@solongate/proxy 0.29.1 → 0.30.1

package/README.md

@@ -1,9 +1,9 @@
 # @solongate/proxy
 
-**MCP Security Proxy** — Protect any MCP server with security policies, input validation, rate limiting, and audit logging. Zero code changes required.
+**AI Tool Security Proxy** — Protect any AI tool server with security policies, input validation, rate limiting, and audit logging. Zero code changes required.
 
 ```
-MCP Client ──(stdio)──> SolonGate Proxy ──(stdio)──> MCP Server
+AI Client ──(stdio)──> SolonGate Proxy ──(stdio)──> Tool Server
                              │
                         [rate limit]
                         [input guard]
@@ -11,19 +11,19 @@ MCP Client ──(stdio)──> SolonGate Proxy ──(stdio)──> MCP Server
                         [audit log]
 ```
 
-**Works with every MCP client:** Claude Code, Claude Desktop, Cursor, Windsurf, Cline, Zed, and any application that supports the Model Context Protocol over stdio.
+**Works with every AI platform:** Claude Code, Claude Desktop, Cursor, Windsurf, Cline, Zed, and any application that uses AI tool calls.
 
 ## Quick Start
 
 ### Automatic Setup
 
-Run this in your project directory (where your `.mcp.json` lives):
+Run this in your project directory:
 
 ```bash
 npx @solongate/proxy init --all
 ```
 
-Restart your MCP client. Done.
+Restart your AI client. Done.
 
 ### Manual Setup
 
@@ -129,9 +129,9 @@ npx @solongate/proxy init --restore
 
 ## Why SolonGate?
 
-MCP servers give AI agents direct access to your system — shell commands, file system, databases, network. A single prompt injection attack can turn your AI assistant into an attacker.
+AI tool servers give AI agents direct access to your system — shell commands, file system, databases, network. A single prompt injection attack can turn your AI assistant into an attacker.
 
-SolonGate sits between the AI client and the MCP server, enforcing security policies on every tool call before it reaches the server.
+SolonGate sits between the AI client and the tool server, enforcing security policies on every tool call before it reaches the server.
 
 Learn more at [solongate.com](https://solongate.com)
 

package/dist/index.js

@@ -461,6 +461,7 @@ var init_cli_utils = __esm({
 var init_exports = {};
 import { readFileSync as readFileSync4, writeFileSync as writeFileSync2, existsSync as existsSync4, mkdirSync as mkdirSync2 } from "fs";
 import { resolve as resolve3, join, dirname as dirname2 } from "path";
+import { homedir } from "os";
 import { fileURLToPath } from "url";
 import { execFileSync } from "child_process";
 import { createInterface } from "readline";
@@ -684,7 +685,7 @@ function unlockProtectedDirs() {
     }
   }
 }
-function installHooks(selectedTools = []) {
+function installHooks(selectedTools = [], wrappedMcpConfig) {
   unlockProtectedDirs();
   const hooksDir = resolve3(".solongate", "hooks");
   mkdirSync2(hooksDir, { recursive: true });
@@ -725,35 +726,25 @@ function installHooks(selectedTools = []) {
   for (const client of clients) {
     const clientDir = resolve3(client.dir);
     mkdirSync2(clientDir, { recursive: true });
-    const settingsPath = join(clientDir, "settings.json");
     const guardCmd = `node .solongate/hooks/guard.mjs ${client.agentId} "${client.agentName}"`;
     const auditCmd = `node .solongate/hooks/audit.mjs ${client.agentId} "${client.agentName}"`;
     const stopCmd = `node .solongate/hooks/stop.mjs ${client.agentId} "${client.agentName}"`;
-    const hookSettings = {
-      PreToolUse: [
-        { matcher: "", hooks: [{ type: "command", command: guardCmd }] }
-      ],
-      PostToolUse: [
-        { matcher: "", hooks: [{ type: "command", command: auditCmd }] }
-      ],
-      Stop: [
-        { matcher: "", hooks: [{ type: "command", command: stopCmd }] }
-      ]
-    };
-    let existing = {};
-    try {
-      existing = JSON.parse(readFileSync4(settingsPath, "utf-8"));
-    } catch {
-    }
-    const merged = { ...existing, hooks: hookSettings };
-    const mergedStr = JSON.stringify(merged, null, 2) + "\n";
-    const existingStr = existsSync4(settingsPath) ? readFileSync4(settingsPath, "utf-8") : "";
-    if (mergedStr === existingStr) {
-      skippedNames.push(client.name);
+    if (client.key === "cursor") {
+      const result = installCursorConfig(clientDir, guardCmd, auditCmd, stopCmd, wrappedMcpConfig);
+      if (result === "skipped") skippedNames.push(client.name);
+      else activatedNames.push(client.name);
+    } else if (client.key === "gemini") {
+      const result = installGeminiConfig(clientDir, guardCmd, auditCmd, stopCmd, wrappedMcpConfig);
+      if (result === "skipped") skippedNames.push(client.name);
+      else activatedNames.push(client.name);
+    } else if (client.key === "openclaw") {
+      const result = installOpenClawConfig(clientDir);
+      if (result === "skipped") skippedNames.push(client.name);
+      else activatedNames.push(client.name);
     } else {
-      writeFileSync2(settingsPath, mergedStr);
-      console.log(`  ${existingStr ? "Updated" : "Created"} ${settingsPath}`);
-      activatedNames.push(client.name);
+      const result = installStandardHookConfig(clientDir, client.name, guardCmd, auditCmd, stopCmd);
+      if (result === "skipped") skippedNames.push(client.name);
+      else activatedNames.push(client.name);
     }
   }
   console.log("");
@@ -768,6 +759,125 @@ function installHooks(selectedTools = []) {
     console.log(`  Already configured: ${skippedNames.join(", ")}`);
   }
 }
+function installStandardHookConfig(clientDir, clientName, guardCmd, auditCmd, stopCmd) {
+  const settingsPath = join(clientDir, "settings.json");
+  const hookSettings = {
+    PreToolUse: [
+      { matcher: "", hooks: [{ type: "command", command: guardCmd }] }
+    ],
+    PostToolUse: [
+      { matcher: "", hooks: [{ type: "command", command: auditCmd }] }
+    ],
+    Stop: [
+      { matcher: "", hooks: [{ type: "command", command: stopCmd }] }
+    ]
+  };
+  let existing = {};
+  try {
+    existing = JSON.parse(readFileSync4(settingsPath, "utf-8"));
+  } catch {
+  }
+  const merged = { ...existing, hooks: hookSettings };
+  const mergedStr = JSON.stringify(merged, null, 2) + "\n";
+  const existingStr = existsSync4(settingsPath) ? readFileSync4(settingsPath, "utf-8") : "";
+  if (mergedStr === existingStr) return "skipped";
+  writeFileSync2(settingsPath, mergedStr);
+  console.log(`  ${existingStr ? "Updated" : "Created"} ${settingsPath}`);
+  return "installed";
+}
+function installCursorConfig(clientDir, guardCmd, auditCmd, _stopCmd, wrappedMcpConfig) {
+  let changed = false;
+  const hookConfig = {
+    preToolUse: [
+      { matcher: "", command: guardCmd, failClosed: true }
+    ],
+    postToolUse: [
+      { matcher: "", command: auditCmd }
+    ]
+  };
+  const hooksContent = JSON.stringify({ version: 1, hooks: hookConfig }, null, 2) + "\n";
+  const userCursorDir = join(homedir(), ".cursor");
+  if (existsSync4(userCursorDir)) {
+    const userHooksPath = join(userCursorDir, "hooks.json");
+    const existingUserHooks = existsSync4(userHooksPath) ? readFileSync4(userHooksPath, "utf-8") : "";
+    if (hooksContent !== existingUserHooks) {
+      writeFileSync2(userHooksPath, hooksContent);
+      console.log(`  ${existingUserHooks ? "Updated" : "Created"} ${userHooksPath} (user-level)`);
+      changed = true;
+    }
+  }
+  const hooksPath = join(clientDir, "hooks.json");
+  const existingHooks = existsSync4(hooksPath) ? readFileSync4(hooksPath, "utf-8") : "";
+  if (hooksContent !== existingHooks) {
+    writeFileSync2(hooksPath, hooksContent);
+    console.log(`  ${existingHooks ? "Updated" : "Created"} ${hooksPath}`);
+    changed = true;
+  }
+  if (wrappedMcpConfig) {
+    const mcpPath = join(clientDir, "mcp.json");
+    const mcpStr = JSON.stringify(wrappedMcpConfig, null, 2) + "\n";
+    const existingMcp = existsSync4(mcpPath) ? readFileSync4(mcpPath, "utf-8") : "";
+    if (mcpStr !== existingMcp) {
+      writeFileSync2(mcpPath, mcpStr);
+      console.log(`  ${existingMcp ? "Updated" : "Created"} ${mcpPath}`);
+      changed = true;
+    }
+  }
+  const staleSettings = join(clientDir, "settings.json");
+  if (existsSync4(staleSettings)) {
+    try {
+      const content = JSON.parse(readFileSync4(staleSettings, "utf-8"));
+      if (content.hooks?.PreToolUse || content.hooks?.PostToolUse) {
+        writeFileSync2(staleSettings, JSON.stringify({}, null, 2) + "\n");
+        console.log(`  Cleaned stale ${staleSettings} (had wrong hook format)`);
+        changed = true;
+      }
+    } catch {
+    }
+  }
+  return changed ? "installed" : "skipped";
+}
+function installGeminiConfig(clientDir, guardCmd, auditCmd, _stopCmd, wrappedMcpConfig) {
+  const settingsPath = join(clientDir, "settings.json");
+  let existing = {};
+  try {
+    existing = JSON.parse(readFileSync4(settingsPath, "utf-8"));
+  } catch {
+  }
+  const merged = { ...existing };
+  if (wrappedMcpConfig) {
+    merged.mcpServers = wrappedMcpConfig.mcpServers;
+  }
+  merged.hooks = {
+    BeforeTool: [
+      { matcher: ".*", command: guardCmd }
+    ],
+    AfterTool: [
+      { matcher: ".*", command: auditCmd }
+    ]
+  };
+  const mergedStr = JSON.stringify(merged, null, 2) + "\n";
+  const existingStr = existsSync4(settingsPath) ? readFileSync4(settingsPath, "utf-8") : "";
+  if (mergedStr === existingStr) return "skipped";
+  writeFileSync2(settingsPath, mergedStr);
+  console.log(`  ${existingStr ? "Updated" : "Created"} ${settingsPath}`);
+  return "installed";
+}
+function installOpenClawConfig(clientDir) {
+  const yamlPath = resolve3("openclaw.yaml");
+  const pluginLine = "@solongate/openclaw-plugin";
+  if (existsSync4(yamlPath)) {
+    const content = readFileSync4(yamlPath, "utf-8");
+    if (content.includes(pluginLine)) {
+      return "skipped";
+    }
+  }
+  console.log(`  OpenClaw uses plugins, not hooks. Add to your openclaw.yaml:`);
+  console.log(`    plugins:`);
+  console.log(`      - "${pluginLine}"`);
+  console.log(`    Then: npm install ${pluginLine}`);
+  return "installed";
+}
 function ensureEnvFile() {
   let envChanged = false;
   let gitignoreChanged = false;
@@ -918,7 +1028,7 @@ async function main() {
     console.log("  All servers are already protected by SolonGate!");
     ensureEnvFile();
     console.log("");
-    installHooks(options.tools);
+    installHooks(options.tools, config);
     process.exit(0);
   }
   if (!options.all) {
@@ -1021,7 +1131,7 @@ async function main() {
   startSpinner("Installing hooks...");
   await sleep(300);
   stopSpinner("\u2713 Hooks");
-  installHooks(options.tools);
+  installHooks(options.tools, newConfig);
   console.log("");
   const allUpToDate = toProtect.length === 0 && alreadyProtected.length === serverNames.length;
   console.log("  \u2500\u2500 Summary \u2500\u2500");
@@ -5902,6 +6012,17 @@ var SolonGateProxy = class {
       log2("WARNING:", w);
     }
   }
+  /** Normalize well-known MCP client names to display-friendly agent identities */
+  normalizeAgentName(raw) {
+    const lower = raw.toLowerCase();
+    if (lower.includes("cursor")) return { id: "cursor", name: "Cursor" };
+    if (lower.includes("claude-code") || lower === "claude code") return { id: "claude-code", name: "Claude Code" };
+    if (lower.includes("claude")) return { id: "claude-desktop", name: "Claude Desktop" };
+    if (lower.includes("gemini")) return { id: "gemini-cli", name: "Gemini CLI" };
+    if (lower.includes("antigravity")) return { id: "antigravity", name: "Antigravity" };
+    if (lower.includes("perplexity")) return { id: "perplexity", name: "Perplexity" };
+    return { id: raw.toLowerCase().replace(/\s+/g, "-"), name: raw };
+  }
   /** Extract sub-agent identity from MCP _meta field */
   extractSubAgent(request) {
     const meta = request?.params?._meta;
@@ -6098,10 +6219,12 @@ var SolonGateProxy = class {
     this.server.oninitialized = () => {
       if (this.server) {
         const clientVersion = this.server.getClientVersion();
+        log2(`MCP clientInfo raw: ${JSON.stringify(clientVersion)}`);
         if (clientVersion?.name) {
-          this.agentId = clientVersion.name;
-          this.agentName = clientVersion.name;
-          log2(`Agent identified from MCP clientInfo: ${this.agentName}`);
+          const normalized = this.normalizeAgentName(clientVersion.name);
+          this.agentId = normalized.id;
+          this.agentName = normalized.name;
+          log2(`Agent identified from MCP clientInfo: ${this.agentName} (raw: ${clientVersion.name})`);
         }
       }
     };

package/dist/init.js

@@ -3,6 +3,7 @@
 // src/init.ts
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
 import { resolve, join, dirname } from "path";
+import { homedir } from "os";
 import { fileURLToPath } from "url";
 import { execFileSync } from "child_process";
 import { createInterface } from "readline";
@@ -270,7 +271,7 @@ function unlockProtectedDirs() {
     }
   }
 }
-function installHooks(selectedTools = []) {
+function installHooks(selectedTools = [], wrappedMcpConfig) {
   unlockProtectedDirs();
   const hooksDir = resolve(".solongate", "hooks");
   mkdirSync(hooksDir, { recursive: true });
@@ -311,35 +312,25 @@ function installHooks(selectedTools = []) {
   for (const client of clients) {
     const clientDir = resolve(client.dir);
     mkdirSync(clientDir, { recursive: true });
-    const settingsPath = join(clientDir, "settings.json");
     const guardCmd = `node .solongate/hooks/guard.mjs ${client.agentId} "${client.agentName}"`;
     const auditCmd = `node .solongate/hooks/audit.mjs ${client.agentId} "${client.agentName}"`;
     const stopCmd = `node .solongate/hooks/stop.mjs ${client.agentId} "${client.agentName}"`;
-    const hookSettings = {
-      PreToolUse: [
-        { matcher: "", hooks: [{ type: "command", command: guardCmd }] }
-      ],
-      PostToolUse: [
-        { matcher: "", hooks: [{ type: "command", command: auditCmd }] }
-      ],
-      Stop: [
-        { matcher: "", hooks: [{ type: "command", command: stopCmd }] }
-      ]
-    };
-    let existing = {};
-    try {
-      existing = JSON.parse(readFileSync(settingsPath, "utf-8"));
-    } catch {
-    }
-    const merged = { ...existing, hooks: hookSettings };
-    const mergedStr = JSON.stringify(merged, null, 2) + "\n";
-    const existingStr = existsSync(settingsPath) ? readFileSync(settingsPath, "utf-8") : "";
-    if (mergedStr === existingStr) {
-      skippedNames.push(client.name);
+    if (client.key === "cursor") {
+      const result = installCursorConfig(clientDir, guardCmd, auditCmd, stopCmd, wrappedMcpConfig);
+      if (result === "skipped") skippedNames.push(client.name);
+      else activatedNames.push(client.name);
+    } else if (client.key === "gemini") {
+      const result = installGeminiConfig(clientDir, guardCmd, auditCmd, stopCmd, wrappedMcpConfig);
+      if (result === "skipped") skippedNames.push(client.name);
+      else activatedNames.push(client.name);
+    } else if (client.key === "openclaw") {
+      const result = installOpenClawConfig(clientDir);
+      if (result === "skipped") skippedNames.push(client.name);
+      else activatedNames.push(client.name);
     } else {
-      writeFileSync(settingsPath, mergedStr);
-      console.log(`  ${existingStr ? "Updated" : "Created"} ${settingsPath}`);
-      activatedNames.push(client.name);
+      const result = installStandardHookConfig(clientDir, client.name, guardCmd, auditCmd, stopCmd);
+      if (result === "skipped") skippedNames.push(client.name);
+      else activatedNames.push(client.name);
     }
   }
   console.log("");
@@ -354,6 +345,125 @@ function installHooks(selectedTools = []) {
     console.log(`  Already configured: ${skippedNames.join(", ")}`);
   }
 }
+function installStandardHookConfig(clientDir, clientName, guardCmd, auditCmd, stopCmd) {
+  const settingsPath = join(clientDir, "settings.json");
+  const hookSettings = {
+    PreToolUse: [
+      { matcher: "", hooks: [{ type: "command", command: guardCmd }] }
+    ],
+    PostToolUse: [
+      { matcher: "", hooks: [{ type: "command", command: auditCmd }] }
+    ],
+    Stop: [
+      { matcher: "", hooks: [{ type: "command", command: stopCmd }] }
+    ]
+  };
+  let existing = {};
+  try {
+    existing = JSON.parse(readFileSync(settingsPath, "utf-8"));
+  } catch {
+  }
+  const merged = { ...existing, hooks: hookSettings };
+  const mergedStr = JSON.stringify(merged, null, 2) + "\n";
+  const existingStr = existsSync(settingsPath) ? readFileSync(settingsPath, "utf-8") : "";
+  if (mergedStr === existingStr) return "skipped";
+  writeFileSync(settingsPath, mergedStr);
+  console.log(`  ${existingStr ? "Updated" : "Created"} ${settingsPath}`);
+  return "installed";
+}
+function installCursorConfig(clientDir, guardCmd, auditCmd, _stopCmd, wrappedMcpConfig) {
+  let changed = false;
+  const hookConfig = {
+    preToolUse: [
+      { matcher: "", command: guardCmd, failClosed: true }
+    ],
+    postToolUse: [
+      { matcher: "", command: auditCmd }
+    ]
+  };
+  const hooksContent = JSON.stringify({ version: 1, hooks: hookConfig }, null, 2) + "\n";
+  const userCursorDir = join(homedir(), ".cursor");
+  if (existsSync(userCursorDir)) {
+    const userHooksPath = join(userCursorDir, "hooks.json");
+    const existingUserHooks = existsSync(userHooksPath) ? readFileSync(userHooksPath, "utf-8") : "";
+    if (hooksContent !== existingUserHooks) {
+      writeFileSync(userHooksPath, hooksContent);
+      console.log(`  ${existingUserHooks ? "Updated" : "Created"} ${userHooksPath} (user-level)`);
+      changed = true;
+    }
+  }
+  const hooksPath = join(clientDir, "hooks.json");
+  const existingHooks = existsSync(hooksPath) ? readFileSync(hooksPath, "utf-8") : "";
+  if (hooksContent !== existingHooks) {
+    writeFileSync(hooksPath, hooksContent);
+    console.log(`  ${existingHooks ? "Updated" : "Created"} ${hooksPath}`);
+    changed = true;
+  }
+  if (wrappedMcpConfig) {
+    const mcpPath = join(clientDir, "mcp.json");
+    const mcpStr = JSON.stringify(wrappedMcpConfig, null, 2) + "\n";
+    const existingMcp = existsSync(mcpPath) ? readFileSync(mcpPath, "utf-8") : "";
+    if (mcpStr !== existingMcp) {
+      writeFileSync(mcpPath, mcpStr);
+      console.log(`  ${existingMcp ? "Updated" : "Created"} ${mcpPath}`);
+      changed = true;
+    }
+  }
+  const staleSettings = join(clientDir, "settings.json");
+  if (existsSync(staleSettings)) {
+    try {
+      const content = JSON.parse(readFileSync(staleSettings, "utf-8"));
+      if (content.hooks?.PreToolUse || content.hooks?.PostToolUse) {
+        writeFileSync(staleSettings, JSON.stringify({}, null, 2) + "\n");
+        console.log(`  Cleaned stale ${staleSettings} (had wrong hook format)`);
+        changed = true;
+      }
+    } catch {
+    }
+  }
+  return changed ? "installed" : "skipped";
+}
+function installGeminiConfig(clientDir, guardCmd, auditCmd, _stopCmd, wrappedMcpConfig) {
+  const settingsPath = join(clientDir, "settings.json");
+  let existing = {};
+  try {
+    existing = JSON.parse(readFileSync(settingsPath, "utf-8"));
+  } catch {
+  }
+  const merged = { ...existing };
+  if (wrappedMcpConfig) {
+    merged.mcpServers = wrappedMcpConfig.mcpServers;
+  }
+  merged.hooks = {
+    BeforeTool: [
+      { matcher: ".*", command: guardCmd }
+    ],
+    AfterTool: [
+      { matcher: ".*", command: auditCmd }
+    ]
+  };
+  const mergedStr = JSON.stringify(merged, null, 2) + "\n";
+  const existingStr = existsSync(settingsPath) ? readFileSync(settingsPath, "utf-8") : "";
+  if (mergedStr === existingStr) return "skipped";
+  writeFileSync(settingsPath, mergedStr);
+  console.log(`  ${existingStr ? "Updated" : "Created"} ${settingsPath}`);
+  return "installed";
+}
+function installOpenClawConfig(clientDir) {
+  const yamlPath = resolve("openclaw.yaml");
+  const pluginLine = "@solongate/openclaw-plugin";
+  if (existsSync(yamlPath)) {
+    const content = readFileSync(yamlPath, "utf-8");
+    if (content.includes(pluginLine)) {
+      return "skipped";
+    }
+  }
+  console.log(`  OpenClaw uses plugins, not hooks. Add to your openclaw.yaml:`);
+  console.log(`    plugins:`);
+  console.log(`      - "${pluginLine}"`);
+  console.log(`    Then: npm install ${pluginLine}`);
+  return "installed";
+}
 function ensureEnvFile() {
   let envChanged = false;
   let gitignoreChanged = false;
@@ -504,7 +614,7 @@ async function main() {
     console.log("  All servers are already protected by SolonGate!");
     ensureEnvFile();
     console.log("");
-    installHooks(options.tools);
+    installHooks(options.tools, config);
     process.exit(0);
   }
   if (!options.all) {
@@ -607,7 +717,7 @@ async function main() {
   startSpinner("Installing hooks...");
   await sleep(300);
   stopSpinner("\u2713 Hooks");
-  installHooks(options.tools);
+  installHooks(options.tools, newConfig);
   console.log("");
   const allUpToDate = toProtect.length === 0 && alreadyProtected.length === serverNames.length;
   console.log("  \u2500\u2500 Summary \u2500\u2500");

package/dist/lib.js

@@ -4252,6 +4252,17 @@ var SolonGateProxy = class {
       log2("WARNING:", w);
     }
   }
+  /** Normalize well-known MCP client names to display-friendly agent identities */
+  normalizeAgentName(raw) {
+    const lower = raw.toLowerCase();
+    if (lower.includes("cursor")) return { id: "cursor", name: "Cursor" };
+    if (lower.includes("claude-code") || lower === "claude code") return { id: "claude-code", name: "Claude Code" };
+    if (lower.includes("claude")) return { id: "claude-desktop", name: "Claude Desktop" };
+    if (lower.includes("gemini")) return { id: "gemini-cli", name: "Gemini CLI" };
+    if (lower.includes("antigravity")) return { id: "antigravity", name: "Antigravity" };
+    if (lower.includes("perplexity")) return { id: "perplexity", name: "Perplexity" };
+    return { id: raw.toLowerCase().replace(/\s+/g, "-"), name: raw };
+  }
   /** Extract sub-agent identity from MCP _meta field */
   extractSubAgent(request) {
     const meta = request?.params?._meta;
@@ -4448,10 +4459,12 @@ var SolonGateProxy = class {
     this.server.oninitialized = () => {
       if (this.server) {
         const clientVersion = this.server.getClientVersion();
+        log2(`MCP clientInfo raw: ${JSON.stringify(clientVersion)}`);
         if (clientVersion?.name) {
-          this.agentId = clientVersion.name;
-          this.agentName = clientVersion.name;
-          log2(`Agent identified from MCP clientInfo: ${this.agentName}`);
+          const normalized = this.normalizeAgentName(clientVersion.name);
+          this.agentId = normalized.id;
+          this.agentName = normalized.name;
+          log2(`Agent identified from MCP clientInfo: ${this.agentName} (raw: ${clientVersion.name})`);
         }
       }
     };

package/hooks/audit.mjs

@@ -26,8 +26,9 @@ const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
 const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
 
 // Agent identity from CLI args: node audit.mjs <agent_id> <agent_name>
-const AGENT_ID = process.argv[2] || 'claude-code';
-const AGENT_NAME = process.argv[3] || 'Claude Code';
+// Can be overridden at runtime when stdin contains cursor_version or gemini_version
+let AGENT_ID = process.argv[2] || 'claude-code';
+let AGENT_NAME = process.argv[3] || 'Claude Code';
 
 if (!API_KEY || !API_KEY.startsWith('sg_live_')) process.exit(0);
 
@@ -36,16 +37,49 @@ process.stdin.on('data', c => input += c);
 process.stdin.on('end', async () => {
   try {
     const data = JSON.parse(input);
-    const toolName = data.tool_name || 'unknown';
-    const toolInput = data.tool_input || {};
+
+    // Debug: dump raw stdin to file for agent detection troubleshooting
+    try { writeFileSync(resolve('.solongate', '.debug-stdin'), JSON.stringify(data, null, 2)); } catch {}
+
+    // Auto-detect agent from stdin data (overrides CLI args if detected)
+    if (data.cursor_version) {
+      AGENT_ID = 'cursor';
+      AGENT_NAME = 'Cursor';
+    } else if (data.gemini_version) {
+      AGENT_ID = 'gemini-cli';
+      AGENT_NAME = 'Gemini CLI';
+    }
+
+    // Normalize field names across tools (Claude: tool_name, others may use toolName)
+    const toolName = data.tool_name || data.toolName || 'unknown';
+    const toolInput = data.tool_input || data.toolInput || data.params || {};
 
     if (toolName === 'Bash' && JSON.stringify(toolInput).includes('audit-logs')) {
       process.exit(0);
     }
 
-    const hasError = data.tool_response?.error ||
-      data.tool_response?.exitCode > 0 ||
-      data.tool_response?.isError;
+    // Check if guard.mjs already logged a DENY for this tool (avoid duplicate ALLOW after DENY)
+    let guardDenied = false;
+    try {
+      const denyFlagPath = resolve('.solongate', '.last-deny');
+      if (existsSync(denyFlagPath)) {
+        const flag = JSON.parse(readFileSync(denyFlagPath, 'utf-8'));
+        // If deny was recent (< 10s) and same tool, this postToolUse is a duplicate
+        if (flag.ts && Date.now() - flag.ts < 10000 && flag.tool === toolName) {
+          guardDenied = true;
+        }
+      }
+    } catch {}
+
+    // Cursor uses result_json, Claude uses tool_response
+    const toolResponse = data.tool_response || data.toolResponse || {};
+    const resultJson = data.result_json ? (typeof data.result_json === 'string' ? data.result_json : JSON.stringify(data.result_json)) : '';
+
+    const hasError = guardDenied ||
+      toolResponse.error ||
+      toolResponse.exitCode > 0 ||
+      toolResponse.isError ||
+      (resultJson && resultJson.includes('"error"'));
 
     const argsSummary = {};
     for (const [k, v] of Object.entries(toolInput)) {
@@ -72,8 +106,8 @@ process.stdin.on('end', async () => {
         tool: toolName,
         arguments: argsSummary,
         decision: hasError ? 'DENY' : 'ALLOW',
-        reason: hasError ? 'tool returned error' : 'allowed',
-        source: 'claude-code-hook',
+        reason: guardDenied ? 'blocked by policy guard' : hasError ? 'tool returned error' : 'allowed',
+        source: `${AGENT_ID}-hook`,
         evaluationTimeMs: 0,
         agent_id: AGENT_ID,
         agent_name: AGENT_NAME,

package/hooks/guard.mjs

@@ -41,15 +41,53 @@ const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
 const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
 
 // Agent identity from CLI args: node guard.mjs <agent_id> <agent_name>
-const AGENT_ID = process.argv[2] || 'claude-code';
-const AGENT_NAME = process.argv[3] || 'Claude Code';
+// Can be overridden at runtime when stdin contains cursor_version or gemini_version
+let AGENT_ID = process.argv[2] || 'claude-code';
+let AGENT_NAME = process.argv[3] || 'Claude Code';
+
+// ── Per-tool block/allow output ──
+// Claude Code: exit 2 + stderr = BLOCK, exit 0 = ALLOW
+// Cursor: JSON stdout {"permission": "deny", "user_message": "..."} = BLOCK
+// Gemini CLI: JSON stdout {"decision": "deny", "reason": "..."} = BLOCK
+function blockTool(reason) {
+  if (AGENT_ID === 'cursor') {
+    // Cursor: JSON stdout with permission: "deny", exit 0
+    process.stdout.write(JSON.stringify({
+      permission: 'deny',
+      user_message: `[SolonGate] ${reason}`,
+      agent_message: `BLOCKED by SolonGate security policy: ${reason}`,
+    }));
+    process.exit(0);
+  } else if (AGENT_ID === 'gemini-cli') {
+    process.stdout.write(JSON.stringify({
+      decision: 'deny',
+      reason: `[SolonGate] ${reason}`,
+    }));
+    process.exit(0);
+  } else {
+    // Claude Code, Antigravity, Perplexity — exit code 2
+    process.stderr.write(reason);
+    process.exit(2);
+  }
+}
+
+function allowTool() {
+  if (AGENT_ID === 'cursor') {
+    process.stdout.write(JSON.stringify({ permission: 'allow' }));
+  } else if (AGENT_ID === 'gemini-cli') {
+    process.stdout.write(JSON.stringify({ decision: 'allow' }));
+  }
+  process.exit(0);
+}
 
 // Write flag file so stop.mjs knows a tool call (DENY) happened and doesn't log extra ALLOW
-function writeDenyFlag() {
+function writeDenyFlag(toolName) {
   try {
     const flagDir = resolve('.solongate');
     mkdirSync(flagDir, { recursive: true });
     writeFileSync(join(flagDir, '.last-tool-call'), Date.now().toString());
+    // Write deny-specific flag so audit.mjs can detect and skip duplicate ALLOW logging
+    writeFileSync(join(flagDir, '.last-deny'), JSON.stringify({ tool: toolName, ts: Date.now() }));
   } catch {}
 }
 
@@ -335,8 +373,27 @@ let input = '';
 process.stdin.on('data', c => input += c);
 process.stdin.on('end', async () => {
   try {
-    const data = JSON.parse(input);
-    const args = data.tool_input || {};
+    const raw = JSON.parse(input);
+
+    // Auto-detect agent from stdin data (overrides CLI args if detected)
+    if (raw.cursor_version) {
+      AGENT_ID = 'cursor';
+      AGENT_NAME = 'Cursor';
+    } else if (raw.gemini_version) {
+      AGENT_ID = 'gemini-cli';
+      AGENT_NAME = 'Gemini CLI';
+    }
+
+    // Normalize field names across tools (Claude: tool_name/tool_input, others may use toolName/toolInput/params)
+    const data = {
+      ...raw,
+      tool_name: raw.tool_name || raw.toolName || '',
+      tool_input: raw.tool_input || raw.toolInput || raw.params || {},
+      tool_response: raw.tool_response || raw.toolResponse || {},
+      cwd: raw.cwd || process.cwd(),
+      session_id: raw.session_id || raw.sessionId || '',
+    };
+    const args = data.tool_input;
 
     // ── Self-protection: block access to hook files and settings ──
     // Hardcoded, no bypass possible — runs before policy/PI config
@@ -358,16 +415,15 @@ process.stdin.on('end', async () => {
             body: JSON.stringify({
               tool: data.tool_name || '', arguments: args,
               decision: 'DENY', reason,
-              source: 'claude-code-guard',
+              source: `${AGENT_ID}-guard`,
               agent_id: AGENT_ID, agent_name: AGENT_NAME,
             }),
             signal: AbortSignal.timeout(3000),
           });
         } catch {}
       }
-      writeDenyFlag();
-      process.stderr.write(reason);
-      process.exit(2);
+      writeDenyFlag(toolName);
+      blockTool(reason);
     }
 
     // ── Normalization layers ──
@@ -1006,7 +1062,7 @@ process.stdin.on('end', async () => {
               arguments: args,
               decision: isLogOnly ? 'ALLOW' : 'DENY',
               reason: msg,
-              source: 'claude-code-guard',
+              source: `${AGENT_ID}-guard`,
               agent_id: AGENT_ID, agent_name: AGENT_NAME,
               pi_detected: true,
               pi_trust_score: piResult.trustScore,
@@ -1044,9 +1100,8 @@ process.stdin.on('end', async () => {
         process.stderr.write(msg);
         // Fall through to policy evaluation (don't exit)
       } else {
-        writeDenyFlag();
-        process.stderr.write(msg);
-        process.exit(2);
+        writeDenyFlag(toolName);
+        blockTool(msg);
       }
     }
 
@@ -1068,7 +1123,7 @@ process.stdin.on('end', async () => {
               arguments: args,
               decision: 'ALLOW',
               reason: 'Prompt injection detected but below threshold (trust: ' + (piResult.trustScore * 100).toFixed(0) + '%)',
-              source: 'claude-code-guard',
+              source: `${AGENT_ID}-guard`,
               agent_id: AGENT_ID, agent_name: AGENT_NAME,
               pi_detected: true,
               pi_trust_score: piResult.trustScore,
@@ -1080,7 +1135,7 @@ process.stdin.on('end', async () => {
           });
         } catch {}
       }
-      process.exit(0); // No policy = allow all
+      allowTool(); // No policy = allow all
     }
 
     let reason = evaluate(policy, args);
@@ -1234,7 +1289,7 @@ Respond with ONLY valid JSON: {"decision": "ALLOW" or "DENY", "reason": "brief e
           const logEntry = {
             tool: toolName, arguments: args,
             decision: 'DENY', reason,
-            source: 'claude-code-guard',
+            source: `${AGENT_ID}-guard`,
             agent_id: AGENT_ID, agent_name: AGENT_NAME,
           };
           if (piResult) {
@@ -1252,10 +1307,9 @@ Respond with ONLY valid JSON: {"decision": "ALLOW" or "DENY", "reason": "brief e
           });
         } catch {}
       }
-      writeDenyFlag();
-      process.stderr.write(reason);
-      process.exit(2);
+      writeDenyFlag(toolName);
+      blockTool(reason);
     }
   } catch {}
-  process.exit(0);
+  allowTool();
 });

package/hooks/stop.mjs

@@ -27,8 +27,9 @@ const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
 const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
 
 // Agent identity from CLI args: node stop.mjs <agent_id> <agent_name>
-const AGENT_ID = process.argv[2] || 'claude-code';
-const AGENT_NAME = process.argv[3] || 'Claude Code';
+// Can be overridden at runtime when stdin contains cursor_version or gemini_version
+let AGENT_ID = process.argv[2] || 'claude-code';
+let AGENT_NAME = process.argv[3] || 'Claude Code';
 
 if (!API_KEY || !API_KEY.startsWith('sg_live_')) process.exit(0);
 
@@ -42,6 +43,13 @@ let input = '';
 process.stdin.on('data', c => input += c);
 process.stdin.on('end', async () => {
   try {
+    // Auto-detect agent from stdin data
+    try {
+      const raw = JSON.parse(input);
+      if (raw.cursor_version) { AGENT_ID = 'cursor'; AGENT_NAME = 'Cursor'; }
+      else if (raw.gemini_version) { AGENT_ID = 'gemini-cli'; AGENT_NAME = 'Gemini CLI'; }
+    } catch {}
+
     // Check if tool calls were made in this turn
     if (existsSync(flagFile)) {
       // Tool calls happened → audit.mjs already logged them. Clean up flag.
@@ -61,7 +69,7 @@ process.stdin.on('end', async () => {
         arguments: {},
         decision: 'ALLOW',
         reason: 'text response (no tool calls)',
-        source: 'claude-code-hook',
+        source: `${AGENT_ID}-hook`,
         evaluationTimeMs: 0,
         agent_id: AGENT_ID,
         agent_name: AGENT_NAME,

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@solongate/proxy",
-  "version": "0.29.1",
-  "description": "MCP security proxy — protect any MCP server with customizable policies, path/command constraints, rate limiting, and audit logging. Zero code changes required.",
+  "version": "0.30.1",
+  "description": "AI tool security proxy — protect any AI tool server with customizable policies, path/command constraints, rate limiting, and audit logging. Zero code changes required.",
   "type": "module",
   "bin": {
     "solongate-proxy": "./dist/index.js",
@@ -29,8 +29,8 @@
     "clean": "rm -rf dist .turbo"
   },
   "keywords": [
-    "mcp",
-    "model-context-protocol",
+    "ai-tool-security",
+    "ai-tool-proxy",
     "security",
     "proxy",
     "gateway",