npm - @solongate/sdk - Versions diffs - 0.1.1 → 0.1.2 - Mend

@solongate/sdk 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -1,11 +1,1127 @@
-import { DEFAULT_INPUT_GUARD_CONFIG, UNSAFE_CONFIGURATION_WARNINGS, createSecurityContext, Permission, RateLimitError, createDeniedToolResult, sanitizeInput, SchemaValidationError, PolicyDeniedError, MIN_SECRET_LENGTH, DEFAULT_TOKEN_TTL_SECONDS, TOKEN_ALGORITHM, RATE_LIMIT_WINDOW_MS, RATE_LIMIT_MAX_ENTRIES, TrustLevel } from '@solongate/core';
-export { RateLimitError as CoreRateLimitError, InputGuardError, NetworkError, Permission, PolicyDeniedError, PolicyEffect, SchemaValidationError, SolonGateError, TrustLevel, checkEntropyLimits, checkLengthLimits, createDeniedToolResult, createSecurityContext, detectPathTraversal, detectSQLInjection, detectSSRF, detectShellInjection, detectWildcardAbuse, sanitizeInput, validateToolInput } from '@solongate/core';
-import { PolicyStore, PolicyEngine } from '@solongate/policy-engine';
-export { PolicyEngine, PolicyStore, createDefaultDenyPolicySet, createReadOnlyPolicySet } from '@solongate/policy-engine';
-import { randomUUID, createHmac } from 'crypto';
+import { z } from 'zod';
+import { createHash, randomUUID, createHmac } from 'crypto';
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
-// src/solongate.ts
+// ../core/dist/index.js
+var SolonGateError = class extends Error {
+  code;
+  timestamp;
+  details;
+  constructor(message, code, details = {}) {
+    super(message);
+    this.name = "SolonGateError";
+    this.code = code;
+    this.timestamp = (/* @__PURE__ */ new Date()).toISOString();
+    this.details = Object.freeze({ ...details });
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+  /**
+   * Serializable representation for logging and API responses.
+   * Never includes stack traces (information leakage prevention).
+   */
+  toJSON() {
+    return {
+      name: this.name,
+      code: this.code,
+      message: this.message,
+      timestamp: this.timestamp,
+      details: this.details
+    };
+  }
+};
+var PolicyDeniedError = class extends SolonGateError {
+  constructor(toolName, reason, details = {}) {
+    super(
+      `Policy denied execution of tool "${toolName}": ${reason}`,
+      "POLICY_DENIED",
+      { toolName, reason, ...details }
+    );
+    this.name = "PolicyDeniedError";
+  }
+};
+var SchemaValidationError = class extends SolonGateError {
+  constructor(toolName, validationErrors) {
+    super(
+      `Schema validation failed for tool "${toolName}": ${validationErrors.join("; ")}`,
+      "SCHEMA_VALIDATION_FAILED",
+      { toolName, validationErrors }
+    );
+    this.name = "SchemaValidationError";
+  }
+};
+var RateLimitError = class extends SolonGateError {
+  constructor(toolName, limitPerMinute) {
+    super(
+      `Rate limit exceeded for tool "${toolName}": max ${limitPerMinute}/min`,
+      "RATE_LIMIT_EXCEEDED",
+      { toolName, limitPerMinute }
+    );
+    this.name = "RateLimitError";
+  }
+};
+var InputGuardError = class extends SolonGateError {
+  constructor(toolName, threats) {
+    super(
+      `Input guard blocked tool "${toolName}": ${threats.map((t) => t.description).join("; ")}`,
+      "INPUT_GUARD_BLOCKED",
+      { toolName, threatCount: threats.length, threats }
+    );
+    this.name = "InputGuardError";
+  }
+};
+var NetworkError = class extends SolonGateError {
+  constructor(operation, statusCode, details = {}) {
+    super(
+      `Network error during ${operation}${statusCode ? ` (HTTP ${statusCode})` : ""}`,
+      "NETWORK_ERROR",
+      { operation, statusCode, ...details }
+    );
+    this.name = "NetworkError";
+  }
+};
+var TrustLevel = {
+  UNTRUSTED: "UNTRUSTED",
+  VERIFIED: "VERIFIED",
+  TRUSTED: "TRUSTED"
+};
+var Permission = {
+  READ: "READ",
+  WRITE: "WRITE",
+  EXECUTE: "EXECUTE"
+};
+z.enum(["READ", "WRITE", "EXECUTE"]);
+Object.freeze(
+  /* @__PURE__ */ new Set()
+);
+Object.freeze(
+  /* @__PURE__ */ new Set([Permission.READ])
+);
+var PolicyEffect = {
+  ALLOW: "ALLOW",
+  DENY: "DENY"
+};
+var PolicyRuleSchema = z.object({
+  id: z.string().min(1).max(256),
+  description: z.string().max(1024),
+  effect: z.enum(["ALLOW", "DENY"]),
+  priority: z.number().int().min(0).max(1e4).default(1e3),
+  toolPattern: z.string().min(1).max(512),
+  permission: z.enum(["READ", "WRITE", "EXECUTE"]),
+  minimumTrustLevel: z.enum(["UNTRUSTED", "VERIFIED", "TRUSTED"]),
+  argumentConstraints: z.record(z.unknown()).optional(),
+  pathConstraints: z.object({
+    allowed: z.array(z.string()).optional(),
+    denied: z.array(z.string()).optional(),
+    rootDirectory: z.string().optional(),
+    allowSymlinks: z.boolean().optional()
+  }).optional(),
+  enabled: z.boolean().default(true),
+  createdAt: z.string().datetime(),
+  updatedAt: z.string().datetime()
+});
+var PolicySetSchema = z.object({
+  id: z.string().min(1).max(256),
+  name: z.string().min(1).max(256),
+  description: z.string().max(2048),
+  version: z.number().int().min(0),
+  rules: z.array(PolicyRuleSchema),
+  createdAt: z.string().datetime(),
+  updatedAt: z.string().datetime()
+});
+function createSecurityContext(params) {
+  return {
+    trustLevel: "UNTRUSTED",
+    grantedPermissions: /* @__PURE__ */ new Set(),
+    sessionId: null,
+    metadata: {},
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    ...params
+  };
+}
+var DEFAULT_POLICY_EFFECT = "DENY";
+var MAX_RULES_PER_POLICY_SET = 1e3;
+var MAX_ARGUMENT_DEPTH = 10;
+var MAX_ARGUMENTS_SIZE_BYTES = 1048576;
+var POLICY_EVALUATION_TIMEOUT_MS = 100;
+var RATE_LIMIT_WINDOW_MS = 6e4;
+var RATE_LIMIT_MAX_ENTRIES = 1e4;
+var UNSAFE_CONFIGURATION_WARNINGS = {
+  WILDCARD_ALLOW: "Wildcard ALLOW rules grant permission to ALL tools. This bypasses the default-deny model.",
+  TRUSTED_LEVEL_EXTERNAL: "Setting trust level to TRUSTED for external requests bypasses all security checks.",
+  EXECUTE_WITHOUT_REVIEW: "EXECUTE permission allows tools to perform arbitrary actions. Review carefully.",
+  RATE_LIMIT_ZERO: "A rate limit of 0 means unlimited calls. This removes protection against runaway loops.",
+  DISABLED_VALIDATION: "Disabling schema validation removes input sanitization protections."
+};
+function createDeniedToolResult(reason) {
+  return {
+    content: [
+      {
+        type: "text",
+        text: JSON.stringify({
+          error: "POLICY_DENIED",
+          message: reason,
+          hint: "This tool call was blocked by SolonGate security policy. Check your policy configuration."
+        })
+      }
+    ],
+    isError: true
+  };
+}
+var DEFAULT_OPTIONS = {
+  maxDepth: MAX_ARGUMENT_DEPTH,
+  maxSizeBytes: MAX_ARGUMENTS_SIZE_BYTES,
+  stripUnknown: false
+};
+function validateToolInput(schema, input, options) {
+  const opts = { ...DEFAULT_OPTIONS, ...options };
+  const errors = [];
+  const sizeError = checkInputSize(input, opts.maxSizeBytes);
+  if (sizeError) {
+    return { valid: false, errors: [sizeError], sanitized: null };
+  }
+  const depthError = checkInputDepth(input, opts.maxDepth);
+  if (depthError) {
+    return { valid: false, errors: [depthError], sanitized: null };
+  }
+  const result = schema.safeParse(input);
+  if (!result.success) {
+    for (const issue of result.error.issues) {
+      const path = issue.path.length > 0 ? issue.path.join(".") : "root";
+      errors.push(`${path}: ${issue.message}`);
+    }
+    return { valid: false, errors, sanitized: null };
+  }
+  return {
+    valid: true,
+    errors: [],
+    sanitized: result.data
+  };
+}
+function checkInputSize(input, maxBytes) {
+  let serialized;
+  try {
+    serialized = JSON.stringify(input);
+  } catch {
+    return "Input cannot be serialized to JSON";
+  }
+  const sizeBytes = new TextEncoder().encode(serialized).length;
+  if (sizeBytes > maxBytes) {
+    return `Input size ${sizeBytes} bytes exceeds maximum ${maxBytes} bytes`;
+  }
+  return null;
+}
+function checkInputDepth(input, maxDepth) {
+  const depth = measureDepth(input, 0);
+  if (depth > maxDepth) {
+    return `Input depth ${depth} exceeds maximum ${maxDepth}`;
+  }
+  return null;
+}
+function measureDepth(value, currentDepth) {
+  if (currentDepth > MAX_ARGUMENT_DEPTH + 1) {
+    return currentDepth;
+  }
+  if (value === null || value === void 0 || typeof value !== "object") {
+    return currentDepth;
+  }
+  if (Array.isArray(value)) {
+    let maxChildDepth2 = currentDepth + 1;
+    for (const item of value) {
+      const childDepth = measureDepth(item, currentDepth + 1);
+      if (childDepth > maxChildDepth2) maxChildDepth2 = childDepth;
+    }
+    return maxChildDepth2;
+  }
+  let maxChildDepth = currentDepth + 1;
+  for (const key of Object.keys(value)) {
+    const childDepth = measureDepth(
+      value[key],
+      currentDepth + 1
+    );
+    if (childDepth > maxChildDepth) maxChildDepth = childDepth;
+  }
+  return maxChildDepth;
+}
+var DEFAULT_INPUT_GUARD_CONFIG = Object.freeze({
+  pathTraversal: true,
+  shellInjection: true,
+  wildcardAbuse: true,
+  lengthLimit: 4096,
+  entropyLimit: true,
+  ssrf: true,
+  sqlInjection: true
+});
+var PATH_TRAVERSAL_PATTERNS = [
+  /\.\.\//,
+  // ../
+  /\.\.\\/,
+  // ..\
+  /%2e%2e/i,
+  // URL-encoded ..
+  /%2e\./i,
+  // partial URL-encoded
+  /\.%2e/i,
+  // partial URL-encoded
+  /%252e%252e/i,
+  // double URL-encoded
+  /\.\.\0/
+  // null byte variant
+];
+var SENSITIVE_PATHS = [
+  /\/etc\/passwd/i,
+  /\/etc\/shadow/i,
+  /\/proc\//i,
+  /\/dev\//i,
+  /c:\\windows\\system32/i,
+  /c:\\windows\\syswow64/i,
+  /\/root\//i,
+  /~\//,
+  /\.env(\.|$)/i,
+  // .env, .env.local, .env.production
+  /\.aws\/credentials/i,
+  // AWS credentials
+  /\.ssh\/id_/i,
+  // SSH keys
+  /\.kube\/config/i,
+  // Kubernetes config
+  /wp-config\.php/i,
+  // WordPress config
+  /\.git\/config/i,
+  // Git config
+  /\.npmrc/i,
+  // npm credentials
+  /\.pypirc/i
+  // PyPI credentials
+];
+function detectPathTraversal(value) {
+  for (const pattern of PATH_TRAVERSAL_PATTERNS) {
+    if (pattern.test(value)) return true;
+  }
+  for (const pattern of SENSITIVE_PATHS) {
+    if (pattern.test(value)) return true;
+  }
+  return false;
+}
+var SHELL_INJECTION_PATTERNS = [
+  /[;|&`]/,
+  // Command separators and backtick execution
+  /\$\(/,
+  // Command substitution $(...)
+  /\$\{/,
+  // Variable expansion ${...}
+  />\s*/,
+  // Output redirect
+  /<\s*/,
+  // Input redirect
+  /&&/,
+  // AND chaining
+  /\|\|/,
+  // OR chaining
+  /\beval\b/i,
+  // eval command
+  /\bexec\b/i,
+  // exec command
+  /\bsystem\b/i,
+  // system call
+  /%0a/i,
+  // URL-encoded newline
+  /%0d/i,
+  // URL-encoded carriage return
+  /%09/i,
+  // URL-encoded tab
+  /\r\n/,
+  // CRLF injection
+  /\n/
+  // Newline (command separator on Unix)
+];
+function detectShellInjection(value) {
+  for (const pattern of SHELL_INJECTION_PATTERNS) {
+    if (pattern.test(value)) return true;
+  }
+  return false;
+}
+var MAX_WILDCARDS_PER_VALUE = 3;
+function detectWildcardAbuse(value) {
+  if (value.includes("**")) return true;
+  const wildcardCount = (value.match(/\*/g) || []).length;
+  if (wildcardCount > MAX_WILDCARDS_PER_VALUE) return true;
+  return false;
+}
+var SSRF_PATTERNS = [
+  /^https?:\/\/localhost\b/i,
+  /^https?:\/\/127\.\d{1,3}\.\d{1,3}\.\d{1,3}/,
+  /^https?:\/\/0\.0\.0\.0/,
+  /^https?:\/\/\[::1\]/,
+  // IPv6 loopback
+  /^https?:\/\/10\.\d{1,3}\.\d{1,3}\.\d{1,3}/,
+  // 10.x.x.x
+  /^https?:\/\/172\.(1[6-9]|2\d|3[01])\./,
+  // 172.16-31.x.x
+  /^https?:\/\/192\.168\./,
+  // 192.168.x.x
+  /^https?:\/\/169\.254\./,
+  // Link-local / AWS metadata
+  /metadata\.google\.internal/i,
+  // GCP metadata
+  /^https?:\/\/metadata\b/i,
+  // Generic metadata endpoint
+  // IPv6 bypass patterns
+  /^https?:\/\/\[fe80:/i,
+  // IPv6 link-local
+  /^https?:\/\/\[fc00:/i,
+  // IPv6 unique local
+  /^https?:\/\/\[fd[0-9a-f]{2}:/i,
+  // IPv6 unique local (fd00::/8)
+  /^https?:\/\/\[::ffff:127\./i,
+  // IPv4-mapped IPv6 loopback
+  /^https?:\/\/\[::ffff:10\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:172\.(1[6-9]|2\d|3[01])\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:192\.168\./i,
+  // IPv4-mapped IPv6 private
+  /^https?:\/\/\[::ffff:169\.254\./i,
+  // IPv4-mapped IPv6 link-local
+  // Hex IP bypass (e.g., 0x7f000001 = 127.0.0.1)
+  /^https?:\/\/0x[0-9a-f]+\b/i,
+  // Octal IP bypass (e.g., 0177.0.0.1 = 127.0.0.1)
+  /^https?:\/\/0[0-7]{1,3}\./
+];
+function detectDecimalIP(value) {
+  const match = value.match(/^https?:\/\/(\d{8,10})(?:[:/]|$)/);
+  if (!match || !match[1]) return false;
+  const decimal = parseInt(match[1], 10);
+  if (isNaN(decimal) || decimal > 4294967295) return false;
+  return decimal >= 2130706432 && decimal <= 2147483647 || // 127.0.0.0/8
+  decimal >= 167772160 && decimal <= 184549375 || // 10.0.0.0/8
+  decimal >= 2886729728 && decimal <= 2887778303 || // 172.16.0.0/12
+  decimal >= 3232235520 && decimal <= 3232301055 || // 192.168.0.0/16
+  decimal >= 2851995648 && decimal <= 2852061183 || // 169.254.0.0/16
+  decimal === 0;
+}
+function detectSSRF(value) {
+  for (const pattern of SSRF_PATTERNS) {
+    if (pattern.test(value)) return true;
+  }
+  if (detectDecimalIP(value)) return true;
+  return false;
+}
+var SQL_INJECTION_PATTERNS = [
+  /'\s{0,20}(OR|AND)\s{0,20}'.{0,200}'/i,
+  // ' OR '1'='1 — bounded to prevent ReDoS
+  /'\s{0,10};\s{0,10}(DROP|DELETE|UPDATE|INSERT|ALTER|CREATE|EXEC)/i,
+  // '; DROP TABLE
+  /UNION\s+(ALL\s+)?SELECT/i,
+  // UNION SELECT
+  /--\s*$/m,
+  // SQL comment at end of line
+  /\/\*.{0,500}?\*\//,
+  // SQL block comment — bounded + non-greedy
+  /\bSLEEP\s*\(/i,
+  // Time-based injection
+  /\bBENCHMARK\s*\(/i,
+  // MySQL benchmark
+  /\bWAITFOR\s+DELAY/i,
+  // MSSQL delay
+  /\b(LOAD_FILE|INTO\s+OUTFILE|INTO\s+DUMPFILE)\b/i
+  // File operations
+];
+function detectSQLInjection(value) {
+  for (const pattern of SQL_INJECTION_PATTERNS) {
+    if (pattern.test(value)) return true;
+  }
+  return false;
+}
+function checkLengthLimits(value, maxLength = 4096) {
+  return value.length <= maxLength;
+}
+var ENTROPY_THRESHOLD = 4.5;
+var MIN_LENGTH_FOR_ENTROPY_CHECK = 32;
+function checkEntropyLimits(value) {
+  if (value.length < MIN_LENGTH_FOR_ENTROPY_CHECK) return true;
+  const entropy = calculateShannonEntropy(value);
+  return entropy <= ENTROPY_THRESHOLD;
+}
+function calculateShannonEntropy(str) {
+  const freq = /* @__PURE__ */ new Map();
+  for (const char of str) {
+    freq.set(char, (freq.get(char) ?? 0) + 1);
+  }
+  let entropy = 0;
+  const len = str.length;
+  for (const count of freq.values()) {
+    const p = count / len;
+    if (p > 0) {
+      entropy -= p * Math.log2(p);
+    }
+  }
+  return entropy;
+}
+function sanitizeInput(field, value, config = DEFAULT_INPUT_GUARD_CONFIG) {
+  const threats = [];
+  if (typeof value !== "string") {
+    if (typeof value === "object" && value !== null) {
+      return sanitizeObject(field, value, config);
+    }
+    return { safe: true, threats: [] };
+  }
+  if (config.pathTraversal && detectPathTraversal(value)) {
+    threats.push({
+      type: "PATH_TRAVERSAL",
+      field,
+      value: truncate(value, 100),
+      description: "Path traversal pattern detected"
+    });
+  }
+  if (config.shellInjection && detectShellInjection(value)) {
+    threats.push({
+      type: "SHELL_INJECTION",
+      field,
+      value: truncate(value, 100),
+      description: "Shell injection pattern detected"
+    });
+  }
+  if (config.wildcardAbuse && detectWildcardAbuse(value)) {
+    threats.push({
+      type: "WILDCARD_ABUSE",
+      field,
+      value: truncate(value, 100),
+      description: "Wildcard abuse pattern detected"
+    });
+  }
+  if (!checkLengthLimits(value, config.lengthLimit)) {
+    threats.push({
+      type: "LENGTH_EXCEEDED",
+      field,
+      value: `[${value.length} chars]`,
+      description: `Value exceeds maximum length of ${config.lengthLimit}`
+    });
+  }
+  if (config.entropyLimit && !checkEntropyLimits(value)) {
+    threats.push({
+      type: "HIGH_ENTROPY",
+      field,
+      value: truncate(value, 100),
+      description: "High entropy string detected - possible encoded payload"
+    });
+  }
+  if (config.ssrf && detectSSRF(value)) {
+    threats.push({
+      type: "SSRF",
+      field,
+      value: truncate(value, 100),
+      description: "Server-side request forgery pattern detected \u2014 internal/metadata URL blocked"
+    });
+  }
+  if (config.sqlInjection && detectSQLInjection(value)) {
+    threats.push({
+      type: "SQL_INJECTION",
+      field,
+      value: truncate(value, 100),
+      description: "SQL injection pattern detected"
+    });
+  }
+  return { safe: threats.length === 0, threats };
+}
+function sanitizeObject(basePath, obj, config) {
+  const threats = [];
+  if (Array.isArray(obj)) {
+    for (let i = 0; i < obj.length; i++) {
+      const result = sanitizeInput(`${basePath}[${i}]`, obj[i], config);
+      threats.push(...result.threats);
+    }
+  } else {
+    for (const [key, val] of Object.entries(obj)) {
+      const result = sanitizeInput(`${basePath}.${key}`, val, config);
+      threats.push(...result.threats);
+    }
+  }
+  return { safe: threats.length === 0, threats };
+}
+function truncate(str, maxLen) {
+  return str.length > maxLen ? str.slice(0, maxLen) + "..." : str;
+}
+var DEFAULT_TOKEN_TTL_SECONDS = 30;
+var TOKEN_ALGORITHM = "HS256";
+var MIN_SECRET_LENGTH = 32;
+function normalizePath(path) {
+  let normalized = path.replace(/\\/g, "/");
+  if (normalized.length > 1 && normalized.endsWith("/")) {
+    normalized = normalized.slice(0, -1);
+  }
+  const parts = normalized.split("/");
+  const resolved = [];
+  for (const part of parts) {
+    if (part === "." || part === "") {
+      if (resolved.length === 0) resolved.push("");
+      continue;
+    }
+    if (part === "..") {
+      if (resolved.length > 1) {
+        resolved.pop();
+      }
+      continue;
+    }
+    resolved.push(part);
+  }
+  return resolved.join("/") || "/";
+}
+function isWithinRoot(path, root) {
+  const normalizedPath = normalizePath(path);
+  const normalizedRoot = normalizePath(root);
+  if (normalizedPath === normalizedRoot) return true;
+  return normalizedPath.startsWith(normalizedRoot + "/");
+}
+function matchPathPattern(path, pattern) {
+  const normalizedPath = normalizePath(path);
+  const normalizedPattern = normalizePath(pattern);
+  if (normalizedPattern === "*") return true;
+  if (normalizedPattern === normalizedPath) return true;
+  const patternParts = normalizedPattern.split("/");
+  const pathParts = normalizedPath.split("/");
+  return matchParts(pathParts, 0, patternParts, 0);
+}
+function matchParts(pathParts, pi, patternParts, qi) {
+  while (pi < pathParts.length && qi < patternParts.length) {
+    const pattern = patternParts[qi];
+    if (pattern === "**") {
+      if (qi === patternParts.length - 1) return true;
+      for (let i = pi; i <= pathParts.length; i++) {
+        if (matchParts(pathParts, i, patternParts, qi + 1)) {
+          return true;
+        }
+      }
+      return false;
+    }
+    if (pattern === "*") {
+      pi++;
+      qi++;
+      continue;
+    }
+    if (pattern !== pathParts[pi]) {
+      return false;
+    }
+    pi++;
+    qi++;
+  }
+  while (qi < patternParts.length && patternParts[qi] === "**") {
+    qi++;
+  }
+  return pi === pathParts.length && qi === patternParts.length;
+}
+function isPathAllowed(path, constraints) {
+  if (constraints.rootDirectory) {
+    if (!isWithinRoot(path, constraints.rootDirectory)) {
+      return false;
+    }
+  }
+  if (constraints.denied && constraints.denied.length > 0) {
+    for (const pattern of constraints.denied) {
+      if (matchPathPattern(path, pattern)) {
+        return false;
+      }
+    }
+  }
+  if (constraints.allowed && constraints.allowed.length > 0) {
+    let matchesAllowed = false;
+    for (const pattern of constraints.allowed) {
+      if (matchPathPattern(path, pattern)) {
+        matchesAllowed = true;
+        break;
+      }
+    }
+    if (!matchesAllowed) return false;
+  }
+  return true;
+}
+function extractPathArguments(args) {
+  const paths = [];
+  for (const value of Object.values(args)) {
+    if (typeof value === "string" && (value.includes("/") || value.includes("\\"))) {
+      paths.push(value);
+    }
+  }
+  return paths;
+}
+function ruleMatchesRequest(rule, request) {
+  if (!rule.enabled) return false;
+  if (rule.permission !== request.requiredPermission) return false;
+  if (!toolPatternMatches(rule.toolPattern, request.toolName)) return false;
+  if (!trustLevelMeetsMinimum(request.context.trustLevel, rule.minimumTrustLevel)) {
+    return false;
+  }
+  if (rule.argumentConstraints) {
+    if (!argumentConstraintsMatch(rule.argumentConstraints, request.arguments)) {
+      return false;
+    }
+  }
+  if (rule.pathConstraints) {
+    if (!pathConstraintsMatch(rule.pathConstraints, request.arguments)) {
+      return false;
+    }
+  }
+  return true;
+}
+function toolPatternMatches(pattern, toolName) {
+  if (pattern === "*") return true;
+  const startsWithStar = pattern.startsWith("*");
+  const endsWithStar = pattern.endsWith("*");
+  if (startsWithStar && endsWithStar) {
+    const infix = pattern.slice(1, -1);
+    return infix.length > 0 && toolName.includes(infix);
+  }
+  if (endsWithStar) {
+    const prefix = pattern.slice(0, -1);
+    return toolName.startsWith(prefix);
+  }
+  if (startsWithStar) {
+    const suffix = pattern.slice(1);
+    return toolName.endsWith(suffix);
+  }
+  return pattern === toolName;
+}
+var TRUST_LEVEL_ORDER = {
+  [TrustLevel.UNTRUSTED]: 0,
+  [TrustLevel.VERIFIED]: 1,
+  [TrustLevel.TRUSTED]: 2
+};
+function trustLevelMeetsMinimum(actual, minimum) {
+  return (TRUST_LEVEL_ORDER[actual] ?? -1) >= (TRUST_LEVEL_ORDER[minimum] ?? Infinity);
+}
+function argumentConstraintsMatch(constraints, args) {
+  for (const [key, constraint] of Object.entries(constraints)) {
+    if (!(key in args)) return false;
+    const argValue = args[key];
+    if (typeof constraint === "string") {
+      if (constraint === "*") continue;
+      if (typeof argValue === "string") {
+        if (argValue !== constraint) return false;
+      } else {
+        return false;
+      }
+      continue;
+    }
+    if (typeof constraint === "object" && constraint !== null && !Array.isArray(constraint)) {
+      const ops = constraint;
+      const strValue = typeof argValue === "string" ? argValue : void 0;
+      const numValue = typeof argValue === "number" ? argValue : void 0;
+      if ("$contains" in ops && typeof ops.$contains === "string") {
+        if (!strValue || !strValue.includes(ops.$contains)) return false;
+      }
+      if ("$notContains" in ops && typeof ops.$notContains === "string") {
+        if (strValue && strValue.includes(ops.$notContains)) return false;
+      }
+      if ("$startsWith" in ops && typeof ops.$startsWith === "string") {
+        if (!strValue || !strValue.startsWith(ops.$startsWith)) return false;
+      }
+      if ("$endsWith" in ops && typeof ops.$endsWith === "string") {
+        if (!strValue || !strValue.endsWith(ops.$endsWith)) return false;
+      }
+      if ("$in" in ops && Array.isArray(ops.$in)) {
+        if (!ops.$in.includes(argValue)) return false;
+      }
+      if ("$notIn" in ops && Array.isArray(ops.$notIn)) {
+        if (ops.$notIn.includes(argValue)) return false;
+      }
+      if ("$gt" in ops && typeof ops.$gt === "number") {
+        if (numValue === void 0 || numValue <= ops.$gt) return false;
+      }
+      if ("$lt" in ops && typeof ops.$lt === "number") {
+        if (numValue === void 0 || numValue >= ops.$lt) return false;
+      }
+      if ("$gte" in ops && typeof ops.$gte === "number") {
+        if (numValue === void 0 || numValue < ops.$gte) return false;
+      }
+      if ("$lte" in ops && typeof ops.$lte === "number") {
+        if (numValue === void 0 || numValue > ops.$lte) return false;
+      }
+      continue;
+    }
+  }
+  return true;
+}
+function pathConstraintsMatch(constraints, args) {
+  const paths = extractPathArguments(args);
+  if (paths.length === 0) return true;
+  return paths.every((path) => isPathAllowed(path, constraints));
+}
+function evaluatePolicy(policySet, request) {
+  const startTime = performance.now();
+  const sortedRules = [...policySet.rules].sort(
+    (a, b) => a.priority - b.priority
+  );
+  for (const rule of sortedRules) {
+    if (ruleMatchesRequest(rule, request)) {
+      const endTime2 = performance.now();
+      return {
+        effect: rule.effect,
+        matchedRule: rule,
+        reason: `Matched rule "${rule.id}": ${rule.description}`,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        evaluationTimeMs: endTime2 - startTime
+      };
+    }
+  }
+  const endTime = performance.now();
+  return {
+    effect: DEFAULT_POLICY_EFFECT,
+    matchedRule: null,
+    reason: "No matching policy rule found. Default action: DENY.",
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    evaluationTimeMs: endTime - startTime,
+    metadata: {
+      evaluatedRules: sortedRules.length,
+      ruleIds: sortedRules.map((r) => r.id),
+      requestContext: {
+        tool: request.toolName,
+        arguments: Object.keys(request.arguments ?? {})
+      }
+    }
+  };
+}
+function validatePolicyRule(input) {
+  const errors = [];
+  const warnings = [];
+  const result = PolicyRuleSchema.safeParse(input);
+  if (!result.success) {
+    return {
+      valid: false,
+      errors: result.error.errors.map(
+        (e) => `${e.path.join(".")}: ${e.message}`
+      ),
+      warnings: []
+    };
+  }
+  const rule = result.data;
+  if (rule.toolPattern === "*" && rule.effect === "ALLOW") {
+    warnings.push(UNSAFE_CONFIGURATION_WARNINGS.WILDCARD_ALLOW);
+  }
+  if (rule.minimumTrustLevel === "TRUSTED") {
+    warnings.push(UNSAFE_CONFIGURATION_WARNINGS.TRUSTED_LEVEL_EXTERNAL);
+  }
+  if (rule.permission === "EXECUTE") {
+    warnings.push(UNSAFE_CONFIGURATION_WARNINGS.EXECUTE_WITHOUT_REVIEW);
+  }
+  return { valid: true, errors, warnings };
+}
+function validatePolicySet(input) {
+  const errors = [];
+  const warnings = [];
+  const result = PolicySetSchema.safeParse(input);
+  if (!result.success) {
+    return {
+      valid: false,
+      errors: result.error.errors.map(
+        (e) => `${e.path.join(".")}: ${e.message}`
+      ),
+      warnings: []
+    };
+  }
+  const policySet = result.data;
+  if (policySet.rules.length > MAX_RULES_PER_POLICY_SET) {
+    errors.push(
+      `Policy set exceeds maximum of ${MAX_RULES_PER_POLICY_SET} rules`
+    );
+  }
+  const ruleIds = /* @__PURE__ */ new Set();
+  for (const rule of policySet.rules) {
+    if (ruleIds.has(rule.id)) {
+      errors.push(`Duplicate rule ID: "${rule.id}"`);
+    }
+    ruleIds.add(rule.id);
+  }
+  for (const rule of policySet.rules) {
+    const ruleResult = validatePolicyRule(rule);
+    warnings.push(...ruleResult.warnings);
+  }
+  const hasDenyRule = policySet.rules.some((r) => r.effect === "DENY");
+  if (!hasDenyRule && policySet.rules.length > 0) {
+    warnings.push(
+      "Policy set contains only ALLOW rules. The default-deny fallback is the only protection."
+    );
+  }
+  return {
+    valid: errors.length === 0,
+    errors,
+    warnings
+  };
+}
+function analyzeSecurityWarnings(policySet) {
+  const warnings = [];
+  for (const rule of policySet.rules) {
+    warnings.push(...analyzeRuleWarnings(rule));
+  }
+  const allowRules = policySet.rules.filter(
+    (r) => r.effect === "ALLOW" && r.enabled
+  );
+  const wildcardAllows = allowRules.filter((r) => r.toolPattern === "*");
+  if (wildcardAllows.length > 0) {
+    warnings.push({
+      level: "CRITICAL",
+      code: "WILDCARD_ALLOW",
+      message: UNSAFE_CONFIGURATION_WARNINGS.WILDCARD_ALLOW,
+      recommendation: "Replace wildcard ALLOW rules with specific tool patterns."
+    });
+  }
+  return warnings;
+}
+function analyzeRuleWarnings(rule) {
+  const warnings = [];
+  if (rule.effect === "ALLOW" && rule.minimumTrustLevel === "UNTRUSTED") {
+    warnings.push({
+      level: "CRITICAL",
+      code: "ALLOW_UNTRUSTED",
+      message: `Rule "${rule.id}" allows execution for UNTRUSTED requests. Unverified LLM requests can execute tools.`,
+      ruleId: rule.id,
+      recommendation: "Set minimumTrustLevel to VERIFIED or higher for ALLOW rules."
+    });
+  }
+  if (rule.effect === "ALLOW" && rule.permission === "EXECUTE") {
+    warnings.push({
+      level: "WARNING",
+      code: "ALLOW_EXECUTE",
+      message: UNSAFE_CONFIGURATION_WARNINGS.EXECUTE_WITHOUT_REVIEW,
+      ruleId: rule.id,
+      recommendation: "Ensure EXECUTE permissions are intentional and scoped to specific tools."
+    });
+  }
+  return warnings;
+}
+function createDefaultDenyPolicySet() {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  return {
+    id: "default-deny",
+    name: "Default Deny All",
+    description: "Denies all tool executions. Add explicit ALLOW rules to grant access to specific tools.",
+    version: 1,
+    rules: [
+      {
+        id: "deny-all-execute",
+        description: "Explicitly deny all tool executions",
+        effect: PolicyEffect.DENY,
+        priority: 1e4,
+        toolPattern: "*",
+        permission: Permission.EXECUTE,
+        minimumTrustLevel: TrustLevel.UNTRUSTED,
+        enabled: true,
+        createdAt: now,
+        updatedAt: now
+      },
+      {
+        id: "deny-all-write",
+        description: "Explicitly deny all write operations",
+        effect: PolicyEffect.DENY,
+        priority: 1e4,
+        toolPattern: "*",
+        permission: Permission.WRITE,
+        minimumTrustLevel: TrustLevel.UNTRUSTED,
+        enabled: true,
+        createdAt: now,
+        updatedAt: now
+      },
+      {
+        id: "deny-all-read",
+        description: "Explicitly deny all read operations",
+        effect: PolicyEffect.DENY,
+        priority: 1e4,
+        toolPattern: "*",
+        permission: Permission.READ,
+        minimumTrustLevel: TrustLevel.UNTRUSTED,
+        enabled: true,
+        createdAt: now,
+        updatedAt: now
+      }
+    ],
+    createdAt: now,
+    updatedAt: now
+  };
+}
+function createReadOnlyPolicySet(toolPattern) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  return {
+    id: `read-only-${toolPattern}`,
+    name: `Read-Only: ${toolPattern}`,
+    description: `Allows read access to tools matching "${toolPattern}". Denies write and execute.`,
+    version: 1,
+    rules: [
+      {
+        id: `allow-read-${toolPattern}`,
+        description: `Allow read access to ${toolPattern}`,
+        effect: PolicyEffect.ALLOW,
+        priority: 100,
+        toolPattern,
+        permission: Permission.READ,
+        minimumTrustLevel: TrustLevel.VERIFIED,
+        enabled: true,
+        createdAt: now,
+        updatedAt: now
+      }
+    ],
+    createdAt: now,
+    updatedAt: now
+  };
+}
+var PolicyEngine = class {
+  policySet;
+  timeoutMs;
+  store;
+  constructor(options) {
+    this.policySet = options?.policySet ?? createDefaultDenyPolicySet();
+    this.timeoutMs = options?.timeoutMs ?? POLICY_EVALUATION_TIMEOUT_MS;
+    this.store = options?.store ?? null;
+  }
+  /**
+   * Evaluates an execution request against the current policy set.
+   * Never throws for denials - denial is a normal outcome, not an error.
+   */
+  evaluate(request) {
+    const startTime = performance.now();
+    const decision = evaluatePolicy(this.policySet, request);
+    const elapsed = performance.now() - startTime;
+    if (elapsed > this.timeoutMs) {
+      console.warn(
+        `[SolonGate] Policy evaluation took ${elapsed.toFixed(1)}ms (limit: ${this.timeoutMs}ms) for tool "${request.toolName}"`
+      );
+    }
+    return decision;
+  }
+  /**
+   * Loads a new policy set, replacing the current one.
+   * Validates before accepting. Auto-saves version when store is present.
+   */
+  loadPolicySet(policySet, options) {
+    const validation = validatePolicySet(policySet);
+    if (!validation.valid) {
+      return validation;
+    }
+    this.policySet = policySet;
+    if (this.store) {
+      this.store.saveVersion(
+        policySet,
+        options?.reason ?? "Policy updated",
+        options?.createdBy ?? "system"
+      );
+    }
+    return validation;
+  }
+  /**
+   * Rolls back to a previous policy version.
+   * Only available when a PolicyStore is configured.
+   */
+  rollback(version) {
+    if (!this.store) {
+      throw new Error("PolicyStore not configured - cannot rollback");
+    }
+    const policyVersion = this.store.rollback(this.policySet.id, version);
+    this.policySet = policyVersion.policySet;
+    return policyVersion;
+  }
+  getPolicySet() {
+    return this.policySet;
+  }
+  getSecurityWarnings() {
+    return analyzeSecurityWarnings(this.policySet);
+  }
+  getStore() {
+    return this.store;
+  }
+  reset() {
+    this.policySet = createDefaultDenyPolicySet();
+  }
+};
+var PolicyStore = class {
+  versions = /* @__PURE__ */ new Map();
+  /**
+   * Saves a new version of a policy set.
+   * The version number auto-increments.
+   */
+  saveVersion(policySet, reason, createdBy) {
+    const id = policySet.id;
+    const history = this.versions.get(id) ?? [];
+    const latestVersion = history.length > 0 ? history[history.length - 1].version : 0;
+    const version = {
+      version: latestVersion + 1,
+      policySet: Object.freeze({ ...policySet }),
+      hash: this.computeHash(policySet),
+      reason,
+      createdBy,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    const newHistory = [...history, version];
+    this.versions.set(id, newHistory);
+    return version;
+  }
+  /**
+   * Gets a specific version of a policy set.
+   */
+  getVersion(id, version) {
+    const history = this.versions.get(id);
+    if (!history) return null;
+    return history.find((v) => v.version === version) ?? null;
+  }
+  /**
+   * Gets the latest version of a policy set.
+   */
+  getLatest(id) {
+    const history = this.versions.get(id);
+    if (!history || history.length === 0) return null;
+    return history[history.length - 1];
+  }
+  /**
+   * Gets the full version history of a policy set.
+   */
+  getHistory(id) {
+    return this.versions.get(id) ?? [];
+  }
+  /**
+   * Rolls back to a previous version by creating a new version
+   * with the same content as the target version.
+   */
+  rollback(id, toVersion) {
+    const target = this.getVersion(id, toVersion);
+    if (!target) {
+      throw new Error(`Version ${toVersion} not found for policy "${id}"`);
+    }
+    return this.saveVersion(
+      target.policySet,
+      `Rollback to version ${toVersion}`,
+      "system"
+    );
+  }
+  /**
+   * Computes a diff between two policy versions.
+   */
+  diff(v1, v2) {
+    const oldRulesMap = new Map(v1.policySet.rules.map((r) => [r.id, r]));
+    const newRulesMap = new Map(v2.policySet.rules.map((r) => [r.id, r]));
+    const added = [];
+    const removed = [];
+    const modified = [];
+    for (const [id, newRule] of newRulesMap) {
+      const oldRule = oldRulesMap.get(id);
+      if (!oldRule) {
+        added.push(newRule);
+      } else if (JSON.stringify(oldRule) !== JSON.stringify(newRule)) {
+        modified.push({ old: oldRule, new: newRule });
+      }
+    }
+    for (const [id, oldRule] of oldRulesMap) {
+      if (!newRulesMap.has(id)) {
+        removed.push(oldRule);
+      }
+    }
+    return { added, removed, modified };
+  }
+  /**
+   * Computes SHA256 hash of a policy set for integrity verification.
+   */
+  computeHash(policySet) {
+    const serialized = JSON.stringify(policySet, Object.keys(policySet).sort());
+    return createHash("sha256").update(serialized).digest("hex");
+  }
+};
+// src/config.ts
 var DEFAULT_CONFIG = Object.freeze({
   validateSchemas: true,
   enableLogging: true,
@@ -384,6 +1500,8 @@ var ServerVerifier = class {
     return { valid: true };
   }
 };
+// src/rate-limiter.ts
 var RateLimiter = class {
   windowMs;
   records = /* @__PURE__ */ new Map();
@@ -703,6 +1821,8 @@ var SecureMcpServer = class extends McpServer {
     return this.gate;
   }
 };
+// src/api-client.ts
 var DEFAULT_API_URL = "https://api.solongate.com";
 var API_VERSION = "v1";
 var SDK_VERSION = "0.2.0";
@@ -922,6 +2042,6 @@ var SolonGateAPI = class {
   }
 };
-export { APIError, AuthenticationError, DEFAULT_CONFIG, LicenseError, RateLimitError2 as RateLimitError, RateLimiter, SecureMcpServer, SecurityLogger, ServerVerifier, SolonGate, SolonGateAPI, TokenIssuer, interceptToolCall, resolveConfig };
+export { APIError, AuthenticationError, RateLimitError as CoreRateLimitError, DEFAULT_CONFIG, InputGuardError, LicenseError, NetworkError, Permission, PolicyDeniedError, PolicyEffect, PolicyEngine, PolicyStore, RateLimitError2 as RateLimitError, RateLimiter, SchemaValidationError, SecureMcpServer, SecurityLogger, ServerVerifier, SolonGate, SolonGateAPI, SolonGateError, TokenIssuer, TrustLevel, checkEntropyLimits, checkLengthLimits, createDefaultDenyPolicySet, createDeniedToolResult, createReadOnlyPolicySet, createSecurityContext, detectPathTraversal, detectSQLInjection, detectSSRF, detectShellInjection, detectWildcardAbuse, interceptToolCall, resolveConfig, sanitizeInput, validateToolInput };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map