@solongate/proxy 0.8.1 → 0.8.3

package/dist/init.js

@@ -2,7 +2,8 @@
 
 // src/init.ts
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
-import { resolve, join } from "path";
+import { resolve, join, dirname } from "path";
+import { fileURLToPath } from "url";
 import { createInterface } from "readline";
 var SEARCH_PATHS = [
   ".mcp.json",
@@ -134,353 +135,19 @@ EXAMPLES
 `;
   console.log(help);
 }
-var GUARD_SCRIPT = `#!/usr/bin/env node
-/**
- * SolonGate Policy Guard Hook (PreToolUse)
- * Reads policy.json and blocks tool calls that violate constraints.
- * Exit code 2 = BLOCK, exit code 0 = ALLOW.
- * Logs ALL decisions (ALLOW + DENY) to SolonGate Cloud.
- * Auto-installed by: npx @solongate/proxy init
- */
-import { readFileSync, existsSync } from 'node:fs';
-import { resolve } from 'node:path';
-
-// \u2500\u2500 Load API key from .env file (Claude Code doesn't load .env into process.env) \u2500\u2500
-function loadEnvKey(dir) {
-  try {
-    const envPath = resolve(dir, '.env');
-    if (!existsSync(envPath)) return {};
-    const lines = readFileSync(envPath, 'utf-8').split('\\n');
-    const env = {};
-    for (const line of lines) {
-      const m = line.match(/^([A-Z_]+)=(.*)$/);
-      if (m) env[m[1]] = m[2].replace(/^["']|["']$/g, '').trim();
-    }
-    return env;
-  } catch { return {}; }
-}
-
-const hookCwdEarly = process.cwd();
-const dotenv = loadEnvKey(hookCwdEarly);
-const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
-const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
-
-// \u2500\u2500 Glob Matching \u2500\u2500
-function matchGlob(str, pattern) {
-  if (pattern === '*') return true;
-  const s = str.toLowerCase();
-  const p = pattern.toLowerCase();
-  if (s === p) return true;
-  const startsW = p.startsWith('*');
-  const endsW = p.endsWith('*');
-  if (startsW && endsW) { const infix = p.slice(1, -1); return infix.length > 0 && s.includes(infix); }
-  if (startsW) return s.endsWith(p.slice(1));
-  if (endsW) return s.startsWith(p.slice(0, -1));
-  const idx = p.indexOf('*');
-  if (idx !== -1) {
-    const pre = p.slice(0, idx);
-    const suf = p.slice(idx + 1);
-    return s.startsWith(pre) && s.endsWith(suf) && s.length >= pre.length + suf.length;
-  }
-  return false;
-}
-
-// \u2500\u2500 Path Glob (supports **) \u2500\u2500
-function matchPathGlob(path, pattern) {
-  const p = path.replace(/\\\\/g, '/').toLowerCase();
-  const g = pattern.replace(/\\\\/g, '/').toLowerCase();
-  if (p === g) return true;
-  if (g.includes('**')) {
-    const parts = g.split('**').filter(s => s.length > 0);
-    if (parts.length === 0) return true; // just ** or ****
-    return parts.every(segment => p.includes(segment));
-  }
-  return matchGlob(p, g);
-}
-
-// \u2500\u2500 Extract Functions (deep scan all string values) \u2500\u2500
-function scanStrings(obj) {
-  const strings = [];
-  function walk(v) {
-    if (typeof v === 'string' && v.trim()) strings.push(v.trim());
-    else if (Array.isArray(v)) v.forEach(walk);
-    else if (v && typeof v === 'object') Object.values(v).forEach(walk);
-  }
-  walk(obj);
-  return strings;
-}
-
-function looksLikeFilename(s) {
-  if (s.startsWith('.')) return true;
-  if (/\\.\\w+$/.test(s)) return true;
-  const known = ['id_rsa','id_dsa','id_ecdsa','id_ed25519','authorized_keys','known_hosts','makefile','dockerfile'];
-  return known.includes(s.toLowerCase());
-}
-
-function extractFilenames(args) {
-  const names = new Set();
-  for (const s of scanStrings(args)) {
-    if (/^https?:\\/\\//i.test(s)) continue;
-    if (s.includes('/') || s.includes('\\\\')) {
-      const base = s.replace(/\\\\/g, '/').split('/').pop();
-      if (base) names.add(base);
-      continue;
-    }
-    if (s.includes(' ')) {
-      for (const tok of s.split(/\\s+/)) {
-        if (tok.includes('/') || tok.includes('\\\\')) {
-          const b = tok.replace(/\\\\/g, '/').split('/').pop();
-          if (b && looksLikeFilename(b)) names.add(b);
-        } else if (looksLikeFilename(tok)) names.add(tok);
-      }
-      continue;
-    }
-    if (looksLikeFilename(s)) names.add(s);
-  }
-  return [...names];
-}
-
-function extractUrls(args) {
-  const urls = new Set();
-  for (const s of scanStrings(args)) {
-    if (/^https?:\\/\\//i.test(s)) { urls.add(s); continue; }
-    if (s.includes(' ')) {
-      for (const tok of s.split(/\\s+/)) {
-        if (/^https?:\\/\\//i.test(tok)) urls.add(tok);
-      }
-    }
-  }
-  return [...urls];
-}
-
-function extractCommands(args) {
-  const cmds = [];
-  const fields = ['command', 'cmd', 'function', 'script', 'shell'];
-  if (typeof args === 'object' && args) {
-    for (const [k, v] of Object.entries(args)) {
-      if (fields.includes(k.toLowerCase()) && typeof v === 'string') {
-        // Split chained commands: cd /path && npm install \u2192 [cd /path, npm install]
-        for (const part of v.split(/\\s*(?:&&|\\|\\||;|\\|)\\s*/)) {
-          const trimmed = part.trim();
-          if (trimmed) cmds.push(trimmed);
-        }
-      }
-    }
-  }
-  return cmds;
-}
-
-function extractPaths(args) {
-  const paths = [];
-  for (const s of scanStrings(args)) {
-    if (/^https?:\\/\\//i.test(s)) continue;
-    if (s.includes('/') || s.includes('\\\\') || s.startsWith('.')) paths.push(s);
-  }
-  return paths;
-}
-
-// \u2500\u2500 Policy Evaluation \u2500\u2500
-function evaluate(policy, args) {
-  if (!policy || !policy.rules) return null;
-  const denyRules = policy.rules
-    .filter(r => r.effect === 'DENY' && r.enabled !== false)
-    .sort((a, b) => (a.priority || 100) - (b.priority || 100));
-
-  for (const rule of denyRules) {
-    // Filename constraints
-    if (rule.filenameConstraints && rule.filenameConstraints.denied) {
-      const filenames = extractFilenames(args);
-      for (const fn of filenames) {
-        for (const pat of rule.filenameConstraints.denied) {
-          if (matchGlob(fn, pat)) return 'Blocked by policy: filename "' + fn + '" matches "' + pat + '"';
-        }
-      }
-    }
-    // URL constraints
-    if (rule.urlConstraints && rule.urlConstraints.denied) {
-      const urls = extractUrls(args);
-      for (const url of urls) {
-        for (const pat of rule.urlConstraints.denied) {
-          if (matchGlob(url, pat)) return 'Blocked by policy: URL "' + url + '" matches "' + pat + '"';
-        }
-      }
-    }
-    // Command constraints
-    if (rule.commandConstraints && rule.commandConstraints.denied) {
-      const cmds = extractCommands(args);
-      for (const cmd of cmds) {
-        for (const pat of rule.commandConstraints.denied) {
-          if (matchGlob(cmd, pat)) return 'Blocked by policy: command "' + cmd.slice(0,60) + '" matches "' + pat + '"';
-        }
-      }
-    }
-    // Path constraints
-    if (rule.pathConstraints && rule.pathConstraints.denied) {
-      const paths = extractPaths(args);
-      for (const p of paths) {
-        for (const pat of rule.pathConstraints.denied) {
-          if (matchPathGlob(p, pat)) return 'Blocked by policy: path "' + p + '" matches "' + pat + '"';
-        }
-      }
-    }
-  }
-  return null;
+var __dirname = dirname(fileURLToPath(import.meta.url));
+var HOOKS_DIR = resolve(__dirname, "..", "hooks");
+function readHookScript(filename) {
+  return readFileSync(join(HOOKS_DIR, filename), "utf-8");
 }
-
-// \u2500\u2500 Main \u2500\u2500
-let input = '';
-process.stdin.on('data', c => input += c);
-process.stdin.on('end', async () => {
-  try {
-    const data = JSON.parse(input);
-    const args = data.tool_input || {};
-
-    // \u2500\u2500 Self-protection: block access to hook files and settings \u2500\u2500
-    const allStrings = scanStrings(args).map(s => s.replace(/\\\\/g, '/').toLowerCase());
-    const protectedPaths = ['.solongate', '.claude', '.cursor', 'policy.json', '.mcp.json'];
-    for (const s of allStrings) {
-      for (const p of protectedPaths) {
-        if (s.includes(p)) {
-          const msg = 'SOLONGATE: Access to protected file "' + p + '" is blocked';
-          if (API_KEY && API_KEY.startsWith('sg_live_')) {
-            try {
-              await fetch(API_URL + '/api/v1/audit-logs', {
-                method: 'POST',
-                headers: { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' },
-                body: JSON.stringify({
-                  tool: data.tool_name || '', arguments: args,
-                  decision: 'DENY', reason: msg,
-                  source: 'claude-code-guard',
-                }),
-                signal: AbortSignal.timeout(3000),
-              });
-            } catch {}
-          }
-          process.stderr.write(msg);
-          process.exit(2);
-        }
-      }
-    }
-
-    // Load policy (use cwd from hook data if available)
-    const hookCwd = data.cwd || process.cwd();
-    let policy;
-    try {
-      const policyPath = resolve(hookCwd, 'policy.json');
-      policy = JSON.parse(readFileSync(policyPath, 'utf-8'));
-    } catch {
-      process.exit(0); // No policy = allow all
-    }
-
-    const reason = evaluate(policy, args);
-    const decision = reason ? 'DENY' : 'ALLOW';
-
-    // \u2500\u2500 Log ALL decisions to SolonGate Cloud \u2500\u2500
-    if (API_KEY && API_KEY.startsWith('sg_live_')) {
-      try {
-        await fetch(API_URL + '/api/v1/audit-logs', {
-          method: 'POST',
-          headers: { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' },
-          body: JSON.stringify({
-            tool: data.tool_name || '', arguments: args,
-            decision, reason: reason || 'allowed by policy',
-            source: 'claude-code-guard',
-          }),
-          signal: AbortSignal.timeout(3000),
-        });
-      } catch {}
-    }
-
-    if (reason) {
-      process.stderr.write(reason);
-      process.exit(2);
-    }
-  } catch {}
-  process.exit(0);
-});
-`;
-var AUDIT_SCRIPT = `#!/usr/bin/env node
-/**
- * SolonGate Audit Hook for Claude Code (PostToolUse)
- * Logs tool execution results to SolonGate Cloud.
- * Auto-installed by: npx @solongate/proxy init
- */
-import { readFileSync, existsSync } from 'node:fs';
-import { resolve } from 'node:path';
-
-function loadEnvKey(dir) {
-  try {
-    const envPath = resolve(dir, '.env');
-    if (!existsSync(envPath)) return {};
-    const lines = readFileSync(envPath, 'utf-8').split('\\n');
-    const env = {};
-    for (const line of lines) {
-      const m = line.match(/^([A-Z_]+)=(.*)$/);
-      if (m) env[m[1]] = m[2].replace(/^["']|["']$/g, '').trim();
-    }
-    return env;
-  } catch { return {}; }
-}
-
-const dotenv = loadEnvKey(process.cwd());
-const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
-const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
-
-if (!API_KEY || !API_KEY.startsWith('sg_live_')) process.exit(0);
-
-let input = '';
-process.stdin.on('data', c => input += c);
-process.stdin.on('end', async () => {
-  try {
-    const data = JSON.parse(input);
-    const toolName = data.tool_name || 'unknown';
-    const toolInput = data.tool_input || {};
-
-    if (toolName === 'Bash' && JSON.stringify(toolInput).includes('audit-logs')) {
-      process.exit(0);
-    }
-
-    const hasError = data.tool_response?.error ||
-      data.tool_response?.exitCode > 0 ||
-      data.tool_response?.isError;
-
-    const argsSummary = {};
-    for (const [k, v] of Object.entries(toolInput)) {
-      argsSummary[k] = typeof v === 'string' && v.length > 200
-        ? v.slice(0, 200) + '...'
-        : v;
-    }
-
-    await fetch(\`\${API_URL}/api/v1/audit-logs\`, {
-      method: 'POST',
-      headers: {
-        'Authorization': \`Bearer \${API_KEY}\`,
-        'Content-Type': 'application/json',
-      },
-      body: JSON.stringify({
-        tool: toolName,
-        arguments: argsSummary,
-        decision: hasError ? 'DENY' : 'ALLOW',
-        reason: hasError ? 'tool returned error' : 'allowed',
-        source: 'claude-code-hook',
-        evaluationTimeMs: 0,
-      }),
-      signal: AbortSignal.timeout(5000),
-    });
-  } catch {
-    // Silent
-  }
-  process.exit(0);
-});
-`;
 function installHooks() {
   const hooksDir = resolve(".solongate", "hooks");
   mkdirSync(hooksDir, { recursive: true });
   const guardPath = join(hooksDir, "guard.mjs");
-  writeFileSync(guardPath, GUARD_SCRIPT);
+  writeFileSync(guardPath, readHookScript("guard.mjs"));
   console.log(`  Created ${guardPath}`);
   const auditPath = join(hooksDir, "audit.mjs");
-  writeFileSync(auditPath, AUDIT_SCRIPT);
+  writeFileSync(auditPath, readHookScript("audit.mjs"));
   console.log(`  Created ${auditPath}`);
   const hookSettings = {
     hooks: {
@@ -575,7 +242,7 @@ async function main() {
     blue5: "\x1B[38;2;130;170;240m",
     blue6: "\x1B[38;2;170;200;250m"
   };
-  const bannerLines = [
+  const fullBanner = [
     " \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2557      \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2557   \u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557  \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557",
     " \u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u2588\u2588\u2554\u2550\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2551     \u2588\u2588\u2554\u2550\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2557  \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u255A\u2550\u2550\u2588\u2588\u2554\u2550\u2550\u255D\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D",
     " \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551     \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2554\u2588\u2588\u2557 \u2588\u2588\u2551\u2588\u2588\u2551  \u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551   \u2588\u2588\u2551   \u2588\u2588\u2588\u2588\u2588\u2557  ",
@@ -583,10 +250,36 @@ async function main() {
     " \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D\u2588\u2588\u2551 \u255A\u2588\u2588\u2588\u2588\u2551\u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D\u2588\u2588\u2551  \u2588\u2588\u2551   \u2588\u2588\u2551   \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557",
     " \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u255D  \u255A\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u255D  \u255A\u2550\u255D   \u255A\u2550\u255D   \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D"
   ];
+  const mediumBanner = [
+    " \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2557      \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2557   \u2588\u2588\u2557",
+    " \u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u2588\u2588\u2554\u2550\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2551     \u2588\u2588\u2554\u2550\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2557  \u2588\u2588\u2551",
+    " \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551     \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2554\u2588\u2588\u2557 \u2588\u2588\u2551",
+    " \u255A\u2550\u2550\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551     \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551\u255A\u2588\u2588\u2557\u2588\u2588\u2551",
+    " \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D\u2588\u2588\u2551 \u255A\u2588\u2588\u2588\u2588\u2551",
+    " \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u255D  \u255A\u2550\u2550\u2550\u255D",
+    "          \u2588\u2588\u2588\u2588\u2588\u2588\u2557  \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557",
+    "         \u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u255A\u2550\u2550\u2588\u2588\u2554\u2550\u2550\u255D\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D",
+    "         \u2588\u2588\u2551  \u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551   \u2588\u2588\u2551   \u2588\u2588\u2588\u2588\u2588\u2557  ",
+    "         \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551   \u2588\u2588\u2551   \u2588\u2588\u2554\u2550\u2550\u255D  ",
+    "         \u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D\u2588\u2588\u2551  \u2588\u2588\u2551   \u2588\u2588\u2551   \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557",
+    "          \u255A\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u255D  \u255A\u2550\u255D   \u255A\u2550\u255D   \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D"
+  ];
+  const smallBanner = [
+    " \u250F\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513",
+    " \u2503   \u2554\u2550\u2557\u2554\u2550\u2557\u2566  \u2554\u2550\u2557\u2554\u2557\u2554\u2554\u2550\u2557    \u2503",
+    " \u2503   \u255A\u2550\u2557\u2551 \u2551\u2551  \u2551 \u2551\u2551\u2551\u2551\u2551 \u2566    \u2503",
+    " \u2503   \u255A\u2550\u255D\u255A\u2550\u255D\u2569\u2550\u255D\u255A\u2550\u255D\u255D\u255A\u255D\u255A\u2550\u255D   \u2503",
+    " \u2503      \u2554\u2550\u2557\u2554\u2550\u2557\u2554\u2566\u2557\u2554\u2550\u2557       \u2503",
+    " \u2503      \u2551 \u2566\u2560\u2550\u2563 \u2551 \u2551\u2563        \u2503",
+    " \u2503      \u255A\u2550\u255D\u2569 \u2569 \u2569 \u255A\u2550\u255D       \u2503",
+    " \u2517\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u251B"
+  ];
+  const cols = process.stdout.columns || 80;
+  const bannerLines = cols >= 82 ? fullBanner : cols >= 50 ? mediumBanner : smallBanner;
   const bannerColors = [_c.blue1, _c.blue2, _c.blue3, _c.blue4, _c.blue5, _c.blue6];
   console.log("");
   for (let i = 0; i < bannerLines.length; i++) {
-    console.log(`${_c.bold}${bannerColors[i]}${bannerLines[i]}${_c.reset}`);
+    console.log(`${_c.bold}${bannerColors[i % bannerColors.length]}${bannerLines[i]}${_c.reset}`);
   }
   console.log("");
   console.log(`  ${_c.dim}${_c.italic}Init Setup${_c.reset}`);

package/dist/pull-push.js

@@ -5,7 +5,7 @@ import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync2
 import { resolve as resolve2 } from "path";
 
 // src/config.ts
-import { readFileSync, existsSync } from "fs";
+import { readFileSync, existsSync, appendFileSync } from "fs";
 import { resolve } from "path";
 async function fetchCloudPolicy(apiKey, apiUrl, policyId) {
   let resolvedId = policyId;
@@ -42,6 +42,7 @@ async function fetchCloudPolicy(apiKey, apiUrl, policyId) {
     updatedAt: ""
   };
 }
+var AUDIT_LOG_BACKUP_PATH = resolve(".solongate-audit-backup.jsonl");
 
 // src/pull-push.ts
 var log = (...args) => process.stderr.write(`${args.map(String).join(" ")}

package/hooks/audit.mjs

@@ -0,0 +1,73 @@
+#!/usr/bin/env node
+/**
+ * SolonGate Audit Hook for Claude Code (PostToolUse)
+ * Logs tool execution results to SolonGate Cloud.
+ * Auto-installed by: npx @solongate/proxy init
+ */
+import { readFileSync, existsSync } from 'node:fs';
+import { resolve } from 'node:path';
+
+function loadEnvKey(dir) {
+  try {
+    const envPath = resolve(dir, '.env');
+    if (!existsSync(envPath)) return {};
+    const lines = readFileSync(envPath, 'utf-8').split('\n');
+    const env = {};
+    for (const line of lines) {
+      const m = line.match(/^([A-Z_]+)=(.*)$/);
+      if (m) env[m[1]] = m[2].replace(/^["']|["']$/g, '').trim();
+    }
+    return env;
+  } catch { return {}; }
+}
+
+const dotenv = loadEnvKey(process.cwd());
+const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
+const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
+
+if (!API_KEY || !API_KEY.startsWith('sg_live_')) process.exit(0);
+
+let input = '';
+process.stdin.on('data', c => input += c);
+process.stdin.on('end', async () => {
+  try {
+    const data = JSON.parse(input);
+    const toolName = data.tool_name || 'unknown';
+    const toolInput = data.tool_input || {};
+
+    if (toolName === 'Bash' && JSON.stringify(toolInput).includes('audit-logs')) {
+      process.exit(0);
+    }
+
+    const hasError = data.tool_response?.error ||
+      data.tool_response?.exitCode > 0 ||
+      data.tool_response?.isError;
+
+    const argsSummary = {};
+    for (const [k, v] of Object.entries(toolInput)) {
+      argsSummary[k] = typeof v === 'string' && v.length > 200
+        ? v.slice(0, 200) + '...'
+        : v;
+    }
+
+    await fetch(`${API_URL}/api/v1/audit-logs`, {
+      method: 'POST',
+      headers: {
+        'Authorization': `Bearer ${API_KEY}`,
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({
+        tool: toolName,
+        arguments: argsSummary,
+        decision: hasError ? 'DENY' : 'ALLOW',
+        reason: hasError ? 'tool returned error' : 'allowed',
+        source: 'claude-code-hook',
+        evaluationTimeMs: 0,
+      }),
+      signal: AbortSignal.timeout(5000),
+    });
+  } catch {
+    // Silent
+  }
+  process.exit(0);
+});