securenow 7.8.1 → 8.0.0

package/mcp/catalog.js

@@ -13,7 +13,7 @@ Primary goals:
 - Use the latest published SecureNow npm package. Require securenow@7.8.0 or newer for split admin/runtime credentials.
 - By default, enable tracing, logs, POST request body capture, multipart metadata capture, and the SecureNow firewall.
 - If I explicitly ask for firewall-only mode, keep the same install/login/verification gates, but use firewall-only preload and do not add tracing, logging, or OTel instrumentation.
-- The firewall must protect the selected SecureNow app, use SecureNow's own blocklist/allowlist/IPDB data, and respect that app's SecureNow IPDB confidence threshold. Do not add custom IP reputation providers or custom auto-blocking.
+- The firewall must protect the selected SecureNow app, use SecureNow's own blocklist/allowlist/IPDB data, and respect that app's SecureNow AI IPDB confidence threshold. Do not add custom IP reputation providers or custom auto-blocking.
 - Do not confuse IP Allowlist with Trusted IPs. IP Allowlist is restrictive deny-by-default: when any allowlist entry exists for an app/environment, only listed IPs can reach it and all other IPs are blocked. Use Trusted IPs for known-safe monitors, office/VPN traffic, or false-positive suppression. Only use allowlist after explicit human approval to lock the app/environment to known IPs.
 
 Safety rules:
@@ -64,7 +64,7 @@ Runbook:
    Local credentials should use config.runtime.deploymentEnvironment="local". Production runtime credentials should use "production". The app key stays the same; traces, logs, firewall status, forensics, and CLI/MCP queries are scoped by environment.
 9. Verify firewall and threshold:
    - Run npx securenow firewall apps and npx securenow firewall status.
-   - Confirm the selected app is present, firewallEnabled is true, and the SecureNow IPDB confidence threshold is visible.
+   - Confirm the selected app is present, firewallEnabled is true, and the SecureNow AI IPDB confidence threshold is visible.
    - If firewallEnabled is false, run the documented per-app enable command, for example npx securenow firewall enable --app <appKey>, then verify again.
 10. End-to-end proof:
    - Run npx securenow doctor.
@@ -189,7 +189,7 @@ const TOOLS = [
   {
     name: 'securenow_auth_status',
     title: 'SecureNow Auth Status',
-    description: 'Show local SecureNow credential source, selected app, and masked firewall key.',
+    description: 'Show local SecureNow credential source, selected app, and masked runtime API key.',
     scope: null,
     localOnly: true,
     readOnly: true,
@@ -238,7 +238,7 @@ const TOOLS = [
   {
     name: 'securenow_firewall_apps',
     title: 'List Firewall Apps',
-    description: 'List applications with firewall toggle and SecureNow IPDB threshold state.',
+    description: 'List applications with firewall toggle and SecureNow AI IPDB threshold state.',
     scope: 'applications:read',
     readOnly: true,
     method: 'GET',
@@ -298,8 +298,8 @@ const TOOLS = [
   },
   {
     name: 'securenow_firewall_set_threshold',
-    title: 'Set SecureNow IPDB Threshold',
-    description: 'Set the per-app SecureNow IPDB confidence threshold. Write action; requires confirmation.',
+    title: 'Set SecureNow AI IPDB Threshold',
+    description: 'Set the per-app SecureNow AI IPDB confidence threshold. Write action; requires confirmation.',
     scope: 'applications:write',
     readOnly: false,
     confirm: true,
@@ -309,7 +309,7 @@ const TOOLS = [
     bodyFields: ['confidenceMinimum', 'environment'],
     inputSchema: objectSchema({
       appKey: string('Application key UUID.'),
-      confidenceMinimum: number('Minimum SecureNow IPDB confidence score.', { minimum: 0, maximum: 100 }),
+      confidenceMinimum: number('Minimum SecureNow AI IPDB confidence score.', { minimum: 0, maximum: 100 }),
       ...environmentInput,
       ...confirmSchema,
     }, ['appKey', 'confidenceMinimum', 'confirm', 'reason']),
@@ -475,6 +475,190 @@ const TOOLS = [
       search: string('Optional search over IP, rule, path, or verdict.'),
     }),
   },
+  {
+    name: 'securenow_human_actions_grouped_list',
+    title: 'List Grouped Human Actions',
+    description: 'List Requires Human work as root-cause groups with batch-safety preview instead of one row per IP/action.',
+    scope: 'notifications:read',
+    readOnly: true,
+    method: 'GET',
+    endpoint: '/notifications/approval-task-groups',
+    queryFields: ['limit', 'page', 'search'],
+    inputSchema: objectSchema({
+      ...pagingInput,
+      search: string('Optional search over IP, rule, path, action, or verdict.'),
+    }),
+  },
+  {
+    name: 'securenow_alert_review_runs_list',
+    title: 'List Alert Review Root Causes',
+    description: 'List pending alert-review runs as root-cause groups with batch-action preview, rather than row-by-row noisy alert triage.',
+    scope: 'notifications:read',
+    readOnly: true,
+    method: 'GET',
+    endpoint: '/notifications/alert-review-runs',
+    queryFields: ['limit', 'page', 'search', 'rootCauseKey', 'groupKey', 'includeRuns', 'maxScan'],
+    inputSchema: objectSchema({
+      ...pagingInput,
+      search: string('Optional search over rule, route, IP, evidence, or proposed guard.'),
+      rootCauseKey: string('Optional root-cause group key to filter to one group.'),
+      groupKey: string('Compatibility alias for rootCauseKey.'),
+      includeRuns: boolean('Whether to include compact matching run rows in the response.'),
+      maxScan: number('Maximum pending-review rows to scan before grouping. Defaults to 500, capped at 1000.', { minimum: 1, maximum: 1000 }),
+    }),
+  },
+  {
+    name: 'securenow_alert_review_runs_count',
+    title: 'Count Alert Review Runs',
+    description: 'Count pending alert-review rows and the root-cause groups they collapse into.',
+    scope: 'notifications:read',
+    readOnly: true,
+    method: 'GET',
+    endpoint: '/notifications/alert-review-runs/count',
+    queryFields: ['search', 'maxScan'],
+    inputSchema: objectSchema({
+      search: string('Optional search over rule, route, IP, evidence, or proposed guard.'),
+      maxScan: number('Maximum pending-review rows to scan before grouping. Defaults to 500, capped at 1000.', { minimum: 1, maximum: 1000 }),
+    }),
+  },
+  {
+    name: 'securenow_alert_review_run_get',
+    title: 'Get Alert Review Run',
+    description: 'Fetch one pending-review alert run with its root-cause key, evidence-quality score, and similar open siblings.',
+    scope: 'notifications:read',
+    readOnly: true,
+    method: 'GET',
+    endpoint: '/notifications/alert-review-runs/:id',
+    pathParams: ['id'],
+    queryFields: ['maxScan'],
+    inputSchema: objectSchema({
+      id: string('Notification id for the alert review run.'),
+      maxScan: number('Maximum pending-review rows to scan for similar siblings. Defaults to 500, capped at 1000.', { minimum: 1, maximum: 1000 }),
+    }, ['id']),
+  },
+  {
+    name: 'securenow_alert_review_run_resolve',
+    title: 'Resolve Alert Review Run',
+    description: 'Close one pending alert-review row with an auditable no-write decision report.',
+    scope: 'notifications:write',
+    readOnly: false,
+    confirm: true,
+    method: 'POST',
+    endpoint: '/notifications/alert-review-runs/:id/resolve',
+    pathParams: ['id'],
+    fixedBody: { reportSource: 'mcp' },
+    bodyFields: ['confirm', 'reason', 'decisionReport', 'decisionSummary', 'outcome', 'evidence', 'reviewedHistory', 'traceIds', 'paths', 'methods', 'statusCodes', 'userAgents', 'missingProof', 'recommendations'],
+    inputSchema: objectSchema({
+      id: string('Notification id for the alert review run.'),
+      ...decisionReportInput,
+      ...confirmSchema,
+    }, ['id', 'confirm', 'reason']),
+  },
+  {
+    name: 'securenow_alert_review_run_dismiss',
+    title: 'Dismiss Alert Review Run',
+    description: 'Dismiss one pending alert-review row with an audit report and no enforcement write.',
+    scope: 'notifications:write',
+    readOnly: false,
+    confirm: true,
+    method: 'POST',
+    endpoint: '/notifications/alert-review-runs/:id/dismiss',
+    pathParams: ['id'],
+    fixedBody: { reportSource: 'mcp' },
+    bodyFields: ['confirm', 'reason', 'decisionReport', 'decisionSummary', 'outcome', 'evidence', 'reviewedHistory', 'traceIds', 'paths', 'methods', 'statusCodes', 'userAgents', 'missingProof', 'recommendations'],
+    inputSchema: objectSchema({
+      id: string('Notification id for the alert review run.'),
+      ...decisionReportInput,
+      ...confirmSchema,
+    }, ['id', 'confirm', 'reason']),
+  },
+  {
+    name: 'securenow_alert_review_run_keep_alive',
+    title: 'Keep Alert Rule Active',
+    description: 'Mark the noisy/paused alert rule as reviewed, keep it active, and close the pending alert-review row with an audit report.',
+    scope: 'notifications:write',
+    readOnly: false,
+    confirm: true,
+    method: 'POST',
+    endpoint: '/notifications/alert-review-runs/:id/keep-alive',
+    pathParams: ['id'],
+    fixedBody: { reportSource: 'mcp' },
+    bodyFields: ['confirm', 'reason', 'reviewNote', 'decisionReport', 'decisionSummary', 'evidence', 'reviewedHistory', 'traceIds', 'paths', 'methods', 'statusCodes', 'userAgents', 'missingProof', 'recommendations'],
+    inputSchema: objectSchema({
+      id: string('Notification id for the alert review run.'),
+      reviewNote: string('Optional rule-review note. Defaults to reason.'),
+      ...decisionReportInput,
+      ...confirmSchema,
+    }, ['id', 'confirm', 'reason']),
+  },
+  {
+    name: 'securenow_alert_review_run_apply_group_decision',
+    title: 'Apply Alert Review Group Decision',
+    description: 'Apply one verified no-write decision report to every currently matching alert-review row in a root-cause group, leaving non-matching rows open.',
+    scope: 'notifications:write',
+    readOnly: false,
+    confirm: true,
+    method: 'POST',
+    endpoint: '/notifications/alert-review-runs/apply-group-decision',
+    fixedBody: { reportSource: 'mcp' },
+    bodyFields: ['confirm', 'reason', 'rootCauseKey', 'groupKey', 'prototypeRunId', 'notificationIds', 'status', 'outcome', 'allowMixed', 'previewOnly', 'maxRows', 'maxScan', 'search', 'decisionReport', 'decisionSummary', 'evidence', 'reviewedHistory', 'traceIds', 'paths', 'methods', 'statusCodes', 'userAgents', 'missingProof', 'recommendations'],
+    inputSchema: objectSchema({
+      rootCauseKey: string('Root-cause group key from securenow_alert_review_runs_list.'),
+      groupKey: string('Compatibility alias for rootCauseKey.'),
+      prototypeRunId: string('Optional notification id whose root-cause key should be used.'),
+      notificationIds: arrayOfStrings('Optional subset of eligible notification ids to close. Leave empty to apply to every eligible row in the group.'),
+      status: string('Resolution status: resolved or dismissed. Defaults to resolved.'),
+      allowMixed: boolean('Allow a mixed decision/attribution group only after every row was manually reviewed. Defaults to false.'),
+      previewOnly: boolean('When true, returns the eligible rows without writing.'),
+      maxRows: number('Maximum rows to close in this batch. Defaults to 100, capped at 250.', { minimum: 1, maximum: 250 }),
+      maxScan: number('Maximum pending-review rows to scan before grouping. Defaults to 500, capped at 1000.', { minimum: 1, maximum: 1000 }),
+      search: string('Optional search filter applied before grouping.'),
+      ...decisionReportInput,
+      ...confirmSchema,
+    }, ['confirm', 'reason']),
+  },
+  {
+    name: 'securenow_alert_review_apply_group_decision',
+    title: 'Apply Alert Review Group Decision',
+    description: 'Compatibility alias for securenow_alert_review_run_apply_group_decision.',
+    scope: 'notifications:write',
+    readOnly: false,
+    confirm: true,
+    method: 'POST',
+    endpoint: '/notifications/alert-review-runs/apply-group-decision',
+    fixedBody: { reportSource: 'mcp' },
+    bodyFields: ['confirm', 'reason', 'rootCauseKey', 'groupKey', 'prototypeRunId', 'notificationIds', 'status', 'outcome', 'allowMixed', 'previewOnly', 'maxRows', 'maxScan', 'search', 'decisionReport', 'decisionSummary', 'evidence', 'reviewedHistory', 'traceIds', 'paths', 'methods', 'statusCodes', 'userAgents', 'missingProof', 'recommendations'],
+    inputSchema: objectSchema({
+      rootCauseKey: string('Root-cause group key from securenow_alert_review_runs_list.'),
+      groupKey: string('Compatibility alias for rootCauseKey.'),
+      prototypeRunId: string('Optional notification id whose root-cause key should be used.'),
+      notificationIds: arrayOfStrings('Optional subset of eligible notification ids to close. Leave empty to apply to every eligible row in the group.'),
+      status: string('Resolution status: resolved or dismissed. Defaults to resolved.'),
+      allowMixed: boolean('Allow a mixed decision/attribution group only after every row was manually reviewed. Defaults to false.'),
+      previewOnly: boolean('When true, returns the eligible rows without writing.'),
+      maxRows: number('Maximum rows to close in this batch. Defaults to 100, capped at 250.', { minimum: 1, maximum: 250 }),
+      maxScan: number('Maximum pending-review rows to scan before grouping. Defaults to 500, capped at 1000.', { minimum: 1, maximum: 1000 }),
+      search: string('Optional search filter applied before grouping.'),
+      ...decisionReportInput,
+      ...confirmSchema,
+    }, ['confirm', 'reason']),
+  },
+  {
+    name: 'securenow_alert_review_group_similar',
+    title: 'List Similar Alert Review Runs',
+    description: 'Fetch the current rows in one alert-review root-cause group for preview before a batch decision.',
+    scope: 'notifications:read',
+    readOnly: true,
+    method: 'GET',
+    endpoint: '/notifications/alert-review-runs',
+    queryFields: ['rootCauseKey', 'groupKey', 'includeRuns', 'maxScan'],
+    fixedQuery: { includeRuns: true },
+    inputSchema: objectSchema({
+      rootCauseKey: string('Root-cause group key from securenow_alert_review_runs_list.'),
+      groupKey: string('Compatibility alias for rootCauseKey.'),
+      maxScan: number('Maximum pending-review rows to scan before grouping. Defaults to 500, capped at 1000.', { minimum: 1, maximum: 1000 }),
+    }),
+  },
   {
     name: 'securenow_human_action_report',
     title: 'Get Human Action Report',
@@ -532,6 +716,25 @@ const TOOLS = [
       ...confirmSchema,
     }, ['notificationId', 'ip', 'confirm', 'reason']),
   },
+  {
+    name: 'securenow_human_action_close_no_write',
+    title: 'Close Human Action Without Enforcement',
+    description: 'Close one Requires Human IP row with an auditable no-write decision report. Use for ambiguous, skipped, rule-tuning-needed, new-rule-needed, rate-limited, or already-handled rows.',
+    scope: 'notifications:write',
+    readOnly: false,
+    confirm: true,
+    method: 'POST',
+    endpoint: '/notifications/:notificationId/ips/:ip/close-no-write',
+    pathParams: ['notificationId', 'ip'],
+    fixedBody: { reportSource: 'mcp' },
+    bodyFields: ['reason', 'decisionReport', 'decisionSummary', 'outcome', 'evidence', 'reviewedHistory', 'traceIds', 'paths', 'methods', 'statusCodes', 'userAgents', 'missingProof', 'recommendations'],
+    inputSchema: objectSchema({
+      notificationId: string('Notification id from the human action row.'),
+      ip: string('IP address for the row to close.'),
+      ...decisionReportInput,
+      ...confirmSchema,
+    }, ['notificationId', 'ip', 'confirm', 'reason']),
+  },
   {
     name: 'securenow_human_action_false_positive',
     title: 'Mark Human Action False Positive',
@@ -805,6 +1008,69 @@ const TOOLS = [
       ...confirmSchema,
     }, ['id', 'confirm', 'reason']),
   },
+  {
+    name: 'securenow_rate_limit_list',
+    title: 'List Rate Limits',
+    description: 'List rate-limit remediation rules with app/environment scope.',
+    scope: 'rate_limits:read',
+    readOnly: true,
+    method: 'GET',
+    endpoint: '/rate-limits',
+    queryFields: ['status', 'search', 'page', 'limit', 'appKey', 'environment'],
+    inputSchema: objectSchema({
+      status: string('Rule status: active, disabled, removed, or all. Defaults to active.'),
+      search: string('Optional IP/path/name search.'),
+      ...pagingInput,
+      appKey: string('Optional application key scope.'),
+      ...environmentInput,
+    }),
+  },
+  {
+    name: 'securenow_rate_limit_get',
+    title: 'Get Rate Limit',
+    description: 'Fetch one rate-limit remediation rule.',
+    scope: 'rate_limits:read',
+    readOnly: true,
+    method: 'GET',
+    endpoint: '/rate-limits/:id',
+    pathParams: ['id'],
+    inputSchema: objectSchema({
+      id: string('Rate-limit rule id.'),
+    }, ['id']),
+  },
+  {
+    name: 'securenow_rate_limit_test',
+    title: 'Test Rate Limit Match',
+    description: 'Check whether an IP/path/method would match an active rate-limit rule.',
+    scope: 'rate_limits:read',
+    readOnly: true,
+    method: 'GET',
+    endpoint: '/rate-limits/check',
+    queryFields: ['ip', 'path', 'method', 'appKey', 'environment'],
+    inputSchema: objectSchema({
+      ip: string('IPv4 address to test.'),
+      path: string('Request path to test. Defaults to /.'),
+      method: string('HTTP method to test. Defaults to GET.'),
+      appKey: string('Optional application key scope.'),
+      ...environmentInput,
+    }, ['ip']),
+  },
+  {
+    name: 'securenow_rate_limit_remove',
+    title: 'Remove Rate Limit',
+    description: 'Remove a rate-limit remediation rule. Write action; requires confirmation.',
+    scope: 'rate_limits:write',
+    readOnly: false,
+    confirm: true,
+    method: 'DELETE',
+    endpoint: '/rate-limits/:id',
+    pathParams: ['id'],
+    bodyFields: ['reason'],
+    inputSchema: objectSchema({
+      id: string('Rate-limit rule id.'),
+      ...confirmSchema,
+    }, ['id', 'confirm', 'reason']),
+  },
   {
     name: 'securenow_rate_limit_parse',
     title: 'Parse Rate Limit Text',
@@ -908,6 +1174,256 @@ const TOOLS = [
       ...confirmSchema,
     }, ['id', 'sqlQuery', 'confirm', 'reason']),
   },
+  {
+    name: 'securenow_alert_rule_instant_update',
+    title: 'Update Instant Alert Rule',
+    description: 'Patch instant rule conditions/config with version/hash guards and before/after seeded tests. System rules require applyGlobally:true and admin permission. Write action; requires confirmation.',
+    scope: 'alerts:write',
+    readOnly: false,
+    confirm: true,
+    method: 'PUT',
+    endpoint: '/alert-rules/:id/instant',
+    pathParams: ['id'],
+    bodyFields: [
+      'operations',
+      'conditions',
+      'enabled',
+      'source',
+      'matchMode',
+      'executionMode',
+      'severity',
+      'throttle',
+      'expectedRuleVersion',
+      'expectedCurrentInstantHash',
+      'expectedCurrentRuleHash',
+      'applyGlobally',
+      'dryRun',
+      'reactivatePausedCopies',
+      'fixtures',
+      'reviewNotificationId',
+      'reviewNote',
+      'reason',
+    ],
+    fixedBody: { auditSource: 'mcp' },
+    inputSchema: objectSchema({
+      id: string('Alert rule id. Fetch with securenow_alert_rule_get first to get ruleVersion and instantHash.'),
+      operations: {
+        type: 'array',
+        items: { type: 'object', additionalProperties: true },
+        description: 'Condition patch operations: add_condition, remove_condition, update_condition. Use zero-based index/conditionIndex for remove/update.',
+      },
+      conditions: {
+        type: 'array',
+        items: { type: 'object', additionalProperties: true },
+        description: 'Optional full replacement instant conditions array. Use operations for smaller patches.',
+      },
+      enabled: boolean('Whether instant detection is enabled.'),
+      source: string('Instant event source. Currently trace.'),
+      matchMode: string('Condition match mode: all or any.'),
+      executionMode: string('Rule execution mode: instant or hybrid when instant detection is enabled.'),
+      severity: string('Optional severity override: critical, high, medium, or low.'),
+      throttle: { type: 'object', additionalProperties: true, description: 'Throttle patch, for example { enabled:true, minutes:15 }.' },
+      expectedRuleVersion: number('Required current reviewState.reviewVersion from securenow_alert_rule_get.', { minimum: 1 }),
+      expectedCurrentInstantHash: string('Required SHA-256 hash of the current instant config from securenow_alert_rule_get.'),
+      expectedCurrentRuleHash: string('Optional SHA-256 hash of the current instant/throttle/severity surface from securenow_alert_rule_get.'),
+      applyGlobally: boolean('Required true for system rules. Updates every customer copy of the system rule.'),
+      dryRun: boolean('When true, validates and runs before/after seeded tests without saving.'),
+      reactivatePausedCopies: boolean('Whether to reactivate paused noisy copies after the instant rule is tuned.'),
+      fixtures: {
+        type: 'array',
+        items: { type: 'object', additionalProperties: true },
+        description: 'Optional seeded fixtures. Each may include kind attack/benign, label, path, method, requestBody, requestHeaders, and expectMatch.',
+      },
+      reviewNotificationId: string('Optional notification id tied to this review/tuning action.'),
+      reviewNote: string('Optional review note. Defaults to reason.'),
+      ...confirmSchema,
+    }, ['id', 'expectedRuleVersion', 'expectedCurrentInstantHash', 'confirm', 'reason']),
+  },
+  {
+    name: 'securenow_alert_rule_conditions_get',
+    title: 'Get Alert Rule Conditions',
+    description: 'Fetch instant rule conditions with rule version and hash guards for safe condition-level tuning.',
+    scope: 'alerts:read',
+    readOnly: true,
+    method: 'GET',
+    endpoint: '/alert-rules/:id/conditions',
+    pathParams: ['id'],
+    inputSchema: objectSchema({
+      id: string('Alert rule id.'),
+    }, ['id']),
+  },
+  {
+    name: 'securenow_alert_rule_condition_update',
+    title: 'Update Alert Rule Condition',
+    description: 'Patch instant alert-rule conditions with version/hash guards and seeded before/after tests. Compatibility alias for condition-level tuning.',
+    scope: 'alerts:write',
+    readOnly: false,
+    confirm: true,
+    method: 'PUT',
+    endpoint: '/alert-rules/:id/instant',
+    pathParams: ['id'],
+    bodyFields: [
+      'confirm',
+      'operations',
+      'conditions',
+      'enabled',
+      'source',
+      'matchMode',
+      'executionMode',
+      'expectedRuleVersion',
+      'expectedCurrentInstantHash',
+      'expectedCurrentRuleHash',
+      'applyGlobally',
+      'reactivatePausedCopies',
+      'fixtures',
+      'reviewNotificationId',
+      'reviewNote',
+      'reason',
+    ],
+    fixedBody: { auditSource: 'mcp' },
+    inputSchema: objectSchema({
+      id: string('Alert rule id. Fetch with securenow_alert_rule_conditions_get first to get ruleVersion and instantHash.'),
+      operations: {
+        type: 'array',
+        items: { type: 'object', additionalProperties: true },
+        description: 'Condition patch operations: add_condition, remove_condition, update_condition. Use zero-based index/conditionIndex for remove/update.',
+      },
+      conditions: {
+        type: 'array',
+        items: { type: 'object', additionalProperties: true },
+        description: 'Optional full replacement instant conditions array. Use operations for smaller patches.',
+      },
+      enabled: boolean('Whether instant detection is enabled.'),
+      source: string('Instant event source. Currently trace.'),
+      matchMode: string('Condition match mode: all or any.'),
+      executionMode: string('Rule execution mode: instant or hybrid when instant detection is enabled.'),
+      expectedRuleVersion: number('Required current reviewState.reviewVersion from securenow_alert_rule_conditions_get.', { minimum: 1 }),
+      expectedCurrentInstantHash: string('Required SHA-256 hash of the current instant config from securenow_alert_rule_conditions_get.'),
+      expectedCurrentRuleHash: string('Optional SHA-256 hash of the current instant/throttle/severity surface from securenow_alert_rule_conditions_get.'),
+      applyGlobally: boolean('Required true for system rules. Updates every customer copy of the system rule.'),
+      reactivatePausedCopies: boolean('Whether to reactivate paused noisy copies after the condition is tuned.'),
+      fixtures: {
+        type: 'array',
+        items: { type: 'object', additionalProperties: true },
+        description: 'Optional seeded fixtures. Each may include kind attack/benign, label, path, method, requestBody, requestHeaders, and expectMatch.',
+      },
+      reviewNotificationId: string('Optional notification id tied to this review/tuning action.'),
+      reviewNote: string('Optional review note. Defaults to reason.'),
+      ...confirmSchema,
+    }, ['id', 'expectedRuleVersion', 'expectedCurrentInstantHash', 'confirm', 'reason']),
+  },
+  {
+    name: 'securenow_alert_rule_condition_candidate_test',
+    title: 'Test Alert Rule Condition Candidate',
+    description: 'Dry-run a condition-level instant-rule patch without saving it, including seeded benign/attack fixture checks.',
+    scope: 'alerts:write',
+    readOnly: false,
+    confirm: true,
+    method: 'PUT',
+    endpoint: '/alert-rules/:id/instant',
+    pathParams: ['id'],
+    bodyFields: [
+      'confirm',
+      'operations',
+      'conditions',
+      'enabled',
+      'source',
+      'matchMode',
+      'executionMode',
+      'expectedRuleVersion',
+      'expectedCurrentInstantHash',
+      'expectedCurrentRuleHash',
+      'applyGlobally',
+      'fixtures',
+      'reviewNotificationId',
+      'reviewNote',
+      'reason',
+    ],
+    fixedBody: { auditSource: 'mcp', dryRun: true },
+    inputSchema: objectSchema({
+      id: string('Alert rule id. Fetch with securenow_alert_rule_conditions_get first to get ruleVersion and instantHash.'),
+      operations: {
+        type: 'array',
+        items: { type: 'object', additionalProperties: true },
+        description: 'Candidate condition operations to test.',
+      },
+      conditions: {
+        type: 'array',
+        items: { type: 'object', additionalProperties: true },
+        description: 'Optional full replacement instant conditions array to test.',
+      },
+      enabled: boolean('Whether instant detection would be enabled.'),
+      source: string('Instant event source. Currently trace.'),
+      matchMode: string('Condition match mode: all or any.'),
+      executionMode: string('Rule execution mode: instant or hybrid when instant detection is enabled.'),
+      expectedRuleVersion: number('Required current reviewState.reviewVersion from securenow_alert_rule_conditions_get.', { minimum: 1 }),
+      expectedCurrentInstantHash: string('Required SHA-256 hash of the current instant config from securenow_alert_rule_conditions_get.'),
+      expectedCurrentRuleHash: string('Optional SHA-256 hash of the current instant/throttle/severity surface from securenow_alert_rule_conditions_get.'),
+      applyGlobally: boolean('Required true for system rules, even for admin dry-runs.'),
+      fixtures: {
+        type: 'array',
+        items: { type: 'object', additionalProperties: true },
+        description: 'Optional seeded fixtures. Each may include kind attack/benign, label, path, method, requestBody, requestHeaders, and expectMatch.',
+      },
+      reviewNotificationId: string('Optional notification id tied to this review/tuning action.'),
+      reviewNote: string('Optional review note. Defaults to reason.'),
+      ...confirmSchema,
+    }, ['id', 'expectedRuleVersion', 'expectedCurrentInstantHash', 'confirm', 'reason']),
+  },
+  {
+    name: 'securenow_alert_rule_condition_diff',
+    title: 'Diff Alert Rule Condition Candidate',
+    description: 'Return the current instant conditions, candidate conditions, hashes, and before/after fixture behavior without saving.',
+    scope: 'alerts:write',
+    readOnly: false,
+    confirm: true,
+    method: 'PUT',
+    endpoint: '/alert-rules/:id/instant',
+    pathParams: ['id'],
+    bodyFields: [
+      'confirm',
+      'operations',
+      'conditions',
+      'enabled',
+      'source',
+      'matchMode',
+      'executionMode',
+      'expectedRuleVersion',
+      'expectedCurrentInstantHash',
+      'expectedCurrentRuleHash',
+      'applyGlobally',
+      'fixtures',
+      'reason',
+    ],
+    fixedBody: { auditSource: 'mcp', dryRun: true },
+    inputSchema: objectSchema({
+      id: string('Alert rule id. Fetch with securenow_alert_rule_conditions_get first to get ruleVersion and instantHash.'),
+      operations: {
+        type: 'array',
+        items: { type: 'object', additionalProperties: true },
+        description: 'Candidate condition operations to diff.',
+      },
+      conditions: {
+        type: 'array',
+        items: { type: 'object', additionalProperties: true },
+        description: 'Optional full replacement instant conditions array to diff.',
+      },
+      enabled: boolean('Whether instant detection would be enabled.'),
+      source: string('Instant event source. Currently trace.'),
+      matchMode: string('Condition match mode: all or any.'),
+      executionMode: string('Rule execution mode: instant or hybrid when instant detection is enabled.'),
+      expectedRuleVersion: number('Required current reviewState.reviewVersion from securenow_alert_rule_conditions_get.', { minimum: 1 }),
+      expectedCurrentInstantHash: string('Required SHA-256 hash of the current instant config from securenow_alert_rule_conditions_get.'),
+      expectedCurrentRuleHash: string('Optional SHA-256 hash of the current instant/throttle/severity surface from securenow_alert_rule_conditions_get.'),
+      applyGlobally: boolean('Required true for system rules, even for admin dry-runs.'),
+      fixtures: {
+        type: 'array',
+        items: { type: 'object', additionalProperties: true },
+        description: 'Optional seeded fixtures used to explain benign removals and attack coverage.',
+      },
+      ...confirmSchema,
+    }, ['id', 'expectedRuleVersion', 'expectedCurrentInstantHash', 'confirm', 'reason']),
+  },
   {
     name: 'securenow_alert_rule_test',
     title: 'Test Alert Rule',
@@ -1355,7 +1871,7 @@ const PROMPTS = [
   {
     name: 'investigate_human_action_row',
     title: 'Investigate Human Action Row',
-    description: 'Use MCP tools to deeply review one Requires Human row and either block the IP or mark a scoped false positive.',
+    description: 'Use MCP tools to deeply review one Requires Human row and reach a safe audited outcome.',
     arguments: [
       { name: 'rowNumber', description: '1-based row number from the Requires Human queue.', required: true },
       { name: 'page', description: 'Queue page number. Defaults to 1.', required: false },
@@ -1466,12 +1982,16 @@ function promptMessages(name, args = {}) {
             `Fetch page=${page}, limit=${limit} with securenow_human_actions_list, select row ${rowNumber}, then call securenow_notifications_get and securenow_human_action_report for that notificationId and IP.`,
             'Read the AI report, finalDecision, investigation steps, findings, proofs, metadata paths/user agents/status codes, and trace IDs.',
             'Open trace evidence with securenow_traces_show and correlated logs with securenow_logs_for_trace when trace IDs are available.',
-            'Return one clear outcome: Block IP, Rate Limit, False Positive, Rule Tuning Needed, or Ambiguous. If evidence is ambiguous, stop and explain what is missing.',
+            'Return one clear outcome: Block IP, Rate Limit, False Positive, Rule Tuning Applied/Needed, New Alert Rule Needed, Case Action Approved/Rejected, or Ambiguous/Skipped with exact missing proof.',
+            'A row can be finished without an enforcement write when no write is safe. In that case record or prepare a structured no-write decision report explaining the missing proof, missing permission, or vague guard.',
+            'If evidence is mixed, split the decision by IP/cluster. Block only proven malicious IPs, false-positive only exact benign shapes, rate-limit only route-specific volume abuse, and leave ambiguous members with missing proof.',
+            'If the right fix is global/system rule tuning and the MCP tool returns access denied, do not create customer-specific false positives. Prepare the exact attack-preserving guard/SQL, dry-run it if possible, and record outcome=rule_tuning with missingProof naming the missing permission.',
+            'If an AI proposed action says to use a shared benign shape but does not provide exact path/method/status/user-agent/body/header conditions, do not execute it. Record the missing guard fields instead.',
             'Use rate limiting only as temporary soft remediation for repeated route-specific abuse such as login brute force, credential stuffing, scraping/API bursts, enumeration, recon/probing, or repeated noisy payloads where risk/impact evidence is below the block threshold.',
             'Do not rate-limit instead of blocking when there is confirmed exploit success, token/data exposure, SSRF reachability, file read, RCE, persistence, malware/C2, or riskScore >= 85 with high-confidence malicious evidence. Do not rate-limit benign false positives, trusted monitors, app-server/proxy attribution problems, isolated one-off requests, or broad noisy rules that need alert tuning.',
             'Do not create or recommend IP Allowlist entries during investigations unless the user explicitly asks to lock the app/environment to a known set of IPs. For safe monitors, offices, VPNs, or false positives, use Trusted IPs or scoped false-positive exclusions instead.',
             confirmWrites
-              ? 'The user requested execution. If evidence supports the decision, call securenow_human_action_block, securenow_rate_limit_create_from_text plus securenow_human_action_decision_report_add(outcome=rate_limited), or securenow_human_action_false_positive with confirm:true, a precise reason, and a decisionReport containing summary, evidence, reviewedHistory, traceIds, and missingProof when relevant. If you skip/mark ambiguous but still need to record the audit trail, call securenow_human_action_decision_report_add.'
+              ? 'The user requested execution. If evidence supports the decision, call securenow_human_action_block, securenow_rate_limit_create_from_text plus securenow_human_action_decision_report_add(outcome=rate_limited), or securenow_human_action_false_positive with confirm:true, a precise reason, and a decisionReport containing summary, evidence, reviewedHistory, traceIds, and missingProof when relevant. If no enforcement write is safe, call securenow_human_action_decision_report_add with outcome=rule_tuning, new_alert_rule, ambiguous, skipped, or other so the audit trail is complete without changing IP status.'
               : 'Do not execute write tools yet. Prepare the recommended decision and exact tool call the user can approve.',
             'If many IPs share the same benign path/status/user-agent pattern, recommend tightening the alert rule with a precise guard instead of reviewing each IP as malicious.',
             'False positives must be narrow: app + alert rule + path + method/status/user-agent/body evidence where possible. Never globally trust an IP by default.',
@@ -1493,15 +2013,19 @@ function promptMessages(name, args = {}) {
             'Work my SecureNow Requires Human queue like a senior security analyst using the MCP tools.',
             `Review up to ${limit} row(s), most urgent first.${args.search ? ` Search filter: ${args.search}.` : ''}`,
             'Start with securenow_human_actions_list. For each row, call securenow_notifications_get and securenow_human_action_report, inspect the AI report/investigation steps/proofs/trace IDs, and fetch trace/log evidence where useful.',
-            'For each row choose exactly one outcome: Block IP, Rate Limit, False Positive, Rule Tuning Needed, or Skip because evidence is insufficient. Explain skipped rows.',
+            'For each row choose exactly one outcome: Block IP, Rate Limit, False Positive, Rule Tuning Applied/Needed, New Alert Rule Needed, Case Action Approved/Rejected, or Ambiguous/Skipped with exact missing proof.',
+            'Finished does not always mean enforcement changed. A row is also finished when a structured no-write decision report records the exact proof gap, missing permission, or vague guard and no weaker substitute write is used.',
+            'If a global/system rule update is the right fix but access is denied, do not mark customer-specific false positives just to clear the row. Prepare the exact attack-preserving guard/SQL, dry-run it when possible, and record outcome=rule_tuning with missingProof.',
+            'If evidence is mixed, do partial resolution: block proven malicious IPs, false-positive exact benign shapes, rate-limit route-specific volume abuse, and leave ambiguous IPs with their missing proof.',
+            'Reject vague AI proposed actions. If the prompt/action lacks concrete rule id, path, method, status, user-agent/body/header guard, benign samples, and attack examples that still match, record it as ambiguous or rule_tuning needed.',
             'Use Rate Limit only for repeated route-specific abuse where temporary friction is safer than blocking: login brute force/credential stuffing, password reset/account enumeration, scraping/API bursts, path or ID enumeration, recon/probing, or repeated noisy payloads without confirmed exploit success.',
             'Do not rate-limit confirmed high-risk attacks that should be blocked, benign traffic that should be false-positive scoped, broad noisy rules that need tuning, app-server/proxy attribution problems, or isolated one-off requests.',
             'Do not create or recommend IP Allowlist entries while working this queue unless the user explicitly approves deny-by-default allowlist mode for the whole app/environment. Use Trusted IPs for trusted/bypass cases.',
             confirmWrites
-              ? 'The user requested execution. For supported decisions, call the correct write tool with confirm:true, a precise reason, and a decisionReport containing summary, evidence, reviewedHistory, traceIds, and missingProof when relevant, then continue. For skipped/ambiguous/rule-tuning-needed rows that should be auditable without changing IP status, use securenow_human_action_decision_report_add.'
+              ? 'The user requested execution. For supported decisions, call the correct write tool with confirm:true, a precise reason, and a decisionReport containing summary, evidence, reviewedHistory, traceIds, and missingProof when relevant, then continue. For skipped/ambiguous/rule-tuning-needed/new-rule-needed rows that should be auditable without changing enforcement status, use securenow_human_action_decision_report_add or securenow_human_case_decision_report_add.'
               : 'Do not execute write tools yet. Produce a row-by-row action plan and exact MCP write calls for user approval.',
             'For block decisions, use securenow_human_action_block. For rate-limit decisions, use securenow_rate_limit_create_from_text and then securenow_human_action_decision_report_add with outcome=rate_limited. For false positives, use securenow_human_action_false_positive with restrictive conditions. For case-level tune_rule/create_exclusion rows, inspect securenow_notifications_get and then use securenow_human_case_action_update only when the action is safe to approve/reject.',
-            'End with counts: handled, proposed block, rate limits created/proposed, proposed false positive, rule tuning needed, skipped, still waiting.',
+            'End with counts: handled, blocked/proposed block, rate limits created/proposed, false positives, rule tuning/admin permission blockers with exact guard, partial resolutions, skipped with missing proof, and still waiting.',
           ].join('\n'),
         },
       },
@@ -1523,7 +2047,7 @@ function promptMessages(name, args = {}) {
             'Start with securenow_blocklist_stats, then securenow_blocklist_pending_list({ page: 1, limit, environment }).',
             'For each pending block, inspect id, IP, source, reason, metadata.riskScore, metadata.aiRiskScore, metadata.abuseConfidenceScore, automation rule, linked notification, age, app, and environment.',
             'When investigationNotificationId exists, fetch securenow_notifications_get for that case and use the linked IP report/history as evidence.',
-            'Approve only when the row has clear malicious evidence, riskScore >= 90, or SecureNow IPDB evidence score >= 80 with no false-positive/test signal.',
+            'Approve only when the row has clear malicious evidence, riskScore >= 90, or SecureNow AI IPDB evidence score >= 80 with no false-positive/test signal.',
             'Reject stale, ambiguous, synthetic/test, self-traffic, or false-positive rows. Prefer narrow rule/exclusion tuning when the same benign pattern repeats.',
             confirmWrites
               ? 'The user requested execution. Use securenow_blocklist_pending_approve or securenow_blocklist_pending_reject with confirm:true and a precise reason. Use bulk tools only after every selected row satisfies the same reviewed policy.'
@@ -1547,7 +2071,7 @@ function promptMessages(name, args = {}) {
           text: [
             'Configure SecureNow default automation using the MCP tools.',
             `Review environment context: ${environment}. Built-in defaults apply to all apps and all environments unless the customer narrows them later.`,
-            'Use one canonical product score for automation decisions: riskScore. SecureNow IPDB / AbuseIPDB score and AI confidence remain supporting evidence.',
+            'Use one canonical product score for automation decisions: riskScore. SecureNow AI IPDB score and AI confidence remain supporting evidence.',
             'Built-in defaults are active by default:',
             '- Critical Risk Auto-Block: riskScore>=95, TTL 168h.',
             '- High Risk Auto-Block: riskScore>=90 AND riskScore<95, TTL 72h.',
@@ -1619,7 +2143,7 @@ function buildApiRequest(tool, rawArgs = {}) {
     endpoint = endpoint.replace(`:${key}`, encodeURIComponent(String(args[key])));
   }
 
-  const query = {};
+  const query = { ...(tool.fixedQuery || {}) };
   for (const key of tool.queryFields || []) {
     let value = args[key];
     if (tool.normalize && typeof tool.normalize[key] === 'function') {