npm - @solongate/proxy - Versions diffs - 0.34.0 → 0.35.0 - Mend

@solongate/proxy 0.34.0 → 0.35.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.js CHANGED Viewed

@@ -274,6 +274,9 @@ function parseArgs(argv) {
       aiJudgeApiKey = process.env.GROQ_API_KEY;
     }
   }
+  if (aiJudgeApiKey && (aiJudgeApiKey.includes("your_") || aiJudgeApiKey.includes("_here") || aiJudgeApiKey.length < 10)) {
+    aiJudgeApiKey = void 0;
+  }
   const aiJudge = aiJudgeEnabled ? {
     enabled: true,
     model: aiJudgeModel,
@@ -533,7 +536,7 @@ function isAlreadyProtected(server) {
   }
   return false;
 }
-function wrapServer(serverName, server, policy, agentName) {
+function wrapServer(serverName, server, policy, agentName, aiJudge) {
   const env = { ...server.env ?? {} };
   env.SOLONGATE_API_KEY = "${SOLONGATE_API_KEY}";
   const proxyArgs = ["-y", "@solongate/proxy@latest"];
@@ -543,6 +546,9 @@ function wrapServer(serverName, server, policy, agentName) {
   if (agentName) {
     proxyArgs.push("--agent-name", agentName);
   }
+  if (aiJudge) {
+    proxyArgs.push("--ai-judge");
+  }
   proxyArgs.push("--verbose", "--", server.command, ...server.args ?? []);
   return {
     command: "npx",
@@ -563,7 +569,8 @@ function parseInitArgs(argv) {
   const args = argv.slice(2);
   const options = {
     all: false,
-    tools: []
+    tools: [],
+    aiJudge: false
   };
   for (let i = 0; i < args.length; i++) {
     switch (args[i]) {
@@ -588,6 +595,9 @@ function parseInitArgs(argv) {
       case "--openclaw":
         options.tools.push("openclaw");
         break;
+      case "--ai-judge":
+        options.aiJudge = true;
+        break;
       case "--help":
       case "-h":
         printHelp();
@@ -615,8 +625,13 @@ AI TOOL HOOKS (default: all)
   --gemini            Install hooks for Gemini CLI
   --openclaw          Install hooks for OpenClaw
+SECURITY LAYERS
+  --ai-judge          Enable AI Judge (semantic intent analysis via LLM)
+                      Requires GROQ_API_KEY in .env (free at https://console.groq.com/keys)
 EXAMPLES
   npx @solongate/proxy init --all                          # Protect everything, all tools
+  npx @solongate/proxy init --all --ai-judge               # With AI Judge enabled
   npx @solongate/proxy init --all --claude-code --gemini   # Only Claude Code + Gemini hooks
   npx @solongate/proxy init --all --policy policy.json     # With custom policy
 `;
@@ -1046,7 +1061,7 @@ async function main() {
   const newConfig = { mcpServers: {} };
   for (const name of serverNames) {
     if (toProtect.includes(name)) {
-      newConfig.mcpServers[name] = wrapServer(name, config.mcpServers[name], policyValue);
+      newConfig.mcpServers[name] = wrapServer(name, config.mcpServers[name], policyValue, void 0, options.aiJudge);
     } else {
       newConfig.mcpServers[name] = config.mcpServers[name];
     }
@@ -5671,6 +5686,12 @@ CRITICAL: Only DENY access to files EXPLICITLY in the protected_files list. "cat
 Respond with ONLY valid JSON, no markdown, no explanation outside the JSON:
 {"decision": "ALLOW" or "DENY", "reason": "brief one-line explanation", "confidence": 0.0 to 1.0}`;
+var AuthError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "AuthError";
+  }
+};
 var AiJudge = class _AiJudge {
   config;
   protectedFiles;
@@ -5727,6 +5748,13 @@ var AiJudge = class _AiJudge {
       this.consecutiveFailures++;
       this.lastFailureTime = Date.now();
       const message = err instanceof Error ? err.message : String(err);
+      if (err instanceof AuthError) {
+        return {
+          decision: "ALLOW",
+          reason: `AI Judge auth error (skipping): ${message.slice(0, 100)}`,
+          confidence: 0.5
+        };
+      }
       return {
         decision: "DENY",
         reason: `AI Judge error (fail-closed): ${message.slice(0, 100)}`,
@@ -5808,6 +5836,9 @@ var AiJudge = class _AiJudge {
       });
       if (!res.ok) {
         const errBody = await res.text().catch(() => "");
+        if (res.status === 401 || res.status === 403) {
+          throw new AuthError(`LLM auth failed (${res.status}): ${errBody.slice(0, 200)}`);
+        }
         throw new Error(`LLM endpoint returned ${res.status}: ${errBody.slice(0, 200)}`);
       }
       const data = await res.json();
@@ -6048,6 +6079,9 @@ var SolonGateProxy = class {
               if (match) groqKey = match[1].trim();
             }
             if (!groqKey) groqKey = process.env.GROQ_API_KEY;
+            if (groqKey && (groqKey.includes("your_") || groqKey.includes("_here") || groqKey.length < 10)) {
+              groqKey = void 0;
+            }
             if (groqKey) {
               this.config.aiJudge = {
                 enabled: true,

package/dist/init.js CHANGED Viewed

@@ -117,7 +117,7 @@ function isAlreadyProtected(server) {
   }
   return false;
 }
-function wrapServer(serverName, server, policy, agentName) {
+function wrapServer(serverName, server, policy, agentName, aiJudge) {
   const env = { ...server.env ?? {} };
   env.SOLONGATE_API_KEY = "${SOLONGATE_API_KEY}";
   const proxyArgs = ["-y", "@solongate/proxy@latest"];
@@ -127,6 +127,9 @@ function wrapServer(serverName, server, policy, agentName) {
   if (agentName) {
     proxyArgs.push("--agent-name", agentName);
   }
+  if (aiJudge) {
+    proxyArgs.push("--ai-judge");
+  }
   proxyArgs.push("--verbose", "--", server.command, ...server.args ?? []);
   return {
     command: "npx",
@@ -147,7 +150,8 @@ function parseInitArgs(argv) {
   const args = argv.slice(2);
   const options = {
     all: false,
-    tools: []
+    tools: [],
+    aiJudge: false
   };
   for (let i = 0; i < args.length; i++) {
     switch (args[i]) {
@@ -172,6 +176,9 @@ function parseInitArgs(argv) {
       case "--openclaw":
         options.tools.push("openclaw");
         break;
+      case "--ai-judge":
+        options.aiJudge = true;
+        break;
       case "--help":
       case "-h":
         printHelp();
@@ -199,8 +206,13 @@ AI TOOL HOOKS (default: all)
   --gemini            Install hooks for Gemini CLI
   --openclaw          Install hooks for OpenClaw
+SECURITY LAYERS
+  --ai-judge          Enable AI Judge (semantic intent analysis via LLM)
+                      Requires GROQ_API_KEY in .env (free at https://console.groq.com/keys)
 EXAMPLES
   npx @solongate/proxy init --all                          # Protect everything, all tools
+  npx @solongate/proxy init --all --ai-judge               # With AI Judge enabled
   npx @solongate/proxy init --all --claude-code --gemini   # Only Claude Code + Gemini hooks
   npx @solongate/proxy init --all --policy policy.json     # With custom policy
 `;
@@ -632,7 +644,7 @@ async function main() {
   const newConfig = { mcpServers: {} };
   for (const name of serverNames) {
     if (toProtect.includes(name)) {
-      newConfig.mcpServers[name] = wrapServer(name, config.mcpServers[name], policyValue);
+      newConfig.mcpServers[name] = wrapServer(name, config.mcpServers[name], policyValue, void 0, options.aiJudge);
     } else {
       newConfig.mcpServers[name] = config.mcpServers[name];
     }

package/dist/lib.js CHANGED Viewed

@@ -3973,6 +3973,12 @@ CRITICAL: Only DENY access to files EXPLICITLY in the protected_files list. "cat
 Respond with ONLY valid JSON, no markdown, no explanation outside the JSON:
 {"decision": "ALLOW" or "DENY", "reason": "brief one-line explanation", "confidence": 0.0 to 1.0}`;
+var AuthError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "AuthError";
+  }
+};
 var AiJudge = class _AiJudge {
   config;
   protectedFiles;
@@ -4029,6 +4035,13 @@ var AiJudge = class _AiJudge {
       this.consecutiveFailures++;
       this.lastFailureTime = Date.now();
       const message = err instanceof Error ? err.message : String(err);
+      if (err instanceof AuthError) {
+        return {
+          decision: "ALLOW",
+          reason: `AI Judge auth error (skipping): ${message.slice(0, 100)}`,
+          confidence: 0.5
+        };
+      }
       return {
         decision: "DENY",
         reason: `AI Judge error (fail-closed): ${message.slice(0, 100)}`,
@@ -4110,6 +4123,9 @@ var AiJudge = class _AiJudge {
       });
       if (!res.ok) {
         const errBody = await res.text().catch(() => "");
+        if (res.status === 401 || res.status === 403) {
+          throw new AuthError(`LLM auth failed (${res.status}): ${errBody.slice(0, 200)}`);
+        }
         throw new Error(`LLM endpoint returned ${res.status}: ${errBody.slice(0, 200)}`);
       }
       const data = await res.json();
@@ -4350,6 +4366,9 @@ var SolonGateProxy = class {
               if (match) groqKey = match[1].trim();
             }
             if (!groqKey) groqKey = process.env.GROQ_API_KEY;
+            if (groqKey && (groqKey.includes("your_") || groqKey.includes("_here") || groqKey.length < 10)) {
+              groqKey = void 0;
+            }
             if (groqKey) {
               this.config.aiJudge = {
                 enabled: true,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@solongate/proxy",
-  "version": "0.34.0",
+  "version": "0.35.0",
   "description": "AI tool security proxy — protect any AI tool server with customizable policies, path/command constraints, rate limiting, and audit logging. Zero code changes required.",
   "type": "module",
   "bin": {