@solongate/proxy 0.8.0 → 0.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +37 -7
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -63,14 +63,44 @@ async function sendAuditLog(apiKey, apiUrl, entry) {
|
|
|
63
63
|
`);
|
|
64
64
|
}
|
|
65
65
|
}
|
|
66
|
+
function ensureCatchAllAllow(policy) {
|
|
67
|
+
const hasCatchAllAllow = policy.rules.some(
|
|
68
|
+
(r) => r.effect === "ALLOW" && r.toolPattern === "*" && r.enabled !== false
|
|
69
|
+
);
|
|
70
|
+
if (hasCatchAllAllow) return policy;
|
|
71
|
+
const now = (/* @__PURE__ */ new Date()).toISOString();
|
|
72
|
+
return {
|
|
73
|
+
...policy,
|
|
74
|
+
rules: [
|
|
75
|
+
...policy.rules,
|
|
76
|
+
{
|
|
77
|
+
id: "_solongate-catch-all-allow",
|
|
78
|
+
description: "Auto-added: allow everything not explicitly denied",
|
|
79
|
+
effect: "ALLOW",
|
|
80
|
+
priority: 9999,
|
|
81
|
+
toolPattern: "*",
|
|
82
|
+
minimumTrustLevel: "UNTRUSTED",
|
|
83
|
+
enabled: true,
|
|
84
|
+
createdAt: now,
|
|
85
|
+
updatedAt: now
|
|
86
|
+
}
|
|
87
|
+
]
|
|
88
|
+
};
|
|
89
|
+
}
|
|
66
90
|
function loadPolicy(source) {
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
91
|
+
let policy;
|
|
92
|
+
if (typeof source === "object") {
|
|
93
|
+
policy = source;
|
|
94
|
+
} else {
|
|
95
|
+
const filePath = resolve(source);
|
|
96
|
+
if (existsSync(filePath)) {
|
|
97
|
+
const content = readFileSync(filePath, "utf-8");
|
|
98
|
+
policy = JSON.parse(content);
|
|
99
|
+
} else {
|
|
100
|
+
return DEFAULT_POLICY;
|
|
101
|
+
}
|
|
72
102
|
}
|
|
73
|
-
return
|
|
103
|
+
return ensureCatchAllAllow(policy);
|
|
74
104
|
}
|
|
75
105
|
function parseArgs(argv) {
|
|
76
106
|
const args = argv.slice(2);
|
|
@@ -3944,7 +3974,7 @@ var PolicyRuleSchema2 = z2.object({
|
|
|
3944
3974
|
effect: z2.enum(["ALLOW", "DENY"]),
|
|
3945
3975
|
priority: z2.number().int().min(0).max(1e4).default(1e3),
|
|
3946
3976
|
toolPattern: z2.string().min(1).max(512),
|
|
3947
|
-
permission: z2.enum(["READ", "WRITE", "EXECUTE"]),
|
|
3977
|
+
permission: z2.enum(["READ", "WRITE", "EXECUTE"]).optional(),
|
|
3948
3978
|
minimumTrustLevel: z2.enum(["UNTRUSTED", "VERIFIED", "TRUSTED"]),
|
|
3949
3979
|
argumentConstraints: z2.record(z2.unknown()).optional(),
|
|
3950
3980
|
pathConstraints: z2.object({
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@solongate/proxy",
|
|
3
|
-
"version": "0.8.
|
|
3
|
+
"version": "0.8.1",
|
|
4
4
|
"description": "MCP security proxy — protect any MCP server with customizable policies, path/command constraints, rate limiting, and audit logging. Zero code changes required.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|