fullcourtdefense-cli 1.6.4 → 1.6.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/hook.js +36 -1
- package/dist/version.json +1 -1
- package/package.json +1 -1
package/dist/commands/hook.js
CHANGED
|
@@ -222,6 +222,37 @@ function developerId() {
|
|
|
222
222
|
return 'unknown-developer';
|
|
223
223
|
}
|
|
224
224
|
}
|
|
225
|
+
/**
|
|
226
|
+
* Normalize an identity component — MUST stay byte-for-byte identical to the MCP
|
|
227
|
+
* gateway's `safeIdentityPart` (mcpGateway.ts) so the hook and the gateway build
|
|
228
|
+
* the SAME per-server agent identity for the same server.
|
|
229
|
+
*/
|
|
230
|
+
function safeIdentityPart(value) {
|
|
231
|
+
return value
|
|
232
|
+
.trim()
|
|
233
|
+
.replace(/@.*$/, '')
|
|
234
|
+
.replace(/[^a-zA-Z0-9._-]+/g, '-')
|
|
235
|
+
.replace(/^-+|-+$/g, '')
|
|
236
|
+
.toLowerCase() || 'local-user';
|
|
237
|
+
}
|
|
238
|
+
/** Extract the MCP server name Cursor reports for a beforeMCPExecution payload. */
|
|
239
|
+
function mcpServerName(p) {
|
|
240
|
+
return str(p.mcp_server_name) || str(p.server_name) || str(p.serverName) || str(p.mcpServer) || undefined;
|
|
241
|
+
}
|
|
242
|
+
/**
|
|
243
|
+
* Runtime agent identity for a tool call. For MCP calls we mirror the gateway's
|
|
244
|
+
* per-server identity (`<developer>-cursor-<server>`) so a per-agent policy created
|
|
245
|
+
* for a gateway-observed agent ALSO matches the same server when it flows through
|
|
246
|
+
* the in-IDE hook. Non-MCP events keep the collapsed per-developer identity.
|
|
247
|
+
*/
|
|
248
|
+
function agentNameForCall(event, p) {
|
|
249
|
+
if (event === 'mcp') {
|
|
250
|
+
const server = mcpServerName(p);
|
|
251
|
+
if (server)
|
|
252
|
+
return `${safeIdentityPart(developerId())}-cursor-${safeIdentityPart(server)}`;
|
|
253
|
+
}
|
|
254
|
+
return `cursor-${developerId()}`;
|
|
255
|
+
}
|
|
225
256
|
/** Cursor conversation/session id when present, else a stable per-machine id. */
|
|
226
257
|
function sessionId(p) {
|
|
227
258
|
const fromPayload = p.conversation_id || p.conversationId || p.session_id || p.sessionId;
|
|
@@ -351,12 +382,16 @@ async function enforceActionPolicy(ctx) {
|
|
|
351
382
|
headers,
|
|
352
383
|
body: JSON.stringify({
|
|
353
384
|
shieldId,
|
|
354
|
-
|
|
385
|
+
// For MCP calls this mirrors the gateway's per-server identity
|
|
386
|
+
// (`<developer>-cursor-<server>`), so a per-agent policy matches the same
|
|
387
|
+
// server on BOTH the gateway path and this in-IDE hook path.
|
|
388
|
+
agentName: agentNameForCall(event, payload),
|
|
355
389
|
toolName: call.toolName,
|
|
356
390
|
toolArgs: call.toolArgs,
|
|
357
391
|
argsSummary: summarizeToolCall(call.toolName, call.toolArgs),
|
|
358
392
|
sessionId: sessionId(payload),
|
|
359
393
|
source: 'cursor_hook',
|
|
394
|
+
...(event === 'mcp' && mcpServerName(payload) ? { mcpServer: mcpServerName(payload) } : {}),
|
|
360
395
|
...machineMetadata(),
|
|
361
396
|
}),
|
|
362
397
|
signal: controller.signal,
|
package/dist/version.json
CHANGED