@solongate/proxy 0.42.1 → 0.42.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/hooks/audit.mjs +9 -0
- package/hooks/guard.mjs +12 -0
- package/package.json +1 -1
package/hooks/audit.mjs
CHANGED
|
@@ -21,6 +21,14 @@ function loadEnvKey(dir) {
|
|
|
21
21
|
} catch { return {}; }
|
|
22
22
|
}
|
|
23
23
|
|
|
24
|
+
function guessPermission(toolName) {
|
|
25
|
+
const name = (toolName || '').toLowerCase();
|
|
26
|
+
if (name.includes('exec') || name.includes('shell') || name.includes('run') || name.includes('eval') || name === 'bash') return 'EXECUTE';
|
|
27
|
+
if (name.includes('fetch') || name.includes('http') || name.includes('request') || name.includes('curl') || name.includes('network') || name.includes('download') || name.includes('upload') || name === 'websearch') return 'NETWORK';
|
|
28
|
+
if (name.includes('write') || name.includes('create') || name.includes('delete') || name.includes('update') || name.includes('set') || name.includes('edit') || name.includes('remove') || name.includes('insert')) return 'WRITE';
|
|
29
|
+
return 'READ';
|
|
30
|
+
}
|
|
31
|
+
|
|
24
32
|
const dotenv = loadEnvKey(process.cwd());
|
|
25
33
|
const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
|
|
26
34
|
const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
|
|
@@ -102,6 +110,7 @@ process.stdin.on('end', async () => {
|
|
|
102
110
|
arguments: argsSummary,
|
|
103
111
|
decision: hasError ? 'DENY' : 'ALLOW',
|
|
104
112
|
reason: guardDenied ? 'blocked by policy guard' : hasError ? 'tool returned error' : 'allowed',
|
|
113
|
+
permission: guessPermission(toolName),
|
|
105
114
|
source: `${AGENT_ID}-hook`,
|
|
106
115
|
evaluationTimeMs: 0,
|
|
107
116
|
agent_id: AGENT_ID,
|
package/hooks/guard.mjs
CHANGED
|
@@ -35,6 +35,14 @@ function loadEnvKey(dir) {
|
|
|
35
35
|
} catch { return {}; }
|
|
36
36
|
}
|
|
37
37
|
|
|
38
|
+
function guessPermission(toolName) {
|
|
39
|
+
const name = (toolName || '').toLowerCase();
|
|
40
|
+
if (name.includes('exec') || name.includes('shell') || name.includes('run') || name.includes('eval') || name === 'bash') return 'EXECUTE';
|
|
41
|
+
if (name.includes('fetch') || name.includes('http') || name.includes('request') || name.includes('curl') || name.includes('network') || name.includes('download') || name.includes('upload') || name === 'websearch') return 'NETWORK';
|
|
42
|
+
if (name.includes('write') || name.includes('create') || name.includes('delete') || name.includes('update') || name.includes('set') || name.includes('edit') || name.includes('remove') || name.includes('insert')) return 'WRITE';
|
|
43
|
+
return 'READ';
|
|
44
|
+
}
|
|
45
|
+
|
|
38
46
|
const hookCwdEarly = process.cwd();
|
|
39
47
|
const dotenv = loadEnvKey(hookCwdEarly);
|
|
40
48
|
const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
|
|
@@ -407,6 +415,7 @@ process.stdin.on('end', async () => {
|
|
|
407
415
|
body: JSON.stringify({
|
|
408
416
|
tool: data.tool_name || '', arguments: args,
|
|
409
417
|
decision: 'DENY', reason,
|
|
418
|
+
permission: guessPermission(data.tool_name || ''),
|
|
410
419
|
source: `${AGENT_ID}-guard`,
|
|
411
420
|
agent_id: AGENT_ID, agent_name: AGENT_NAME,
|
|
412
421
|
}),
|
|
@@ -1054,6 +1063,7 @@ process.stdin.on('end', async () => {
|
|
|
1054
1063
|
arguments: args,
|
|
1055
1064
|
decision: isLogOnly ? 'ALLOW' : 'DENY',
|
|
1056
1065
|
reason: msg,
|
|
1066
|
+
permission: guessPermission(toolName),
|
|
1057
1067
|
source: `${AGENT_ID}-guard`,
|
|
1058
1068
|
agent_id: AGENT_ID, agent_name: AGENT_NAME,
|
|
1059
1069
|
pi_detected: true,
|
|
@@ -1115,6 +1125,7 @@ process.stdin.on('end', async () => {
|
|
|
1115
1125
|
arguments: args,
|
|
1116
1126
|
decision: 'ALLOW',
|
|
1117
1127
|
reason: 'Prompt injection detected but below threshold (trust: ' + (piResult.trustScore * 100).toFixed(0) + '%)',
|
|
1128
|
+
permission: guessPermission(toolName),
|
|
1118
1129
|
source: `${AGENT_ID}-guard`,
|
|
1119
1130
|
agent_id: AGENT_ID, agent_name: AGENT_NAME,
|
|
1120
1131
|
pi_detected: true,
|
|
@@ -1302,6 +1313,7 @@ Respond with ONLY valid JSON: {"decision": "ALLOW" or "DENY", "reason": "brief e
|
|
|
1302
1313
|
const logEntry = {
|
|
1303
1314
|
tool: toolName, arguments: args,
|
|
1304
1315
|
decision: 'DENY', reason,
|
|
1316
|
+
permission: guessPermission(toolName),
|
|
1305
1317
|
source: `${AGENT_ID}-guard`,
|
|
1306
1318
|
agent_id: AGENT_ID, agent_name: AGENT_NAME,
|
|
1307
1319
|
};
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@solongate/proxy",
|
|
3
|
-
"version": "0.42.
|
|
3
|
+
"version": "0.42.2",
|
|
4
4
|
"description": "AI tool security proxy — protect any AI tool server with customizable policies, path/command constraints, rate limiting, and audit logging. Zero code changes required.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|