicyRuleSchema = z.object({
   id: z.string().min(1).max(256),
   description: z.string().max(1024),
@@ -988,45 +939,7 @@ var PolicySetSchema = z.object({
   createdAt: z.string().datetime(),
   updatedAt: z.string().datetime()
 });
-function createSecurityContext(params) {
-  return {
-    trustLevel: "UNTRUSTED",
-    grantedPermissions: /* @__PURE__ */ new Set(),
-    sessionId: null,
-    metadata: {},
-    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-    ...params
-  };
-}
-var DEFAULT_POLICY_EFFECT = "DENY";
-var MAX_RULES_PER_POLICY_SET = 1e3;
 var SECURITY_CONTEXT_TIMEOUT_MS = 5 * 60 * 1e3;
-var POLICY_EVALUATION_TIMEOUT_MS = 100;
-var RATE_LIMIT_WINDOW_MS = 6e4;
-var RATE_LIMIT_MAX_ENTRIES = 1e4;
-var UNSAFE_CONFIGURATION_WARNINGS = {
-  WILDCARD_ALLOW: "Wildcard ALLOW rules grant permission to ALL tools. This bypasses the default-deny model.",
-  TRUSTED_LEVEL_EXTERNAL: "Setting trust level to TRUSTED for external requests bypasses all security checks.",
-  WRITE_WITHOUT_READ: "Granting WRITE without READ is unusual and may indicate a misconfiguration.",
-  EXECUTE_WITHOUT_REVIEW: "EXECUTE permission allows tools to perform arbitrary actions. Review carefully.",
-  RATE_LIMIT_ZERO: "A rate limit of 0 means unlimited calls. This removes protection against runaway loops.",
-  DISABLED_VALIDATION: "Disabling schema validation removes input sanitization protections."
-};
-function createDeniedToolResult(reason) {
-  return {
-    content: [
-      {
-        type: "text",
-        text: JSON.stringify({
-          error: "POLICY_DENIED",
-          message: reason,
-          hint: "This tool call was blocked by SolonGate security policy. Check your policy configuration."
-        })
-      }
-    ],
-    isError: true
-  };
-}
 var DEFAULT_INPUT_GUARD_CONFIG = Object.freeze({
   pathTraversal: true,
   shellInjection: true,
@@ -1036,102 +949,6 @@ var DEFAULT_INPUT_GUARD_CONFIG = Object.freeze({
   ssrf: true,
   sqlInjection: true
 });
-var PATH_TRAVERSAL_PATTERNS = [
-  /\.\.\//,
-  // ../
-  /\.\.\\/,
-  // ..\
-  /%2e%2e/i,
-  // URL-encoded ..
-  /%2e\./i,
-  // partial URL-encoded
-  /\.%2e/i,
-  // partial URL-encoded
-  /%252e%252e/i,
-  // double URL-encoded
-  /\.\.\0/
-  // null byte variant
-];
-var SENSITIVE_PATHS = [
-  /\/etc\/passwd/i,
-  /\/etc\/shadow/i,
-  /\/proc\//i,
-  /\/dev\//i,
-  /c:\\windows\\system32/i,
-  /c:\\windows\\syswow64/i,
-  /\/root\//i,
-  /~\//,
-  /\.env(\.|$)/i,
-  // .env, .env.local, .env.production
-  /\.aws\/credentials/i,
-  // AWS credentials
-  /\.ssh\/id_/i,
-  // SSH keys
-  /\.kube\/config/i,
-  // Kubernetes config
-  /wp-config\.php/i,
-  // WordPress config
-  /\.git\/config/i,
-  // Git config
-  /\.npmrc/i,
-  // npm credentials
-  /\.pypirc/i
-  // PyPI credentials
-];
-function detectPathTraversal(value) {
-  for (const pattern of PATH_TRAVERSAL_PATTERNS) {
-    if (pattern.test(value)) return true;
-  }
-  for (const pattern of SENSITIVE_PATHS) {
-    if (pattern.test(value)) return true;
-  }
-  return false;
-}
-var SHELL_INJECTION_PATTERNS = [
-  /[;|&`]/,
-  // Command separators and backtick execution
-  /\$\(/,
-  // Command substitution $(...)
-  /\$\{/,
-  // Variable expansion ${...}
-  />\s*/,
-  // Output redirect
-  /<\s*/,
-  // Input redirect
-  /&&/,
-  // AND chaining
-  /\|\|/,
-  // OR chaining
-  /\beval\b/i,
-  // eval command
-  /\bexec\b/i,
-  // exec command
-  /\bsystem\b/i,
-  // system call
-  /%0a/i,
-  // URL-encoded newline
-  /%0d/i,
-  // URL-encoded carriage return
-  /%09/i,
-  // URL-encoded tab
-  /\r\n/,
-  // CRLF injection
-  /\n/
-  // Newline (command separator on Unix)
-];
-function detectShellInjection(value) {
-  for (const pattern of SHELL_INJECTION_PATTERNS) {
-    if (pattern.test(value)) return true;
-  }
-  return false;
-}
-var MAX_WILDCARDS_PER_VALUE = 3;
-function detectWildcardAbuse(value) {
-  if (value.includes("**")) return true;
-  const wildcardCount = (value.match(/\*/g) || []).length;
-  if (wildcardCount > MAX_WILDCARDS_PER_VALUE) return true;
-  return false;
-}
 var SSRF_PATTERNS = [
   /^https?:\/\/localhost\b/i,
   /^https?:\/\/127\.\d{1,3}\.\d{1,3}\.\d{1,3}/,
@@ -1191,166 +1008,28 @@ function detectSSRF(value) {
   if (detectDecimalIP(value)) return true;
   return false;
 }
-var SQL_INJECTION_PATTERNS = [
-  /'\s{0,20}(OR|AND)\s{0,20}'.{0,200}'/i,
-  // ' OR '1'='1 — bounded to prevent ReDoS
-  /'\s{0,10};\s{0,10}(DROP|DELETE|UPDATE|INSERT|ALTER|CREATE|EXEC)/i,
-  // '; DROP TABLE
-  /UNION\s+(ALL\s+)?SELECT/i,
-  // UNION SELECT
-  /--\s*$/m,
-  // SQL comment at end of line
-  /\/\*.{0,500}?\*\//,
-  // SQL block comment — bounded + non-greedy
-  /\bSLEEP\s*\(/i,
-  // Time-based injection
-  /\bBENCHMARK\s*\(/i,
-  // MySQL benchmark
-  /\bWAITFOR\s+DELAY/i,
-  // MSSQL delay
-  /\b(LOAD_FILE|INTO\s+OUTFILE|INTO\s+DUMPFILE)\b/i
-  // File operations
-];
-function detectSQLInjection(value) {
-  for (const pattern of SQL_INJECTION_PATTERNS) {
-    if (pattern.test(value)) return true;
+
+// src/config.ts
+import { readFileSync, existsSync } from "fs";
+import { resolve } from "path";
+async function fetchCloudPolicy(apiKey, apiUrl, policyId) {
+  const url = `${apiUrl}/api/v1/policies/${policyId ?? "default"}`;
+  const res = await fetch(url, {
+    headers: { "Authorization": `Bearer ${apiKey}` }
+  });
+  if (!res.ok) {
+    const body = await res.text().catch(() => "");
+    throw new Error(`Failed to fetch policy from cloud (${res.status}): ${body}`);
   }
-  return false;
-}
-function checkLengthLimits(value, maxLength = 4096) {
-  return value.length <= maxLength;
-}
-var ENTROPY_THRESHOLD = 4.5;
-var MIN_LENGTH_FOR_ENTROPY_CHECK = 32;
-function checkEntropyLimits(value) {
-  if (value.length < MIN_LENGTH_FOR_ENTROPY_CHECK) return true;
-  const entropy = calculateShannonEntropy(value);
-  return entropy <= ENTROPY_THRESHOLD;
-}
-function calculateShannonEntropy(str) {
-  const freq = /* @__PURE__ */ new Map();
-  for (const char of str) {
-    freq.set(char, (freq.get(char) ?? 0) + 1);
-  }
-  let entropy = 0;
-  const len = str.length;
-  for (const count of freq.values()) {
-    const p = count / len;
-    if (p > 0) {
-      entropy -= p * Math.log2(p);
-    }
-  }
-  return entropy;
-}
-function sanitizeInput(field, value, config = DEFAULT_INPUT_GUARD_CONFIG) {
-  const threats = [];
-  if (typeof value !== "string") {
-    if (typeof value === "object" && value !== null) {
-      return sanitizeObject(field, value, config);
-    }
-    return { safe: true, threats: [] };
-  }
-  if (config.pathTraversal && detectPathTraversal(value)) {
-    threats.push({
-      type: "PATH_TRAVERSAL",
-      field,
-      value: truncate(value, 100),
-      description: "Path traversal pattern detected"
-    });
-  }
-  if (config.shellInjection && detectShellInjection(value)) {
-    threats.push({
-      type: "SHELL_INJECTION",
-      field,
-      value: truncate(value, 100),
-      description: "Shell injection pattern detected"
-    });
-  }
-  if (config.wildcardAbuse && detectWildcardAbuse(value)) {
-    threats.push({
-      type: "WILDCARD_ABUSE",
-      field,
-      value: truncate(value, 100),
-      description: "Wildcard abuse pattern detected"
-    });
-  }
-  if (!checkLengthLimits(value, config.lengthLimit)) {
-    threats.push({
-      type: "LENGTH_EXCEEDED",
-      field,
-      value: `[${value.length} chars]`,
-      description: `Value exceeds maximum length of ${config.lengthLimit}`
-    });
-  }
-  if (config.entropyLimit && !checkEntropyLimits(value)) {
-    threats.push({
-      type: "HIGH_ENTROPY",
-      field,
-      value: truncate(value, 100),
-      description: "High entropy string detected - possible encoded payload"
-    });
-  }
-  if (config.ssrf && detectSSRF(value)) {
-    threats.push({
-      type: "SSRF",
-      field,
-      value: truncate(value, 100),
-      description: "Server-side request forgery pattern detected \u2014 internal/metadata URL blocked"
-    });
-  }
-  if (config.sqlInjection && detectSQLInjection(value)) {
-    threats.push({
-      type: "SQL_INJECTION",
-      field,
-      value: truncate(value, 100),
-      description: "SQL injection pattern detected"
-    });
-  }
-  return { safe: threats.length === 0, threats };
-}
-function sanitizeObject(basePath, obj, config) {
-  const threats = [];
-  if (Array.isArray(obj)) {
-    for (let i = 0; i < obj.length; i++) {
-      const result = sanitizeInput(`${basePath}[${i}]`, obj[i], config);
-      threats.push(...result.threats);
-    }
-  } else {
-    for (const [key, val] of Object.entries(obj)) {
-      const result = sanitizeInput(`${basePath}.${key}`, val, config);
-      threats.push(...result.threats);
-    }
-  }
-  return { safe: threats.length === 0, threats };
-}
-function truncate(str, maxLen) {
-  return str.length > maxLen ? str.slice(0, maxLen) + "..." : str;
-}
-var DEFAULT_TOKEN_TTL_SECONDS = 30;
-var TOKEN_ALGORITHM = "HS256";
-var MIN_SECRET_LENGTH = 32;
-
-// src/config.ts
-import { readFileSync, existsSync } from "fs";
-import { resolve } from "path";
-async function fetchCloudPolicy(apiKey, apiUrl, policyId) {
-  const url = `${apiUrl}/api/v1/policies/${policyId ?? "default"}`;
-  const res = await fetch(url, {
-    headers: { "Authorization": `Bearer ${apiKey}` }
-  });
-  if (!res.ok) {
-    const body = await res.text().catch(() => "");
-    throw new Error(`Failed to fetch policy from cloud (${res.status}): ${body}`);
-  }
-  const data = await res.json();
-  return {
-    id: String(data.id ?? "cloud"),
-    name: String(data.name ?? "Cloud Policy"),
-    version: Number(data._version ?? 1),
-    rules: data.rules ?? [],
-    createdAt: String(data._created_at ?? ""),
-    updatedAt: ""
-  };
+  const data = await res.json();
+  return {
+    id: String(data.id ?? "cloud"),
+    name: String(data.name ?? "Cloud Policy"),
+    version: Number(data._version ?? 1),
+    rules: data.rules ?? [],
+    createdAt: String(data._created_at ?? ""),
+    updatedAt: ""
+  };
 }
 async function sendAuditLog(apiKey, apiUrl, entry) {
   try {
@@ -1538,175 +1217,621 @@ function loadPolicy(source) {
     `Unknown policy "${source}". Use a preset (${Object.keys(PRESETS).join(", ")}), a JSON file path, or a PolicySet object.`
   );
 }
-function parseArgs(argv) {
-  const args = argv.slice(2);
-  let policySource = "restricted";
-  let name = "solongate-proxy";
-  let verbose = false;
-  let validateInput = true;
-  let rateLimitPerTool;
-  let globalRateLimit;
-  let configFile;
-  let apiKey;
-  let apiUrl;
-  let upstreamUrl;
-  let upstreamTransport;
-  let port;
-  let separatorIndex = args.indexOf("--");
-  const flags = separatorIndex >= 0 ? args.slice(0, separatorIndex) : args;
-  const upstreamArgs = separatorIndex >= 0 ? args.slice(separatorIndex + 1) : [];
-  for (let i = 0; i < flags.length; i++) {
-    switch (flags[i]) {
-      case "--policy":
-        policySource = flags[++i];
-        break;
-      case "--name":
-        name = flags[++i];
-        break;
-      case "--verbose":
-        verbose = true;
-        break;
-      case "--no-input-guard":
-        validateInput = false;
-        break;
-      case "--rate-limit":
-        rateLimitPerTool = parseInt(flags[++i], 10);
-        break;
-      case "--global-rate-limit":
-        globalRateLimit = parseInt(flags[++i], 10);
-        break;
-      case "--config":
-        configFile = flags[++i];
-        break;
-      case "--api-key":
-        apiKey = flags[++i];
-        break;
-      case "--api-url":
-        apiUrl = flags[++i];
-        break;
-      case "--upstream-url":
-        upstreamUrl = flags[++i];
-        break;
-      case "--upstream-transport":
-        upstreamTransport = flags[++i];
-        break;
-      case "--port":
-        port = parseInt(flags[++i], 10);
-        break;
+function parseArgs(argv) {
+  const args = argv.slice(2);
+  let policySource = "restricted";
+  let name = "solongate-proxy";
+  let verbose = false;
+  let validateInput = true;
+  let rateLimitPerTool;
+  let globalRateLimit;
+  let configFile;
+  let apiKey;
+  let apiUrl;
+  let upstreamUrl;
+  let upstreamTransport;
+  let port;
+  let separatorIndex = args.indexOf("--");
+  const flags = separatorIndex >= 0 ? args.slice(0, separatorIndex) : args;
+  const upstreamArgs = separatorIndex >= 0 ? args.slice(separatorIndex + 1) : [];
+  for (let i = 0; i < flags.length; i++) {
+    switch (flags[i]) {
+      case "--policy":
+        policySource = flags[++i];
+        break;
+      case "--name":
+        name = flags[++i];
+        break;
+      case "--verbose":
+        verbose = true;
+        break;
+      case "--no-input-guard":
+        validateInput = false;
+        break;
+      case "--rate-limit":
+        rateLimitPerTool = parseInt(flags[++i], 10);
+        break;
+      case "--global-rate-limit":
+        globalRateLimit = parseInt(flags[++i], 10);
+        break;
+      case "--config":
+        configFile = flags[++i];
+        break;
+      case "--api-key":
+        apiKey = flags[++i];
+        break;
+      case "--api-url":
+        apiUrl = flags[++i];
+        break;
+      case "--upstream-url":
+        upstreamUrl = flags[++i];
+        break;
+      case "--upstream-transport":
+        upstreamTransport = flags[++i];
+        break;
+      case "--port":
+        port = parseInt(flags[++i], 10);
+        break;
+    }
+  }
+  if (!apiKey) {
+    const envKey = process.env.SOLONGATE_API_KEY;
+    if (envKey) {
+      apiKey = envKey;
+    } else {
+      throw new Error(
+        "A valid SolonGate API key is required.\n\nUsage: solongate-proxy --api-key sg_live_xxx -- <command>\n   or: set SOLONGATE_API_KEY=sg_live_xxx\n\nGet your API key at https://solongate.com\n"
+      );
+    }
+  }
+  if (!apiKey.startsWith("sg_live_") && !apiKey.startsWith("sg_test_")) {
+    throw new Error(
+      "Invalid API key format. Keys must start with 'sg_live_' or 'sg_test_'.\nGet your API key at https://solongate.com\n"
+    );
+  }
+  if (configFile) {
+    const filePath = resolve(configFile);
+    const content = readFileSync(filePath, "utf-8");
+    const fileConfig = JSON.parse(content);
+    if (!fileConfig.upstream) {
+      throw new Error('Config file must include "upstream" with at least "command" or "url"');
+    }
+    if (fileConfig.upstream.url && detectSSRF(fileConfig.upstream.url)) {
+      throw new Error(
+        `Upstream URL blocked: "${fileConfig.upstream.url}" points to an internal or private network address.`
+      );
+    }
+    return {
+      upstream: fileConfig.upstream,
+      policy: loadPolicy(fileConfig.policy ?? policySource),
+      name: fileConfig.name ?? name,
+      verbose: fileConfig.verbose ?? verbose,
+      validateInput: fileConfig.validateInput ?? validateInput,
+      rateLimitPerTool: fileConfig.rateLimitPerTool ?? rateLimitPerTool,
+      globalRateLimit: fileConfig.globalRateLimit ?? globalRateLimit,
+      apiKey: apiKey ?? fileConfig.apiKey,
+      apiUrl: apiUrl ?? fileConfig.apiUrl,
+      port: port ?? fileConfig.port
+    };
+  }
+  if (upstreamUrl) {
+    if (detectSSRF(upstreamUrl)) {
+      throw new Error(
+        `Upstream URL blocked: "${upstreamUrl}" points to an internal or private network address.
+SSRF protection prevents connecting to localhost, private IPs, or cloud metadata endpoints.`
+      );
+    }
+    const transport = upstreamTransport ?? (upstreamUrl.includes("/sse") ? "sse" : "http");
+    return {
+      upstream: {
+        transport,
+        command: "",
+        // not used for URL-based transports
+        url: upstreamUrl
+      },
+      policy: loadPolicy(policySource),
+      name,
+      verbose,
+      validateInput,
+      rateLimitPerTool,
+      globalRateLimit,
+      apiKey,
+      apiUrl,
+      port
+    };
+  }
+  if (upstreamArgs.length === 0) {
+    throw new Error(
+      "No upstream server command provided.\n\nUsage: solongate-proxy [options] -- <command> [args...]\n\nExamples:\n  solongate-proxy -- node my-server.js\n  solongate-proxy --policy restricted -- npx @openclaw/server\n  solongate-proxy --upstream-url http://localhost:3001/mcp\n  solongate-proxy --config solongate.json\n"
+    );
+  }
+  const [command, ...commandArgs] = upstreamArgs;
+  return {
+    upstream: {
+      transport: upstreamTransport ?? "stdio",
+      command,
+      args: commandArgs,
+      env: { ...process.env }
+    },
+    policy: loadPolicy(policySource),
+    name,
+    verbose,
+    validateInput,
+    rateLimitPerTool,
+    globalRateLimit,
+    apiKey,
+    apiUrl,
+    port
+  };
+}
+
+// src/proxy.ts
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
+import {
+  ListToolsRequestSchema,
+  CallToolRequestSchema,
+  ListResourcesRequestSchema,
+  ListPromptsRequestSchema,
+  GetPromptRequestSchema,
+  ReadResourceRequestSchema,
+  ListResourceTemplatesRequestSchema
+} from "@modelcontextprotocol/sdk/types.js";
+import { createServer as createHttpServer } from "http";
+
+// ../sdk-ts/dist/index.js
+import { z as z2 } from "zod";
+import { createHash, randomUUID, createHmac } from "crypto";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+var SolonGateError = class extends Error {
+  code;
+  timestamp;
+  details;
+  constructor(message, code, details = {}) {
+    super(message);
+    this.name = "SolonGateError";
+    this.code = code;
+    this.timestamp = (/* @__PURE__ */ new Date()).toISOString();
+    this.details = Object.freeze({ ...details });
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+  /**
+   * Serializable representation for logging and API responses.
+   * Never includes stack traces (information leakage prevention).
+   */
+  toJSON() {
+    return {
+      name: this.name,
+      code: this.code,
+      message: this.message,
+      timestamp: this.timestamp,
+      details: this.details
+    };
+  }
+};
+var PolicyDeniedError = class extends SolonGateError {
+  constructor(toolName, reason, details = {}) {
+    super(
+      `Policy denied execution of tool "${toolName}": ${reason}`,
+      "POLICY_DENIED",
+      { toolName, reason, ...details }
+    );
+    this.name = "PolicyDeniedError";
+  }
+};
+var SchemaValidationError = class extends SolonGateError {
+  constructor(toolName, validationErrors) {
+    super(
+      `Schema validation failed for tool "${toolName}": ${validationErrors.join("; ")}`,
+      "SCHEMA_VALIDATION_FAILED",
+      { toolName, validationErrors }
+    );
+    this.name = "SchemaValidationError";
+  }
+};
+var RateLimitError = class extends SolonGateError {
+  constructor(toolName, limitPerMinute) {
+    super(
+      `Rate limit exceeded for tool "${toolName}": max ${limitPerMinute}/min`,
+      "RATE_LIMIT_EXCEEDED",
+      { toolName, limitPerMinute }
+    );
+    this.name = "RateLimitError";
+  }
+};
+var TrustLevel = {
+  UNTRUSTED: "UNTRUSTED",
+  VERIFIED: "VERIFIED",
+  TRUSTED: "TRUSTED"
+};
+var Permission2 = {
+  READ: "READ",
+  WRITE: "WRITE",
+  EXECUTE: "EXECUTE"
+};
+z2.enum(["READ", "WRITE", "EXECUTE"]);
+Object.freeze(
+  /* @__PURE__ */ new Set()
+);
+Object.freeze(
+  /* @__PURE__ */ new Set([Permission2.READ])
+);
+var PolicyEffect = {
+  ALLOW: "ALLOW",
+  DENY: "DENY"
+};
+var PolicyRuleSchema2 = z2.object({
+  id: z2.string().min(1).max(256),
+  description: z2.string().max(1024),
+  effect: z2.enum(["ALLOW", "DENY"]),
+  priority: z2.number().int().min(0).max(1e4).default(1e3),
+  toolPattern: z2.string().min(1).max(512),
+  permission: z2.enum(["READ", "WRITE", "EXECUTE"]),
+  minimumTrustLevel: z2.enum(["UNTRUSTED", "VERIFIED", "TRUSTED"]),
+  argumentConstraints: z2.record(z2.unknown()).optional(),
+  pathConstraints: z2.object({
+    allowed: z2.array(z2.string()).optional(),
+    denied: z2.array(z2.string()).optional(),
+    rootDirectory: z2.string().optional(),
+    allowSymlinks: z2.boolean().optional()
+  }).optional(),
+  enabled: z2.boolean().default(true),
+  createdAt: z2.string().datetime(),
+  updatedAt: z2.string().datetime()
+});
+var PolicySetSchema2 = z2.object({
+  id: z2.string().min(1).max(256),
+  name: z2.string().min(1).max(256),
+  description: z2.string().max(2048),
+  version: z2.number().int().min(0),
+  rules: z2.array(PolicyRuleSchema2),
+  createdAt: z2.string().datetime(),
+  updatedAt: z2.string().datetime()
+});
+function createSecurityContext(params) {
+  return {
+    trustLevel: "UNTRUSTED",
+    grantedPermissions: /* @__PURE__ */ new Set(),
+    sessionId: null,
+    metadata: {},
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    ...params
+  };
+}
+var DEFAULT_POLICY_EFFECT = "DENY";
+var MAX_RULES_PER_POLICY_SET = 1e3;
+var POLICY_EVALUATION_TIMEOUT_MS = 100;
+var RATE_LIMIT_WINDOW_MS = 6e4;
+var RATE_LIMIT_MAX_ENTRIES = 1e4;
+var UNSAFE_CONFIGURATION_WARNINGS = {
+  WILDCARD_ALLOW: "Wildcard ALLOW rules grant permission to ALL tools. This bypasses the default-deny model.",
+  TRUSTED_LEVEL_EXTERNAL: "Setting trust level to TRUSTED for external requests bypasses all security checks.",
+  EXECUTE_WITHOUT_REVIEW: "EXECUTE permission allows tools to perform arbitrary actions. Review carefully.",
+  RATE_LIMIT_ZERO: "A rate limit of 0 means unlimited calls. This removes protection against runaway loops.",
+  DISABLED_VALIDATION: "Disabling schema validation removes input sanitization protections."
+};
+function createDeniedToolResult(reason) {
+  return {
+    content: [
+      {
+        type: "text",
+        text: JSON.stringify({
+          error: "POLICY_DENIED",
+          message: reason,
+          hint: "This tool call was blocked by SolonGate security policy. Check your policy configuration."
+        })
+      }
+    ],
+    isError: true
+  };
+}
+var DEFAULT_INPUT_GUARD_CONFIG2 = Object.freeze({
+  pathTraversal: true,
+  shellInjection: true,
+  wildcardAbuse: true,
+  lengthLimit: 4096,
+  entropyLimit: true,
+  ssrf: true,
+  sqlInjection: true
+});
+var PATH_TRAVERSAL_PATTERNS = [
+  /\.\.\//,
+  // ../
+  /\.\.\\/,
+  // ..\
+  /%2e%2e/i,
+  // URL-encoded ..
+  /%2e\./i,
+  // partial URL-encoded
+  /\.%2e/i,
+  // partial URL-encoded
+  /%252e%252e/i,
+  // double URL-encoded
+  /\.\.\0/
+  // null byte variant
+];
+var SENSITIVE_PATHS = [
+  /\/etc\/passwd/i,
+  /\/etc\/shadow/i,
+  /\/proc\//i,
+  /\/dev\//i,
+  /c:\\windows\\system32/i,
+  /c:\\windows\\syswow64/i,
+  /\/root\//i,
+  /~\//,
+  /\.env(\.|$)/i,
+  // .env, .env.local, .env.production
+  /\.aws\/credentials/i,
+  // AWS credentials
+  /\.ssh\/id_/i,
+  // SSH keys
+  /\.kube\/config/i,
+  // Kubernetes config
+  /wp-config\.php/i,
+  // WordPress config
+  /\.git\/config/i,
+  // Git config
+  /\.npmrc/i,
+  // npm credentials
+  /\.pypirc/i
+  // PyPI credentials
+];
+function detectPathTraversal(value) {
+  for (const pattern of PATH_TRAVERSAL_PATTERNS) {
+    if (pattern.test(value)) return true;
+  }
+  for (const pattern of SENSITIVE_PATHS) {
+    if (pattern.test(value)) return true;
+  }
+  return false;
+}
+var SHELL_INJECTION_PATTERNS = [
+  /[;|&`]/,
+  // Command separators and backtick execution
+  /\$\(/,
+  // Command substitution $(...)
+  /\$\{/,
+  // Variable expansion ${...}
+  />\s*/,
+  // Output redirect
+  /<\s*/,
+  // Input redirect
+  /&&/,
+  // AND chaining
+  /\|\|/,
+  // OR chaining
+  /\beval\b/i,
+  // eval command
+  /\bexec\b/i,
+  // exec command
+  /\bsystem\b/i,
+  // system call
+  /%0a/i,
+  // URL-encoded newline
+  /%0d/i,
+  // URL-encoded carriage return
+  /%09/i,
+  // URL-encoded tab
+  /\r\n/,
+  // CRLF injection
+  /\n/
+  // Newline (command separator on Unix)
+];
+function detectShellInjection(value) {
+  for (const pattern of SHELL_INJECTION_PATTERNS) {
+    if (pattern.test(value)) return true;
+  }
+  return false;
+}
+var MAX_WILDCARDS_PER_VALUE = 3;
+function detectWildcardAbuse(value) {
+  if (value.includes("**")) return true;
+  const wildcardCount = (value.match(/\*/g) || []).length;
+  if (wildcardCount > MAX_WILDCARDS_PER_VALUE) return true;
+  return false;
+}
+var SSRF_PATTERNS2 = [
+  /^https?:\/\/localhost\b/i,
+  /^https?:\/\/127\.\d{1,3}\.\d{1,3}\.\d{1,3}/,
+  /^https?:\/\/0\.0\.0\.0/,
+  /^https?:\/\/\[::1\]/,
+  // IPv6 loopback
+  /^https?:\/\/10\.\d{1,3}\.\d{1,3}\.\d{1,3}/,
+  // 10.x.x.x
+  /^https?:\/\/172\.(1[6-9]|2\d|3[01])\./,
+  // 172.16-31.x.x
+  /^https?:\/\/192\.168\./,
+  // 192.168.x.x
+  /^https?:\/\/169\.254\./,
+  // Link-local / AWS metadata
+  /metadata\.google\.internal/i,
+  // GCP metadata
+  /^https?:\/\/metadata\b/i,
+  // Generic metadata endpoint
+  // IPv6 bypass patterns
+  /^https?:\/\/\[fe80:/i,
+  // IPv6 link-local
+  /^https?:\/\/\[fc00:/i,
+  // IPv6 unique local
+  /^https?:\/\/\[fd[0-9a-f]{2}:/i,
+  // IPv6 unique local (fd00::/8)
+  /^https?:\/\/\[::ffff:127\./i,
+  // IPv4-mapped IPv6 loopback
+  /^https?:\/\/\[::ffff:10\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:172\.(1[6-9]|2\d|3[01])\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:192\.168\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:169\.254\./i,
+  // IPv4-mapped IPv6 link-local
+  // Hex IP bypass (e.g., 0x7f000001 = 127.0.0.1)
+  /^https?:\/\/0x[0-9a-f]+\b/i,
+  // Octal IP bypass (e.g., 0177.0.0.1 = 127.0.0.1)
+  /^https?:\/\/0[0-7]{1,3}\./
+];
+function detectDecimalIP2(value) {
+  const match = value.match(/^https?:\/\/(\d{8,10})(?:[:/]|$)/);
+  if (!match || !match[1]) return false;
+  const decimal = parseInt(match[1], 10);
+  if (isNaN(decimal) || decimal > 4294967295) return false;
+  return decimal >= 2130706432 && decimal <= 2147483647 || // 127.0.0.0/8
+  decimal >= 167772160 && decimal <= 184549375 || // 10.0.0.0/8
+  decimal >= 2886729728 && decimal <= 2887778303 || // 172.16.0.0/12
+  decimal >= 3232235520 && decimal <= 3232301055 || // 192.168.0.0/16
+  decimal >= 2851995648 && decimal <= 2852061183 || // 169.254.0.0/16
+  decimal === 0;
+}
+function detectSSRF2(value) {
+  for (const pattern of SSRF_PATTERNS2) {
+    if (pattern.test(value)) return true;
+  }
+  if (detectDecimalIP2(value)) return true;
+  return false;
+}
+var SQL_INJECTION_PATTERNS = [
+  /'\s{0,20}(OR|AND)\s{0,20}'.{0,200}'/i,
+  // ' OR '1'='1 — bounded to prevent ReDoS
+  /'\s{0,10};\s{0,10}(DROP|DELETE|UPDATE|INSERT|ALTER|CREATE|EXEC)/i,
+  // '; DROP TABLE
+  /UNION\s+(ALL\s+)?SELECT/i,
+  // UNION SELECT
+  /--\s*$/m,
+  // SQL comment at end of line
+  /\/\*.{0,500}?\*\//,
+  // SQL block comment — bounded + non-greedy
+  /\bSLEEP\s*\(/i,
+  // Time-based injection
+  /\bBENCHMARK\s*\(/i,
+  // MySQL benchmark
+  /\bWAITFOR\s+DELAY/i,
+  // MSSQL delay
+  /\b(LOAD_FILE|INTO\s+OUTFILE|INTO\s+DUMPFILE)\b/i
+  // File operations
+];
+function detectSQLInjection(value) {
+  for (const pattern of SQL_INJECTION_PATTERNS) {
+    if (pattern.test(value)) return true;
+  }
+  return false;
+}
+function checkLengthLimits(value, maxLength = 4096) {
+  return value.length <= maxLength;
+}
+var ENTROPY_THRESHOLD = 4.5;
+var MIN_LENGTH_FOR_ENTROPY_CHECK = 32;
+function checkEntropyLimits(value) {
+  if (value.length < MIN_LENGTH_FOR_ENTROPY_CHECK) return true;
+  const entropy = calculateShannonEntropy(value);
+  return entropy <= ENTROPY_THRESHOLD;
+}
+function calculateShannonEntropy(str) {
+  const freq = /* @__PURE__ */ new Map();
+  for (const char of str) {
+    freq.set(char, (freq.get(char) ?? 0) + 1);
+  }
+  let entropy = 0;
+  const len = str.length;
+  for (const count of freq.values()) {
+    const p = count / len;
+    if (p > 0) {
+      entropy -= p * Math.log2(p);
     }
   }
-  if (!apiKey) {
-    const envKey = process.env.SOLONGATE_API_KEY;
-    if (envKey) {
-      apiKey = envKey;
-    } else {
-      throw new Error(
-        "A valid SolonGate API key is required.\n\nUsage: solongate-proxy --api-key sg_live_xxx -- <command>\n   or: set SOLONGATE_API_KEY=sg_live_xxx\n\nGet your API key at https://solongate.com\n"
-      );
+  return entropy;
+}
+function sanitizeInput(field, value, config = DEFAULT_INPUT_GUARD_CONFIG2) {
+  const threats = [];
+  if (typeof value !== "string") {
+    if (typeof value === "object" && value !== null) {
+      return sanitizeObject(field, value, config);
     }
+    return { safe: true, threats: [] };
   }
-  if (!apiKey.startsWith("sg_live_") && !apiKey.startsWith("sg_test_")) {
-    throw new Error(
-      "Invalid API key format. Keys must start with 'sg_live_' or 'sg_test_'.\nGet your API key at https://solongate.com\n"
-    );
+  if (config.pathTraversal && detectPathTraversal(value)) {
+    threats.push({
+      type: "PATH_TRAVERSAL",
+      field,
+      value: truncate(value, 100),
+      description: "Path traversal pattern detected"
+    });
   }
-  if (configFile) {
-    const filePath = resolve(configFile);
-    const content = readFileSync(filePath, "utf-8");
-    const fileConfig = JSON.parse(content);
-    if (!fileConfig.upstream) {
-      throw new Error('Config file must include "upstream" with at least "command" or "url"');
-    }
-    if (fileConfig.upstream.url && detectSSRF(fileConfig.upstream.url)) {
-      throw new Error(
-        `Upstream URL blocked: "${fileConfig.upstream.url}" points to an internal or private network address.`
-      );
-    }
-    return {
-      upstream: fileConfig.upstream,
-      policy: loadPolicy(fileConfig.policy ?? policySource),
-      name: fileConfig.name ?? name,
-      verbose: fileConfig.verbose ?? verbose,
-      validateInput: fileConfig.validateInput ?? validateInput,
-      rateLimitPerTool: fileConfig.rateLimitPerTool ?? rateLimitPerTool,
-      globalRateLimit: fileConfig.globalRateLimit ?? globalRateLimit,
-      apiKey: apiKey ?? fileConfig.apiKey,
-      apiUrl: apiUrl ?? fileConfig.apiUrl,
-      port: port ?? fileConfig.port
-    };
+  if (config.shellInjection && detectShellInjection(value)) {
+    threats.push({
+      type: "SHELL_INJECTION",
+      field,
+      value: truncate(value, 100),
+      description: "Shell injection pattern detected"
+    });
   }
-  if (upstreamUrl) {
-    if (detectSSRF(upstreamUrl)) {
-      throw new Error(
-        `Upstream URL blocked: "${upstreamUrl}" points to an internal or private network address.
-SSRF protection prevents connecting to localhost, private IPs, or cloud metadata endpoints.`
-      );
-    }
-    const transport = upstreamTransport ?? (upstreamUrl.includes("/sse") ? "sse" : "http");
-    return {
-      upstream: {
-        transport,
-        command: "",
-        // not used for URL-based transports
-        url: upstreamUrl
-      },
-      policy: loadPolicy(policySource),
-      name,
-      verbose,
-      validateInput,
-      rateLimitPerTool,
-      globalRateLimit,
-      apiKey,
-      apiUrl,
-      port
-    };
+  if (config.wildcardAbuse && detectWildcardAbuse(value)) {
+    threats.push({
+      type: "WILDCARD_ABUSE",
+      field,
+      value: truncate(value, 100),
+      description: "Wildcard abuse pattern detected"
+    });
   }
-  if (upstreamArgs.length === 0) {
-    throw new Error(
-      "No upstream server command provided.\n\nUsage: solongate-proxy [options] -- <command> [args...]\n\nExamples:\n  solongate-proxy -- node my-server.js\n  solongate-proxy --policy restricted -- npx @openclaw/server\n  solongate-proxy --upstream-url http://localhost:3001/mcp\n  solongate-proxy --config solongate.json\n"
-    );
+  if (!checkLengthLimits(value, config.lengthLimit)) {
+    threats.push({
+      type: "LENGTH_EXCEEDED",
+      field,
+      value: `[${value.length} chars]`,
+      description: `Value exceeds maximum length of ${config.lengthLimit}`
+    });
   }
-  const [command, ...commandArgs] = upstreamArgs;
-  return {
-    upstream: {
-      transport: upstreamTransport ?? "stdio",
-      command,
-      args: commandArgs,
-      env: { ...process.env }
-    },
-    policy: loadPolicy(policySource),
-    name,
-    verbose,
-    validateInput,
-    rateLimitPerTool,
-    globalRateLimit,
-    apiKey,
-    apiUrl,
-    port
-  };
+  if (config.entropyLimit && !checkEntropyLimits(value)) {
+    threats.push({
+      type: "HIGH_ENTROPY",
+      field,
+      value: truncate(value, 100),
+      description: "High entropy string detected - possible encoded payload"
+    });
+  }
+  if (config.ssrf && detectSSRF2(value)) {
+    threats.push({
+      type: "SSRF",
+      field,
+      value: truncate(value, 100),
+      description: "Server-side request forgery pattern detected \u2014 internal/metadata URL blocked"
+    });
+  }
+  if (config.sqlInjection && detectSQLInjection(value)) {
+    threats.push({
+      type: "SQL_INJECTION",
+      field,
+      value: truncate(value, 100),
+      description: "SQL injection pattern detected"
+    });
+  }
+  return { safe: threats.length === 0, threats };
 }
-
-// src/proxy.ts
-import { Server } from "@modelcontextprotocol/sdk/server/index.js";
-import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
-import { Client } from "@modelcontextprotocol/sdk/client/index.js";
-import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
-import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
-import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
-import {
-  ListToolsRequestSchema,
-  CallToolRequestSchema,
-  ListResourcesRequestSchema,
-  ListPromptsRequestSchema,
-  GetPromptRequestSchema,
-  ReadResourceRequestSchema,
-  ListResourceTemplatesRequestSchema
-} from "@modelcontextprotocol/sdk/types.js";
-import { createServer as createHttpServer } from "http";
-
-// ../policy-engine/dist/index.js
-import { createHash } from "crypto";
+function sanitizeObject(basePath, obj, config) {
+  const threats = [];
+  if (Array.isArray(obj)) {
+    for (let i = 0; i < obj.length; i++) {
+      const result = sanitizeInput(`${basePath}[${i}]`, obj[i], config);
+      threats.push(...result.threats);
+    }
+  } else {
+    for (const [key, val] of Object.entries(obj)) {
+      const result = sanitizeInput(`${basePath}.${key}`, val, config);
+      threats.push(...result.threats);
+    }
+  }
+  return { safe: threats.length === 0, threats };
+}
+function truncate(str, maxLen) {
+  return str.length > maxLen ? str.slice(0, maxLen) + "..." : str;
+}
+var DEFAULT_TOKEN_TTL_SECONDS = 30;
+var TOKEN_ALGORITHM = "HS256";
+var MIN_SECRET_LENGTH = 32;
 function normalizePath(path) {
   let normalized = path.replace(/\\/g, "/");
   if (normalized.length > 1 && normalized.endsWith("/")) {
@@ -1945,7 +2070,7 @@ function evaluatePolicy(policySet, request) {
 function validatePolicyRule(input) {
   const errors = [];
   const warnings = [];
-  const result = PolicyRuleSchema.safeParse(input);
+  const result = PolicyRuleSchema2.safeParse(input);
   if (!result.success) {
     return {
       valid: false,
@@ -1970,7 +2095,7 @@ function validatePolicyRule(input) {
 function validatePolicySet(input) {
   const errors = [];
   const warnings = [];
-  const result = PolicySetSchema.safeParse(input);
+  const result = PolicySetSchema2.safeParse(input);
   if (!result.success) {
     return {
       valid: false,
@@ -2064,7 +2189,7 @@ function createDefaultDenyPolicySet() {
         effect: PolicyEffect.DENY,
         priority: 1e4,
         toolPattern: "*",
-        permission: Permission.EXECUTE,
+        permission: Permission2.EXECUTE,
         minimumTrustLevel: TrustLevel.UNTRUSTED,
         enabled: true,
         createdAt: now,
@@ -2076,7 +2201,7 @@ function createDefaultDenyPolicySet() {
         effect: PolicyEffect.DENY,
         priority: 1e4,
         toolPattern: "*",
-        permission: Permission.WRITE,
+        permission: Permission2.WRITE,
         minimumTrustLevel: TrustLevel.UNTRUSTED,
         enabled: true,
         createdAt: now,
@@ -2088,7 +2213,7 @@ function createDefaultDenyPolicySet() {
         effect: PolicyEffect.DENY,
         priority: 1e4,
         toolPattern: "*",
-        permission: Permission.READ,
+        permission: Permission2.READ,
         minimumTrustLevel: TrustLevel.UNTRUSTED,
         enabled: true,
         createdAt: now,
@@ -2258,10 +2383,6 @@ var PolicyStore = class {
     return createHash("sha256").update(serialized).digest("hex");
   }
 };
-
-// ../sdk-ts/dist/index.js
-import { randomUUID, createHmac } from "crypto";
-import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 var DEFAULT_CONFIG = Object.freeze({
   validateSchemas: true,
   enableLogging: true,
@@ -2271,7 +2392,7 @@ var DEFAULT_CONFIG = Object.freeze({
   globalRateLimitPerMinute: 600,
   rateLimitPerTool: 60,
   tokenTtlSeconds: 30,
-  inputGuardConfig: DEFAULT_INPUT_GUARD_CONFIG,
+  inputGuardConfig: DEFAULT_INPUT_GUARD_CONFIG2,
   enableVersionedPolicies: true
 });
 function resolveConfig(userConfig) {
@@ -2304,7 +2425,7 @@ async function interceptToolCall(params, upstreamCall, options) {
     toolName: params.name,
     serverName: "default",
     arguments: params.arguments ?? {},
-    requiredPermission: Permission.EXECUTE,
+    requiredPermission: Permission2.EXECUTE,
     timestamp
   };
   if (options.rateLimiter) {
@@ -2343,7 +2464,7 @@ async function interceptToolCall(params, upstreamCall, options) {
     }
   }
   if (options.validateSchemas && params.arguments) {
-    const guardConfig = options.inputGuardConfig ?? DEFAULT_INPUT_GUARD_CONFIG;
+    const guardConfig = options.inputGuardConfig ?? DEFAULT_INPUT_GUARD_CONFIG2;
     const sanitization = sanitizeInput("arguments", params.arguments, guardConfig);
     if (!sanitization.safe) {
       const threatDescriptions = sanitization.threats.map(
@@ -2376,7 +2497,7 @@ async function interceptToolCall(params, upstreamCall, options) {
   if (options.tokenIssuer) {
     capabilityToken = options.tokenIssuer.issue(
       requestId,
-      [Permission.EXECUTE],
+      [Permission2.EXECUTE],
       [params.name]
     );
   }