@solongate/proxy 0.2.1 → 0.2.2

package/dist/index.js

@@ -6,20 +6,9 @@ var __esm = (fn, res) => function __init() {
 
 // src/init.ts
 var init_exports = {};
-import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync2, copyFileSync } from "fs";
-import { resolve as resolve2, join, dirname } from "path";
+import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync2, copyFileSync, mkdirSync } from "fs";
+import { resolve as resolve2, join } from "path";
 import { createInterface } from "readline";
-function findProxyPath() {
-  const candidates = [
-    resolve2(dirname(new URL(import.meta.url).pathname.replace(/^\/([A-Z]:)/, "$1")), "index.js"),
-    resolve2("node_modules", "@solongate", "proxy", "dist", "index.js"),
-    resolve2("packages", "proxy", "dist", "index.js")
-  ];
-  for (const p of candidates) {
-    if (existsSync2(p)) return p.replace(/\\/g, "/");
-  }
-  return "solongate-proxy";
-}
 function findConfigFile(explicitPath) {
   if (explicitPath) {
     if (existsSync2(explicitPath)) {
@@ -46,11 +35,14 @@ function isAlreadyProtected(server) {
   const cmdStr = [server.command, ...server.args ?? []].join(" ");
   return cmdStr.includes("solongate") || cmdStr.includes("solongate-proxy");
 }
-function wrapServer(server, policy, proxyPath) {
+function wrapServer(server, policy, apiKey) {
   return {
-    command: "node",
+    command: "npx",
     args: [
-      proxyPath,
+      "-y",
+      "@solongate/proxy",
+      "--api-key",
+      apiKey,
       "--policy",
       policy,
       "--verbose",
@@ -58,10 +50,7 @@ function wrapServer(server, policy, proxyPath) {
       server.command,
       ...server.args ?? []
     ],
-    env: {
-      ...server.env,
-      SOLONGATE_API_KEY: server.env?.SOLONGATE_API_KEY ?? "sg_live_YOUR_KEY_HERE"
-    }
+    ...server.env ? { env: server.env } : {}
   };
 }
 async function prompt(question) {
@@ -89,6 +78,9 @@ function parseInitArgs(argv) {
       case "--policy":
         options.policy = args[++i];
         break;
+      case "--api-key":
+        options.apiKey = args[++i];
+        break;
       case "--all":
         options.all = true;
         break;
@@ -124,13 +116,14 @@ OPTIONS
   --config <path>     Path to MCP config file (default: auto-detect)
   --policy <preset>   Policy preset or JSON file (default: restricted)
                       Presets: ${POLICY_PRESETS.join(", ")}
+  --api-key <key>     SolonGate API key (sg_live_... or sg_test_...)
   --all               Protect all servers without prompting
   --dry-run           Preview changes without writing
   --restore           Restore original config from backup
   -h, --help          Show this help message
 
 EXAMPLES
-  solongate-init                          # Interactive setup
+  solongate-init --api-key sg_live_xxx    # Setup with API key
   solongate-init --all                    # Protect everything
   solongate-init --policy read-only       # Use read-only policy
   solongate-init --dry-run                # Preview changes
@@ -144,6 +137,44 @@ POLICY PRESETS
 `;
   console.error(help);
 }
+function installClaudeCodeHooks(apiKey) {
+  const hooksDir = resolve2(".claude", "hooks");
+  mkdirSync(hooksDir, { recursive: true });
+  const hookPath = join(hooksDir, "audit.mjs");
+  writeFileSync(hookPath, HOOK_SCRIPT);
+  console.error(`  Created ${hookPath}`);
+  const settingsPath = resolve2(".claude", "settings.json");
+  let settings = {};
+  if (existsSync2(settingsPath)) {
+    try {
+      settings = JSON.parse(readFileSync2(settingsPath, "utf-8"));
+    } catch {
+    }
+  }
+  settings.hooks = {
+    PostToolUse: [
+      {
+        matcher: ".*",
+        hooks: [
+          {
+            type: "command",
+            command: "node .claude/hooks/audit.mjs",
+            timeout: 10,
+            async: true
+          }
+        ]
+      }
+    ]
+  };
+  const envObj = settings.env || {};
+  envObj.SOLONGATE_API_KEY = apiKey;
+  settings.env = envObj;
+  writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + "\n");
+  console.error(`  Created ${settingsPath}`);
+  console.error("");
+  console.error("  Claude Code hooks installed!");
+  console.error("  Built-in tools (Read, Write, Edit, Bash) will now be audit-logged.");
+}
 function ensureEnvFile() {
   const envPath = resolve2(".env");
   if (!existsSync2(envPath)) {
@@ -281,14 +312,34 @@ async function main() {
     process.exit(0);
   }
   console.error("");
-  console.error(`  Policy: ${options.policy}`);
+  let apiKey = options.apiKey || process.env.SOLONGATE_API_KEY || "";
+  if (!apiKey) {
+    const envPath = resolve2(".env");
+    if (existsSync2(envPath)) {
+      const envContent = readFileSync2(envPath, "utf-8");
+      const match = envContent.match(/^SOLONGATE_API_KEY=(sg_(?:live|test)_\w+)/m);
+      if (match) apiKey = match[1];
+    }
+  }
+  if (!apiKey || apiKey === "sg_live_your_key_here") {
+    apiKey = await prompt("  Enter your SolonGate API key (from https://dashboard.solongate.com): ");
+    if (!apiKey) {
+      console.error("  API key is required. Get one at https://dashboard.solongate.com");
+      process.exit(1);
+    }
+  }
+  if (!apiKey.startsWith("sg_live_") && !apiKey.startsWith("sg_test_")) {
+    console.error("  Invalid API key format. Must start with sg_live_ or sg_test_");
+    process.exit(1);
+  }
+  console.error(`  Policy:  ${options.policy}`);
+  console.error(`  API Key: ${apiKey.slice(0, 12)}...${apiKey.slice(-4)}`);
   console.error(`  Protecting: ${toProtect.join(", ")}`);
   console.error("");
-  const proxyPath = findProxyPath();
   const newConfig = { mcpServers: {} };
   for (const name of serverNames) {
     if (toProtect.includes(name)) {
-      newConfig.mcpServers[name] = wrapServer(config.mcpServers[name], options.policy, proxyPath);
+      newConfig.mcpServers[name] = wrapServer(config.mcpServers[name], options.policy, apiKey);
     } else {
       newConfig.mcpServers[name] = config.mcpServers[name];
     }
@@ -313,22 +364,12 @@ async function main() {
   }
   console.error("  Config updated!");
   console.error("");
-  console.error("  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510");
-  console.error("  \u2502  Your MCP servers are now protected by          \u2502");
-  console.error("  \u2502  SolonGate security policies.                   \u2502");
-  console.error("  \u2502                                                 \u2502");
-  console.error("  \u2502  Next steps:                                    \u2502");
-  console.error("  \u2502  1. Replace sg_live_YOUR_KEY_HERE in your       \u2502");
-  console.error("  \u2502     config with your real API key from          \u2502");
-  console.error("  \u2502     https://solongate.com                       \u2502");
-  console.error("  \u2502  2. Restart your MCP client (Claude Code        \u2502");
-  console.error("  \u2502     or Claude Desktop) to apply changes.        \u2502");
-  console.error("  \u2502                                                 \u2502");
-  console.error("  \u2502  To undo: solongate-init --restore              \u2502");
-  console.error("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518");
+  installClaudeCodeHooks(apiKey);
   console.error("");
   ensureEnvFile();
   console.error("");
+  console.error("  \u2500\u2500 Summary \u2500\u2500");
+  console.error("");
   for (const name of toProtect) {
     console.error(`  \u2713 ${name} \u2014 protected (${options.policy})`);
   }
@@ -339,8 +380,20 @@ async function main() {
     console.error(`  \u25CB ${name} \u2014 skipped`);
   }
   console.error("");
+  console.error("  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510");
+  console.error("  \u2502  Setup complete!                                \u2502");
+  console.error("  \u2502                                                 \u2502");
+  console.error("  \u2502  MCP tools \u2192 Proxy audit logging                \u2502");
+  console.error("  \u2502  Built-in tools \u2192 Hook audit logging            \u2502");
+  console.error("  \u2502                                                 \u2502");
+  console.error("  \u2502  View logs: https://dashboard.solongate.com     \u2502");
+  console.error("  \u2502  To undo: solongate-init --restore              \u2502");
+  console.error("  \u2502                                                 \u2502");
+  console.error("  \u2502  Restart your MCP client to apply changes.      \u2502");
+  console.error("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518");
+  console.error("");
 }
-var POLICY_PRESETS, SEARCH_PATHS, CLAUDE_DESKTOP_PATHS;
+var POLICY_PRESETS, SEARCH_PATHS, CLAUDE_DESKTOP_PATHS, HOOK_SCRIPT;
 var init_init = __esm({
   "src/init.ts"() {
     "use strict";
@@ -351,6 +404,65 @@ var init_init = __esm({
       ".claude/mcp.json"
     ];
     CLAUDE_DESKTOP_PATHS = process.platform === "win32" ? [join(process.env["APPDATA"] ?? "", "Claude", "claude_desktop_config.json")] : process.platform === "darwin" ? [join(process.env["HOME"] ?? "", "Library", "Application Support", "Claude", "claude_desktop_config.json")] : [join(process.env["HOME"] ?? "", ".config", "claude", "claude_desktop_config.json")];
+    HOOK_SCRIPT = `#!/usr/bin/env node
+/**
+ * SolonGate Audit Hook for Claude Code
+ * Captures ALL tool calls (built-in + MCP) and sends to SolonGate Cloud.
+ * Auto-installed by: npx @solongate/proxy init
+ */
+
+const API_KEY = process.env.SOLONGATE_API_KEY || '';
+const API_URL = process.env.SOLONGATE_API_URL || 'https://api.solongate.com';
+
+if (!API_KEY || !API_KEY.startsWith('sg_live_')) process.exit(0);
+
+let input = '';
+process.stdin.on('data', c => input += c);
+process.stdin.on('end', async () => {
+  try {
+    const data = JSON.parse(input);
+    const toolName = data.tool_name || 'unknown';
+    const toolInput = data.tool_input || {};
+
+    // Skip logging the audit hook itself to avoid loops
+    if (toolName === 'Bash' && JSON.stringify(toolInput).includes('audit-logs')) {
+      process.exit(0);
+    }
+
+    const hasError = data.tool_response?.error ||
+      data.tool_response?.exitCode > 0 ||
+      data.tool_response?.isError;
+
+    // Truncate large argument values for security
+    const argsSummary = {};
+    for (const [k, v] of Object.entries(toolInput)) {
+      argsSummary[k] = typeof v === 'string' && v.length > 200
+        ? v.slice(0, 200) + '...'
+        : v;
+    }
+
+    await fetch(\`\${API_URL}/api/v1/audit-logs\`, {
+      method: 'POST',
+      headers: {
+        'Authorization': \`Bearer \${API_KEY}\`,
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({
+        tool: toolName,
+        arguments: argsSummary,
+        decision: hasError ? 'DENY' : 'ALLOW',
+        reason: hasError ? 'tool returned error' : 'allowed',
+        source: 'claude-code-hook',
+        evaluationTimeMs: 0,
+      }),
+      signal: AbortSignal.timeout(5000),
+    });
+  } catch {
+    // Silent
+  }
+  process.exit(0);
+});
+`;
     main().catch((err) => {
       console.error(`Fatal: ${err instanceof Error ? err.message : String(err)}`);
       process.exit(1);
@@ -732,7 +844,7 @@ var init_inject = __esm({
 
 // src/create.ts
 var create_exports = {};
-import { mkdirSync, writeFileSync as writeFileSync3, existsSync as existsSync4 } from "fs";
+import { mkdirSync as mkdirSync2, writeFileSync as writeFileSync3, existsSync as existsSync4 } from "fs";
 import { resolve as resolve4, join as join2 } from "path";
 import { execSync as execSync2 } from "child_process";
 function log3(msg) {
@@ -884,7 +996,7 @@ function createProject(dir, name, _policy) {
       2
     ) + "\n"
   );
-  mkdirSync(join2(dir, "src"), { recursive: true });
+  mkdirSync2(join2(dir, "src"), { recursive: true });
   writeFileSync3(
     join2(dir, "src", "index.ts"),
     `#!/usr/bin/env node
@@ -973,7 +1085,7 @@ async function main3() {
     process.exit(1);
   }
   withSpinner(`Setting up ${opts.name}...`, () => {
-    mkdirSync(dir, { recursive: true });
+    mkdirSync2(dir, { recursive: true });
     createProject(dir, opts.name, opts.policy);
   });
   if (!opts.noInstall) {

package/dist/init.js

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 
 // src/init.ts
-import { readFileSync, writeFileSync, existsSync, copyFileSync } from "fs";
-import { resolve, join, dirname } from "path";
+import { readFileSync, writeFileSync, existsSync, copyFileSync, mkdirSync } from "fs";
+import { resolve, join } from "path";
 import { createInterface } from "readline";
 var POLICY_PRESETS = ["restricted", "read-only", "permissive", "deny-all"];
 var SEARCH_PATHS = [
@@ -11,17 +11,6 @@ var SEARCH_PATHS = [
   ".claude/mcp.json"
 ];
 var CLAUDE_DESKTOP_PATHS = process.platform === "win32" ? [join(process.env["APPDATA"] ?? "", "Claude", "claude_desktop_config.json")] : process.platform === "darwin" ? [join(process.env["HOME"] ?? "", "Library", "Application Support", "Claude", "claude_desktop_config.json")] : [join(process.env["HOME"] ?? "", ".config", "claude", "claude_desktop_config.json")];
-function findProxyPath() {
-  const candidates = [
-    resolve(dirname(new URL(import.meta.url).pathname.replace(/^\/([A-Z]:)/, "$1")), "index.js"),
-    resolve("node_modules", "@solongate", "proxy", "dist", "index.js"),
-    resolve("packages", "proxy", "dist", "index.js")
-  ];
-  for (const p of candidates) {
-    if (existsSync(p)) return p.replace(/\\/g, "/");
-  }
-  return "solongate-proxy";
-}
 function findConfigFile(explicitPath) {
   if (explicitPath) {
     if (existsSync(explicitPath)) {
@@ -48,11 +37,14 @@ function isAlreadyProtected(server) {
   const cmdStr = [server.command, ...server.args ?? []].join(" ");
   return cmdStr.includes("solongate") || cmdStr.includes("solongate-proxy");
 }
-function wrapServer(server, policy, proxyPath) {
+function wrapServer(server, policy, apiKey) {
   return {
-    command: "node",
+    command: "npx",
     args: [
-      proxyPath,
+      "-y",
+      "@solongate/proxy",
+      "--api-key",
+      apiKey,
       "--policy",
       policy,
       "--verbose",
@@ -60,10 +52,7 @@ function wrapServer(server, policy, proxyPath) {
       server.command,
       ...server.args ?? []
     ],
-    env: {
-      ...server.env,
-      SOLONGATE_API_KEY: server.env?.SOLONGATE_API_KEY ?? "sg_live_YOUR_KEY_HERE"
-    }
+    ...server.env ? { env: server.env } : {}
   };
 }
 async function prompt(question) {
@@ -91,6 +80,9 @@ function parseInitArgs(argv) {
       case "--policy":
         options.policy = args[++i];
         break;
+      case "--api-key":
+        options.apiKey = args[++i];
+        break;
       case "--all":
         options.all = true;
         break;
@@ -126,13 +118,14 @@ OPTIONS
   --config <path>     Path to MCP config file (default: auto-detect)
   --policy <preset>   Policy preset or JSON file (default: restricted)
                       Presets: ${POLICY_PRESETS.join(", ")}
+  --api-key <key>     SolonGate API key (sg_live_... or sg_test_...)
   --all               Protect all servers without prompting
   --dry-run           Preview changes without writing
   --restore           Restore original config from backup
   -h, --help          Show this help message
 
 EXAMPLES
-  solongate-init                          # Interactive setup
+  solongate-init --api-key sg_live_xxx    # Setup with API key
   solongate-init --all                    # Protect everything
   solongate-init --policy read-only       # Use read-only policy
   solongate-init --dry-run                # Preview changes
@@ -146,6 +139,103 @@ POLICY PRESETS
 `;
   console.error(help);
 }
+var HOOK_SCRIPT = `#!/usr/bin/env node
+/**
+ * SolonGate Audit Hook for Claude Code
+ * Captures ALL tool calls (built-in + MCP) and sends to SolonGate Cloud.
+ * Auto-installed by: npx @solongate/proxy init
+ */
+
+const API_KEY = process.env.SOLONGATE_API_KEY || '';
+const API_URL = process.env.SOLONGATE_API_URL || 'https://api.solongate.com';
+
+if (!API_KEY || !API_KEY.startsWith('sg_live_')) process.exit(0);
+
+let input = '';
+process.stdin.on('data', c => input += c);
+process.stdin.on('end', async () => {
+  try {
+    const data = JSON.parse(input);
+    const toolName = data.tool_name || 'unknown';
+    const toolInput = data.tool_input || {};
+
+    // Skip logging the audit hook itself to avoid loops
+    if (toolName === 'Bash' && JSON.stringify(toolInput).includes('audit-logs')) {
+      process.exit(0);
+    }
+
+    const hasError = data.tool_response?.error ||
+      data.tool_response?.exitCode > 0 ||
+      data.tool_response?.isError;
+
+    // Truncate large argument values for security
+    const argsSummary = {};
+    for (const [k, v] of Object.entries(toolInput)) {
+      argsSummary[k] = typeof v === 'string' && v.length > 200
+        ? v.slice(0, 200) + '...'
+        : v;
+    }
+
+    await fetch(\`\${API_URL}/api/v1/audit-logs\`, {
+      method: 'POST',
+      headers: {
+        'Authorization': \`Bearer \${API_KEY}\`,
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({
+        tool: toolName,
+        arguments: argsSummary,
+        decision: hasError ? 'DENY' : 'ALLOW',
+        reason: hasError ? 'tool returned error' : 'allowed',
+        source: 'claude-code-hook',
+        evaluationTimeMs: 0,
+      }),
+      signal: AbortSignal.timeout(5000),
+    });
+  } catch {
+    // Silent
+  }
+  process.exit(0);
+});
+`;
+function installClaudeCodeHooks(apiKey) {
+  const hooksDir = resolve(".claude", "hooks");
+  mkdirSync(hooksDir, { recursive: true });
+  const hookPath = join(hooksDir, "audit.mjs");
+  writeFileSync(hookPath, HOOK_SCRIPT);
+  console.error(`  Created ${hookPath}`);
+  const settingsPath = resolve(".claude", "settings.json");
+  let settings = {};
+  if (existsSync(settingsPath)) {
+    try {
+      settings = JSON.parse(readFileSync(settingsPath, "utf-8"));
+    } catch {
+    }
+  }
+  settings.hooks = {
+    PostToolUse: [
+      {
+        matcher: ".*",
+        hooks: [
+          {
+            type: "command",
+            command: "node .claude/hooks/audit.mjs",
+            timeout: 10,
+            async: true
+          }
+        ]
+      }
+    ]
+  };
+  const envObj = settings.env || {};
+  envObj.SOLONGATE_API_KEY = apiKey;
+  settings.env = envObj;
+  writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + "\n");
+  console.error(`  Created ${settingsPath}`);
+  console.error("");
+  console.error("  Claude Code hooks installed!");
+  console.error("  Built-in tools (Read, Write, Edit, Bash) will now be audit-logged.");
+}
 function ensureEnvFile() {
   const envPath = resolve(".env");
   if (!existsSync(envPath)) {
@@ -283,14 +373,34 @@ async function main() {
     process.exit(0);
   }
   console.error("");
-  console.error(`  Policy: ${options.policy}`);
+  let apiKey = options.apiKey || process.env.SOLONGATE_API_KEY || "";
+  if (!apiKey) {
+    const envPath = resolve(".env");
+    if (existsSync(envPath)) {
+      const envContent = readFileSync(envPath, "utf-8");
+      const match = envContent.match(/^SOLONGATE_API_KEY=(sg_(?:live|test)_\w+)/m);
+      if (match) apiKey = match[1];
+    }
+  }
+  if (!apiKey || apiKey === "sg_live_your_key_here") {
+    apiKey = await prompt("  Enter your SolonGate API key (from https://dashboard.solongate.com): ");
+    if (!apiKey) {
+      console.error("  API key is required. Get one at https://dashboard.solongate.com");
+      process.exit(1);
+    }
+  }
+  if (!apiKey.startsWith("sg_live_") && !apiKey.startsWith("sg_test_")) {
+    console.error("  Invalid API key format. Must start with sg_live_ or sg_test_");
+    process.exit(1);
+  }
+  console.error(`  Policy:  ${options.policy}`);
+  console.error(`  API Key: ${apiKey.slice(0, 12)}...${apiKey.slice(-4)}`);
   console.error(`  Protecting: ${toProtect.join(", ")}`);
   console.error("");
-  const proxyPath = findProxyPath();
   const newConfig = { mcpServers: {} };
   for (const name of serverNames) {
     if (toProtect.includes(name)) {
-      newConfig.mcpServers[name] = wrapServer(config.mcpServers[name], options.policy, proxyPath);
+      newConfig.mcpServers[name] = wrapServer(config.mcpServers[name], options.policy, apiKey);
     } else {
       newConfig.mcpServers[name] = config.mcpServers[name];
     }
@@ -315,22 +425,12 @@ async function main() {
   }
   console.error("  Config updated!");
   console.error("");
-  console.error("  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510");
-  console.error("  \u2502  Your MCP servers are now protected by          \u2502");
-  console.error("  \u2502  SolonGate security policies.                   \u2502");
-  console.error("  \u2502                                                 \u2502");
-  console.error("  \u2502  Next steps:                                    \u2502");
-  console.error("  \u2502  1. Replace sg_live_YOUR_KEY_HERE in your       \u2502");
-  console.error("  \u2502     config with your real API key from          \u2502");
-  console.error("  \u2502     https://solongate.com                       \u2502");
-  console.error("  \u2502  2. Restart your MCP client (Claude Code        \u2502");
-  console.error("  \u2502     or Claude Desktop) to apply changes.        \u2502");
-  console.error("  \u2502                                                 \u2502");
-  console.error("  \u2502  To undo: solongate-init --restore              \u2502");
-  console.error("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518");
+  installClaudeCodeHooks(apiKey);
   console.error("");
   ensureEnvFile();
   console.error("");
+  console.error("  \u2500\u2500 Summary \u2500\u2500");
+  console.error("");
   for (const name of toProtect) {
     console.error(`  \u2713 ${name} \u2014 protected (${options.policy})`);
   }
@@ -341,6 +441,18 @@ async function main() {
     console.error(`  \u25CB ${name} \u2014 skipped`);
   }
   console.error("");
+  console.error("  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510");
+  console.error("  \u2502  Setup complete!                                \u2502");
+  console.error("  \u2502                                                 \u2502");
+  console.error("  \u2502  MCP tools \u2192 Proxy audit logging                \u2502");
+  console.error("  \u2502  Built-in tools \u2192 Hook audit logging            \u2502");
+  console.error("  \u2502                                                 \u2502");
+  console.error("  \u2502  View logs: https://dashboard.solongate.com     \u2502");
+  console.error("  \u2502  To undo: solongate-init --restore              \u2502");
+  console.error("  \u2502                                                 \u2502");
+  console.error("  \u2502  Restart your MCP client to apply changes.      \u2502");
+  console.error("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518");
+  console.error("");
 }
 main().catch((err) => {
   console.error(`Fatal: ${err instanceof Error ? err.message : String(err)}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@solongate/proxy",
-  "version": "0.2.1",
+  "version": "0.2.2",
   "description": "MCP security proxy \u00e2\u20ac\u201d protect any MCP server with policies, input validation, rate limiting, and audit logging. Zero code changes required.",
   "type": "module",
   "bin": {