cycode 3.15.3.dev8__py3-none-any.whl → 3.15.4.dev2__py3-none-any.whl

cycode/cli/apps/ai_guardrails/scan/payload.py

@@ -1,275 +1,34 @@
-"""Unified payload object for AI hook events from different tools."""
+"""Canonical AI hook payload shared across IDE integrations.
+
+The dataclass is populated by `IDE.parse_hook_payload` (see
+`cycode/cli/apps/ai_guardrails/ides/`). Per-IDE parsing logic lives on the
+respective IDE class.
+"""
 
-import json
-from collections.abc import Iterator
 from dataclasses import dataclass
-from pathlib import Path
 from typing import Optional
 
-from cycode.cli.apps.ai_guardrails.consts import AIIDEType
-from cycode.cli.apps.ai_guardrails.scan.claude_config import get_user_email, load_claude_config
-from cycode.cli.apps.ai_guardrails.scan.types import (
-    CLAUDE_CODE_EVENT_MAPPING,
-    CLAUDE_CODE_EVENT_NAMES,
-    CURSOR_EVENT_MAPPING,
-    CURSOR_EVENT_NAMES,
-    AiHookEventType,
-)
-
-
-def _reverse_readline(path: Path, buf_size: int = 8192) -> Iterator[str]:
-    """Read a file line by line from the end without loading entire file into memory.
-
-    Yields lines in reverse order (last line first).
-    """
-    with path.open('rb') as f:
-        f.seek(0, 2)  # Seek to end
-        file_size = f.tell()
-        if file_size == 0:
-            return
-
-        remaining = file_size
-        buffer = b''
-
-        while remaining > 0:
-            # Read a chunk from the end
-            read_size = min(buf_size, remaining)
-            remaining -= read_size
-            f.seek(remaining)
-            chunk = f.read(read_size)
-            buffer = chunk + buffer
-
-            # Yield complete lines from buffer
-            while b'\n' in buffer:
-                # Find the last newline
-                newline_pos = buffer.rfind(b'\n')
-                if newline_pos == len(buffer) - 1:
-                    # Trailing newline, look for previous one
-                    newline_pos = buffer.rfind(b'\n', 0, newline_pos)
-                    if newline_pos == -1:
-                        break
-                # Yield the line after this newline
-                line = buffer[newline_pos + 1 :]
-                buffer = buffer[: newline_pos + 1]
-                if line.strip():
-                    yield line.decode('utf-8', errors='replace')
-
-        # Yield any remaining content as the first line of the file
-        if buffer.strip():
-            yield buffer.decode('utf-8', errors='replace')
-
-
-def _extract_model(entry: dict) -> Optional[str]:
-    """Extract model from a transcript entry (top level or nested in message)."""
-    return entry.get('model') or (entry.get('message') or {}).get('model')
-
-
-def _extract_generation_id(entry: dict) -> Optional[str]:
-    """Extract generation ID from a user-type transcript entry."""
-    if entry.get('type') == 'user':
-        return entry.get('uuid')
-    return None
-
-
-def extract_from_claude_transcript(
-    transcript_path: str,
-) -> tuple[Optional[str], Optional[str], Optional[str]]:
-    """Extract IDE version, model, and latest generation ID from Claude Code transcript file.
-
-    The transcript is a JSONL file where each line is a JSON object.
-    We look for 'version' (IDE version), 'model', and 'uuid' (generation ID) fields.
-    The generation_id is the UUID of the latest 'user' type message.
-
-    Scans from end to start since latest entries are at the end.
-    Uses reverse reading to avoid loading entire file into memory.
-
-    Returns:
-        Tuple of (ide_version, model, generation_id), any may be None if not found.
-    """
-    if not transcript_path:
-        return None, None, None
-
-    path = Path(transcript_path)
-    if not path.exists():
-        return None, None, None
-
-    ide_version = None
-    model = None
-    generation_id = None
-
-    try:
-        for line in _reverse_readline(path):
-            line = line.strip()
-            if not line:
-                continue
-            try:
-                entry = json.loads(line)
-                ide_version = ide_version or entry.get('version')
-                model = model or _extract_model(entry)
-                generation_id = generation_id or _extract_generation_id(entry)
-
-                if ide_version and model and generation_id:
-                    break
-            except json.JSONDecodeError:
-                continue
-    except OSError:
-        pass
-
-    return ide_version, model, generation_id
-
 
 @dataclass
 class AIHookPayload:
-    """Unified payload object that normalizes field names from different AI tools."""
+    """Unified payload that normalizes field names across IDEs."""
 
     # Event identification
-    event_name: Optional[str] = None  # Canonical event type (e.g., 'prompt', 'file_read', 'mcp_execution')
+    event_name: Optional[str] = None  # Canonical event type from AiHookEventType
     conversation_id: Optional[str] = None
     generation_id: Optional[str] = None
 
     # User and IDE information
     ide_user_email: Optional[str] = None
     model: Optional[str] = None
-    ide_provider: str = None  # AIIDEType value (e.g., 'cursor', 'claude-code')
+    ide_provider: Optional[str] = None  # Matches IDE.name (e.g. 'cursor', 'claude-code')
     ide_version: Optional[str] = None
 
     source: Optional[str] = None
 
     # Event-specific data
-    prompt: Optional[str] = None  # For prompt events
-    file_path: Optional[str] = None  # For file_read events
-    mcp_server_name: Optional[str] = None  # For mcp_execution events
-    mcp_tool_name: Optional[str] = None  # For mcp_execution events
-    mcp_arguments: Optional[dict] = None  # For mcp_execution events
-
-    @classmethod
-    def from_cursor_payload(cls, payload: dict) -> 'AIHookPayload':
-        """Create AIHookPayload from Cursor IDE payload.
-
-        Maps Cursor-specific event names to canonical event types.
-        """
-        cursor_event_name = payload.get('hook_event_name', '')
-        # Map Cursor event name to canonical type, fallback to original if not found
-        canonical_event = CURSOR_EVENT_MAPPING.get(cursor_event_name, cursor_event_name)
-
-        return cls(
-            event_name=canonical_event,
-            conversation_id=payload.get('conversation_id'),
-            generation_id=payload.get('generation_id'),
-            ide_user_email=payload.get('user_email'),
-            model=payload.get('model'),
-            ide_provider=AIIDEType.CURSOR.value,
-            ide_version=payload.get('cursor_version'),
-            prompt=payload.get('prompt', ''),
-            file_path=payload.get('file_path') or payload.get('path'),
-            mcp_server_name=payload.get('command'),  # MCP server name
-            mcp_tool_name=payload.get('tool_name') or payload.get('tool'),
-            mcp_arguments=payload.get('arguments') or payload.get('tool_input') or payload.get('input'),
-        )
-
-    @classmethod
-    def from_claude_code_payload(cls, payload: dict) -> 'AIHookPayload':
-        """Create AIHookPayload from Claude Code IDE payload.
-
-        Claude Code has a different structure:
-        - hook_event_name: 'UserPromptSubmit' or 'PreToolUse'
-        - For PreToolUse: tool_name determines if it's file read ('Read') or MCP ('mcp__*')
-        - tool_input contains tool arguments (e.g., file_path for Read tool)
-        - transcript_path points to JSONL file with version and model info
-        """
-        hook_event_name = payload.get('hook_event_name', '')
-        tool_name = payload.get('tool_name', '')
-        tool_input = payload.get('tool_input')
-
-        if hook_event_name == 'UserPromptSubmit':
-            canonical_event = AiHookEventType.PROMPT
-        elif hook_event_name == 'PreToolUse':
-            canonical_event = AiHookEventType.FILE_READ if tool_name == 'Read' else AiHookEventType.MCP_EXECUTION
-        else:
-            # Unknown event, use the raw event name
-            canonical_event = CLAUDE_CODE_EVENT_MAPPING.get(hook_event_name, hook_event_name)
-
-        # Extract file_path from tool_input for Read tool
-        file_path = None
-        if tool_name == 'Read' and isinstance(tool_input, dict):
-            file_path = tool_input.get('file_path')
-
-        # For MCP tools, the entire tool_input is the arguments
-        mcp_arguments = tool_input if tool_name.startswith('mcp__') else None
-
-        # Extract MCP server and tool name from tool_name (format: mcp__<server>__<tool>)
-        mcp_server_name = None
-        mcp_tool_name = None
-        if tool_name.startswith('mcp__'):
-            parts = tool_name.split('__')
-            if len(parts) >= 2:
-                mcp_server_name = parts[1]
-            if len(parts) >= 3:
-                mcp_tool_name = parts[2]
-
-        # Extract IDE version, model, and generation ID from transcript file
-        ide_version, model, generation_id = extract_from_claude_transcript(payload.get('transcript_path'))
-
-        # Extract user email from ~/.claude.json
-        claude_config = load_claude_config()
-        ide_user_email = get_user_email(claude_config) if claude_config else None
-
-        return cls(
-            event_name=canonical_event,
-            conversation_id=payload.get('session_id'),
-            generation_id=generation_id,
-            ide_user_email=ide_user_email,
-            model=model,
-            ide_provider=AIIDEType.CLAUDE_CODE.value,
-            ide_version=ide_version,
-            prompt=payload.get('prompt', ''),
-            file_path=file_path,
-            mcp_server_name=mcp_server_name,
-            mcp_tool_name=mcp_tool_name,
-            mcp_arguments=mcp_arguments,
-        )
-
-    @staticmethod
-    def is_payload_for_ide(payload: dict, ide: str) -> bool:
-        """Check if the payload's event name matches the expected IDE.
-
-        This prevents double-processing when Cursor reads Claude Code hooks
-        or vice versa. If the payload's hook_event_name doesn't match the
-        expected IDE's event names, we should skip processing.
-
-        Args:
-            payload: The raw payload from the IDE
-            ide: The IDE name or AIIDEType enum value
-
-        Returns:
-            True if the payload matches the IDE, False otherwise.
-        """
-        hook_event_name = payload.get('hook_event_name', '')
-
-        if ide == AIIDEType.CLAUDE_CODE:
-            return hook_event_name in CLAUDE_CODE_EVENT_NAMES
-        if ide == AIIDEType.CURSOR:
-            return hook_event_name in CURSOR_EVENT_NAMES
-
-        # Unknown IDE, allow processing
-        return True
-
-    @classmethod
-    def from_payload(cls, payload: dict, tool: str = AIIDEType.CURSOR.value) -> 'AIHookPayload':
-        """Create AIHookPayload from any tool's payload.
-
-        Args:
-            payload: The raw payload from the IDE
-            tool: The IDE/tool name or AIIDEType enum value
-
-        Returns:
-            AIHookPayload instance
-
-        Raises:
-            ValueError: If the tool is not supported
-        """
-        if tool == AIIDEType.CURSOR:
-            return cls.from_cursor_payload(payload)
-        if tool == AIIDEType.CLAUDE_CODE:
-            return cls.from_claude_code_payload(payload)
-        raise ValueError(f'Unsupported IDE/tool: {tool}')
+    prompt: Optional[str] = None  # PROMPT events
+    file_path: Optional[str] = None  # FILE_READ events
+    mcp_server_name: Optional[str] = None  # MCP_EXECUTION events
+    mcp_tool_name: Optional[str] = None
+    mcp_arguments: Optional[dict] = None

cycode/cli/apps/ai_guardrails/scan/scan_command.py

@@ -1,26 +1,22 @@
-"""
-Scan command for AI guardrails.
+"""Scan command for AI guardrails IDE hooks.
 
-This command handles AI IDE hooks by reading JSON from stdin and outputting
-a JSON response to stdout. It scans prompts, file reads, and MCP tool calls
-for secrets before they are sent to AI models.
+Reads a JSON payload from stdin, routes it through the IDE-specific parser and
+the shared event handlers, then writes an IDE-specific JSON response to stdout.
 
-Supports multiple IDEs with different hook event types. The specific hook events
-supported depend on the IDE being used (e.g., Cursor supports beforeSubmitPrompt,
-beforeReadFile, beforeMCPExecution).
+The handlers in ``handlers.py`` are agent-agnostic (they return
+``HookDecision``); ``IDE.build_hook_response`` is the per-IDE translation step.
 """
 
 import sys
-from typing import Annotated
+from typing import Annotated, Optional, Union
 
 import click
 import typer
 
-from cycode.cli.apps.ai_guardrails.consts import AIIDEType
+from cycode.cli.apps.ai_guardrails.ides import DEFAULT_IDE_NAME, get_ide
+from cycode.cli.apps.ai_guardrails.ides.base import HookDecision
 from cycode.cli.apps.ai_guardrails.scan.handlers import get_handler_for_event
-from cycode.cli.apps.ai_guardrails.scan.payload import AIHookPayload
 from cycode.cli.apps.ai_guardrails.scan.policy import load_policy
-from cycode.cli.apps.ai_guardrails.scan.response_builders import get_response_builder
 from cycode.cli.apps.ai_guardrails.scan.types import AiHookEventType
 from cycode.cli.apps.ai_guardrails.scan.utils import output_json, safe_json_parse
 from cycode.cli.exceptions.custom_exceptions import HttpUnauthorizedError
@@ -31,7 +27,7 @@ logger = get_logger('AI Guardrails')
 
 
 def _get_auth_error_message(error: Exception) -> str:
-    """Get user-friendly message for authentication errors."""
+    """User-friendly message for authentication errors."""
     if isinstance(error, click.ClickException):
         # Missing credentials
         return f'{error.message} Please run `cycode auth` to set up your credentials.'
@@ -47,6 +43,23 @@ def _get_auth_error_message(error: Exception) -> str:
     return 'Authentication failed. Please run `cycode auth` to set up your credentials.'
 
 
+def _deny_for_event(
+    event_name: Optional[Union[str, AiHookEventType]],
+    user_message: str,
+    agent_message: Optional[str] = None,
+) -> HookDecision:
+    """Build a deny decision matched to ``event_name``'s response shape.
+
+    PROMPT events use the prompt-block shape (no agent_message). For anything
+    else — including unknown event names — fall back to FILE_READ since
+    FILE_READ and MCP_EXECUTION share the same response shape on both IDEs.
+    """
+    if event_name == AiHookEventType.PROMPT:
+        return HookDecision.deny(AiHookEventType.PROMPT, user_message)
+    target = event_name if isinstance(event_name, AiHookEventType) else AiHookEventType.FILE_READ
+    return HookDecision.deny(target, user_message, agent_message)
+
+
 def _initialize_clients(ctx: typer.Context) -> None:
     """Initialize API clients.
 
@@ -69,44 +82,36 @@ def scan_command(
             help='IDE that sent the payload (e.g., "cursor"). Defaults to cursor.',
             hidden=True,
         ),
-    ] = AIIDEType.CURSOR.value,
+    ] = DEFAULT_IDE_NAME,
 ) -> None:
     """Scan content from AI IDE hooks for secrets.
 
-    This command reads a JSON payload from stdin containing hook event data
-    and outputs a JSON response to stdout indicating whether to allow or block the action.
-
-    The hook event type is determined from the event field in the payload (field name
-    varies by IDE). Each IDE may support different hook events for scanning prompts,
-    file access, and tool executions.
-
-    Example usage (from IDE hooks configuration):
-        { "command": "cycode ai-guardrails scan" }
+    Reads a JSON payload from stdin and outputs a JSON response to stdout
+    indicating whether to allow or block the action.
     """
+    ide_integration = get_ide(ide)
+
     stdin_data = sys.stdin.read().strip()
     payload = safe_json_parse(stdin_data)
 
-    tool = ide.lower()
-    response_builder = get_response_builder(tool)
-
     if not payload:
         logger.debug('Empty or invalid JSON payload received')
-        output_json(response_builder.allow_prompt())
+        output_json(ide_integration.build_hook_response(HookDecision.allow(AiHookEventType.PROMPT)))
         return
 
-    # Check if the payload matches the expected IDE - prevents double-processing
-    # when Cursor reads Claude Code hooks from ~/.claude/settings.json
-    if not AIHookPayload.is_payload_for_ide(payload, tool):
+    # Prevent cross-IDE processing (e.g. Cursor reading Claude Code hooks
+    # from ~/.claude/settings.json).
+    if not ide_integration.matches_payload(payload):
         logger.debug(
             'Payload event does not match expected IDE, skipping',
-            extra={'hook_event_name': payload.get('hook_event_name'), 'expected_ide': tool},
+            extra={'hook_event_name': payload.get('hook_event_name'), 'expected_ide': ide_integration.name},
         )
-        output_json(response_builder.allow_prompt())
+        output_json(ide_integration.build_hook_response(HookDecision.allow(AiHookEventType.PROMPT)))
         return
 
-    unified_payload = AIHookPayload.from_payload(payload, tool=tool)
+    unified_payload = ide_integration.parse_hook_payload(payload)
     event_name = unified_payload.event_name
-    logger.debug('Processing AI guardrails hook', extra={'event_name': event_name, 'tool': tool})
+    logger.debug('Processing AI guardrails hook', extra={'event_name': event_name, 'ide': ide_integration.name})
 
     workspace_roots = payload.get('workspace_roots', ['.'])
     policy = load_policy(workspace_roots[0])
@@ -117,26 +122,33 @@ def scan_command(
         handler = get_handler_for_event(event_name)
         if handler is None:
             logger.debug('Unknown hook event, allowing by default', extra={'event_name': event_name})
-            output_json(response_builder.allow_prompt())
+            output_json(ide_integration.build_hook_response(HookDecision.allow(AiHookEventType.PROMPT)))
             return
 
-        response = handler(ctx, unified_payload, policy)
-        logger.debug('Hook handler completed', extra={'event_name': event_name, 'response': response})
-        output_json(response)
+        decision = handler(ctx, unified_payload, policy)
+        logger.debug('Hook handler completed', extra={'event_name': event_name, 'action': decision.action.value})
+        output_json(ide_integration.build_hook_response(decision))
 
     except (click.ClickException, HttpUnauthorizedError) as e:
-        error_message = _get_auth_error_message(e)
-        if event_name == AiHookEventType.PROMPT:
-            output_json(response_builder.deny_prompt(error_message))
-            return
-        output_json(response_builder.deny_permission(error_message, 'Authentication required'))
+        output_json(
+            ide_integration.build_hook_response(
+                _deny_for_event(event_name, _get_auth_error_message(e), 'Authentication required')
+            )
+        )
 
     except Exception as e:
         logger.error('Hook handler failed', exc_info=e)
         if policy.get('fail_open', True):
-            output_json(response_builder.allow_prompt())
-            return
-        if event_name == AiHookEventType.PROMPT:
-            output_json(response_builder.deny_prompt('Cycode guardrails error - blocking due to fail-closed policy'))
+            output_json(ide_integration.build_hook_response(HookDecision.allow(AiHookEventType.PROMPT)))
             return
-        output_json(response_builder.deny_permission('Cycode guardrails error', 'Blocking due to fail-closed policy'))
+        output_json(
+            ide_integration.build_hook_response(
+                _deny_for_event(
+                    event_name,
+                    'Cycode guardrails error - blocking due to fail-closed policy'
+                    if event_name == AiHookEventType.PROMPT
+                    else 'Cycode guardrails error',
+                    'Blocking due to fail-closed policy',
+                )
+            )
+        )

cycode/cli/apps/ai_guardrails/scan/types.py

@@ -1,4 +1,9 @@
-"""Type definitions for AI guardrails."""
+"""Canonical event types and outcome enums for AI guardrails.
+
+Per-IDE event-name mappings live on the IDE class (in
+`cycode/cli/apps/ai_guardrails/ides/`); only the IDE-agnostic enums are kept
+here.
+"""
 
 import sys
 
@@ -13,36 +18,13 @@ else:
 
 
 class AiHookEventType(StrEnum):
-    """Canonical event types for AI guardrails.
-
-    These are IDE-agnostic event types. Each IDE's specific event names
-    are mapped to these canonical types using the mapping dictionaries below.
-    """
+    """Canonical, IDE-agnostic hook event types."""
 
     PROMPT = 'Prompt'
     FILE_READ = 'FileRead'
     MCP_EXECUTION = 'McpExecution'
 
 
-# IDE-specific event name mappings to canonical types
-CURSOR_EVENT_MAPPING = {
-    'beforeSubmitPrompt': AiHookEventType.PROMPT,
-    'beforeReadFile': AiHookEventType.FILE_READ,
-    'beforeMCPExecution': AiHookEventType.MCP_EXECUTION,
-}
-
-# Claude Code event mapping - note that PreToolUse requires tool_name inspection
-# to determine the actual event type (file read vs MCP execution)
-CLAUDE_CODE_EVENT_MAPPING = {
-    'UserPromptSubmit': AiHookEventType.PROMPT,
-    'PreToolUse': None,  # Requires tool_name inspection to determine actual type
-}
-
-# Set of known event names per IDE (for IDE detection)
-CURSOR_EVENT_NAMES = set(CURSOR_EVENT_MAPPING.keys())
-CLAUDE_CODE_EVENT_NAMES = set(CLAUDE_CODE_EVENT_MAPPING.keys())
-
-
 class AIHookOutcome(StrEnum):
     """Outcome of an AI hook event evaluation."""
 
@@ -52,11 +34,7 @@ class AIHookOutcome(StrEnum):
 
 
 class BlockReason(StrEnum):
-    """Reason why an AI hook event was blocked.
-
-    These are categorical reasons sent to the backend for tracking/analytics,
-    separate from the detailed user-facing messages.
-    """
+    """Categorical reason for blocking (sent to backend for tracking)."""
 
     SECRETS_IN_PROMPT = 'secrets_in_prompt'
     SECRETS_IN_FILE = 'secrets_in_file'

cycode/cli/apps/ai_guardrails/session_start_command.py

@@ -1,18 +1,12 @@
+"""Handle AI guardrails session start: auth, conversation creation, session context."""
+
 import sys
 from typing import TYPE_CHECKING, Annotated, Optional
 
 import typer
 
-from cycode.cli.apps.ai_guardrails.consts import AIIDEType
-from cycode.cli.apps.ai_guardrails.scan.claude_config import (
-    get_mcp_servers,
-    get_user_email,
-    load_claude_config,
-    load_claude_settings,
-    resolve_plugins,
-)
-from cycode.cli.apps.ai_guardrails.scan.cursor_config import load_cursor_config
-from cycode.cli.apps.ai_guardrails.scan.payload import AIHookPayload, extract_from_claude_transcript
+from cycode.cli.apps.ai_guardrails.ides import DEFAULT_IDE_NAME, get_ide
+from cycode.cli.apps.ai_guardrails.ides.base import IDE
 from cycode.cli.apps.ai_guardrails.scan.utils import safe_json_parse
 from cycode.cli.apps.auth.auth_common import get_authorization_info
 from cycode.cli.apps.auth.auth_manager import AuthManager
@@ -26,69 +20,10 @@ if TYPE_CHECKING:
 logger = get_logger('AI Guardrails')
 
 
-def _build_session_payload(payload: dict, ide: str) -> AIHookPayload:
-    """Build an AIHookPayload from a session-start stdin payload."""
-    if ide == AIIDEType.CLAUDE_CODE:
-        claude_config = load_claude_config()
-        ide_user_email = get_user_email(claude_config) if claude_config else None
-        ide_version, _, _ = extract_from_claude_transcript(payload.get('transcript_path'))
-
-        return AIHookPayload(
-            conversation_id=payload.get('session_id'),
-            ide_user_email=ide_user_email,
-            model=payload.get('model'),
-            ide_provider=AIIDEType.CLAUDE_CODE.value,
-            ide_version=ide_version,
-            source=payload.get('source'),
-        )
-
-    # Cursor
-    return AIHookPayload(
-        conversation_id=payload.get('conversation_id'),
-        ide_user_email=payload.get('user_email'),
-        model=payload.get('model'),
-        ide_provider=AIIDEType.CURSOR.value,
-        ide_version=payload.get('cursor_version'),
-    )
-
-
-def _get_claude_code_session_context() -> tuple[dict, dict]:
-    """Return (mcp_servers, enabled_plugins) for Claude Code.
-
-    Merges MCP servers from ~/.claude.json (user-configured) with those contributed
-    by enabled plugins. Plugin metadata (name, version, description) is included in
-    the enabled_plugins dict when resolvable.
-    """
-    config = load_claude_config()
-    mcp_servers = dict(get_mcp_servers(config) or {}) if config else {}
-
-    settings = load_claude_settings()
-    if settings:
-        plugin_mcp, enriched_plugins = resolve_plugins(settings)
-        mcp_servers.update(plugin_mcp)
-    else:
-        enriched_plugins = {}
-
-    return mcp_servers, enriched_plugins
-
-
-def _get_cursor_session_context() -> tuple[dict, dict]:
-    """Return (mcp_servers, enabled_plugins) for Cursor. Cursor has no plugin system."""
-    config = load_cursor_config()
-    mcp_servers = dict(get_mcp_servers(config) or {}) if config else {}
-    return mcp_servers, {}
-
-
-def _report_session_context(ai_client: 'AISecurityManagerClient', ide: str, user_email: Optional[str]) -> None:
+def _report_session_context(ai_client: 'AISecurityManagerClient', ide: IDE, user_email: Optional[str]) -> None:
     """Report IDE session context to the AI security manager. Never raises."""
     try:
-        if ide == AIIDEType.CLAUDE_CODE:
-            mcp_servers, enabled_plugins = _get_claude_code_session_context()
-        elif ide == AIIDEType.CURSOR:
-            mcp_servers, enabled_plugins = _get_cursor_session_context()
-        else:
-            return
-
+        mcp_servers, enabled_plugins = ide.get_session_context()
         if not mcp_servers and not enabled_plugins:
             return
         ai_client.report_session_context(
@@ -109,16 +44,17 @@ def session_start_command(
             help='IDE that triggered the session start.',
             hidden=True,
         ),
-    ] = AIIDEType.CURSOR.value,
+    ] = DEFAULT_IDE_NAME,
 ) -> None:
     """Handle session start: ensure auth, create conversation, report session context."""
+    ide_integration = get_ide(ide)
+
     # Step 1: Ensure authentication
     auth_info = get_authorization_info(ctx)
     if auth_info is None:
         logger.debug('Not authenticated, starting authentication')
         try:
-            auth_manager = AuthManager()
-            auth_manager.authenticate()
+            AuthManager().authenticate()
         except Exception as err:
             handle_auth_exception(ctx, err)
             return
@@ -136,8 +72,8 @@ def session_start_command(
         logger.debug('Empty or invalid stdin payload, skipping session initialization')
         return
 
-    # Step 3: Build session payload and initialize API client
-    session_payload = _build_session_payload(payload, ide)
+    # Step 3: Build session payload + initialize API client
+    session_payload = ide_integration.build_session_payload(payload)
 
     try:
         ai_client = get_ai_security_manager_client(ctx)
@@ -151,5 +87,5 @@ def session_start_command(
     except Exception as e:
         logger.debug('Failed to create conversation during session start', exc_info=e)
 
-    # Step 5: Report session context (MCP servers)
-    _report_session_context(ai_client, ide, session_payload.ide_user_email)
+    # Step 5: Report session context (MCP servers, enabled plugins)
+    _report_session_context(ai_client, ide_integration, session_payload.ide_user_email)