PyPI - cycode - Versions diffs - 3.13.0__py3-none-any.whl → 3.13.1.dev2__py3-none-any.whl - Mend

cycode 3.13.0py3-none-any.whl → 3.13.1.dev2py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

cycode/__init__.py +1 -1
cycode/cli/app.py +23 -0
cycode/cli/apps/ai_guardrails/__init__.py +12 -11
cycode/cli/apps/ai_guardrails/consts.py +3 -3
cycode/cli/apps/ai_guardrails/scan/claude_config.py +115 -0
cycode/cli/apps/ai_guardrails/scan/cursor_config.py +36 -0
cycode/cli/apps/ai_guardrails/scan/handlers.py +0 -3
cycode/cli/apps/ai_guardrails/scan/payload.py +3 -3
cycode/cli/apps/ai_guardrails/session_start_command.py +150 -0
cycode/cli/apps/api/__init__.py +69 -0
cycode/cli/apps/api/api_command.py +271 -0
cycode/cli/apps/api/openapi_spec.py +182 -0
cycode/cyclient/ai_security_manager_client.py +18 -0
{cycode-3.13.0.dist-info → cycode-3.13.1.dev2.dist-info}/METADATA +64 -2
{cycode-3.13.0.dist-info → cycode-3.13.1.dev2.dist-info}/RECORD +18 -14
cycode/cli/apps/ai_guardrails/ensure_auth_command.py +0 -21
{cycode-3.13.0.dist-info → cycode-3.13.1.dev2.dist-info}/WHEEL +0 -0
{cycode-3.13.0.dist-info → cycode-3.13.1.dev2.dist-info}/entry_points.txt +0 -0
{cycode-3.13.0.dist-info → cycode-3.13.1.dev2.dist-info}/licenses/LICENCE +0 -0

cycode/__init__.py CHANGED Viewed

	@@ -1 +1 @@
1	- __version__ = '3.13.0' # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
1	+ __version__ = '3.13.1.dev2' # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag

cycode/cli/app.py CHANGED Viewed

@@ -2,6 +2,7 @@ import logging
 import sys
 from typing import Annotated, Optional
+import click
 import typer
 from typer import rich_utils
 from typer._completion_classes import completion_init
@@ -10,6 +11,7 @@ from typer.completion import install_callback, show_callback
 from cycode import __version__
 from cycode.cli.apps import ai_guardrails, ai_remediation, auth, configure, ignore, report, report_import, scan, status
+from cycode.cli.apps.api import get_platform_group
 if sys.version_info >= (3, 10):
     from cycode.cli.apps import mcp
@@ -56,6 +58,27 @@ app.add_typer(status.app)
 if sys.version_info >= (3, 10):
     app.add_typer(mcp.app)
+# Register the `platform` command group (dynamically built from the OpenAPI spec).
+# The group itself is constructed cheaply at import time; the spec is only fetched
+# when the user actually invokes `cycode platform ...`. Unrelated commands like
+# `cycode scan` and `cycode status` never trigger a spec fetch.
+#
+# Typer doesn't support adding native Click groups directly, so we monkey-patch
+# typer.main.get_group to inject our `platform` group into the resolved Click group.
+# The `app_typer is app` guard ensures we only modify our own app.
+_platform_group = get_platform_group()
+_original_get_group = typer.main.get_group
+def _get_group_with_platform(app_typer: typer.Typer) -> click.Group:
+    group = _original_get_group(app_typer)
+    if app_typer is app and _platform_group.name not in group.commands:
+        group.add_command(_platform_group, _platform_group.name)
+    return group
+typer.main.get_group = _get_group_with_platform
 def check_latest_version_on_close(ctx: typer.Context) -> None:
     output = ctx.obj.get('output')

cycode/cli/apps/ai_guardrails/__init__.py CHANGED Viewed

@@ -1,23 +1,24 @@
 import typer
-from cycode.cli.apps.ai_guardrails.ensure_auth_command import ensure_auth_command
-from cycode.cli.apps.ai_guardrails.install_command import install_command
-from cycode.cli.apps.ai_guardrails.scan.scan_command import scan_command
-from cycode.cli.apps.ai_guardrails.status_command import status_command
-from cycode.cli.apps.ai_guardrails.uninstall_command import uninstall_command
+from cycode.cli.apps.ai_guardrails.install_command import install_command as _install_command
+from cycode.cli.apps.ai_guardrails.scan.scan_command import scan_command as _scan_command
+from cycode.cli.apps.ai_guardrails.session_start_command import session_start_command as _session_start_command
+from cycode.cli.apps.ai_guardrails.status_command import status_command as _status_command
+from cycode.cli.apps.ai_guardrails.uninstall_command import uninstall_command as _uninstall_command
 app = typer.Typer(name='ai-guardrails', no_args_is_help=True, hidden=True)
-app.command(hidden=True, name='install', short_help='Install AI guardrails hooks for supported IDEs.')(install_command)
+app.command(hidden=True, name='install', short_help='Install AI guardrails hooks for supported IDEs.')(_install_command)
 app.command(hidden=True, name='uninstall', short_help='Remove AI guardrails hooks from supported IDEs.')(
-    uninstall_command
+    _uninstall_command
 )
-app.command(hidden=True, name='status', short_help='Show AI guardrails hook installation status.')(status_command)
+app.command(hidden=True, name='status', short_help='Show AI guardrails hook installation status.')(_status_command)
 app.command(
     hidden=True,
     name='scan',
     short_help='Scan content from AI IDE hooks for secrets (reads JSON from stdin).',
-)(scan_command)
-app.command(hidden=True, name='ensure-auth', short_help='Ensure authentication, triggering auth if needed.')(
-    ensure_auth_command
+)(_scan_command)
+app.command(hidden=True, name='session-start', short_help='Handle session start: auth, conversation, session context.')(
+    _session_start_command
 )
+app.command(hidden=True, name='ensure-auth', short_help='[Deprecated] Alias for session-start.')(_session_start_command)

cycode/cli/apps/ai_guardrails/consts.py CHANGED Viewed

@@ -84,7 +84,7 @@ DEFAULT_IDE = AIIDEType.CURSOR
 # Command used in hooks
 CYCODE_SCAN_PROMPT_COMMAND = 'cycode ai-guardrails scan'
-CYCODE_ENSURE_AUTH_COMMAND = 'cycode ai-guardrails ensure-auth'
+CYCODE_SESSION_START_COMMAND = 'cycode ai-guardrails session-start'
 def _get_cursor_hooks_config(async_mode: bool = False) -> dict:
@@ -92,7 +92,7 @@ def _get_cursor_hooks_config(async_mode: bool = False) -> dict:
     config = IDE_CONFIGS[AIIDEType.CURSOR]
     command = f'{CYCODE_SCAN_PROMPT_COMMAND} &' if async_mode else CYCODE_SCAN_PROMPT_COMMAND
     hooks = {event: [{'command': command}] for event in config.hook_events}
-    hooks['sessionStart'] = [{'command': CYCODE_ENSURE_AUTH_COMMAND}]
+    hooks['sessionStart'] = [{'command': f'{CYCODE_SESSION_START_COMMAND} --ide cursor'}]
     return {
         'version': 1,
@@ -119,7 +119,7 @@ def _get_claude_code_hooks_config(async_mode: bool = False) -> dict:
             'SessionStart': [
                 {
                     'matcher': 'startup',
-                    'hooks': [{'type': 'command', 'command': CYCODE_ENSURE_AUTH_COMMAND}],
+                    'hooks': [{'type': 'command', 'command': f'{CYCODE_SESSION_START_COMMAND} --ide claude-code'}],
                 }
             ],
             'UserPromptSubmit': [

cycode/cli/apps/ai_guardrails/scan/claude_config.py CHANGED Viewed

@@ -13,6 +13,7 @@ from cycode.logger import get_logger
 logger = get_logger('AI Guardrails Claude Config')
 _CLAUDE_CONFIG_PATH = Path.home() / '.claude.json'
+_CLAUDE_SETTINGS_PATH = Path.home() / '.claude' / 'settings.json'
 def load_claude_config(config_path: Optional[Path] = None) -> Optional[dict]:
@@ -42,3 +43,117 @@ def get_user_email(config: dict) -> Optional[str]:
     Reads oauthAccount.emailAddress from the config dict.
     """
     return config.get('oauthAccount', {}).get('emailAddress')
+def get_mcp_servers(config: dict) -> Optional[dict]:
+    """Extract MCP servers from Claude config.
+    Reads mcpServers from the config dict.
+    """
+    return config.get('mcpServers')
+def load_claude_settings(settings_path: Optional[Path] = None) -> Optional[dict]:
+    """Load and parse ~/.claude/settings.json.
+    Args:
+        settings_path: Override path for testing. Defaults to ~/.claude/settings.json.
+    Returns:
+        Parsed dict or None if file is missing or invalid.
+    """
+    path = settings_path or _CLAUDE_SETTINGS_PATH
+    if not path.exists():
+        logger.debug('Claude settings file not found', extra={'path': str(path)})
+        return None
+    try:
+        content = path.read_text(encoding='utf-8')
+        return json.loads(content)
+    except Exception as e:
+        logger.debug('Failed to load Claude settings file', exc_info=e)
+        return None
+def _resolve_marketplace_path(marketplace: dict) -> Optional[Path]:
+    """
+    Resolve filesystem path for a directory-type marketplace.
+    """
+    source = marketplace.get('source', {})
+    if source.get('source') != 'directory':
+        return None
+    raw = source.get('path')
+    if not raw:
+        return None
+    path = Path(raw)
+    return path if path.is_dir() else None
+def _load_plugin_json_file(plugin_path: Path, relative_path: str) -> Optional[dict]:
+    """Load and parse a JSON file inside a plugin directory.
+    Returns None if the file is missing, unreadable, or has invalid JSON.
+    """
+    target = plugin_path / relative_path
+    if not target.exists():
+        return None
+    try:
+        return json.loads(target.read_text(encoding='utf-8'))
+    except Exception as e:
+        logger.debug('Failed to load plugin file', extra={'path': str(target)}, exc_info=e)
+        return None
+def resolve_plugins(settings: dict) -> tuple[dict, dict]:
+    """Resolve enabled plugins to their MCP servers and metadata.
+    Walks enabledPlugins from claude settings, resolves each plugin's 'marketplace' directory
+    via the 'extraKnownMarketplaces' field, and reads:
+      - <path>/.mcp.json for MCP servers (merged into a flat dict)
+      - <path>/.claude-plugin/plugin.json for metadata (name, version, description)
+    Args:
+        settings: Parsed ~/.claude/settings.json dict.
+    Returns:
+        Tuple of (merged_mcp_servers, enriched_plugins):
+          - merged_mcp_servers: {server_name: server_config, ...}
+          - enriched_plugins: {plugin_key: {"enabled": True, "name": ..., ...}, ...}
+    """
+    enabled = settings.get('enabledPlugins') or {}
+    marketplaces = settings.get('extraKnownMarketplaces') or {}
+    merged_mcp: dict = {}
+    enriched: dict = {}
+    for plugin_key, is_enabled in enabled.items():
+        if not is_enabled:
+            continue
+        entry: dict = {'enabled': True}
+        enriched[plugin_key] = entry
+        if '@' not in plugin_key:
+            continue
+        _plugin_name, marketplace_name = plugin_key.split('@', 1)
+        marketplace = marketplaces.get(marketplace_name)
+        if not marketplace:
+            continue
+        plugin_path = _resolve_marketplace_path(marketplace)
+        if plugin_path is None:
+            continue
+        metadata = _load_plugin_json_file(plugin_path, '.claude-plugin/plugin.json') or {}
+        for field in ('name', 'version', 'description'):
+            if field in metadata:
+                entry[field] = metadata[field]
+        mcp_config = _load_plugin_json_file(plugin_path, '.mcp.json') or {}
+        plugin_server_names = []
+        for server_name, server_cfg in (mcp_config.get('mcpServers') or {}).items():
+            merged_mcp[server_name] = server_cfg
+            plugin_server_names.append(server_name)
+        if plugin_server_names:
+            entry['mcp_server_names'] = plugin_server_names
+    return merged_mcp, enriched

cycode/cli/apps/ai_guardrails/scan/cursor_config.py ADDED Viewed

@@ -0,0 +1,36 @@
+"""Reader for ~/.cursor/mcp.json configuration file.
+Extracts MCP server definitions from the Cursor global config file
+for use in AI guardrails session-context reporting.
+"""
+import json
+from pathlib import Path
+from typing import Optional
+from cycode.logger import get_logger
+logger = get_logger('AI Guardrails Cursor Config')
+_CURSOR_MCP_CONFIG_PATH = Path.home() / '.cursor' / 'mcp.json'
+def load_cursor_config(config_path: Optional[Path] = None) -> Optional[dict]:
+    """Load and parse ~/.cursor/mcp.json.
+    Args:
+        config_path: Override path for testing. Defaults to ~/.cursor/mcp.json.
+    Returns:
+        Parsed dict or None if file is missing or invalid.
+    """
+    path = config_path or _CURSOR_MCP_CONFIG_PATH
+    if not path.exists():
+        logger.debug('Cursor MCP config file not found', extra={'path': str(path)})
+        return None
+    try:
+        content = path.read_text(encoding='utf-8')
+        return json.loads(content)
+    except Exception as e:
+        logger.debug('Failed to load Cursor MCP config file', exc_info=e)
+        return None

cycode/cli/apps/ai_guardrails/scan/handlers.py CHANGED Viewed

@@ -42,7 +42,6 @@ def handle_before_submit_prompt(ctx: typer.Context, payload: AIHookPayload, poli
     response_builder = get_response_builder(ide)
     prompt_config = get_policy_value(policy, 'prompt', default={})
-    ai_client.create_conversation(payload)
     if not get_policy_value(prompt_config, 'enabled', default=True):
         ai_client.create_event(payload, AiHookEventType.PROMPT, AIHookOutcome.ALLOWED)
         return response_builder.allow_prompt()
@@ -100,7 +99,6 @@ def handle_before_read_file(ctx: typer.Context, payload: AIHookPayload, policy:
     response_builder = get_response_builder(ide)
     file_read_config = get_policy_value(policy, 'file_read', default={})
-    ai_client.create_conversation(payload)
     if not get_policy_value(file_read_config, 'enabled', default=True):
         ai_client.create_event(payload, AiHookEventType.FILE_READ, AIHookOutcome.ALLOWED)
         return response_builder.allow_permission()
@@ -203,7 +201,6 @@ def handle_before_mcp_execution(ctx: typer.Context, payload: AIHookPayload, poli
     response_builder = get_response_builder(ide)
     mcp_config = get_policy_value(policy, 'mcp', default={})
-    ai_client.create_conversation(payload)
     if not get_policy_value(mcp_config, 'enabled', default=True):
         ai_client.create_event(payload, AiHookEventType.MCP_EXECUTION, AIHookOutcome.ALLOWED)
         return response_builder.allow_permission()

cycode/cli/apps/ai_guardrails/scan/payload.py CHANGED Viewed

@@ -71,7 +71,7 @@ def _extract_generation_id(entry: dict) -> Optional[str]:
     return None
-def _extract_from_claude_transcript(
+def extract_from_claude_transcript(
     transcript_path: str,
 ) -> tuple[Optional[str], Optional[str], Optional[str]]:
     """Extract IDE version, model, and latest generation ID from Claude Code transcript file.
@@ -123,7 +123,7 @@ class AIHookPayload:
     """Unified payload object that normalizes field names from different AI tools."""
     # Event identification
-    event_name: str  # Canonical event type (e.g., 'prompt', 'file_read', 'mcp_execution')
+    event_name: Optional[str] = None  # Canonical event type (e.g., 'prompt', 'file_read', 'mcp_execution')
     conversation_id: Optional[str] = None
     generation_id: Optional[str] = None
@@ -206,7 +206,7 @@ class AIHookPayload:
                 mcp_tool_name = parts[2]
         # Extract IDE version, model, and generation ID from transcript file
-        ide_version, model, generation_id = _extract_from_claude_transcript(payload.get('transcript_path'))
+        ide_version, model, generation_id = extract_from_claude_transcript(payload.get('transcript_path'))
         # Extract user email from ~/.claude.json
         claude_config = load_claude_config()

cycode/cli/apps/ai_guardrails/session_start_command.py ADDED Viewed

@@ -0,0 +1,150 @@
+import sys
+from typing import TYPE_CHECKING, Annotated
+import typer
+from cycode.cli.apps.ai_guardrails.consts import AIIDEType
+from cycode.cli.apps.ai_guardrails.scan.claude_config import (
+    get_mcp_servers,
+    get_user_email,
+    load_claude_config,
+    load_claude_settings,
+    resolve_plugins,
+)
+from cycode.cli.apps.ai_guardrails.scan.cursor_config import load_cursor_config
+from cycode.cli.apps.ai_guardrails.scan.payload import AIHookPayload, extract_from_claude_transcript
+from cycode.cli.apps.ai_guardrails.scan.utils import safe_json_parse
+from cycode.cli.apps.auth.auth_common import get_authorization_info
+from cycode.cli.apps.auth.auth_manager import AuthManager
+from cycode.cli.exceptions.handle_auth_errors import handle_auth_exception
+from cycode.cli.utils.get_api_client import get_ai_security_manager_client
+from cycode.logger import get_logger
+if TYPE_CHECKING:
+    from cycode.cyclient.ai_security_manager_client import AISecurityManagerClient
+logger = get_logger('AI Guardrails')
+def _build_session_payload(payload: dict, ide: str) -> AIHookPayload:
+    """Build an AIHookPayload from a session-start stdin payload."""
+    if ide == AIIDEType.CLAUDE_CODE:
+        claude_config = load_claude_config()
+        ide_user_email = get_user_email(claude_config) if claude_config else None
+        ide_version, _, _ = extract_from_claude_transcript(payload.get('transcript_path'))
+        return AIHookPayload(
+            conversation_id=payload.get('session_id'),
+            ide_user_email=ide_user_email,
+            model=payload.get('model'),
+            ide_provider=AIIDEType.CLAUDE_CODE.value,
+            ide_version=ide_version,
+        )
+    # Cursor
+    return AIHookPayload(
+        conversation_id=payload.get('conversation_id'),
+        ide_user_email=payload.get('user_email'),
+        model=payload.get('model'),
+        ide_provider=AIIDEType.CURSOR.value,
+        ide_version=payload.get('cursor_version'),
+    )
+def _get_claude_code_session_context() -> tuple[dict, dict]:
+    """Return (mcp_servers, enabled_plugins) for Claude Code.
+    Merges MCP servers from ~/.claude.json (user-configured) with those contributed
+    by enabled plugins. Plugin metadata (name, version, description) is included in
+    the enabled_plugins dict when resolvable.
+    """
+    config = load_claude_config()
+    mcp_servers = dict(get_mcp_servers(config) or {}) if config else {}
+    settings = load_claude_settings()
+    if settings:
+        plugin_mcp, enriched_plugins = resolve_plugins(settings)
+        mcp_servers.update(plugin_mcp)
+    else:
+        enriched_plugins = {}
+    return mcp_servers, enriched_plugins
+def _get_cursor_session_context() -> tuple[dict, dict]:
+    """Return (mcp_servers, enabled_plugins) for Cursor. Cursor has no plugin system."""
+    config = load_cursor_config()
+    mcp_servers = dict(get_mcp_servers(config) or {}) if config else {}
+    return mcp_servers, {}
+def _report_session_context(ai_client: 'AISecurityManagerClient', ide: str) -> None:
+    """Report IDE session context to the AI security manager. Never raises."""
+    try:
+        if ide == AIIDEType.CLAUDE_CODE:
+            mcp_servers, enabled_plugins = _get_claude_code_session_context()
+        elif ide == AIIDEType.CURSOR:
+            mcp_servers, enabled_plugins = _get_cursor_session_context()
+        else:
+            return
+        if not mcp_servers and not enabled_plugins:
+            return
+        ai_client.report_session_context(mcp_servers=mcp_servers, enabled_plugins=enabled_plugins)
+    except Exception as e:
+        logger.debug('Failed to report session context', exc_info=e)
+def session_start_command(
+    ctx: typer.Context,
+    ide: Annotated[
+        str,
+        typer.Option(
+            '--ide',
+            help='IDE that triggered the session start.',
+            hidden=True,
+        ),
+    ] = AIIDEType.CURSOR.value,
+) -> None:
+    """Handle session start: ensure auth, create conversation, report session context."""
+    # Step 1: Ensure authentication
+    auth_info = get_authorization_info(ctx)
+    if auth_info is None:
+        logger.debug('Not authenticated, starting authentication')
+        try:
+            auth_manager = AuthManager()
+            auth_manager.authenticate()
+        except Exception as err:
+            handle_auth_exception(ctx, err)
+            return
+    else:
+        logger.debug('Already authenticated')
+    # Step 2: Read stdin payload (backward compat: old hooks pipe no stdin)
+    if sys.stdin.isatty():
+        logger.debug('No stdin payload (TTY), skipping session initialization')
+        return
+    stdin_data = sys.stdin.read().strip()
+    payload = safe_json_parse(stdin_data)
+    if not payload:
+        logger.debug('Empty or invalid stdin payload, skipping session initialization')
+        return
+    # Step 3: Build session payload and initialize API client
+    session_payload = _build_session_payload(payload, ide)
+    try:
+        ai_client = get_ai_security_manager_client(ctx)
+    except Exception as e:
+        logger.debug('Failed to initialize AI security client', exc_info=e)
+        return
+    # Step 4: Create conversation
+    try:
+        ai_client.create_conversation(session_payload)
+    except Exception as e:
+        logger.debug('Failed to create conversation during session start', exc_info=e)
+    # Step 5: Report session context (MCP servers)
+    _report_session_context(ai_client, ide)

cycode/cli/apps/api/__init__.py ADDED Viewed

@@ -0,0 +1,69 @@
+"""Cycode platform API CLI commands.
+Dynamically builds CLI command groups from the Cycode API v4 OpenAPI spec.
+The spec is fetched lazily — only when the user invokes `cycode platform ...` —
+and cached locally for 24 hours.
+"""
+from typing import Any, Optional
+import click
+from cycode.logger import get_logger
+logger = get_logger('Platform')
+_PLATFORM_HELP = (
+    '[BETA] Access the Cycode platform.\n\n'
+    'Commands are generated dynamically from the Cycode API spec and may change '
+    'between releases. The spec is fetched on first use and cached for 24 hours.'
+)
+class PlatformGroup(click.Group):
+    """Lazy-loading Click group for `cycode platform` subcommands.
+    The OpenAPI spec is only fetched when the user actually invokes
+    `cycode platform ...` (or asks for its help). Unrelated commands like
+    `cycode scan` or `cycode status` never trigger a spec fetch.
+    """
+    def __init__(self, *args: Any, **kwargs: Any) -> None:
+        super().__init__(*args, **kwargs)
+        self._loaded: bool = False
+    def _ensure_loaded(self, ctx: Optional[click.Context]) -> None:
+        if self._loaded:
+            return
+        self._loaded = True  # set first to avoid re-entrancy on errors
+        client_id = client_secret = None
+        if ctx is not None:
+            root = ctx.find_root()
+            if root.obj:
+                client_id = root.obj.get('client_id')
+                client_secret = root.obj.get('client_secret')
+        try:
+            from cycode.cli.apps.api.api_command import build_api_command_groups
+            for sub_group, name in build_api_command_groups(client_id, client_secret):
+                if name not in self.commands:
+                    self.add_command(sub_group, name)
+        except Exception as e:
+            logger.debug('Could not load platform commands: %s', e)
+            # Surface the error to the user only when they're inside `platform`
+            click.echo(f'Error loading Cycode platform commands: {e}', err=True)
+    def list_commands(self, ctx: click.Context) -> list[str]:
+        self._ensure_loaded(ctx)
+        return super().list_commands(ctx)
+    def get_command(self, ctx: click.Context, cmd_name: str) -> Optional[click.Command]:
+        self._ensure_loaded(ctx)
+        return super().get_command(ctx, cmd_name)
+def get_platform_group() -> click.Group:
+    """Return the top-level `platform` Click group (lazy-loading)."""
+    return PlatformGroup(name='platform', help=_PLATFORM_HELP, no_args_is_help=True)

cycode/cli/apps/api/api_command.py ADDED Viewed

@@ -0,0 +1,271 @@
+"""OpenAPI-to-Typer translator: dynamically builds CLI commands from the Cycode API v4 spec."""
+import json
+import re
+from typing import Any, Optional
+import click
+from cycode.cli.apps.api.openapi_spec import OpenAPISpecError, get_openapi_spec, parse_spec_commands
+from cycode.logger import get_logger
+logger = get_logger('API Command')
+# Map OpenAPI parameter types to Click types
+_CLICK_TYPE_MAP: dict[str, click.ParamType] = {
+    'string': click.STRING,
+    'integer': click.INT,
+    'number': click.FLOAT,
+    'boolean': click.BOOL,
+}
+def _normalize_tag(tag: str) -> str:
+    """Normalize an OpenAPI tag to a CLI-friendly command name.
+    'Scan Statistics' -> 'scan-statistics'
+    'CLI scan statistics' -> 'cli-scan-statistics'
+    """
+    return re.sub(r'[^a-z0-9]+', '-', tag.lower()).strip('-')
+def _find_common_prefix(paths: list[str]) -> str:
+    """Find the longest common path prefix shared by all paths."""
+    if not paths:
+        return ''
+    if len(paths) == 1:
+        # For single-path tags, use the parent directory as prefix
+        return '/'.join(paths[0].split('/')[:-1])
+    common = paths[0]
+    for p in paths[1:]:
+        while not p.startswith(common + '/') and common != p:
+            common = '/'.join(common.split('/')[:-1])
+    return common
+def _path_to_command_name(path: str, common_prefix: str, has_path_params: bool) -> str:
+    """Derive a CLI command name from an API path relative to the tag's common prefix.
+    Rules:
+    1. Strip the common prefix shared by all endpoints in the tag
+    2. Remove path parameter segments ({id})
+    3. If nothing remains: 'list' (no path params) or 'view' (has path params)
+    4. Otherwise: use remaining segments joined with hyphens
+    Examples:
+        /v4/projects          (prefix=/v4/projects)  -> list
+        /v4/projects/{id}     (prefix=/v4/projects)  -> view
+        /v4/projects/assets   (prefix=/v4/projects)  -> assets
+        /v4/violations/count  (prefix=/v4/violations) -> count
+    """
+    # Strip common prefix
+    relative = path[len(common_prefix) :] if path.startswith(common_prefix) else path
+    relative = relative.strip('/')
+    # Remove path parameter segments and empty parts
+    parts = [p for p in relative.split('/') if p and not p.startswith('{')]
+    if not parts:
+        return 'view' if has_path_params else 'list'
+    # Join remaining segments with hyphens, normalize to kebab-case
+    return re.sub(r'[^a-z0-9]+', '-', '-'.join(parts).lower()).strip('-')
+def _param_to_option_name(name: str) -> str:
+    """Convert an OpenAPI parameter name to a CLI option name.
+    'page_size' -> '--page-size'
+    'pageSize' -> '--page-size'
+    'filter.status' -> '--filter-status'
+    """
+    s = re.sub(r'([a-z])([A-Z])', r'\1-\2', name)
+    # Replace any non-alphanumeric characters with hyphens
+    s = re.sub(r'[^a-z0-9]+', '-', s.lower()).strip('-')
+    return f'--{s}'
+def _make_api_request(
+    endpoint_path: str,
+    method: str,
+    path_params: dict[str, str],
+    query_params: dict[str, Any],
+    client_id: Optional[str] = None,
+    client_secret: Optional[str] = None,
+) -> dict:
+    """Execute an API request using the CLI's standard auth client."""
+    from urllib.parse import quote
+    from cycode.cli.apps.api.openapi_spec import resolve_credentials
+    from cycode.cyclient.cycode_token_based_client import CycodeTokenBasedClient
+    cid, csecret = resolve_credentials(client_id, client_secret)
+    client = CycodeTokenBasedClient(cid, csecret)
+    # Substitute path parameters (URL-encoded to prevent path traversal)
+    url_path = endpoint_path
+    for param_name, param_value in path_params.items():
+        url_path = url_path.replace(f'{{{param_name}}}', quote(str(param_value), safe=''))
+    filtered_query = {k: v for k, v in query_params.items() if v is not None}
+    response = client.get(url_path.lstrip('/'), params=filtered_query)
+    return response.json()
+def build_api_command_groups(
+    client_id: Optional[str] = None,
+    client_secret: Optional[str] = None,
+) -> list[tuple[click.Group, str]]:
+    """Build Click command groups from the OpenAPI spec.
+    Returns a list of (click_group, command_name) tuples.
+    """
+    try:
+        spec = get_openapi_spec(client_id, client_secret)
+    except OpenAPISpecError as e:
+        logger.warning('Could not load OpenAPI spec: %s', e)
+        return []
+    groups = parse_spec_commands(spec)
+    result = []
+    for tag, endpoints in groups.items():
+        tag_name = _normalize_tag(tag)
+        group = click.Group(name=tag_name, help=f'[BETA] {tag}')
+        # Compute common prefix from all GET (non-deprecated) endpoint paths in this tag
+        get_endpoints = [ep for ep in endpoints if ep['method'] == 'get' and not ep.get('deprecated')]
+        if not get_endpoints:
+            continue
+        clean_paths = [re.sub(r'/\{[^}]+\}', '', ep['path']) for ep in get_endpoints]
+        common_prefix = _find_common_prefix(clean_paths)
+        used_names: dict[str, int] = {}
+        for endpoint in get_endpoints:
+            has_path_params = bool(endpoint['path_params'])
+            cmd_name = _path_to_command_name(endpoint['path'], common_prefix, has_path_params)
+            # Fix redundancy: if command name matches the tag name, use list/view
+            # e.g. "cycode groups groups" -> "cycode groups list"
+            if cmd_name == tag_name:
+                cmd_name = 'view' if has_path_params else 'list'
+            # Handle duplicate names (e.g. deprecated + new endpoint for same resource)
+            if cmd_name in used_names:
+                used_names[cmd_name] += 1
+                cmd_name = f'{cmd_name}-v{used_names[cmd_name]}'
+            else:
+                used_names[cmd_name] = 1
+            cmd = _build_endpoint_command(cmd_name, endpoint)
+            group.add_command(cmd, cmd_name)
+        result.append((group, tag_name))
+    return result
+def _build_click_params(endpoint: dict) -> list[click.Parameter]:
+    """Build Click parameters from OpenAPI endpoint definition."""
+    params: list[click.Parameter] = []
+    # Path parameters -> required arguments
+    for p in endpoint['path_params']:
+        param_type = _CLICK_TYPE_MAP.get(p.get('schema', {}).get('type', 'string'), click.STRING)
+        params.append(
+            click.Argument(
+                [p['name'].replace('-', '_')],
+                type=param_type,
+                required=True,
+            )
+        )
+    # Query parameters -> --option flags
+    for p in endpoint['query_params']:
+        param_type = _CLICK_TYPE_MAP.get(p.get('schema', {}).get('type', 'string'), click.STRING)
+        option_name = _param_to_option_name(p['name'])
+        required = p.get('required', False)
+        default = p.get('schema', {}).get('default')
+        schema = p.get('schema', {})
+        if 'enum' in schema:
+            param_type = click.Choice(schema['enum'])
+        params.append(
+            click.Option(
+                [option_name],
+                type=param_type,
+                required=required,
+                default=default,
+                help=p.get('description', ''),
+                show_default=default is not None,
+            )
+        )
+    return params
+def _build_endpoint_command(cmd_name: str, endpoint: dict) -> click.Command:
+    """Build a Click command for an API endpoint.
+    Path parameters become required CLI arguments.
+    Query parameters become --option flags with proper types.
+    """
+    ep_path = endpoint['path']
+    ep_method = endpoint['method']
+    ep_path_params = list(endpoint['path_params'])
+    ep_query_params = list(endpoint['query_params'])
+    ep_description = endpoint['description'] or endpoint['summary']
+    # Build a mapping from Click's normalized kwarg name to original OpenAPI param name
+    _path_param_map = {p['name'].replace('-', '_').lower(): p['name'] for p in ep_path_params}
+    _query_param_map = {re.sub(r'[^a-z0-9]+', '_', p['name'].lower()).strip('_'): p['name'] for p in ep_query_params}
+    def _callback(**kwargs: Any) -> None:
+        ctx = click.get_current_context()
+        # Extract path param values using the mapping
+        path_values = {}
+        for kwarg_key, original_name in _path_param_map.items():
+            if kwarg_key in kwargs and kwargs[kwarg_key] is not None:
+                path_values[original_name] = kwargs[kwarg_key]
+        # Extract query param values (skip None)
+        query_values = {}
+        for kwarg_key, original_name in _query_param_map.items():
+            value = kwargs.get(kwarg_key)
+            if value is not None:
+                query_values[original_name] = value
+        # Get auth from root context (set by app_callback)
+        root_ctx = ctx.find_root()
+        client_id = root_ctx.obj.get('client_id') if root_ctx.obj else None
+        client_secret = root_ctx.obj.get('client_secret') if root_ctx.obj else None
+        try:
+            result = _make_api_request(
+                ep_path,
+                ep_method,
+                path_values,
+                query_values,
+                client_id=client_id,
+                client_secret=client_secret,
+            )
+        except Exception as e:
+            click.echo(f'Error: {e}', err=True)
+            raise click.Abort from e
+        click.echo(json.dumps(result, indent=2))
+    return click.Command(
+        name=cmd_name,
+        callback=_callback,
+        help=ep_description,
+        short_help=endpoint['summary'],
+        params=_build_click_params(endpoint),
+    )

cycode/cli/apps/api/openapi_spec.py ADDED Viewed

@@ -0,0 +1,182 @@
+"""OpenAPI spec manager: fetch, cache, and parse the Cycode API v4 spec."""
+import json
+import os
+import time
+from pathlib import Path
+from typing import Optional
+from cycode.cli.consts import CYCODE_CONFIGURATION_DIRECTORY
+from cycode.cli.user_settings.credentials_manager import CredentialsManager
+from cycode.cyclient import config as cyclient_config
+from cycode.logger import get_logger
+logger = get_logger('OpenAPI Spec')
+_CACHE_DIR = Path.home() / CYCODE_CONFIGURATION_DIRECTORY
+_CACHE_FILE = _CACHE_DIR / 'openapi-spec.json'
+_CACHE_TTL_SECONDS = int(os.getenv('CYCODE_SPEC_CACHE_TTL', str(24 * 60 * 60)))  # 24h default
+_OPENAPI_SPEC_PATH = '/v4/api-docs/cycode-api-swagger.json'
+def get_openapi_spec(client_id: Optional[str] = None, client_secret: Optional[str] = None) -> dict:
+    """Get the OpenAPI spec, using cache if fresh, otherwise fetching from API.
+    The spec is only fetched when the user actually invokes `cycode platform ...`.
+    Fetch uses the HTTP client's default timeout; on a slow connection the first
+    invocation will block accordingly. Once cached, subsequent invocations within
+    the TTL are near-instant.
+    Args:
+        client_id: Optional client ID override (from CLI flags).
+        client_secret: Optional client secret override (from CLI flags).
+    Returns:
+        Parsed OpenAPI specification dictionary.
+    Raises:
+        OpenAPISpecError: If spec cannot be loaded from cache or API.
+    """
+    cached = _load_cached_spec()
+    if cached is not None:
+        return cached
+    return _fetch_and_cache_spec(client_id, client_secret)
+def _load_cached_spec() -> Optional[dict]:
+    """Load spec from local cache if it exists and is fresh."""
+    if not _CACHE_FILE.exists():
+        return None
+    try:
+        mtime = _CACHE_FILE.stat().st_mtime
+        if time.time() - mtime > _CACHE_TTL_SECONDS:
+            logger.debug('Cached OpenAPI spec is stale (age > %ds)', _CACHE_TTL_SECONDS)
+            return None
+        spec = json.loads(_CACHE_FILE.read_text(encoding='utf-8'))
+        logger.debug('Using cached OpenAPI spec from %s', _CACHE_FILE)
+        return spec
+    except Exception as e:
+        logger.warning('Failed to load cached OpenAPI spec: %s', e)
+        return None
+def resolve_credentials(client_id: Optional[str] = None, client_secret: Optional[str] = None) -> tuple[str, str]:
+    """Resolve credentials from args or the CLI's standard credential chain."""
+    if not client_id or not client_secret:
+        credentials_manager = CredentialsManager()
+        cred_id, cred_secret = credentials_manager.get_credentials()
+        client_id = client_id or cred_id
+        client_secret = client_secret or cred_secret
+    if not client_id or not client_secret:
+        raise OpenAPISpecError(
+            'Cycode credentials not found. Run `cycode auth` first, '
+            'or set CYCODE_CLIENT_ID and CYCODE_CLIENT_SECRET environment variables.'
+        )
+    return client_id, client_secret
+def _fetch_and_cache_spec(client_id: Optional[str] = None, client_secret: Optional[str] = None) -> dict:
+    """Fetch OpenAPI spec from API and cache to disk.
+    Uses CycodeTokenBasedClient for auth and retries. The spec is served from the app URL,
+    so we create a client with app_url as base instead of the default api_url.
+    """
+    from cycode.cyclient.cycode_token_based_client import CycodeTokenBasedClient
+    cid, csecret = resolve_credentials(client_id, client_secret)
+    # The spec is served from app.cycode.com, but token refresh POSTs to api.cycode.com.
+    # Ensure the token is fresh BEFORE overriding the base URL so that refresh
+    # targets the correct host.
+    client = CycodeTokenBasedClient(cid, csecret)
+    client.get_access_token()
+    client.api_url = cyclient_config.cycode_app_url
+    spec_path = _OPENAPI_SPEC_PATH.lstrip('/')
+    logger.info('Fetching OpenAPI spec from %s/%s', cyclient_config.cycode_app_url, spec_path)
+    try:
+        response = client.get(spec_path)
+        spec = response.json()
+    except Exception as e:
+        raise OpenAPISpecError(
+            f'Failed to fetch OpenAPI spec. Check your authentication and network connectivity. Error: {e}'
+        ) from e
+    if not isinstance(spec, dict) or 'paths' not in spec:
+        raise OpenAPISpecError('Response does not look like a valid OpenAPI spec (missing "paths" key).')
+    # Override server URL with API URL (supports on-premise installations)
+    spec['servers'] = [{'url': cyclient_config.cycode_api_url}]
+    # Cache to disk
+    _cache_spec(spec)
+    return spec
+def _cache_spec(spec: dict) -> None:
+    """Write spec to local cache file atomically (write to temp file, then rename)."""
+    try:
+        _CACHE_DIR.mkdir(parents=True, exist_ok=True)
+        tmp_file = _CACHE_FILE.with_suffix('.json.tmp')
+        tmp_file.write_text(json.dumps(spec), encoding='utf-8')
+        tmp_file.replace(_CACHE_FILE)  # atomic on POSIX and Windows
+        logger.debug('Cached OpenAPI spec to %s', _CACHE_FILE)
+    except Exception as e:
+        logger.warning('Failed to cache OpenAPI spec: %s', e)
+def parse_spec_commands(spec: dict) -> dict[str, list[dict]]:
+    """Parse OpenAPI spec into resource groups with their endpoints.
+    Groups endpoints by their first tag, returning a dict of:
+    {tag_name: [endpoint_info, ...]}
+    Each endpoint_info contains:
+    - path: API path (e.g., '/v4/projects/{projectId}')
+    - method: HTTP method (e.g., 'get')
+    - summary: Human-readable summary
+    - description: Detailed description
+    - operation_id: Unique operation ID
+    - path_params: List of path parameter definitions
+    - query_params: List of query parameter definitions
+    """
+    groups: dict[str, list[dict]] = {}
+    for path, methods in spec.get('paths', {}).items():
+        for method, details in methods.items():
+            tags = details.get('tags', ['other'])
+            tag = tags[0] if tags else 'other'
+            # Separate path and query parameters
+            parameters = details.get('parameters', [])
+            path_params = [p for p in parameters if p.get('in') == 'path']
+            query_params = [p for p in parameters if p.get('in') == 'query']
+            endpoint_info = {
+                'path': path,
+                'method': method,
+                'summary': details.get('summary', ''),
+                'description': details.get('description', ''),
+                'operation_id': details.get('operationId', ''),
+                'path_params': path_params,
+                'query_params': query_params,
+                'deprecated': details.get('deprecated', False),
+            }
+            if tag not in groups:
+                groups[tag] = []
+            groups[tag].append(endpoint_info)
+    return groups
+class OpenAPISpecError(Exception):
+    """Raised when the OpenAPI spec cannot be loaded."""

cycode/cyclient/ai_security_manager_client.py CHANGED Viewed

@@ -17,6 +17,7 @@ class AISecurityManagerClient:
     _CONVERSATIONS_PATH = 'v4/ai-security/interactions/conversations'
     _EVENTS_PATH = 'v4/ai-security/interactions/events'
+    _SESSION_CONTEXT_PATH = 'v4/ai-security/interactions/session-context'
     def __init__(self, client: CycodeClientBase, service_config: 'AISecurityManagerServiceConfigBase') -> None:
         self.client = client
@@ -88,3 +89,20 @@ class AISecurityManagerClient:
         except Exception as e:
             logger.debug('Failed to create AI hook event', exc_info=e)
             # Don't fail the hook if tracking fails
+    def report_session_context(
+        self,
+        mcp_servers: Optional[dict] = None,
+        enabled_plugins: Optional[dict] = None,
+    ) -> None:
+        """Report session context to the backend."""
+        body: dict = {
+            'mcp_servers': mcp_servers,
+            'enabled_plugins': enabled_plugins,
+        }
+        try:
+            self.client.post(self._build_endpoint_path(self._SESSION_CONTEXT_PATH), body=body)
+        except Exception as e:
+            logger.debug('Failed to report session context', exc_info=e)
+            # Don't fail the session if reporting fails

{cycode-3.13.0.dist-info → cycode-3.13.1.dev2.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cycode
-Version: 3.13.0
+Version: 3.13.1.dev2
 Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
 License-Expression: MIT
 License-File: LICENCE
@@ -62,7 +62,11 @@ This guide walks you through both installation and usage.
     2. [Available Options](#available-options)
     3. [MCP Tools](#mcp-tools)
     4. [Usage Examples](#usage-examples)
-5. [Scan Command](#scan-command)
+5. [Platform Command](#platform-command-beta)
+    1. [Discovering Commands](#discovering-commands)
+    2. [Examples](#platform-examples)
+    3. [Notes & Limitations](#platform-notes--limitations)
+6. [Scan Command](#scan-command)
     1. [Running a Scan](#running-a-scan)
         1. [Options](#options)
            1. [Severity Threshold](#severity-option)
@@ -646,6 +650,64 @@ This information can be helpful when:
 - Debugging transport-specific issues
+# Platform Command \[BETA\]
+> [!WARNING]
+> The `platform` command is in **beta**. Commands, arguments, and output formats are generated dynamically from the Cycode API spec and may change between releases without notice. Do not rely on them in production automation yet.
+The `cycode platform` command exposes the Cycode platform's read APIs as CLI commands. It groups endpoints by resource (e.g. `projects`, `violations`, `workflows`) and turns each endpoint's parameters into typed CLI arguments and `--option` flags.
+```bash
+cycode platform projects list --page-size 50
+cycode platform violations count
+cycode platform workflows view <workflow-id>
+```
+The OpenAPI spec is fetched from the Cycode API on first use and cached at `~/.cycode/openapi-spec.json` for 24 hours. Unrelated commands (`cycode scan`, `cycode status`, etc.) do not trigger a fetch.
+> [!NOTE]
+> You must be authenticated (`cycode auth` or `CYCODE_CLIENT_ID` / `CYCODE_CLIENT_SECRET` environment variables) for `cycode platform` to discover and run commands. Other Cycode CLI commands work without authentication.
+## Discovering Commands
+Because commands are generated from the spec, the source of truth for what's available is `--help`:
+```bash
+cycode platform --help                  # list all resource groups
+cycode platform projects --help         # list actions on a resource
+cycode platform projects list --help    # list options/arguments for an action
+```
+## Platform Examples
+```bash
+# List projects with pagination
+cycode platform projects list --page-size 25
+# View a single project by ID
+cycode platform projects view <project-id>
+# Count violations across the tenant
+cycode platform violations count
+# Filter using query parameters (see `--help` for what each endpoint supports)
+cycode platform violations list --severity CRITICAL
+```
+All output is JSON by default — pipe it through `jq` for ad-hoc filtering:
+```bash
+cycode platform projects list --page-size 100 | jq '.items[].name'
+```
+## Platform Notes & Limitations
+- **Read-only today.** Only `GET` endpoints are exposed in this beta.
+- **Spec-driven.** Adding a new endpoint to the API surfaces it automatically the next time the cache is refreshed.
+- **No bundled spec.** The first `cycode platform` invocation after install (or after the 24h cache expires) performs a network fetch. On slow connections this first call may take a few seconds; subsequent calls are near-instant until the cache expires.
+- **Override the cache TTL** with `CYCODE_SPEC_CACHE_TTL=<seconds>`.
 # Scan Command
 ## Running a Scan

{cycode-3.13.0.dist-info → cycode-3.13.1.dev2.dist-info}/RECORD RENAMED Viewed

@@ -1,31 +1,35 @@
-cycode/__init__.py,sha256=q19ilNAJhQDGBJIkm5iFOBnVC4OnwdrARmwwrANqCJg,110
+cycode/__init__.py,sha256=ydaMqViM8vgQ_GN1QQ0obfc8xAMHze1My6jyYEJvgH0,115
 cycode/__main__.py,sha256=Z3bD5yrA7yPvAChcADQrqCaZd0ChGI1gdiwALwbWJ6U,104
 cycode/cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cycode/cli/app.py,sha256=bsfXV85RRb1iz19JRC9gkc5Iv30fnEE1cwA8dg552NQ,6482
+cycode/cli/app.py,sha256=7ReEcVkRX9IaQ2I7jAj7Sl9smbtvxiuK8-9bitMEQik,7491
 cycode/cli/apps/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cycode/cli/apps/activation_manager.py,sha256=Hz9PDJFB-ZmYi4HSG8iYC-fR8j5v25VuUU-l95Otsdk,1678
-cycode/cli/apps/ai_guardrails/__init__.py,sha256=R2l1CRRMOY4bAeJkndio81Sc4v0upURGo5s14Hejh-I,1120
+cycode/cli/apps/ai_guardrails/__init__.py,sha256=NsqB1Ca83BIjJMcDSt6suec6Ed0iNnacC0gBqkuuTtI,1367
 cycode/cli/apps/ai_guardrails/command_utils.py,sha256=itWoARiiqC-kCJuppBxBwKDjCSnci2m0EG95GQPy3r4,1924
-cycode/cli/apps/ai_guardrails/consts.py,sha256=3B39MQ4p_tX7xm6KeigMJRDF8yLPONQOhn2BENK4fVs,4442
-cycode/cli/apps/ai_guardrails/ensure_auth_command.py,sha256=SwgafehweFCPt7QtbprsoUjYD8pvnaOQH407rWbG-aI,738
+cycode/cli/apps/ai_guardrails/consts.py,sha256=XmsFIESadcnImtLx5ISQjCJIJFk6kCg2ZXYIMF4l6DY,4491
 cycode/cli/apps/ai_guardrails/hooks_manager.py,sha256=37IcEMCK60pQ8lnuy8GThlq9oeNOfETVp_xYGeJ9EpM,9428
 cycode/cli/apps/ai_guardrails/install_command.py,sha256=qlklts1Uj6j3urK6jwAWJY-L_DgVaZWuk7vZcpoKPAQ,4571
 cycode/cli/apps/ai_guardrails/scan/__init__.py,sha256=qJc82XiQGiAuc1sYY8Ij_A-qXpxgLPuayQq8xWlouMA,48
-cycode/cli/apps/ai_guardrails/scan/claude_config.py,sha256=JCPpSHUroH6tF2URoXCsf_AszqrSsSDcpM8ST4uJqHQ,1262
+cycode/cli/apps/ai_guardrails/scan/claude_config.py,sha256=2hVuPHfT-9_kgf5yCNgN522IcporEZvJEyYTLaaae2c,5195
 cycode/cli/apps/ai_guardrails/scan/consts.py,sha256=drAslw6vW3kxmbCs2qPCUbUPR7PJouT2lsXtu5sD-lQ,1094
-cycode/cli/apps/ai_guardrails/scan/handlers.py,sha256=e3UlQ6TbFFFAFEAgMUhL5i7bV1mSrmFJuLb9O0FLX2Y,15702
-cycode/cli/apps/ai_guardrails/scan/payload.py,sha256=wUk9PEtVrym0SaChiML8_7KGa0NmpRNIrcojKA3msjU,10409
+cycode/cli/apps/ai_guardrails/scan/cursor_config.py,sha256=D4bQsTu6MFzJFhygk0QCyopy5gJMkJm0oRrWNt2PC0g,1087
+cycode/cli/apps/ai_guardrails/scan/handlers.py,sha256=7zxGQrePRJcs6kkpKnbYq59wM2ADKz70Ve_ZB5ZNRQE,15573
+cycode/cli/apps/ai_guardrails/scan/payload.py,sha256=TXDz7S_0WiGLYzUwsF-48MtR8nfft33g4_dEsfAdisI,10424
 cycode/cli/apps/ai_guardrails/scan/policy.py,sha256=39s8hnxgjny1l6XAO59wsRcAlpW-LG00GUnO0PfqvuY,2566
 cycode/cli/apps/ai_guardrails/scan/response_builders.py,sha256=tVFJCnGdqSmyileg-idypOihygct7F6T4KHXYlX8y_c,4653
 cycode/cli/apps/ai_guardrails/scan/scan_command.py,sha256=_2fa6vz8ZmJlvCYrYNoWfX9fWrrpzcNCwL1UD-JxqLM,5618
 cycode/cli/apps/ai_guardrails/scan/types.py,sha256=H25MKJhAXmp7Mz1YeCIRmAY1Zg5GSpgBq8G1TEI9PFk,1868
 cycode/cli/apps/ai_guardrails/scan/utils.py,sha256=KVfX-NrcM-QW4quLtoNqfmz4GF0FlDs-TkqUOu1hAWM,2057
+cycode/cli/apps/ai_guardrails/session_start_command.py,sha256=NzYrCTmxSQ3fZpKceUL5arnUKnoLzZG3HzDY4CmbL_w,5437
 cycode/cli/apps/ai_guardrails/status_command.py,sha256=UerHtjIGi6sY4RXGR06Es6jQFQAEWTx2Dvhk784WQIM,3539
 cycode/cli/apps/ai_guardrails/uninstall_command.py,sha256=0qhXNC4PQPqrtt5JmexcM4W6i-VyvObB3DQT_DINM1Q,2969
 cycode/cli/apps/ai_remediation/__init__.py,sha256=8vYthY9RQeJqEni3AIF5sryz8n-XJQ6VNqG4aEFBAdY,553
 cycode/cli/apps/ai_remediation/ai_remediation_command.py,sha256=u1EdebaKCEmzv9fXmnIN0xDSLcCmGyjueYKvYfLOj_8,1549
 cycode/cli/apps/ai_remediation/apply_fix.py,sha256=9zgqiqF9HBQXi7Oz9ZIiANIAuKAMTji1PlNncCEOf5Q,817
 cycode/cli/apps/ai_remediation/print_remediation.py,sha256=nEVkR7gnGIryGEo0NOKzrmqsh4CjLr2QfVt9elsrzGY,590
+cycode/cli/apps/api/__init__.py,sha256=1Re_qLdTwSt9H4OR-Cl5jxBvhNI4nEhPBzJ3-V1AMCw,2523
+cycode/cli/apps/api/api_command.py,sha256=iZKOegd0-NQ8dOwxuQUFdem39iXd9nBGQr2FD-s4nyw,9539
+cycode/cli/apps/api/openapi_spec.py,sha256=_Le9FN5JxL5XElEnBpKtdFLGZH2iSNVjXgQblxwFEXE,6877
 cycode/cli/apps/auth/__init__.py,sha256=rjf_rEBS1aS6rzY4Qh75BzOOX9SEHPdJMah-1FJM4DY,447
 cycode/cli/apps/auth/auth_command.py,sha256=lI5lXuyGD9_OOr-kdzVxu_3gDZasOHJ0mgMXSIt8-cs,1448
 cycode/cli/apps/auth/auth_common.py,sha256=bfQXqfv5bcYmc7njWOnG1VGzRU-C7spBv48gxHROCGU,2420
@@ -178,7 +182,7 @@ cycode/cli/utils/version_checker.py,sha256=0f5PaTk02ZkDxzBqZOeMV9mU_CWcx6HKW80jU
 cycode/cli/utils/yaml_utils.py,sha256=R-tqzl0C-zoa42rS7nfWeHu3GJ0jpbQUyyqYYU2hleM,1818
 cycode/config.py,sha256=jHORGZQcAXkAGSf2XreC-RQoc8sdNWja69QKtPWTbWo,1044
 cycode/cyclient/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cycode/cyclient/ai_security_manager_client.py,sha256=AruZ-k98oc15jNswE-uTIGzifKPK2mNjJSjRqIih95U,3493
+cycode/cyclient/ai_security_manager_client.py,sha256=8fjupsrwrPHKUHqcM5DRwhoji2MmsfxOGiO3hX_S33o,4164
 cycode/cyclient/ai_security_manager_service_config.py,sha256=83pQzgOb93JW6E-dznJkI4c0NEXmQRlx9YZKMmjVwp8,808
 cycode/cyclient/auth_client.py,sha256=TwbmZ358Ancf-Q-IZolvfljZ8691_6botsqd0R0PLPk,2105
 cycode/cyclient/base_token_auth_client.py,sha256=3JIrSz0-ywVTIfxIs2zs5aGcE-x5GW3AgPHm9qA4ZDE,3857
@@ -199,8 +203,8 @@ cycode/cyclient/report_client.py,sha256=Scq30NeJPzgXv0hPLO1U05AdE9i_2iu6cIrSKpEJ
 cycode/cyclient/scan_client.py,sha256=6TK5FQkfrvV7PHqRnUzEn1PBNd2oPYVamvIixcUfe3c,16755
 cycode/cyclient/scan_config_base.py,sha256=mXsPZGYCtp85rv5GIige40yQZXuRcEKUW-VQJ0vgFzk,1201
 cycode/logger.py,sha256=EfZGRK6VC5rE_LAjIcRrHFiQCueylCDXoG6bvGkrIME,2111
-cycode-3.13.0.dist-info/METADATA,sha256=zP1a13NFYNYLJnyY2r5aSQkyd5fqJJAYwl8g2QU3H6E,84345
-cycode-3.13.0.dist-info/WHEEL,sha256=zp0Cn7JsFoX2ATtOhtaFYIiE2rmFAD4OcMhtUki8W3U,88
-cycode-3.13.0.dist-info/entry_points.txt,sha256=iDcVJM8ByLElVgvBgtYxDjw1kT7O8Mo0LcWZIT5L3Ig,45
-cycode-3.13.0.dist-info/licenses/LICENCE,sha256=2Wx4N6mD_4xB7-E3hPkZ3MPhpJy__k_I8MaCSO-PDRo,1068
-cycode-3.13.0.dist-info/RECORD,,
+cycode-3.13.1.dev2.dist-info/METADATA,sha256=FW_uYfD3CfcqIEUZk-FkxYBYAe6dTlzjyqFuwO2jgSY,87082
+cycode-3.13.1.dev2.dist-info/WHEEL,sha256=zp0Cn7JsFoX2ATtOhtaFYIiE2rmFAD4OcMhtUki8W3U,88
+cycode-3.13.1.dev2.dist-info/entry_points.txt,sha256=iDcVJM8ByLElVgvBgtYxDjw1kT7O8Mo0LcWZIT5L3Ig,45
+cycode-3.13.1.dev2.dist-info/licenses/LICENCE,sha256=2Wx4N6mD_4xB7-E3hPkZ3MPhpJy__k_I8MaCSO-PDRo,1068
+cycode-3.13.1.dev2.dist-info/RECORD,,

cycode/cli/apps/ai_guardrails/ensure_auth_command.py DELETED Viewed

@@ -1,21 +0,0 @@
-import typer
-from cycode.cli.apps.auth.auth_common import get_authorization_info
-from cycode.cli.apps.auth.auth_manager import AuthManager
-from cycode.cli.exceptions.handle_auth_errors import handle_auth_exception
-from cycode.cli.logger import logger
-def ensure_auth_command(ctx: typer.Context) -> None:
-    """Ensure the user is authenticated, triggering authentication if needed."""
-    auth_info = get_authorization_info(ctx)
-    if auth_info is not None:
-        logger.debug('Already authenticated')
-        return
-    logger.debug('Not authenticated, starting authentication')
-    try:
-        auth_manager = AuthManager()
-        auth_manager.authenticate()
-    except Exception as err:
-        handle_auth_exception(ctx, err)

{cycode-3.13.0.dist-info → cycode-3.13.1.dev2.dist-info}/WHEEL RENAMED Viewed

File without changes

{cycode-3.13.0.dist-info → cycode-3.13.1.dev2.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{cycode-3.13.0.dist-info → cycode-3.13.1.dev2.dist-info}/licenses/LICENCE RENAMED Viewed

File without changes

cycode 3.13.0__py3-none-any.whl → 3.13.1.dev2__py3-none-any.whl

cycode 3.13.0py3-none-any.whl → 3.13.1.dev2py3-none-any.whl