fullcourtdefense-cli 1.6.5 → 1.6.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -240,16 +240,19 @@ function mcpServerName(p) {
240
240
  return str(p.mcp_server_name) || str(p.server_name) || str(p.serverName) || str(p.mcpServer) || undefined;
241
241
  }
242
242
  /**
243
- * Runtime agent identity for a tool call. For MCP calls we mirror the gateway's
244
- * per-server identity (`<developer>-cursor-<server>`) so a per-agent policy created
245
- * for a gateway-observed agent ALSO matches the same server when it flows through
246
- * the in-IDE hook. Non-MCP events keep the collapsed per-developer identity.
243
+ * Runtime agent identity for a tool call. For MCP calls we use a RUNTIME-AGNOSTIC
244
+ * per-server identity (`<developer>-<server>`) the client (cursor/codex/claude/...) is
245
+ * intentionally NOT part of the identity, because the same logical agent (the MCP server)
246
+ * is the same agent no matter which IDE/client invokes it. This mirrors the gateway's
247
+ * `perServerAgentName`, so ONE per-agent policy matches the same server across every runtime.
248
+ * The client is still reported separately as `agentClient` metadata for optional per-runtime
249
+ * constraints. Non-MCP events keep the collapsed per-developer IDE-runtime identity.
247
250
  */
248
251
  function agentNameForCall(event, p) {
249
252
  if (event === 'mcp') {
250
253
  const server = mcpServerName(p);
251
254
  if (server)
252
- return `${safeIdentityPart(developerId())}-cursor-${safeIdentityPart(server)}`;
255
+ return `${safeIdentityPart(developerId())}-${safeIdentityPart(server)}`;
253
256
  }
254
257
  return `cursor-${developerId()}`;
255
258
  }
@@ -382,9 +385,9 @@ async function enforceActionPolicy(ctx) {
382
385
  headers,
383
386
  body: JSON.stringify({
384
387
  shieldId,
385
- // For MCP calls this mirrors the gateway's per-server identity
386
- // (`<developer>-cursor-<server>`), so a per-agent policy matches the same
387
- // server on BOTH the gateway path and this in-IDE hook path.
388
+ // For MCP calls this mirrors the gateway's runtime-agnostic per-server identity
389
+ // (`<developer>-<server>`), so ONE per-agent policy matches the same server on the
390
+ // gateway path AND this in-IDE hook path, across every client/runtime.
388
391
  agentName: agentNameForCall(event, payload),
389
392
  toolName: call.toolName,
390
393
  toolArgs: call.toolArgs,
@@ -1022,8 +1022,13 @@ function backupFile(file) {
1022
1022
  }
1023
1023
  catch { /* best effort */ }
1024
1024
  }
1025
- function perServerAgentName(developerName, agentClient, serverName) {
1026
- return `${safeIdentityPart(developerName)}-${agentClient}-${safeIdentityPart(serverName)}`;
1025
+ // RUNTIME-AGNOSTIC per-server agent identity: `<developer>-<server>`. The client
1026
+ // (cursor/codex/claude/...) is deliberately excluded — the same MCP server is the same
1027
+ // logical agent regardless of which IDE/runtime invokes it, so ONE per-agent policy applies
1028
+ // everywhere. The client is still carried separately as `agentClient` metadata (see GatewayConfig)
1029
+ // for optional per-runtime constraints. `agentClient` is kept as a param for signature stability.
1030
+ function perServerAgentName(developerName, _agentClient, serverName) {
1031
+ return `${safeIdentityPart(developerName)}-${safeIdentityPart(serverName)}`;
1027
1032
  }
1028
1033
  function wrapJsonConfigFile(file, gatewayConfig, agentClient, dryRun) {
1029
1034
  const stats = newWrapStats();
package/dist/version.json CHANGED
@@ -1,3 +1,3 @@
1
1
  {
2
- "version": "1.6.5"
2
+ "version": "1.6.6"
3
3
  }
package/package.json CHANGED
@@ -1,42 +1,42 @@
1
- {
2
- "name": "fullcourtdefense-cli",
3
- "version": "1.6.5",
4
- "description": "Full Court Defense CLI — security scanning for AI agents from your terminal",
5
- "main": "dist/index.js",
6
- "bin": {
7
- "fullcourtdefense": "dist/index.js",
8
- "fcd": "dist/index.js",
9
- "botguard": "dist/index.js"
10
- },
11
- "files": [
12
- "dist",
13
- "README.md"
14
- ],
15
- "scripts": {
16
- "build": "tsc && node scripts/copy-attack-corpus.js",
17
- "prepublishOnly": "npm run build"
18
- },
19
- "keywords": [
20
- "llm",
21
- "security",
22
- "guardrails",
23
- "ai-safety",
24
- "prompt-injection",
25
- "cli",
26
- "red-teaming",
27
- "owasp",
28
- "mcp",
29
- "rag"
30
- ],
31
- "license": "MIT",
32
- "devDependencies": {
33
- "@types/node": "^25.3.0",
34
- "typescript": "^5.3.0"
35
- },
36
- "engines": {
37
- "node": ">=18.0.0"
38
- },
39
- "dependencies": {
40
- "yaml": "^2.8.4"
41
- }
42
- }
1
+ {
2
+ "name": "fullcourtdefense-cli",
3
+ "version": "1.6.6",
4
+ "description": "Full Court Defense CLI — security scanning for AI agents from your terminal",
5
+ "main": "dist/index.js",
6
+ "bin": {
7
+ "fullcourtdefense": "dist/index.js",
8
+ "fcd": "dist/index.js",
9
+ "botguard": "dist/index.js"
10
+ },
11
+ "files": [
12
+ "dist",
13
+ "README.md"
14
+ ],
15
+ "scripts": {
16
+ "build": "tsc && node scripts/copy-attack-corpus.js",
17
+ "prepublishOnly": "npm run build"
18
+ },
19
+ "keywords": [
20
+ "llm",
21
+ "security",
22
+ "guardrails",
23
+ "ai-safety",
24
+ "prompt-injection",
25
+ "cli",
26
+ "red-teaming",
27
+ "owasp",
28
+ "mcp",
29
+ "rag"
30
+ ],
31
+ "license": "MIT",
32
+ "devDependencies": {
33
+ "@types/node": "^25.3.0",
34
+ "typescript": "^5.3.0"
35
+ },
36
+ "engines": {
37
+ "node": ">=18.0.0"
38
+ },
39
+ "dependencies": {
40
+ "yaml": "^2.8.4"
41
+ }
42
+ }