# SolonGate

> Security Gateway for AI Tools via MCP (Model Context Protocol)

SolonGate is the first dedicated security gateway for AI tool calls. It sits as a proxy between AI agents (Claude, GPT, Gemini, etc.) and the MCP servers they connect to (filesystem, shell, APIs, databases). Every tool call passes through SolonGate's security pipeline before reaching the real server.

## The Problem SolonGate Solves

AI agents with tool access can be exploited through:
- **Prompt injection**: Hidden instructions in documents/web pages that trick AI into executing malicious tool calls
- **Over-permissioning**: AI agents with unrestricted access to sensitive tools (shell, filesystem, databases)
- **Data leakage**: Sensitive data exfiltrated through tool call arguments
- **No audit trail**: No visibility into what AI agents actually do with their tools

SolonGate eliminates these risks with a zero-trust security layer.

## How It Works

```
AI Client (Claude Code)
    ↓ MCP protocol
SolonGate Proxy
    ├── 1. Rate Limiting (per tool, per key)
    ├── 2. Input Guard (10 threat detectors)
    │       Path traversal, shell injection, SSRF, SQL injection,
    │       data exfiltration, wildcard abuse, boundary escape,
    │       high entropy, length limits, prompt injection
    ├── 3. Policy Engine (allow/deny/condition rules)
    │       12+ condition operators ($contains, $regex, $gt, $in, etc.)
    ├── 4. Prompt Injection Detection (3-stage hybrid)
    │       Stage 1: 50 regex patterns across 7 categories
    │       Stage 2: Embedding similarity (Xenova/all-MiniLM-L6-v2)
    │       Stage 3: DeBERTa classifier (Xenova/deberta-v3-base-prompt-injection-v2)
    └── 5. AI Judge (LLM-based secondary review)
    ↓ MCP protocol
Real MCP Server (filesystem, shell, API, database)
```

## Key Differentiators

- **Protocol-level security**: Works at the MCP layer, not the application layer. Any MCP client works without modification.
- **3-stage prompt injection detection**: Combines fast regex rules with ML models for both known and novel attack detection.
- **Drop-in proxy**: One command to secure your entire AI tool stack. No code changes required.
- **Policy engine with conditions**: Not just allow/deny — supports conditional rules based on tool arguments.
- **AI Judge**: LLM-based secondary review for ambiguous decisions.
- **Full audit trail**: Every tool call is logged with decision, reason, latency, and threat details.

## Installation

```bash
# Install and run in one command
npx @solongate/proxy --api-key sg_live_... -- node my-server.js

# Or install globally
npm install -g @solongate/proxy
solongate-proxy --api-key sg_live_... -- node my-server.js
```

## Packages

| Package | Registry | Description |
|---------|----------|-------------|
| @solongate/proxy | npm | MCP proxy with CLI, security pipeline, and library exports |
| @solongate/core | npm | Input guard, 10 threat detectors, policy types |
| @solongate/policy-engine | npm | Rule evaluation, condition matching, policy store |
| solongate | PyPI | Python SDK for SolonGate |

## Pricing

- **Free**: $0/month — 500 tool audits, 1 policy, local proxy
- **Pro**: $20/month — 5,000 tool audits, unlimited policies, cloud sync, dashboard, Solon AI
- **Enterprise**: Custom — unlimited everything, SSO, SLA 99.9%, on-premise option

## Links

- Website: https://solongate.com
- Dashboard: https://dashboard.solongate.com
- API: https://api.solongate.com
- npm: https://www.npmjs.com/package/@solongate/proxy
- PyPI: https://pypi.org/project/solongate/
- Contact: https://solongate.com/contact/

## Full Technical Reference

For complete API docs, architecture details, and code examples: https://solongate.com/llms-full.txt