@solongate/proxy 0.22.0 → 0.23.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.js +27 -78
  2. package/dist/init.js +0 -69
  3. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -566,79 +566,10 @@ function installHooks(selectedTools = []) {
566
566
  console.log(` Created ${settingsPath}`);
567
567
  activatedNames.push(client.name);
568
568
  }
569
- const protectedDirs = [".solongate", ...clients.map((c3) => c3.dir)];
570
- try {
571
- if (process.platform === "win32") {
572
- for (const dir of protectedDirs) {
573
- const fullDir = resolve2(dir);
574
- if (existsSync3(fullDir)) {
575
- try {
576
- try {
577
- execSync(`powershell.exe -Command "icacls '${fullDir}' /remove:d '*S-1-1-0' /T /Q"`, { stdio: "ignore" });
578
- } catch {
579
- }
580
- try {
581
- execSync(`powershell.exe -Command "icacls '${fullDir}' /deny '*S-1-1-0:(OI)(CI)(DE,DC,WD,AD,WA)' /T /Q"`, { stdio: "ignore" });
582
- } catch {
583
- }
584
- execSync(`attrib +R /S /D "${fullDir}"`, { stdio: "ignore" });
585
- } catch {
586
- }
587
- }
588
- }
589
- } else {
590
- for (const dir of protectedDirs) {
591
- const fullDir = resolve2(dir);
592
- if (existsSync3(fullDir)) {
593
- try {
594
- execSync(`chmod -R a-w "${fullDir}"`, { stdio: "ignore" });
595
- } catch {
596
- }
597
- try {
598
- execSync(`chattr +i -R "${fullDir}"`, { stdio: "ignore" });
599
- } catch {
600
- }
601
- }
602
- }
603
- }
604
- const protectedFiles = [".env", ".gitignore", ".mcp.json", "policy.json"];
605
- for (const file of protectedFiles) {
606
- const fullPath = resolve2(file);
607
- if (existsSync3(fullPath)) {
608
- if (process.platform === "win32") {
609
- try {
610
- execSync(`powershell.exe -Command "icacls '${fullPath}' /remove:d '*S-1-1-0' /Q"`, { stdio: "ignore" });
611
- } catch {
612
- }
613
- try {
614
- execSync(`powershell.exe -Command "icacls '${fullPath}' /deny '*S-1-1-0:(DE,WD,AD,WA)' /Q"`, { stdio: "ignore" });
615
- } catch {
616
- }
617
- try {
618
- execSync(`attrib +R "${fullPath}"`, { stdio: "ignore" });
619
- } catch {
620
- }
621
- } else {
622
- try {
623
- execSync(`chmod a-w "${fullPath}"`, { stdio: "ignore" });
624
- } catch {
625
- }
626
- try {
627
- execSync(`chattr +i "${fullPath}"`, { stdio: "ignore" });
628
- } catch {
629
- }
630
- }
631
- }
632
- }
633
- console.log(" OS-level DENY protection applied (icacls/chmod)");
634
- console.log(" Protected files: .env, .gitignore, .mcp.json, policy.json");
635
- } catch {
636
- }
637
569
  console.log("");
638
570
  console.log(" Hooks installed:");
639
571
  console.log(" guard.mjs \u2192 blocks policy-violating calls (pre-execution)");
640
572
  console.log(" audit.mjs \u2192 logs all calls to dashboard (post-execution)");
641
- console.log(" File system \u2192 read-only (OS-level protection)");
642
573
  console.log(` Activated for: ${activatedNames.join(", ")}`);
643
574
  }
644
575
  function ensureEnvFile() {
@@ -4798,7 +4729,7 @@ var init_stage1_rules2 = __esm3({
4798
4729
  patterns: [
4799
4730
  /\bignore\s+(all\s+)?(previous|prior|above|earlier)\s+(instructions?|prompts?|rules?|directives?)\b/i,
4800
4731
  /\bdisregard\s+(all\s+)?(previous|prior|above|earlier|your)\s+(instructions?|prompts?|rules?|guidelines?)\b/i,
4801
- /\bforget\s+(all\s+)?(your|the|previous|prior)\s+(instructions?|rules?|constraints?|guidelines?)\b/i,
4732
+ /\bforget\s+(all\s+|everything\s+)?(your|the|previous|prior|above|earlier)\b/i,
4802
4733
  /\boverride\s+(the\s+)?(system|previous|current)\s+(prompt|instructions?|rules?|settings?)\b/i,
4803
4734
  /\bdo\s+not\s+follow\s+(your|the|any)\s+(instructions?|rules?|guidelines?)\b/i,
4804
4735
  /\bcancel\s+(all\s+)?(prior|previous)\s+(directives?|instructions?)\b/i,
@@ -4857,13 +4788,13 @@ var init_stage1_rules2 = __esm3({
4857
4788
  name: "multi_language",
4858
4789
  weight: 0.7,
4859
4790
  patterns: [
4860
- /\bignor(iere|a|e[zs]?)\s+(alle|todas?|toutes?|tüm|все)\b/i,
4861
- /\bигнорируйте\b/i,
4862
- /\byoksay\b/i,
4863
- /\bvorherigen?\s+Anweisungen\b/i,
4864
- /\binstrucciones\s+anteriores\b/i,
4865
- /\binstructions?\s+pr[eé]c[eé]dentes?\b/i,
4866
- /\bönceki\s+talimatlar\b/i
4791
+ /ignor(iere|a|e[zs]?)\s+(alle|todas?|toutes?|tüm|все)/iu,
4792
+ /игнорируйте/iu,
4793
+ /yoksay/iu,
4794
+ /vorherigen?\s+Anweisungen/iu,
4795
+ /instrucciones\s+anteriores/iu,
4796
+ /instructions?\s+pr[eé]c[eé]dentes?/iu,
4797
+ /önceki\s+talimatlar/iu
4867
4798
  ]
4868
4799
  }
4869
4800
  ];
@@ -5401,8 +5332,26 @@ var SHELL_INJECTION_PATTERNS = [
5401
5332
  // URL-encoded tab
5402
5333
  /\r\n/,
5403
5334
  // CRLF injection
5404
- /\n/
5335
+ /\n/,
5405
5336
  // Newline (command separator on Unix)
5337
+ /\bbash\s+-c\b/i,
5338
+ // Subshell wrapper: bash -c
5339
+ /\bsh\s+-c\b/i,
5340
+ // Subshell wrapper: sh -c
5341
+ /\bzsh\s+-c\b/i,
5342
+ // Subshell wrapper: zsh -c
5343
+ /\bsource\s+/i,
5344
+ // Source command
5345
+ /\bprintenv\b/i,
5346
+ // Environment variable leak
5347
+ /\$'\\x[0-9a-f]/i,
5348
+ // Hex escape in bash: $'\x72\x6d'
5349
+ /\bxargs\b/i,
5350
+ // xargs chaining
5351
+ /\bbase64\s+-d\b/i,
5352
+ // Base64 decode pipe
5353
+ /\bxxd\s+-r\b/i
5354
+ // Hex decode pipe
5406
5355
  ];
5407
5356
  function detectShellInjection(value) {
5408
5357
  for (const pattern of SHELL_INJECTION_PATTERNS) {
package/dist/init.js CHANGED
@@ -273,79 +273,10 @@ function installHooks(selectedTools = []) {
273
273
  console.log(` Created ${settingsPath}`);
274
274
  activatedNames.push(client.name);
275
275
  }
276
- const protectedDirs = [".solongate", ...clients.map((c) => c.dir)];
277
- try {
278
- if (process.platform === "win32") {
279
- for (const dir of protectedDirs) {
280
- const fullDir = resolve(dir);
281
- if (existsSync(fullDir)) {
282
- try {
283
- try {
284
- execSync(`powershell.exe -Command "icacls '${fullDir}' /remove:d '*S-1-1-0' /T /Q"`, { stdio: "ignore" });
285
- } catch {
286
- }
287
- try {
288
- execSync(`powershell.exe -Command "icacls '${fullDir}' /deny '*S-1-1-0:(OI)(CI)(DE,DC,WD,AD,WA)' /T /Q"`, { stdio: "ignore" });
289
- } catch {
290
- }
291
- execSync(`attrib +R /S /D "${fullDir}"`, { stdio: "ignore" });
292
- } catch {
293
- }
294
- }
295
- }
296
- } else {
297
- for (const dir of protectedDirs) {
298
- const fullDir = resolve(dir);
299
- if (existsSync(fullDir)) {
300
- try {
301
- execSync(`chmod -R a-w "${fullDir}"`, { stdio: "ignore" });
302
- } catch {
303
- }
304
- try {
305
- execSync(`chattr +i -R "${fullDir}"`, { stdio: "ignore" });
306
- } catch {
307
- }
308
- }
309
- }
310
- }
311
- const protectedFiles = [".env", ".gitignore", ".mcp.json", "policy.json"];
312
- for (const file of protectedFiles) {
313
- const fullPath = resolve(file);
314
- if (existsSync(fullPath)) {
315
- if (process.platform === "win32") {
316
- try {
317
- execSync(`powershell.exe -Command "icacls '${fullPath}' /remove:d '*S-1-1-0' /Q"`, { stdio: "ignore" });
318
- } catch {
319
- }
320
- try {
321
- execSync(`powershell.exe -Command "icacls '${fullPath}' /deny '*S-1-1-0:(DE,WD,AD,WA)' /Q"`, { stdio: "ignore" });
322
- } catch {
323
- }
324
- try {
325
- execSync(`attrib +R "${fullPath}"`, { stdio: "ignore" });
326
- } catch {
327
- }
328
- } else {
329
- try {
330
- execSync(`chmod a-w "${fullPath}"`, { stdio: "ignore" });
331
- } catch {
332
- }
333
- try {
334
- execSync(`chattr +i "${fullPath}"`, { stdio: "ignore" });
335
- } catch {
336
- }
337
- }
338
- }
339
- }
340
- console.log(" OS-level DENY protection applied (icacls/chmod)");
341
- console.log(" Protected files: .env, .gitignore, .mcp.json, policy.json");
342
- } catch {
343
- }
344
276
  console.log("");
345
277
  console.log(" Hooks installed:");
346
278
  console.log(" guard.mjs \u2192 blocks policy-violating calls (pre-execution)");
347
279
  console.log(" audit.mjs \u2192 logs all calls to dashboard (post-execution)");
348
- console.log(" File system \u2192 read-only (OS-level protection)");
349
280
  console.log(` Activated for: ${activatedNames.join(", ")}`);
350
281
  }
351
282
  function ensureEnvFile() {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@solongate/proxy",
3
- "version": "0.22.0",
3
+ "version": "0.23.1",
4
4
  "description": "MCP security proxy — protect any MCP server with customizable policies, path/command constraints, rate limiting, and audit logging. Zero code changes required.",
5
5
  "type": "module",
6
6
  "bin": {