@solongate/proxy 0.40.0 → 0.42.0

package/dist/create.js

@@ -213,10 +213,8 @@ console.log('MCP servers communicate over stdin/stdout \u2014 not HTTP.');
 console.log('You need an MCP client to connect:');
 console.log('');
 console.log('  Claude Code    Open this folder, .mcp.json is auto-detected');
-console.log('  Claude Desktop Add to Settings > MCP Servers');
-console.log('  Windsurf       Open this folder, .mcp.json is auto-detected');
-console.log('  Cline          VS Code extension, add server in settings');
-console.log('  Zed            Add to settings.json under mcp_servers');
+console.log('  Gemini CLI     Open this folder, .mcp.json is auto-detected');
+console.log('  OpenClaw       Uses openclaw.plugin.json config');
 console.log('');
 console.log('Press Ctrl+C to stop.');
 `

package/dist/index.js

@@ -588,9 +588,6 @@ function parseInitArgs(argv) {
       case "--gemini":
         options.tools.push("gemini");
         break;
-      case "--openclaw":
-        options.tools.push("openclaw");
-        break;
       case "--help":
       case "-h":
         printHelp();
@@ -616,11 +613,10 @@ OPTIONS
 AI TOOL HOOKS (default: all)
   --claude-code       Install hooks for Claude Code
   --gemini            Install hooks for Gemini CLI
-  --openclaw          Install hooks for OpenClaw
 
 EXAMPLES
   npx @solongate/proxy init --all                          # Protect everything, all tools
-  npx @solongate/proxy init --all --claude-code --gemini   # Only Claude Code + Gemini hooks
+  npx @solongate/proxy init --all --claude-code            # Only Claude Code hooks
   npx @solongate/proxy init --all --policy policy.json     # With custom policy
 `;
   console.log(help);
@@ -629,7 +625,7 @@ function readHookScript(filename) {
   return readFileSync4(join2(HOOKS_DIR, filename), "utf-8");
 }
 function unlockProtectedDirs() {
-  const dirs = [".solongate", ".claude", ".gemini", ".openclaw"];
+  const dirs = [".solongate", ".claude", ".gemini"];
   for (const dir of dirs) {
     const fullDir = resolve3(dir);
     if (!existsSync4(fullDir)) continue;
@@ -707,8 +703,7 @@ function installHooks(selectedTools = [], wrappedMcpConfig) {
   }
   const allClients = [
     { name: "Claude Code", dir: ".claude", key: "claude-code", agentId: "claude-code", agentName: "Claude Code" },
-    { name: "Gemini CLI", dir: ".gemini", key: "gemini", agentId: "gemini-cli", agentName: "Gemini CLI" },
-    { name: "OpenClaw", dir: ".openclaw", key: "openclaw", agentId: "openclaw", agentName: "OpenClaw" }
+    { name: "Gemini CLI", dir: ".gemini", key: "gemini", agentId: "gemini-cli", agentName: "Gemini CLI" }
   ];
   const clients = selectedTools.length > 0 ? allClients.filter((c3) => selectedTools.includes(c3.key)) : allClients;
   const activatedNames = [];
@@ -723,10 +718,6 @@ function installHooks(selectedTools = [], wrappedMcpConfig) {
       const result = installGeminiConfig(clientDir, guardCmd, auditCmd, stopCmd, wrappedMcpConfig);
       if (result === "skipped") skippedNames.push(client.name);
       else activatedNames.push(client.name);
-    } else if (client.key === "openclaw") {
-      const result = installOpenClawConfig(clientDir);
-      if (result === "skipped") skippedNames.push(client.name);
-      else activatedNames.push(client.name);
     } else {
       const result = installStandardHookConfig(clientDir, client.name, guardCmd, auditCmd, stopCmd);
       if (result === "skipped") skippedNames.push(client.name);
@@ -809,40 +800,6 @@ function installGeminiConfig(clientDir, guardCmd, auditCmd, _stopCmd, wrappedMcp
   console.log(`  ${existingStr ? "Updated" : "Created"} ${settingsPath}`);
   return "installed";
 }
-function installOpenClawConfig(_clientDir) {
-  const yamlPath = resolve3("openclaw.yaml");
-  const pluginLine = "@solongate/openclaw-plugin";
-  if (existsSync4(yamlPath)) {
-    const content = readFileSync4(yamlPath, "utf-8");
-    if (content.includes(pluginLine)) {
-      return "skipped";
-    }
-    if (content.includes("plugins:")) {
-      const updated = content.replace(
-        /^(plugins:\s*\n)/m,
-        `$1  - "${pluginLine}"
-`
-      );
-      writeFileSync2(yamlPath, updated);
-    } else {
-      const separator = content.endsWith("\n") ? "" : "\n";
-      writeFileSync2(yamlPath, content + `${separator}
-plugins:
-  - "${pluginLine}"
-`);
-    }
-  } else {
-    writeFileSync2(yamlPath, `# OpenClaw configuration
-# SolonGate security plugin \u2014 manage policies at https://dashboard.solongate.com
-
-plugins:
-  - "${pluginLine}"
-`);
-  }
-  console.log(`  Updated openclaw.yaml with SolonGate plugin`);
-  console.log(`  \u2192 Run: npm install ${pluginLine}`);
-  return "installed";
-}
 function ensureEnvFile() {
   let envChanged = false;
   let gitignoreChanged = false;
@@ -883,8 +840,7 @@ SOLONGATE_API_KEY=sg_live_your_key_here
     ".mcp.json",
     ".solongate/**",
     ".claude/**",
-    ".gemini/**",
-    ".openclaw/**"
+    ".gemini/**"
   ];
   if (existsSync4(gitignorePath)) {
     let gitignore = readFileSync4(gitignorePath, "utf-8");
@@ -1121,7 +1077,7 @@ async function main() {
     console.log("  \u2502                                                 \u2502");
     console.log("  \u2502  MCP servers  \u2192 Protected via proxy             \u2502");
     console.log("  \u2502  AI tools     \u2192 Guarded via hooks               \u2502");
-    console.log("  \u2502  Claude Code, Gemini, OpenClaw                   \u2502");
+    console.log("  \u2502  Claude Code, Gemini CLI                         \u2502");
     console.log("  \u2502  API key      \u2192 Set in .env                     \u2502");
     console.log("  \u2502                                                 \u2502");
     console.log("  \u2502  View logs: https://dashboard.solongate.com     \u2502");
@@ -1662,10 +1618,8 @@ console.log('MCP servers communicate over stdin/stdout \u2014 not HTTP.');
 console.log('You need an MCP client to connect:');
 console.log('');
 console.log('  Claude Code    Open this folder, .mcp.json is auto-detected');
-console.log('  Claude Desktop Add to Settings > MCP Servers');
-console.log('  Windsurf       Open this folder, .mcp.json is auto-detected');
-console.log('  Cline          VS Code extension, add server in settings');
-console.log('  Zed            Add to settings.json under mcp_servers');
+console.log('  Gemini CLI     Open this folder, .mcp.json is auto-detected');
+console.log('  OpenClaw       Uses openclaw.plugin.json config');
 console.log('');
 console.log('Press Ctrl+C to stop.');
 `
@@ -2733,9 +2687,23 @@ var TrustLevel = {
 var Permission = {
   READ: "READ",
   WRITE: "WRITE",
-  EXECUTE: "EXECUTE"
+  EXECUTE: "EXECUTE",
+  NETWORK: "NETWORK"
 };
-var PermissionSchema = z.enum(["READ", "WRITE", "EXECUTE"]);
+var PermissionSchema = z.enum(["READ", "WRITE", "EXECUTE", "NETWORK"]);
+function guessPermission(toolName) {
+  const name = toolName.toLowerCase();
+  if (name.includes("exec") || name.includes("shell") || name.includes("run") || name.includes("eval")) {
+    return Permission.EXECUTE;
+  }
+  if (name.includes("fetch") || name.includes("http") || name.includes("request") || name.includes("curl") || name.includes("network") || name.includes("download") || name.includes("upload")) {
+    return Permission.NETWORK;
+  }
+  if (name.includes("write") || name.includes("create") || name.includes("delete") || name.includes("update") || name.includes("set") || name.includes("edit") || name.includes("remove") || name.includes("insert")) {
+    return Permission.WRITE;
+  }
+  return Permission.READ;
+}
 var NO_PERMISSIONS = Object.freeze(
   /* @__PURE__ */ new Set()
 );
@@ -4617,7 +4585,7 @@ async function interceptToolCall(params, upstreamCall, options) {
     toolName: params.name,
     serverName: "default",
     arguments: params.arguments ?? {},
-    requiredPermission: Permission.EXECUTE,
+    requiredPermission: guessPermission(params.name),
     timestamp
   };
   if (options.rateLimiter) {
@@ -6527,14 +6495,7 @@ ${msg.content.text}`;
    * Guess tool permissions from tool name.
    */
   guessPermissions(toolName) {
-    const name = toolName.toLowerCase();
-    if (name.includes("exec") || name.includes("shell") || name.includes("run") || name.includes("eval")) {
-      return ["EXECUTE"];
-    }
-    if (name.includes("write") || name.includes("create") || name.includes("delete") || name.includes("update") || name.includes("set")) {
-      return ["WRITE"];
-    }
-    return ["READ"];
+    return [guessPermission(toolName)];
   }
   /**
    * Register the upstream MCP server to the SolonGate Cloud API.

package/dist/init.js

@@ -169,9 +169,6 @@ function parseInitArgs(argv) {
       case "--gemini":
         options.tools.push("gemini");
         break;
-      case "--openclaw":
-        options.tools.push("openclaw");
-        break;
       case "--help":
       case "-h":
         printHelp();
@@ -197,11 +194,10 @@ OPTIONS
 AI TOOL HOOKS (default: all)
   --claude-code       Install hooks for Claude Code
   --gemini            Install hooks for Gemini CLI
-  --openclaw          Install hooks for OpenClaw
 
 EXAMPLES
   npx @solongate/proxy init --all                          # Protect everything, all tools
-  npx @solongate/proxy init --all --claude-code --gemini   # Only Claude Code + Gemini hooks
+  npx @solongate/proxy init --all --claude-code            # Only Claude Code hooks
   npx @solongate/proxy init --all --policy policy.json     # With custom policy
 `;
   console.log(help);
@@ -212,7 +208,7 @@ function readHookScript(filename) {
   return readFileSync(join(HOOKS_DIR, filename), "utf-8");
 }
 function unlockProtectedDirs() {
-  const dirs = [".solongate", ".claude", ".gemini", ".openclaw"];
+  const dirs = [".solongate", ".claude", ".gemini"];
   for (const dir of dirs) {
     const fullDir = resolve(dir);
     if (!existsSync(fullDir)) continue;
@@ -290,8 +286,7 @@ function installHooks(selectedTools = [], wrappedMcpConfig) {
   }
   const allClients = [
     { name: "Claude Code", dir: ".claude", key: "claude-code", agentId: "claude-code", agentName: "Claude Code" },
-    { name: "Gemini CLI", dir: ".gemini", key: "gemini", agentId: "gemini-cli", agentName: "Gemini CLI" },
-    { name: "OpenClaw", dir: ".openclaw", key: "openclaw", agentId: "openclaw", agentName: "OpenClaw" }
+    { name: "Gemini CLI", dir: ".gemini", key: "gemini", agentId: "gemini-cli", agentName: "Gemini CLI" }
   ];
   const clients = selectedTools.length > 0 ? allClients.filter((c2) => selectedTools.includes(c2.key)) : allClients;
   const activatedNames = [];
@@ -306,10 +301,6 @@ function installHooks(selectedTools = [], wrappedMcpConfig) {
       const result = installGeminiConfig(clientDir, guardCmd, auditCmd, stopCmd, wrappedMcpConfig);
       if (result === "skipped") skippedNames.push(client.name);
       else activatedNames.push(client.name);
-    } else if (client.key === "openclaw") {
-      const result = installOpenClawConfig(clientDir);
-      if (result === "skipped") skippedNames.push(client.name);
-      else activatedNames.push(client.name);
     } else {
       const result = installStandardHookConfig(clientDir, client.name, guardCmd, auditCmd, stopCmd);
       if (result === "skipped") skippedNames.push(client.name);
@@ -392,40 +383,6 @@ function installGeminiConfig(clientDir, guardCmd, auditCmd, _stopCmd, wrappedMcp
   console.log(`  ${existingStr ? "Updated" : "Created"} ${settingsPath}`);
   return "installed";
 }
-function installOpenClawConfig(_clientDir) {
-  const yamlPath = resolve("openclaw.yaml");
-  const pluginLine = "@solongate/openclaw-plugin";
-  if (existsSync(yamlPath)) {
-    const content = readFileSync(yamlPath, "utf-8");
-    if (content.includes(pluginLine)) {
-      return "skipped";
-    }
-    if (content.includes("plugins:")) {
-      const updated = content.replace(
-        /^(plugins:\s*\n)/m,
-        `$1  - "${pluginLine}"
-`
-      );
-      writeFileSync(yamlPath, updated);
-    } else {
-      const separator = content.endsWith("\n") ? "" : "\n";
-      writeFileSync(yamlPath, content + `${separator}
-plugins:
-  - "${pluginLine}"
-`);
-    }
-  } else {
-    writeFileSync(yamlPath, `# OpenClaw configuration
-# SolonGate security plugin \u2014 manage policies at https://dashboard.solongate.com
-
-plugins:
-  - "${pluginLine}"
-`);
-  }
-  console.log(`  Updated openclaw.yaml with SolonGate plugin`);
-  console.log(`  \u2192 Run: npm install ${pluginLine}`);
-  return "installed";
-}
 function ensureEnvFile() {
   let envChanged = false;
   let gitignoreChanged = false;
@@ -466,8 +423,7 @@ SOLONGATE_API_KEY=sg_live_your_key_here
     ".mcp.json",
     ".solongate/**",
     ".claude/**",
-    ".gemini/**",
-    ".openclaw/**"
+    ".gemini/**"
   ];
   if (existsSync(gitignorePath)) {
     let gitignore = readFileSync(gitignorePath, "utf-8");
@@ -704,7 +660,7 @@ async function main() {
     console.log("  \u2502                                                 \u2502");
     console.log("  \u2502  MCP servers  \u2192 Protected via proxy             \u2502");
     console.log("  \u2502  AI tools     \u2192 Guarded via hooks               \u2502");
-    console.log("  \u2502  Claude Code, Gemini, OpenClaw                   \u2502");
+    console.log("  \u2502  Claude Code, Gemini CLI                         \u2502");
     console.log("  \u2502  API key      \u2192 Set in .env                     \u2502");
     console.log("  \u2502                                                 \u2502");
     console.log("  \u2502  View logs: https://dashboard.solongate.com     \u2502");

package/dist/lib.js

@@ -634,9 +634,23 @@ var TrustLevel = {
 var Permission = {
   READ: "READ",
   WRITE: "WRITE",
-  EXECUTE: "EXECUTE"
+  EXECUTE: "EXECUTE",
+  NETWORK: "NETWORK"
 };
-var PermissionSchema = z.enum(["READ", "WRITE", "EXECUTE"]);
+var PermissionSchema = z.enum(["READ", "WRITE", "EXECUTE", "NETWORK"]);
+function guessPermission(toolName) {
+  const name = toolName.toLowerCase();
+  if (name.includes("exec") || name.includes("shell") || name.includes("run") || name.includes("eval")) {
+    return Permission.EXECUTE;
+  }
+  if (name.includes("fetch") || name.includes("http") || name.includes("request") || name.includes("curl") || name.includes("network") || name.includes("download") || name.includes("upload")) {
+    return Permission.NETWORK;
+  }
+  if (name.includes("write") || name.includes("create") || name.includes("delete") || name.includes("update") || name.includes("set") || name.includes("edit") || name.includes("remove") || name.includes("insert")) {
+    return Permission.WRITE;
+  }
+  return Permission.READ;
+}
 var NO_PERMISSIONS = Object.freeze(
   /* @__PURE__ */ new Set()
 );
@@ -2694,7 +2708,7 @@ async function interceptToolCall(params, upstreamCall, options) {
     toolName: params.name,
     serverName: "default",
     arguments: params.arguments ?? {},
-    requiredPermission: Permission.EXECUTE,
+    requiredPermission: guessPermission(params.name),
     timestamp
   };
   if (options.rateLimiter) {
@@ -4807,14 +4821,7 @@ ${msg.content.text}`;
    * Guess tool permissions from tool name.
    */
   guessPermissions(toolName) {
-    const name = toolName.toLowerCase();
-    if (name.includes("exec") || name.includes("shell") || name.includes("run") || name.includes("eval")) {
-      return ["EXECUTE"];
-    }
-    if (name.includes("write") || name.includes("create") || name.includes("delete") || name.includes("update") || name.includes("set")) {
-      return ["WRITE"];
-    }
-    return ["READ"];
+    return [guessPermission(toolName)];
   }
   /**
    * Register the upstream MCP server to the SolonGate Cloud API.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@solongate/proxy",
-  "version": "0.40.0",
+  "version": "0.42.0",
   "description": "AI tool security proxy — protect any AI tool server with customizable policies, path/command constraints, rate limiting, and audit logging. Zero code changes required.",
   "type": "module",
   "bin": {