npm - @solongate/proxy - Versions diffs - 0.6.4 → 0.6.6 - Mend

@solongate/proxy 0.6.4 → 0.6.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -955,13 +955,31 @@ var init_init = __esm({
  * SolonGate Policy Guard Hook (PreToolUse)
  * Reads policy.json and blocks tool calls that violate constraints.
  * Exit code 2 = BLOCK, exit code 0 = ALLOW.
+ * Logs ALL decisions (ALLOW + DENY) to SolonGate Cloud.
  * Auto-installed by: npx @solongate/proxy init
  */
-import { readFileSync } from 'node:fs';
+import { readFileSync, existsSync } from 'node:fs';
 import { resolve } from 'node:path';
-const API_KEY = process.env.SOLONGATE_API_KEY || '';
-const API_URL = process.env.SOLONGATE_API_URL || 'https://api.solongate.com';
+// \u2500\u2500 Load API key from .env file (Claude Code doesn't load .env into process.env) \u2500\u2500
+function loadEnvKey(dir) {
+  try {
+    const envPath = resolve(dir, '.env');
+    if (!existsSync(envPath)) return {};
+    const lines = readFileSync(envPath, 'utf-8').split('\\n');
+    const env = {};
+    for (const line of lines) {
+      const m = line.match(/^([A-Z_]+)=(.*)$/);
+      if (m) env[m[1]] = m[2].replace(/^["']|["']$/g, '').trim();
+    }
+    return env;
+  } catch { return {}; }
+}
+const hookCwdEarly = process.cwd();
+const dotenv = loadEnvKey(hookCwdEarly);
+const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
+const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
 // \u2500\u2500 Glob Matching \u2500\u2500
 function matchGlob(str, pattern) {
@@ -1135,7 +1153,7 @@ process.stdin.on('end', async () => {
     // \u2500\u2500 Self-protection: block access to hook files and settings \u2500\u2500
     const allStrings = scanStrings(args).map(s => s.replace(/\\\\/g, '/').toLowerCase());
-    const protectedPaths = ['.solongate', '.claude/settings.json', '.cursor/settings.json', 'policy.json'];
+    const protectedPaths = ['.solongate', '.claude', '.cursor', 'policy.json', '.mcp.json'];
     for (const s of allStrings) {
       for (const p of protectedPaths) {
         if (s.includes(p)) {
@@ -1157,21 +1175,25 @@ process.stdin.on('end', async () => {
     }
     const reason = evaluate(policy, args);
+    const decision = reason ? 'DENY' : 'ALLOW';
+    // \u2500\u2500 Log ALL decisions to SolonGate Cloud \u2500\u2500
+    if (API_KEY && API_KEY.startsWith('sg_live_')) {
+      try {
+        await fetch(API_URL + '/api/v1/audit-logs', {
+          method: 'POST',
+          headers: { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' },
+          body: JSON.stringify({
+            tool: data.tool_name || '', arguments: args,
+            decision, reason: reason || 'allowed by policy',
+            source: 'claude-code-guard',
+          }),
+          signal: AbortSignal.timeout(3000),
+        });
+      } catch {}
+    }
     if (reason) {
-      if (API_KEY && API_KEY.startsWith('sg_live_')) {
-        try {
-          await fetch(API_URL + '/api/v1/audit-logs', {
-            method: 'POST',
-            headers: { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' },
-            body: JSON.stringify({
-              tool: data.tool_name || '', arguments: args,
-              decision: 'DENY', reason, source: 'claude-code-guard',
-            }),
-            signal: AbortSignal.timeout(3000),
-          });
-        } catch {}
-      }
       process.stderr.write(reason);
       process.exit(2);
     }
@@ -1182,12 +1204,29 @@ process.stdin.on('end', async () => {
     AUDIT_SCRIPT = `#!/usr/bin/env node
 /**
  * SolonGate Audit Hook for Claude Code (PostToolUse)
- * Logs ALL tool calls to SolonGate Cloud after execution.
+ * Logs tool execution results to SolonGate Cloud.
  * Auto-installed by: npx @solongate/proxy init
  */
+import { readFileSync, existsSync } from 'node:fs';
+import { resolve } from 'node:path';
+function loadEnvKey(dir) {
+  try {
+    const envPath = resolve(dir, '.env');
+    if (!existsSync(envPath)) return {};
+    const lines = readFileSync(envPath, 'utf-8').split('\\n');
+    const env = {};
+    for (const line of lines) {
+      const m = line.match(/^([A-Z_]+)=(.*)$/);
+      if (m) env[m[1]] = m[2].replace(/^["']|["']$/g, '').trim();
+    }
+    return env;
+  } catch { return {}; }
+}
-const API_KEY = process.env.SOLONGATE_API_KEY || '';
-const API_URL = process.env.SOLONGATE_API_URL || 'https://api.solongate.com';
+const dotenv = loadEnvKey(process.cwd());
+const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
+const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
 if (!API_KEY || !API_KEY.startsWith('sg_live_')) process.exit(0);

package/dist/init.js CHANGED Viewed

@@ -144,13 +144,31 @@ var GUARD_SCRIPT = `#!/usr/bin/env node
  * SolonGate Policy Guard Hook (PreToolUse)
  * Reads policy.json and blocks tool calls that violate constraints.
  * Exit code 2 = BLOCK, exit code 0 = ALLOW.
+ * Logs ALL decisions (ALLOW + DENY) to SolonGate Cloud.
  * Auto-installed by: npx @solongate/proxy init
  */
-import { readFileSync } from 'node:fs';
+import { readFileSync, existsSync } from 'node:fs';
 import { resolve } from 'node:path';
-const API_KEY = process.env.SOLONGATE_API_KEY || '';
-const API_URL = process.env.SOLONGATE_API_URL || 'https://api.solongate.com';
+// \u2500\u2500 Load API key from .env file (Claude Code doesn't load .env into process.env) \u2500\u2500
+function loadEnvKey(dir) {
+  try {
+    const envPath = resolve(dir, '.env');
+    if (!existsSync(envPath)) return {};
+    const lines = readFileSync(envPath, 'utf-8').split('\\n');
+    const env = {};
+    for (const line of lines) {
+      const m = line.match(/^([A-Z_]+)=(.*)$/);
+      if (m) env[m[1]] = m[2].replace(/^["']|["']$/g, '').trim();
+    }
+    return env;
+  } catch { return {}; }
+}
+const hookCwdEarly = process.cwd();
+const dotenv = loadEnvKey(hookCwdEarly);
+const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
+const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
 // \u2500\u2500 Glob Matching \u2500\u2500
 function matchGlob(str, pattern) {
@@ -324,7 +342,7 @@ process.stdin.on('end', async () => {
     // \u2500\u2500 Self-protection: block access to hook files and settings \u2500\u2500
     const allStrings = scanStrings(args).map(s => s.replace(/\\\\/g, '/').toLowerCase());
-    const protectedPaths = ['.solongate', '.claude/settings.json', '.cursor/settings.json', 'policy.json'];
+    const protectedPaths = ['.solongate', '.claude', '.cursor', 'policy.json', '.mcp.json'];
     for (const s of allStrings) {
       for (const p of protectedPaths) {
         if (s.includes(p)) {
@@ -346,21 +364,25 @@ process.stdin.on('end', async () => {
     }
     const reason = evaluate(policy, args);
+    const decision = reason ? 'DENY' : 'ALLOW';
+    // \u2500\u2500 Log ALL decisions to SolonGate Cloud \u2500\u2500
+    if (API_KEY && API_KEY.startsWith('sg_live_')) {
+      try {
+        await fetch(API_URL + '/api/v1/audit-logs', {
+          method: 'POST',
+          headers: { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' },
+          body: JSON.stringify({
+            tool: data.tool_name || '', arguments: args,
+            decision, reason: reason || 'allowed by policy',
+            source: 'claude-code-guard',
+          }),
+          signal: AbortSignal.timeout(3000),
+        });
+      } catch {}
+    }
     if (reason) {
-      if (API_KEY && API_KEY.startsWith('sg_live_')) {
-        try {
-          await fetch(API_URL + '/api/v1/audit-logs', {
-            method: 'POST',
-            headers: { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' },
-            body: JSON.stringify({
-              tool: data.tool_name || '', arguments: args,
-              decision: 'DENY', reason, source: 'claude-code-guard',
-            }),
-            signal: AbortSignal.timeout(3000),
-          });
-        } catch {}
-      }
       process.stderr.write(reason);
       process.exit(2);
     }
@@ -371,12 +393,29 @@ process.stdin.on('end', async () => {
 var AUDIT_SCRIPT = `#!/usr/bin/env node
 /**
  * SolonGate Audit Hook for Claude Code (PostToolUse)
- * Logs ALL tool calls to SolonGate Cloud after execution.
+ * Logs tool execution results to SolonGate Cloud.
  * Auto-installed by: npx @solongate/proxy init
  */
+import { readFileSync, existsSync } from 'node:fs';
+import { resolve } from 'node:path';
+function loadEnvKey(dir) {
+  try {
+    const envPath = resolve(dir, '.env');
+    if (!existsSync(envPath)) return {};
+    const lines = readFileSync(envPath, 'utf-8').split('\\n');
+    const env = {};
+    for (const line of lines) {
+      const m = line.match(/^([A-Z_]+)=(.*)$/);
+      if (m) env[m[1]] = m[2].replace(/^["']|["']$/g, '').trim();
+    }
+    return env;
+  } catch { return {}; }
+}
-const API_KEY = process.env.SOLONGATE_API_KEY || '';
-const API_URL = process.env.SOLONGATE_API_URL || 'https://api.solongate.com';
+const dotenv = loadEnvKey(process.cwd());
+const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
+const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
 if (!API_KEY || !API_KEY.startsWith('sg_live_')) process.exit(0);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@solongate/proxy",
-  "version": "0.6.4",
+  "version": "0.6.6",
   "description": "MCP security proxy — protect any MCP server with customizable policies, path/command constraints, rate limiting, and audit logging. Zero code changes required.",
   "type": "module",
   "bin": {