@solongate/proxy 0.15.3 → 0.15.4

package/hooks/guard.mjs

@@ -290,12 +290,57 @@ process.stdin.on('end', async () => {
     const args = data.tool_input || {};
 
     // ── Self-protection: block access to hook files and settings ──
-    const allStrings = scanStrings(args).map(s => s.replace(/\\/g, '/').toLowerCase());
+    // Hardcoded, no bypass possible — runs before policy/PI config
     const protectedPaths = [
       '.solongate', '.claude', '.cursor', '.gemini', '.antigravity', '.openclaw', '.perplexity',
       'policy.json', '.mcp.json',
     ];
+
+    // Strip shell quotes/escapes: .sol'on'gate → .solongate, .sol"on"gate → .solongate
+    function stripShellQuotes(s) {
+      return s.replace(/\\(.)/g, '$1').replace(/'/g, '').replace(/"/g, '');
+    }
+
+    // Check if a glob/wildcard pattern could match any protected path
+    // e.g. ".antig*" matches ".antigravity", "/path/.sol*" matches ".solongate"
+    function globMatchesProtected(s) {
+      if (!s.includes('*') && !s.includes('?')) return null;
+      // Extract all path segments and the full string to test
+      const segments = s.split('/').filter(Boolean);
+      const candidates = [s, ...segments];
+      for (const candidate of candidates) {
+        if (!candidate.includes('*') && !candidate.includes('?')) continue;
+        for (const p of protectedPaths) {
+          // Build regex from glob: * → .*, ? → .
+          const escaped = candidate.replace(/[.+^${}()|[\]\\]/g, '\\$&').replace(/\\\*/g, '.*').replace(/\\\?/g, '.');
+          try {
+            if (new RegExp('^' + escaped + '$', 'i').test(p)) return p;
+          } catch { /* invalid regex, skip */ }
+        }
+      }
+      return null;
+    }
+
+    // Normalize: lowercase, forward slashes, strip shell quotes
+    const rawStrings = scanStrings(args).map(s => s.replace(/\\/g, '/').toLowerCase());
+    const allStrings = [];
+    for (const s of rawStrings) {
+      allStrings.push(s);
+      // Also add quote-stripped version
+      const stripped = stripShellQuotes(s);
+      if (stripped !== s) allStrings.push(stripped);
+      // Split by spaces (for commands like "rm -rf .sol'on'gate .cl*")
+      for (const tok of s.split(/\s+/)) {
+        if (tok !== s) {
+          allStrings.push(tok);
+          const strippedTok = stripShellQuotes(tok);
+          if (strippedTok !== tok) allStrings.push(strippedTok);
+        }
+      }
+    }
+
     for (const s of allStrings) {
+      // Direct match
       for (const p of protectedPaths) {
         if (s.includes(p)) {
           const msg = 'SOLONGATE: Access to protected file "' + p + '" is blocked';
@@ -317,6 +362,27 @@ process.stdin.on('end', async () => {
           process.exit(2);
         }
       }
+      // Wildcard/glob match
+      const globHit = globMatchesProtected(s);
+      if (globHit) {
+        const msg = 'SOLONGATE: Wildcard pattern "' + s + '" matches protected path "' + globHit + '" — blocked';
+        if (API_KEY && API_KEY.startsWith('sg_live_')) {
+          try {
+            await fetch(API_URL + '/api/v1/audit-logs', {
+              method: 'POST',
+              headers: { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' },
+              body: JSON.stringify({
+                tool: data.tool_name || '', arguments: args,
+                decision: 'DENY', reason: msg,
+                source: 'claude-code-guard',
+              }),
+              signal: AbortSignal.timeout(3000),
+            });
+          } catch {}
+        }
+        process.stderr.write(msg);
+        process.exit(2);
+      }
     }
 
     // ── Fetch PI config from Cloud ──

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@solongate/proxy",
-  "version": "0.15.3",
+  "version": "0.15.4",
   "description": "MCP security proxy — protect any MCP server with customizable policies, path/command constraints, rate limiting, and audit logging. Zero code changes required.",
   "type": "module",
   "bin": {