cycode 3.8.11.dev1__py3-none-any.whl → 3.9.1__py3-none-any.whl

cycode/__init__.py

@@ -1 +1 @@
-__version__ = '3.8.11.dev1'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
+__version__ = '3.9.1'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag

cycode/cli/apps/ai_guardrails/command_utils.py

@@ -12,24 +12,26 @@ from cycode.cli.apps.ai_guardrails.consts import AIIDEType
 console = Console()
 
 
-def validate_and_parse_ide(ide: str) -> AIIDEType:
-    """Validate IDE parameter and convert to AIIDEType enum.
+def validate_and_parse_ide(ide: str) -> Optional[AIIDEType]:
+    """Validate IDE parameter, returning None for 'all'.
 
     Args:
-        ide: IDE name string (e.g., 'cursor')
+        ide: IDE name string (e.g., 'cursor', 'claude-code', 'all')
 
     Returns:
-        AIIDEType enum value
+        AIIDEType enum value, or None if 'all' was specified
 
     Raises:
         typer.Exit: If IDE is invalid
     """
+    if ide.lower() == 'all':
+        return None
     try:
         return AIIDEType(ide.lower())
     except ValueError:
         valid_ides = ', '.join([ide_type.value for ide_type in AIIDEType])
         console.print(
-            f'[red]Error:[/] Invalid IDE "{ide}". Supported IDEs: {valid_ides}',
+            f'[red]Error:[/] Invalid IDE "{ide}". Supported IDEs: {valid_ides}, all',
             style='bold red',
         )
         raise typer.Exit(1) from None

cycode/cli/apps/ai_guardrails/consts.py

@@ -2,12 +2,7 @@
 
 Currently supports:
 - Cursor
-
-To add a new IDE (e.g., Claude Code):
-1. Add new value to AIIDEType enum
-2. Create _get_<ide>_hooks_dir() function with platform-specific paths
-3. Add entry to IDE_CONFIGS dict with IDE-specific hook event names
-4. Unhide --ide option in commands (install, uninstall, status)
+- Claude Code
 """
 
 import platform
@@ -20,6 +15,14 @@ class AIIDEType(str, Enum):
     """Supported AI IDE types."""
 
     CURSOR = 'cursor'
+    CLAUDE_CODE = 'claude-code'
+
+
+class PolicyMode(str, Enum):
+    """Policy enforcement mode for global mode and per-feature actions."""
+
+    BLOCK = 'block'
+    WARN = 'warn'
 
 
 class IDEConfig(NamedTuple):
@@ -42,6 +45,14 @@ def _get_cursor_hooks_dir() -> Path:
     return Path.home() / '.config' / 'Cursor'
 
 
+def _get_claude_code_hooks_dir() -> Path:
+    """Get Claude Code hooks directory.
+
+    Claude Code uses ~/.claude on all platforms.
+    """
+    return Path.home() / '.claude'
+
+
 # IDE-specific configurations
 IDE_CONFIGS: dict[AIIDEType, IDEConfig] = {
     AIIDEType.CURSOR: IDEConfig(
@@ -51,6 +62,13 @@ IDE_CONFIGS: dict[AIIDEType, IDEConfig] = {
         hooks_file_name='hooks.json',
         hook_events=['beforeSubmitPrompt', 'beforeReadFile', 'beforeMCPExecution'],
     ),
+    AIIDEType.CLAUDE_CODE: IDEConfig(
+        name='Claude Code',
+        hooks_dir=_get_claude_code_hooks_dir(),
+        repo_hooks_subdir='.claude',
+        hooks_file_name='settings.json',
+        hook_events=['UserPromptSubmit', 'PreToolUse:Read', 'PreToolUse:mcp'],
+    ),
 }
 
 # Default IDE
@@ -60,6 +78,47 @@ DEFAULT_IDE = AIIDEType.CURSOR
 CYCODE_SCAN_PROMPT_COMMAND = 'cycode ai-guardrails scan'
 
 
+def _get_cursor_hooks_config() -> dict:
+    """Get Cursor-specific hooks configuration."""
+    config = IDE_CONFIGS[AIIDEType.CURSOR]
+    hooks = {event: [{'command': CYCODE_SCAN_PROMPT_COMMAND}] for event in config.hook_events}
+
+    return {
+        'version': 1,
+        'hooks': hooks,
+    }
+
+
+def _get_claude_code_hooks_config() -> dict:
+    """Get Claude Code-specific hooks configuration.
+
+    Claude Code uses a different hook format with nested structure:
+    - hooks are arrays of objects with 'hooks' containing command arrays
+    - PreToolUse uses 'matcher' field to specify which tools to intercept
+    """
+    command = f'{CYCODE_SCAN_PROMPT_COMMAND} --ide claude-code'
+
+    return {
+        'hooks': {
+            'UserPromptSubmit': [
+                {
+                    'hooks': [{'type': 'command', 'command': command}],
+                }
+            ],
+            'PreToolUse': [
+                {
+                    'matcher': 'Read',
+                    'hooks': [{'type': 'command', 'command': command}],
+                },
+                {
+                    'matcher': 'mcp__.*',
+                    'hooks': [{'type': 'command', 'command': command}],
+                },
+            ],
+        },
+    }
+
+
 def get_hooks_config(ide: AIIDEType) -> dict:
     """Get the hooks configuration for a specific IDE.
 
@@ -69,10 +128,6 @@ def get_hooks_config(ide: AIIDEType) -> dict:
     Returns:
         Dict with hooks configuration for the specified IDE
     """
-    config = IDE_CONFIGS[ide]
-    hooks = {event: [{'command': CYCODE_SCAN_PROMPT_COMMAND}] for event in config.hook_events}
-
-    return {
-        'version': 1,
-        'hooks': hooks,
-    }
+    if ide == AIIDEType.CLAUDE_CODE:
+        return _get_claude_code_hooks_config()
+    return _get_cursor_hooks_config()

cycode/cli/apps/ai_guardrails/hooks_manager.py

@@ -59,9 +59,27 @@ def save_hooks_file(hooks_path: Path, hooks_config: dict) -> bool:
 
 
 def is_cycode_hook_entry(entry: dict) -> bool:
-    """Check if a hook entry is from cycode-cli."""
+    """Check if a hook entry is from cycode-cli.
+
+    Handles both Cursor format (flat) and Claude Code format (nested).
+
+    Cursor format: {"command": "cycode ai-guardrails scan"}
+    Claude Code format: {"hooks": [{"type": "command", "command": "cycode ai-guardrails scan --ide claude-code"}]}
+    """
+    # Check Cursor format (flat command)
     command = entry.get('command', '')
-    return CYCODE_SCAN_PROMPT_COMMAND in command
+    if CYCODE_SCAN_PROMPT_COMMAND in command:
+        return True
+
+    # Check Claude Code format (nested hooks array)
+    hooks = entry.get('hooks', [])
+    for hook in hooks:
+        if isinstance(hook, dict):
+            hook_command = hook.get('command', '')
+            if CYCODE_SCAN_PROMPT_COMMAND in hook_command:
+                return True
+
+    return False
 
 
 def install_hooks(
@@ -185,7 +203,15 @@ def get_hooks_status(scope: str = 'user', repo_path: Optional[Path] = None, ide:
     ide_config = IDE_CONFIGS[ide]
     has_cycode_hooks = False
     for event in ide_config.hook_events:
-        entries = existing.get('hooks', {}).get(event, [])
+        # Handle event:matcher format
+        if ':' in event:
+            actual_event, matcher_prefix = event.split(':', 1)
+            all_entries = existing.get('hooks', {}).get(actual_event, [])
+            # Filter entries by matcher
+            entries = [e for e in all_entries if e.get('matcher', '').startswith(matcher_prefix)]
+        else:
+            entries = existing.get('hooks', {}).get(event, [])
+
         cycode_entries = [e for e in entries if is_cycode_hook_entry(e)]
         if cycode_entries:
             has_cycode_hooks = True

cycode/cli/apps/ai_guardrails/install_command.py

@@ -11,7 +11,7 @@ from cycode.cli.apps.ai_guardrails.command_utils import (
     validate_and_parse_ide,
     validate_scope,
 )
-from cycode.cli.apps.ai_guardrails.consts import IDE_CONFIGS
+from cycode.cli.apps.ai_guardrails.consts import IDE_CONFIGS, AIIDEType
 from cycode.cli.apps.ai_guardrails.hooks_manager import install_hooks
 from cycode.cli.utils.sentry import add_breadcrumb
 
@@ -30,9 +30,9 @@ def install_command(
         str,
         typer.Option(
             '--ide',
-            help='IDE to install hooks for (e.g., "cursor"). Defaults to cursor.',
+            help='IDE to install hooks for (e.g., "cursor", "claude-code", or "all" for all IDEs). Defaults to cursor.',
         ),
-    ] = 'cursor',
+    ] = AIIDEType.CURSOR,
     repo_path: Annotated[
         Optional[Path],
         typer.Option(
@@ -54,6 +54,7 @@ def install_command(
         cycode ai-guardrails install                    # Install for all projects (user scope)
         cycode ai-guardrails install --scope repo       # Install for current repo only
         cycode ai-guardrails install --ide cursor       # Install for Cursor IDE
+        cycode ai-guardrails install --ide all          # Install for all supported IDEs
         cycode ai-guardrails install --scope repo --repo-path /path/to/repo
     """
     add_breadcrumb('ai-guardrails-install')
@@ -62,17 +63,35 @@ def install_command(
     validate_scope(scope)
     repo_path = resolve_repo_path(scope, repo_path)
     ide_type = validate_and_parse_ide(ide)
-    ide_name = IDE_CONFIGS[ide_type].name
-    success, message = install_hooks(scope, repo_path, ide=ide_type)
 
-    if success:
-        console.print(f'[green]✓[/] {message}')
+    ides_to_install: list[AIIDEType] = list(AIIDEType) if ide_type is None else [ide_type]
+
+    results: list[tuple[str, bool, str]] = []
+    for current_ide in ides_to_install:
+        ide_name = IDE_CONFIGS[current_ide].name
+        success, message = install_hooks(scope, repo_path, ide=current_ide)
+        results.append((ide_name, success, message))
+
+    # Report results for each IDE
+    any_success = False
+    all_success = True
+    for _ide_name, success, message in results:
+        if success:
+            console.print(f'[green]✓[/] {message}')
+            any_success = True
+        else:
+            console.print(f'[red]✗[/] {message}', style='bold red')
+            all_success = False
+
+    if any_success:
         console.print()
         console.print('[bold]Next steps:[/]')
-        console.print(f'1. Restart {ide_name} to activate the hooks')
+        successful_ides = [name for name, success, _ in results if success]
+        ide_list = ', '.join(successful_ides)
+        console.print(f'1. Restart {ide_list} to activate the hooks')
         console.print('2. (Optional) Customize policy in ~/.cycode/ai-guardrails.yaml')
         console.print()
         console.print('[dim]The hooks will scan prompts, file reads, and MCP tool calls for secrets.[/]')
-    else:
-        console.print(f'[red]✗[/] {message}', style='bold red')
+
+    if not all_success:
         raise typer.Exit(1)

cycode/cli/apps/ai_guardrails/scan/handlers.py

@@ -13,6 +13,7 @@ from typing import Callable, Optional
 
 import typer
 
+from cycode.cli.apps.ai_guardrails.consts import PolicyMode
 from cycode.cli.apps.ai_guardrails.scan.payload import AIHookPayload
 from cycode.cli.apps.ai_guardrails.scan.policy import get_policy_value
 from cycode.cli.apps.ai_guardrails.scan.response_builders import get_response_builder
@@ -46,7 +47,7 @@ def handle_before_submit_prompt(ctx: typer.Context, payload: AIHookPayload, poli
         ai_client.create_event(payload, AiHookEventType.PROMPT, AIHookOutcome.ALLOWED)
         return response_builder.allow_prompt()
 
-    mode = get_policy_value(policy, 'mode', default='block')
+    mode = get_policy_value(policy, 'mode', default=PolicyMode.BLOCK)
     prompt = payload.prompt or ''
     max_bytes = get_policy_value(policy, 'secrets', 'max_bytes', default=200000)
     timeout_ms = get_policy_value(policy, 'secrets', 'timeout_ms', default=30000)
@@ -55,29 +56,26 @@ def handle_before_submit_prompt(ctx: typer.Context, payload: AIHookPayload, poli
     scan_id = None
     block_reason = None
     outcome = AIHookOutcome.ALLOWED
+    error_message = None
 
     try:
         violation_summary, scan_id = _scan_text_for_secrets(ctx, clipped, timeout_ms)
 
-        if (
-            violation_summary
-            and get_policy_value(prompt_config, 'action', default='block') == 'block'
-            and mode == 'block'
-        ):
-            outcome = AIHookOutcome.BLOCKED
+        if violation_summary:
             block_reason = BlockReason.SECRETS_IN_PROMPT
-            user_message = f'{violation_summary}. Remove secrets before sending.'
-            response = response_builder.deny_prompt(user_message)
-        else:
-            if violation_summary:
-                outcome = AIHookOutcome.WARNED
-            response = response_builder.allow_prompt()
-        return response
+            action = get_policy_value(prompt_config, 'action', default=PolicyMode.BLOCK)
+            if action == PolicyMode.BLOCK and mode == PolicyMode.BLOCK:
+                outcome = AIHookOutcome.BLOCKED
+                user_message = f'{violation_summary}. Remove secrets before sending.'
+                return response_builder.deny_prompt(user_message)
+            outcome = AIHookOutcome.WARNED
+        return response_builder.allow_prompt()
     except Exception as e:
         outcome = (
             AIHookOutcome.ALLOWED if get_policy_value(policy, 'fail_open', default=True) else AIHookOutcome.BLOCKED
         )
-        block_reason = BlockReason.SCAN_FAILURE if outcome == AIHookOutcome.BLOCKED else None
+        block_reason = BlockReason.SCAN_FAILURE
+        error_message = str(e)
         raise e
     finally:
         ai_client.create_event(
@@ -86,6 +84,7 @@ def handle_before_submit_prompt(ctx: typer.Context, payload: AIHookPayload, poli
             outcome,
             scan_id=scan_id,
             block_reason=block_reason,
+            error_message=error_message,
         )
 
 
@@ -106,38 +105,53 @@ def handle_before_read_file(ctx: typer.Context, payload: AIHookPayload, policy:
         ai_client.create_event(payload, AiHookEventType.FILE_READ, AIHookOutcome.ALLOWED)
         return response_builder.allow_permission()
 
-    mode = get_policy_value(policy, 'mode', default='block')
+    mode = get_policy_value(policy, 'mode', default=PolicyMode.BLOCK)
     file_path = payload.file_path or ''
-    action = get_policy_value(file_read_config, 'action', default='block')
+    action = get_policy_value(file_read_config, 'action', default=PolicyMode.BLOCK)
 
     scan_id = None
     block_reason = None
     outcome = AIHookOutcome.ALLOWED
+    error_message = None
 
     try:
         # Check path-based denylist first
-        if is_denied_path(file_path, policy) and action == 'block':
-            outcome = AIHookOutcome.BLOCKED
+        if is_denied_path(file_path, policy):
             block_reason = BlockReason.SENSITIVE_PATH
-            user_message = f'Cycode blocked sending {file_path} to the AI (sensitive path policy).'
-            return response_builder.deny_permission(
+            if mode == PolicyMode.BLOCK and action == PolicyMode.BLOCK:
+                outcome = AIHookOutcome.BLOCKED
+                user_message = f'Cycode blocked sending {file_path} to the AI (sensitive path policy).'
+                return response_builder.deny_permission(
+                    user_message,
+                    'This file path is classified as sensitive; do not read/send it to the model.',
+                )
+            # Warn mode - ask user for permission
+            outcome = AIHookOutcome.WARNED
+            user_message = f'Cycode flagged {file_path} as sensitive. Allow reading?'
+            return response_builder.ask_permission(
                 user_message,
-                'This file path is classified as sensitive; do not read/send it to the model.',
+                'This file path is classified as sensitive; proceed with caution.',
             )
 
         # Scan file content if enabled
         if get_policy_value(file_read_config, 'scan_content', default=True):
             violation_summary, scan_id = _scan_path_for_secrets(ctx, file_path, policy)
-            if violation_summary and action == 'block' and mode == 'block':
-                outcome = AIHookOutcome.BLOCKED
+            if violation_summary:
                 block_reason = BlockReason.SECRETS_IN_FILE
-                user_message = f'Cycode blocked reading {file_path}. {violation_summary}'
-                return response_builder.deny_permission(
+                if mode == PolicyMode.BLOCK and action == PolicyMode.BLOCK:
+                    outcome = AIHookOutcome.BLOCKED
+                    user_message = f'Cycode blocked reading {file_path}. {violation_summary}'
+                    return response_builder.deny_permission(
+                        user_message,
+                        'Secrets detected; do not send this file to the model.',
+                    )
+                # Warn mode - ask user for permission
+                outcome = AIHookOutcome.WARNED
+                user_message = f'Cycode detected secrets in {file_path}. {violation_summary}'
+                return response_builder.ask_permission(
                     user_message,
-                    'Secrets detected; do not send this file to the model.',
+                    'Possible secrets detected; proceed with caution.',
                 )
-            if violation_summary:
-                outcome = AIHookOutcome.WARNED
             return response_builder.allow_permission()
 
         return response_builder.allow_permission()
@@ -145,7 +159,8 @@ def handle_before_read_file(ctx: typer.Context, payload: AIHookPayload, policy:
         outcome = (
             AIHookOutcome.ALLOWED if get_policy_value(policy, 'fail_open', default=True) else AIHookOutcome.BLOCKED
         )
-        block_reason = BlockReason.SCAN_FAILURE if outcome == AIHookOutcome.BLOCKED else None
+        block_reason = BlockReason.SCAN_FAILURE
+        error_message = str(e)
         raise e
     finally:
         ai_client.create_event(
@@ -154,6 +169,7 @@ def handle_before_read_file(ctx: typer.Context, payload: AIHookPayload, policy:
             outcome,
             scan_id=scan_id,
             block_reason=block_reason,
+            error_message=error_message,
         )
 
 
@@ -175,26 +191,27 @@ def handle_before_mcp_execution(ctx: typer.Context, payload: AIHookPayload, poli
         ai_client.create_event(payload, AiHookEventType.MCP_EXECUTION, AIHookOutcome.ALLOWED)
         return response_builder.allow_permission()
 
-    mode = get_policy_value(policy, 'mode', default='block')
+    mode = get_policy_value(policy, 'mode', default=PolicyMode.BLOCK)
     tool = payload.mcp_tool_name or 'unknown'
     args = payload.mcp_arguments or {}
     args_text = args if isinstance(args, str) else json.dumps(args)
     max_bytes = get_policy_value(policy, 'secrets', 'max_bytes', default=200000)
     timeout_ms = get_policy_value(policy, 'secrets', 'timeout_ms', default=30000)
     clipped = truncate_utf8(args_text, max_bytes)
-    action = get_policy_value(mcp_config, 'action', default='block')
+    action = get_policy_value(mcp_config, 'action', default=PolicyMode.BLOCK)
 
     scan_id = None
     block_reason = None
     outcome = AIHookOutcome.ALLOWED
+    error_message = None
 
     try:
         if get_policy_value(mcp_config, 'scan_arguments', default=True):
             violation_summary, scan_id = _scan_text_for_secrets(ctx, clipped, timeout_ms)
             if violation_summary:
-                if mode == 'block' and action == 'block':
+                block_reason = BlockReason.SECRETS_IN_MCP_ARGS
+                if mode == PolicyMode.BLOCK and action == PolicyMode.BLOCK:
                     outcome = AIHookOutcome.BLOCKED
-                    block_reason = BlockReason.SECRETS_IN_MCP_ARGS
                     user_message = f'Cycode blocked MCP tool call "{tool}". {violation_summary}'
                     return response_builder.deny_permission(
                         user_message,
@@ -211,7 +228,8 @@ def handle_before_mcp_execution(ctx: typer.Context, payload: AIHookPayload, poli
         outcome = (
             AIHookOutcome.ALLOWED if get_policy_value(policy, 'fail_open', default=True) else AIHookOutcome.BLOCKED
         )
-        block_reason = BlockReason.SCAN_FAILURE if outcome == AIHookOutcome.BLOCKED else None
+        block_reason = BlockReason.SCAN_FAILURE
+        error_message = str(e)
         raise e
     finally:
         ai_client.create_event(
@@ -220,6 +238,7 @@ def handle_before_mcp_execution(ctx: typer.Context, payload: AIHookPayload, poli
             outcome,
             scan_id=scan_id,
             block_reason=block_reason,
+            error_message=error_message,
         )
 
 

cycode/cli/apps/ai_guardrails/scan/payload.py

@@ -1,9 +1,120 @@
 """Unified payload object for AI hook events from different tools."""
 
+import json
+from collections.abc import Iterator
 from dataclasses import dataclass
+from pathlib import Path
 from typing import Optional
 
-from cycode.cli.apps.ai_guardrails.scan.types import CURSOR_EVENT_MAPPING
+from cycode.cli.apps.ai_guardrails.consts import AIIDEType
+from cycode.cli.apps.ai_guardrails.scan.types import (
+    CLAUDE_CODE_EVENT_MAPPING,
+    CLAUDE_CODE_EVENT_NAMES,
+    CURSOR_EVENT_MAPPING,
+    CURSOR_EVENT_NAMES,
+    AiHookEventType,
+)
+
+
+def _reverse_readline(path: Path, buf_size: int = 8192) -> Iterator[str]:
+    """Read a file line by line from the end without loading entire file into memory.
+
+    Yields lines in reverse order (last line first).
+    """
+    with path.open('rb') as f:
+        f.seek(0, 2)  # Seek to end
+        file_size = f.tell()
+        if file_size == 0:
+            return
+
+        remaining = file_size
+        buffer = b''
+
+        while remaining > 0:
+            # Read a chunk from the end
+            read_size = min(buf_size, remaining)
+            remaining -= read_size
+            f.seek(remaining)
+            chunk = f.read(read_size)
+            buffer = chunk + buffer
+
+            # Yield complete lines from buffer
+            while b'\n' in buffer:
+                # Find the last newline
+                newline_pos = buffer.rfind(b'\n')
+                if newline_pos == len(buffer) - 1:
+                    # Trailing newline, look for previous one
+                    newline_pos = buffer.rfind(b'\n', 0, newline_pos)
+                    if newline_pos == -1:
+                        break
+                # Yield the line after this newline
+                line = buffer[newline_pos + 1 :]
+                buffer = buffer[: newline_pos + 1]
+                if line.strip():
+                    yield line.decode('utf-8', errors='replace')
+
+        # Yield any remaining content as the first line of the file
+        if buffer.strip():
+            yield buffer.decode('utf-8', errors='replace')
+
+
+def _extract_model(entry: dict) -> Optional[str]:
+    """Extract model from a transcript entry (top level or nested in message)."""
+    return entry.get('model') or (entry.get('message') or {}).get('model')
+
+
+def _extract_generation_id(entry: dict) -> Optional[str]:
+    """Extract generation ID from a user-type transcript entry."""
+    if entry.get('type') == 'user':
+        return entry.get('uuid')
+    return None
+
+
+def _extract_from_claude_transcript(
+    transcript_path: str,
+) -> tuple[Optional[str], Optional[str], Optional[str]]:
+    """Extract IDE version, model, and latest generation ID from Claude Code transcript file.
+
+    The transcript is a JSONL file where each line is a JSON object.
+    We look for 'version' (IDE version), 'model', and 'uuid' (generation ID) fields.
+    The generation_id is the UUID of the latest 'user' type message.
+
+    Scans from end to start since latest entries are at the end.
+    Uses reverse reading to avoid loading entire file into memory.
+
+    Returns:
+        Tuple of (ide_version, model, generation_id), any may be None if not found.
+    """
+    if not transcript_path:
+        return None, None, None
+
+    path = Path(transcript_path)
+    if not path.exists():
+        return None, None, None
+
+    ide_version = None
+    model = None
+    generation_id = None
+
+    try:
+        for line in _reverse_readline(path):
+            line = line.strip()
+            if not line:
+                continue
+            try:
+                entry = json.loads(line)
+                ide_version = ide_version or entry.get('version')
+                model = model or _extract_model(entry)
+                generation_id = generation_id or _extract_generation_id(entry)
+
+                if ide_version and model and generation_id:
+                    break
+            except json.JSONDecodeError:
+                continue
+    except OSError:
+        pass
+
+    return ide_version, model, generation_id
 
 
 @dataclass
@@ -18,7 +129,7 @@ class AIHookPayload:
     # User and IDE information
     ide_user_email: Optional[str] = None
     model: Optional[str] = None
-    ide_provider: str = None  # e.g., 'cursor', 'claude-code'
+    ide_provider: str = None  # AIIDEType value (e.g., 'cursor', 'claude-code')
     ide_version: Optional[str] = None
 
     # Event-specific data
@@ -44,7 +155,7 @@ class AIHookPayload:
             generation_id=payload.get('generation_id'),
             ide_user_email=payload.get('user_email'),
             model=payload.get('model'),
-            ide_provider='cursor',
+            ide_provider=AIIDEType.CURSOR,
             ide_version=payload.get('cursor_version'),
             prompt=payload.get('prompt', ''),
             file_path=payload.get('file_path') or payload.get('path'),
@@ -54,12 +165,95 @@ class AIHookPayload:
         )
 
     @classmethod
-    def from_payload(cls, payload: dict, tool: str = 'cursor') -> 'AIHookPayload':
+    def from_claude_code_payload(cls, payload: dict) -> 'AIHookPayload':
+        """Create AIHookPayload from Claude Code IDE payload.
+
+        Claude Code has a different structure:
+        - hook_event_name: 'UserPromptSubmit' or 'PreToolUse'
+        - For PreToolUse: tool_name determines if it's file read ('Read') or MCP ('mcp__*')
+        - tool_input contains tool arguments (e.g., file_path for Read tool)
+        - transcript_path points to JSONL file with version and model info
+        """
+        hook_event_name = payload.get('hook_event_name', '')
+        tool_name = payload.get('tool_name', '')
+        tool_input = payload.get('tool_input')
+
+        if hook_event_name == 'UserPromptSubmit':
+            canonical_event = AiHookEventType.PROMPT
+        elif hook_event_name == 'PreToolUse':
+            canonical_event = AiHookEventType.FILE_READ if tool_name == 'Read' else AiHookEventType.MCP_EXECUTION
+        else:
+            # Unknown event, use the raw event name
+            canonical_event = CLAUDE_CODE_EVENT_MAPPING.get(hook_event_name, hook_event_name)
+
+        # Extract file_path from tool_input for Read tool
+        file_path = None
+        if tool_name == 'Read' and isinstance(tool_input, dict):
+            file_path = tool_input.get('file_path')
+
+        # For MCP tools, the entire tool_input is the arguments
+        mcp_arguments = tool_input if tool_name.startswith('mcp__') else None
+
+        # Extract MCP server and tool name from tool_name (format: mcp__<server>__<tool>)
+        mcp_server_name = None
+        mcp_tool_name = None
+        if tool_name.startswith('mcp__'):
+            parts = tool_name.split('__')
+            if len(parts) >= 2:
+                mcp_server_name = parts[1]
+            if len(parts) >= 3:
+                mcp_tool_name = parts[2]
+
+        # Extract IDE version, model, and generation ID from transcript file
+        ide_version, model, generation_id = _extract_from_claude_transcript(payload.get('transcript_path'))
+
+        return cls(
+            event_name=canonical_event,
+            conversation_id=payload.get('session_id'),
+            generation_id=generation_id,
+            ide_user_email=None,  # Claude Code doesn't provide this in hook payload
+            model=model,
+            ide_provider=AIIDEType.CLAUDE_CODE,
+            ide_version=ide_version,
+            prompt=payload.get('prompt', ''),
+            file_path=file_path,
+            mcp_server_name=mcp_server_name,
+            mcp_tool_name=mcp_tool_name,
+            mcp_arguments=mcp_arguments,
+        )
+
+    @staticmethod
+    def is_payload_for_ide(payload: dict, ide: str) -> bool:
+        """Check if the payload's event name matches the expected IDE.
+
+        This prevents double-processing when Cursor reads Claude Code hooks
+        or vice versa. If the payload's hook_event_name doesn't match the
+        expected IDE's event names, we should skip processing.
+
+        Args:
+            payload: The raw payload from the IDE
+            ide: The IDE name or AIIDEType enum value
+
+        Returns:
+            True if the payload matches the IDE, False otherwise.
+        """
+        hook_event_name = payload.get('hook_event_name', '')
+
+        if ide == AIIDEType.CLAUDE_CODE:
+            return hook_event_name in CLAUDE_CODE_EVENT_NAMES
+        if ide == AIIDEType.CURSOR:
+            return hook_event_name in CURSOR_EVENT_NAMES
+
+        # Unknown IDE, allow processing
+        return True
+
+    @classmethod
+    def from_payload(cls, payload: dict, tool: str = AIIDEType.CURSOR) -> 'AIHookPayload':
         """Create AIHookPayload from any tool's payload.
 
         Args:
             payload: The raw payload from the IDE
-            tool: The IDE/tool name (e.g., 'cursor')
+            tool: The IDE/tool name or AIIDEType enum value
 
         Returns:
             AIHookPayload instance
@@ -67,6 +261,8 @@ class AIHookPayload:
         Raises:
             ValueError: If the tool is not supported
         """
-        if tool == 'cursor':
+        if tool == AIIDEType.CURSOR:
             return cls.from_cursor_payload(payload)
-        raise ValueError(f'Unsupported IDE/tool: {tool}.')
+        if tool == AIIDEType.CLAUDE_CODE:
+            return cls.from_claude_code_payload(payload)
+        raise ValueError(f'Unsupported IDE/tool: {tool}')

cycode/cli/apps/ai_guardrails/scan/response_builders.py

@@ -7,6 +7,8 @@ an abstract interface and concrete implementations for each supported IDE.
 
 from abc import ABC, abstractmethod
 
+from cycode.cli.apps.ai_guardrails.consts import AIIDEType
+
 
 class IDEResponseBuilder(ABC):
     """Abstract base class for IDE-specific response builders."""
@@ -62,17 +64,64 @@ class CursorResponseBuilder(IDEResponseBuilder):
         return {'continue': False, 'user_message': user_message}
 
 
-# Registry of response builders by IDE name
+class ClaudeCodeResponseBuilder(IDEResponseBuilder):
+    """Response builder for Claude Code IDE hooks.
+
+    Claude Code hook response formats:
+    - UserPromptSubmit: {} for allow, {"decision": "block", "reason": str} for deny
+    - PreToolUse: hookSpecificOutput with permissionDecision (allow/deny/ask)
+    """
+
+    def allow_permission(self) -> dict:
+        """Allow file read or MCP execution."""
+        return {
+            'hookSpecificOutput': {
+                'hookEventName': 'PreToolUse',
+                'permissionDecision': 'allow',
+            }
+        }
+
+    def deny_permission(self, user_message: str, agent_message: str) -> dict:
+        """Deny file read or MCP execution."""
+        return {
+            'hookSpecificOutput': {
+                'hookEventName': 'PreToolUse',
+                'permissionDecision': 'deny',
+                'permissionDecisionReason': user_message,
+            }
+        }
+
+    def ask_permission(self, user_message: str, agent_message: str) -> dict:
+        """Ask user for permission (warn mode)."""
+        return {
+            'hookSpecificOutput': {
+                'hookEventName': 'PreToolUse',
+                'permissionDecision': 'ask',
+                'permissionDecisionReason': user_message,
+            }
+        }
+
+    def allow_prompt(self) -> dict:
+        """Allow prompt submission (empty response means allow)."""
+        return {}
+
+    def deny_prompt(self, user_message: str) -> dict:
+        """Deny prompt submission."""
+        return {'decision': 'block', 'reason': user_message}
+
+
+# Registry of response builders by IDE type
 _RESPONSE_BUILDERS: dict[str, IDEResponseBuilder] = {
-    'cursor': CursorResponseBuilder(),
+    AIIDEType.CURSOR: CursorResponseBuilder(),
+    AIIDEType.CLAUDE_CODE: ClaudeCodeResponseBuilder(),
 }
 
 
-def get_response_builder(ide: str = 'cursor') -> IDEResponseBuilder:
+def get_response_builder(ide: str = AIIDEType.CURSOR) -> IDEResponseBuilder:
     """Get the response builder for a specific IDE.
 
     Args:
-        ide: The IDE name (e.g., 'cursor', 'claude-code')
+        ide: The IDE name (e.g., 'cursor', 'claude-code') or AIIDEType enum
 
     Returns:
         IDEResponseBuilder instance for the specified IDE
@@ -80,7 +129,10 @@ def get_response_builder(ide: str = 'cursor') -> IDEResponseBuilder:
     Raises:
         ValueError: If the IDE is not supported
     """
-    builder = _RESPONSE_BUILDERS.get(ide.lower())
+    # Normalize to AIIDEType if string passed
+    if isinstance(ide, str):
+        ide = ide.lower()
+    builder = _RESPONSE_BUILDERS.get(ide)
     if not builder:
         raise ValueError(f'Unsupported IDE: {ide}. Supported IDEs: {list(_RESPONSE_BUILDERS.keys())}')
     return builder

cycode/cli/apps/ai_guardrails/scan/scan_command.py

@@ -16,6 +16,7 @@ from typing import Annotated
 import click
 import typer
 
+from cycode.cli.apps.ai_guardrails.consts import AIIDEType
 from cycode.cli.apps.ai_guardrails.scan.handlers import get_handler_for_event
 from cycode.cli.apps.ai_guardrails.scan.payload import AIHookPayload
 from cycode.cli.apps.ai_guardrails.scan.policy import load_policy
@@ -69,7 +70,7 @@ def scan_command(
             help='IDE that sent the payload (e.g., "cursor"). Defaults to cursor.',
             hidden=True,
         ),
-    ] = 'cursor',
+    ] = AIIDEType.CURSOR,
 ) -> None:
     """Scan content from AI IDE hooks for secrets.
 
@@ -96,6 +97,16 @@ def scan_command(
         output_json(response_builder.allow_prompt())
         return
 
+    # Check if the payload matches the expected IDE - prevents double-processing
+    # when Cursor reads Claude Code hooks from ~/.claude/settings.json
+    if not AIHookPayload.is_payload_for_ide(payload, tool):
+        logger.debug(
+            'Payload event does not match expected IDE, skipping',
+            extra={'hook_event_name': payload.get('hook_event_name'), 'expected_ide': tool},
+        )
+        output_json(response_builder.allow_prompt())
+        return
+
     unified_payload = AIHookPayload.from_payload(payload, tool=tool)
     event_name = unified_payload.event_name
     logger.debug('Processing AI guardrails hook', extra={'event_name': event_name, 'tool': tool})

cycode/cli/apps/ai_guardrails/scan/types.py

@@ -31,6 +31,17 @@ CURSOR_EVENT_MAPPING = {
     'beforeMCPExecution': AiHookEventType.MCP_EXECUTION,
 }
 
+# Claude Code event mapping - note that PreToolUse requires tool_name inspection
+# to determine the actual event type (file read vs MCP execution)
+CLAUDE_CODE_EVENT_MAPPING = {
+    'UserPromptSubmit': AiHookEventType.PROMPT,
+    'PreToolUse': None,  # Requires tool_name inspection to determine actual type
+}
+
+# Set of known event names per IDE (for IDE detection)
+CURSOR_EVENT_NAMES = set(CURSOR_EVENT_MAPPING.keys())
+CLAUDE_CODE_EVENT_NAMES = set(CLAUDE_CODE_EVENT_MAPPING.keys())
+
 
 class AIHookOutcome(StrEnum):
     """Outcome of an AI hook event evaluation."""

cycode/cli/apps/ai_guardrails/status_command.py

@@ -8,6 +8,7 @@ import typer
 from rich.table import Table
 
 from cycode.cli.apps.ai_guardrails.command_utils import console, validate_and_parse_ide, validate_scope
+from cycode.cli.apps.ai_guardrails.consts import IDE_CONFIGS, AIIDEType
 from cycode.cli.apps.ai_guardrails.hooks_manager import get_hooks_status
 from cycode.cli.utils.sentry import add_breadcrumb
 
@@ -26,9 +27,9 @@ def status_command(
         str,
         typer.Option(
             '--ide',
-            help='IDE to check status for (e.g., "cursor"). Defaults to cursor.',
+            help='IDE to check status for (e.g., "cursor", "claude-code", or "all" for all IDEs). Defaults to cursor.',
         ),
-    ] = 'cursor',
+    ] = AIIDEType.CURSOR,
     repo_path: Annotated[
         Optional[Path],
         typer.Option(
@@ -50,6 +51,7 @@ def status_command(
         cycode ai-guardrails status --scope user   # Show only user-level status
         cycode ai-guardrails status --scope repo   # Show only repo-level status
         cycode ai-guardrails status --ide cursor   # Check status for Cursor IDE
+        cycode ai-guardrails status --ide all      # Check status for all supported IDEs
     """
     add_breadcrumb('ai-guardrails-status')
 
@@ -59,34 +61,41 @@ def status_command(
         repo_path = Path(os.getcwd())
     ide_type = validate_and_parse_ide(ide)
 
-    scopes_to_check = ['user', 'repo'] if scope == 'all' else [scope]
+    ides_to_check: list[AIIDEType] = list(AIIDEType) if ide_type is None else [ide_type]
 
-    for check_scope in scopes_to_check:
-        status = get_hooks_status(check_scope, repo_path if check_scope == 'repo' else None, ide=ide_type)
+    scopes_to_check = ['user', 'repo'] if scope == 'all' else [scope]
 
+    for current_ide in ides_to_check:
+        ide_name = IDE_CONFIGS[current_ide].name
         console.print()
-        console.print(f'[bold]{check_scope.upper()} SCOPE[/]')
-        console.print(f'Path: {status["hooks_path"]}')
+        console.print(f'[bold cyan]═══ {ide_name} ═══[/]')
+
+        for check_scope in scopes_to_check:
+            status = get_hooks_status(check_scope, repo_path if check_scope == 'repo' else None, ide=current_ide)
+
+            console.print()
+            console.print(f'[bold]{check_scope.upper()} SCOPE[/]')
+            console.print(f'Path: {status["hooks_path"]}')
 
-        if not status['file_exists']:
-            console.print('[dim]No hooks.json file found[/]')
-            continue
+            if not status['file_exists']:
+                console.print('[dim]No hooks file found[/]')
+                continue
 
-        if status['cycode_installed']:
-            console.print('[green]✓ Cycode AI guardrails: INSTALLED[/]')
-        else:
-            console.print('[yellow]○ Cycode AI guardrails: NOT INSTALLED[/]')
+            if status['cycode_installed']:
+                console.print('[green]✓ Cycode AI guardrails: INSTALLED[/]')
+            else:
+                console.print('[yellow]○ Cycode AI guardrails: NOT INSTALLED[/]')
 
-        # Show hook details
-        table = Table(show_header=True, header_style='bold')
-        table.add_column('Hook Event')
-        table.add_column('Cycode Enabled')
-        table.add_column('Total Hooks')
+            # Show hook details
+            table = Table(show_header=True, header_style='bold')
+            table.add_column('Hook Event')
+            table.add_column('Cycode Enabled')
+            table.add_column('Total Hooks')
 
-        for event, info in status['hooks'].items():
-            enabled = '[green]Yes[/]' if info['enabled'] else '[dim]No[/]'
-            table.add_row(event, enabled, str(info['total_entries']))
+            for event, info in status['hooks'].items():
+                enabled = '[green]Yes[/]' if info['enabled'] else '[dim]No[/]'
+                table.add_row(event, enabled, str(info['total_entries']))
 
-        console.print(table)
+            console.print(table)
 
     console.print()

cycode/cli/apps/ai_guardrails/uninstall_command.py

@@ -11,7 +11,7 @@ from cycode.cli.apps.ai_guardrails.command_utils import (
     validate_and_parse_ide,
     validate_scope,
 )
-from cycode.cli.apps.ai_guardrails.consts import IDE_CONFIGS
+from cycode.cli.apps.ai_guardrails.consts import IDE_CONFIGS, AIIDEType
 from cycode.cli.apps.ai_guardrails.hooks_manager import uninstall_hooks
 from cycode.cli.utils.sentry import add_breadcrumb
 
@@ -30,9 +30,9 @@ def uninstall_command(
         str,
         typer.Option(
             '--ide',
-            help='IDE to uninstall hooks from (e.g., "cursor"). Defaults to cursor.',
+            help='IDE to uninstall hooks from (e.g., "cursor", "claude-code", "all"). Defaults to cursor.',
         ),
-    ] = 'cursor',
+    ] = AIIDEType.CURSOR,
     repo_path: Annotated[
         Optional[Path],
         typer.Option(
@@ -54,6 +54,7 @@ def uninstall_command(
         cycode ai-guardrails uninstall                    # Remove user-level hooks
         cycode ai-guardrails uninstall --scope repo       # Remove repo-level hooks
         cycode ai-guardrails uninstall --ide cursor       # Uninstall from Cursor IDE
+        cycode ai-guardrails uninstall --ide all          # Uninstall from all supported IDEs
     """
     add_breadcrumb('ai-guardrails-uninstall')
 
@@ -61,13 +62,31 @@ def uninstall_command(
     validate_scope(scope)
     repo_path = resolve_repo_path(scope, repo_path)
     ide_type = validate_and_parse_ide(ide)
-    ide_name = IDE_CONFIGS[ide_type].name
-    success, message = uninstall_hooks(scope, repo_path, ide=ide_type)
 
-    if success:
-        console.print(f'[green]✓[/] {message}')
+    ides_to_uninstall: list[AIIDEType] = list(AIIDEType) if ide_type is None else [ide_type]
+
+    results: list[tuple[str, bool, str]] = []
+    for current_ide in ides_to_uninstall:
+        ide_name = IDE_CONFIGS[current_ide].name
+        success, message = uninstall_hooks(scope, repo_path, ide=current_ide)
+        results.append((ide_name, success, message))
+
+    # Report results for each IDE
+    any_success = False
+    all_success = True
+    for _ide_name, success, message in results:
+        if success:
+            console.print(f'[green]✓[/] {message}')
+            any_success = True
+        else:
+            console.print(f'[red]✗[/] {message}', style='bold red')
+            all_success = False
+
+    if any_success:
         console.print()
-        console.print(f'[dim]Restart {ide_name} for changes to take effect.[/]')
-    else:
-        console.print(f'[red]✗[/] {message}', style='bold red')
+        successful_ides = [name for name, success, _ in results if success]
+        ide_list = ', '.join(successful_ides)
+        console.print(f'[dim]Restart {ide_list} for changes to take effect.[/]')
+
+    if not all_success:
         raise typer.Exit(1)

cycode/cyclient/ai_security_manager_client.py

@@ -61,6 +61,7 @@ class AISecurityManagerClient:
         outcome: 'AIHookOutcome',
         scan_id: Optional[str] = None,
         block_reason: Optional['BlockReason'] = None,
+        error_message: Optional[str] = None,
     ) -> None:
         """Create an AI hook event from hook payload."""
         conversation_id = payload.conversation_id
@@ -77,6 +78,7 @@ class AISecurityManagerClient:
             'cli_scan_id': scan_id,
             'mcp_server_name': payload.mcp_server_name,
             'mcp_tool_name': payload.mcp_tool_name,
+            'error_message': error_message,
         }
 
         try:

{cycode-3.8.11.dev1.dist-info → cycode-3.9.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cycode
-Version: 3.8.11.dev1
+Version: 3.9.1
 Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
 License-Expression: MIT
 License-File: LICENCE

{cycode-3.8.11.dev1.dist-info → cycode-3.9.1.dist-info}/RECORD

@@ -1,24 +1,24 @@
-cycode/__init__.py,sha256=ORTRSeXMazgov1gBeQ0xEh8qplYERK_Bjx9-Pht9Hv0,115
+cycode/__init__.py,sha256=COYqmiJKyEDoNPdMU1QWil4k91dLcVgOyUEvwlAxMBo,109
 cycode/__main__.py,sha256=Z3bD5yrA7yPvAChcADQrqCaZd0ChGI1gdiwALwbWJ6U,104
 cycode/cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cycode/cli/app.py,sha256=j7jXFJwVbXROvi6LeBcf7MxhY9q-O7-XkLOkfqOqL3I,6460
 cycode/cli/apps/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cycode/cli/apps/ai_guardrails/__init__.py,sha256=7VsEUYYyqiuJJAV-_Ti_Wudr4SWQZGnoVLBuq8NTvVQ,902
-cycode/cli/apps/ai_guardrails/command_utils.py,sha256=o1LAsmr1jkTxue6sSWzRC8WKUiuzXZd4nRCZJjaWwRw,1810
-cycode/cli/apps/ai_guardrails/consts.py,sha256=85FxVg23-KrF4QnCO7nWRQ1LC2UciV1zJS3zSLOGZwU,2046
-cycode/cli/apps/ai_guardrails/hooks_manager.py,sha256=HEmyYAsdEPOHnLIZyIyeOkZvzH1e7SluP1OqvRHX9Vo,6478
-cycode/cli/apps/ai_guardrails/install_command.py,sha256=cMqEmdIJZgQGCb9y3jy4FPmJ4arSU3_J5pJc3Lst5lM,2671
+cycode/cli/apps/ai_guardrails/command_utils.py,sha256=itWoARiiqC-kCJuppBxBwKDjCSnci2m0EG95GQPy3r4,1924
+cycode/cli/apps/ai_guardrails/consts.py,sha256=6V6jdT2R5wR-_lI7h3pJuWkcTWlVsSnssc0K9KOpOA4,3580
+cycode/cli/apps/ai_guardrails/hooks_manager.py,sha256=YiLY8AnNSmPerMCJpjbJkybnkmhZZ_A93TM3glNZpIM,7448
+cycode/cli/apps/ai_guardrails/install_command.py,sha256=pgE5USLVil1D4Jkeuo4Wxf3t_knL0zn4o1367crz3RU,3439
 cycode/cli/apps/ai_guardrails/scan/__init__.py,sha256=qJc82XiQGiAuc1sYY8Ij_A-qXpxgLPuayQq8xWlouMA,48
 cycode/cli/apps/ai_guardrails/scan/consts.py,sha256=drAslw6vW3kxmbCs2qPCUbUPR7PJouT2lsXtu5sD-lQ,1094
-cycode/cli/apps/ai_guardrails/scan/handlers.py,sha256=R55cfOAJ9Yd8ENddJ0P2_llDsnMoOvXZ7b6vXYVjwJ0,13902
-cycode/cli/apps/ai_guardrails/scan/payload.py,sha256=ZmMj-GYL3BttsL515RF5aEVDqYWlcl3uEfEzmJlGxOc,2832
+cycode/cli/apps/ai_guardrails/scan/handlers.py,sha256=nVFMGtxNFkfiWlhQlIHmx2T1J4jJcOe-WIFiqxxMgu4,14902
+cycode/cli/apps/ai_guardrails/scan/payload.py,sha256=Zxzd1OkM11aCssg7gwwR9OpEjdQOzYklFvEkOqLnb3I,10160
 cycode/cli/apps/ai_guardrails/scan/policy.py,sha256=39s8hnxgjny1l6XAO59wsRcAlpW-LG00GUnO0PfqvuY,2566
-cycode/cli/apps/ai_guardrails/scan/response_builders.py,sha256=rdynnvvKRBjIeXnStafiIp1w5cNuj7uQolRcL453pkI,2934
-cycode/cli/apps/ai_guardrails/scan/scan_command.py,sha256=NYVFRemxbzEZJ8pynKt9uB46qML8-mjxkXUz_zFsEuU,5180
-cycode/cli/apps/ai_guardrails/scan/types.py,sha256=dYpiQ9F5McYBoDfX9AeiuyAuQZpuZ1KbHuqfBo8A79A,1384
+cycode/cli/apps/ai_guardrails/scan/response_builders.py,sha256=VZvMQ3pxqq4ROpT8rvuEF1y9SiX6tVYvgjhh5UBhz78,4740
+cycode/cli/apps/ai_guardrails/scan/scan_command.py,sha256=lAkb-8txg722NjfJXgXT7gJpJp732dm7-vXWxkT3_EQ,5720
+cycode/cli/apps/ai_guardrails/scan/types.py,sha256=H25MKJhAXmp7Mz1YeCIRmAY1Zg5GSpgBq8G1TEI9PFk,1868
 cycode/cli/apps/ai_guardrails/scan/utils.py,sha256=KVfX-NrcM-QW4quLtoNqfmz4GF0FlDs-TkqUOu1hAWM,2057
-cycode/cli/apps/ai_guardrails/status_command.py,sha256=ThkbEkAbZPQgTP8G6ZzfodgkkUvUBTQLnqeO3D-KikU,3066
-cycode/cli/apps/ai_guardrails/uninstall_command.py,sha256=LTvpahXhyivL2eO-fDltyYRR7svjiH8paFZJ3ug23oQ,2300
+cycode/cli/apps/ai_guardrails/status_command.py,sha256=Vqys2-Tp_VerldXfLnXtjq66XU3AQ9h0sbbXkfQ4CoQ,3628
+cycode/cli/apps/ai_guardrails/uninstall_command.py,sha256=dC3U9DBQs3zznvFAMeITcdmBeYApb3cJbrH9RtGmLfI,3061
 cycode/cli/apps/ai_remediation/__init__.py,sha256=8vYthY9RQeJqEni3AIF5sryz8n-XJQ6VNqG4aEFBAdY,553
 cycode/cli/apps/ai_remediation/ai_remediation_command.py,sha256=u1EdebaKCEmzv9fXmnIN0xDSLcCmGyjueYKvYfLOj_8,1549
 cycode/cli/apps/ai_remediation/apply_fix.py,sha256=9zgqiqF9HBQXi7Oz9ZIiANIAuKAMTji1PlNncCEOf5Q,817
@@ -166,7 +166,7 @@ cycode/cli/utils/version_checker.py,sha256=0f5PaTk02ZkDxzBqZOeMV9mU_CWcx6HKW80jU
 cycode/cli/utils/yaml_utils.py,sha256=R-tqzl0C-zoa42rS7nfWeHu3GJ0jpbQUyyqYYU2hleM,1818
 cycode/config.py,sha256=jHORGZQcAXkAGSf2XreC-RQoc8sdNWja69QKtPWTbWo,1044
 cycode/cyclient/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cycode/cyclient/ai_security_manager_client.py,sha256=JqiSbnoHe_MPljIrW5jvBeyzIIbhj_HbIaErs9ewlaI,3327
+cycode/cyclient/ai_security_manager_client.py,sha256=btkphNQPCwJUdm9N7eLFhFBHbKOu1nOGnPfUHS8xTvo,3416
 cycode/cyclient/ai_security_manager_service_config.py,sha256=83pQzgOb93JW6E-dznJkI4c0NEXmQRlx9YZKMmjVwp8,808
 cycode/cyclient/auth_client.py,sha256=TwbmZ358Ancf-Q-IZolvfljZ8691_6botsqd0R0PLPk,2105
 cycode/cyclient/base_token_auth_client.py,sha256=3JIrSz0-ywVTIfxIs2zs5aGcE-x5GW3AgPHm9qA4ZDE,3857
@@ -186,8 +186,8 @@ cycode/cyclient/report_client.py,sha256=Scq30NeJPzgXv0hPLO1U05AdE9i_2iu6cIrSKpEJ
 cycode/cyclient/scan_client.py,sha256=uTBEjgfaCVuJREo73p_zkIVA23NQfdJ1d1-bzc7nSKk,12682
 cycode/cyclient/scan_config_base.py,sha256=mXsPZGYCtp85rv5GIige40yQZXuRcEKUW-VQJ0vgFzk,1201
 cycode/logger.py,sha256=xAzpkWLZhixO4egRcYn4HXM9lIfx5wHdpkHxNc5jrX8,2225
-cycode-3.8.11.dev1.dist-info/METADATA,sha256=6kqiIO-oQ4XKfD1CYqltxVbe3yZUyQtDVh2wP7lEVnE,79038
-cycode-3.8.11.dev1.dist-info/WHEEL,sha256=zp0Cn7JsFoX2ATtOhtaFYIiE2rmFAD4OcMhtUki8W3U,88
-cycode-3.8.11.dev1.dist-info/entry_points.txt,sha256=iDcVJM8ByLElVgvBgtYxDjw1kT7O8Mo0LcWZIT5L3Ig,45
-cycode-3.8.11.dev1.dist-info/licenses/LICENCE,sha256=2Wx4N6mD_4xB7-E3hPkZ3MPhpJy__k_I8MaCSO-PDRo,1068
-cycode-3.8.11.dev1.dist-info/RECORD,,
+cycode-3.9.1.dist-info/METADATA,sha256=kvWHRVBFZQNl34xm263wYUijWeWHXqO1cxRiS43fLp4,79032
+cycode-3.9.1.dist-info/WHEEL,sha256=zp0Cn7JsFoX2ATtOhtaFYIiE2rmFAD4OcMhtUki8W3U,88
+cycode-3.9.1.dist-info/entry_points.txt,sha256=iDcVJM8ByLElVgvBgtYxDjw1kT7O8Mo0LcWZIT5L3Ig,45
+cycode-3.9.1.dist-info/licenses/LICENCE,sha256=2Wx4N6mD_4xB7-E3hPkZ3MPhpJy__k_I8MaCSO-PDRo,1068
+cycode-3.9.1.dist-info/RECORD,,