@solongate/proxy 0.29.0 → 0.30.0

package/README.md

@@ -1,9 +1,9 @@
 # @solongate/proxy
 
-**MCP Security Proxy** — Protect any MCP server with security policies, input validation, rate limiting, and audit logging. Zero code changes required.
+**AI Tool Security Proxy** — Protect any AI tool server with security policies, input validation, rate limiting, and audit logging. Zero code changes required.
 
 ```
-MCP Client ──(stdio)──> SolonGate Proxy ──(stdio)──> MCP Server
+AI Client ──(stdio)──> SolonGate Proxy ──(stdio)──> Tool Server
                              │
                         [rate limit]
                         [input guard]
@@ -11,19 +11,19 @@ MCP Client ──(stdio)──> SolonGate Proxy ──(stdio)──> MCP Server
                         [audit log]
 ```
 
-**Works with every MCP client:** Claude Code, Claude Desktop, Cursor, Windsurf, Cline, Zed, and any application that supports the Model Context Protocol over stdio.
+**Works with every AI platform:** Claude Code, Claude Desktop, Cursor, Windsurf, Cline, Zed, and any application that uses AI tool calls.
 
 ## Quick Start
 
 ### Automatic Setup
 
-Run this in your project directory (where your `.mcp.json` lives):
+Run this in your project directory:
 
 ```bash
 npx @solongate/proxy init --all
 ```
 
-Restart your MCP client. Done.
+Restart your AI client. Done.
 
 ### Manual Setup
 
@@ -129,9 +129,9 @@ npx @solongate/proxy init --restore
 
 ## Why SolonGate?
 
-MCP servers give AI agents direct access to your system — shell commands, file system, databases, network. A single prompt injection attack can turn your AI assistant into an attacker.
+AI tool servers give AI agents direct access to your system — shell commands, file system, databases, network. A single prompt injection attack can turn your AI assistant into an attacker.
 
-SolonGate sits between the AI client and the MCP server, enforcing security policies on every tool call before it reaches the server.
+SolonGate sits between the AI client and the tool server, enforcing security policies on every tool call before it reaches the server.
 
 Learn more at [solongate.com](https://solongate.com)
 

package/dist/index.js

@@ -461,6 +461,7 @@ var init_cli_utils = __esm({
 var init_exports = {};
 import { readFileSync as readFileSync4, writeFileSync as writeFileSync2, existsSync as existsSync4, mkdirSync as mkdirSync2 } from "fs";
 import { resolve as resolve3, join, dirname as dirname2 } from "path";
+import { homedir } from "os";
 import { fileURLToPath } from "url";
 import { execFileSync } from "child_process";
 import { createInterface } from "readline";
@@ -684,7 +685,7 @@ function unlockProtectedDirs() {
     }
   }
 }
-function installHooks(selectedTools = []) {
+function installHooks(selectedTools = [], wrappedMcpConfig) {
   unlockProtectedDirs();
   const hooksDir = resolve3(".solongate", "hooks");
   mkdirSync2(hooksDir, { recursive: true });
@@ -725,35 +726,25 @@ function installHooks(selectedTools = []) {
   for (const client of clients) {
     const clientDir = resolve3(client.dir);
     mkdirSync2(clientDir, { recursive: true });
-    const settingsPath = join(clientDir, "settings.json");
     const guardCmd = `node .solongate/hooks/guard.mjs ${client.agentId} "${client.agentName}"`;
     const auditCmd = `node .solongate/hooks/audit.mjs ${client.agentId} "${client.agentName}"`;
     const stopCmd = `node .solongate/hooks/stop.mjs ${client.agentId} "${client.agentName}"`;
-    const hookSettings = {
-      PreToolUse: [
-        { matcher: "", hooks: [{ type: "command", command: guardCmd }] }
-      ],
-      PostToolUse: [
-        { matcher: "", hooks: [{ type: "command", command: auditCmd }] }
-      ],
-      Stop: [
-        { matcher: "", hooks: [{ type: "command", command: stopCmd }] }
-      ]
-    };
-    let existing = {};
-    try {
-      existing = JSON.parse(readFileSync4(settingsPath, "utf-8"));
-    } catch {
-    }
-    const merged = { ...existing, hooks: hookSettings };
-    const mergedStr = JSON.stringify(merged, null, 2) + "\n";
-    const existingStr = existsSync4(settingsPath) ? readFileSync4(settingsPath, "utf-8") : "";
-    if (mergedStr === existingStr) {
-      skippedNames.push(client.name);
+    if (client.key === "cursor") {
+      const result = installCursorConfig(clientDir, guardCmd, auditCmd, stopCmd, wrappedMcpConfig);
+      if (result === "skipped") skippedNames.push(client.name);
+      else activatedNames.push(client.name);
+    } else if (client.key === "gemini") {
+      const result = installGeminiConfig(clientDir, guardCmd, auditCmd, stopCmd, wrappedMcpConfig);
+      if (result === "skipped") skippedNames.push(client.name);
+      else activatedNames.push(client.name);
+    } else if (client.key === "openclaw") {
+      const result = installOpenClawConfig(clientDir);
+      if (result === "skipped") skippedNames.push(client.name);
+      else activatedNames.push(client.name);
     } else {
-      writeFileSync2(settingsPath, mergedStr);
-      console.log(`  ${existingStr ? "Updated" : "Created"} ${settingsPath}`);
-      activatedNames.push(client.name);
+      const result = installStandardHookConfig(clientDir, client.name, guardCmd, auditCmd, stopCmd);
+      if (result === "skipped") skippedNames.push(client.name);
+      else activatedNames.push(client.name);
     }
   }
   console.log("");
@@ -768,6 +759,125 @@ function installHooks(selectedTools = []) {
     console.log(`  Already configured: ${skippedNames.join(", ")}`);
   }
 }
+function installStandardHookConfig(clientDir, clientName, guardCmd, auditCmd, stopCmd) {
+  const settingsPath = join(clientDir, "settings.json");
+  const hookSettings = {
+    PreToolUse: [
+      { matcher: "", hooks: [{ type: "command", command: guardCmd }] }
+    ],
+    PostToolUse: [
+      { matcher: "", hooks: [{ type: "command", command: auditCmd }] }
+    ],
+    Stop: [
+      { matcher: "", hooks: [{ type: "command", command: stopCmd }] }
+    ]
+  };
+  let existing = {};
+  try {
+    existing = JSON.parse(readFileSync4(settingsPath, "utf-8"));
+  } catch {
+  }
+  const merged = { ...existing, hooks: hookSettings };
+  const mergedStr = JSON.stringify(merged, null, 2) + "\n";
+  const existingStr = existsSync4(settingsPath) ? readFileSync4(settingsPath, "utf-8") : "";
+  if (mergedStr === existingStr) return "skipped";
+  writeFileSync2(settingsPath, mergedStr);
+  console.log(`  ${existingStr ? "Updated" : "Created"} ${settingsPath}`);
+  return "installed";
+}
+function installCursorConfig(clientDir, guardCmd, auditCmd, _stopCmd, wrappedMcpConfig) {
+  let changed = false;
+  const hookConfig = {
+    preToolUse: [
+      { matcher: "", command: guardCmd, failClosed: true }
+    ],
+    postToolUse: [
+      { matcher: "", command: auditCmd }
+    ]
+  };
+  const hooksContent = JSON.stringify({ version: 1, hooks: hookConfig }, null, 2) + "\n";
+  const userCursorDir = join(homedir(), ".cursor");
+  if (existsSync4(userCursorDir)) {
+    const userHooksPath = join(userCursorDir, "hooks.json");
+    const existingUserHooks = existsSync4(userHooksPath) ? readFileSync4(userHooksPath, "utf-8") : "";
+    if (hooksContent !== existingUserHooks) {
+      writeFileSync2(userHooksPath, hooksContent);
+      console.log(`  ${existingUserHooks ? "Updated" : "Created"} ${userHooksPath} (user-level)`);
+      changed = true;
+    }
+  }
+  const hooksPath = join(clientDir, "hooks.json");
+  const existingHooks = existsSync4(hooksPath) ? readFileSync4(hooksPath, "utf-8") : "";
+  if (hooksContent !== existingHooks) {
+    writeFileSync2(hooksPath, hooksContent);
+    console.log(`  ${existingHooks ? "Updated" : "Created"} ${hooksPath}`);
+    changed = true;
+  }
+  if (wrappedMcpConfig) {
+    const mcpPath = join(clientDir, "mcp.json");
+    const mcpStr = JSON.stringify(wrappedMcpConfig, null, 2) + "\n";
+    const existingMcp = existsSync4(mcpPath) ? readFileSync4(mcpPath, "utf-8") : "";
+    if (mcpStr !== existingMcp) {
+      writeFileSync2(mcpPath, mcpStr);
+      console.log(`  ${existingMcp ? "Updated" : "Created"} ${mcpPath}`);
+      changed = true;
+    }
+  }
+  const staleSettings = join(clientDir, "settings.json");
+  if (existsSync4(staleSettings)) {
+    try {
+      const content = JSON.parse(readFileSync4(staleSettings, "utf-8"));
+      if (content.hooks?.PreToolUse || content.hooks?.PostToolUse) {
+        writeFileSync2(staleSettings, JSON.stringify({}, null, 2) + "\n");
+        console.log(`  Cleaned stale ${staleSettings} (had wrong hook format)`);
+        changed = true;
+      }
+    } catch {
+    }
+  }
+  return changed ? "installed" : "skipped";
+}
+function installGeminiConfig(clientDir, guardCmd, auditCmd, _stopCmd, wrappedMcpConfig) {
+  const settingsPath = join(clientDir, "settings.json");
+  let existing = {};
+  try {
+    existing = JSON.parse(readFileSync4(settingsPath, "utf-8"));
+  } catch {
+  }
+  const merged = { ...existing };
+  if (wrappedMcpConfig) {
+    merged.mcpServers = wrappedMcpConfig.mcpServers;
+  }
+  merged.hooks = {
+    BeforeTool: [
+      { matcher: ".*", command: guardCmd }
+    ],
+    AfterTool: [
+      { matcher: ".*", command: auditCmd }
+    ]
+  };
+  const mergedStr = JSON.stringify(merged, null, 2) + "\n";
+  const existingStr = existsSync4(settingsPath) ? readFileSync4(settingsPath, "utf-8") : "";
+  if (mergedStr === existingStr) return "skipped";
+  writeFileSync2(settingsPath, mergedStr);
+  console.log(`  ${existingStr ? "Updated" : "Created"} ${settingsPath}`);
+  return "installed";
+}
+function installOpenClawConfig(clientDir) {
+  const yamlPath = resolve3("openclaw.yaml");
+  const pluginLine = "@solongate/openclaw-plugin";
+  if (existsSync4(yamlPath)) {
+    const content = readFileSync4(yamlPath, "utf-8");
+    if (content.includes(pluginLine)) {
+      return "skipped";
+    }
+  }
+  console.log(`  OpenClaw uses plugins, not hooks. Add to your openclaw.yaml:`);
+  console.log(`    plugins:`);
+  console.log(`      - "${pluginLine}"`);
+  console.log(`    Then: npm install ${pluginLine}`);
+  return "installed";
+}
 function ensureEnvFile() {
   let envChanged = false;
   let gitignoreChanged = false;
@@ -918,7 +1028,7 @@ async function main() {
     console.log("  All servers are already protected by SolonGate!");
     ensureEnvFile();
     console.log("");
-    installHooks(options.tools);
+    installHooks(options.tools, config);
     process.exit(0);
   }
   if (!options.all) {
@@ -1021,7 +1131,7 @@ async function main() {
   startSpinner("Installing hooks...");
   await sleep(300);
   stopSpinner("\u2713 Hooks");
-  installHooks(options.tools);
+  installHooks(options.tools, newConfig);
   console.log("");
   const allUpToDate = toProtect.length === 0 && alreadyProtected.length === serverNames.length;
   console.log("  \u2500\u2500 Summary \u2500\u2500");

package/dist/init.js

@@ -3,6 +3,7 @@
 // src/init.ts
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
 import { resolve, join, dirname } from "path";
+import { homedir } from "os";
 import { fileURLToPath } from "url";
 import { execFileSync } from "child_process";
 import { createInterface } from "readline";
@@ -270,7 +271,7 @@ function unlockProtectedDirs() {
     }
   }
 }
-function installHooks(selectedTools = []) {
+function installHooks(selectedTools = [], wrappedMcpConfig) {
   unlockProtectedDirs();
   const hooksDir = resolve(".solongate", "hooks");
   mkdirSync(hooksDir, { recursive: true });
@@ -311,35 +312,25 @@ function installHooks(selectedTools = []) {
   for (const client of clients) {
     const clientDir = resolve(client.dir);
     mkdirSync(clientDir, { recursive: true });
-    const settingsPath = join(clientDir, "settings.json");
     const guardCmd = `node .solongate/hooks/guard.mjs ${client.agentId} "${client.agentName}"`;
     const auditCmd = `node .solongate/hooks/audit.mjs ${client.agentId} "${client.agentName}"`;
     const stopCmd = `node .solongate/hooks/stop.mjs ${client.agentId} "${client.agentName}"`;
-    const hookSettings = {
-      PreToolUse: [
-        { matcher: "", hooks: [{ type: "command", command: guardCmd }] }
-      ],
-      PostToolUse: [
-        { matcher: "", hooks: [{ type: "command", command: auditCmd }] }
-      ],
-      Stop: [
-        { matcher: "", hooks: [{ type: "command", command: stopCmd }] }
-      ]
-    };
-    let existing = {};
-    try {
-      existing = JSON.parse(readFileSync(settingsPath, "utf-8"));
-    } catch {
-    }
-    const merged = { ...existing, hooks: hookSettings };
-    const mergedStr = JSON.stringify(merged, null, 2) + "\n";
-    const existingStr = existsSync(settingsPath) ? readFileSync(settingsPath, "utf-8") : "";
-    if (mergedStr === existingStr) {
-      skippedNames.push(client.name);
+    if (client.key === "cursor") {
+      const result = installCursorConfig(clientDir, guardCmd, auditCmd, stopCmd, wrappedMcpConfig);
+      if (result === "skipped") skippedNames.push(client.name);
+      else activatedNames.push(client.name);
+    } else if (client.key === "gemini") {
+      const result = installGeminiConfig(clientDir, guardCmd, auditCmd, stopCmd, wrappedMcpConfig);
+      if (result === "skipped") skippedNames.push(client.name);
+      else activatedNames.push(client.name);
+    } else if (client.key === "openclaw") {
+      const result = installOpenClawConfig(clientDir);
+      if (result === "skipped") skippedNames.push(client.name);
+      else activatedNames.push(client.name);
     } else {
-      writeFileSync(settingsPath, mergedStr);
-      console.log(`  ${existingStr ? "Updated" : "Created"} ${settingsPath}`);
-      activatedNames.push(client.name);
+      const result = installStandardHookConfig(clientDir, client.name, guardCmd, auditCmd, stopCmd);
+      if (result === "skipped") skippedNames.push(client.name);
+      else activatedNames.push(client.name);
     }
   }
   console.log("");
@@ -354,6 +345,125 @@ function installHooks(selectedTools = []) {
     console.log(`  Already configured: ${skippedNames.join(", ")}`);
   }
 }
+function installStandardHookConfig(clientDir, clientName, guardCmd, auditCmd, stopCmd) {
+  const settingsPath = join(clientDir, "settings.json");
+  const hookSettings = {
+    PreToolUse: [
+      { matcher: "", hooks: [{ type: "command", command: guardCmd }] }
+    ],
+    PostToolUse: [
+      { matcher: "", hooks: [{ type: "command", command: auditCmd }] }
+    ],
+    Stop: [
+      { matcher: "", hooks: [{ type: "command", command: stopCmd }] }
+    ]
+  };
+  let existing = {};
+  try {
+    existing = JSON.parse(readFileSync(settingsPath, "utf-8"));
+  } catch {
+  }
+  const merged = { ...existing, hooks: hookSettings };
+  const mergedStr = JSON.stringify(merged, null, 2) + "\n";
+  const existingStr = existsSync(settingsPath) ? readFileSync(settingsPath, "utf-8") : "";
+  if (mergedStr === existingStr) return "skipped";
+  writeFileSync(settingsPath, mergedStr);
+  console.log(`  ${existingStr ? "Updated" : "Created"} ${settingsPath}`);
+  return "installed";
+}
+function installCursorConfig(clientDir, guardCmd, auditCmd, _stopCmd, wrappedMcpConfig) {
+  let changed = false;
+  const hookConfig = {
+    preToolUse: [
+      { matcher: "", command: guardCmd, failClosed: true }
+    ],
+    postToolUse: [
+      { matcher: "", command: auditCmd }
+    ]
+  };
+  const hooksContent = JSON.stringify({ version: 1, hooks: hookConfig }, null, 2) + "\n";
+  const userCursorDir = join(homedir(), ".cursor");
+  if (existsSync(userCursorDir)) {
+    const userHooksPath = join(userCursorDir, "hooks.json");
+    const existingUserHooks = existsSync(userHooksPath) ? readFileSync(userHooksPath, "utf-8") : "";
+    if (hooksContent !== existingUserHooks) {
+      writeFileSync(userHooksPath, hooksContent);
+      console.log(`  ${existingUserHooks ? "Updated" : "Created"} ${userHooksPath} (user-level)`);
+      changed = true;
+    }
+  }
+  const hooksPath = join(clientDir, "hooks.json");
+  const existingHooks = existsSync(hooksPath) ? readFileSync(hooksPath, "utf-8") : "";
+  if (hooksContent !== existingHooks) {
+    writeFileSync(hooksPath, hooksContent);
+    console.log(`  ${existingHooks ? "Updated" : "Created"} ${hooksPath}`);
+    changed = true;
+  }
+  if (wrappedMcpConfig) {
+    const mcpPath = join(clientDir, "mcp.json");
+    const mcpStr = JSON.stringify(wrappedMcpConfig, null, 2) + "\n";
+    const existingMcp = existsSync(mcpPath) ? readFileSync(mcpPath, "utf-8") : "";
+    if (mcpStr !== existingMcp) {
+      writeFileSync(mcpPath, mcpStr);
+      console.log(`  ${existingMcp ? "Updated" : "Created"} ${mcpPath}`);
+      changed = true;
+    }
+  }
+  const staleSettings = join(clientDir, "settings.json");
+  if (existsSync(staleSettings)) {
+    try {
+      const content = JSON.parse(readFileSync(staleSettings, "utf-8"));
+      if (content.hooks?.PreToolUse || content.hooks?.PostToolUse) {
+        writeFileSync(staleSettings, JSON.stringify({}, null, 2) + "\n");
+        console.log(`  Cleaned stale ${staleSettings} (had wrong hook format)`);
+        changed = true;
+      }
+    } catch {
+    }
+  }
+  return changed ? "installed" : "skipped";
+}
+function installGeminiConfig(clientDir, guardCmd, auditCmd, _stopCmd, wrappedMcpConfig) {
+  const settingsPath = join(clientDir, "settings.json");
+  let existing = {};
+  try {
+    existing = JSON.parse(readFileSync(settingsPath, "utf-8"));
+  } catch {
+  }
+  const merged = { ...existing };
+  if (wrappedMcpConfig) {
+    merged.mcpServers = wrappedMcpConfig.mcpServers;
+  }
+  merged.hooks = {
+    BeforeTool: [
+      { matcher: ".*", command: guardCmd }
+    ],
+    AfterTool: [
+      { matcher: ".*", command: auditCmd }
+    ]
+  };
+  const mergedStr = JSON.stringify(merged, null, 2) + "\n";
+  const existingStr = existsSync(settingsPath) ? readFileSync(settingsPath, "utf-8") : "";
+  if (mergedStr === existingStr) return "skipped";
+  writeFileSync(settingsPath, mergedStr);
+  console.log(`  ${existingStr ? "Updated" : "Created"} ${settingsPath}`);
+  return "installed";
+}
+function installOpenClawConfig(clientDir) {
+  const yamlPath = resolve("openclaw.yaml");
+  const pluginLine = "@solongate/openclaw-plugin";
+  if (existsSync(yamlPath)) {
+    const content = readFileSync(yamlPath, "utf-8");
+    if (content.includes(pluginLine)) {
+      return "skipped";
+    }
+  }
+  console.log(`  OpenClaw uses plugins, not hooks. Add to your openclaw.yaml:`);
+  console.log(`    plugins:`);
+  console.log(`      - "${pluginLine}"`);
+  console.log(`    Then: npm install ${pluginLine}`);
+  return "installed";
+}
 function ensureEnvFile() {
   let envChanged = false;
   let gitignoreChanged = false;
@@ -504,7 +614,7 @@ async function main() {
     console.log("  All servers are already protected by SolonGate!");
     ensureEnvFile();
     console.log("");
-    installHooks(options.tools);
+    installHooks(options.tools, config);
     process.exit(0);
   }
   if (!options.all) {
@@ -607,7 +717,7 @@ async function main() {
   startSpinner("Installing hooks...");
   await sleep(300);
   stopSpinner("\u2713 Hooks");
-  installHooks(options.tools);
+  installHooks(options.tools, newConfig);
   console.log("");
   const allUpToDate = toProtect.length === 0 && alreadyProtected.length === serverNames.length;
   console.log("  \u2500\u2500 Summary \u2500\u2500");

package/hooks/audit.mjs

@@ -26,8 +26,9 @@ const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
 const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
 
 // Agent identity from CLI args: node audit.mjs <agent_id> <agent_name>
-const AGENT_ID = process.argv[2] || 'claude-code';
-const AGENT_NAME = process.argv[3] || 'Claude Code';
+// Can be overridden at runtime when stdin contains cursor_version or gemini_version
+let AGENT_ID = process.argv[2] || 'claude-code';
+let AGENT_NAME = process.argv[3] || 'Claude Code';
 
 if (!API_KEY || !API_KEY.startsWith('sg_live_')) process.exit(0);
 
@@ -36,16 +37,46 @@ process.stdin.on('data', c => input += c);
 process.stdin.on('end', async () => {
   try {
     const data = JSON.parse(input);
-    const toolName = data.tool_name || 'unknown';
-    const toolInput = data.tool_input || {};
+
+    // Auto-detect agent from stdin data (overrides CLI args if detected)
+    if (data.cursor_version) {
+      AGENT_ID = 'cursor';
+      AGENT_NAME = 'Cursor';
+    } else if (data.gemini_version) {
+      AGENT_ID = 'gemini-cli';
+      AGENT_NAME = 'Gemini CLI';
+    }
+
+    // Normalize field names across tools (Claude: tool_name, others may use toolName)
+    const toolName = data.tool_name || data.toolName || 'unknown';
+    const toolInput = data.tool_input || data.toolInput || data.params || {};
 
     if (toolName === 'Bash' && JSON.stringify(toolInput).includes('audit-logs')) {
       process.exit(0);
     }
 
-    const hasError = data.tool_response?.error ||
-      data.tool_response?.exitCode > 0 ||
-      data.tool_response?.isError;
+    // Check if guard.mjs already logged a DENY for this tool (avoid duplicate ALLOW after DENY)
+    let guardDenied = false;
+    try {
+      const denyFlagPath = resolve('.solongate', '.last-deny');
+      if (existsSync(denyFlagPath)) {
+        const flag = JSON.parse(readFileSync(denyFlagPath, 'utf-8'));
+        // If deny was recent (< 10s) and same tool, this postToolUse is a duplicate
+        if (flag.ts && Date.now() - flag.ts < 10000 && flag.tool === toolName) {
+          guardDenied = true;
+        }
+      }
+    } catch {}
+
+    // Cursor uses result_json, Claude uses tool_response
+    const toolResponse = data.tool_response || data.toolResponse || {};
+    const resultJson = data.result_json ? (typeof data.result_json === 'string' ? data.result_json : JSON.stringify(data.result_json)) : '';
+
+    const hasError = guardDenied ||
+      toolResponse.error ||
+      toolResponse.exitCode > 0 ||
+      toolResponse.isError ||
+      (resultJson && resultJson.includes('"error"'));
 
     const argsSummary = {};
     for (const [k, v] of Object.entries(toolInput)) {
@@ -61,7 +92,8 @@ process.stdin.on('end', async () => {
       writeFileSync(join(flagDir, '.last-tool-call'), Date.now().toString());
     } catch {}
 
-    await fetch(`${API_URL}/api/v1/audit-logs`, {
+    // Fire-and-forget: don't block tool execution waiting for API response
+    fetch(`${API_URL}/api/v1/audit-logs`, {
       method: 'POST',
       headers: {
         'Authorization': `Bearer ${API_KEY}`,
@@ -71,16 +103,17 @@ process.stdin.on('end', async () => {
         tool: toolName,
         arguments: argsSummary,
         decision: hasError ? 'DENY' : 'ALLOW',
-        reason: hasError ? 'tool returned error' : 'allowed',
-        source: 'claude-code-hook',
+        reason: guardDenied ? 'blocked by policy guard' : hasError ? 'tool returned error' : 'allowed',
+        source: `${AGENT_ID}-hook`,
         evaluationTimeMs: 0,
         agent_id: AGENT_ID,
         agent_name: AGENT_NAME,
       }),
       signal: AbortSignal.timeout(5000),
-    });
+    }).catch(() => {}).finally(() => process.exit(0));
+    // Exit after short delay if fetch hangs on DNS/connect
+    setTimeout(() => process.exit(0), 3000);
   } catch {
-    // Silent
+    process.exit(0);
   }
-  process.exit(0);
 });

package/hooks/guard.mjs

@@ -41,15 +41,53 @@ const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
 const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
 
 // Agent identity from CLI args: node guard.mjs <agent_id> <agent_name>
-const AGENT_ID = process.argv[2] || 'claude-code';
-const AGENT_NAME = process.argv[3] || 'Claude Code';
+// Can be overridden at runtime when stdin contains cursor_version or gemini_version
+let AGENT_ID = process.argv[2] || 'claude-code';
+let AGENT_NAME = process.argv[3] || 'Claude Code';
+
+// ── Per-tool block/allow output ──
+// Claude Code: exit 2 + stderr = BLOCK, exit 0 = ALLOW
+// Cursor: JSON stdout {"permission": "deny", "user_message": "..."} = BLOCK
+// Gemini CLI: JSON stdout {"decision": "deny", "reason": "..."} = BLOCK
+function blockTool(reason) {
+  if (AGENT_ID === 'cursor') {
+    // Cursor: JSON stdout with permission: "deny", exit 0
+    process.stdout.write(JSON.stringify({
+      permission: 'deny',
+      user_message: `[SolonGate] ${reason}`,
+      agent_message: `BLOCKED by SolonGate security policy: ${reason}`,
+    }));
+    process.exit(0);
+  } else if (AGENT_ID === 'gemini-cli') {
+    process.stdout.write(JSON.stringify({
+      decision: 'deny',
+      reason: `[SolonGate] ${reason}`,
+    }));
+    process.exit(0);
+  } else {
+    // Claude Code, Antigravity, Perplexity — exit code 2
+    process.stderr.write(reason);
+    process.exit(2);
+  }
+}
+
+function allowTool() {
+  if (AGENT_ID === 'cursor') {
+    process.stdout.write(JSON.stringify({ permission: 'allow' }));
+  } else if (AGENT_ID === 'gemini-cli') {
+    process.stdout.write(JSON.stringify({ decision: 'allow' }));
+  }
+  process.exit(0);
+}
 
 // Write flag file so stop.mjs knows a tool call (DENY) happened and doesn't log extra ALLOW
-function writeDenyFlag() {
+function writeDenyFlag(toolName) {
   try {
     const flagDir = resolve('.solongate');
     mkdirSync(flagDir, { recursive: true });
     writeFileSync(join(flagDir, '.last-tool-call'), Date.now().toString());
+    // Write deny-specific flag so audit.mjs can detect and skip duplicate ALLOW logging
+    writeFileSync(join(flagDir, '.last-deny'), JSON.stringify({ tool: toolName, ts: Date.now() }));
   } catch {}
 }
 
@@ -335,8 +373,27 @@ let input = '';
 process.stdin.on('data', c => input += c);
 process.stdin.on('end', async () => {
   try {
-    const data = JSON.parse(input);
-    const args = data.tool_input || {};
+    const raw = JSON.parse(input);
+
+    // Auto-detect agent from stdin data (overrides CLI args if detected)
+    if (raw.cursor_version) {
+      AGENT_ID = 'cursor';
+      AGENT_NAME = 'Cursor';
+    } else if (raw.gemini_version) {
+      AGENT_ID = 'gemini-cli';
+      AGENT_NAME = 'Gemini CLI';
+    }
+
+    // Normalize field names across tools (Claude: tool_name/tool_input, others may use toolName/toolInput/params)
+    const data = {
+      ...raw,
+      tool_name: raw.tool_name || raw.toolName || '',
+      tool_input: raw.tool_input || raw.toolInput || raw.params || {},
+      tool_response: raw.tool_response || raw.toolResponse || {},
+      cwd: raw.cwd || process.cwd(),
+      session_id: raw.session_id || raw.sessionId || '',
+    };
+    const args = data.tool_input;
 
     // ── Self-protection: block access to hook files and settings ──
     // Hardcoded, no bypass possible — runs before policy/PI config
@@ -358,16 +415,15 @@ process.stdin.on('end', async () => {
             body: JSON.stringify({
               tool: data.tool_name || '', arguments: args,
               decision: 'DENY', reason,
-              source: 'claude-code-guard',
+              source: `${AGENT_ID}-guard`,
               agent_id: AGENT_ID, agent_name: AGENT_NAME,
             }),
             signal: AbortSignal.timeout(3000),
           });
         } catch {}
       }
-      writeDenyFlag();
-      process.stderr.write(reason);
-      process.exit(2);
+      writeDenyFlag(toolName);
+      blockTool(reason);
     }
 
     // ── Normalization layers ──
@@ -909,19 +965,34 @@ process.stdin.on('end', async () => {
       }
     }
 
-    // ── Fetch PI config from Cloud ──
+    // ── Fetch PI config from Cloud (cached for 60s to avoid per-call latency) ──
     let piCfg = { piEnabled: true, piThreshold: 0.5, piMode: 'block', piWhitelist: [], piToolConfig: {}, piCustomPatterns: [], piWebhookUrl: null };
     if (API_KEY && API_KEY.startsWith('sg_live_')) {
+      const cacheFile = join(resolve('.solongate'), '.pi-config-cache.json');
+      let usedCache = false;
       try {
-        const cfgRes = await fetch(API_URL + '/api/v1/project-config', {
-          headers: { 'Authorization': 'Bearer ' + API_KEY },
-          signal: AbortSignal.timeout(3000),
-        });
-        if (cfgRes.ok) {
-          const cfg = await cfgRes.json();
-          piCfg = { ...piCfg, ...cfg };
+        if (existsSync(cacheFile)) {
+          const cached = JSON.parse(readFileSync(cacheFile, 'utf-8'));
+          if (cached._ts && Date.now() - cached._ts < 60000) {
+            const { _ts, ...rest } = cached;
+            piCfg = { ...piCfg, ...rest };
+            usedCache = true;
+          }
         }
-      } catch {} // Fallback: defaults (safe)
+      } catch {}
+      if (!usedCache) {
+        try {
+          const cfgRes = await fetch(API_URL + '/api/v1/project-config', {
+            headers: { 'Authorization': 'Bearer ' + API_KEY },
+            signal: AbortSignal.timeout(3000),
+          });
+          if (cfgRes.ok) {
+            const cfg = await cfgRes.json();
+            piCfg = { ...piCfg, ...cfg };
+            try { writeFileSync(cacheFile, JSON.stringify({ ...cfg, _ts: Date.now() })); } catch {}
+          }
+        } catch {} // Fallback: defaults (safe)
+      }
     }
 
     // ── Per-tool config: check if PI scanning is disabled for this tool ──
@@ -991,7 +1062,7 @@ process.stdin.on('end', async () => {
               arguments: args,
               decision: isLogOnly ? 'ALLOW' : 'DENY',
               reason: msg,
-              source: 'claude-code-guard',
+              source: `${AGENT_ID}-guard`,
               agent_id: AGENT_ID, agent_name: AGENT_NAME,
               pi_detected: true,
               pi_trust_score: piResult.trustScore,
@@ -1029,9 +1100,8 @@ process.stdin.on('end', async () => {
         process.stderr.write(msg);
         // Fall through to policy evaluation (don't exit)
       } else {
-        writeDenyFlag();
-        process.stderr.write(msg);
-        process.exit(2);
+        writeDenyFlag(toolName);
+        blockTool(msg);
       }
     }
 
@@ -1053,7 +1123,7 @@ process.stdin.on('end', async () => {
               arguments: args,
               decision: 'ALLOW',
               reason: 'Prompt injection detected but below threshold (trust: ' + (piResult.trustScore * 100).toFixed(0) + '%)',
-              source: 'claude-code-guard',
+              source: `${AGENT_ID}-guard`,
               agent_id: AGENT_ID, agent_name: AGENT_NAME,
               pi_detected: true,
               pi_trust_score: piResult.trustScore,
@@ -1065,7 +1135,7 @@ process.stdin.on('end', async () => {
           });
         } catch {}
       }
-      process.exit(0); // No policy = allow all
+      allowTool(); // No policy = allow all
     }
 
     let reason = evaluate(policy, args);
@@ -1078,8 +1148,23 @@ process.stdin.on('end', async () => {
       let aiJudgeEndpoint = 'https://api.groq.com/openai';
       let aiJudgeTimeout = 5000;
 
-      // Check cloud config for AI Judge settings
+      // Check cloud config for AI Judge settings (cached for 60s)
       if (API_KEY && API_KEY.startsWith('sg_live_')) {
+        const ajCacheFile = join(resolve('.solongate'), '.aj-config-cache.json');
+        let ajCached = false;
+        try {
+          if (existsSync(ajCacheFile)) {
+            const cached = JSON.parse(readFileSync(ajCacheFile, 'utf-8'));
+            if (cached._ts && Date.now() - cached._ts < 60000) {
+              aiJudgeEnabled = Boolean(cached.enabled);
+              if (cached.model) aiJudgeModel = cached.model;
+              if (cached.endpoint) aiJudgeEndpoint = cached.endpoint;
+              if (cached.timeoutMs) aiJudgeTimeout = cached.timeoutMs;
+              ajCached = true;
+            }
+          }
+        } catch {}
+        if (!ajCached) {
         try {
           const cfgRes = await fetch(API_URL + '/api/v1/project-config/ai-judge', {
             headers: { 'Authorization': 'Bearer ' + API_KEY },
@@ -1091,8 +1176,10 @@ process.stdin.on('end', async () => {
             if (cfg.model) aiJudgeModel = cfg.model;
             if (cfg.endpoint) aiJudgeEndpoint = cfg.endpoint;
             if (cfg.timeoutMs) aiJudgeTimeout = cfg.timeoutMs;
+            try { writeFileSync(ajCacheFile, JSON.stringify({ ...cfg, _ts: Date.now() })); } catch {}
           }
         } catch {}
+        }
       }
 
       if (aiJudgeEnabled && GROQ_KEY) {
@@ -1202,7 +1289,7 @@ Respond with ONLY valid JSON: {"decision": "ALLOW" or "DENY", "reason": "brief e
           const logEntry = {
             tool: toolName, arguments: args,
             decision: 'DENY', reason,
-            source: 'claude-code-guard',
+            source: `${AGENT_ID}-guard`,
             agent_id: AGENT_ID, agent_name: AGENT_NAME,
           };
           if (piResult) {
@@ -1220,10 +1307,9 @@ Respond with ONLY valid JSON: {"decision": "ALLOW" or "DENY", "reason": "brief e
           });
         } catch {}
       }
-      writeDenyFlag();
-      process.stderr.write(reason);
-      process.exit(2);
+      writeDenyFlag(toolName);
+      blockTool(reason);
     }
   } catch {}
-  process.exit(0);
+  allowTool();
 });

package/hooks/stop.mjs

@@ -27,8 +27,9 @@ const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
 const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
 
 // Agent identity from CLI args: node stop.mjs <agent_id> <agent_name>
-const AGENT_ID = process.argv[2] || 'claude-code';
-const AGENT_NAME = process.argv[3] || 'Claude Code';
+// Can be overridden at runtime when stdin contains cursor_version or gemini_version
+let AGENT_ID = process.argv[2] || 'claude-code';
+let AGENT_NAME = process.argv[3] || 'Claude Code';
 
 if (!API_KEY || !API_KEY.startsWith('sg_live_')) process.exit(0);
 
@@ -42,6 +43,13 @@ let input = '';
 process.stdin.on('data', c => input += c);
 process.stdin.on('end', async () => {
   try {
+    // Auto-detect agent from stdin data
+    try {
+      const raw = JSON.parse(input);
+      if (raw.cursor_version) { AGENT_ID = 'cursor'; AGENT_NAME = 'Cursor'; }
+      else if (raw.gemini_version) { AGENT_ID = 'gemini-cli'; AGENT_NAME = 'Gemini CLI'; }
+    } catch {}
+
     // Check if tool calls were made in this turn
     if (existsSync(flagFile)) {
       // Tool calls happened → audit.mjs already logged them. Clean up flag.
@@ -49,8 +57,8 @@ process.stdin.on('end', async () => {
       process.exit(0);
     }
 
-    // No tool calls → log 1 ALLOW for the text-only response
-    await fetch(`${API_URL}/api/v1/audit-logs`, {
+    // No tool calls → log 1 ALLOW for the text-only response (fire-and-forget)
+    fetch(`${API_URL}/api/v1/audit-logs`, {
       method: 'POST',
       headers: {
         'Authorization': `Bearer ${API_KEY}`,
@@ -61,15 +69,15 @@ process.stdin.on('end', async () => {
         arguments: {},
         decision: 'ALLOW',
         reason: 'text response (no tool calls)',
-        source: 'claude-code-hook',
+        source: `${AGENT_ID}-hook`,
         evaluationTimeMs: 0,
         agent_id: AGENT_ID,
         agent_name: AGENT_NAME,
       }),
       signal: AbortSignal.timeout(5000),
-    });
+    }).catch(() => {}).finally(() => process.exit(0));
+    setTimeout(() => process.exit(0), 3000);
   } catch {
-    // Silent
+    process.exit(0);
   }
-  process.exit(0);
 });

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@solongate/proxy",
-  "version": "0.29.0",
-  "description": "MCP security proxy — protect any MCP server with customizable policies, path/command constraints, rate limiting, and audit logging. Zero code changes required.",
+  "version": "0.30.0",
+  "description": "AI tool security proxy — protect any AI tool server with customizable policies, path/command constraints, rate limiting, and audit logging. Zero code changes required.",
   "type": "module",
   "bin": {
     "solongate-proxy": "./dist/index.js",
@@ -29,8 +29,8 @@
     "clean": "rm -rf dist .turbo"
   },
   "keywords": [
-    "mcp",
-    "model-context-protocol",
+    "ai-tool-security",
+    "ai-tool-proxy",
     "security",
     "proxy",
     "gateway",