npm - @solongate/proxy - Versions diffs - 0.8.2 → 0.8.3 - Mend

@solongate/proxy 0.8.2 → 0.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/init.js CHANGED Viewed

@@ -2,7 +2,8 @@
 // src/init.ts
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
-import { resolve, join } from "path";
+import { resolve, join, dirname } from "path";
+import { fileURLToPath } from "url";
 import { createInterface } from "readline";
 var SEARCH_PATHS = [
   ".mcp.json",
@@ -134,353 +135,19 @@ EXAMPLES
 `;
   console.log(help);
 }
-var GUARD_SCRIPT = `#!/usr/bin/env node
-/**
- * SolonGate Policy Guard Hook (PreToolUse)
- * Reads policy.json and blocks tool calls that violate constraints.
- * Exit code 2 = BLOCK, exit code 0 = ALLOW.
- * Logs ALL decisions (ALLOW + DENY) to SolonGate Cloud.
- * Auto-installed by: npx @solongate/proxy init
- */
-import { readFileSync, existsSync } from 'node:fs';
-import { resolve } from 'node:path';
-// \u2500\u2500 Load API key from .env file (Claude Code doesn't load .env into process.env) \u2500\u2500
-function loadEnvKey(dir) {
-  try {
-    const envPath = resolve(dir, '.env');
-    if (!existsSync(envPath)) return {};
-    const lines = readFileSync(envPath, 'utf-8').split('\\n');
-    const env = {};
-    for (const line of lines) {
-      const m = line.match(/^([A-Z_]+)=(.*)$/);
-      if (m) env[m[1]] = m[2].replace(/^["']|["']$/g, '').trim();
-    }
-    return env;
-  } catch { return {}; }
-}
-const hookCwdEarly = process.cwd();
-const dotenv = loadEnvKey(hookCwdEarly);
-const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
-const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
-// \u2500\u2500 Glob Matching \u2500\u2500
-function matchGlob(str, pattern) {
-  if (pattern === '*') return true;
-  const s = str.toLowerCase();
-  const p = pattern.toLowerCase();
-  if (s === p) return true;
-  const startsW = p.startsWith('*');
-  const endsW = p.endsWith('*');
-  if (startsW && endsW) { const infix = p.slice(1, -1); return infix.length > 0 && s.includes(infix); }
-  if (startsW) return s.endsWith(p.slice(1));
-  if (endsW) return s.startsWith(p.slice(0, -1));
-  const idx = p.indexOf('*');
-  if (idx !== -1) {
-    const pre = p.slice(0, idx);
-    const suf = p.slice(idx + 1);
-    return s.startsWith(pre) && s.endsWith(suf) && s.length >= pre.length + suf.length;
-  }
-  return false;
-}
-// \u2500\u2500 Path Glob (supports **) \u2500\u2500
-function matchPathGlob(path, pattern) {
-  const p = path.replace(/\\\\/g, '/').toLowerCase();
-  const g = pattern.replace(/\\\\/g, '/').toLowerCase();
-  if (p === g) return true;
-  if (g.includes('**')) {
-    const parts = g.split('**').filter(s => s.length > 0);
-    if (parts.length === 0) return true; // just ** or ****
-    return parts.every(segment => p.includes(segment));
-  }
-  return matchGlob(p, g);
-}
-// \u2500\u2500 Extract Functions (deep scan all string values) \u2500\u2500
-function scanStrings(obj) {
-  const strings = [];
-  function walk(v) {
-    if (typeof v === 'string' && v.trim()) strings.push(v.trim());
-    else if (Array.isArray(v)) v.forEach(walk);
-    else if (v && typeof v === 'object') Object.values(v).forEach(walk);
-  }
-  walk(obj);
-  return strings;
-}
-function looksLikeFilename(s) {
-  if (s.startsWith('.')) return true;
-  if (/\\.\\w+$/.test(s)) return true;
-  const known = ['id_rsa','id_dsa','id_ecdsa','id_ed25519','authorized_keys','known_hosts','makefile','dockerfile'];
-  return known.includes(s.toLowerCase());
-}
-function extractFilenames(args) {
-  const names = new Set();
-  for (const s of scanStrings(args)) {
-    if (/^https?:\\/\\//i.test(s)) continue;
-    if (s.includes('/') || s.includes('\\\\')) {
-      const base = s.replace(/\\\\/g, '/').split('/').pop();
-      if (base) names.add(base);
-      continue;
-    }
-    if (s.includes(' ')) {
-      for (const tok of s.split(/\\s+/)) {
-        if (tok.includes('/') || tok.includes('\\\\')) {
-          const b = tok.replace(/\\\\/g, '/').split('/').pop();
-          if (b && looksLikeFilename(b)) names.add(b);
-        } else if (looksLikeFilename(tok)) names.add(tok);
-      }
-      continue;
-    }
-    if (looksLikeFilename(s)) names.add(s);
-  }
-  return [...names];
-}
-function extractUrls(args) {
-  const urls = new Set();
-  for (const s of scanStrings(args)) {
-    if (/^https?:\\/\\//i.test(s)) { urls.add(s); continue; }
-    if (s.includes(' ')) {
-      for (const tok of s.split(/\\s+/)) {
-        if (/^https?:\\/\\//i.test(tok)) urls.add(tok);
-      }
-    }
-  }
-  return [...urls];
-}
-function extractCommands(args) {
-  const cmds = [];
-  const fields = ['command', 'cmd', 'function', 'script', 'shell'];
-  if (typeof args === 'object' && args) {
-    for (const [k, v] of Object.entries(args)) {
-      if (fields.includes(k.toLowerCase()) && typeof v === 'string') {
-        // Split chained commands: cd /path && npm install \u2192 [cd /path, npm install]
-        for (const part of v.split(/\\s*(?:&&|\\|\\||;|\\|)\\s*/)) {
-          const trimmed = part.trim();
-          if (trimmed) cmds.push(trimmed);
-        }
-      }
-    }
-  }
-  return cmds;
-}
-function extractPaths(args) {
-  const paths = [];
-  for (const s of scanStrings(args)) {
-    if (/^https?:\\/\\//i.test(s)) continue;
-    if (s.includes('/') || s.includes('\\\\') || s.startsWith('.')) paths.push(s);
-  }
-  return paths;
-}
-// \u2500\u2500 Policy Evaluation \u2500\u2500
-function evaluate(policy, args) {
-  if (!policy || !policy.rules) return null;
-  const denyRules = policy.rules
-    .filter(r => r.effect === 'DENY' && r.enabled !== false)
-    .sort((a, b) => (a.priority || 100) - (b.priority || 100));
-  for (const rule of denyRules) {
-    // Filename constraints
-    if (rule.filenameConstraints && rule.filenameConstraints.denied) {
-      const filenames = extractFilenames(args);
-      for (const fn of filenames) {
-        for (const pat of rule.filenameConstraints.denied) {
-          if (matchGlob(fn, pat)) return 'Blocked by policy: filename "' + fn + '" matches "' + pat + '"';
-        }
-      }
-    }
-    // URL constraints
-    if (rule.urlConstraints && rule.urlConstraints.denied) {
-      const urls = extractUrls(args);
-      for (const url of urls) {
-        for (const pat of rule.urlConstraints.denied) {
-          if (matchGlob(url, pat)) return 'Blocked by policy: URL "' + url + '" matches "' + pat + '"';
-        }
-      }
-    }
-    // Command constraints
-    if (rule.commandConstraints && rule.commandConstraints.denied) {
-      const cmds = extractCommands(args);
-      for (const cmd of cmds) {
-        for (const pat of rule.commandConstraints.denied) {
-          if (matchGlob(cmd, pat)) return 'Blocked by policy: command "' + cmd.slice(0,60) + '" matches "' + pat + '"';
-        }
-      }
-    }
-    // Path constraints
-    if (rule.pathConstraints && rule.pathConstraints.denied) {
-      const paths = extractPaths(args);
-      for (const p of paths) {
-        for (const pat of rule.pathConstraints.denied) {
-          if (matchPathGlob(p, pat)) return 'Blocked by policy: path "' + p + '" matches "' + pat + '"';
-        }
-      }
-    }
-  }
-  return null;
-}
-// \u2500\u2500 Main \u2500\u2500
-let input = '';
-process.stdin.on('data', c => input += c);
-process.stdin.on('end', async () => {
-  try {
-    const data = JSON.parse(input);
-    const args = data.tool_input || {};
-    // \u2500\u2500 Self-protection: block access to hook files and settings \u2500\u2500
-    const allStrings = scanStrings(args).map(s => s.replace(/\\\\/g, '/').toLowerCase());
-    const protectedPaths = ['.solongate', '.claude', '.cursor', 'policy.json', '.mcp.json'];
-    for (const s of allStrings) {
-      for (const p of protectedPaths) {
-        if (s.includes(p)) {
-          const msg = 'SOLONGATE: Access to protected file "' + p + '" is blocked';
-          if (API_KEY && API_KEY.startsWith('sg_live_')) {
-            try {
-              await fetch(API_URL + '/api/v1/audit-logs', {
-                method: 'POST',
-                headers: { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' },
-                body: JSON.stringify({
-                  tool: data.tool_name || '', arguments: args,
-                  decision: 'DENY', reason: msg,
-                  source: 'claude-code-guard',
-                }),
-                signal: AbortSignal.timeout(3000),
-              });
-            } catch {}
-          }
-          process.stderr.write(msg);
-          process.exit(2);
-        }
-      }
-    }
-    // Load policy (use cwd from hook data if available)
-    const hookCwd = data.cwd || process.cwd();
-    let policy;
-    try {
-      const policyPath = resolve(hookCwd, 'policy.json');
-      policy = JSON.parse(readFileSync(policyPath, 'utf-8'));
-    } catch {
-      process.exit(0); // No policy = allow all
-    }
-    const reason = evaluate(policy, args);
-    const decision = reason ? 'DENY' : 'ALLOW';
-    // \u2500\u2500 Log ALL decisions to SolonGate Cloud \u2500\u2500
-    if (API_KEY && API_KEY.startsWith('sg_live_')) {
-      try {
-        await fetch(API_URL + '/api/v1/audit-logs', {
-          method: 'POST',
-          headers: { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' },
-          body: JSON.stringify({
-            tool: data.tool_name || '', arguments: args,
-            decision, reason: reason || 'allowed by policy',
-            source: 'claude-code-guard',
-          }),
-          signal: AbortSignal.timeout(3000),
-        });
-      } catch {}
-    }
-    if (reason) {
-      process.stderr.write(reason);
-      process.exit(2);
-    }
-  } catch {}
-  process.exit(0);
-});
-`;
-var AUDIT_SCRIPT = `#!/usr/bin/env node
-/**
- * SolonGate Audit Hook for Claude Code (PostToolUse)
- * Logs tool execution results to SolonGate Cloud.
- * Auto-installed by: npx @solongate/proxy init
- */
-import { readFileSync, existsSync } from 'node:fs';
-import { resolve } from 'node:path';
-function loadEnvKey(dir) {
-  try {
-    const envPath = resolve(dir, '.env');
-    if (!existsSync(envPath)) return {};
-    const lines = readFileSync(envPath, 'utf-8').split('\\n');
-    const env = {};
-    for (const line of lines) {
-      const m = line.match(/^([A-Z_]+)=(.*)$/);
-      if (m) env[m[1]] = m[2].replace(/^["']|["']$/g, '').trim();
-    }
-    return env;
-  } catch { return {}; }
+var __dirname = dirname(fileURLToPath(import.meta.url));
+var HOOKS_DIR = resolve(__dirname, "..", "hooks");
+function readHookScript(filename) {
+  return readFileSync(join(HOOKS_DIR, filename), "utf-8");
 }
-const dotenv = loadEnvKey(process.cwd());
-const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
-const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
-if (!API_KEY || !API_KEY.startsWith('sg_live_')) process.exit(0);
-let input = '';
-process.stdin.on('data', c => input += c);
-process.stdin.on('end', async () => {
-  try {
-    const data = JSON.parse(input);
-    const toolName = data.tool_name || 'unknown';
-    const toolInput = data.tool_input || {};
-    if (toolName === 'Bash' && JSON.stringify(toolInput).includes('audit-logs')) {
-      process.exit(0);
-    }
-    const hasError = data.tool_response?.error ||
-      data.tool_response?.exitCode > 0 ||
-      data.tool_response?.isError;
-    const argsSummary = {};
-    for (const [k, v] of Object.entries(toolInput)) {
-      argsSummary[k] = typeof v === 'string' && v.length > 200
-        ? v.slice(0, 200) + '...'
-        : v;
-    }
-    await fetch(\`\${API_URL}/api/v1/audit-logs\`, {
-      method: 'POST',
-      headers: {
-        'Authorization': \`Bearer \${API_KEY}\`,
-        'Content-Type': 'application/json',
-      },
-      body: JSON.stringify({
-        tool: toolName,
-        arguments: argsSummary,
-        decision: hasError ? 'DENY' : 'ALLOW',
-        reason: hasError ? 'tool returned error' : 'allowed',
-        source: 'claude-code-hook',
-        evaluationTimeMs: 0,
-      }),
-      signal: AbortSignal.timeout(5000),
-    });
-  } catch {
-    // Silent
-  }
-  process.exit(0);
-});
-`;
 function installHooks() {
   const hooksDir = resolve(".solongate", "hooks");
   mkdirSync(hooksDir, { recursive: true });
   const guardPath = join(hooksDir, "guard.mjs");
-  writeFileSync(guardPath, GUARD_SCRIPT);
+  writeFileSync(guardPath, readHookScript("guard.mjs"));
   console.log(`  Created ${guardPath}`);
   const auditPath = join(hooksDir, "audit.mjs");
-  writeFileSync(auditPath, AUDIT_SCRIPT);
+  writeFileSync(auditPath, readHookScript("audit.mjs"));
   console.log(`  Created ${auditPath}`);
   const hookSettings = {
     hooks: {

package/dist/pull-push.js CHANGED Viewed

@@ -5,7 +5,7 @@ import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync2
 import { resolve as resolve2 } from "path";
 // src/config.ts
-import { readFileSync, existsSync } from "fs";
+import { readFileSync, existsSync, appendFileSync } from "fs";
 import { resolve } from "path";
 async function fetchCloudPolicy(apiKey, apiUrl, policyId) {
   let resolvedId = policyId;
@@ -42,6 +42,7 @@ async function fetchCloudPolicy(apiKey, apiUrl, policyId) {
     updatedAt: ""
   };
 }
+var AUDIT_LOG_BACKUP_PATH = resolve(".solongate-audit-backup.jsonl");
 // src/pull-push.ts
 var log = (...args) => process.stderr.write(`${args.map(String).join(" ")}

package/hooks/audit.mjs ADDED Viewed

@@ -0,0 +1,73 @@
+#!/usr/bin/env node
+/**
+ * SolonGate Audit Hook for Claude Code (PostToolUse)
+ * Logs tool execution results to SolonGate Cloud.
+ * Auto-installed by: npx @solongate/proxy init
+ */
+import { readFileSync, existsSync } from 'node:fs';
+import { resolve } from 'node:path';
+function loadEnvKey(dir) {
+  try {
+    const envPath = resolve(dir, '.env');
+    if (!existsSync(envPath)) return {};
+    const lines = readFileSync(envPath, 'utf-8').split('\n');
+    const env = {};
+    for (const line of lines) {
+      const m = line.match(/^([A-Z_]+)=(.*)$/);
+      if (m) env[m[1]] = m[2].replace(/^["']|["']$/g, '').trim();
+    }
+    return env;
+  } catch { return {}; }
+}
+const dotenv = loadEnvKey(process.cwd());
+const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
+const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
+if (!API_KEY || !API_KEY.startsWith('sg_live_')) process.exit(0);
+let input = '';
+process.stdin.on('data', c => input += c);
+process.stdin.on('end', async () => {
+  try {
+    const data = JSON.parse(input);
+    const toolName = data.tool_name || 'unknown';
+    const toolInput = data.tool_input || {};
+    if (toolName === 'Bash' && JSON.stringify(toolInput).includes('audit-logs')) {
+      process.exit(0);
+    }
+    const hasError = data.tool_response?.error ||
+      data.tool_response?.exitCode > 0 ||
+      data.tool_response?.isError;
+    const argsSummary = {};
+    for (const [k, v] of Object.entries(toolInput)) {
+      argsSummary[k] = typeof v === 'string' && v.length > 200
+        ? v.slice(0, 200) + '...'
+        : v;
+    }
+    await fetch(`${API_URL}/api/v1/audit-logs`, {
+      method: 'POST',
+      headers: {
+        'Authorization': `Bearer ${API_KEY}`,
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({
+        tool: toolName,
+        arguments: argsSummary,
+        decision: hasError ? 'DENY' : 'ALLOW',
+        reason: hasError ? 'tool returned error' : 'allowed',
+        source: 'claude-code-hook',
+        evaluationTimeMs: 0,
+      }),
+      signal: AbortSignal.timeout(5000),
+    });
+  } catch {
+    // Silent
+  }
+  process.exit(0);
+});