cycode 3.17.1.dev8__py3-none-any.whl → 3.17.1.dev10__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- cycode/__init__.py +1 -1
- cycode/cli/apps/ai_guardrails/scan/policy.py +21 -3
- cycode/cli/apps/ai_guardrails/scan/scan_command.py +4 -4
- cycode/cli/apps/ai_guardrails/scan/utils.py +17 -0
- cycode/cli/apps/ai_guardrails/session_start_command.py +2 -2
- {cycode-3.17.1.dev8.dist-info → cycode-3.17.1.dev10.dist-info}/METADATA +1 -1
- {cycode-3.17.1.dev8.dist-info → cycode-3.17.1.dev10.dist-info}/RECORD +10 -10
- {cycode-3.17.1.dev8.dist-info → cycode-3.17.1.dev10.dist-info}/WHEEL +0 -0
- {cycode-3.17.1.dev8.dist-info → cycode-3.17.1.dev10.dist-info}/entry_points.txt +0 -0
- {cycode-3.17.1.dev8.dist-info → cycode-3.17.1.dev10.dist-info}/licenses/LICENCE +0 -0
cycode/__init__.py
CHANGED
|
@@ -5,4 +5,4 @@ import time as _time
|
|
|
5
5
|
# end-to-end scan duration from the moment the user actually triggered it.
|
|
6
6
|
_BOOT_WALL: float = _time.time()
|
|
7
7
|
|
|
8
|
-
__version__ = '3.17.1.
|
|
8
|
+
__version__ = '3.17.1.dev10' # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
|
|
@@ -3,11 +3,14 @@ Policy loading and configuration management for AI guardrails.
|
|
|
3
3
|
|
|
4
4
|
Policies are loaded and merged in order (later overrides earlier):
|
|
5
5
|
1. Built-in defaults (consts.DEFAULT_POLICY)
|
|
6
|
-
2.
|
|
7
|
-
3.
|
|
6
|
+
2. Machine-wide config (admin/MDM-provisioned; see get_machine_policy_path)
|
|
7
|
+
3. User-level config (~/.cycode/ai-guardrails.yaml)
|
|
8
|
+
4. Repo-level config (<workspace>/.cycode/ai-guardrails.yaml)
|
|
8
9
|
"""
|
|
9
10
|
|
|
10
11
|
import json
|
|
12
|
+
import os
|
|
13
|
+
import sys
|
|
11
14
|
from pathlib import Path
|
|
12
15
|
from typing import Any, Optional
|
|
13
16
|
|
|
@@ -16,6 +19,16 @@ import yaml
|
|
|
16
19
|
from cycode.cli.apps.ai_guardrails.scan.consts import DEFAULT_POLICY, POLICY_FILE_NAME
|
|
17
20
|
|
|
18
21
|
|
|
22
|
+
def get_machine_policy_path() -> Path:
|
|
23
|
+
"""Machine-wide (admin/MDM-provisioned) policy path, by platform."""
|
|
24
|
+
if sys.platform == 'darwin':
|
|
25
|
+
return Path('/Library/Application Support/Cycode') / POLICY_FILE_NAME
|
|
26
|
+
if sys.platform == 'win32':
|
|
27
|
+
program_data = os.environ.get('PROGRAMDATA', 'C:\\ProgramData')
|
|
28
|
+
return Path(program_data) / 'Cycode' / POLICY_FILE_NAME
|
|
29
|
+
return Path('/etc/cycode') / POLICY_FILE_NAME
|
|
30
|
+
|
|
31
|
+
|
|
19
32
|
def deep_merge(base: dict, override: dict) -> dict:
|
|
20
33
|
"""Deep merge two dictionaries, with override taking precedence."""
|
|
21
34
|
result = base.copy()
|
|
@@ -61,7 +74,7 @@ def load_policy(workspace_root: Optional[str] = None) -> dict:
|
|
|
61
74
|
"""
|
|
62
75
|
Load policy by merging configs in order of precedence.
|
|
63
76
|
|
|
64
|
-
Merge order: defaults <- user config <- repo config
|
|
77
|
+
Merge order: defaults <- machine <- user config <- repo config
|
|
65
78
|
|
|
66
79
|
Args:
|
|
67
80
|
workspace_root: Workspace root path for repo-level config lookup.
|
|
@@ -69,6 +82,11 @@ def load_policy(workspace_root: Optional[str] = None) -> dict:
|
|
|
69
82
|
# Start with defaults
|
|
70
83
|
policy = load_defaults()
|
|
71
84
|
|
|
85
|
+
# Merge machine-wide config (admin/MDM-provisioned) - overrides defaults, below user/repo.
|
|
86
|
+
machine_config = load_yaml_file(get_machine_policy_path())
|
|
87
|
+
if machine_config:
|
|
88
|
+
policy = deep_merge(policy, machine_config)
|
|
89
|
+
|
|
72
90
|
# Merge user-level config (if exists)
|
|
73
91
|
user_policy_path = Path.home() / '.cycode' / POLICY_FILE_NAME
|
|
74
92
|
user_config = load_yaml_file(user_policy_path)
|
|
@@ -7,7 +7,6 @@ The handlers in ``handlers.py`` are agent-agnostic (they return
|
|
|
7
7
|
``HookDecision``); ``IDE.build_hook_response`` is the per-IDE translation step.
|
|
8
8
|
"""
|
|
9
9
|
|
|
10
|
-
import sys
|
|
11
10
|
from typing import Annotated, Optional, Union
|
|
12
11
|
|
|
13
12
|
import click
|
|
@@ -18,7 +17,7 @@ from cycode.cli.apps.ai_guardrails.ides.base import HookDecision
|
|
|
18
17
|
from cycode.cli.apps.ai_guardrails.scan.handlers import get_handler_for_event
|
|
19
18
|
from cycode.cli.apps.ai_guardrails.scan.policy import load_policy
|
|
20
19
|
from cycode.cli.apps.ai_guardrails.scan.types import AiHookEventType
|
|
21
|
-
from cycode.cli.apps.ai_guardrails.scan.utils import output_json, safe_json_parse
|
|
20
|
+
from cycode.cli.apps.ai_guardrails.scan.utils import output_json, read_stdin_text, safe_json_parse
|
|
22
21
|
from cycode.cli.exceptions.custom_exceptions import HttpUnauthorizedError
|
|
23
22
|
from cycode.cli.utils.get_api_client import get_ai_security_manager_client, get_scan_cycode_client
|
|
24
23
|
from cycode.logger import get_logger
|
|
@@ -91,7 +90,7 @@ def scan_command(
|
|
|
91
90
|
"""
|
|
92
91
|
ide_integration = get_ide(ide)
|
|
93
92
|
|
|
94
|
-
stdin_data =
|
|
93
|
+
stdin_data = read_stdin_text().strip()
|
|
95
94
|
payload = safe_json_parse(stdin_data)
|
|
96
95
|
|
|
97
96
|
if not payload:
|
|
@@ -113,7 +112,8 @@ def scan_command(
|
|
|
113
112
|
event_name = unified_payload.event_name
|
|
114
113
|
logger.debug('Processing AI guardrails hook', extra={'event_name': event_name, 'ide': ide_integration.name})
|
|
115
114
|
|
|
116
|
-
|
|
115
|
+
# `or` (not a .get default) - Cursor sends workspace_roots=[] when no folder is open.
|
|
116
|
+
workspace_roots = payload.get('workspace_roots') or ['.']
|
|
117
117
|
policy = load_policy(workspace_roots[0])
|
|
118
118
|
|
|
119
119
|
try:
|
|
@@ -6,11 +6,28 @@ Includes JSON parsing, path matching, and text handling utilities.
|
|
|
6
6
|
|
|
7
7
|
import json
|
|
8
8
|
import os
|
|
9
|
+
import sys
|
|
9
10
|
from pathlib import Path
|
|
10
11
|
|
|
11
12
|
from cycode.cli.apps.ai_guardrails.scan.policy import get_policy_value
|
|
12
13
|
|
|
13
14
|
|
|
15
|
+
def read_stdin_text() -> str:
|
|
16
|
+
"""Read the hook payload from stdin as UTF-8 text.
|
|
17
|
+
|
|
18
|
+
Reads bytes and decodes with utf-8-sig: hook payloads are UTF-8 JSON, but on Windows
|
|
19
|
+
Python decodes piped stdin with the ANSI code page (mojibake for non-ASCII prompts),
|
|
20
|
+
and Cursor on Windows prefixes the payload with a UTF-8 BOM - the -sig codec strips it.
|
|
21
|
+
"""
|
|
22
|
+
buffer = getattr(sys.stdin, 'buffer', None)
|
|
23
|
+
if buffer is not None:
|
|
24
|
+
return buffer.read().decode('utf-8-sig', errors='replace')
|
|
25
|
+
# No .buffer (tests mocking sys.stdin with StringIO, exotic streams) - text-mode fallback.
|
|
26
|
+
# lstrip the BOM here too: an already-decoded stream leaves it as U+FEFF, which json.loads
|
|
27
|
+
# rejects (and .strip() doesn't remove - it is not whitespace).
|
|
28
|
+
return sys.stdin.read().lstrip('\ufeff')
|
|
29
|
+
|
|
30
|
+
|
|
14
31
|
def safe_json_parse(s: str) -> dict:
|
|
15
32
|
"""Parse JSON string, returning empty dict on failure."""
|
|
16
33
|
try:
|
|
@@ -7,7 +7,7 @@ import typer
|
|
|
7
7
|
|
|
8
8
|
from cycode.cli.apps.ai_guardrails.ides import DEFAULT_IDE_NAME, get_ide
|
|
9
9
|
from cycode.cli.apps.ai_guardrails.ides.base import IDE
|
|
10
|
-
from cycode.cli.apps.ai_guardrails.scan.utils import safe_json_parse
|
|
10
|
+
from cycode.cli.apps.ai_guardrails.scan.utils import read_stdin_text, safe_json_parse
|
|
11
11
|
from cycode.cli.apps.auth.auth_common import get_authorization_info
|
|
12
12
|
from cycode.cli.apps.auth.auth_manager import AuthManager
|
|
13
13
|
from cycode.cli.exceptions.handle_auth_errors import handle_auth_exception
|
|
@@ -78,7 +78,7 @@ def session_start_command(
|
|
|
78
78
|
logger.debug('No stdin payload (TTY), skipping session initialization')
|
|
79
79
|
return
|
|
80
80
|
|
|
81
|
-
stdin_data =
|
|
81
|
+
stdin_data = read_stdin_text().strip()
|
|
82
82
|
payload = safe_json_parse(stdin_data)
|
|
83
83
|
if not payload:
|
|
84
84
|
logger.debug('Empty or invalid stdin payload, skipping session initialization')
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
cycode/__init__.py,sha256=
|
|
1
|
+
cycode/__init__.py,sha256=UjdGx8D2pbm-DIgUO0-gvR92y-C7W85PfkiKjo0b-eg,397
|
|
2
2
|
cycode/__main__.py,sha256=Z3bD5yrA7yPvAChcADQrqCaZd0ChGI1gdiwALwbWJ6U,104
|
|
3
3
|
cycode/cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
cycode/cli/app.py,sha256=AlR2durAEbsa47PDfIj7JtMvJDWA_Dq6wPtVuMJYSCs,10250
|
|
@@ -19,11 +19,11 @@ cycode/cli/apps/ai_guardrails/scan/__init__.py,sha256=qJc82XiQGiAuc1sYY8Ij_A-qXp
|
|
|
19
19
|
cycode/cli/apps/ai_guardrails/scan/consts.py,sha256=drAslw6vW3kxmbCs2qPCUbUPR7PJouT2lsXtu5sD-lQ,1094
|
|
20
20
|
cycode/cli/apps/ai_guardrails/scan/handlers.py,sha256=pf5PrUIVnGLEEE6QKPny9at5V6Ms5u2IEtFP72hKgqA,15523
|
|
21
21
|
cycode/cli/apps/ai_guardrails/scan/payload.py,sha256=pvT3UUqNMvdK3EVzzPjy4JMlOrF-WgxZ3fHN2AtN5eA,1126
|
|
22
|
-
cycode/cli/apps/ai_guardrails/scan/policy.py,sha256=
|
|
23
|
-
cycode/cli/apps/ai_guardrails/scan/scan_command.py,sha256
|
|
22
|
+
cycode/cli/apps/ai_guardrails/scan/policy.py,sha256=BZoNNdDQ9tqnfwhB4X1-bDtudaOQc_gXizm3IVwa28o,3351
|
|
23
|
+
cycode/cli/apps/ai_guardrails/scan/scan_command.py,sha256=uiBCDGcshqgvwkdqrlwNbaGZQnjpAvuTZ9T7UI09YJY,6178
|
|
24
24
|
cycode/cli/apps/ai_guardrails/scan/types.py,sha256=lDttkYFBfOkdMEEaRbq1IT2QTK0R-7Ht3T8vZdyB3b4,1038
|
|
25
|
-
cycode/cli/apps/ai_guardrails/scan/utils.py,sha256=
|
|
26
|
-
cycode/cli/apps/ai_guardrails/session_start_command.py,sha256=
|
|
25
|
+
cycode/cli/apps/ai_guardrails/scan/utils.py,sha256=QzR_zmivDYwg2-F8g4bFfsycHhNo-pPuJly0P_l0gm8,2879
|
|
26
|
+
cycode/cli/apps/ai_guardrails/session_start_command.py,sha256=_N7dDi2bv7IykvB7xtCFFZgP0YmvT8-jxeSywBM57Os,3700
|
|
27
27
|
cycode/cli/apps/ai_guardrails/status_command.py,sha256=Uqss68TEPCYPXpLix6Bh-4J3g-khxWsAqlIGYH5x4bQ,3203
|
|
28
28
|
cycode/cli/apps/ai_guardrails/uninstall_command.py,sha256=dOmePfZmlHAPy2zEJM1yMtSuDqvzDwtqgmLKYK-T9PI,2698
|
|
29
29
|
cycode/cli/apps/ai_remediation/__init__.py,sha256=8vYthY9RQeJqEni3AIF5sryz8n-XJQ6VNqG4aEFBAdY,553
|
|
@@ -209,8 +209,8 @@ cycode/cyclient/report_client.py,sha256=Scq30NeJPzgXv0hPLO1U05AdE9i_2iu6cIrSKpEJ
|
|
|
209
209
|
cycode/cyclient/scan_client.py,sha256=6TK5FQkfrvV7PHqRnUzEn1PBNd2oPYVamvIixcUfe3c,16755
|
|
210
210
|
cycode/cyclient/scan_config_base.py,sha256=mXsPZGYCtp85rv5GIige40yQZXuRcEKUW-VQJ0vgFzk,1201
|
|
211
211
|
cycode/logger.py,sha256=EfZGRK6VC5rE_LAjIcRrHFiQCueylCDXoG6bvGkrIME,2111
|
|
212
|
-
cycode-3.17.1.
|
|
213
|
-
cycode-3.17.1.
|
|
214
|
-
cycode-3.17.1.
|
|
215
|
-
cycode-3.17.1.
|
|
216
|
-
cycode-3.17.1.
|
|
212
|
+
cycode-3.17.1.dev10.dist-info/METADATA,sha256=CUUCwEIh2CKhigEh5u90CphxtOsYx7vLfutsxfaTKkE,89247
|
|
213
|
+
cycode-3.17.1.dev10.dist-info/WHEEL,sha256=zp0Cn7JsFoX2ATtOhtaFYIiE2rmFAD4OcMhtUki8W3U,88
|
|
214
|
+
cycode-3.17.1.dev10.dist-info/entry_points.txt,sha256=iDcVJM8ByLElVgvBgtYxDjw1kT7O8Mo0LcWZIT5L3Ig,45
|
|
215
|
+
cycode-3.17.1.dev10.dist-info/licenses/LICENCE,sha256=2Wx4N6mD_4xB7-E3hPkZ3MPhpJy__k_I8MaCSO-PDRo,1068
|
|
216
|
+
cycode-3.17.1.dev10.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|