@solongate/proxy 0.2.1 → 0.2.3

package/dist/index.js

@@ -6,20 +6,9 @@ var __esm = (fn, res) => function __init() {
 
 // src/init.ts
 var init_exports = {};
-import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync2, copyFileSync } from "fs";
-import { resolve as resolve2, join, dirname } from "path";
+import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync2, copyFileSync, mkdirSync } from "fs";
+import { resolve as resolve2, join } from "path";
 import { createInterface } from "readline";
-function findProxyPath() {
-  const candidates = [
-    resolve2(dirname(new URL(import.meta.url).pathname.replace(/^\/([A-Z]:)/, "$1")), "index.js"),
-    resolve2("node_modules", "@solongate", "proxy", "dist", "index.js"),
-    resolve2("packages", "proxy", "dist", "index.js")
-  ];
-  for (const p of candidates) {
-    if (existsSync2(p)) return p.replace(/\\/g, "/");
-  }
-  return "solongate-proxy";
-}
 function findConfigFile(explicitPath) {
   if (explicitPath) {
     if (existsSync2(explicitPath)) {
@@ -46,11 +35,14 @@ function isAlreadyProtected(server) {
   const cmdStr = [server.command, ...server.args ?? []].join(" ");
   return cmdStr.includes("solongate") || cmdStr.includes("solongate-proxy");
 }
-function wrapServer(server, policy, proxyPath) {
+function wrapServer(server, policy, apiKey) {
   return {
-    command: "node",
+    command: "npx",
     args: [
-      proxyPath,
+      "-y",
+      "@solongate/proxy",
+      "--api-key",
+      apiKey,
       "--policy",
       policy,
       "--verbose",
@@ -58,10 +50,7 @@ function wrapServer(server, policy, proxyPath) {
       server.command,
       ...server.args ?? []
     ],
-    env: {
-      ...server.env,
-      SOLONGATE_API_KEY: server.env?.SOLONGATE_API_KEY ?? "sg_live_YOUR_KEY_HERE"
-    }
+    ...server.env ? { env: server.env } : {}
   };
 }
 async function prompt(question) {
@@ -89,6 +78,9 @@ function parseInitArgs(argv) {
       case "--policy":
         options.policy = args[++i];
         break;
+      case "--api-key":
+        options.apiKey = args[++i];
+        break;
       case "--all":
         options.all = true;
         break;
@@ -124,13 +116,14 @@ OPTIONS
   --config <path>     Path to MCP config file (default: auto-detect)
   --policy <preset>   Policy preset or JSON file (default: restricted)
                       Presets: ${POLICY_PRESETS.join(", ")}
+  --api-key <key>     SolonGate API key (sg_live_... or sg_test_...)
   --all               Protect all servers without prompting
   --dry-run           Preview changes without writing
   --restore           Restore original config from backup
   -h, --help          Show this help message
 
 EXAMPLES
-  solongate-init                          # Interactive setup
+  solongate-init --api-key sg_live_xxx    # Setup with API key
   solongate-init --all                    # Protect everything
   solongate-init --policy read-only       # Use read-only policy
   solongate-init --dry-run                # Preview changes
@@ -144,6 +137,60 @@ POLICY PRESETS
 `;
   console.error(help);
 }
+function installClaudeCodeHooks(apiKey) {
+  const hooksDir = resolve2(".claude", "hooks");
+  mkdirSync(hooksDir, { recursive: true });
+  const guardPath = join(hooksDir, "guard.mjs");
+  writeFileSync(guardPath, GUARD_SCRIPT);
+  console.error(`  Created ${guardPath}`);
+  const auditPath = join(hooksDir, "audit.mjs");
+  writeFileSync(auditPath, AUDIT_SCRIPT);
+  console.error(`  Created ${auditPath}`);
+  const settingsPath = resolve2(".claude", "settings.json");
+  let settings = {};
+  if (existsSync2(settingsPath)) {
+    try {
+      settings = JSON.parse(readFileSync2(settingsPath, "utf-8"));
+    } catch {
+    }
+  }
+  settings.hooks = {
+    PreToolUse: [
+      {
+        matcher: ".*",
+        hooks: [
+          {
+            type: "command",
+            command: "node .claude/hooks/guard.mjs",
+            timeout: 5
+          }
+        ]
+      }
+    ],
+    PostToolUse: [
+      {
+        matcher: ".*",
+        hooks: [
+          {
+            type: "command",
+            command: "node .claude/hooks/audit.mjs",
+            timeout: 10,
+            async: true
+          }
+        ]
+      }
+    ]
+  };
+  const envObj = settings.env || {};
+  envObj.SOLONGATE_API_KEY = apiKey;
+  settings.env = envObj;
+  writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + "\n");
+  console.error(`  Created ${settingsPath}`);
+  console.error("");
+  console.error("  Claude Code hooks installed!");
+  console.error("  PreToolUse  \u2192 guard.mjs  (blocks dangerous calls)");
+  console.error("  PostToolUse \u2192 audit.mjs  (logs all calls to dashboard)");
+}
 function ensureEnvFile() {
   const envPath = resolve2(".env");
   if (!existsSync2(envPath)) {
@@ -281,14 +328,34 @@ async function main() {
     process.exit(0);
   }
   console.error("");
-  console.error(`  Policy: ${options.policy}`);
+  let apiKey = options.apiKey || process.env.SOLONGATE_API_KEY || "";
+  if (!apiKey) {
+    const envPath = resolve2(".env");
+    if (existsSync2(envPath)) {
+      const envContent = readFileSync2(envPath, "utf-8");
+      const match = envContent.match(/^SOLONGATE_API_KEY=(sg_(?:live|test)_\w+)/m);
+      if (match) apiKey = match[1];
+    }
+  }
+  if (!apiKey || apiKey === "sg_live_your_key_here") {
+    apiKey = await prompt("  Enter your SolonGate API key (from https://dashboard.solongate.com): ");
+    if (!apiKey) {
+      console.error("  API key is required. Get one at https://dashboard.solongate.com");
+      process.exit(1);
+    }
+  }
+  if (!apiKey.startsWith("sg_live_") && !apiKey.startsWith("sg_test_")) {
+    console.error("  Invalid API key format. Must start with sg_live_ or sg_test_");
+    process.exit(1);
+  }
+  console.error(`  Policy:  ${options.policy}`);
+  console.error(`  API Key: ${apiKey.slice(0, 12)}...${apiKey.slice(-4)}`);
   console.error(`  Protecting: ${toProtect.join(", ")}`);
   console.error("");
-  const proxyPath = findProxyPath();
   const newConfig = { mcpServers: {} };
   for (const name of serverNames) {
     if (toProtect.includes(name)) {
-      newConfig.mcpServers[name] = wrapServer(config.mcpServers[name], options.policy, proxyPath);
+      newConfig.mcpServers[name] = wrapServer(config.mcpServers[name], options.policy, apiKey);
     } else {
       newConfig.mcpServers[name] = config.mcpServers[name];
     }
@@ -313,22 +380,12 @@ async function main() {
   }
   console.error("  Config updated!");
   console.error("");
-  console.error("  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510");
-  console.error("  \u2502  Your MCP servers are now protected by          \u2502");
-  console.error("  \u2502  SolonGate security policies.                   \u2502");
-  console.error("  \u2502                                                 \u2502");
-  console.error("  \u2502  Next steps:                                    \u2502");
-  console.error("  \u2502  1. Replace sg_live_YOUR_KEY_HERE in your       \u2502");
-  console.error("  \u2502     config with your real API key from          \u2502");
-  console.error("  \u2502     https://solongate.com                       \u2502");
-  console.error("  \u2502  2. Restart your MCP client (Claude Code        \u2502");
-  console.error("  \u2502     or Claude Desktop) to apply changes.        \u2502");
-  console.error("  \u2502                                                 \u2502");
-  console.error("  \u2502  To undo: solongate-init --restore              \u2502");
-  console.error("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518");
+  installClaudeCodeHooks(apiKey);
   console.error("");
   ensureEnvFile();
   console.error("");
+  console.error("  \u2500\u2500 Summary \u2500\u2500");
+  console.error("");
   for (const name of toProtect) {
     console.error(`  \u2713 ${name} \u2014 protected (${options.policy})`);
   }
@@ -339,8 +396,20 @@ async function main() {
     console.error(`  \u25CB ${name} \u2014 skipped`);
   }
   console.error("");
+  console.error("  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510");
+  console.error("  \u2502  Setup complete!                                \u2502");
+  console.error("  \u2502                                                 \u2502");
+  console.error("  \u2502  MCP tools \u2192 Proxy audit logging                \u2502");
+  console.error("  \u2502  Built-in tools \u2192 Hook audit logging            \u2502");
+  console.error("  \u2502                                                 \u2502");
+  console.error("  \u2502  View logs: https://dashboard.solongate.com     \u2502");
+  console.error("  \u2502  To undo: solongate-init --restore              \u2502");
+  console.error("  \u2502                                                 \u2502");
+  console.error("  \u2502  Restart your MCP client to apply changes.      \u2502");
+  console.error("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518");
+  console.error("");
 }
-var POLICY_PRESETS, SEARCH_PATHS, CLAUDE_DESKTOP_PATHS;
+var POLICY_PRESETS, SEARCH_PATHS, CLAUDE_DESKTOP_PATHS, GUARD_SCRIPT, AUDIT_SCRIPT;
 var init_init = __esm({
   "src/init.ts"() {
     "use strict";
@@ -351,6 +420,192 @@ var init_init = __esm({
       ".claude/mcp.json"
     ];
     CLAUDE_DESKTOP_PATHS = process.platform === "win32" ? [join(process.env["APPDATA"] ?? "", "Claude", "claude_desktop_config.json")] : process.platform === "darwin" ? [join(process.env["HOME"] ?? "", "Library", "Application Support", "Claude", "claude_desktop_config.json")] : [join(process.env["HOME"] ?? "", ".config", "claude", "claude_desktop_config.json")];
+    GUARD_SCRIPT = `#!/usr/bin/env node
+/**
+ * SolonGate Guard Hook for Claude Code (PreToolUse)
+ * Blocks dangerous tool calls BEFORE they execute.
+ * Exit code 2 = BLOCK, exit code 0 = ALLOW.
+ * Auto-installed by: npx @solongate/proxy init
+ */
+
+const API_KEY = process.env.SOLONGATE_API_KEY || '';
+const API_URL = process.env.SOLONGATE_API_URL || 'https://api.solongate.com';
+
+// \u2500\u2500 Input Guard Patterns \u2500\u2500
+const PATH_TRAVERSAL = [
+  /\\.\\.\\//,  /\\\\.\\.\\\\\\\\/,  /%2e%2e/i,  /%2e\\./i,  /\\.%2e/i,  /%252e%252e/i,
+];
+const SENSITIVE_PATHS = [
+  /\\/etc\\/passwd/i, /\\/etc\\/shadow/i, /\\/proc\\//i,
+  /c:\\\\windows\\\\system32/i, /\\.env(\\.|$)/i,
+  /\\.aws\\/credentials/i, /\\.ssh\\/id_/i, /\\.kube\\/config/i,
+  /\\.git\\/config/i, /\\.npmrc/i, /\\.pypirc/i,
+];
+const SHELL_INJECTION = [
+  /\\$\\(/, /\\$\\{/, /\\\`/, /\\beval\\b/i, /\\bexec\\b/i, /\\bsystem\\b/i,
+  /%0a/i, /%0d/i,
+];
+const SSRF = [
+  /^https?:\\/\\/localhost\\b/i, /^https?:\\/\\/127\\./, /^https?:\\/\\/0\\.0\\.0\\.0/,
+  /^https?:\\/\\/10\\./, /^https?:\\/\\/172\\.(1[6-9]|2\\d|3[01])\\./,
+  /^https?:\\/\\/192\\.168\\./, /^https?:\\/\\/169\\.254\\./,
+  /metadata\\.google\\.internal/i,
+];
+const SQL_INJECTION = [
+  /'\\s{0,20}(OR|AND)\\s{0,20}'.{0,200}'/i,
+  /'\\s{0,10};\\s{0,10}(DROP|DELETE|UPDATE|INSERT|ALTER|CREATE|EXEC)/i,
+  /UNION\\s+(ALL\\s+)?SELECT/i, /\\bSLEEP\\s*\\(/i, /\\bWAITFOR\\s+DELAY/i,
+];
+
+// Dangerous command patterns for Bash tool
+const DANGEROUS_COMMANDS = [
+  /\\brm\\s+(-[a-zA-Z]*f|-[a-zA-Z]*r|--force|--recursive)/i,
+  /\\brm\\s+-rf\\b/i,
+  /\\bmkfs\\b/i, /\\bdd\\s+if=/i,
+  /\\b(shutdown|reboot|halt|poweroff)\\b/i,
+  /\\bchmod\\s+777\\b/,
+  /\\bcurl\\b.{0,200}\\|\\s*(sh|bash)\\b/i,
+  /\\bwget\\b.{0,200}\\|\\s*(sh|bash)\\b/i,
+  /\\bnc\\s+-[a-z]*l/i,  // netcat listener
+  />(\\s*)\\/dev\\/sd/,   // writing to raw disk
+  /\\bgit\\s+push\\s+.*--force\\b/i,
+  /\\bgit\\s+reset\\s+--hard\\b/i,
+];
+
+function checkValue(val) {
+  if (typeof val !== 'string' || val.length < 2) return null;
+  for (const p of PATH_TRAVERSAL) if (p.test(val)) return 'Path traversal detected';
+  for (const p of SENSITIVE_PATHS) if (p.test(val)) return 'Sensitive file access blocked';
+  for (const p of SSRF) if (p.test(val)) return 'SSRF attempt blocked';
+  for (const p of SQL_INJECTION) if (p.test(val)) return 'SQL injection detected';
+  if (val.length > 10000) return 'Input too long (max 10000 chars)';
+  return null;
+}
+
+function checkBashCommand(cmd) {
+  if (typeof cmd !== 'string') return null;
+  for (const p of DANGEROUS_COMMANDS) if (p.test(cmd)) return 'Dangerous command blocked: ' + cmd.slice(0, 80);
+  for (const p of SHELL_INJECTION) if (p.test(cmd)) return null; // shell injection is normal for Bash
+  return null;
+}
+
+let input = '';
+process.stdin.on('data', c => input += c);
+process.stdin.on('end', async () => {
+  try {
+    const data = JSON.parse(input);
+    const tool = data.tool_name || '';
+    const args = data.tool_input || {};
+    const start = Date.now();
+
+    let threat = null;
+
+    // Check Bash commands for dangerous patterns
+    if (tool === 'Bash' && args.command) {
+      threat = checkBashCommand(args.command);
+    }
+
+    // Check all string arguments for injection patterns
+    if (!threat) {
+      for (const [key, val] of Object.entries(args)) {
+        if (tool === 'Bash' && key === 'command') continue; // already checked
+        threat = checkValue(val);
+        if (threat) { threat = threat + ' (in ' + key + ')'; break; }
+        // Check nested strings
+        if (typeof val === 'object' && val) {
+          for (const v of Object.values(val)) {
+            threat = checkValue(v);
+            if (threat) { threat = threat + ' (in ' + key + ')'; break; }
+          }
+          if (threat) break;
+        }
+      }
+    }
+
+    const ms = Date.now() - start;
+
+    if (threat) {
+      // Send DENY audit log
+      if (API_KEY && API_KEY.startsWith('sg_live_')) {
+        fetch(API_URL + '/api/v1/audit-logs', {
+          method: 'POST',
+          headers: { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' },
+          body: JSON.stringify({
+            tool, arguments: Object.fromEntries(Object.entries(args).map(([k,v]) =>
+              [k, typeof v === 'string' && v.length > 200 ? v.slice(0,200)+'...' : v])),
+            decision: 'DENY', reason: threat, source: 'claude-code-guard',
+            evaluationTimeMs: ms,
+          }),
+          signal: AbortSignal.timeout(5000),
+        }).catch(() => {});
+      }
+      // Exit 2 = BLOCK. Message printed to stdout is shown to user.
+      process.stdout.write('SolonGate BLOCKED: ' + threat);
+      process.exit(2);
+    }
+  } catch {
+    // On error, allow (fail-open)
+  }
+  process.exit(0);
+});
+`;
+    AUDIT_SCRIPT = `#!/usr/bin/env node
+/**
+ * SolonGate Audit Hook for Claude Code (PostToolUse)
+ * Logs ALL tool calls to SolonGate Cloud after execution.
+ * Auto-installed by: npx @solongate/proxy init
+ */
+
+const API_KEY = process.env.SOLONGATE_API_KEY || '';
+const API_URL = process.env.SOLONGATE_API_URL || 'https://api.solongate.com';
+
+if (!API_KEY || !API_KEY.startsWith('sg_live_')) process.exit(0);
+
+let input = '';
+process.stdin.on('data', c => input += c);
+process.stdin.on('end', async () => {
+  try {
+    const data = JSON.parse(input);
+    const toolName = data.tool_name || 'unknown';
+    const toolInput = data.tool_input || {};
+
+    if (toolName === 'Bash' && JSON.stringify(toolInput).includes('audit-logs')) {
+      process.exit(0);
+    }
+
+    const hasError = data.tool_response?.error ||
+      data.tool_response?.exitCode > 0 ||
+      data.tool_response?.isError;
+
+    const argsSummary = {};
+    for (const [k, v] of Object.entries(toolInput)) {
+      argsSummary[k] = typeof v === 'string' && v.length > 200
+        ? v.slice(0, 200) + '...'
+        : v;
+    }
+
+    await fetch(\`\${API_URL}/api/v1/audit-logs\`, {
+      method: 'POST',
+      headers: {
+        'Authorization': \`Bearer \${API_KEY}\`,
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({
+        tool: toolName,
+        arguments: argsSummary,
+        decision: hasError ? 'DENY' : 'ALLOW',
+        reason: hasError ? 'tool returned error' : 'allowed',
+        source: 'claude-code-hook',
+        evaluationTimeMs: 0,
+      }),
+      signal: AbortSignal.timeout(5000),
+    });
+  } catch {
+    // Silent
+  }
+  process.exit(0);
+});
+`;
     main().catch((err) => {
       console.error(`Fatal: ${err instanceof Error ? err.message : String(err)}`);
       process.exit(1);
@@ -732,7 +987,7 @@ var init_inject = __esm({
 
 // src/create.ts
 var create_exports = {};
-import { mkdirSync, writeFileSync as writeFileSync3, existsSync as existsSync4 } from "fs";
+import { mkdirSync as mkdirSync2, writeFileSync as writeFileSync3, existsSync as existsSync4 } from "fs";
 import { resolve as resolve4, join as join2 } from "path";
 import { execSync as execSync2 } from "child_process";
 function log3(msg) {
@@ -884,7 +1139,7 @@ function createProject(dir, name, _policy) {
       2
     ) + "\n"
   );
-  mkdirSync(join2(dir, "src"), { recursive: true });
+  mkdirSync2(join2(dir, "src"), { recursive: true });
   writeFileSync3(
     join2(dir, "src", "index.ts"),
     `#!/usr/bin/env node
@@ -973,7 +1228,7 @@ async function main3() {
     process.exit(1);
   }
   withSpinner(`Setting up ${opts.name}...`, () => {
-    mkdirSync(dir, { recursive: true });
+    mkdirSync2(dir, { recursive: true });
     createProject(dir, opts.name, opts.policy);
   });
   if (!opts.noInstall) {

package/dist/init.js

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 
 // src/init.ts
-import { readFileSync, writeFileSync, existsSync, copyFileSync } from "fs";
-import { resolve, join, dirname } from "path";
+import { readFileSync, writeFileSync, existsSync, copyFileSync, mkdirSync } from "fs";
+import { resolve, join } from "path";
 import { createInterface } from "readline";
 var POLICY_PRESETS = ["restricted", "read-only", "permissive", "deny-all"];
 var SEARCH_PATHS = [
@@ -11,17 +11,6 @@ var SEARCH_PATHS = [
   ".claude/mcp.json"
 ];
 var CLAUDE_DESKTOP_PATHS = process.platform === "win32" ? [join(process.env["APPDATA"] ?? "", "Claude", "claude_desktop_config.json")] : process.platform === "darwin" ? [join(process.env["HOME"] ?? "", "Library", "Application Support", "Claude", "claude_desktop_config.json")] : [join(process.env["HOME"] ?? "", ".config", "claude", "claude_desktop_config.json")];
-function findProxyPath() {
-  const candidates = [
-    resolve(dirname(new URL(import.meta.url).pathname.replace(/^\/([A-Z]:)/, "$1")), "index.js"),
-    resolve("node_modules", "@solongate", "proxy", "dist", "index.js"),
-    resolve("packages", "proxy", "dist", "index.js")
-  ];
-  for (const p of candidates) {
-    if (existsSync(p)) return p.replace(/\\/g, "/");
-  }
-  return "solongate-proxy";
-}
 function findConfigFile(explicitPath) {
   if (explicitPath) {
     if (existsSync(explicitPath)) {
@@ -48,11 +37,14 @@ function isAlreadyProtected(server) {
   const cmdStr = [server.command, ...server.args ?? []].join(" ");
   return cmdStr.includes("solongate") || cmdStr.includes("solongate-proxy");
 }
-function wrapServer(server, policy, proxyPath) {
+function wrapServer(server, policy, apiKey) {
   return {
-    command: "node",
+    command: "npx",
     args: [
-      proxyPath,
+      "-y",
+      "@solongate/proxy",
+      "--api-key",
+      apiKey,
       "--policy",
       policy,
       "--verbose",
@@ -60,10 +52,7 @@ function wrapServer(server, policy, proxyPath) {
       server.command,
       ...server.args ?? []
     ],
-    env: {
-      ...server.env,
-      SOLONGATE_API_KEY: server.env?.SOLONGATE_API_KEY ?? "sg_live_YOUR_KEY_HERE"
-    }
+    ...server.env ? { env: server.env } : {}
   };
 }
 async function prompt(question) {
@@ -91,6 +80,9 @@ function parseInitArgs(argv) {
       case "--policy":
         options.policy = args[++i];
         break;
+      case "--api-key":
+        options.apiKey = args[++i];
+        break;
       case "--all":
         options.all = true;
         break;
@@ -126,13 +118,14 @@ OPTIONS
   --config <path>     Path to MCP config file (default: auto-detect)
   --policy <preset>   Policy preset or JSON file (default: restricted)
                       Presets: ${POLICY_PRESETS.join(", ")}
+  --api-key <key>     SolonGate API key (sg_live_... or sg_test_...)
   --all               Protect all servers without prompting
   --dry-run           Preview changes without writing
   --restore           Restore original config from backup
   -h, --help          Show this help message
 
 EXAMPLES
-  solongate-init                          # Interactive setup
+  solongate-init --api-key sg_live_xxx    # Setup with API key
   solongate-init --all                    # Protect everything
   solongate-init --policy read-only       # Use read-only policy
   solongate-init --dry-run                # Preview changes
@@ -146,6 +139,246 @@ POLICY PRESETS
 `;
   console.error(help);
 }
+var GUARD_SCRIPT = `#!/usr/bin/env node
+/**
+ * SolonGate Guard Hook for Claude Code (PreToolUse)
+ * Blocks dangerous tool calls BEFORE they execute.
+ * Exit code 2 = BLOCK, exit code 0 = ALLOW.
+ * Auto-installed by: npx @solongate/proxy init
+ */
+
+const API_KEY = process.env.SOLONGATE_API_KEY || '';
+const API_URL = process.env.SOLONGATE_API_URL || 'https://api.solongate.com';
+
+// \u2500\u2500 Input Guard Patterns \u2500\u2500
+const PATH_TRAVERSAL = [
+  /\\.\\.\\//,  /\\\\.\\.\\\\\\\\/,  /%2e%2e/i,  /%2e\\./i,  /\\.%2e/i,  /%252e%252e/i,
+];
+const SENSITIVE_PATHS = [
+  /\\/etc\\/passwd/i, /\\/etc\\/shadow/i, /\\/proc\\//i,
+  /c:\\\\windows\\\\system32/i, /\\.env(\\.|$)/i,
+  /\\.aws\\/credentials/i, /\\.ssh\\/id_/i, /\\.kube\\/config/i,
+  /\\.git\\/config/i, /\\.npmrc/i, /\\.pypirc/i,
+];
+const SHELL_INJECTION = [
+  /\\$\\(/, /\\$\\{/, /\\\`/, /\\beval\\b/i, /\\bexec\\b/i, /\\bsystem\\b/i,
+  /%0a/i, /%0d/i,
+];
+const SSRF = [
+  /^https?:\\/\\/localhost\\b/i, /^https?:\\/\\/127\\./, /^https?:\\/\\/0\\.0\\.0\\.0/,
+  /^https?:\\/\\/10\\./, /^https?:\\/\\/172\\.(1[6-9]|2\\d|3[01])\\./,
+  /^https?:\\/\\/192\\.168\\./, /^https?:\\/\\/169\\.254\\./,
+  /metadata\\.google\\.internal/i,
+];
+const SQL_INJECTION = [
+  /'\\s{0,20}(OR|AND)\\s{0,20}'.{0,200}'/i,
+  /'\\s{0,10};\\s{0,10}(DROP|DELETE|UPDATE|INSERT|ALTER|CREATE|EXEC)/i,
+  /UNION\\s+(ALL\\s+)?SELECT/i, /\\bSLEEP\\s*\\(/i, /\\bWAITFOR\\s+DELAY/i,
+];
+
+// Dangerous command patterns for Bash tool
+const DANGEROUS_COMMANDS = [
+  /\\brm\\s+(-[a-zA-Z]*f|-[a-zA-Z]*r|--force|--recursive)/i,
+  /\\brm\\s+-rf\\b/i,
+  /\\bmkfs\\b/i, /\\bdd\\s+if=/i,
+  /\\b(shutdown|reboot|halt|poweroff)\\b/i,
+  /\\bchmod\\s+777\\b/,
+  /\\bcurl\\b.{0,200}\\|\\s*(sh|bash)\\b/i,
+  /\\bwget\\b.{0,200}\\|\\s*(sh|bash)\\b/i,
+  /\\bnc\\s+-[a-z]*l/i,  // netcat listener
+  />(\\s*)\\/dev\\/sd/,   // writing to raw disk
+  /\\bgit\\s+push\\s+.*--force\\b/i,
+  /\\bgit\\s+reset\\s+--hard\\b/i,
+];
+
+function checkValue(val) {
+  if (typeof val !== 'string' || val.length < 2) return null;
+  for (const p of PATH_TRAVERSAL) if (p.test(val)) return 'Path traversal detected';
+  for (const p of SENSITIVE_PATHS) if (p.test(val)) return 'Sensitive file access blocked';
+  for (const p of SSRF) if (p.test(val)) return 'SSRF attempt blocked';
+  for (const p of SQL_INJECTION) if (p.test(val)) return 'SQL injection detected';
+  if (val.length > 10000) return 'Input too long (max 10000 chars)';
+  return null;
+}
+
+function checkBashCommand(cmd) {
+  if (typeof cmd !== 'string') return null;
+  for (const p of DANGEROUS_COMMANDS) if (p.test(cmd)) return 'Dangerous command blocked: ' + cmd.slice(0, 80);
+  for (const p of SHELL_INJECTION) if (p.test(cmd)) return null; // shell injection is normal for Bash
+  return null;
+}
+
+let input = '';
+process.stdin.on('data', c => input += c);
+process.stdin.on('end', async () => {
+  try {
+    const data = JSON.parse(input);
+    const tool = data.tool_name || '';
+    const args = data.tool_input || {};
+    const start = Date.now();
+
+    let threat = null;
+
+    // Check Bash commands for dangerous patterns
+    if (tool === 'Bash' && args.command) {
+      threat = checkBashCommand(args.command);
+    }
+
+    // Check all string arguments for injection patterns
+    if (!threat) {
+      for (const [key, val] of Object.entries(args)) {
+        if (tool === 'Bash' && key === 'command') continue; // already checked
+        threat = checkValue(val);
+        if (threat) { threat = threat + ' (in ' + key + ')'; break; }
+        // Check nested strings
+        if (typeof val === 'object' && val) {
+          for (const v of Object.values(val)) {
+            threat = checkValue(v);
+            if (threat) { threat = threat + ' (in ' + key + ')'; break; }
+          }
+          if (threat) break;
+        }
+      }
+    }
+
+    const ms = Date.now() - start;
+
+    if (threat) {
+      // Send DENY audit log
+      if (API_KEY && API_KEY.startsWith('sg_live_')) {
+        fetch(API_URL + '/api/v1/audit-logs', {
+          method: 'POST',
+          headers: { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' },
+          body: JSON.stringify({
+            tool, arguments: Object.fromEntries(Object.entries(args).map(([k,v]) =>
+              [k, typeof v === 'string' && v.length > 200 ? v.slice(0,200)+'...' : v])),
+            decision: 'DENY', reason: threat, source: 'claude-code-guard',
+            evaluationTimeMs: ms,
+          }),
+          signal: AbortSignal.timeout(5000),
+        }).catch(() => {});
+      }
+      // Exit 2 = BLOCK. Message printed to stdout is shown to user.
+      process.stdout.write('SolonGate BLOCKED: ' + threat);
+      process.exit(2);
+    }
+  } catch {
+    // On error, allow (fail-open)
+  }
+  process.exit(0);
+});
+`;
+var AUDIT_SCRIPT = `#!/usr/bin/env node
+/**
+ * SolonGate Audit Hook for Claude Code (PostToolUse)
+ * Logs ALL tool calls to SolonGate Cloud after execution.
+ * Auto-installed by: npx @solongate/proxy init
+ */
+
+const API_KEY = process.env.SOLONGATE_API_KEY || '';
+const API_URL = process.env.SOLONGATE_API_URL || 'https://api.solongate.com';
+
+if (!API_KEY || !API_KEY.startsWith('sg_live_')) process.exit(0);
+
+let input = '';
+process.stdin.on('data', c => input += c);
+process.stdin.on('end', async () => {
+  try {
+    const data = JSON.parse(input);
+    const toolName = data.tool_name || 'unknown';
+    const toolInput = data.tool_input || {};
+
+    if (toolName === 'Bash' && JSON.stringify(toolInput).includes('audit-logs')) {
+      process.exit(0);
+    }
+
+    const hasError = data.tool_response?.error ||
+      data.tool_response?.exitCode > 0 ||
+      data.tool_response?.isError;
+
+    const argsSummary = {};
+    for (const [k, v] of Object.entries(toolInput)) {
+      argsSummary[k] = typeof v === 'string' && v.length > 200
+        ? v.slice(0, 200) + '...'
+        : v;
+    }
+
+    await fetch(\`\${API_URL}/api/v1/audit-logs\`, {
+      method: 'POST',
+      headers: {
+        'Authorization': \`Bearer \${API_KEY}\`,
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({
+        tool: toolName,
+        arguments: argsSummary,
+        decision: hasError ? 'DENY' : 'ALLOW',
+        reason: hasError ? 'tool returned error' : 'allowed',
+        source: 'claude-code-hook',
+        evaluationTimeMs: 0,
+      }),
+      signal: AbortSignal.timeout(5000),
+    });
+  } catch {
+    // Silent
+  }
+  process.exit(0);
+});
+`;
+function installClaudeCodeHooks(apiKey) {
+  const hooksDir = resolve(".claude", "hooks");
+  mkdirSync(hooksDir, { recursive: true });
+  const guardPath = join(hooksDir, "guard.mjs");
+  writeFileSync(guardPath, GUARD_SCRIPT);
+  console.error(`  Created ${guardPath}`);
+  const auditPath = join(hooksDir, "audit.mjs");
+  writeFileSync(auditPath, AUDIT_SCRIPT);
+  console.error(`  Created ${auditPath}`);
+  const settingsPath = resolve(".claude", "settings.json");
+  let settings = {};
+  if (existsSync(settingsPath)) {
+    try {
+      settings = JSON.parse(readFileSync(settingsPath, "utf-8"));
+    } catch {
+    }
+  }
+  settings.hooks = {
+    PreToolUse: [
+      {
+        matcher: ".*",
+        hooks: [
+          {
+            type: "command",
+            command: "node .claude/hooks/guard.mjs",
+            timeout: 5
+          }
+        ]
+      }
+    ],
+    PostToolUse: [
+      {
+        matcher: ".*",
+        hooks: [
+          {
+            type: "command",
+            command: "node .claude/hooks/audit.mjs",
+            timeout: 10,
+            async: true
+          }
+        ]
+      }
+    ]
+  };
+  const envObj = settings.env || {};
+  envObj.SOLONGATE_API_KEY = apiKey;
+  settings.env = envObj;
+  writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + "\n");
+  console.error(`  Created ${settingsPath}`);
+  console.error("");
+  console.error("  Claude Code hooks installed!");
+  console.error("  PreToolUse  \u2192 guard.mjs  (blocks dangerous calls)");
+  console.error("  PostToolUse \u2192 audit.mjs  (logs all calls to dashboard)");
+}
 function ensureEnvFile() {
   const envPath = resolve(".env");
   if (!existsSync(envPath)) {
@@ -283,14 +516,34 @@ async function main() {
     process.exit(0);
   }
   console.error("");
-  console.error(`  Policy: ${options.policy}`);
+  let apiKey = options.apiKey || process.env.SOLONGATE_API_KEY || "";
+  if (!apiKey) {
+    const envPath = resolve(".env");
+    if (existsSync(envPath)) {
+      const envContent = readFileSync(envPath, "utf-8");
+      const match = envContent.match(/^SOLONGATE_API_KEY=(sg_(?:live|test)_\w+)/m);
+      if (match) apiKey = match[1];
+    }
+  }
+  if (!apiKey || apiKey === "sg_live_your_key_here") {
+    apiKey = await prompt("  Enter your SolonGate API key (from https://dashboard.solongate.com): ");
+    if (!apiKey) {
+      console.error("  API key is required. Get one at https://dashboard.solongate.com");
+      process.exit(1);
+    }
+  }
+  if (!apiKey.startsWith("sg_live_") && !apiKey.startsWith("sg_test_")) {
+    console.error("  Invalid API key format. Must start with sg_live_ or sg_test_");
+    process.exit(1);
+  }
+  console.error(`  Policy:  ${options.policy}`);
+  console.error(`  API Key: ${apiKey.slice(0, 12)}...${apiKey.slice(-4)}`);
   console.error(`  Protecting: ${toProtect.join(", ")}`);
   console.error("");
-  const proxyPath = findProxyPath();
   const newConfig = { mcpServers: {} };
   for (const name of serverNames) {
     if (toProtect.includes(name)) {
-      newConfig.mcpServers[name] = wrapServer(config.mcpServers[name], options.policy, proxyPath);
+      newConfig.mcpServers[name] = wrapServer(config.mcpServers[name], options.policy, apiKey);
     } else {
       newConfig.mcpServers[name] = config.mcpServers[name];
     }
@@ -315,22 +568,12 @@ async function main() {
   }
   console.error("  Config updated!");
   console.error("");
-  console.error("  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510");
-  console.error("  \u2502  Your MCP servers are now protected by          \u2502");
-  console.error("  \u2502  SolonGate security policies.                   \u2502");
-  console.error("  \u2502                                                 \u2502");
-  console.error("  \u2502  Next steps:                                    \u2502");
-  console.error("  \u2502  1. Replace sg_live_YOUR_KEY_HERE in your       \u2502");
-  console.error("  \u2502     config with your real API key from          \u2502");
-  console.error("  \u2502     https://solongate.com                       \u2502");
-  console.error("  \u2502  2. Restart your MCP client (Claude Code        \u2502");
-  console.error("  \u2502     or Claude Desktop) to apply changes.        \u2502");
-  console.error("  \u2502                                                 \u2502");
-  console.error("  \u2502  To undo: solongate-init --restore              \u2502");
-  console.error("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518");
+  installClaudeCodeHooks(apiKey);
   console.error("");
   ensureEnvFile();
   console.error("");
+  console.error("  \u2500\u2500 Summary \u2500\u2500");
+  console.error("");
   for (const name of toProtect) {
     console.error(`  \u2713 ${name} \u2014 protected (${options.policy})`);
   }
@@ -341,6 +584,18 @@ async function main() {
     console.error(`  \u25CB ${name} \u2014 skipped`);
   }
   console.error("");
+  console.error("  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510");
+  console.error("  \u2502  Setup complete!                                \u2502");
+  console.error("  \u2502                                                 \u2502");
+  console.error("  \u2502  MCP tools \u2192 Proxy audit logging                \u2502");
+  console.error("  \u2502  Built-in tools \u2192 Hook audit logging            \u2502");
+  console.error("  \u2502                                                 \u2502");
+  console.error("  \u2502  View logs: https://dashboard.solongate.com     \u2502");
+  console.error("  \u2502  To undo: solongate-init --restore              \u2502");
+  console.error("  \u2502                                                 \u2502");
+  console.error("  \u2502  Restart your MCP client to apply changes.      \u2502");
+  console.error("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518");
+  console.error("");
 }
 main().catch((err) => {
   console.error(`Fatal: ${err instanceof Error ? err.message : String(err)}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@solongate/proxy",
-  "version": "0.2.1",
+  "version": "0.2.3",
   "description": "MCP security proxy \u00e2\u20ac\u201d protect any MCP server with policies, input validation, rate limiting, and audit logging. Zero code changes required.",
   "type": "module",
   "bin": {