npm - @solongate/proxy - Versions diffs - 0.6.8 → 0.8.0 - Mend

@solongate/proxy 0.6.8 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.js CHANGED Viewed

@@ -65,19 +65,16 @@ async function sendAuditLog(apiKey, apiUrl, entry) {
 }
 function loadPolicy(source) {
   if (typeof source === "object") return source;
-  if (PRESETS[source]) return PRESETS[source];
   const filePath = resolve(source);
   if (existsSync(filePath)) {
     const content = readFileSync(filePath, "utf-8");
     return JSON.parse(content);
   }
-  throw new Error(
-    `Unknown policy "${source}". Use a preset (${Object.keys(PRESETS).join(", ")}), a JSON file path, or a PolicySet object.`
-  );
+  return DEFAULT_POLICY;
 }
 function parseArgs(argv) {
   const args = argv.slice(2);
-  let policySource = "restricted";
+  let policySource;
   let name = "solongate-proxy";
   let verbose = false;
   let rateLimitPerTool;
@@ -159,7 +156,7 @@ function parseArgs(argv) {
       "Invalid API key format. Keys must start with 'sg_live_' or 'sg_test_'.\nGet your API key at https://solongate.com\n"
     );
   }
-  const resolvedPolicyPath = resolvePolicyPath(policySource);
+  const resolvedPolicyPath = policySource ? resolvePolicyPath(policySource) : null;
   if (configFile) {
     const filePath = resolve(configFile);
     const content = readFileSync(filePath, "utf-8");
@@ -167,7 +164,7 @@ function parseArgs(argv) {
     if (!fileConfig.upstream) {
       throw new Error('Config file must include "upstream" with at least "command" or "url"');
     }
-    const cfgPolicySource = fileConfig.policy ?? policySource;
+    const cfgPolicySource = fileConfig.policy ?? policySource ?? "policy.json";
     return {
       upstream: fileConfig.upstream,
       policy: loadPolicy(cfgPolicySource),
@@ -191,7 +188,7 @@ function parseArgs(argv) {
         // not used for URL-based transports
         url: upstreamUrl
       },
-      policy: loadPolicy(policySource),
+      policy: loadPolicy(policySource ?? "policy.json"),
       name,
       verbose,
       rateLimitPerTool,
@@ -205,7 +202,7 @@ function parseArgs(argv) {
   }
   if (upstreamArgs.length === 0) {
     throw new Error(
-      "No upstream server command provided.\n\nUsage: solongate-proxy [options] -- <command> [args...]\n\nExamples:\n  solongate-proxy -- node my-server.js\n  solongate-proxy --policy restricted -- npx @playwright/mcp@latest\n  solongate-proxy --upstream-url http://localhost:3001/mcp\n  solongate-proxy --config solongate.json\n"
+      "No upstream server command provided.\n\nUsage: solongate-proxy [options] -- <command> [args...]\n\nExamples:\n  solongate-proxy -- node my-server.js\n  solongate-proxy --policy ./policy.json -- npx @playwright/mcp@latest\n  solongate-proxy --upstream-url http://localhost:3001/mcp\n  solongate-proxy --config solongate.json\n"
     );
   }
   const [command, ...commandArgs] = upstreamArgs;
@@ -216,7 +213,7 @@ function parseArgs(argv) {
       args: commandArgs,
       env: { ...process.env }
     },
-    policy: loadPolicy(policySource),
+    policy: loadPolicy(policySource ?? "policy.json"),
     name,
     verbose,
     rateLimitPerTool,
@@ -229,303 +226,22 @@ function parseArgs(argv) {
   };
 }
 function resolvePolicyPath(source) {
-  if (PRESETS[source]) return null;
   const filePath = resolve(source);
   if (existsSync(filePath)) return filePath;
   return null;
 }
-var PRESETS;
+var DEFAULT_POLICY;
 var init_config = __esm({
   "src/config.ts"() {
     "use strict";
-    PRESETS = {
-      restricted: {
-        id: "restricted",
-        name: "Restricted",
-        description: "Blocks dangerous commands (rm -rf, curl|bash, dd, etc.), allows safe tools with path restrictions",
-        version: 1,
-        rules: [
-          {
-            id: "deny-dangerous-commands",
-            description: "Block dangerous shell commands",
-            effect: "DENY",
-            priority: 50,
-            toolPattern: "*",
-            permission: "EXECUTE",
-            minimumTrustLevel: "UNTRUSTED",
-            enabled: true,
-            commandConstraints: {
-              denied: [
-                "rm -rf *",
-                "rm -r /*",
-                "mkfs*",
-                "dd if=*",
-                "curl*|*bash*",
-                "curl*|*sh*",
-                "wget*|*bash*",
-                "wget*|*sh*",
-                "shutdown*",
-                "reboot*",
-                "kill -9*",
-                "chmod*777*",
-                "iptables*",
-                "passwd*",
-                "useradd*",
-                "userdel*"
-              ]
-            },
-            createdAt: "",
-            updatedAt: ""
-          },
-          {
-            id: "deny-sensitive-paths",
-            description: "Block access to sensitive files",
-            effect: "DENY",
-            priority: 51,
-            toolPattern: "*",
-            permission: "EXECUTE",
-            minimumTrustLevel: "UNTRUSTED",
-            enabled: true,
-            pathConstraints: {
-              denied: [
-                "**/.env*",
-                "**/.ssh/**",
-                "**/.aws/**",
-                "**/.kube/**",
-                "**/credentials*",
-                "**/secrets*",
-                "**/*.pem",
-                "**/*.key",
-                "/etc/passwd",
-                "/etc/shadow",
-                "/proc/**",
-                "/dev/**"
-              ]
-            },
-            createdAt: "",
-            updatedAt: ""
-          },
-          {
-            id: "allow-rest",
-            description: "Allow all other tool calls",
-            effect: "ALLOW",
-            priority: 1e3,
-            toolPattern: "*",
-            permission: "EXECUTE",
-            minimumTrustLevel: "UNTRUSTED",
-            enabled: true,
-            createdAt: "",
-            updatedAt: ""
-          }
-        ],
-        createdAt: "",
-        updatedAt: ""
-      },
-      "read-only": {
-        id: "read-only",
-        name: "Read Only",
-        description: "Only allows read/list/get/search/query tools",
-        version: 1,
-        rules: [
-          {
-            id: "allow-read",
-            description: "Allow read tools",
-            effect: "ALLOW",
-            priority: 100,
-            toolPattern: "*read*",
-            permission: "EXECUTE",
-            minimumTrustLevel: "UNTRUSTED",
-            enabled: true,
-            createdAt: "",
-            updatedAt: ""
-          },
-          {
-            id: "allow-list",
-            description: "Allow list tools",
-            effect: "ALLOW",
-            priority: 101,
-            toolPattern: "*list*",
-            permission: "EXECUTE",
-            minimumTrustLevel: "UNTRUSTED",
-            enabled: true,
-            createdAt: "",
-            updatedAt: ""
-          },
-          {
-            id: "allow-get",
-            description: "Allow get tools",
-            effect: "ALLOW",
-            priority: 102,
-            toolPattern: "*get*",
-            permission: "EXECUTE",
-            minimumTrustLevel: "UNTRUSTED",
-            enabled: true,
-            createdAt: "",
-            updatedAt: ""
-          },
-          {
-            id: "allow-search",
-            description: "Allow search tools",
-            effect: "ALLOW",
-            priority: 103,
-            toolPattern: "*search*",
-            permission: "EXECUTE",
-            minimumTrustLevel: "UNTRUSTED",
-            enabled: true,
-            createdAt: "",
-            updatedAt: ""
-          },
-          {
-            id: "allow-query",
-            description: "Allow query tools",
-            effect: "ALLOW",
-            priority: 104,
-            toolPattern: "*query*",
-            permission: "EXECUTE",
-            minimumTrustLevel: "UNTRUSTED",
-            enabled: true,
-            createdAt: "",
-            updatedAt: ""
-          }
-        ],
-        createdAt: "",
-        updatedAt: ""
-      },
-      sandbox: {
-        id: "sandbox",
-        name: "Sandbox",
-        description: "Allows file ops within working directory only, blocks dangerous commands, allows safe shell commands",
-        version: 1,
-        rules: [
-          {
-            id: "deny-dangerous-commands",
-            description: "Block dangerous shell commands",
-            effect: "DENY",
-            priority: 50,
-            toolPattern: "*",
-            permission: "EXECUTE",
-            minimumTrustLevel: "UNTRUSTED",
-            enabled: true,
-            commandConstraints: {
-              denied: [
-                "rm -rf *",
-                "rm -r /*",
-                "mkfs*",
-                "dd if=*",
-                "curl*|*bash*",
-                "wget*|*sh*",
-                "shutdown*",
-                "reboot*",
-                "chmod*777*"
-              ]
-            },
-            createdAt: "",
-            updatedAt: ""
-          },
-          {
-            id: "allow-safe-commands",
-            description: "Allow safe shell commands only",
-            effect: "ALLOW",
-            priority: 100,
-            toolPattern: "*shell*",
-            permission: "EXECUTE",
-            minimumTrustLevel: "UNTRUSTED",
-            enabled: true,
-            commandConstraints: {
-              allowed: [
-                "ls*",
-                "cat*",
-                "head*",
-                "tail*",
-                "wc*",
-                "grep*",
-                "find*",
-                "echo*",
-                "pwd",
-                "whoami",
-                "date",
-                "env",
-                "git*",
-                "npm*",
-                "pnpm*",
-                "yarn*",
-                "node*",
-                "python*",
-                "pip*"
-              ]
-            },
-            createdAt: "",
-            updatedAt: ""
-          },
-          {
-            id: "deny-sensitive-paths",
-            description: "Block access to sensitive files",
-            effect: "DENY",
-            priority: 51,
-            toolPattern: "*",
-            permission: "EXECUTE",
-            minimumTrustLevel: "UNTRUSTED",
-            enabled: true,
-            pathConstraints: {
-              denied: [
-                "**/.env*",
-                "**/.ssh/**",
-                "**/.aws/**",
-                "**/credentials*",
-                "**/*.pem",
-                "**/*.key"
-              ]
-            },
-            createdAt: "",
-            updatedAt: ""
-          },
-          {
-            id: "allow-rest",
-            description: "Allow all other tools",
-            effect: "ALLOW",
-            priority: 1e3,
-            toolPattern: "*",
-            permission: "EXECUTE",
-            minimumTrustLevel: "UNTRUSTED",
-            enabled: true,
-            createdAt: "",
-            updatedAt: ""
-          }
-        ],
-        createdAt: "",
-        updatedAt: ""
-      },
-      permissive: {
-        id: "permissive",
-        name: "Permissive",
-        description: "Allows all tool calls (monitoring only)",
-        version: 1,
-        rules: [
-          {
-            id: "allow-all",
-            description: "Allow all",
-            effect: "ALLOW",
-            priority: 1e3,
-            toolPattern: "*",
-            permission: "EXECUTE",
-            minimumTrustLevel: "UNTRUSTED",
-            enabled: true,
-            createdAt: "",
-            updatedAt: ""
-          }
-        ],
-        createdAt: "",
-        updatedAt: ""
-      },
-      "deny-all": {
-        id: "deny-all",
-        name: "Deny All",
-        description: "Blocks all tool calls",
-        version: 1,
-        rules: [],
-        createdAt: "",
-        updatedAt: ""
-      }
+    DEFAULT_POLICY = {
+      id: "default",
+      name: "Default (Deny All)",
+      description: "Default-deny policy. Create rules in the dashboard or push a policy.json.",
+      version: 1,
+      rules: [],
+      createdAt: "",
+      updatedAt: ""
     };
   }
 });
@@ -591,18 +307,14 @@ function isAlreadyProtected(server) {
 function wrapServer(server, policy) {
   const env = { ...server.env ?? {} };
   env.SOLONGATE_API_KEY = "${SOLONGATE_API_KEY}";
+  const proxyArgs = ["-y", "@solongate/proxy"];
+  if (policy) {
+    proxyArgs.push("--policy", policy);
+  }
+  proxyArgs.push("--verbose", "--", server.command, ...server.args ?? []);
   return {
     command: "npx",
-    args: [
-      "-y",
-      "@solongate/proxy",
-      "--policy",
-      policy,
-      "--verbose",
-      "--",
-      server.command,
-      ...server.args ?? []
-    ],
+    args: proxyArgs,
     env
   };
 }
@@ -651,8 +363,7 @@ USAGE
 OPTIONS
   --config <path>     Path to MCP config file (default: auto-detect)
-  --policy <file>     Custom policy JSON file (default: restricted)
-                      Auto-detects policy.json in current directory
+  --policy <file>     Custom policy JSON file (auto-detects policy.json)
   --api-key <key>     SolonGate API key (sg_live_... or sg_test_...)
   --all               Protect all servers without prompting
   -h, --help          Show this help message
@@ -870,7 +581,7 @@ async function main() {
     console.log("  Invalid API key format. Must start with sg_live_ or sg_test_");
     process.exit(1);
   }
-  let policyValue = "restricted";
+  let policyValue;
   if (options.policy) {
     const policyPath = resolve2(options.policy);
     if (existsSync3(policyPath)) {
@@ -886,7 +597,7 @@ async function main() {
       policyValue = "./policy.json";
       console.log(`  Policy:  ${defaultPolicy} (auto-detected)`);
     } else {
-      console.log(`  Policy:  restricted (default)`);
+      console.log(`  Policy:  cloud-managed (fetched via API key)`);
     }
   }
   await sleep(300);
@@ -1726,7 +1437,7 @@ function parseCreateArgs(argv) {
   const args = argv.slice(2);
   const opts = {
     name: "",
-    policy: "restricted",
+    policy: "",
     noInstall: false
   };
   for (let i = 0; i < args.length; i++) {
@@ -1769,13 +1480,13 @@ USAGE
   npx @solongate/proxy create <name> [options]
 OPTIONS
-  --policy <preset>   Policy preset (default: restricted)
+  --policy <file>     Policy JSON file (default: cloud-managed)
   --no-install        Skip dependency installation
   -h, --help          Show this help message
 EXAMPLES
   npx @solongate/proxy create my-server
-  npx @solongate/proxy create db-tools --policy read-only
+  npx @solongate/proxy create db-tools --policy ./policy.json
 `);
 }
 function createProject(dir, name, _policy) {
@@ -2061,7 +1772,7 @@ function parseCliArgs() {
     }
   }
   if (!apiKey) {
-    log5("ERROR: API key not found.");
+    log5(red("ERROR: API key not found."));
     log5("");
     log5("Set it in .env file:");
     log5("  SOLONGATE_API_KEY=sg_live_...");
@@ -2071,53 +1782,169 @@ function parseCliArgs() {
     process.exit(1);
   }
   if (!apiKey.startsWith("sg_live_")) {
-    log5("ERROR: Pull/push requires a live API key (sg_live_...).");
+    log5(red("ERROR: Pull/push/list requires a live API key (sg_live_...)."));
     process.exit(1);
   }
   return { command, apiKey, file: resolve5(file), policyId };
 }
 async function listPolicies(apiKey) {
-  const res = await fetch("https://api.solongate.com/api/v1/policies", {
+  const res = await fetch(`${API_URL}/api/v1/policies`, {
     headers: { "Authorization": `Bearer ${apiKey}` }
   });
   if (!res.ok) throw new Error(`Failed to list policies (${res.status})`);
   const data = await res.json();
   return data.policies ?? [];
 }
+async function list(apiKey, policyId) {
+  const policies = await listPolicies(apiKey);
+  if (policies.length === 0) {
+    log5(yellow("No policies found. Create one in the dashboard first."));
+    log5(dim("  https://dashboard.solongate.com/policies"));
+    return;
+  }
+  if (policyId) {
+    const match = policies.find((p) => p.id === policyId);
+    if (!match) {
+      log5(red(`Policy not found: ${policyId}`));
+      log5("");
+      log5("Available policies:");
+      for (const p of policies) {
+        log5(`  ${dim("\u2022")} ${p.id}`);
+      }
+      process.exit(1);
+    }
+    const full = await fetchCloudPolicy(apiKey, API_URL, policyId);
+    printPolicyDetail(full);
+    return;
+  }
+  log5("");
+  log5(bold(`  Policies (${policies.length})`));
+  log5(dim("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
+  log5("");
+  for (const p of policies) {
+    try {
+      const full = await fetchCloudPolicy(apiKey, API_URL, p.id);
+      printPolicySummary(p, full.rules);
+    } catch {
+      printPolicySummary(p, []);
+    }
+  }
+  log5(dim("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
+  log5("");
+  log5(`  ${dim("View details:")}  solongate-proxy list --policy-id <ID>`);
+  log5(`  ${dim("Pull policy:")}   solongate-proxy pull --policy-id <ID>`);
+  log5(`  ${dim("Push policy:")}   solongate-proxy push --policy-id <ID>`);
+  log5("");
+}
+function printPolicySummary(p, rules) {
+  const ruleCount = rules.length;
+  const allowCount = rules.filter((r) => r.effect === "ALLOW").length;
+  const denyCount = rules.filter((r) => r.effect === "DENY").length;
+  log5(`  ${cyan(p.id)}`);
+  log5(`    ${bold(p.name)}  ${dim(`v${p.version ?? "?"}`)}`);
+  log5(`    ${dim("Rules:")} ${ruleCount}  ${green(`${allowCount} ALLOW`)}  ${red(`${denyCount} DENY`)}`);
+  if (p.created_at) {
+    log5(`    ${dim("Updated:")} ${new Date(p.created_at).toLocaleString()}`);
+  }
+  log5("");
+}
+function printPolicyDetail(policy) {
+  log5("");
+  log5(bold(`  ${policy.name}`));
+  log5(`  ${dim("ID:")} ${cyan(policy.id)}  ${dim("Version:")} ${policy.version}  ${dim("Rules:")} ${policy.rules.length}`);
+  log5("");
+  if (policy.rules.length === 0) {
+    log5(yellow("  No rules defined."));
+    log5("");
+    return;
+  }
+  log5(dim("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
+  for (const rule of policy.rules) {
+    const effectColor = rule.effect === "ALLOW" ? green : red;
+    log5("");
+    log5(`  ${effectColor(rule.effect.padEnd(5))}  ${bold(rule.toolPattern)}  ${dim(`P:${rule.priority}`)}`);
+    if (rule.description) {
+      log5(`         ${dim(rule.description)}`);
+    }
+    log5(`         ${dim(`${rule.permission}  trust:${rule.minimumTrustLevel || "UNTRUSTED"}`)}`);
+    if (rule.pathConstraints) {
+      const pc = rule.pathConstraints;
+      if (pc.rootDirectory) log5(`         ${magenta("ROOT")} ${pc.rootDirectory}`);
+      if (pc.allowed?.length) log5(`         ${green("PATHS")} ${pc.allowed.join(", ")}`);
+      if (pc.denied?.length) log5(`         ${red("DENY")}  ${pc.denied.join(", ")}`);
+    }
+    if (rule.commandConstraints) {
+      const cc = rule.commandConstraints;
+      if (cc.allowed?.length) log5(`         ${green("CMDS")}  ${cc.allowed.join(", ")}`);
+      if (cc.denied?.length) log5(`         ${red("DENY")}  ${cc.denied.join(", ")}`);
+    }
+    if (rule.filenameConstraints) {
+      const fc = rule.filenameConstraints;
+      if (fc.allowed?.length) log5(`         ${green("FILES")} ${fc.allowed.join(", ")}`);
+      if (fc.denied?.length) log5(`         ${red("DENY")}  ${fc.denied.join(", ")}`);
+    }
+    if (rule.urlConstraints) {
+      const uc = rule.urlConstraints;
+      if (uc.allowed?.length) log5(`         ${green("URLS")}  ${uc.allowed.join(", ")}`);
+      if (uc.denied?.length) log5(`         ${red("DENY")}  ${uc.denied.join(", ")}`);
+    }
+  }
+  log5("");
+  log5(dim("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
+  log5("");
+}
 async function pull(apiKey, file, policyId) {
-  const apiUrl = "https://api.solongate.com";
   if (!policyId) {
     const policies = await listPolicies(apiKey);
     if (policies.length === 0) {
-      log5("No policies found. Create one in the dashboard first.");
+      log5(red("No policies found. Create one in the dashboard first."));
       process.exit(1);
     }
-    if (policies.length > 1) {
-      log5(`Found ${policies.length} policies:
-`);
+    if (policies.length === 1) {
+      policyId = policies[0].id;
+      log5(dim(`Auto-selecting only policy: ${policyId}`));
+    } else {
+      log5(yellow(`Found ${policies.length} policies:`));
+      log5("");
       for (const p of policies) {
-        log5(`  ${p.id}  ${p.name}  (${(p.rules || []).length} rules)`);
+        log5(`  ${cyan(p.id)}  ${p.name}  ${dim(`v${p.version ?? "?"}`)}`);
       }
       log5("");
       log5("Use --policy-id <ID> to specify which one to pull.");
       process.exit(1);
     }
   }
-  log5(`Pulling policy from dashboard...`);
-  const policy = await fetchCloudPolicy(apiKey, apiUrl, policyId);
-  const json = JSON.stringify(policy, null, 2) + "\n";
+  log5(`Pulling ${cyan(policyId)} from dashboard...`);
+  const policy = await fetchCloudPolicy(apiKey, API_URL, policyId);
+  const { id: _id, ...policyWithoutId } = policy;
+  const json = JSON.stringify(policyWithoutId, null, 2) + "\n";
   writeFileSync5(file, json, "utf-8");
-  log5(`Saved: ${file}`);
-  log5(`  Name: ${policy.name}`);
-  log5(`  Version: ${policy.version}`);
-  log5(`  Rules: ${policy.rules.length}`);
   log5("");
-  log5("Done. Policy pulled from dashboard to local file.");
+  log5(green("  Saved to: ") + file);
+  log5(`  ${dim("Name:")}    ${policy.name}`);
+  log5(`  ${dim("Version:")} ${policy.version}`);
+  log5(`  ${dim("Rules:")}   ${policy.rules.length}`);
+  log5("");
+  log5(dim("The policy file does not contain an ID."));
+  log5(dim("Use --policy-id to specify the target when pushing/pulling."));
+  log5("");
 }
-async function push(apiKey, file) {
-  const apiUrl = "https://api.solongate.com";
+async function push(apiKey, file, policyId) {
   if (!existsSync6(file)) {
-    log5(`ERROR: File not found: ${file}`);
+    log5(red(`ERROR: File not found: ${file}`));
+    process.exit(1);
+  }
+  if (!policyId) {
+    log5(red("ERROR: --policy-id is required for push."));
+    log5("");
+    log5("This determines which cloud policy to update.");
+    log5("");
+    log5("Usage:");
+    log5("  solongate-proxy push --policy-id my-policy");
+    log5("  solongate-proxy push --policy-id my-policy --file custom.json");
+    log5("");
+    log5("List your policies:");
+    log5("  solongate-proxy list");
     process.exit(1);
   }
   const content = readFileSync5(file, "utf-8");
@@ -2125,21 +1952,26 @@ async function push(apiKey, file) {
   try {
     policy = JSON.parse(content);
   } catch {
-    log5(`ERROR: Invalid JSON in ${file}`);
+    log5(red(`ERROR: Invalid JSON in ${file}`));
     process.exit(1);
   }
-  log5(`Pushing policy to dashboard...`);
-  log5(`  File: ${file}`);
-  log5(`  Name: ${policy.name || "Unnamed"}`);
-  log5(`  Rules: ${(policy.rules || []).length}`);
-  const res = await fetch(`${apiUrl}/api/v1/policies`, {
-    method: "POST",
+  log5(`Pushing to ${cyan(policyId)}...`);
+  log5(`  ${dim("File:")}  ${file}`);
+  log5(`  ${dim("Name:")}  ${policy.name || "Unnamed"}`);
+  log5(`  ${dim("Rules:")} ${(policy.rules || []).length}`);
+  const checkRes = await fetch(`${API_URL}/api/v1/policies/${policyId}`, {
+    headers: { "Authorization": `Bearer ${apiKey}` }
+  });
+  const method = checkRes.ok ? "PUT" : "POST";
+  const url = checkRes.ok ? `${API_URL}/api/v1/policies/${policyId}` : `${API_URL}/api/v1/policies`;
+  const res = await fetch(url, {
+    method,
     headers: {
       "Authorization": `Bearer ${apiKey}`,
       "Content-Type": "application/json"
     },
     body: JSON.stringify({
-      id: policy.id || "default",
+      id: policyId,
       name: policy.name || "Local Policy",
       description: policy.description || "Pushed from local file",
       version: policy.version || 1,
@@ -2148,13 +1980,15 @@ async function push(apiKey, file) {
   });
   if (!res.ok) {
     const body = await res.text().catch(() => "");
-    log5(`ERROR: Push failed (${res.status}): ${body}`);
+    log5(red(`ERROR: Push failed (${res.status}): ${body}`));
     process.exit(1);
   }
   const data = await res.json();
-  log5(`  Cloud version: ${data._version ?? "created"}`);
   log5("");
-  log5("Done. Policy pushed from local file to dashboard.");
+  log5(green(`  Pushed to cloud: v${data._version ?? "created"}`));
+  log5(`  ${dim("Policy ID:")} ${policyId}`);
+  log5(`  ${dim("Method:")}    ${method === "PUT" ? "Updated existing" : "Created new"}`);
+  log5("");
 }
 async function main4() {
   const { command, apiKey, file, policyId } = parseCliArgs();
@@ -2162,24 +1996,45 @@ async function main4() {
     if (command === "pull") {
       await pull(apiKey, file, policyId);
     } else if (command === "push") {
-      await push(apiKey, file);
+      await push(apiKey, file, policyId);
+    } else if (command === "list" || command === "ls") {
+      await list(apiKey, policyId);
     } else {
-      log5(`Unknown command: ${command}`);
-      log5("Usage: solongate-proxy pull|push [--file policy.json]");
+      log5(red(`Unknown command: ${command}`));
+      log5("");
+      log5(bold("Usage:"));
+      log5("  solongate-proxy list                          List all policies");
+      log5("  solongate-proxy list --policy-id <ID>         Show policy details");
+      log5("  solongate-proxy pull --policy-id <ID>         Pull policy to local file");
+      log5("  solongate-proxy push --policy-id <ID>         Push local file to cloud");
+      log5("");
+      log5(bold("Flags:"));
+      log5("  --policy-id, --id <ID>    Cloud policy ID (required for push)");
+      log5("  --file, -f <path>         Local file path (default: policy.json)");
+      log5("  --api-key <key>           API key (or set SOLONGATE_API_KEY)");
+      log5("");
       process.exit(1);
     }
   } catch (err) {
-    log5(`ERROR: ${err instanceof Error ? err.message : String(err)}`);
+    log5(red(`ERROR: ${err instanceof Error ? err.message : String(err)}`));
     process.exit(1);
   }
 }
-var log5;
+var log5, dim, bold, green, red, yellow, cyan, magenta, API_URL;
 var init_pull_push = __esm({
   "src/pull-push.ts"() {
     "use strict";
     init_config();
-    log5 = (...args) => process.stderr.write(`[SolonGate] ${args.map(String).join(" ")}
+    log5 = (...args) => process.stderr.write(`${args.map(String).join(" ")}
 `);
+    dim = (s) => `\x1B[2m${s}\x1B[0m`;
+    bold = (s) => `\x1B[1m${s}\x1B[0m`;
+    green = (s) => `\x1B[32m${s}\x1B[0m`;
+    red = (s) => `\x1B[31m${s}\x1B[0m`;
+    yellow = (s) => `\x1B[33m${s}\x1B[0m`;
+    cyan = (s) => `\x1B[36m${s}\x1B[0m`;
+    magenta = (s) => `\x1B[35m${s}\x1B[0m`;
+    API_URL = "https://api.solongate.com";
     main4();
   }
 });
@@ -2296,6 +2151,14 @@ var PolicyRuleSchema = z.object({
     allowed: z.array(z.string()).optional(),
     denied: z.array(z.string()).optional()
   }).optional(),
+  filenameConstraints: z.object({
+    allowed: z.array(z.string()).optional(),
+    denied: z.array(z.string()).optional()
+  }).optional(),
+  urlConstraints: z.object({
+    allowed: z.array(z.string()).optional(),
+    denied: z.array(z.string()).optional()
+  }).optional(),
   enabled: z.boolean().default(true),
   createdAt: z.string().datetime(),
   updatedAt: z.string().datetime()
@@ -2481,11 +2344,48 @@ function matchSegmentGlob(segment, pattern) {
   }
   return segment === pattern;
 }
+var PATH_FIELDS = /* @__PURE__ */ new Set([
+  "path",
+  "file",
+  "file_path",
+  "filepath",
+  "filename",
+  "directory",
+  "dir",
+  "folder",
+  "source",
+  "destination",
+  "dest",
+  "target",
+  "input",
+  "output",
+  "cwd",
+  "root",
+  "notebook_path"
+]);
 function extractPathArguments(args) {
   const paths = [];
-  for (const value of Object.values(args)) {
-    if (typeof value === "string" && (value.includes("/") || value.includes("\\"))) {
-      paths.push(value);
+  const seen = /* @__PURE__ */ new Set();
+  function addPath(value) {
+    const trimmed = value.trim();
+    if (trimmed && !seen.has(trimmed)) {
+      seen.add(trimmed);
+      paths.push(trimmed);
+    }
+  }
+  for (const [key, value] of Object.entries(args)) {
+    if (typeof value !== "string") continue;
+    if (PATH_FIELDS.has(key.toLowerCase())) {
+      addPath(value);
+      continue;
+    }
+    if (value.includes("/") || value.includes("\\")) {
+      addPath(value);
+      continue;
+    }
+    if (value.startsWith(".")) {
+      addPath(value);
+      continue;
     }
   }
   return paths;
@@ -2499,15 +2399,62 @@ var COMMAND_FIELDS = /* @__PURE__ */ new Set([
   "shell",
   "exec",
   "sql",
-  "expression"
+  "expression",
+  "function"
 ]);
+var COMMAND_HEURISTICS = [
+  /^(sh|bash|cmd|powershell|zsh|fish)\s+-c\s+/i,
+  // shell -c "..."
+  /^(sudo|doas)\s+/i,
+  // privilege escalation
+  /^\w+\s+&&\s+/,
+  // cmd1 && cmd2
+  /^\w+\s*\|\s*\w+/,
+  // cmd1 | cmd2
+  /^\w+\s*;\s*\w+/,
+  // cmd1; cmd2
+  /^(curl|wget|nc|ncat)\s+/i,
+  // network commands
+  /^(rm|del|rmdir)\s+/i,
+  // destructive commands
+  /^(cat|type|more|less)\s+.*[/\\]/i
+  // file read commands with paths
+];
 function extractCommandArguments(args) {
   const commands = [];
-  for (const [key, value] of Object.entries(args)) {
-    if (typeof value !== "string") continue;
-    if (COMMAND_FIELDS.has(key.toLowerCase())) {
-      commands.push(value);
+  const seen = /* @__PURE__ */ new Set();
+  function addCommand(value) {
+    const trimmed = value.trim();
+    if (trimmed && !seen.has(trimmed)) {
+      seen.add(trimmed);
+      commands.push(trimmed);
+    }
+  }
+  function scanValue(key, value) {
+    if (typeof value === "string") {
+      if (COMMAND_FIELDS.has(key.toLowerCase())) {
+        addCommand(value);
+        return;
+      }
+      for (const pattern of COMMAND_HEURISTICS) {
+        if (pattern.test(value)) {
+          addCommand(value);
+          return;
+        }
+      }
     }
+    if (Array.isArray(value)) {
+      for (const item of value) {
+        scanValue(key, item);
+      }
+    } else if (typeof value === "object" && value !== null) {
+      for (const [k, v] of Object.entries(value)) {
+        scanValue(k, v);
+      }
+    }
+  }
+  for (const [key, value] of Object.entries(args)) {
+    scanValue(key, value);
   }
   return commands;
 }
@@ -2553,6 +2500,224 @@ function isCommandAllowed(command, constraints) {
   }
   return true;
 }
+function extractFilenames(args) {
+  const filenames = [];
+  const seen = /* @__PURE__ */ new Set();
+  function addFilename(name) {
+    const trimmed = name.trim();
+    if (trimmed && !seen.has(trimmed)) {
+      seen.add(trimmed);
+      filenames.push(trimmed);
+    }
+  }
+  function scanValue(value) {
+    if (typeof value === "string") {
+      const trimmed = value.trim();
+      if (!trimmed) return;
+      if (/^https?:\/\//i.test(trimmed)) return;
+      if (trimmed.includes("/") || trimmed.includes("\\")) {
+        const normalized = trimmed.replace(/\\/g, "/");
+        const parts = normalized.split("/");
+        const basename = parts[parts.length - 1];
+        if (basename && basename.length > 0) {
+          addFilename(basename);
+        }
+        return;
+      }
+      if (trimmed.includes(" ")) {
+        for (const token of trimmed.split(/\s+/)) {
+          if (token.includes("/") || token.includes("\\")) {
+            const parts = token.replace(/\\/g, "/").split("/");
+            const basename = parts[parts.length - 1];
+            if (basename && looksLikeFilename(basename)) addFilename(basename);
+          } else if (looksLikeFilename(token)) {
+            addFilename(token);
+          }
+        }
+        return;
+      }
+      if (looksLikeFilename(trimmed)) {
+        addFilename(trimmed);
+      }
+      return;
+    }
+    if (Array.isArray(value)) {
+      for (const item of value) {
+        scanValue(item);
+      }
+    } else if (typeof value === "object" && value !== null) {
+      for (const v of Object.values(value)) {
+        scanValue(v);
+      }
+    }
+  }
+  for (const value of Object.values(args)) {
+    scanValue(value);
+  }
+  return filenames;
+}
+function looksLikeFilename(s) {
+  if (s.startsWith(".")) return true;
+  if (/\.\w+$/.test(s)) return true;
+  const knownFiles = /* @__PURE__ */ new Set([
+    "id_rsa",
+    "id_dsa",
+    "id_ecdsa",
+    "id_ed25519",
+    "authorized_keys",
+    "known_hosts",
+    "makefile",
+    "dockerfile",
+    "vagrantfile",
+    "gemfile",
+    "rakefile",
+    "procfile"
+  ]);
+  if (knownFiles.has(s.toLowerCase())) return true;
+  return false;
+}
+function matchFilenamePattern(filename, pattern) {
+  if (pattern === "*") return true;
+  const normalizedFilename = filename.toLowerCase();
+  const normalizedPattern = pattern.toLowerCase();
+  if (normalizedFilename === normalizedPattern) return true;
+  const startsWithStar = normalizedPattern.startsWith("*");
+  const endsWithStar = normalizedPattern.endsWith("*");
+  if (startsWithStar && endsWithStar) {
+    const infix = normalizedPattern.slice(1, -1);
+    return infix.length > 0 && normalizedFilename.includes(infix);
+  }
+  if (startsWithStar) {
+    const suffix = normalizedPattern.slice(1);
+    return normalizedFilename.endsWith(suffix);
+  }
+  if (endsWithStar) {
+    const prefix = normalizedPattern.slice(0, -1);
+    return normalizedFilename.startsWith(prefix);
+  }
+  const starIdx = normalizedPattern.indexOf("*");
+  if (starIdx !== -1) {
+    const prefix = normalizedPattern.slice(0, starIdx);
+    const suffix = normalizedPattern.slice(starIdx + 1);
+    return normalizedFilename.startsWith(prefix) && normalizedFilename.endsWith(suffix) && normalizedFilename.length >= prefix.length + suffix.length;
+  }
+  return false;
+}
+function isFilenameAllowed(filename, constraints) {
+  if (constraints.denied && constraints.denied.length > 0) {
+    for (const pattern of constraints.denied) {
+      if (matchFilenamePattern(filename, pattern)) {
+        return false;
+      }
+    }
+  }
+  if (constraints.allowed && constraints.allowed.length > 0) {
+    let matchesAllowed = false;
+    for (const pattern of constraints.allowed) {
+      if (matchFilenamePattern(filename, pattern)) {
+        matchesAllowed = true;
+        break;
+      }
+    }
+    if (!matchesAllowed) return false;
+  }
+  return true;
+}
+var URL_FIELDS = /* @__PURE__ */ new Set([
+  "url",
+  "href",
+  "uri",
+  "endpoint",
+  "link",
+  "src",
+  "source",
+  "target",
+  "redirect",
+  "callback",
+  "webhook"
+]);
+function extractUrlArguments(args) {
+  const urls = [];
+  const seen = /* @__PURE__ */ new Set();
+  function addUrl(value) {
+    const trimmed = value.trim();
+    if (trimmed && !seen.has(trimmed)) {
+      seen.add(trimmed);
+      urls.push(trimmed);
+    }
+  }
+  function scanValue(key, value) {
+    if (typeof value === "string") {
+      const lower = key.toLowerCase();
+      if (URL_FIELDS.has(lower)) {
+        addUrl(value);
+        return;
+      }
+      if (/https?:\/\//i.test(value)) {
+        addUrl(value);
+        return;
+      }
+      if (/^[a-zA-Z0-9]([a-zA-Z0-9-]*\.)+[a-zA-Z]{2,}(\/.*)?$/.test(value)) {
+        addUrl(value);
+        return;
+      }
+    }
+    if (Array.isArray(value)) {
+      for (const item of value) {
+        scanValue(key, item);
+      }
+    } else if (typeof value === "object" && value !== null) {
+      for (const [k, v] of Object.entries(value)) {
+        scanValue(k, v);
+      }
+    }
+  }
+  for (const [key, value] of Object.entries(args)) {
+    scanValue(key, value);
+  }
+  return urls;
+}
+function matchUrlPattern(url, pattern) {
+  if (pattern === "*") return true;
+  const normalizedUrl = url.trim().toLowerCase();
+  const normalizedPattern = pattern.trim().toLowerCase();
+  if (normalizedPattern === normalizedUrl) return true;
+  const startsWithStar = normalizedPattern.startsWith("*");
+  const endsWithStar = normalizedPattern.endsWith("*");
+  if (startsWithStar && endsWithStar) {
+    const infix = normalizedPattern.slice(1, -1);
+    return infix.length > 0 && normalizedUrl.includes(infix);
+  }
+  if (endsWithStar) {
+    const prefix = normalizedPattern.slice(0, -1);
+    return normalizedUrl.startsWith(prefix);
+  }
+  if (startsWithStar) {
+    const suffix = normalizedPattern.slice(1);
+    return normalizedUrl.endsWith(suffix);
+  }
+  return false;
+}
+function isUrlAllowed(url, constraints) {
+  if (constraints.denied && constraints.denied.length > 0) {
+    for (const pattern of constraints.denied) {
+      if (matchUrlPattern(url, pattern)) {
+        return false;
+      }
+    }
+  }
+  if (constraints.allowed && constraints.allowed.length > 0) {
+    let matchesAllowed = false;
+    for (const pattern of constraints.allowed) {
+      if (matchUrlPattern(url, pattern)) {
+        matchesAllowed = true;
+        break;
+      }
+    }
+    if (!matchesAllowed) return false;
+  }
+  return true;
+}
 function ruleMatchesRequest(rule, request) {
   if (!rule.enabled) return false;
   if (rule.permission !== request.requiredPermission) return false;
@@ -2581,6 +2746,22 @@ function ruleMatchesRequest(rule, request) {
       if (!satisfied) return false;
     }
   }
+  if (rule.filenameConstraints) {
+    const satisfied = filenameConstraintsMatch(rule.filenameConstraints, request.arguments);
+    if (rule.effect === "DENY") {
+      if (satisfied) return false;
+    } else {
+      if (!satisfied) return false;
+    }
+  }
+  if (rule.urlConstraints) {
+    const satisfied = urlConstraintsMatch(rule.urlConstraints, request.arguments);
+    if (rule.effect === "DENY") {
+      if (satisfied) return false;
+    } else {
+      if (!satisfied) return false;
+    }
+  }
   return true;
 }
 function toolPatternMatches(pattern, toolName) {
@@ -2671,6 +2852,16 @@ function commandConstraintsMatch(constraints, args) {
   if (commands.length === 0) return true;
   return commands.every((cmd) => isCommandAllowed(cmd, constraints));
 }
+function filenameConstraintsMatch(constraints, args) {
+  const filenames = extractFilenames(args);
+  if (filenames.length === 0) return true;
+  return filenames.every((name) => isFilenameAllowed(name, constraints));
+}
+function urlConstraintsMatch(constraints, args) {
+  const urls = extractUrlArguments(args);
+  if (urls.length === 0) return true;
+  return urls.every((url) => isUrlAllowed(url, constraints));
+}
 function evaluatePolicy(policySet, request) {
   const startTime = performance.now();
   const sortedRules = [...policySet.rules].sort(
@@ -3051,6 +3242,11 @@ function resolveConfig(userConfig) {
       "Token secret is shorter than 32 characters. Use a longer secret for production."
     );
   }
+  if (config.apiUrl && config.apiUrl.startsWith("http://") && !config.apiUrl.startsWith("http://localhost") && !config.apiUrl.startsWith("http://127.0.0.1")) {
+    warnings.push(
+      "API URL uses plaintext HTTP. API keys will be sent unencrypted. Use HTTPS in production."
+    );
+  }
   return { config, warnings };
 }
 async function interceptToolCall(params, upstreamCall, options) {
@@ -3556,6 +3752,12 @@ var SolonGate = class {
   async validateLicense() {
     if (this.licenseValidated) return;
     if (this.apiKey.startsWith("sg_test_")) {
+      const nodeEnv = typeof process !== "undefined" ? process.env.NODE_ENV : "";
+      if (nodeEnv === "production") {
+        throw new LicenseError(
+          "Test API keys (sg_test_) cannot be used in production. Use a sg_live_ key instead."
+        );
+      }
       this.licenseValidated = true;
       return;
     }
@@ -3722,6 +3924,361 @@ var SolonGate = class {
   }
 };
+// ../core/dist/index.js
+import { z as z2 } from "zod";
+var Permission2 = {
+  READ: "READ",
+  WRITE: "WRITE",
+  EXECUTE: "EXECUTE"
+};
+var PermissionSchema = z2.enum(["READ", "WRITE", "EXECUTE"]);
+var NO_PERMISSIONS = Object.freeze(
+  /* @__PURE__ */ new Set()
+);
+var READ_ONLY = Object.freeze(
+  /* @__PURE__ */ new Set([Permission2.READ])
+);
+var PolicyRuleSchema2 = z2.object({
+  id: z2.string().min(1).max(256),
+  description: z2.string().max(1024),
+  effect: z2.enum(["ALLOW", "DENY"]),
+  priority: z2.number().int().min(0).max(1e4).default(1e3),
+  toolPattern: z2.string().min(1).max(512),
+  permission: z2.enum(["READ", "WRITE", "EXECUTE"]),
+  minimumTrustLevel: z2.enum(["UNTRUSTED", "VERIFIED", "TRUSTED"]),
+  argumentConstraints: z2.record(z2.unknown()).optional(),
+  pathConstraints: z2.object({
+    allowed: z2.array(z2.string()).optional(),
+    denied: z2.array(z2.string()).optional(),
+    rootDirectory: z2.string().optional(),
+    allowSymlinks: z2.boolean().optional()
+  }).optional(),
+  commandConstraints: z2.object({
+    allowed: z2.array(z2.string()).optional(),
+    denied: z2.array(z2.string()).optional()
+  }).optional(),
+  filenameConstraints: z2.object({
+    allowed: z2.array(z2.string()).optional(),
+    denied: z2.array(z2.string()).optional()
+  }).optional(),
+  urlConstraints: z2.object({
+    allowed: z2.array(z2.string()).optional(),
+    denied: z2.array(z2.string()).optional()
+  }).optional(),
+  enabled: z2.boolean().default(true),
+  createdAt: z2.string().datetime(),
+  updatedAt: z2.string().datetime()
+});
+var PolicySetSchema2 = z2.object({
+  id: z2.string().min(1).max(256),
+  name: z2.string().min(1).max(256),
+  description: z2.string().max(2048),
+  version: z2.number().int().min(0),
+  rules: z2.array(PolicyRuleSchema2),
+  createdAt: z2.string().datetime(),
+  updatedAt: z2.string().datetime()
+});
+var SECURITY_CONTEXT_TIMEOUT_MS = 5 * 60 * 1e3;
+var DEFAULT_INPUT_GUARD_CONFIG2 = Object.freeze({
+  pathTraversal: true,
+  shellInjection: true,
+  wildcardAbuse: true,
+  lengthLimit: 4096,
+  entropyLimit: true,
+  ssrf: true,
+  sqlInjection: true
+});
+var PATH_TRAVERSAL_PATTERNS = [
+  /\.\.\//,
+  // ../
+  /\.\.\\/,
+  // ..\
+  /%2e%2e/i,
+  // URL-encoded ..
+  /%2e\./i,
+  // partial URL-encoded
+  /\.%2e/i,
+  // partial URL-encoded
+  /%252e%252e/i,
+  // double URL-encoded
+  /\.\.\0/
+  // null byte variant
+];
+var SENSITIVE_PATHS = [
+  /\/etc\/passwd/i,
+  /\/etc\/shadow/i,
+  /\/proc\//i,
+  /\/dev\//i,
+  /c:\\windows\\system32/i,
+  /c:\\windows\\syswow64/i,
+  /\/root\//i,
+  /~\//,
+  /\.env(\.|$)/i,
+  // .env, .env.local, .env.production
+  /\.aws\/credentials/i,
+  // AWS credentials
+  /\.ssh\/id_/i,
+  // SSH keys
+  /\.kube\/config/i,
+  // Kubernetes config
+  /wp-config\.php/i,
+  // WordPress config
+  /\.git\/config/i,
+  // Git config
+  /\.npmrc/i,
+  // npm credentials
+  /\.pypirc/i
+  // PyPI credentials
+];
+function detectPathTraversal(value) {
+  for (const pattern of PATH_TRAVERSAL_PATTERNS) {
+    if (pattern.test(value)) return true;
+  }
+  for (const pattern of SENSITIVE_PATHS) {
+    if (pattern.test(value)) return true;
+  }
+  return false;
+}
+var SHELL_INJECTION_PATTERNS = [
+  /[;|&`]/,
+  // Command separators and backtick execution
+  /\$\(/,
+  // Command substitution $(...)
+  /\$\{/,
+  // Variable expansion ${...}
+  />\s*/,
+  // Output redirect
+  /<\s*/,
+  // Input redirect
+  /&&/,
+  // AND chaining
+  /\|\|/,
+  // OR chaining
+  /\beval\b/i,
+  // eval command
+  /\bexec\b/i,
+  // exec command
+  /\bsystem\b/i,
+  // system call
+  /%0a/i,
+  // URL-encoded newline
+  /%0d/i,
+  // URL-encoded carriage return
+  /%09/i,
+  // URL-encoded tab
+  /\r\n/,
+  // CRLF injection
+  /\n/
+  // Newline (command separator on Unix)
+];
+function detectShellInjection(value) {
+  for (const pattern of SHELL_INJECTION_PATTERNS) {
+    if (pattern.test(value)) return true;
+  }
+  return false;
+}
+var MAX_WILDCARDS_PER_VALUE = 3;
+function detectWildcardAbuse(value) {
+  if (value.includes("**")) return true;
+  const wildcardCount = (value.match(/\*/g) || []).length;
+  if (wildcardCount > MAX_WILDCARDS_PER_VALUE) return true;
+  return false;
+}
+var SSRF_PATTERNS = [
+  /^https?:\/\/localhost\b/i,
+  /^https?:\/\/127\.\d{1,3}\.\d{1,3}\.\d{1,3}/,
+  /^https?:\/\/0\.0\.0\.0/,
+  /^https?:\/\/\[::1\]/,
+  // IPv6 loopback
+  /^https?:\/\/10\.\d{1,3}\.\d{1,3}\.\d{1,3}/,
+  // 10.x.x.x
+  /^https?:\/\/172\.(1[6-9]|2\d|3[01])\./,
+  // 172.16-31.x.x
+  /^https?:\/\/192\.168\./,
+  // 192.168.x.x
+  /^https?:\/\/169\.254\./,
+  // Link-local / AWS metadata
+  /metadata\.google\.internal/i,
+  // GCP metadata
+  /^https?:\/\/metadata\b/i,
+  // Generic metadata endpoint
+  // IPv6 bypass patterns
+  /^https?:\/\/\[fe80:/i,
+  // IPv6 link-local
+  /^https?:\/\/\[fc00:/i,
+  // IPv6 unique local
+  /^https?:\/\/\[fd[0-9a-f]{2}:/i,
+  // IPv6 unique local (fd00::/8)
+  /^https?:\/\/\[::ffff:127\./i,
+  // IPv4-mapped IPv6 loopback
+  /^https?:\/\/\[::ffff:10\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:172\.(1[6-9]|2\d|3[01])\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:192\.168\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:169\.254\./i,
+  // IPv4-mapped IPv6 link-local
+  // Hex IP bypass (e.g., 0x7f000001 = 127.0.0.1)
+  /^https?:\/\/0x[0-9a-f]+\b/i,
+  // Octal IP bypass (e.g., 0177.0.0.1 = 127.0.0.1)
+  /^https?:\/\/0[0-7]{1,3}\./
+];
+function detectDecimalIP(value) {
+  const match = value.match(/^https?:\/\/(\d{8,10})(?:[:/]|$)/);
+  if (!match || !match[1]) return false;
+  const decimal = parseInt(match[1], 10);
+  if (isNaN(decimal) || decimal > 4294967295) return false;
+  return decimal >= 2130706432 && decimal <= 2147483647 || // 127.0.0.0/8
+  decimal >= 167772160 && decimal <= 184549375 || // 10.0.0.0/8
+  decimal >= 2886729728 && decimal <= 2887778303 || // 172.16.0.0/12
+  decimal >= 3232235520 && decimal <= 3232301055 || // 192.168.0.0/16
+  decimal >= 2851995648 && decimal <= 2852061183 || // 169.254.0.0/16
+  decimal === 0;
+}
+function detectSSRF(value) {
+  for (const pattern of SSRF_PATTERNS) {
+    if (pattern.test(value)) return true;
+  }
+  if (detectDecimalIP(value)) return true;
+  return false;
+}
+var SQL_INJECTION_PATTERNS = [
+  /'\s{0,20}(OR|AND)\s{0,20}'.{0,200}'/i,
+  // ' OR '1'='1 — bounded to prevent ReDoS
+  /'\s{0,10};\s{0,10}(DROP|DELETE|UPDATE|INSERT|ALTER|CREATE|EXEC)/i,
+  // '; DROP TABLE
+  /UNION\s+(ALL\s+)?SELECT/i,
+  // UNION SELECT
+  /--\s*$/m,
+  // SQL comment at end of line
+  /\/\*.{0,500}?\*\//,
+  // SQL block comment — bounded + non-greedy
+  /\bSLEEP\s*\(/i,
+  // Time-based injection
+  /\bBENCHMARK\s*\(/i,
+  // MySQL benchmark
+  /\bWAITFOR\s+DELAY/i,
+  // MSSQL delay
+  /\b(LOAD_FILE|INTO\s+OUTFILE|INTO\s+DUMPFILE)\b/i
+  // File operations
+];
+function detectSQLInjection(value) {
+  for (const pattern of SQL_INJECTION_PATTERNS) {
+    if (pattern.test(value)) return true;
+  }
+  return false;
+}
+function checkLengthLimits(value, maxLength = 4096) {
+  return value.length <= maxLength;
+}
+var ENTROPY_THRESHOLD = 4.5;
+var MIN_LENGTH_FOR_ENTROPY_CHECK = 32;
+function checkEntropyLimits(value) {
+  if (value.length < MIN_LENGTH_FOR_ENTROPY_CHECK) return true;
+  const entropy = calculateShannonEntropy(value);
+  return entropy <= ENTROPY_THRESHOLD;
+}
+function calculateShannonEntropy(str) {
+  const freq = /* @__PURE__ */ new Map();
+  for (const char of str) {
+    freq.set(char, (freq.get(char) ?? 0) + 1);
+  }
+  let entropy = 0;
+  const len = str.length;
+  for (const count of freq.values()) {
+    const p = count / len;
+    if (p > 0) {
+      entropy -= p * Math.log2(p);
+    }
+  }
+  return entropy;
+}
+function sanitizeInput(field, value, config = DEFAULT_INPUT_GUARD_CONFIG2) {
+  const threats = [];
+  if (typeof value !== "string") {
+    if (typeof value === "object" && value !== null) {
+      return sanitizeObject(field, value, config);
+    }
+    return { safe: true, threats: [] };
+  }
+  if (config.pathTraversal && detectPathTraversal(value)) {
+    threats.push({
+      type: "PATH_TRAVERSAL",
+      field,
+      value: truncate(value, 100),
+      description: "Path traversal pattern detected"
+    });
+  }
+  if (config.shellInjection && detectShellInjection(value)) {
+    threats.push({
+      type: "SHELL_INJECTION",
+      field,
+      value: truncate(value, 100),
+      description: "Shell injection pattern detected"
+    });
+  }
+  if (config.wildcardAbuse && detectWildcardAbuse(value)) {
+    threats.push({
+      type: "WILDCARD_ABUSE",
+      field,
+      value: truncate(value, 100),
+      description: "Wildcard abuse pattern detected"
+    });
+  }
+  if (!checkLengthLimits(value, config.lengthLimit)) {
+    threats.push({
+      type: "LENGTH_EXCEEDED",
+      field,
+      value: `[${value.length} chars]`,
+      description: `Value exceeds maximum length of ${config.lengthLimit}`
+    });
+  }
+  if (config.entropyLimit && !checkEntropyLimits(value)) {
+    threats.push({
+      type: "HIGH_ENTROPY",
+      field,
+      value: truncate(value, 100),
+      description: "High entropy string detected - possible encoded payload"
+    });
+  }
+  if (config.ssrf && detectSSRF(value)) {
+    threats.push({
+      type: "SSRF",
+      field,
+      value: truncate(value, 100),
+      description: "Server-side request forgery pattern detected \u2014 internal/metadata URL blocked"
+    });
+  }
+  if (config.sqlInjection && detectSQLInjection(value)) {
+    threats.push({
+      type: "SQL_INJECTION",
+      field,
+      value: truncate(value, 100),
+      description: "SQL injection pattern detected"
+    });
+  }
+  return { safe: threats.length === 0, threats };
+}
+function sanitizeObject(basePath, obj, config) {
+  const threats = [];
+  if (Array.isArray(obj)) {
+    for (let i = 0; i < obj.length; i++) {
+      const result = sanitizeInput(`${basePath}[${i}]`, obj[i], config);
+      threats.push(...result.threats);
+    }
+  } else {
+    for (const [key, val] of Object.entries(obj)) {
+      const result = sanitizeInput(`${basePath}.${key}`, val, config);
+      threats.push(...result.threats);
+    }
+  }
+  return { safe: threats.length === 0, threats };
+}
+function truncate(str, maxLen) {
+  return str.length > maxLen ? str.slice(0, maxLen) + "..." : str;
+}
 // src/proxy.ts
 init_config();
@@ -3744,6 +4301,7 @@ var PolicySyncManager = class {
   pollTimer = null;
   watcher = null;
   isLiveKey;
+  /** The cloud policy ID from --policy-id flag. This is the ONLY source of truth for which cloud policy to use. */
   policyId;
   constructor(opts) {
     this.localPath = opts.localPath;
@@ -3872,17 +4430,24 @@ var PolicySyncManager = class {
   }
   /**
    * Push policy to cloud API.
+   * Uses this.policyId (from --policy-id CLI flag) as the cloud policy ID.
+   * Falls back to policy.id from local file only if --policy-id was not set.
    */
   async pushToCloud(policy) {
-    const url = `${this.apiUrl}/api/v1/policies`;
+    const cloudId = this.policyId || policy.id || "default";
+    const existingRes = await fetch(`${this.apiUrl}/api/v1/policies/${cloudId}`, {
+      headers: { "Authorization": `Bearer ${this.apiKey}` }
+    });
+    const method = existingRes.ok ? "PUT" : "POST";
+    const url = existingRes.ok ? `${this.apiUrl}/api/v1/policies/${cloudId}` : `${this.apiUrl}/api/v1/policies`;
     const res = await fetch(url, {
-      method: "POST",
+      method,
       headers: {
         "Authorization": `Bearer ${this.apiKey}`,
         "Content-Type": "application/json"
       },
       body: JSON.stringify({
-        id: policy.id || "default",
+        id: cloudId,
         name: policy.name || "Default Policy",
         description: policy.description || "Synced from proxy",
         version: policy.version || 1,
@@ -3898,12 +4463,14 @@ var PolicySyncManager = class {
   }
   /**
    * Write policy to local file (with loop prevention).
+   * Does NOT write the 'id' field — cloud ID is managed by --policy-id flag.
    */
   writeToFile(policy) {
     if (!this.localPath) return;
     this.skipNextWatch = true;
     try {
-      const json = JSON.stringify(policy, null, 2) + "\n";
+      const { id: _id, ...rest } = policy;
+      const json = JSON.stringify(rest, null, 2) + "\n";
       writeFileSync(this.localPath, json, "utf-8");
     } catch (err) {
       log(`File write error: ${err instanceof Error ? err.message : String(err)}`);
@@ -3911,10 +4478,10 @@ var PolicySyncManager = class {
     }
   }
   /**
-   * Compare two policies by rules content (ignoring timestamps).
+   * Compare two policies by rules content (ignoring timestamps and id).
    */
   policiesEqual(a, b) {
-    if (a.id !== b.id || a.name !== b.name || a.rules.length !== b.rules.length) return false;
+    if (a.name !== b.name || a.rules.length !== b.rules.length) return false;
     return JSON.stringify(a.rules) === JSON.stringify(b.rules);
   }
 };
@@ -3977,7 +4544,12 @@ var SolonGateProxy = class {
     const apiUrl = this.config.apiUrl ?? "https://api.solongate.com";
     if (this.config.apiKey) {
       if (this.config.apiKey.startsWith("sg_test_")) {
-        log2("Using test API key \u2014 skipping online validation.");
+        const nodeEnv = process.env.NODE_ENV ?? "";
+        if (nodeEnv === "production") {
+          log2("ERROR: Test API keys (sg_test_) cannot be used in production. Use a sg_live_ key.");
+          process.exit(1);
+        }
+        log2("Using test API key \u2014 skipping online validation (non-production mode).");
       } else {
         log2(`Validating license with ${apiUrl}...`);
         try {
@@ -4178,7 +4750,26 @@ var SolonGateProxy = class {
     });
     this.server.setRequestHandler(ReadResourceRequestSchema, async (request) => {
       if (!this.client) throw new Error("Upstream client disconnected");
-      return await this.client.readResource({ uri: request.params.uri });
+      const uri = request.params.uri;
+      const uriCheck = sanitizeInput("resource.uri", uri);
+      if (!uriCheck.safe) {
+        const threats = uriCheck.threats.map((t) => `${t.type}: ${t.description}`).join("; ");
+        log2(`DENY resource read: ${uri} \u2014 ${threats}`);
+        throw new Error(`Resource URI blocked by security policy: ${threats}`);
+      }
+      if (/^file:\/\//i.test(uri)) {
+        const path = uri.replace(/^file:\/\/\/?/i, "/");
+        if (detectPathTraversal(path)) {
+          log2(`DENY resource read: ${uri} \u2014 path traversal in file URI`);
+          throw new Error("Resource URI blocked: path traversal detected");
+        }
+      }
+      if (/^https?:\/\//i.test(uri) && detectSSRF(uri)) {
+        log2(`DENY resource read: ${uri} \u2014 SSRF pattern`);
+        throw new Error("Resource URI blocked: internal/metadata URL not allowed");
+      }
+      log2(`Resource read: ${uri}`);
+      return await this.client.readResource({ uri });
     });
     this.server.setRequestHandler(ListResourceTemplatesRequestSchema, async () => {
       if (!this.client) return { resourceTemplates: [] };
@@ -4198,9 +4789,19 @@ var SolonGateProxy = class {
     });
     this.server.setRequestHandler(GetPromptRequestSchema, async (request) => {
       if (!this.client) throw new Error("Upstream client disconnected");
+      const args = request.params.arguments;
+      if (args && typeof args === "object") {
+        const argsCheck = sanitizeInput("prompt.arguments", args);
+        if (!argsCheck.safe) {
+          const threats = argsCheck.threats.map((t) => `${t.type}: ${t.description}`).join("; ");
+          log2(`DENY prompt get: ${request.params.name} \u2014 ${threats}`);
+          throw new Error(`Prompt arguments blocked by security policy: ${threats}`);
+        }
+      }
+      log2(`Prompt get: ${request.params.name}`);
       return await this.client.getPrompt({
         name: request.params.name,
-        arguments: request.params.arguments
+        arguments: args
       });
     });
   }
@@ -4396,7 +4997,7 @@ async function main5() {
     await Promise.resolve().then(() => (init_create(), create_exports));
     return;
   }
-  if (subcommand === "pull" || subcommand === "push") {
+  if (subcommand === "pull" || subcommand === "push" || subcommand === "list" || subcommand === "ls") {
     await Promise.resolve().then(() => (init_pull_push(), pull_push_exports));
     return;
   }