@sovr/sql-proxy 2.0.0 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/{index.cjs → dist/index.cjs} +1 -1
  2. package/dist/index.js +803 -0
  3. package/package.json +8 -12
  4. package/index.js +0 -10
  5. /package/{index.d.ts → dist/index.d.ts} +0 -0
package/{index.cjs → dist/index.cjs} RENAMED
@@ -27,7 +27,7 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
27
27
  ));
28
28
  var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
29
29
 
30
- // src/index.ts
30
+ // ../sovr/packages/@sovr/proxy-sql/src/index.ts
31
31
  var index_exports = {};
32
32
  __export(index_exports, {
33
33
  SqlProxy: () => SqlProxy,
package/dist/index.js ADDED
@@ -0,0 +1,803 @@
1
+ // ../sovr/packages/@sovr/proxy-sql/src/index.ts
2
+ import * as net from "net";
3
+ import { EventEmitter } from "events";
4
+ var PROXY_SQL_VERSION = "2.0.0";
5
+ var VERSION_CHECK_URL = "https://api.sovr.inc/api/sovr/v1/version/check";
6
+ var DEFAULT_METERING_ENDPOINT = "https://sovr-ai-mkzgqqeh.manus.space/api/v1/metering/batch";
7
+ var IRREVERSIBLE_SQL_REGEX = /^(DELETE|DROP|TRUNCATE|ALTER|UPDATE|INSERT|CREATE|GRANT|REVOKE|COPY)$/i;
8
+ var SQL_INJECTION_PATTERNS = [
9
+ { name: "union_injection", pattern: /\bUNION\s+(ALL\s+)?SELECT\b/i, severity: "critical" },
10
+ { name: "tautology", pattern: /\bOR\s+['"]?\d+['"]?\s*=\s*['"]?\d+['"]?/i, severity: "high" },
11
+ { name: "tautology_string", pattern: /\bOR\s+['"][^'"]*['"]\s*=\s*['"][^'"]*['"]/i, severity: "high" },
12
+ { name: "comment_injection", pattern: /--\s*$|\/\*.*\*\//i, severity: "high" },
13
+ { name: "stacked_queries", pattern: /;\s*(DROP|DELETE|UPDATE|INSERT|ALTER|TRUNCATE|GRANT|REVOKE)\b/i, severity: "critical" },
14
+ { name: "sleep_injection", pattern: /\b(SLEEP|WAITFOR|BENCHMARK|PG_SLEEP)\s*\(/i, severity: "critical" },
15
+ { name: "information_schema", pattern: /\bINFORMATION_SCHEMA\b/i, severity: "high" },
16
+ { name: "hex_encoding", pattern: /0x[0-9a-fA-F]{8,}/i, severity: "high" },
17
+ { name: "char_encoding", pattern: /\bCHR\s*\(\s*\d+\s*\)/i, severity: "high" },
18
+ { name: "load_file", pattern: /\b(LOAD_FILE|INTO\s+OUTFILE|INTO\s+DUMPFILE)\b/i, severity: "critical" }
19
+ ];
20
+ function parseSQL(sql) {
21
+ const trimmed = sql.trim();
22
+ const normalized = trimmed.replace(/\s+/g, " ").toUpperCase();
23
+ const isMultiStatement = trimmed.split(";").filter((s) => s.trim().length > 0).length > 1;
24
+ const type = classifyStatement(normalized);
25
+ const tables = extractTables(normalized, type);
26
+ const hasWhereClause = checkWhereClause(normalized, type);
27
+ return {
28
+ type,
29
+ tables,
30
+ hasWhereClause,
31
+ isMultiStatement,
32
+ raw: trimmed
33
+ };
34
+ }
35
+ function classifyStatement(sql) {
36
+ const first = sql.split(/\s/)[0];
37
+ switch (first) {
38
+ case "SELECT":
39
+ return "SELECT";
40
+ case "INSERT":
41
+ return "INSERT";
42
+ case "UPDATE":
43
+ return "UPDATE";
44
+ case "DELETE":
45
+ return "DELETE";
46
+ case "DROP":
47
+ return "DROP";
48
+ case "ALTER":
49
+ return "ALTER";
50
+ case "TRUNCATE":
51
+ return "TRUNCATE";
52
+ case "CREATE":
53
+ return "CREATE";
54
+ case "GRANT":
55
+ return "GRANT";
56
+ case "REVOKE":
57
+ return "REVOKE";
58
+ case "BEGIN":
59
+ case "START":
60
+ return "BEGIN";
61
+ case "COMMIT":
62
+ return "COMMIT";
63
+ case "ROLLBACK":
64
+ return "ROLLBACK";
65
+ case "SET":
66
+ return "SET";
67
+ case "SHOW":
68
+ return "SHOW";
69
+ case "EXPLAIN":
70
+ return "EXPLAIN";
71
+ case "COPY":
72
+ return "COPY";
73
+ default:
74
+ return "OTHER";
75
+ }
76
+ }
77
+ function extractTables(sql, type) {
78
+ const tables = [];
79
+ try {
80
+ switch (type) {
81
+ case "SELECT": {
82
+ const fromMatch = sql.match(/\bFROM\s+([A-Z0-9_."]+(?:\s*,\s*[A-Z0-9_."]+)*)/);
83
+ if (fromMatch) {
84
+ tables.push(
85
+ ...fromMatch[1].split(",").map((t) => t.trim().replace(/"/g, "").split(/\s/)[0])
86
+ );
87
+ }
88
+ const joinMatches = sql.matchAll(/\bJOIN\s+([A-Z0-9_."]+)/g);
89
+ for (const m of joinMatches) {
90
+ tables.push(m[1].replace(/"/g, ""));
91
+ }
92
+ break;
93
+ }
94
+ case "INSERT": {
95
+ const intoMatch = sql.match(/\bINTO\s+([A-Z0-9_."]+)/);
96
+ if (intoMatch) tables.push(intoMatch[1].replace(/"/g, ""));
97
+ break;
98
+ }
99
+ case "UPDATE": {
100
+ const updateMatch = sql.match(/\bUPDATE\s+([A-Z0-9_."]+)/);
101
+ if (updateMatch) tables.push(updateMatch[1].replace(/"/g, ""));
102
+ break;
103
+ }
104
+ case "DELETE": {
105
+ const deleteFromMatch = sql.match(/\bFROM\s+([A-Z0-9_."]+)/);
106
+ if (deleteFromMatch) tables.push(deleteFromMatch[1].replace(/"/g, ""));
107
+ break;
108
+ }
109
+ case "DROP": {
110
+ const dropMatch = sql.match(/\bDROP\s+(?:TABLE|INDEX|VIEW|SCHEMA|DATABASE)\s+(?:IF\s+EXISTS\s+)?([A-Z0-9_."]+)/);
111
+ if (dropMatch) tables.push(dropMatch[1].replace(/"/g, ""));
112
+ break;
113
+ }
114
+ case "ALTER": {
115
+ const alterMatch = sql.match(/\bALTER\s+TABLE\s+([A-Z0-9_."]+)/);
116
+ if (alterMatch) tables.push(alterMatch[1].replace(/"/g, ""));
117
+ break;
118
+ }
119
+ case "TRUNCATE": {
120
+ const truncMatch = sql.match(/\bTRUNCATE\s+(?:TABLE\s+)?([A-Z0-9_."]+)/);
121
+ if (truncMatch) tables.push(truncMatch[1].replace(/"/g, ""));
122
+ break;
123
+ }
124
+ case "CREATE": {
125
+ const createMatch = sql.match(/\bCREATE\s+(?:TABLE|INDEX|VIEW|SCHEMA|DATABASE)\s+(?:IF\s+NOT\s+EXISTS\s+)?([A-Z0-9_."]+)/);
126
+ if (createMatch) tables.push(createMatch[1].replace(/"/g, ""));
127
+ break;
128
+ }
129
+ case "COPY": {
130
+ const copyMatch = sql.match(/\bCOPY\s+([A-Z0-9_."]+)/);
131
+ if (copyMatch) tables.push(copyMatch[1].replace(/"/g, ""));
132
+ break;
133
+ }
134
+ }
135
+ } catch {
136
+ }
137
+ return tables.map((t) => t.toLowerCase()).filter(Boolean);
138
+ }
139
+ function checkWhereClause(sql, type) {
140
+ if (type === "SELECT" || type === "UPDATE" || type === "DELETE") {
141
+ return /\bWHERE\b/.test(sql);
142
+ }
143
+ return true;
144
+ }
145
+ function detectSqlInjection(sql) {
146
+ const matched = [];
147
+ let maxSeverity = "none";
148
+ for (const { name, pattern, severity } of SQL_INJECTION_PATTERNS) {
149
+ if (pattern.test(sql)) {
150
+ matched.push(name);
151
+ if (severity === "critical" || severity === "high" && maxSeverity === "none") {
152
+ maxSeverity = severity;
153
+ }
154
+ }
155
+ }
156
+ return {
157
+ detected: matched.length > 0,
158
+ patterns: matched,
159
+ severity: maxSeverity
160
+ };
161
+ }
162
+ var PG_MSG = {
163
+ QUERY: "Q".charCodeAt(0),
164
+ PARSE: "P".charCodeAt(0),
165
+ BIND: "B".charCodeAt(0),
166
+ EXECUTE: "E".charCodeAt(0),
167
+ TERMINATE: "X".charCodeAt(0),
168
+ ERROR_RESPONSE: "E".charCodeAt(0),
169
+ READY_FOR_QUERY: "Z".charCodeAt(0),
170
+ ROW_DESCRIPTION: "T".charCodeAt(0),
171
+ DATA_ROW: "D".charCodeAt(0),
172
+ COMMAND_COMPLETE: "C".charCodeAt(0),
173
+ AUTHENTICATION: "R".charCodeAt(0),
174
+ PARAMETER_STATUS: "S".charCodeAt(0),
175
+ BACKEND_KEY_DATA: "K".charCodeAt(0),
176
+ NOTICE_RESPONSE: "N".charCodeAt(0)
177
+ };
178
+ function buildPgErrorResponse(severity, code, message) {
179
+ const fields = [];
180
+ fields.push(Buffer.from("S"));
181
+ fields.push(Buffer.from(severity + "\0"));
182
+ fields.push(Buffer.from("V"));
183
+ fields.push(Buffer.from(severity + "\0"));
184
+ fields.push(Buffer.from("C"));
185
+ fields.push(Buffer.from(code + "\0"));
186
+ fields.push(Buffer.from("M"));
187
+ fields.push(Buffer.from(message + "\0"));
188
+ fields.push(Buffer.from("\0"));
189
+ const body = Buffer.concat(fields);
190
+ const header = Buffer.alloc(5);
191
+ header[0] = PG_MSG.ERROR_RESPONSE;
192
+ header.writeInt32BE(body.length + 4, 1);
193
+ return Buffer.concat([header, body]);
194
+ }
195
+ function buildPgReadyForQuery(status = "I") {
196
+ const buf = Buffer.alloc(6);
197
+ buf[0] = PG_MSG.READY_FOR_QUERY;
198
+ buf.writeInt32BE(5, 1);
199
+ buf[5] = status.charCodeAt(0);
200
+ return buf;
201
+ }
202
+ function extractQueryFromPgMessage(data) {
203
+ if (data.length < 5) return null;
204
+ if (data[0] !== PG_MSG.QUERY) return null;
205
+ const len = data.readInt32BE(1);
206
+ const sql = data.subarray(5, 1 + len - 1).toString("utf8");
207
+ return sql;
208
+ }
209
+ function extractQueryFromPgParse(data) {
210
+ if (data.length < 5) return null;
211
+ if (data[0] !== PG_MSG.PARSE) return null;
212
+ let offset = 5;
213
+ while (offset < data.length && data[offset] !== 0) offset++;
214
+ offset++;
215
+ const start = offset;
216
+ while (offset < data.length && data[offset] !== 0) offset++;
217
+ const sql = data.subarray(start, offset).toString("utf8");
218
+ return sql;
219
+ }
220
+ var SqlProxy = class extends EventEmitter {
221
+ engine;
222
+ apiKey;
223
+ listenPort;
224
+ listenHost;
225
+ targetHost;
226
+ targetPort;
227
+ actorId;
228
+ verbose;
229
+ onBlocked;
230
+ onEvaluated;
231
+ server = null;
232
+ // v2.0: Table ACL
233
+ tableWhitelist;
234
+ tableBlacklist;
235
+ sqlInjectionDetection;
236
+ // v2.0: Billing Reporter
237
+ billingEnabled;
238
+ billingEndpoint;
239
+ billingBuffer = [];
240
+ billingFlushTimer = null;
241
+ BILLING_FLUSH_INTERVAL;
242
+ BILLING_BUFFER_MAX;
243
+ stats;
244
+ constructor(config) {
245
+ super();
246
+ const apiKey = config.apiKey || process.env.SOVR_API_KEY || "";
247
+ if (!apiKey) {
248
+ throw new Error(
249
+ "\n\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\n\u2551 SOVR API KEY REQUIRED \u2551\n\u2560\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2563\n\u2551 @sovr/proxy-sql requires a valid API key to operate. \u2551\n\u2551 \u2551\n\u2551 Without a valid API key: \u2551\n\u2551 \u2022 No billing events can be reported \u2551\n\u2551 \u2022 No quota can be verified \u2551\n\u2551 \u2022 No metering data is recorded \u2551\n\u2551 \u2022 Proxy will NOT start \u2551\n\u2551 \u2551\n\u2551 Get your key: \u2551\n\u2551 1. Register at: https://sovr.inc/register \u2551\n\u2551 2. Dashboard: https://sovr.inc/dashboard/api-keys \u2551\n\u2551 3. Pass apiKey in config or set SOVR_API_KEY env var \u2551\n\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D\n"
250
+ );
251
+ }
252
+ this.apiKey = apiKey;
253
+ this._checkVersion(apiKey);
254
+ this.engine = config.engine;
255
+ this.listenPort = config.listenPort;
256
+ this.listenHost = config.listenHost ?? "127.0.0.1";
257
+ this.targetHost = config.targetHost;
258
+ this.targetPort = config.targetPort;
259
+ this.actorId = config.actorId ?? "sql-proxy";
260
+ this.verbose = config.verbose ?? false;
261
+ this.onBlocked = config.onBlocked;
262
+ this.onEvaluated = config.onEvaluated;
263
+ this.tableWhitelist = config.tableWhitelist ? new Set(config.tableWhitelist.map((t) => t.toLowerCase())) : null;
264
+ this.tableBlacklist = new Set(
265
+ (config.tableBlacklist ?? []).map((t) => t.toLowerCase())
266
+ );
267
+ this.sqlInjectionDetection = config.sqlInjectionDetection !== false;
268
+ const billing = config.billing ?? {};
269
+ this.billingEnabled = billing.enabled !== false;
270
+ this.billingEndpoint = billing.meteringEndpoint ?? DEFAULT_METERING_ENDPOINT;
271
+ this.BILLING_FLUSH_INTERVAL = billing.flushIntervalMs ?? 1e4;
272
+ this.BILLING_BUFFER_MAX = billing.bufferMax ?? 500;
273
+ this.stats = {
274
+ totalQueries: 0,
275
+ allowedQueries: 0,
276
+ blockedQueries: 0,
277
+ escalatedQueries: 0,
278
+ activeConnections: 0,
279
+ startedAt: 0,
280
+ injectionBlocks: 0,
281
+ tableAclBlocks: 0,
282
+ billingEventsReported: 0,
283
+ billingEventsDropped: 0,
284
+ billingBufferSize: 0,
285
+ billingByType: {
286
+ "gate.check": 0,
287
+ "gate.block": 0,
288
+ "irreversible.allowed": 0,
289
+ "trust_bundle.issued": 0,
290
+ "trust_bundle.exported": 0,
291
+ "replay.requested": 0,
292
+ "auditor.session": 0
293
+ }
294
+ };
295
+ }
296
+ // ============================================================================
297
+ // Lifecycle
298
+ // ============================================================================
299
+ /**
300
+ * Start the SQL proxy server + billing reporter.
301
+ */
302
+ async start() {
303
+ return new Promise((resolve, reject) => {
304
+ this.server = net.createServer((clientSocket) => {
305
+ this.handleConnection(clientSocket);
306
+ });
307
+ this.server.on("error", (err) => {
308
+ this.emit("error", err);
309
+ reject(err);
310
+ });
311
+ this.server.listen(this.listenPort, this.listenHost, () => {
312
+ this.stats.startedAt = Date.now();
313
+ if (this.billingEnabled) {
314
+ this.initBillingReporter();
315
+ }
316
+ if (this.verbose) {
317
+ process.stderr.write(
318
+ `[sovr-sql-proxy] v${PROXY_SQL_VERSION} listening on ${this.listenHost}:${this.listenPort} \u2192 ${this.targetHost}:${this.targetPort}
319
+ [sovr-sql-proxy] API Key: ${this.apiKey.slice(0, 8)}...${this.apiKey.slice(-4)}
320
+ [sovr-sql-proxy] Billing: ${this.billingEnabled ? "ENABLED" : "DISABLED"}
321
+ [sovr-sql-proxy] SQL Injection Detection: ${this.sqlInjectionDetection ? "ENABLED" : "DISABLED"}
322
+ [sovr-sql-proxy] Table Whitelist: ${this.tableWhitelist ? `${this.tableWhitelist.size} tables` : "OFF"}
323
+ [sovr-sql-proxy] Table Blacklist: ${this.tableBlacklist.size} tables
324
+ `
325
+ );
326
+ }
327
+ this.emit("listening");
328
+ resolve();
329
+ });
330
+ });
331
+ }
332
+ /**
333
+ * Stop the SQL proxy server + flush remaining billing events.
334
+ */
335
+ async stop() {
336
+ if (this.billingFlushTimer) {
337
+ clearInterval(this.billingFlushTimer);
338
+ this.billingFlushTimer = null;
339
+ }
340
+ await this.flushBillingBuffer().catch(() => {
341
+ });
342
+ return new Promise((resolve) => {
343
+ if (this.server) {
344
+ this.server.close(() => resolve());
345
+ } else {
346
+ resolve();
347
+ }
348
+ });
349
+ }
350
+ /**
351
+ * Get proxy statistics (including billing stats).
352
+ */
353
+ getStats() {
354
+ return {
355
+ ...this.stats,
356
+ billingBufferSize: this.billingBuffer.length
357
+ };
358
+ }
359
+ // ============================================================================
360
+ // v2.0: Billing Reporter
361
+ // 7 event types: gate.check, gate.block, irreversible.allowed,
362
+ // trust_bundle.issued, trust_bundle.exported, replay.requested, auditor.session
363
+ // ============================================================================
364
+ initBillingReporter() {
365
+ this.billingFlushTimer = setInterval(() => {
366
+ this.flushBillingBuffer().catch(() => {
367
+ });
368
+ }, this.BILLING_FLUSH_INTERVAL);
369
+ if (this.verbose) {
370
+ this.log(`Billing reporter initialized: flush every ${this.BILLING_FLUSH_INTERVAL}ms, buffer max ${this.BILLING_BUFFER_MAX}`);
371
+ }
372
+ }
373
+ /**
374
+ * Record a billing event into the buffer.
375
+ * Fire-and-forget — never blocks the main request flow.
376
+ */
377
+ recordBillingEvent(event_type, action, resource, verdict, metadata) {
378
+ if (!this.billingEnabled) return;
379
+ this.billingBuffer.push({
380
+ event_type,
381
+ action,
382
+ resource,
383
+ verdict,
384
+ api_key: this.apiKey,
385
+ timestamp: Date.now(),
386
+ metadata
387
+ });
388
+ this.stats.billingByType[event_type] = (this.stats.billingByType[event_type] || 0) + 1;
389
+ if (this.billingBuffer.length >= this.BILLING_BUFFER_MAX) {
390
+ this.flushBillingBuffer().catch(() => {
391
+ });
392
+ }
393
+ }
394
+ /**
395
+ * Flush billing buffer to the metering endpoint.
396
+ * Batch POST — fire-and-forget with re-queue on failure.
397
+ */
398
+ async flushBillingBuffer() {
399
+ if (this.billingBuffer.length === 0) return;
400
+ const batch = this.billingBuffer.splice(0, this.BILLING_BUFFER_MAX);
401
+ try {
402
+ const response = await globalThis.fetch(this.billingEndpoint, {
403
+ method: "POST",
404
+ headers: {
405
+ "Content-Type": "application/json",
406
+ "Authorization": `Bearer ${this.apiKey}`,
407
+ "X-SOVR-Source": "proxy-sql",
408
+ "X-SOVR-Version": PROXY_SQL_VERSION
409
+ },
410
+ body: JSON.stringify({ events: batch }),
411
+ signal: AbortSignal.timeout(5e3)
412
+ });
413
+ if (response.ok) {
414
+ this.stats.billingEventsReported += batch.length;
415
+ if (this.verbose) {
416
+ this.log(`Billing: flushed ${batch.length} events (total reported: ${this.stats.billingEventsReported})`);
417
+ }
418
+ } else {
419
+ throw new Error(`HTTP ${response.status}`);
420
+ }
421
+ } catch {
422
+ if (this.billingBuffer.length < this.BILLING_BUFFER_MAX * 2) {
423
+ this.billingBuffer.unshift(...batch);
424
+ } else {
425
+ this.stats.billingEventsDropped += batch.length;
426
+ }
427
+ }
428
+ }
429
+ /**
430
+ * Classify a gate-check result into the appropriate billing event type.
431
+ * Key pricing principle: "放行的不可逆动作" is the highest-price tax base.
432
+ */
433
+ classifyBillingEvent(statementType, verdict) {
434
+ if (verdict === "deny" || verdict === "block") {
435
+ return "gate.block";
436
+ }
437
+ if ((verdict === "allow" || verdict === "approve") && IRREVERSIBLE_SQL_REGEX.test(statementType)) {
438
+ return "irreversible.allowed";
439
+ }
440
+ return "gate.check";
441
+ }
442
+ /**
443
+ * Record billing event from a policy engine evaluation result.
444
+ * Automatically classifies the event type based on statement type + verdict.
445
+ */
446
+ recordGateCheckBilling(statementType, tables, decision, extraMetadata) {
447
+ const eventType = this.classifyBillingEvent(statementType, decision.verdict);
448
+ this.recordBillingEvent(eventType, statementType, tables.join(",") || "*", decision.verdict, {
449
+ risk_score: decision.risk_score,
450
+ risk_level: decision.risk_level,
451
+ decision_id: decision.decision_id,
452
+ matched_rules: decision.matched_rules?.length ?? 0,
453
+ tables,
454
+ ...extraMetadata
455
+ });
456
+ }
457
+ // ============================================================================
458
+ // v2.0: Table ACL (Whitelist / Blacklist)
459
+ // ============================================================================
460
+ /**
461
+ * Check if the queried tables pass the ACL check.
462
+ * Returns null if allowed, or a reason string if blocked.
463
+ */
464
+ checkTableAcl(tables) {
465
+ if (tables.length === 0) return null;
466
+ for (const table of tables) {
467
+ if (this.tableBlacklist.has(table)) {
468
+ return `Table '${table}' is in the blacklist`;
469
+ }
470
+ }
471
+ if (this.tableWhitelist) {
472
+ for (const table of tables) {
473
+ if (!this.tableWhitelist.has(table)) {
474
+ return `Table '${table}' is not in the whitelist`;
475
+ }
476
+ }
477
+ }
478
+ return null;
479
+ }
480
+ // ============================================================================
481
+ // Connection Handler
482
+ // ============================================================================
483
+ handleConnection(clientSocket) {
484
+ this.stats.activeConnections++;
485
+ const backendSocket = net.createConnection({
486
+ host: this.targetHost,
487
+ port: this.targetPort
488
+ });
489
+ let startupComplete = false;
490
+ let clientBuffer = Buffer.alloc(0);
491
+ clientSocket.on("data", (data) => {
492
+ if (!startupComplete) {
493
+ backendSocket.write(data);
494
+ return;
495
+ }
496
+ clientBuffer = Buffer.concat([clientBuffer, data]);
497
+ this.processClientData(clientBuffer, clientSocket, backendSocket);
498
+ clientBuffer = Buffer.alloc(0);
499
+ });
500
+ backendSocket.on("data", (data) => {
501
+ if (!startupComplete) {
502
+ for (let i = 0; i < data.length - 5; i++) {
503
+ if (data[i] === PG_MSG.READY_FOR_QUERY) {
504
+ const len = data.readInt32BE(i + 1);
505
+ if (len === 5) {
506
+ startupComplete = true;
507
+ if (this.verbose) {
508
+ process.stderr.write("[sovr-sql-proxy] Authentication complete, intercepting queries\n");
509
+ }
510
+ break;
511
+ }
512
+ }
513
+ }
514
+ }
515
+ clientSocket.write(data);
516
+ });
517
+ const cleanup = () => {
518
+ this.stats.activeConnections--;
519
+ clientSocket.destroy();
520
+ backendSocket.destroy();
521
+ };
522
+ clientSocket.on("end", cleanup);
523
+ clientSocket.on("error", cleanup);
524
+ backendSocket.on("end", cleanup);
525
+ backendSocket.on("error", cleanup);
526
+ }
527
+ // ============================================================================
528
+ // Query Interception
529
+ // ============================================================================
530
+ processClientData(data, clientSocket, backendSocket) {
531
+ if (data.length < 5) {
532
+ backendSocket.write(data);
533
+ return;
534
+ }
535
+ const msgType = data[0];
536
+ if (msgType !== PG_MSG.QUERY && msgType !== PG_MSG.PARSE) {
537
+ backendSocket.write(data);
538
+ return;
539
+ }
540
+ let sql = null;
541
+ if (msgType === PG_MSG.QUERY) {
542
+ sql = extractQueryFromPgMessage(data);
543
+ } else if (msgType === PG_MSG.PARSE) {
544
+ sql = extractQueryFromPgParse(data);
545
+ }
546
+ if (!sql || sql.trim().length === 0) {
547
+ backendSocket.write(data);
548
+ return;
549
+ }
550
+ const parsed = parseSQL(sql);
551
+ let injectionResult;
552
+ if (this.sqlInjectionDetection) {
553
+ injectionResult = detectSqlInjection(sql);
554
+ if (injectionResult.detected) {
555
+ this.stats.totalQueries++;
556
+ this.stats.blockedQueries++;
557
+ this.stats.injectionBlocks++;
558
+ const blockDecision = {
559
+ decision_id: `dec_injection_${Date.now().toString(36)}`,
560
+ verdict: "deny",
561
+ allowed: false,
562
+ risk_score: 100,
563
+ risk_level: "critical",
564
+ requires_approval: false,
565
+ reason: `SQL injection detected: ${injectionResult.patterns.join(", ")} (severity: ${injectionResult.severity})`,
566
+ matched_rules: [],
567
+ channel: "sql",
568
+ trace_id: `trace_sqli_${Date.now().toString(36)}`,
569
+ timestamp: Date.now()
570
+ };
571
+ const info2 = {
572
+ sql: sql.substring(0, 500),
573
+ statementType: parsed.type,
574
+ tables: parsed.tables,
575
+ decision: blockDecision,
576
+ timestamp: Date.now(),
577
+ injectionResult
578
+ };
579
+ this.recordGateCheckBilling(parsed.type, parsed.tables, blockDecision, {
580
+ block_reason: "sql_injection",
581
+ injection_patterns: injectionResult.patterns
582
+ });
583
+ const errorMsg = buildPgErrorResponse(
584
+ "ERROR",
585
+ "42501",
586
+ `SOVR: SQL injection detected \u2014 ${injectionResult.patterns.join(", ")} [${blockDecision.decision_id}]`
587
+ );
588
+ const readyMsg = buildPgReadyForQuery("I");
589
+ clientSocket.write(Buffer.concat([errorMsg, readyMsg]));
590
+ if (this.verbose) {
591
+ process.stderr.write(
592
+ `[sovr-sql-proxy] \x1B[31mINJECTION BLOCKED\x1B[0m: ${injectionResult.patterns.join(", ")} in ${parsed.type}
593
+ `
594
+ );
595
+ }
596
+ if (this.onBlocked) {
597
+ try {
598
+ this.onBlocked(info2);
599
+ } catch {
600
+ }
601
+ }
602
+ this.emit("injection_blocked", info2);
603
+ return;
604
+ }
605
+ }
606
+ const aclBlock = this.checkTableAcl(parsed.tables);
607
+ if (aclBlock) {
608
+ this.stats.totalQueries++;
609
+ this.stats.blockedQueries++;
610
+ this.stats.tableAclBlocks++;
611
+ const blockDecision = {
612
+ decision_id: `dec_acl_${Date.now().toString(36)}`,
613
+ verdict: "deny",
614
+ allowed: false,
615
+ risk_score: 90,
616
+ risk_level: "high",
617
+ requires_approval: false,
618
+ reason: `Table ACL violation: ${aclBlock}`,
619
+ matched_rules: [],
620
+ channel: "sql",
621
+ trace_id: `trace_acl_${Date.now().toString(36)}`,
622
+ timestamp: Date.now()
623
+ };
624
+ const info2 = {
625
+ sql: sql.substring(0, 500),
626
+ statementType: parsed.type,
627
+ tables: parsed.tables,
628
+ decision: blockDecision,
629
+ timestamp: Date.now()
630
+ };
631
+ this.recordGateCheckBilling(parsed.type, parsed.tables, blockDecision, {
632
+ block_reason: "table_acl",
633
+ acl_detail: aclBlock
634
+ });
635
+ const errorMsg = buildPgErrorResponse(
636
+ "ERROR",
637
+ "42501",
638
+ `SOVR: ${aclBlock} [${blockDecision.decision_id}]`
639
+ );
640
+ const readyMsg = buildPgReadyForQuery("I");
641
+ clientSocket.write(Buffer.concat([errorMsg, readyMsg]));
642
+ if (this.verbose) {
643
+ process.stderr.write(
644
+ `[sovr-sql-proxy] \x1B[33mACL BLOCKED\x1B[0m: ${aclBlock} \u2014 ${parsed.type} on ${parsed.tables.join(", ")}
645
+ `
646
+ );
647
+ }
648
+ if (this.onBlocked) {
649
+ try {
650
+ this.onBlocked(info2);
651
+ } catch {
652
+ }
653
+ }
654
+ this.emit("acl_blocked", info2);
655
+ return;
656
+ }
657
+ const decision = this.evaluateStatement(parsed);
658
+ this.stats.totalQueries++;
659
+ const info = {
660
+ sql: sql.substring(0, 500),
661
+ statementType: parsed.type,
662
+ tables: parsed.tables,
663
+ decision,
664
+ timestamp: Date.now(),
665
+ injectionResult
666
+ };
667
+ if (this.onEvaluated) {
668
+ try {
669
+ this.onEvaluated(info);
670
+ } catch {
671
+ }
672
+ }
673
+ this.recordGateCheckBilling(parsed.type, parsed.tables, decision);
674
+ if (decision.verdict === "deny") {
675
+ this.stats.blockedQueries++;
676
+ const errorMsg = buildPgErrorResponse(
677
+ "ERROR",
678
+ "42501",
679
+ `SOVR Policy Violation: ${decision.reason} [decision_id: ${decision.decision_id}]`
680
+ );
681
+ const readyMsg = buildPgReadyForQuery("I");
682
+ clientSocket.write(Buffer.concat([errorMsg, readyMsg]));
683
+ if (this.verbose) {
684
+ process.stderr.write(
685
+ `[sovr-sql-proxy] \x1B[31mBLOCKED\x1B[0m: ${parsed.type} on ${parsed.tables.join(", ")} \u2014 ${decision.reason}
686
+ `
687
+ );
688
+ }
689
+ if (this.onBlocked) {
690
+ try {
691
+ this.onBlocked(info);
692
+ } catch {
693
+ }
694
+ }
695
+ this.emit("blocked", info);
696
+ } else if (decision.verdict === "escalate") {
697
+ this.stats.escalatedQueries++;
698
+ const errorMsg = buildPgErrorResponse(
699
+ "ERROR",
700
+ "42501",
701
+ `SOVR: Action requires approval \u2014 ${decision.reason} [decision_id: ${decision.decision_id}]`
702
+ );
703
+ const readyMsg = buildPgReadyForQuery("I");
704
+ clientSocket.write(Buffer.concat([errorMsg, readyMsg]));
705
+ if (this.verbose) {
706
+ process.stderr.write(
707
+ `[sovr-sql-proxy] \x1B[33mESCALATED\x1B[0m: ${parsed.type} on ${parsed.tables.join(", ")} \u2014 ${decision.reason}
708
+ `
709
+ );
710
+ }
711
+ this.emit("escalated", info);
712
+ } else {
713
+ this.stats.allowedQueries++;
714
+ backendSocket.write(data);
715
+ if (this.verbose) {
716
+ process.stderr.write(
717
+ `[sovr-sql-proxy] \x1B[32mALLOWED\x1B[0m: ${parsed.type} on ${parsed.tables.join(", ")} (risk: ${decision.risk_score})
718
+ `
719
+ );
720
+ }
721
+ }
722
+ }
723
+ // ============================================================================
724
+ // Policy Evaluation
725
+ // ============================================================================
726
+ evaluateStatement(parsed) {
727
+ const safeTypes = [
728
+ "SELECT",
729
+ "BEGIN",
730
+ "COMMIT",
731
+ "ROLLBACK",
732
+ "SET",
733
+ "SHOW",
734
+ "EXPLAIN"
735
+ ];
736
+ if (safeTypes.includes(parsed.type) && !parsed.isMultiStatement) {
737
+ if (parsed.type !== "SELECT") {
738
+ return {
739
+ decision_id: `dec_passthrough_${Date.now().toString(36)}`,
740
+ verdict: "allow",
741
+ allowed: true,
742
+ risk_score: 0,
743
+ risk_level: "none",
744
+ requires_approval: false,
745
+ reason: `Safe statement type: ${parsed.type}`,
746
+ matched_rules: [],
747
+ channel: "sql",
748
+ trace_id: `trace_sql_${Date.now().toString(36)}`,
749
+ timestamp: Date.now()
750
+ };
751
+ }
752
+ }
753
+ const context = {
754
+ statement_type: parsed.type,
755
+ tables: parsed.tables,
756
+ has_where_clause: parsed.hasWhereClause,
757
+ raw_sql: parsed.raw.substring(0, 1e3),
758
+ is_multi_statement: parsed.isMultiStatement
759
+ };
760
+ return this.engine.evaluate({
761
+ channel: "sql",
762
+ action: parsed.type,
763
+ resource: parsed.tables.join(",") || "*",
764
+ context,
765
+ actor_id: this.actorId
766
+ });
767
+ }
768
+ // ============================================================================
769
+ // Utilities
770
+ // ============================================================================
771
+ log(msg) {
772
+ process.stderr.write(`[sovr-sql-proxy] ${msg}
773
+ `);
774
+ }
775
+ /** v2.0: Async version check */
776
+ async _checkVersion(apiKey) {
777
+ try {
778
+ const res = await fetch(VERSION_CHECK_URL, {
779
+ method: "POST",
780
+ headers: { "Content-Type": "application/json", "X-SOVR-API-Key": apiKey },
781
+ body: JSON.stringify({ package: "@sovr/proxy-sql", version: PROXY_SQL_VERSION }),
782
+ signal: AbortSignal.timeout(5e3)
783
+ });
784
+ if (res.ok) {
785
+ const data = await res.json();
786
+ if (data.deprecated || data.forceUpgrade) {
787
+ console.error(
788
+ `[SOVR] @sovr/proxy-sql@${PROXY_SQL_VERSION} is deprecated.
789
+ Required: @sovr/proxy-sql@${data.minVersion || "latest"}
790
+ Run: npm install @sovr/proxy-sql@latest`
791
+ );
792
+ process.exit(1);
793
+ }
794
+ }
795
+ } catch {
796
+ }
797
+ }
798
+ };
799
+ export {
800
+ SqlProxy,
801
+ detectSqlInjection,
802
+ parseSQL
803
+ };
package/package.json CHANGED
@@ -1,22 +1,18 @@
1
1
  {
2
2
  "name": "@sovr/sql-proxy",
3
- "version": "2.0.0",
4
- "description": "SQL Proxy for AI Agents — intercepts DDL/DML through SOVR Policy Engine with billing, SQL injection detection, and table ACL",
3
+ "version": "2.0.1",
4
+ "description": "SQL Proxy for AI Agents",
5
5
  "license": "BSL-1.1",
6
6
  "type": "module",
7
- "main": "./index.js",
8
- "types": "./index.d.ts",
7
+ "main": "./dist/index.js",
8
+ "types": "./dist/index.d.ts",
9
9
  "exports": {
10
10
  ".": {
11
- "types": "./index.d.ts",
12
- "import": "./index.js",
13
- "require": "./index.cjs"
11
+ "types": "./dist/index.d.ts",
12
+ "import": "./dist/index.js",
13
+ "require": "./dist/index.cjs"
14
14
  }
15
15
  },
16
- "keywords": ["sovr", "sql-proxy", "database-security", "ai-agent"],
17
- "repository": {
18
- "type": "git",
19
- "url": "https://github.com/xie38388/sovr.git"
20
- },
16
+ "repository": {"type": "git", "url": "https://github.com/xie38388/sovr.git"},
21
17
  "homepage": "https://sovr.inc"
22
18
  }
package/index.js DELETED
@@ -1,10 +0,0 @@
1
- import {
2
- SqlProxy,
3
- detectSqlInjection,
4
- parseSQL
5
- } from "./chunk-BDKWSESQ.js";
6
- export {
7
- SqlProxy,
8
- detectSqlInjection,
9
- parseSQL
10
- };
/package/{index.d.ts → dist/index.d.ts} RENAMED
File without changes