@solongate/proxy 0.8.2 → 0.8.3

package/hooks/guard.mjs

@@ -0,0 +1,264 @@
+#!/usr/bin/env node
+/**
+ * SolonGate Policy Guard Hook (PreToolUse)
+ * Reads policy.json and blocks tool calls that violate constraints.
+ * Exit code 2 = BLOCK, exit code 0 = ALLOW.
+ * Logs ALL decisions (ALLOW + DENY) to SolonGate Cloud.
+ * Auto-installed by: npx @solongate/proxy init
+ */
+import { readFileSync, existsSync } from 'node:fs';
+import { resolve } from 'node:path';
+
+// ── Load API key from .env file (Claude Code doesn't load .env into process.env) ──
+function loadEnvKey(dir) {
+  try {
+    const envPath = resolve(dir, '.env');
+    if (!existsSync(envPath)) return {};
+    const lines = readFileSync(envPath, 'utf-8').split('\n');
+    const env = {};
+    for (const line of lines) {
+      const m = line.match(/^([A-Z_]+)=(.*)$/);
+      if (m) env[m[1]] = m[2].replace(/^["']|["']$/g, '').trim();
+    }
+    return env;
+  } catch { return {}; }
+}
+
+const hookCwdEarly = process.cwd();
+const dotenv = loadEnvKey(hookCwdEarly);
+const API_KEY = process.env.SOLONGATE_API_KEY || dotenv.SOLONGATE_API_KEY || '';
+const API_URL = process.env.SOLONGATE_API_URL || dotenv.SOLONGATE_API_URL || 'https://api.solongate.com';
+
+// ── Glob Matching ──
+function matchGlob(str, pattern) {
+  if (pattern === '*') return true;
+  const s = str.toLowerCase();
+  const p = pattern.toLowerCase();
+  if (s === p) return true;
+  const startsW = p.startsWith('*');
+  const endsW = p.endsWith('*');
+  if (startsW && endsW) { const infix = p.slice(1, -1); return infix.length > 0 && s.includes(infix); }
+  if (startsW) return s.endsWith(p.slice(1));
+  if (endsW) return s.startsWith(p.slice(0, -1));
+  const idx = p.indexOf('*');
+  if (idx !== -1) {
+    const pre = p.slice(0, idx);
+    const suf = p.slice(idx + 1);
+    return s.startsWith(pre) && s.endsWith(suf) && s.length >= pre.length + suf.length;
+  }
+  return false;
+}
+
+// ── Path Glob (supports **) ──
+function matchPathGlob(path, pattern) {
+  const p = path.replace(/\\/g, '/').toLowerCase();
+  const g = pattern.replace(/\\/g, '/').toLowerCase();
+  if (p === g) return true;
+  if (g.includes('**')) {
+    const parts = g.split('**').filter(s => s.length > 0);
+    if (parts.length === 0) return true; // just ** or ****
+    return parts.every(segment => p.includes(segment));
+  }
+  return matchGlob(p, g);
+}
+
+// ── Extract Functions (deep scan all string values) ──
+function scanStrings(obj) {
+  const strings = [];
+  function walk(v) {
+    if (typeof v === 'string' && v.trim()) strings.push(v.trim());
+    else if (Array.isArray(v)) v.forEach(walk);
+    else if (v && typeof v === 'object') Object.values(v).forEach(walk);
+  }
+  walk(obj);
+  return strings;
+}
+
+function looksLikeFilename(s) {
+  if (s.startsWith('.')) return true;
+  if (/\.\w+$/.test(s)) return true;
+  const known = ['id_rsa','id_dsa','id_ecdsa','id_ed25519','authorized_keys','known_hosts','makefile','dockerfile'];
+  return known.includes(s.toLowerCase());
+}
+
+function extractFilenames(args) {
+  const names = new Set();
+  for (const s of scanStrings(args)) {
+    if (/^https?:\/\//i.test(s)) continue;
+    if (s.includes('/') || s.includes('\\')) {
+      const base = s.replace(/\\/g, '/').split('/').pop();
+      if (base) names.add(base);
+      continue;
+    }
+    if (s.includes(' ')) {
+      for (const tok of s.split(/\s+/)) {
+        if (tok.includes('/') || tok.includes('\\')) {
+          const b = tok.replace(/\\/g, '/').split('/').pop();
+          if (b && looksLikeFilename(b)) names.add(b);
+        } else if (looksLikeFilename(tok)) names.add(tok);
+      }
+      continue;
+    }
+    if (looksLikeFilename(s)) names.add(s);
+  }
+  return [...names];
+}
+
+function extractUrls(args) {
+  const urls = new Set();
+  for (const s of scanStrings(args)) {
+    if (/^https?:\/\//i.test(s)) { urls.add(s); continue; }
+    if (s.includes(' ')) {
+      for (const tok of s.split(/\s+/)) {
+        if (/^https?:\/\//i.test(tok)) urls.add(tok);
+      }
+    }
+  }
+  return [...urls];
+}
+
+function extractCommands(args) {
+  const cmds = [];
+  const fields = ['command', 'cmd', 'function', 'script', 'shell'];
+  if (typeof args === 'object' && args) {
+    for (const [k, v] of Object.entries(args)) {
+      if (fields.includes(k.toLowerCase()) && typeof v === 'string') {
+        // Split chained commands: cd /path && npm install → [cd /path, npm install]
+        for (const part of v.split(/\s*(?:&&|\|\||;|\|)\s*/)) {
+          const trimmed = part.trim();
+          if (trimmed) cmds.push(trimmed);
+        }
+      }
+    }
+  }
+  return cmds;
+}
+
+function extractPaths(args) {
+  const paths = [];
+  for (const s of scanStrings(args)) {
+    if (/^https?:\/\//i.test(s)) continue;
+    if (s.includes('/') || s.includes('\\') || s.startsWith('.')) paths.push(s);
+  }
+  return paths;
+}
+
+// ── Policy Evaluation ──
+function evaluate(policy, args) {
+  if (!policy || !policy.rules) return null;
+  const denyRules = policy.rules
+    .filter(r => r.effect === 'DENY' && r.enabled !== false)
+    .sort((a, b) => (a.priority || 100) - (b.priority || 100));
+
+  for (const rule of denyRules) {
+    // Filename constraints
+    if (rule.filenameConstraints && rule.filenameConstraints.denied) {
+      const filenames = extractFilenames(args);
+      for (const fn of filenames) {
+        for (const pat of rule.filenameConstraints.denied) {
+          if (matchGlob(fn, pat)) return 'Blocked by policy: filename "' + fn + '" matches "' + pat + '"';
+        }
+      }
+    }
+    // URL constraints
+    if (rule.urlConstraints && rule.urlConstraints.denied) {
+      const urls = extractUrls(args);
+      for (const url of urls) {
+        for (const pat of rule.urlConstraints.denied) {
+          if (matchGlob(url, pat)) return 'Blocked by policy: URL "' + url + '" matches "' + pat + '"';
+        }
+      }
+    }
+    // Command constraints
+    if (rule.commandConstraints && rule.commandConstraints.denied) {
+      const cmds = extractCommands(args);
+      for (const cmd of cmds) {
+        for (const pat of rule.commandConstraints.denied) {
+          if (matchGlob(cmd, pat)) return 'Blocked by policy: command "' + cmd.slice(0,60) + '" matches "' + pat + '"';
+        }
+      }
+    }
+    // Path constraints
+    if (rule.pathConstraints && rule.pathConstraints.denied) {
+      const paths = extractPaths(args);
+      for (const p of paths) {
+        for (const pat of rule.pathConstraints.denied) {
+          if (matchPathGlob(p, pat)) return 'Blocked by policy: path "' + p + '" matches "' + pat + '"';
+        }
+      }
+    }
+  }
+  return null;
+}
+
+// ── Main ──
+let input = '';
+process.stdin.on('data', c => input += c);
+process.stdin.on('end', async () => {
+  try {
+    const data = JSON.parse(input);
+    const args = data.tool_input || {};
+
+    // ── Self-protection: block access to hook files and settings ──
+    const allStrings = scanStrings(args).map(s => s.replace(/\\/g, '/').toLowerCase());
+    const protectedPaths = ['.solongate', '.claude', '.cursor', 'policy.json', '.mcp.json'];
+    for (const s of allStrings) {
+      for (const p of protectedPaths) {
+        if (s.includes(p)) {
+          const msg = 'SOLONGATE: Access to protected file "' + p + '" is blocked';
+          if (API_KEY && API_KEY.startsWith('sg_live_')) {
+            try {
+              await fetch(API_URL + '/api/v1/audit-logs', {
+                method: 'POST',
+                headers: { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' },
+                body: JSON.stringify({
+                  tool: data.tool_name || '', arguments: args,
+                  decision: 'DENY', reason: msg,
+                  source: 'claude-code-guard',
+                }),
+                signal: AbortSignal.timeout(3000),
+              });
+            } catch {}
+          }
+          process.stderr.write(msg);
+          process.exit(2);
+        }
+      }
+    }
+
+    // Load policy (use cwd from hook data if available)
+    const hookCwd = data.cwd || process.cwd();
+    let policy;
+    try {
+      const policyPath = resolve(hookCwd, 'policy.json');
+      policy = JSON.parse(readFileSync(policyPath, 'utf-8'));
+    } catch {
+      process.exit(0); // No policy = allow all
+    }
+
+    const reason = evaluate(policy, args);
+    const decision = reason ? 'DENY' : 'ALLOW';
+
+    // ── Log ALL decisions to SolonGate Cloud ──
+    if (API_KEY && API_KEY.startsWith('sg_live_')) {
+      try {
+        await fetch(API_URL + '/api/v1/audit-logs', {
+          method: 'POST',
+          headers: { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' },
+          body: JSON.stringify({
+            tool: data.tool_name || '', arguments: args,
+            decision, reason: reason || 'allowed by policy',
+            source: 'claude-code-guard',
+          }),
+          signal: AbortSignal.timeout(3000),
+        });
+      } catch {}
+    }
+
+    if (reason) {
+      process.stderr.write(reason);
+      process.exit(2);
+    }
+  } catch {}
+  process.exit(0);
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@solongate/proxy",
-  "version": "0.8.2",
+  "version": "0.8.3",
   "description": "MCP security proxy — protect any MCP server with customizable policies, path/command constraints, rate limiting, and audit logging. Zero code changes required.",
   "type": "module",
   "bin": {
@@ -16,6 +16,7 @@
   },
   "files": [
     "dist",
+    "hooks",
     "README.md"
   ],
   "scripts": {