fullcourtdefense-cli 1.6.4 → 1.6.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -222,6 +222,37 @@ function developerId() {
222
222
  return 'unknown-developer';
223
223
  }
224
224
  }
225
+ /**
226
+ * Normalize an identity component — MUST stay byte-for-byte identical to the MCP
227
+ * gateway's `safeIdentityPart` (mcpGateway.ts) so the hook and the gateway build
228
+ * the SAME per-server agent identity for the same server.
229
+ */
230
+ function safeIdentityPart(value) {
231
+ return value
232
+ .trim()
233
+ .replace(/@.*$/, '')
234
+ .replace(/[^a-zA-Z0-9._-]+/g, '-')
235
+ .replace(/^-+|-+$/g, '')
236
+ .toLowerCase() || 'local-user';
237
+ }
238
+ /** Extract the MCP server name Cursor reports for a beforeMCPExecution payload. */
239
+ function mcpServerName(p) {
240
+ return str(p.mcp_server_name) || str(p.server_name) || str(p.serverName) || str(p.mcpServer) || undefined;
241
+ }
242
+ /**
243
+ * Runtime agent identity for a tool call. For MCP calls we mirror the gateway's
244
+ * per-server identity (`<developer>-cursor-<server>`) so a per-agent policy created
245
+ * for a gateway-observed agent ALSO matches the same server when it flows through
246
+ * the in-IDE hook. Non-MCP events keep the collapsed per-developer identity.
247
+ */
248
+ function agentNameForCall(event, p) {
249
+ if (event === 'mcp') {
250
+ const server = mcpServerName(p);
251
+ if (server)
252
+ return `${safeIdentityPart(developerId())}-cursor-${safeIdentityPart(server)}`;
253
+ }
254
+ return `cursor-${developerId()}`;
255
+ }
225
256
  /** Cursor conversation/session id when present, else a stable per-machine id. */
226
257
  function sessionId(p) {
227
258
  const fromPayload = p.conversation_id || p.conversationId || p.session_id || p.sessionId;
@@ -351,12 +382,16 @@ async function enforceActionPolicy(ctx) {
351
382
  headers,
352
383
  body: JSON.stringify({
353
384
  shieldId,
354
- agentName: `cursor-${developerId()}`,
385
+ // For MCP calls this mirrors the gateway's per-server identity
386
+ // (`<developer>-cursor-<server>`), so a per-agent policy matches the same
387
+ // server on BOTH the gateway path and this in-IDE hook path.
388
+ agentName: agentNameForCall(event, payload),
355
389
  toolName: call.toolName,
356
390
  toolArgs: call.toolArgs,
357
391
  argsSummary: summarizeToolCall(call.toolName, call.toolArgs),
358
392
  sessionId: sessionId(payload),
359
393
  source: 'cursor_hook',
394
+ ...(event === 'mcp' && mcpServerName(payload) ? { mcpServer: mcpServerName(payload) } : {}),
360
395
  ...machineMetadata(),
361
396
  }),
362
397
  signal: controller.signal,
package/dist/version.json CHANGED
@@ -1,3 +1,3 @@
1
1
  {
2
- "version": "1.6.4"
2
+ "version": "1.6.5"
3
3
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "fullcourtdefense-cli",
3
- "version": "1.6.4",
3
+ "version": "1.6.5",
4
4
  "description": "Full Court Defense CLI — security scanning for AI agents from your terminal",
5
5
  "main": "dist/index.js",
6
6
  "bin": {