@sonoma-security/mcp-gateway 0.1.11 → 0.1.13

package/dist/http-proxy.d.ts

@@ -0,0 +1,76 @@
+/**
+ * HTTP Proxy Server for MCP Gateway
+ *
+ * Exposes per-server HTTP endpoints that transparently proxy MCP requests
+ * to upstream servers. This allows plugins to keep their skills active
+ * while traffic flows through the gateway for policy enforcement and telemetry.
+ *
+ * Architecture:
+ *   Plugin (http://localhost:{port}/proxy/{serverName}) -> HTTP Proxy -> Upstream MCP Server
+ *
+ * Each upstream server gets its own MCP Server + StreamableHTTPServerTransport,
+ * which delegates tools/list and tools/call to the upstream Client connection
+ * managed by the parent McpGateway.
+ */
+import type { Client } from "@modelcontextprotocol/sdk/client/index.js";
+export interface HttpProxyUpstream {
+    name: string;
+    client: Client;
+    connected: boolean;
+}
+export interface HttpProxyCallbacks {
+    /** Get the current list of upstream connections */
+    getUpstreams(): Map<string, HttpProxyUpstream>;
+    /** Check if a tool is blocked by policy. Returns true if blocked. */
+    isToolBlocked(serverName: string, toolName: string): boolean;
+    /** Record a tool call event for telemetry */
+    recordToolCall(event: {
+        serverName: string;
+        toolName: string;
+        durationMs: number;
+        status: "success" | "error" | "blocked";
+        errorMessage?: string;
+        argumentKeys?: string[];
+    }): void;
+    /** Get server names that are pending OAuth authentication */
+    getPendingAuthServers?(): Set<string>;
+    /** Get the upstream URL for a server (used for OAuth discovery forwarding) */
+    getUpstreamUrl?(serverName: string): string | undefined;
+    /** Debug logging */
+    log(message: string): void;
+}
+export declare class HttpProxyServer {
+    private httpServer;
+    private callbacks;
+    private sessions;
+    private port;
+    constructor(port: number, callbacks: HttpProxyCallbacks);
+    start(): Promise<void>;
+    stop(): Promise<void>;
+    /**
+     * Get the proxy URL for a specific server.
+     * Plugins should rewrite their URLs to this endpoint.
+     */
+    getProxyUrl(serverName: string): string;
+    private handleRequest;
+    /**
+     * Forward OAuth protected resource metadata from the upstream server.
+     *
+     * The MCP SDK queries /.well-known/oauth-protected-resource{path} to discover
+     * where to send the user for authentication. We forward this from the real
+     * upstream (e.g., mcp.slack.com) but rewrite the `resource` field to match
+     * the proxy URL so the SDK's validation passes.
+     */
+    private handleOAuthDiscovery;
+    /**
+     * Create a new MCP Server that proxies requests to an upstream Client.
+     * Each session gets its own Server + Transport pair.
+     *
+     * The session is created immediately even if the upstream isn't connected yet.
+     * tools/list returns empty tools in that case, and tool calls return errors.
+     * When the upstream connects, the gateway sends toolListChanged which triggers
+     * the client to re-fetch tools.
+     */
+    private createProxySession;
+}
+//# sourceMappingURL=http-proxy.d.ts.map

package/dist/http-proxy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-proxy.d.ts","sourceRoot":"","sources":["../src/http-proxy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAcH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAExE,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,mDAAmD;IACnD,YAAY,IAAI,GAAG,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAC/C,qEAAqE;IACrE,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;IAC7D,6CAA6C;IAC7C,cAAc,CAAC,KAAK,EAAE;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,SAAS,GAAG,OAAO,GAAG,SAAS,CAAC;QACxC,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;KACzB,GAAG,IAAI,CAAC;IACT,6DAA6D;IAC7D,qBAAqB,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IACtC,8EAA8E;IAC9E,cAAc,CAAC,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;IACxD,oBAAoB;IACpB,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAWD,qBAAa,eAAe;IAC1B,OAAO,CAAC,UAAU,CAAkC;IACpD,OAAO,CAAC,SAAS,CAAqB;IACtC,OAAO,CAAC,QAAQ,CAAwC;IACxD,OAAO,CAAC,IAAI,CAAS;gBAET,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,kBAAkB;IAMjD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAUtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAiB3B;;;OAGG;IACH,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;YAIzB,aAAa;IAmF3B;;;;;;;OAOG;YACW,oBAAoB;IAkDlC;;;;;;;;OAQG;YACW,kBAAkB;CA4JjC"}

package/dist/http-proxy.js

@@ -0,0 +1,316 @@
+/**
+ * HTTP Proxy Server for MCP Gateway
+ *
+ * Exposes per-server HTTP endpoints that transparently proxy MCP requests
+ * to upstream servers. This allows plugins to keep their skills active
+ * while traffic flows through the gateway for policy enforcement and telemetry.
+ *
+ * Architecture:
+ *   Plugin (http://localhost:{port}/proxy/{serverName}) -> HTTP Proxy -> Upstream MCP Server
+ *
+ * Each upstream server gets its own MCP Server + StreamableHTTPServerTransport,
+ * which delegates tools/list and tools/call to the upstream Client connection
+ * managed by the parent McpGateway.
+ */
+import { createServer } from "node:http";
+import { randomUUID } from "node:crypto";
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
+const TOOL_CALL_TIMEOUT_MS = 30_000;
+export class HttpProxyServer {
+    httpServer;
+    callbacks;
+    sessions = new Map();
+    port;
+    constructor(port, callbacks) {
+        this.port = port;
+        this.callbacks = callbacks;
+        this.httpServer = createServer(this.handleRequest.bind(this));
+    }
+    async start() {
+        return new Promise((resolve, reject) => {
+            this.httpServer.on("error", reject);
+            this.httpServer.listen(this.port, () => {
+                this.callbacks.log(`HTTP proxy server listening on port ${this.port}`);
+                resolve();
+            });
+        });
+    }
+    async stop() {
+        // Close all sessions
+        for (const [sessionId, session] of this.sessions) {
+            try {
+                await session.transport.close();
+                await session.server.close();
+            }
+            catch {
+                // Ignore close errors
+            }
+            this.sessions.delete(sessionId);
+        }
+        return new Promise((resolve) => {
+            this.httpServer.close(() => resolve());
+        });
+    }
+    /**
+     * Get the proxy URL for a specific server.
+     * Plugins should rewrite their URLs to this endpoint.
+     */
+    getProxyUrl(serverName) {
+        return `http://localhost:${this.port}/proxy/${encodeURIComponent(serverName)}/mcp`;
+    }
+    async handleRequest(req, res) {
+        const url = new URL(req.url ?? "/", `http://localhost:${this.port}`);
+        // CORS headers for local access
+        res.setHeader("Access-Control-Allow-Origin", "*");
+        res.setHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS");
+        res.setHeader("Access-Control-Allow-Headers", "Content-Type, Mcp-Session-Id, Last-Event-ID");
+        res.setHeader("Access-Control-Expose-Headers", "Mcp-Session-Id");
+        if (req.method === "OPTIONS") {
+            res.writeHead(204);
+            res.end();
+            return;
+        }
+        // Forward OAuth protected resource discovery to the upstream server so the
+        // MCP SDK learns where the real authorization endpoint is (e.g., slack.com)
+        // instead of constructing localhost:19880/authorize which doesn't exist.
+        if (url.pathname.startsWith("/.well-known/oauth-protected-resource")) {
+            await this.handleOAuthDiscovery(url, res);
+            return;
+        }
+        // Return 404 for /authorize and other .well-known endpoints.
+        if (url.pathname.startsWith("/.well-known/") || url.pathname === "/authorize") {
+            res.writeHead(404);
+            res.end();
+            return;
+        }
+        // Parse /proxy/{serverName}/mcp
+        const match = url.pathname.match(/^\/proxy\/([^/]+)\/mcp$/);
+        if (!match) {
+            res.writeHead(404, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ error: "Not found. Use /proxy/{serverName}/mcp" }));
+            return;
+        }
+        const serverName = decodeURIComponent(match[1]);
+        // Get or create session
+        const sessionId = req.headers["mcp-session-id"];
+        if (req.method === "GET" || req.method === "DELETE") {
+            // SSE or session termination: route to existing session
+            if (sessionId && this.sessions.has(sessionId)) {
+                // eslint-disable-next-line @typescript-eslint/no-non-null-assertion -- guarded by this.sessions.has(sessionId) above
+                const session = this.sessions.get(sessionId);
+                await session.transport.handleRequest(req, res);
+                if (req.method === "DELETE") {
+                    this.sessions.delete(sessionId);
+                }
+                return;
+            }
+            if (req.method === "DELETE") {
+                res.writeHead(200);
+                res.end();
+                return;
+            }
+            // GET without session: not valid
+            res.writeHead(400, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ error: "Session required for GET requests" }));
+            return;
+        }
+        // POST: create new session or route to existing
+        if (sessionId && this.sessions.has(sessionId)) {
+            // eslint-disable-next-line @typescript-eslint/no-non-null-assertion -- guarded by this.sessions.has(sessionId) above
+            await this.sessions.get(sessionId).transport.handleRequest(req, res);
+            return;
+        }
+        // New session: create a proxy MCP server for this server name.
+        // The session is created immediately (even if the upstream isn't connected
+        // yet) so the MCP handshake completes and Claude Code marks it as
+        // "connected". tools/list will return empty until the upstream connects,
+        // then we send toolListChanged.
+        const session = await this.createProxySession(serverName);
+        await session.transport.handleRequest(req, res);
+    }
+    /**
+     * Forward OAuth protected resource metadata from the upstream server.
+     *
+     * The MCP SDK queries /.well-known/oauth-protected-resource{path} to discover
+     * where to send the user for authentication. We forward this from the real
+     * upstream (e.g., mcp.slack.com) but rewrite the `resource` field to match
+     * the proxy URL so the SDK's validation passes.
+     */
+    async handleOAuthDiscovery(url, res) {
+        // Extract server name from path suffix: /.well-known/oauth-protected-resource/proxy/{name}/mcp
+        const pathMatch = url.pathname.match(/^\/\.well-known\/oauth-protected-resource\/proxy\/([^/]+)\/mcp$/);
+        if (!pathMatch) {
+            res.writeHead(404);
+            res.end();
+            return;
+        }
+        const serverName = decodeURIComponent(pathMatch[1]);
+        const upstreamUrl = this.callbacks.getUpstreamUrl?.(serverName);
+        if (!upstreamUrl) {
+            res.writeHead(404);
+            res.end();
+            return;
+        }
+        try {
+            const upstreamOrigin = new URL(upstreamUrl).origin;
+            const discoveryUrl = `${upstreamOrigin}/.well-known/oauth-protected-resource`;
+            const response = await fetch(discoveryUrl, {
+                headers: { Accept: "application/json" },
+                redirect: "follow",
+            });
+            if (!response.ok) {
+                res.writeHead(response.status);
+                res.end();
+                return;
+            }
+            const metadata = await response.json();
+            // Rewrite the resource field to match the proxy URL so the SDK's
+            // "protected resource does not match" validation passes
+            metadata.resource = `http://localhost:${this.port}/proxy/${encodeURIComponent(serverName)}/mcp`;
+            res.writeHead(200, { "Content-Type": "application/json" });
+            res.end(JSON.stringify(metadata));
+        }
+        catch {
+            res.writeHead(502);
+            res.end();
+        }
+    }
+    /**
+     * Create a new MCP Server that proxies requests to an upstream Client.
+     * Each session gets its own Server + Transport pair.
+     *
+     * The session is created immediately even if the upstream isn't connected yet.
+     * tools/list returns empty tools in that case, and tool calls return errors.
+     * When the upstream connects, the gateway sends toolListChanged which triggers
+     * the client to re-fetch tools.
+     */
+    async createProxySession(serverName) {
+        const callbacks = this.callbacks;
+        const server = new Server({
+            name: `sonoma-proxy-${serverName}`,
+            version: "0.1.0",
+        }, {
+            capabilities: {
+                tools: { listChanged: true },
+            },
+        });
+        // Proxy tools/list: forward to upstream client if connected, empty otherwise
+        server.setRequestHandler(ListToolsRequestSchema, async () => {
+            const upstream = callbacks.getUpstreams().get(serverName);
+            if (!upstream?.connected) {
+                return { tools: [] };
+            }
+            try {
+                const result = await upstream.client.listTools();
+                return { tools: result.tools };
+            }
+            catch (error) {
+                callbacks.log(`Failed to list tools from ${serverName}: ${error}`);
+                return { tools: [] };
+            }
+        });
+        // Proxy tools/call: check policy, forward to upstream, record telemetry
+        server.setRequestHandler(CallToolRequestSchema, async (request) => {
+            const { name: toolName, arguments: args } = request.params;
+            const startTime = Date.now();
+            // Check policy before forwarding
+            if (callbacks.isToolBlocked(serverName, toolName)) {
+                callbacks.recordToolCall({
+                    serverName,
+                    toolName,
+                    durationMs: Date.now() - startTime,
+                    status: "blocked",
+                    argumentKeys: args ? Object.keys(args) : [],
+                });
+                return {
+                    isError: true,
+                    content: [
+                        {
+                            type: "text",
+                            text: `Tool ${serverName}.${toolName} is blocked by organization policy`,
+                        },
+                    ],
+                };
+            }
+            const upstream = callbacks.getUpstreams().get(serverName);
+            if (!upstream?.connected) {
+                return {
+                    isError: true,
+                    content: [
+                        {
+                            type: "text",
+                            text: `Server ${serverName} is not connected yet. Please wait for the connection to be established.`,
+                        },
+                    ],
+                };
+            }
+            try {
+                const callPromise = upstream.client.callTool({
+                    name: toolName,
+                    arguments: args,
+                });
+                const callTimeout = new Promise((_, reject) => {
+                    setTimeout(() => reject(new Error(`Tool call timeout after ${TOOL_CALL_TIMEOUT_MS}ms`)), TOOL_CALL_TIMEOUT_MS);
+                });
+                const result = await Promise.race([callPromise, callTimeout]);
+                callbacks.recordToolCall({
+                    serverName,
+                    toolName,
+                    durationMs: Date.now() - startTime,
+                    status: "success",
+                    argumentKeys: args ? Object.keys(args) : [],
+                });
+                return result;
+            }
+            catch (error) {
+                const errorMessage = error instanceof Error ? error.message : String(error);
+                callbacks.recordToolCall({
+                    serverName,
+                    toolName,
+                    durationMs: Date.now() - startTime,
+                    status: "error",
+                    errorMessage,
+                    argumentKeys: args ? Object.keys(args) : [],
+                });
+                return {
+                    isError: true,
+                    content: [
+                        {
+                            type: "text",
+                            text: `Error calling ${serverName}.${toolName}: ${errorMessage}`,
+                        },
+                    ],
+                };
+            }
+        });
+        const transport = new StreamableHTTPServerTransport({
+            sessionIdGenerator: () => randomUUID(),
+        });
+        // Track session by ID once the transport assigns one
+        transport.onclose = () => {
+            if (transport.sessionId) {
+                this.sessions.delete(transport.sessionId);
+            }
+        };
+        await server.connect(transport);
+        const session = { server, transport, serverName };
+        // Store session after transport is connected (sessionId is set during handleRequest)
+        // We'll store it by the transport's sessionId after the first request
+        if (transport.sessionId) {
+            this.sessions.set(transport.sessionId, session);
+        }
+        // Also set up a hook to store the session once the ID is assigned
+        const origHandleRequest = transport.handleRequest.bind(transport);
+        transport.handleRequest = async (req, res, body) => {
+            await origHandleRequest(req, res, body);
+            if (transport.sessionId && !this.sessions.has(transport.sessionId)) {
+                this.sessions.set(transport.sessionId, session);
+                callbacks.log(`HTTP proxy session created: ${transport.sessionId} -> ${serverName}`);
+            }
+        };
+        return session;
+    }
+}
+//# sourceMappingURL=http-proxy.js.map

package/dist/http-proxy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-proxy.js","sourceRoot":"","sources":["../src/http-proxy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,YAAY,EAA6C,MAAM,WAAW,CAAC;AACpF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oCAAoC,CAAC;AA0C5C,MAAM,oBAAoB,GAAG,MAAM,CAAC;AAEpC,MAAM,OAAO,eAAe;IAClB,UAAU,CAAkC;IAC5C,SAAS,CAAqB;IAC9B,QAAQ,GAA8B,IAAI,GAAG,EAAE,CAAC;IAChD,IAAI,CAAS;IAErB,YAAY,IAAY,EAAE,SAA6B;QACrD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,KAAK;QACT,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACpC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE;gBACrC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,uCAAuC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;gBACvE,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,IAAI;QACR,qBAAqB;QACrB,KAAK,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACjD,IAAI,CAAC;gBACH,MAAM,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;gBAChC,MAAM,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAC/B,CAAC;YAAC,MAAM,CAAC;gBACP,sBAAsB;YACxB,CAAC;YACD,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,WAAW,CAAC,UAAkB;QAC5B,OAAO,oBAAoB,IAAI,CAAC,IAAI,UAAU,kBAAkB,CAAC,UAAU,CAAC,MAAM,CAAC;IACrF,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,GAAoB,EAAE,GAAmB;QACnE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,oBAAoB,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAErE,gCAAgC;QAChC,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;QAClD,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,4BAA4B,CAAC,CAAC;QAC5E,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,6CAA6C,CAAC,CAAC;QAC7F,GAAG,CAAC,SAAS,CAAC,+BAA+B,EAAE,gBAAgB,CAAC,CAAC;QAEjE,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC7B,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,EAAE,CAAC;YACV,OAAO;QACT,CAAC;QAED,2EAA2E;QAC3E,4EAA4E;QAC5E,yEAAyE;QACzE,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,uCAAuC,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC1C,OAAO;QACT,CAAC;QAED,6DAA6D;QAC7D,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;YAC9E,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,EAAE,CAAC;YACV,OAAO;QACT,CAAC;QAED,gCAAgC;QAChC,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC5D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,wCAAwC,EAAE,CAAC,CAAC,CAAC;YAC7E,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAEhD,wBAAwB;QACxB,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QAEtE,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACpD,wDAAwD;YACxD,IAAI,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC9C,qHAAqH;gBACrH,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC;gBAC9C,MAAM,OAAO,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBAChD,IAAI,GAAG,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;oBAC5B,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBAClC,CAAC;gBACD,OAAO;YACT,CAAC;YAED,IAAI,GAAG,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;gBAC5B,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACnB,GAAG,CAAC,GAAG,EAAE,CAAC;gBACV,OAAO;YACT,CAAC;YAED,iCAAiC;YACjC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC,CAAC,CAAC;YACxE,OAAO;QACT,CAAC;QAED,gDAAgD;QAChD,IAAI,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9C,qHAAqH;YACrH,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACtE,OAAO;QACT,CAAC;QAED,+DAA+D;QAC/D,2EAA2E;QAC3E,kEAAkE;QAClE,yEAAyE;QACzE,gCAAgC;QAChC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;QAC1D,MAAM,OAAO,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAClD,CAAC;IAED;;;;;;;OAOG;IACK,KAAK,CAAC,oBAAoB,CAAC,GAAQ,EAAE,GAAmB;QAC9D,+FAA+F;QAC/F,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAClC,iEAAiE,CAClE,CAAC;QAEF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,EAAE,CAAC;YACV,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC,UAAU,CAAC,CAAC;QAEhE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,EAAE,CAAC;YACV,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC;YACnD,MAAM,YAAY,GAAG,GAAG,cAAc,uCAAuC,CAAC;YAE9E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,YAAY,EAAE;gBACzC,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;gBACvC,QAAQ,EAAE,QAAQ;aACnB,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBAC/B,GAAG,CAAC,GAAG,EAAE,CAAC;gBACV,OAAO;YACT,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA6B,CAAC;YAElE,iEAAiE;YACjE,wDAAwD;YACxD,QAAQ,CAAC,QAAQ,GAAG,oBAAoB,IAAI,CAAC,IAAI,UAAU,kBAAkB,CAAC,UAAU,CAAC,MAAM,CAAC;YAEhG,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;;;;;;OAQG;IACK,KAAK,CAAC,kBAAkB,CAC9B,UAAkB;QAElB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAEjC,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB;YACE,IAAI,EAAE,gBAAgB,UAAU,EAAE;YAClC,OAAO,EAAE,OAAO;SACjB,EACD;YACE,YAAY,EAAE;gBACZ,KAAK,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE;aAC7B;SACF,CACF,CAAC;QAEF,6EAA6E;QAC7E,MAAM,CAAC,iBAAiB,CACtB,sBAAsB,EACtB,KAAK,IAA8B,EAAE;YACnC,MAAM,QAAQ,GAAG,SAAS,CAAC,YAAY,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAC1D,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAC;gBACzB,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;YACvB,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBACjD,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;YACjC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,SAAS,CAAC,GAAG,CAAC,6BAA6B,UAAU,KAAK,KAAK,EAAE,CAAC,CAAC;gBACnE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;YACvB,CAAC;QACH,CAAC,CACF,CAAC;QAEF,wEAAwE;QACxE,MAAM,CAAC,iBAAiB,CACtB,qBAAqB,EACrB,KAAK,EAAE,OAAO,EAA2B,EAAE;YACzC,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;YAC3D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAE7B,iCAAiC;YACjC,IAAI,SAAS,CAAC,aAAa,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,CAAC;gBAClD,SAAS,CAAC,cAAc,CAAC;oBACvB,UAAU;oBACV,QAAQ;oBACR,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;oBAClC,MAAM,EAAE,SAAS;oBACjB,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE;iBAC5C,CAAC,CAAC;gBAEH,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAM;4BACZ,IAAI,EAAE,QAAQ,UAAU,IAAI,QAAQ,oCAAoC;yBACzE;qBACF;iBACF,CAAC;YACJ,CAAC;YAED,MAAM,QAAQ,GAAG,SAAS,CAAC,YAAY,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAC1D,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAC;gBACzB,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAM;4BACZ,IAAI,EAAE,UAAU,UAAU,0EAA0E;yBACrG;qBACF;iBACF,CAAC;YACJ,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC;oBAC3C,IAAI,EAAE,QAAQ;oBACd,SAAS,EAAE,IAAI;iBAChB,CAAC,CAAC;gBACH,MAAM,WAAW,GAAG,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;oBACnD,UAAU,CACR,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,2BAA2B,oBAAoB,IAAI,CAAC,CAAC,EAC5E,oBAAoB,CACrB,CAAC;gBACJ,CAAC,CAAC,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC;gBAE9D,SAAS,CAAC,cAAc,CAAC;oBACvB,UAAU;oBACV,QAAQ;oBACR,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;oBAClC,MAAM,EAAE,SAAS;oBACjB,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE;iBAC5C,CAAC,CAAC;gBAEH,OAAO,MAAwB,CAAC;YAClC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAE5E,SAAS,CAAC,cAAc,CAAC;oBACvB,UAAU;oBACV,QAAQ;oBACR,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;oBAClC,MAAM,EAAE,OAAO;oBACf,YAAY;oBACZ,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE;iBAC5C,CAAC,CAAC;gBAEH,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAM;4BACZ,IAAI,EAAE,iBAAiB,UAAU,IAAI,QAAQ,KAAK,YAAY,EAAE;yBACjE;qBACF;iBACF,CAAC;YACJ,CAAC;QACH,CAAC,CACF,CAAC;QAEF,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;YAClD,kBAAkB,EAAE,GAAG,EAAE,CAAC,UAAU,EAAE;SACvC,CAAC,CAAC;QAEH,qDAAqD;QACrD,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;YACvB,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;gBACxB,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAEhC,MAAM,OAAO,GAAiB,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;QAEhE,qFAAqF;QACrF,sEAAsE;QACtE,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;YACxB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAClD,CAAC;QAED,kEAAkE;QAClE,MAAM,iBAAiB,GAAG,SAAS,CAAC,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAClE,SAAS,CAAC,aAAa,GAAG,KAAK,EAAE,GAAoB,EAAE,GAAmB,EAAE,IAAc,EAAE,EAAE;YAC5F,MAAM,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YACxC,IAAI,SAAS,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;gBACnE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAChD,SAAS,CAAC,GAAG,CAAC,+BAA+B,SAAS,CAAC,SAAS,OAAO,UAAU,EAAE,CAAC,CAAC;YACvF,CAAC;QACH,CAAC,CAAC;QAEF,OAAO,OAAO,CAAC;IACjB,CAAC;CACF"}

package/dist/index.d.ts

@@ -5,6 +5,9 @@
  * Proxies MCP servers and reports telemetry to Sonoma.
  */
 export { McpGateway } from "./gateway.js";
+export { isToolBlockedByPolicy, matchesToolPattern, getPatternSpecificity, isValidToolPattern } from "./pattern-matcher.js";
+export type { PolicyRuleForBlocking } from "./pattern-matcher.js";
+export { HttpProxyServer } from "./http-proxy.js";
 export { loadConfig, findClaudeDesktopConfig, createTestConfig, autoDetectConfig, getMcpConfigPaths, type McpConfigLocation } from "./config.js";
 export type { GatewayConfig, McpServerConfig, ToolCallEvent, ToolInfo, UpstreamServer, } from "./types.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,KAAK,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACjJ,YAAY,EACV,aAAa,EACb,eAAe,EACf,aAAa,EACb,QAAQ,EACR,cAAc,GACf,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC5H,YAAY,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,KAAK,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACjJ,YAAY,EACV,aAAa,EACb,eAAe,EACf,aAAa,EACb,QAAQ,EACR,cAAc,GACf,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -5,5 +5,7 @@
  * Proxies MCP servers and reports telemetry to Sonoma.
  */
 export { McpGateway } from "./gateway.js";
+export { isToolBlockedByPolicy, matchesToolPattern, getPatternSpecificity, isValidToolPattern } from "./pattern-matcher.js";
+export { HttpProxyServer } from "./http-proxy.js";
 export { loadConfig, findClaudeDesktopConfig, createTestConfig, autoDetectConfig, getMcpConfigPaths } from "./config.js";
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,iBAAiB,EAA0B,MAAM,aAAa,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE5H,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,iBAAiB,EAA0B,MAAM,aAAa,CAAC"}

package/dist/pattern-matcher.d.ts

@@ -44,4 +44,29 @@ export declare function getPatternSpecificity(pattern: string | null): number;
  * @returns true if the pattern is valid
  */
 export declare function isValidToolPattern(pattern: string): boolean;
+/**
+ * Policy rule shape used for tool blocking evaluation.
+ * Matches the PolicyRule type from sonoma-client but avoids circular imports.
+ */
+export interface PolicyRuleForBlocking {
+    identifier: string;
+    status: string;
+    toolPattern: string | null;
+    priority: number;
+}
+/**
+ * Pure-function implementation of tool-level policy blocking.
+ *
+ * Evaluates a list of policy rules against a (serverName, toolName) pair
+ * to determine whether the tool call should be blocked.
+ *
+ * Resolution order:
+ * 1. Collect all rules whose identifier matches serverName, packageName, URL, or extra aliases.
+ * 2. For each rule, check if toolPattern matches (null = server-level).
+ * 3. Sort by priority (higher wins), then pattern specificity (more specific wins).
+ * 4. At the top priority/specificity level, deny wins (blocked takes precedence).
+ *
+ * @returns true if the tool is blocked, false if allowed
+ */
+export declare function isToolBlockedByPolicy(policyList: PolicyRuleForBlocking[], serverName: string, toolName: string, packageName?: string | null, url?: string | null, extraIdentifiers?: string[]): boolean;
 //# sourceMappingURL=pattern-matcher.d.ts.map

package/dist/pattern-matcher.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"pattern-matcher.d.ts","sourceRoot":"","sources":["../src/pattern-matcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;;;;;;;;;;;;GAaG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CA0B7E;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM,CAepE;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAW3D"}
+{"version":3,"file":"pattern-matcher.d.ts","sourceRoot":"","sources":["../src/pattern-matcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;;;;;;;;;;;;GAaG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CA0B7E;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM,CAepE;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAW3D;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,qBAAqB,CACnC,UAAU,EAAE,qBAAqB,EAAE,EACnC,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,EAC3B,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,EACnB,gBAAgB,CAAC,EAAE,MAAM,EAAE,GAC1B,OAAO,CAyDT"}

package/dist/pattern-matcher.js

@@ -95,4 +95,69 @@ export function isValidToolPattern(pattern) {
     const validPattern = /^[a-zA-Z0-9_\-*./]+$/;
     return validPattern.test(pattern);
 }
+/**
+ * Pure-function implementation of tool-level policy blocking.
+ *
+ * Evaluates a list of policy rules against a (serverName, toolName) pair
+ * to determine whether the tool call should be blocked.
+ *
+ * Resolution order:
+ * 1. Collect all rules whose identifier matches serverName, packageName, URL, or extra aliases.
+ * 2. For each rule, check if toolPattern matches (null = server-level).
+ * 3. Sort by priority (higher wins), then pattern specificity (more specific wins).
+ * 4. At the top priority/specificity level, deny wins (blocked takes precedence).
+ *
+ * @returns true if the tool is blocked, false if allowed
+ */
+export function isToolBlockedByPolicy(policyList, serverName, toolName, packageName, url, extraIdentifiers) {
+    // Build set of identifiers: packageName, server name, URL, and aliases
+    const serverIdentifiers = new Set();
+    if (packageName)
+        serverIdentifiers.add(packageName);
+    serverIdentifiers.add(serverName);
+    if (url)
+        serverIdentifiers.add(url);
+    if (extraIdentifiers) {
+        for (const id of extraIdentifiers)
+            serverIdentifiers.add(id);
+    }
+    // Find all matching rules (server-level and tool-level)
+    const matchingRules = policyList.filter((rule) => {
+        // Check if server identifier matches (or rule is global with "*")
+        const serverMatches = serverIdentifiers.has(rule.identifier) || rule.identifier === "*";
+        if (!serverMatches)
+            return false;
+        // Check tool pattern match
+        if (!rule.toolPattern) {
+            // Server-level rule - applies to all tools on this server
+            return true;
+        }
+        // Tool-level rule - check if pattern matches the tool name
+        return matchesToolPattern(toolName, rule.toolPattern);
+    });
+    // No matching rules = not blocked (unlisted servers are allowed)
+    if (matchingRules.length === 0) {
+        return false;
+    }
+    // Sort rules by priority (higher first), then by pattern specificity (more specific first)
+    const sortedRules = [...matchingRules].sort((a, b) => {
+        // First sort by explicit priority (higher wins)
+        if (a.priority !== b.priority)
+            return b.priority - a.priority;
+        // Then by pattern specificity (more specific wins)
+        const specA = getPatternSpecificity(a.toolPattern);
+        const specB = getPatternSpecificity(b.toolPattern);
+        return specB - specA;
+    });
+    // Get the highest priority rule
+    const topRule = sortedRules[0];
+    // Find if there's a deny rule at the same priority level
+    const topPriority = topRule.priority;
+    const topSpecificity = getPatternSpecificity(topRule.toolPattern);
+    const denyAtTopLevel = sortedRules.find((r) => r.status === "blocked" &&
+        r.priority === topPriority &&
+        getPatternSpecificity(r.toolPattern) === topSpecificity);
+    // Block if any matching rule says "blocked" (deny wins at same priority)
+    return !!denyAtTopLevel;
+}
 //# sourceMappingURL=pattern-matcher.js.map

package/dist/pattern-matcher.js.map

@@ -1 +1 @@
-{"version":3,"file":"pattern-matcher.js","sourceRoot":"","sources":["../src/pattern-matcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAgB,EAAE,OAAe;IAClE,0BAA0B;IAC1B,IAAI,OAAO,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAEtC,0CAA0C;IAC1C,IAAI,OAAO,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAEjC,wEAAwE;IACxE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAEzC,gCAAgC;IAChC,2CAA2C;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC9D,qCAAqC;IACrC,MAAM,YAAY,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC;IAEzD,IAAI,CAAC;QACH,yFAAyF;QACzF,8FAA8F;QAC9F,gGAAgG;QAChG,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC;QACvC,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,gDAAgD;QAChD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAsB;IAC1D,sCAAsC;IACtC,IAAI,CAAC,OAAO;QAAE,OAAO,CAAC,CAAC;IAEvB,qBAAqB;IACrB,IAAI,OAAO,KAAK,GAAG;QAAE,OAAO,CAAC,CAAC;IAE9B,yEAAyE;IACzE,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC;QAC5D,OAAO,EAAE,GAAG,iBAAiB,CAAC;IAChC,CAAC;IAED,6CAA6C;IAC7C,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,6BAA6B;IAC7B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IAEpD,+BAA+B;IAC/B,IAAI,OAAO,CAAC,MAAM,GAAG,GAAG;QAAE,OAAO,KAAK,CAAC;IAEvC,+CAA+C;IAC/C,qEAAqE;IACrE,MAAM,YAAY,GAAG,sBAAsB,CAAC;IAC5C,OAAO,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACpC,CAAC"}
+{"version":3,"file":"pattern-matcher.js","sourceRoot":"","sources":["../src/pattern-matcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAgB,EAAE,OAAe;IAClE,0BAA0B;IAC1B,IAAI,OAAO,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAEtC,0CAA0C;IAC1C,IAAI,OAAO,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAEjC,wEAAwE;IACxE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAEzC,gCAAgC;IAChC,2CAA2C;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC9D,qCAAqC;IACrC,MAAM,YAAY,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC;IAEzD,IAAI,CAAC;QACH,yFAAyF;QACzF,8FAA8F;QAC9F,gGAAgG;QAChG,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC;QACvC,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,gDAAgD;QAChD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAsB;IAC1D,sCAAsC;IACtC,IAAI,CAAC,OAAO;QAAE,OAAO,CAAC,CAAC;IAEvB,qBAAqB;IACrB,IAAI,OAAO,KAAK,GAAG;QAAE,OAAO,CAAC,CAAC;IAE9B,yEAAyE;IACzE,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC;QAC5D,OAAO,EAAE,GAAG,iBAAiB,CAAC;IAChC,CAAC;IAED,6CAA6C;IAC7C,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,6BAA6B;IAC7B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IAEpD,+BAA+B;IAC/B,IAAI,OAAO,CAAC,MAAM,GAAG,GAAG;QAAE,OAAO,KAAK,CAAC;IAEvC,+CAA+C;IAC/C,qEAAqE;IACrE,MAAM,YAAY,GAAG,sBAAsB,CAAC;IAC5C,OAAO,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACpC,CAAC;AAaD;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,qBAAqB,CACnC,UAAmC,EACnC,UAAkB,EAClB,QAAgB,EAChB,WAA2B,EAC3B,GAAmB,EACnB,gBAA2B;IAE3B,uEAAuE;IACvE,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC5C,IAAI,WAAW;QAAE,iBAAiB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACpD,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAClC,IAAI,GAAG;QAAE,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,gBAAgB,EAAE,CAAC;QACrB,KAAK,MAAM,EAAE,IAAI,gBAAgB;YAAE,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,wDAAwD;IACxD,MAAM,aAAa,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE;QAC/C,kEAAkE;QAClE,MAAM,aAAa,GACjB,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,UAAU,KAAK,GAAG,CAAC;QACpE,IAAI,CAAC,aAAa;YAAE,OAAO,KAAK,CAAC;QAEjC,2BAA2B;QAC3B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,0DAA0D;YAC1D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,2DAA2D;QAC3D,OAAO,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,iEAAiE;IACjE,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,2FAA2F;IAC3F,MAAM,WAAW,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACnD,gDAAgD;QAChD,IAAI,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,QAAQ;YAAE,OAAO,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC;QAC9D,mDAAmD;QACnD,MAAM,KAAK,GAAG,qBAAqB,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QACnD,MAAM,KAAK,GAAG,qBAAqB,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QACnD,OAAO,KAAK,GAAG,KAAK,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,gCAAgC;IAChC,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAE/B,yDAAyD;IACzD,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IACrC,MAAM,cAAc,GAAG,qBAAqB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAClE,MAAM,cAAc,GAAG,WAAW,CAAC,IAAI,CACrC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,MAAM,KAAK,SAAS;QACtB,CAAC,CAAC,QAAQ,KAAK,WAAW;QAC1B,qBAAqB,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,cAAc,CAC1D,CAAC;IAEF,yEAAyE;IACzE,OAAO,CAAC,CAAC,cAAc,CAAC;AAC1B,CAAC"}

package/dist/prompt-guard.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Prompt Guard Evaluator (standalone, no server-side imports)
+ *
+ * Evaluates prompt guards against tool call content using in-memory
+ * regex matching. Used by the remote gateway to enforce guards synced
+ * from the policy endpoint.
+ */
+import type { PromptGuardRule } from "./sonoma-client.js";
+export interface PromptGuardEvaluation {
+    blocked: boolean;
+    blockReason: string | null;
+    results: Array<{
+        guardId: string;
+        guardName: string;
+        action: "block" | "warn" | "log";
+        reason: string;
+    }>;
+}
+/**
+ * Evaluate prompt guards against serialized tool call content.
+ * Filters to only guards that run on the remote gateway.
+ */
+export declare function evaluatePromptGuards(guards: PromptGuardRule[], content: string): PromptGuardEvaluation;
+//# sourceMappingURL=prompt-guard.d.ts.map

package/dist/prompt-guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt-guard.d.ts","sourceRoot":"","sources":["../src/prompt-guard.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAE1D,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,OAAO,EAAE,KAAK,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;QACjC,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC,CAAC;CACJ;AA+ID;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,eAAe,EAAE,EACzB,OAAO,EAAE,MAAM,GACd,qBAAqB,CA0BvB"}