npm - @solongate/proxy - Versions diffs - 0.8.2 → 0.8.3 - Mend

@solongate/proxy 0.8.2 → 0.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.js CHANGED Viewed

@@ -5,7 +5,7 @@ var __esm = (fn, res) => function __init() {
 };
 // src/config.ts
-import { readFileSync, existsSync } from "fs";
+import { readFileSync, existsSync, appendFileSync } from "fs";
 import { resolve } from "path";
 async function fetchCloudPolicy(apiKey, apiUrl, policyId) {
   let resolvedId = policyId;
@@ -44,22 +44,38 @@ async function fetchCloudPolicy(apiKey, apiUrl, policyId) {
 }
 async function sendAuditLog(apiKey, apiUrl, entry) {
   const url = `${apiUrl}/api/v1/audit-logs`;
-  try {
-    const res = await fetch(url, {
-      method: "POST",
-      headers: {
-        "Authorization": `Bearer ${apiKey}`,
-        "Content-Type": "application/json"
-      },
-      body: JSON.stringify(entry)
-    });
-    if (!res.ok) {
-      const body = await res.text().catch(() => "");
-      process.stderr.write(`[SolonGate] Audit log failed (${res.status}): ${body}
+  const body = JSON.stringify(entry);
+  for (let attempt = 0; attempt < AUDIT_MAX_RETRIES; attempt++) {
+    try {
+      const res = await fetch(url, {
+        method: "POST",
+        headers: {
+          "Authorization": `Bearer ${apiKey}`,
+          "Content-Type": "application/json"
+        },
+        body,
+        signal: AbortSignal.timeout(5e3)
+      });
+      if (res.ok) return;
+      if (res.status >= 400 && res.status < 500) {
+        const resBody = await res.text().catch(() => "");
+        process.stderr.write(`[SolonGate] Audit log rejected (${res.status}): ${resBody}
 `);
+        return;
+      }
+    } catch {
     }
+    if (attempt < AUDIT_MAX_RETRIES - 1) {
+      await new Promise((r) => setTimeout(r, 500 * Math.pow(2, attempt)));
+    }
+  }
+  process.stderr.write(`[SolonGate] Audit log failed after ${AUDIT_MAX_RETRIES} retries, saving to local backup.
+`);
+  try {
+    const line = JSON.stringify({ ...entry, timestamp: (/* @__PURE__ */ new Date()).toISOString() }) + "\n";
+    appendFileSync(AUDIT_LOG_BACKUP_PATH, line, "utf-8");
   } catch (err) {
-    process.stderr.write(`[SolonGate] Audit log error: ${err instanceof Error ? err.message : String(err)}
+    process.stderr.write(`[SolonGate] Audit backup write error: ${err instanceof Error ? err.message : String(err)}
 `);
   }
 }
@@ -260,10 +276,12 @@ function resolvePolicyPath(source) {
   if (existsSync(filePath)) return filePath;
   return null;
 }
-var DEFAULT_POLICY;
+var AUDIT_MAX_RETRIES, AUDIT_LOG_BACKUP_PATH, DEFAULT_POLICY;
 var init_config = __esm({
   "src/config.ts"() {
     "use strict";
+    AUDIT_MAX_RETRIES = 3;
+    AUDIT_LOG_BACKUP_PATH = resolve(".solongate-audit-backup.jsonl");
     DEFAULT_POLICY = {
       id: "default",
       name: "Default (Deny All)",
@@ -278,8 +296,9 @@ var init_config = __esm({
 // src/init.ts
 var init_exports = {};
-import { readFileSync as readFileSync3, writeFileSync as writeFileSync2, existsSync as existsSync3, mkdirSync } from "fs";
-import { resolve as resolve2, join } from "path";
+import { readFileSync as readFileSync3, writeFileSync as writeFileSync2, existsSync as existsSync3, mkdirSync as mkdirSync2 } from "fs";
+import { resolve as resolve2, join, dirname as dirname2 } from "path";
+import { fileURLToPath } from "url";
 import { createInterface } from "readline";
 function findConfigFile(explicitPath, createIfMissing = false) {
   if (explicitPath) {
@@ -404,14 +423,17 @@ EXAMPLES
 `;
   console.log(help);
 }
+function readHookScript(filename) {
+  return readFileSync3(join(HOOKS_DIR, filename), "utf-8");
+}
 function installHooks() {
   const hooksDir = resolve2(".solongate", "hooks");
-  mkdirSync(hooksDir, { recursive: true });
+  mkdirSync2(hooksDir, { recursive: true });
   const guardPath = join(hooksDir, "guard.mjs");
-  writeFileSync2(guardPath, GUARD_SCRIPT);
+  writeFileSync2(guardPath, readHookScript("guard.mjs"));
   console.log(`  Created ${guardPath}`);
   const auditPath = join(hooksDir, "audit.mjs");
-  writeFileSync2(auditPath, AUDIT_SCRIPT);
+  writeFileSync2(auditPath, readHookScript("audit.mjs"));
   console.log(`  Created ${auditPath}`);
   const hookSettings = {
     hooks: {
@@ -439,7 +461,7 @@ function installHooks() {
   ];
   for (const client of clients) {
     const clientDir = resolve2(client.dir);
-    mkdirSync(clientDir, { recursive: true });
+    mkdirSync2(clientDir, { recursive: true });
     const settingsPath = join(clientDir, "settings.json");
     let existing = {};
     try {
@@ -714,7 +736,7 @@ async function main() {
   console.log("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518");
   console.log("");
 }
-var SEARCH_PATHS, CLAUDE_DESKTOP_PATHS, sleep, GUARD_SCRIPT, AUDIT_SCRIPT;
+var SEARCH_PATHS, CLAUDE_DESKTOP_PATHS, sleep, __dirname, HOOKS_DIR;
 var init_init = __esm({
   "src/init.ts"() {
     "use strict";
@@ -725,345 +747,8 @@ var init_init = __esm({
     ];
     CLAUDE_DESKTOP_PATHS = process.platform === "win32" ? [join(process.env["APPDATA"] ?? "", "Claude", "claude_desktop_config.json")] : process.platform === "darwin" ? [join(process.env["HOME"] ?? "", "Library", "Application Support", "Claude", "claude_desktop_config.json")] : [join(process.env["HOME"] ?? "", ".config", "claude", "claude_desktop_config.json")];
     sleep = (ms) => new Promise((r) => setTimeout(r, ms));
-    GUARD_SCRIPT = `#!/usr/bin/env node
-/**
- * SolonGate Policy Guard Hook (PreToolUse)
- * Reads policy.json and blocks tool calls that violate constraints.
- * Exit code 2 = BLOCK, exit code 0 = ALLOW.
- * Logs ALL decisions (ALLOW + DENY) to SolonGate Cloud.
- * Auto-installed by: npx @solongate/proxy init
- */
-import { readFileSync, existsSync } from 'node:fs';
-import { resolve } from 'node:path';
-// \u2500\u2500 Load API key from .env file (Claude Code doesn't load .env into process.env) \u2500\u2500
-function loadEnvKey(dir) {
-  try {
-    const envPath = resolve(dir, '.env');
-    if (!existsSync(envPath)) return {};
-    const lines = readFileSync(envPath, 'utf-8').split('\\n');
-    const env = {};
-    for (const line of lines) {
-      const m = line.match(/^([A-Z_]+)=(.*)$/);
-      if (m) env[m[1]] = m[2].replace(/^["']|["']$/g, '').trim();
-    }
-    return env;
-  } catch { return {}; }
-}
-const hookCwdEarly = process.cwd();
-const dotenv = loadEnvKey(hookCwdEarly);
-const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
-const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
-// \u2500\u2500 Glob Matching \u2500\u2500
-function matchGlob(str, pattern) {
-  if (pattern === '*') return true;
-  const s = str.toLowerCase();
-  const p = pattern.toLowerCase();
-  if (s === p) return true;
-  const startsW = p.startsWith('*');
-  const endsW = p.endsWith('*');
-  if (startsW && endsW) { const infix = p.slice(1, -1); return infix.length > 0 && s.includes(infix); }
-  if (startsW) return s.endsWith(p.slice(1));
-  if (endsW) return s.startsWith(p.slice(0, -1));
-  const idx = p.indexOf('*');
-  if (idx !== -1) {
-    const pre = p.slice(0, idx);
-    const suf = p.slice(idx + 1);
-    return s.startsWith(pre) && s.endsWith(suf) && s.length >= pre.length + suf.length;
-  }
-  return false;
-}
-// \u2500\u2500 Path Glob (supports **) \u2500\u2500
-function matchPathGlob(path, pattern) {
-  const p = path.replace(/\\\\/g, '/').toLowerCase();
-  const g = pattern.replace(/\\\\/g, '/').toLowerCase();
-  if (p === g) return true;
-  if (g.includes('**')) {
-    const parts = g.split('**').filter(s => s.length > 0);
-    if (parts.length === 0) return true; // just ** or ****
-    return parts.every(segment => p.includes(segment));
-  }
-  return matchGlob(p, g);
-}
-// \u2500\u2500 Extract Functions (deep scan all string values) \u2500\u2500
-function scanStrings(obj) {
-  const strings = [];
-  function walk(v) {
-    if (typeof v === 'string' && v.trim()) strings.push(v.trim());
-    else if (Array.isArray(v)) v.forEach(walk);
-    else if (v && typeof v === 'object') Object.values(v).forEach(walk);
-  }
-  walk(obj);
-  return strings;
-}
-function looksLikeFilename(s) {
-  if (s.startsWith('.')) return true;
-  if (/\\.\\w+$/.test(s)) return true;
-  const known = ['id_rsa','id_dsa','id_ecdsa','id_ed25519','authorized_keys','known_hosts','makefile','dockerfile'];
-  return known.includes(s.toLowerCase());
-}
-function extractFilenames(args) {
-  const names = new Set();
-  for (const s of scanStrings(args)) {
-    if (/^https?:\\/\\//i.test(s)) continue;
-    if (s.includes('/') || s.includes('\\\\')) {
-      const base = s.replace(/\\\\/g, '/').split('/').pop();
-      if (base) names.add(base);
-      continue;
-    }
-    if (s.includes(' ')) {
-      for (const tok of s.split(/\\s+/)) {
-        if (tok.includes('/') || tok.includes('\\\\')) {
-          const b = tok.replace(/\\\\/g, '/').split('/').pop();
-          if (b && looksLikeFilename(b)) names.add(b);
-        } else if (looksLikeFilename(tok)) names.add(tok);
-      }
-      continue;
-    }
-    if (looksLikeFilename(s)) names.add(s);
-  }
-  return [...names];
-}
-function extractUrls(args) {
-  const urls = new Set();
-  for (const s of scanStrings(args)) {
-    if (/^https?:\\/\\//i.test(s)) { urls.add(s); continue; }
-    if (s.includes(' ')) {
-      for (const tok of s.split(/\\s+/)) {
-        if (/^https?:\\/\\//i.test(tok)) urls.add(tok);
-      }
-    }
-  }
-  return [...urls];
-}
-function extractCommands(args) {
-  const cmds = [];
-  const fields = ['command', 'cmd', 'function', 'script', 'shell'];
-  if (typeof args === 'object' && args) {
-    for (const [k, v] of Object.entries(args)) {
-      if (fields.includes(k.toLowerCase()) && typeof v === 'string') {
-        // Split chained commands: cd /path && npm install \u2192 [cd /path, npm install]
-        for (const part of v.split(/\\s*(?:&&|\\|\\||;|\\|)\\s*/)) {
-          const trimmed = part.trim();
-          if (trimmed) cmds.push(trimmed);
-        }
-      }
-    }
-  }
-  return cmds;
-}
-function extractPaths(args) {
-  const paths = [];
-  for (const s of scanStrings(args)) {
-    if (/^https?:\\/\\//i.test(s)) continue;
-    if (s.includes('/') || s.includes('\\\\') || s.startsWith('.')) paths.push(s);
-  }
-  return paths;
-}
-// \u2500\u2500 Policy Evaluation \u2500\u2500
-function evaluate(policy, args) {
-  if (!policy || !policy.rules) return null;
-  const denyRules = policy.rules
-    .filter(r => r.effect === 'DENY' && r.enabled !== false)
-    .sort((a, b) => (a.priority || 100) - (b.priority || 100));
-  for (const rule of denyRules) {
-    // Filename constraints
-    if (rule.filenameConstraints && rule.filenameConstraints.denied) {
-      const filenames = extractFilenames(args);
-      for (const fn of filenames) {
-        for (const pat of rule.filenameConstraints.denied) {
-          if (matchGlob(fn, pat)) return 'Blocked by policy: filename "' + fn + '" matches "' + pat + '"';
-        }
-      }
-    }
-    // URL constraints
-    if (rule.urlConstraints && rule.urlConstraints.denied) {
-      const urls = extractUrls(args);
-      for (const url of urls) {
-        for (const pat of rule.urlConstraints.denied) {
-          if (matchGlob(url, pat)) return 'Blocked by policy: URL "' + url + '" matches "' + pat + '"';
-        }
-      }
-    }
-    // Command constraints
-    if (rule.commandConstraints && rule.commandConstraints.denied) {
-      const cmds = extractCommands(args);
-      for (const cmd of cmds) {
-        for (const pat of rule.commandConstraints.denied) {
-          if (matchGlob(cmd, pat)) return 'Blocked by policy: command "' + cmd.slice(0,60) + '" matches "' + pat + '"';
-        }
-      }
-    }
-    // Path constraints
-    if (rule.pathConstraints && rule.pathConstraints.denied) {
-      const paths = extractPaths(args);
-      for (const p of paths) {
-        for (const pat of rule.pathConstraints.denied) {
-          if (matchPathGlob(p, pat)) return 'Blocked by policy: path "' + p + '" matches "' + pat + '"';
-        }
-      }
-    }
-  }
-  return null;
-}
-// \u2500\u2500 Main \u2500\u2500
-let input = '';
-process.stdin.on('data', c => input += c);
-process.stdin.on('end', async () => {
-  try {
-    const data = JSON.parse(input);
-    const args = data.tool_input || {};
-    // \u2500\u2500 Self-protection: block access to hook files and settings \u2500\u2500
-    const allStrings = scanStrings(args).map(s => s.replace(/\\\\/g, '/').toLowerCase());
-    const protectedPaths = ['.solongate', '.claude', '.cursor', 'policy.json', '.mcp.json'];
-    for (const s of allStrings) {
-      for (const p of protectedPaths) {
-        if (s.includes(p)) {
-          const msg = 'SOLONGATE: Access to protected file "' + p + '" is blocked';
-          if (API_KEY && API_KEY.startsWith('sg_live_')) {
-            try {
-              await fetch(API_URL + '/api/v1/audit-logs', {
-                method: 'POST',
-                headers: { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' },
-                body: JSON.stringify({
-                  tool: data.tool_name || '', arguments: args,
-                  decision: 'DENY', reason: msg,
-                  source: 'claude-code-guard',
-                }),
-                signal: AbortSignal.timeout(3000),
-              });
-            } catch {}
-          }
-          process.stderr.write(msg);
-          process.exit(2);
-        }
-      }
-    }
-    // Load policy (use cwd from hook data if available)
-    const hookCwd = data.cwd || process.cwd();
-    let policy;
-    try {
-      const policyPath = resolve(hookCwd, 'policy.json');
-      policy = JSON.parse(readFileSync(policyPath, 'utf-8'));
-    } catch {
-      process.exit(0); // No policy = allow all
-    }
-    const reason = evaluate(policy, args);
-    const decision = reason ? 'DENY' : 'ALLOW';
-    // \u2500\u2500 Log ALL decisions to SolonGate Cloud \u2500\u2500
-    if (API_KEY && API_KEY.startsWith('sg_live_')) {
-      try {
-        await fetch(API_URL + '/api/v1/audit-logs', {
-          method: 'POST',
-          headers: { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' },
-          body: JSON.stringify({
-            tool: data.tool_name || '', arguments: args,
-            decision, reason: reason || 'allowed by policy',
-            source: 'claude-code-guard',
-          }),
-          signal: AbortSignal.timeout(3000),
-        });
-      } catch {}
-    }
-    if (reason) {
-      process.stderr.write(reason);
-      process.exit(2);
-    }
-  } catch {}
-  process.exit(0);
-});
-`;
-    AUDIT_SCRIPT = `#!/usr/bin/env node
-/**
- * SolonGate Audit Hook for Claude Code (PostToolUse)
- * Logs tool execution results to SolonGate Cloud.
- * Auto-installed by: npx @solongate/proxy init
- */
-import { readFileSync, existsSync } from 'node:fs';
-import { resolve } from 'node:path';
-function loadEnvKey(dir) {
-  try {
-    const envPath = resolve(dir, '.env');
-    if (!existsSync(envPath)) return {};
-    const lines = readFileSync(envPath, 'utf-8').split('\\n');
-    const env = {};
-    for (const line of lines) {
-      const m = line.match(/^([A-Z_]+)=(.*)$/);
-      if (m) env[m[1]] = m[2].replace(/^["']|["']$/g, '').trim();
-    }
-    return env;
-  } catch { return {}; }
-}
-const dotenv = loadEnvKey(process.cwd());
-const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
-const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
-if (!API_KEY || !API_KEY.startsWith('sg_live_')) process.exit(0);
-let input = '';
-process.stdin.on('data', c => input += c);
-process.stdin.on('end', async () => {
-  try {
-    const data = JSON.parse(input);
-    const toolName = data.tool_name || 'unknown';
-    const toolInput = data.tool_input || {};
-    if (toolName === 'Bash' && JSON.stringify(toolInput).includes('audit-logs')) {
-      process.exit(0);
-    }
-    const hasError = data.tool_response?.error ||
-      data.tool_response?.exitCode > 0 ||
-      data.tool_response?.isError;
-    const argsSummary = {};
-    for (const [k, v] of Object.entries(toolInput)) {
-      argsSummary[k] = typeof v === 'string' && v.length > 200
-        ? v.slice(0, 200) + '...'
-        : v;
-    }
-    await fetch(\`\${API_URL}/api/v1/audit-logs\`, {
-      method: 'POST',
-      headers: {
-        'Authorization': \`Bearer \${API_KEY}\`,
-        'Content-Type': 'application/json',
-      },
-      body: JSON.stringify({
-        tool: toolName,
-        arguments: argsSummary,
-        decision: hasError ? 'DENY' : 'ALLOW',
-        reason: hasError ? 'tool returned error' : 'allowed',
-        source: 'claude-code-hook',
-        evaluationTimeMs: 0,
-      }),
-      signal: AbortSignal.timeout(5000),
-    });
-  } catch {
-    // Silent
-  }
-  process.exit(0);
-});
-`;
+    __dirname = dirname2(fileURLToPath(import.meta.url));
+    HOOKS_DIR = resolve2(__dirname, "..", "hooks");
     main().catch((err) => {
       console.log(`Fatal: ${err instanceof Error ? err.message : String(err)}`);
       process.exit(1);
@@ -1445,7 +1130,7 @@ var init_inject = __esm({
 // src/create.ts
 var create_exports = {};
-import { mkdirSync as mkdirSync2, writeFileSync as writeFileSync4, existsSync as existsSync5 } from "fs";
+import { mkdirSync as mkdirSync3, writeFileSync as writeFileSync4, existsSync as existsSync5 } from "fs";
 import { resolve as resolve4, join as join2 } from "path";
 import { execSync as execSync2 } from "child_process";
 function log4(msg) {
@@ -1597,7 +1282,7 @@ function createProject(dir, name, _policy) {
       2
     ) + "\n"
   );
-  mkdirSync2(join2(dir, "src"), { recursive: true });
+  mkdirSync3(join2(dir, "src"), { recursive: true });
   writeFileSync4(
     join2(dir, "src", "index.ts"),
     `#!/usr/bin/env node
@@ -1686,7 +1371,7 @@ async function main3() {
     process.exit(1);
   }
   withSpinner(`Setting up ${opts.name}...`, () => {
-    mkdirSync2(dir, { recursive: true });
+    mkdirSync3(dir, { recursive: true });
     createProject(dir, opts.name, opts.policy);
   });
   if (!opts.noInstall) {
@@ -2194,7 +1879,7 @@ var PolicyRuleSchema = z.object({
   effect: z.enum(["ALLOW", "DENY"]),
   priority: z.number().int().min(0).max(1e4).default(1e3),
   toolPattern: z.string().min(1).max(512),
-  permission: z.enum(["READ", "WRITE", "EXECUTE"]),
+  permission: z.enum(["READ", "WRITE", "EXECUTE"]).optional(),
   minimumTrustLevel: z.enum(["UNTRUSTED", "VERIFIED", "TRUSTED"]),
   argumentConstraints: z.record(z.unknown()).optional(),
   pathConstraints: z.object({
@@ -2241,6 +1926,7 @@ function createSecurityContext(params) {
 var DEFAULT_POLICY_EFFECT = "DENY";
 var MAX_RULES_PER_POLICY_SET = 1e3;
 var POLICY_EVALUATION_TIMEOUT_MS = 100;
+var TOKEN_MAX_AGE_SECONDS = 300;
 var RATE_LIMIT_WINDOW_MS = 6e4;
 var RATE_LIMIT_MAX_ENTRIES = 1e4;
 var UNSAFE_CONFIGURATION_WARNINGS = {
@@ -2713,7 +2399,7 @@ function extractUrlArguments(args) {
         addUrl(value);
         return;
       }
-      if (/^[a-zA-Z0-9]([a-zA-Z0-9-]*\.)+[a-zA-Z]{2,}(\/.*)?$/.test(value)) {
+      if (/^[a-zA-Z0-9]([a-zA-Z0-9-]*\.)+(?:com|net|org|io|dev|app|co|me|info|biz|gov|edu|mil|onion|xyz|ai|cloud|sh|run|so|to|cc|tv|fm|am|gg|id)(\/.*)?$/.test(value)) {
         addUrl(value);
         return;
       }
@@ -2776,7 +2462,7 @@ function isUrlAllowed(url, constraints) {
 }
 function ruleMatchesRequest(rule, request) {
   if (!rule.enabled) return false;
-  if (rule.permission !== request.requiredPermission) return false;
+  if (rule.permission && rule.permission !== request.requiredPermission) return false;
   if (!toolPatternMatches(rule.toolPattern, request.toolName)) return false;
   if (!trustLevelMeetsMinimum(request.context.trustLevel, rule.minimumTrustLevel)) {
     return false;
@@ -2972,7 +2658,7 @@ function validatePolicyRule(input) {
   if (rule.minimumTrustLevel === "TRUSTED") {
     warnings.push(UNSAFE_CONFIGURATION_WARNINGS.TRUSTED_LEVEL_EXTERNAL);
   }
-  if (rule.permission === "EXECUTE") {
+  if (!rule.permission || rule.permission === "EXECUTE") {
     warnings.push(UNSAFE_CONFIGURATION_WARNINGS.EXECUTE_WITHOUT_REVIEW);
   }
   return { valid: true, errors, warnings };
@@ -3049,7 +2735,7 @@ function analyzeRuleWarnings(rule) {
       recommendation: "Set minimumTrustLevel to VERIFIED or higher for ALLOW rules."
     });
   }
-  if (rule.effect === "ALLOW" && rule.permission === "EXECUTE") {
+  if (rule.effect === "ALLOW" && (!rule.permission || rule.permission === "EXECUTE")) {
     warnings.push({
       level: "WARNING",
       code: "ALLOW_EXECUTE",
@@ -3454,12 +3140,47 @@ var SecurityLogger = class {
     }
   }
 };
+var ExpiringSet = class {
+  entries = /* @__PURE__ */ new Map();
+  ttlMs;
+  sweepIntervalMs;
+  lastSweep = 0;
+  constructor(ttlMs, sweepIntervalMs) {
+    this.ttlMs = ttlMs;
+    this.sweepIntervalMs = sweepIntervalMs ?? Math.max(ttlMs, 6e4);
+  }
+  add(value) {
+    this.entries.set(value, Date.now());
+    this.maybeSweep();
+  }
+  has(value) {
+    const ts = this.entries.get(value);
+    if (ts === void 0) return false;
+    if (Date.now() - ts > this.ttlMs) {
+      this.entries.delete(value);
+      return false;
+    }
+    return true;
+  }
+  get size() {
+    return this.entries.size;
+  }
+  maybeSweep() {
+    const now = Date.now();
+    if (now - this.lastSweep < this.sweepIntervalMs) return;
+    this.lastSweep = now;
+    const cutoff = now - this.ttlMs;
+    for (const [key, ts] of this.entries) {
+      if (ts < cutoff) this.entries.delete(key);
+    }
+  }
+};
 var TokenIssuer = class {
   secret;
   ttlSeconds;
   issuer;
-  usedNonces = /* @__PURE__ */ new Set();
-  revokedTokens = /* @__PURE__ */ new Set();
+  usedNonces;
+  revokedTokens;
   constructor(config) {
     if (config.secret.length < MIN_SECRET_LENGTH) {
       throw new Error(
@@ -3469,6 +3190,9 @@ var TokenIssuer = class {
     this.secret = config.secret;
     this.ttlSeconds = config.ttlSeconds || DEFAULT_TOKEN_TTL_SECONDS;
     this.issuer = config.issuer;
+    const maxAgMs = TOKEN_MAX_AGE_SECONDS * 1e3;
+    this.usedNonces = new ExpiringSet(maxAgMs);
+    this.revokedTokens = new ExpiringSet(maxAgMs);
   }
   /**
    * Issues a signed capability token.
@@ -3563,13 +3287,14 @@ function base64UrlDecode(str) {
 var ServerVerifier = class {
   gatewaySecret;
   maxAgeMs;
-  usedNonces = /* @__PURE__ */ new Set();
+  usedNonces;
   constructor(config) {
     if (config.gatewaySecret.length < 32) {
       throw new Error("Gateway secret must be at least 32 characters");
     }
     this.gatewaySecret = config.gatewaySecret;
     this.maxAgeMs = config.maxAgeMs ?? 6e4;
+    this.usedNonces = new ExpiringSet(this.maxAgeMs * 2);
   }
   /**
    * Computes HMAC signature for request data.
@@ -3630,12 +3355,75 @@ var ServerVerifier = class {
     return { valid: true };
   }
 };
+var CircularTimestampBuffer = class {
+  buf;
+  head = 0;
+  // next write position
+  size = 0;
+  // current number of entries
+  constructor(capacity) {
+    this.buf = new Float64Array(capacity);
+  }
+  push(timestamp) {
+    this.buf[this.head] = timestamp;
+    this.head = (this.head + 1) % this.buf.length;
+    if (this.size < this.buf.length) this.size++;
+  }
+  /**
+   * Count entries with timestamp > windowStart.
+   * Since timestamps are monotonically increasing in the ring,
+   * we use binary search on the logical sorted order.
+   */
+  countAfter(windowStart) {
+    if (this.size === 0) return 0;
+    const oldest = this.at(0);
+    if (oldest > windowStart) return this.size;
+    let lo = 0;
+    let hi = this.size;
+    while (lo < hi) {
+      const mid = lo + hi >>> 1;
+      if (this.at(mid) > windowStart) {
+        hi = mid;
+      } else {
+        lo = mid + 1;
+      }
+    }
+    return this.size - lo;
+  }
+  /** Get the oldest entry timestamp (for resetAt calculation) */
+  oldestInWindow(windowStart) {
+    if (this.size === 0) return null;
+    let lo = 0;
+    let hi = this.size;
+    while (lo < hi) {
+      const mid = lo + hi >>> 1;
+      if (this.at(mid) > windowStart) {
+        hi = mid;
+      } else {
+        lo = mid + 1;
+      }
+    }
+    return lo < this.size ? this.at(lo) : null;
+  }
+  /** Access logical index (0 = oldest) */
+  at(logicalIndex) {
+    const start = this.size < this.buf.length ? 0 : this.head;
+    return this.buf[(start + logicalIndex) % this.buf.length];
+  }
+  clear() {
+    this.head = 0;
+    this.size = 0;
+  }
+};
 var RateLimiter = class {
   windowMs;
-  records = /* @__PURE__ */ new Map();
-  globalRecords = [];
+  maxEntries;
+  buffers = /* @__PURE__ */ new Map();
+  globalBuffer;
   constructor(options) {
     this.windowMs = options?.windowMs ?? RATE_LIMIT_WINDOW_MS;
+    this.maxEntries = options?.maxEntries ?? RATE_LIMIT_MAX_ENTRIES;
+    this.globalBuffer = new CircularTimestampBuffer(this.maxEntries);
   }
   /**
    * Checks if a tool call is within the rate limit.
@@ -3644,11 +3432,15 @@ var RateLimiter = class {
   checkLimit(toolName, limitPerWindow) {
     const now = Date.now();
     const windowStart = now - this.windowMs;
-    const records = this.getActiveRecords(toolName, windowStart);
-    const count = records.length;
+    const buffer = this.buffers.get(toolName);
+    if (!buffer) {
+      return { allowed: true, remaining: limitPerWindow, resetAt: now + this.windowMs };
+    }
+    const count = buffer.countAfter(windowStart);
     const allowed = count < limitPerWindow;
     const remaining = Math.max(0, limitPerWindow - count);
-    const resetAt = records.length > 0 ? records[0].timestamp + this.windowMs : now + this.windowMs;
+    const oldest = buffer.oldestInWindow(windowStart);
+    const resetAt = oldest !== null ? oldest + this.windowMs : now + this.windowMs;
     return { allowed, remaining, resetAt };
   }
   /**
@@ -3657,13 +3449,11 @@ var RateLimiter = class {
   checkGlobalLimit(limitPerWindow) {
     const now = Date.now();
     const windowStart = now - this.windowMs;
-    this.globalRecords = this.globalRecords.filter(
-      (r) => r.timestamp > windowStart
-    );
-    const count = this.globalRecords.length;
+    const count = this.globalBuffer.countAfter(windowStart);
     const allowed = count < limitPerWindow;
     const remaining = Math.max(0, limitPerWindow - count);
-    const resetAt = this.globalRecords.length > 0 ? this.globalRecords[0].timestamp + this.windowMs : now + this.windowMs;
+    const oldest = this.globalBuffer.oldestInWindow(windowStart);
+    const resetAt = oldest !== null ? oldest + this.windowMs : now + this.windowMs;
     return { allowed, remaining, resetAt };
   }
   /**
@@ -3691,23 +3481,13 @@ var RateLimiter = class {
    */
   recordCall(toolName) {
     const now = Date.now();
-    const record = { timestamp: now };
-    const records = this.records.get(toolName) ?? [];
-    records.push(record);
-    if (records.length > RATE_LIMIT_MAX_ENTRIES) {
-      const windowStart = now - this.windowMs;
-      const cleaned = records.filter((r) => r.timestamp > windowStart);
-      this.records.set(toolName, cleaned);
-    } else {
-      this.records.set(toolName, records);
-    }
-    this.globalRecords.push(record);
-    if (this.globalRecords.length > RATE_LIMIT_MAX_ENTRIES) {
-      const windowStart = now - this.windowMs;
-      this.globalRecords = this.globalRecords.filter(
-        (r) => r.timestamp > windowStart
-      );
+    let buffer = this.buffers.get(toolName);
+    if (!buffer) {
+      buffer = new CircularTimestampBuffer(Math.min(this.maxEntries, 1e3));
+      this.buffers.set(toolName, buffer);
     }
+    buffer.push(now);
+    this.globalBuffer.push(now);
   }
   /**
    * Gets usage stats for a tool.
@@ -3715,29 +3495,22 @@ var RateLimiter = class {
   getUsage(toolName) {
     const now = Date.now();
     const windowStart = now - this.windowMs;
-    const records = this.getActiveRecords(toolName, windowStart);
-    return { count: records.length, windowStart };
+    const buffer = this.buffers.get(toolName);
+    const count = buffer ? buffer.countAfter(windowStart) : 0;
+    return { count, windowStart };
   }
   /**
    * Resets rate tracking for a specific tool.
    */
   resetTool(toolName) {
-    this.records.delete(toolName);
+    this.buffers.delete(toolName);
   }
   /**
    * Resets all rate tracking.
    */
   resetAll() {
-    this.records.clear();
-    this.globalRecords = [];
-  }
-  getActiveRecords(toolName, windowStart) {
-    const records = this.records.get(toolName) ?? [];
-    const active = records.filter((r) => r.timestamp > windowStart);
-    if (active.length !== records.length) {
-      this.records.set(toolName, active);
-    }
-    return active;
+    this.buffers.clear();
+    this.globalBuffer = new CircularTimestampBuffer(this.maxEntries);
   }
 };
 var LicenseError = class extends Error {
@@ -3760,6 +3533,7 @@ var SolonGate = class {
   rateLimiter;
   apiKey;
   licenseValidated = false;
+  pollingTimer = null;
   constructor(options) {
     const apiKey = options.apiKey || process.env.SOLONGATE_API_KEY || "";
     if (!apiKey) {
@@ -3871,7 +3645,7 @@ var SolonGate = class {
   startPolicyPolling() {
     const apiUrl = this.config.apiUrl ?? "https://api.solongate.com";
     let currentVersion = 0;
-    setInterval(async () => {
+    this.pollingTimer = setInterval(async () => {
       try {
         const res = await fetch(`${apiUrl}/api/v1/policies/default`, {
           headers: { "Authorization": `Bearer ${this.apiKey}` },
@@ -3978,6 +3752,13 @@ var SolonGate = class {
   getTokenIssuer() {
     return this.tokenIssuer;
   }
+  /** Stop policy polling and release resources. */
+  destroy() {
+    if (this.pollingTimer) {
+      clearInterval(this.pollingTimer);
+      this.pollingTimer = null;
+    }
+  }
 };
 // ../core/dist/index.js
@@ -4548,13 +4329,22 @@ var log2 = (...args) => process.stderr.write(`[SolonGate] ${args.map(String).joi
 var Mutex = class {
   queue = [];
   locked = false;
-  async acquire() {
+  async acquire(timeoutMs = 3e4) {
     if (!this.locked) {
       this.locked = true;
       return;
     }
-    return new Promise((resolve6) => {
-      this.queue.push(resolve6);
+    return new Promise((resolve6, reject) => {
+      const timer = setTimeout(() => {
+        const idx = this.queue.indexOf(onReady);
+        if (idx !== -1) this.queue.splice(idx, 1);
+        reject(new Error("Mutex acquire timeout"));
+      }, timeoutMs);
+      const onReady = () => {
+        clearTimeout(timer);
+        resolve6();
+      };
+      this.queue.push(onReady);
     });
   }
   release() {
@@ -4566,12 +4356,23 @@ var Mutex = class {
     }
   }
 };
+var ToolMutexMap = class {
+  mutexes = /* @__PURE__ */ new Map();
+  get(toolName) {
+    let mutex = this.mutexes.get(toolName);
+    if (!mutex) {
+      mutex = new Mutex();
+      this.mutexes.set(toolName, mutex);
+    }
+    return mutex;
+  }
+};
 var SolonGateProxy = class {
   config;
   gate;
   client = null;
   server = null;
-  callMutex = new Mutex();
+  toolMutexes = new ToolMutexMap();
   syncManager = null;
   upstreamTools = [];
   constructor(config) {
@@ -4733,9 +4534,10 @@ var SolonGateProxy = class {
       return { tools: this.upstreamTools };
     });
     const MAX_ARGUMENT_SIZE = 1024 * 1024;
+    const MUTEX_TIMEOUT_MS = 3e4;
     this.server.setRequestHandler(CallToolRequestSchema, async (request) => {
       const { name, arguments: args } = request.params;
-      const argsSize = JSON.stringify(args ?? {}).length;
+      const argsSize = new TextEncoder().encode(JSON.stringify(args ?? {})).length;
       if (argsSize > MAX_ARGUMENT_SIZE) {
         log2(`DENY: ${name} \u2014 payload size ${argsSize} exceeds limit ${MAX_ARGUMENT_SIZE}`);
         return {
@@ -4744,7 +4546,16 @@ var SolonGateProxy = class {
         };
       }
       log2(`Tool call: ${name}`);
-      await this.callMutex.acquire();
+      const mutex = this.toolMutexes.get(name);
+      try {
+        await mutex.acquire(MUTEX_TIMEOUT_MS);
+      } catch {
+        log2(`DENY: ${name} \u2014 mutex timeout (${MUTEX_TIMEOUT_MS}ms)`);
+        return {
+          content: [{ type: "text", text: `Tool call queued too long (>${MUTEX_TIMEOUT_MS / 1e3}s). Try again.` }],
+          isError: true
+        };
+      }
       const startTime = Date.now();
       try {
         const result = await this.gate.executeToolCall(
@@ -4793,7 +4604,7 @@ var SolonGateProxy = class {
           isError: result.isError
         };
       } finally {
-        this.callMutex.release();
+        mutex.release();
       }
     });
     this.server.setRequestHandler(ListResourcesRequestSchema, async () => {