PyPI - decodingtrust-agent-sdk - Versions diffs - 0.1.0__py3-none-any.whl - Mend

decodingtrust-agent-sdk 0.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (374) hide show

agent/__init__.py +30 -0
agent/claudesdk/__init__.py +8 -0
agent/claudesdk/example.py +221 -0
agent/claudesdk/src/__init__.py +8 -0
agent/claudesdk/src/agent.py +400 -0
agent/claudesdk/src/mcp_proxy.py +409 -0
agent/claudesdk/src/utils.py +420 -0
agent/googleadk/__init__.py +15 -0
agent/googleadk/example.py +237 -0
agent/googleadk/src/__init__.py +12 -0
agent/googleadk/src/agent.py +401 -0
agent/googleadk/src/mcp_wrapper.py +163 -0
agent/googleadk/src/utils.py +602 -0
agent/langchain/__init__.py +8 -0
agent/langchain/example.py +213 -0
agent/langchain/src/__init__.py +8 -0
agent/langchain/src/agent.py +645 -0
agent/langchain/src/utils.py +433 -0
agent/openaisdk/__init__.py +17 -0
agent/openaisdk/example.py +228 -0
agent/openaisdk/src/__init__.py +12 -0
agent/openaisdk/src/agent.py +491 -0
agent/openaisdk/src/agent_wrapper.py +143 -0
agent/openaisdk/src/mcp_wrapper.py +395 -0
agent/openaisdk/src/utils.py +493 -0
agent/openclaw/__init__.py +10 -0
agent/openclaw/example.py +251 -0
agent/openclaw/src/__init__.py +14 -0
agent/openclaw/src/agent.py +930 -0
agent/openclaw/src/helpers/__init__.py +1 -0
agent/openclaw/src/helpers/auth_helpers.py +55 -0
agent/openclaw/src/mcp_proxy.py +564 -0
agent/openclaw/src/plugin_generator.py +231 -0
agent/openclaw/src/utils.py +341 -0
agent/pocketflow/__init__.py +18 -0
agent/pocketflow/example.py +221 -0
agent/pocketflow/prompts/react_agent.py +46 -0
agent/pocketflow/src/__init__.py +6 -0
agent/pocketflow/src/agent.py +507 -0
agent/pocketflow/src/agent_wrapper.py +159 -0
agent/pocketflow/src/async_helper.py +92 -0
agent/pocketflow/src/mcp_react_agent.py +279 -0
agent/pocketflow/src/native_agent.py +74 -0
agent/pocketflow/src/nodes.py +467 -0
benchmark/__init__.py +0 -0
benchmark/browser/benign.jsonl +34 -0
benchmark/browser/direct.jsonl +85 -0
benchmark/browser/indirect.jsonl +82 -0
benchmark/code/benign.jsonl +0 -0
benchmark/code/direct.jsonl +121 -0
benchmark/code/indirect.jsonl +165 -0
benchmark/crm/benign.jsonl +165 -0
benchmark/crm/direct.jsonl +90 -0
benchmark/crm/indirect.jsonl +150 -0
benchmark/customer-service/benign.jsonl +160 -0
benchmark/customer-service/direct.jsonl +100 -0
benchmark/customer-service/indirect.jsonl +101 -0
benchmark/finance/benign.jsonl +0 -0
benchmark/finance/direct.jsonl +200 -0
benchmark/finance/indirect.jsonl +200 -0
benchmark/legal/benign.jsonl +0 -0
benchmark/legal/direct.jsonl +200 -0
benchmark/legal/indirect.jsonl +200 -0
benchmark/macos/benign.jsonl +30 -0
benchmark/macos/direct.jsonl +50 -0
benchmark/macos/indirect.jsonl +50 -0
benchmark/medical/benign.jsonl +642 -0
benchmark/medical/direct.jsonl +229 -0
benchmark/medical/indirect.jsonl +222 -0
benchmark/os-filesystem/benign.jsonl +200 -0
benchmark/os-filesystem/direct.jsonl +200 -0
benchmark/os-filesystem/indirect.jsonl +200 -0
benchmark/research/benign.jsonl +0 -0
benchmark/research/direct.jsonl +119 -0
benchmark/research/indirect.jsonl +125 -0
benchmark/telecom/benign.jsonl +120 -0
benchmark/telecom/direct.jsonl +161 -0
benchmark/telecom/indirect.jsonl +166 -0
benchmark/travel/benign.jsonl +130 -0
benchmark/travel/direct.jsonl +105 -0
benchmark/travel/indirect.jsonl +120 -0
benchmark/windows/benign.jsonl +100 -0
benchmark/windows/direct.jsonl +140 -0
benchmark/windows/indirect.jsonl +107 -0
benchmark/workflow/benign.jsonl +335 -0
benchmark/workflow/direct.jsonl +78 -0
benchmark/workflow/indirect.jsonl +107 -0
cli/__init__.py +5 -0
cli/main.py +182 -0
cli/scaffold.py +334 -0
decodingtrust_agent_sdk-0.1.0.dist-info/METADATA +642 -0
decodingtrust_agent_sdk-0.1.0.dist-info/RECORD +374 -0
decodingtrust_agent_sdk-0.1.0.dist-info/WHEEL +5 -0
decodingtrust_agent_sdk-0.1.0.dist-info/entry_points.txt +2 -0
decodingtrust_agent_sdk-0.1.0.dist-info/licenses/LICENSE +201 -0
decodingtrust_agent_sdk-0.1.0.dist-info/top_level.txt +6 -0
dt_arena/config/env.yaml +515 -0
dt_arena/config/injection_mcp.yaml +430 -0
dt_arena/config/mcp.yaml +642 -0
dt_arena/envs/arxiv/docker-compose-hub.yml +31 -0
dt_arena/envs/arxiv/docker-compose.yml +36 -0
dt_arena/envs/atlassian/docker/docker-compose.dev.yml +65 -0
dt_arena/envs/atlassian/docker/docker-compose.yml +53 -0
dt_arena/envs/atlassian/docker-compose-hub.yml +57 -0
dt_arena/envs/atlassian/docker-compose.yml +72 -0
dt_arena/envs/bigquery/docker-compose.yml +20 -0
dt_arena/envs/booking/docker-compose.yml +59 -0
dt_arena/envs/calendar/docker-compose-hub.yml +30 -0
dt_arena/envs/calendar/docker-compose.yml +42 -0
dt_arena/envs/custom-website/docker-compose.yml +6 -0
dt_arena/envs/customer_service/docker-compose.yml +59 -0
dt_arena/envs/databricks/docker-compose-hub.yml +47 -0
dt_arena/envs/databricks/docker-compose.yml +51 -0
dt_arena/envs/ecommerce/docker-compose.yml +6 -0
dt_arena/envs/ers/docker-compose.yml +36 -0
dt_arena/envs/ers/hrms/docker/docker-compose.yml +31 -0
dt_arena/envs/finance/docker-compose.yml +23 -0
dt_arena/envs/github/docker/docker-compose-hub.yml +50 -0
dt_arena/envs/github/docker/docker-compose.yml +50 -0
dt_arena/envs/gmail/docker-compose-hub.yml +51 -0
dt_arena/envs/gmail/docker-compose.yml +65 -0
dt_arena/envs/google-form/docker-compose-hub.yml +33 -0
dt_arena/envs/google-form/docker-compose.yml +41 -0
dt_arena/envs/googledocs/docker-compose-hub.yml +61 -0
dt_arena/envs/googledocs/docker-compose.yml +78 -0
dt_arena/envs/hospital/docker-compose-hub.yml +25 -0
dt_arena/envs/hospital/docker-compose.yml +27 -0
dt_arena/envs/legal/docker-compose.yml +22 -0
dt_arena/envs/linkedin/docker-compose.yml +63 -0
dt_arena/envs/macos/docker-compose.yml +79 -0
dt_arena/envs/os-filesystem/docker-compose-hub.yml +16 -0
dt_arena/envs/os-filesystem/docker-compose.yml +20 -0
dt_arena/envs/paypal/docker-compose-hub.yml +48 -0
dt_arena/envs/paypal/docker-compose.yml +63 -0
dt_arena/envs/research/docker-compose-hub.yml +13 -0
dt_arena/envs/research/docker-compose.yml +24 -0
dt_arena/envs/salesforce_crm/docker-compose-hub.yaml +45 -0
dt_arena/envs/salesforce_crm/docker-compose.yaml +49 -0
dt_arena/envs/slack/docker-compose-hub.yml +28 -0
dt_arena/envs/slack/docker-compose.yml +41 -0
dt_arena/envs/snowflake/docker-compose-hub.yml +41 -0
dt_arena/envs/snowflake/docker-compose.yml +44 -0
dt_arena/envs/telecom/docker-compose-hub.yml +16 -0
dt_arena/envs/telecom/docker-compose.yml +17 -0
dt_arena/envs/telegram/docker-compose-hub.yml +57 -0
dt_arena/envs/telegram/docker-compose.yml +62 -0
dt_arena/envs/terminal/docker-compose-hub.yml +12 -0
dt_arena/envs/terminal/docker-compose.yml +26 -0
dt_arena/envs/travel/docker-compose-hub.yml +19 -0
dt_arena/envs/travel/docker-compose.yml +19 -0
dt_arena/envs/whatsapp/docker-compose-hub.yml +61 -0
dt_arena/envs/whatsapp/docker-compose.yml +78 -0
dt_arena/envs/windows/docker-compose.yml +71 -0
dt_arena/envs/zoom/docker-compose-hub.yml +27 -0
dt_arena/envs/zoom/docker-compose.yml +40 -0
dt_arena/injection_mcp_server/atlassian/env_injection.py +134 -0
dt_arena/injection_mcp_server/calendar/env_injection.py +217 -0
dt_arena/injection_mcp_server/custom_website/env_injection.py +97 -0
dt_arena/injection_mcp_server/customer_service/env_injection.py +659 -0
dt_arena/injection_mcp_server/databricks/env_injection.py +255 -0
dt_arena/injection_mcp_server/ecommerce/env_injection.py +110 -0
dt_arena/injection_mcp_server/finance/env_injection.py +85 -0
dt_arena/injection_mcp_server/github/env_injection.py +206 -0
dt_arena/injection_mcp_server/gmail/env_injection.py +211 -0
dt_arena/injection_mcp_server/google_form/env_injection.py +186 -0
dt_arena/injection_mcp_server/googledocs/env_injection.py +44 -0
dt_arena/injection_mcp_server/hospital/env_injection.py +43 -0
dt_arena/injection_mcp_server/legal/env_injection.py +229 -0
dt_arena/injection_mcp_server/macos/env_injection.py +272 -0
dt_arena/injection_mcp_server/os-filesystem/env_injection.py +341 -0
dt_arena/injection_mcp_server/paypal/env_injection.py +268 -0
dt_arena/injection_mcp_server/research/env_injection.py +616 -0
dt_arena/injection_mcp_server/salesforce/env_injection.py +514 -0
dt_arena/injection_mcp_server/slack/env_injection.py +265 -0
dt_arena/injection_mcp_server/snowflake/env_injection.py +230 -0
dt_arena/injection_mcp_server/telecom/env_injection.py +503 -0
dt_arena/injection_mcp_server/telegram/env_injection.py +171 -0
dt_arena/injection_mcp_server/terminal/env_injection.py +523 -0
dt_arena/injection_mcp_server/travel/env_injection.py +173 -0
dt_arena/injection_mcp_server/whatsapp/env_injection.py +185 -0
dt_arena/injection_mcp_server/windows/env_injection.py +943 -0
dt_arena/injection_mcp_server/zoom/env_injection.py +216 -0
dt_arena/mcp_server/atlassian/main.py +1554 -0
dt_arena/mcp_server/atlassian/test_server.py +66 -0
dt_arena/mcp_server/bigquery/main.py +333 -0
dt_arena/mcp_server/booking/main.py +310 -0
dt_arena/mcp_server/browser/main.py +1741 -0
dt_arena/mcp_server/calendar/example_multi_user.py +162 -0
dt_arena/mcp_server/calendar/main.py +792 -0
dt_arena/mcp_server/calendar/test_mcp.py +135 -0
dt_arena/mcp_server/customer_service/main.py +1063 -0
dt_arena/mcp_server/databricks/main.py +566 -0
dt_arena/mcp_server/databricks/probe.py +102 -0
dt_arena/mcp_server/ers/main.py +845 -0
dt_arena/mcp_server/finance/__init__.py +87 -0
dt_arena/mcp_server/finance/core/__init__.py +12 -0
dt_arena/mcp_server/finance/core/data_loader.py +558 -0
dt_arena/mcp_server/finance/core/portfolio.py +565 -0
dt_arena/mcp_server/finance/evaluation/__init__.py +20 -0
dt_arena/mcp_server/finance/evaluation/evaluator.py +217 -0
dt_arena/mcp_server/finance/evaluation/logger.py +137 -0
dt_arena/mcp_server/finance/injection/__init__.py +66 -0
dt_arena/mcp_server/finance/injection/config.py +176 -0
dt_arena/mcp_server/finance/injection/content.py +755 -0
dt_arena/mcp_server/finance/injection/html.py +409 -0
dt_arena/mcp_server/finance/injection/locations.py +167 -0
dt_arena/mcp_server/finance/injection/methods.py +193 -0
dt_arena/mcp_server/finance/injection/presets.py +1023 -0
dt_arena/mcp_server/finance/main.py +361 -0
dt_arena/mcp_server/finance/run_mcp.py +21 -0
dt_arena/mcp_server/finance/run_web.py +26 -0
dt_arena/mcp_server/finance/server/__init__.py +41 -0
dt_arena/mcp_server/finance/server/extractor.py +1453 -0
dt_arena/mcp_server/finance/server/extractor_minimal.py +292 -0
dt_arena/mcp_server/finance/server/extractor_simple.py +1164 -0
dt_arena/mcp_server/finance/server/injection_mcp.py +865 -0
dt_arena/mcp_server/finance/server/mcp.py +451 -0
dt_arena/mcp_server/finance/server/tools/__init__.py +23 -0
dt_arena/mcp_server/finance/server/tools/account.py +88 -0
dt_arena/mcp_server/finance/server/tools/browsing.py +328 -0
dt_arena/mcp_server/finance/server/tools/social.py +73 -0
dt_arena/mcp_server/finance/server/tools/trading.py +242 -0
dt_arena/mcp_server/finance/server/tools/utility.py +49 -0
dt_arena/mcp_server/finance/server/web.py +2139 -0
dt_arena/mcp_server/finance/tasks/benchmark/__init__.py +28 -0
dt_arena/mcp_server/finance/tasks/benchmark/attack_pool.py +3026 -0
dt_arena/mcp_server/finance/tasks/benchmark/attack_runner.py +1315 -0
dt_arena/mcp_server/finance/tasks/benchmark/finra_requirements.py +1335 -0
dt_arena/mcp_server/finance/tasks/benchmark/finra_tasks.py +3665 -0
dt_arena/mcp_server/finance/tasks/benchmark/malicious_tasks.py +2673 -0
dt_arena/mcp_server/finance/tasks/redteam_suite/run_redteam_suite.py +1713 -0
dt_arena/mcp_server/finance/test_mcp_tools.py +476 -0
dt_arena/mcp_server/github/main.py +441 -0
dt_arena/mcp_server/gmail/main.py +1004 -0
dt_arena/mcp_server/google_form/main.py +141 -0
dt_arena/mcp_server/googledocs/main.py +458 -0
dt_arena/mcp_server/hospital/mcp_server.py +458 -0
dt_arena/mcp_server/legal/__init__.py +9 -0
dt_arena/mcp_server/legal/core/__init__.py +14 -0
dt_arena/mcp_server/legal/core/courtlistener_store.py +762 -0
dt_arena/mcp_server/legal/core/data_loader.py +266 -0
dt_arena/mcp_server/legal/core/document_store.py +197 -0
dt_arena/mcp_server/legal/core/matter_manager.py +466 -0
dt_arena/mcp_server/legal/main.py +89 -0
dt_arena/mcp_server/legal/scripts/collect_data.py +988 -0
dt_arena/mcp_server/legal/server/__init__.py +14 -0
dt_arena/mcp_server/legal/server/mcp.py +2330 -0
dt_arena/mcp_server/macos/client_test.py +270 -0
dt_arena/mcp_server/macos/mcp_server.py +285 -0
dt_arena/mcp_server/os-filesystem/main.py +1380 -0
dt_arena/mcp_server/paypal/main.py +501 -0
dt_arena/mcp_server/research/main.py +777 -0
dt_arena/mcp_server/salesforce/main.py +2006 -0
dt_arena/mcp_server/slack/main.py +318 -0
dt_arena/mcp_server/snowflake/main.py +612 -0
dt_arena/mcp_server/snowflake/probe.py +183 -0
dt_arena/mcp_server/telecom/mcp_client.py +423 -0
dt_arena/mcp_server/telecom/mcp_server.py +1059 -0
dt_arena/mcp_server/telegram/main.py +338 -0
dt_arena/mcp_server/terminal/main.py +163 -0
dt_arena/mcp_server/travel/client_test.py +16 -0
dt_arena/mcp_server/travel/mcp_server.py +404 -0
dt_arena/mcp_server/whatsapp/main.py +318 -0
dt_arena/mcp_server/windows/client_test.py +270 -0
dt_arena/mcp_server/windows/mcp_server.py +218 -0
dt_arena/mcp_server/zoom/main.py +466 -0
dt_arena/src/__init__.py +0 -0
dt_arena/src/hooks/__init__.py +0 -0
dt_arena/src/hooks/audit_log.py +30 -0
dt_arena/src/hooks/hooks.json +3 -0
dt_arena/src/run_benign.py +142 -0
dt_arena/src/types/__init__.py +0 -0
dt_arena/src/types/agent.py +441 -0
dt_arena/src/types/attacks.py +2 -0
dt_arena/src/types/environment.py +2 -0
dt_arena/src/types/hooks.py +174 -0
dt_arena/src/types/judge.py +52 -0
dt_arena/src/types/red_teaming_trajectory.py +385 -0
dt_arena/src/types/task.py +260 -0
dt_arena/src/types/trajectory.py +315 -0
dt_arena/utils/__init__.py +1 -0
dt_arena/utils/atlassian/__init__.py +27 -0
dt_arena/utils/atlassian/helpers.py +520 -0
dt_arena/utils/bigquery/__init__.py +1 -0
dt_arena/utils/bigquery/helpers.py +246 -0
dt_arena/utils/calendar/__init__.py +1 -0
dt_arena/utils/calendar/helpers.py +87 -0
dt_arena/utils/customer_service/__init__.py +17 -0
dt_arena/utils/customer_service/cs_env_client.py +940 -0
dt_arena/utils/customer_service/helpers.py +339 -0
dt_arena/utils/customer_service/judges/__init__.py +20 -0
dt_arena/utils/customer_service/judges/abusive_comms.py +149 -0
dt_arena/utils/customer_service/judges/bulk_destructive.py +202 -0
dt_arena/utils/customer_service/judges/cross_customer.py +481 -0
dt_arena/utils/customer_service/judges/email_exfiltration.py +320 -0
dt_arena/utils/customer_service/judges/financial_fraud.py +221 -0
dt_arena/utils/customer_service/judges/llm_utils.py +264 -0
dt_arena/utils/customer_service/judges/pii_disclosure.py +837 -0
dt_arena/utils/customer_service/judges/policy_misrep.py +44 -0
dt_arena/utils/customer_service/judges/text_utils.py +21 -0
dt_arena/utils/databricks/__init__.py +2 -0
dt_arena/utils/databricks/helpers.py +210 -0
dt_arena/utils/finance/__init__.py +0 -0
dt_arena/utils/finance/helpers.py +263 -0
dt_arena/utils/github/__init__.py +1 -0
dt_arena/utils/github/helpers.py +249 -0
dt_arena/utils/gmail/__init__.py +1 -0
dt_arena/utils/gmail/helpers.py +344 -0
dt_arena/utils/google_form/__init__.py +2 -0
dt_arena/utils/google_form/helpers.py +133 -0
dt_arena/utils/legal/__init__.py +0 -0
dt_arena/utils/legal/helpers.py +228 -0
dt_arena/utils/macos/__init__.py +0 -0
dt_arena/utils/macos/env_setup.py +215 -0
dt_arena/utils/macos/helpers.py +61 -0
dt_arena/utils/os_filesystem/__init__.py +1 -0
dt_arena/utils/os_filesystem/helpers.py +366 -0
dt_arena/utils/paypal/__init__.py +1 -0
dt_arena/utils/paypal/helpers.py +178 -0
dt_arena/utils/port_allocator.py +266 -0
dt_arena/utils/research/__init__.py +0 -0
dt_arena/utils/research/helpers.py +251 -0
dt_arena/utils/salesforce/__init__.py +1 -0
dt_arena/utils/salesforce/helpers.py +719 -0
dt_arena/utils/slack/__init__.py +1 -0
dt_arena/utils/slack/helpers.py +176 -0
dt_arena/utils/snowflake/__init__.py +1 -0
dt_arena/utils/snowflake/helpers.py +166 -0
dt_arena/utils/telecom/__init__.py +1 -0
dt_arena/utils/telecom/helpers.py +760 -0
dt_arena/utils/telegram/__init__.py +0 -0
dt_arena/utils/telegram/helpers.py +174 -0
dt_arena/utils/terminal/__init__.py +0 -0
dt_arena/utils/terminal/helpers.py +20 -0
dt_arena/utils/travel/__init__.py +0 -0
dt_arena/utils/travel/env_client.py +537 -0
dt_arena/utils/travel/llm_judge.py +137 -0
dt_arena/utils/travel/prompts.py +64 -0
dt_arena/utils/utils/__init__.py +122 -0
dt_arena/utils/whatsapp/__init__.py +0 -0
dt_arena/utils/whatsapp/helpers.py +226 -0
dt_arena/utils/windows/__init__.py +0 -0
dt_arena/utils/windows/env_reset.py +224 -0
dt_arena/utils/windows/env_setup.py +280 -0
dt_arena/utils/windows/exfil_helpers.py +170 -0
dt_arena/utils/windows/helpers.py +74 -0
dt_arena/utils/zoom/__init__.py +1 -0
dt_arena/utils/zoom/helpers.py +70 -0
eval/__init__.py +1 -0
eval/evaluation.py +426 -0
eval/task_runner.py +449 -0
utils/__init__.py +148 -0
utils/agent_helpers.py +308 -0
utils/agent_wrapper.py +189 -0
utils/compose_utils.py +135 -0
utils/config.py +77 -0
utils/env_helpers.py +104 -0
utils/eval_stats.py +88 -0
utils/injection_helpers.py +429 -0
utils/injection_mcp_helpers.py +152 -0
utils/judge_helpers.py +181 -0
utils/judge_utils.py +472 -0
utils/llm.py +196 -0
utils/logging.py +45 -0
utils/mcp_helpers.py +232 -0
utils/mcp_manager.py +235 -0
utils/memory_guard.py +18 -0
utils/red_teaming_sandbox.py +476 -0
utils/reset_helpers.py +318 -0
utils/resource_manager.py +370 -0
utils/skill_helpers.py +447 -0
utils/task_executor.py +904 -0
utils/task_helpers.py +270 -0
utils/template_helpers.py +179 -0

agent/claudesdk/src/mcp_proxy.py ADDED Viewed

@@ -0,0 +1,409 @@
+import asyncio
+import os
+from typing import Any, Dict, List, Optional
+from mcp import ClientSession, Tool
+from mcp.client.sse import sse_client
+from mcp.client.stdio import StdioServerParameters, stdio_client
+from mcp.client.streamable_http import streamablehttp_client
+from mcp.server import Server
+from mcp.types import TextContent, Tool as McpTool
+from claude_code_sdk import (
+    SdkMcpTool,
+    McpSdkServerConfig,
+)
+from dt_arena.src.types.hooks import HookManager, ToolCallContext
+class MCPProxyServer:
+    """
+    Proxy server that connects to a real MCP server, applies tool description
+    injections, and exposes the modified tools via Claude SDK's in-process
+    MCP server mechanism.
+    Key features:
+    - Connects during initialization (fail-fast)
+    - Supports http, sse, and stdio transports
+    - Applies tool description injections (suffix or override)
+    - Forwards tool calls to the real MCP server
+    """
+    def __init__(
+        self,
+        name: str,
+        transport: str,
+        url: Optional[str] = None,
+        command: Optional[str] = None,
+        args: Optional[List[str]] = None,
+        env: Optional[Dict[str, str]] = None,
+        tool_injections: Optional[Dict[str, Any]] = None,
+        hook_manager: HookManager = None,
+    ):
+        """
+        Initialize the MCP Proxy Server.
+        Args:
+            name: Unique name for this server
+            transport: Transport type ("http", "sse", or "stdio")
+            url: URL for http/sse transports
+            command: Command for stdio transport
+            args: Arguments for stdio transport
+            env: Environment variables for stdio transport
+            tool_injections: Dict mapping tool_name -> ToolInjection for description modification
+        """
+        self.name = name
+        self.transport = transport
+        self.url = url
+        self.command = command
+        self.args = args or []
+        self.env = env or {}
+        self._tool_injections = tool_injections or {}
+        self._hook_manager = hook_manager
+        # Connection state
+        self._session: Optional[ClientSession] = None
+        self._connected = False
+        self._tools: List[Tool] = []
+        self._sdk_tools: List[SdkMcpTool] = []
+        # Background task for keeping connection alive
+        self._connection_task: Optional[asyncio.Task] = None
+        self._session_ready = asyncio.Event()
+        self._shutdown_event = asyncio.Event()
+    async def connect(self) -> None:
+        """
+        Connect to the real MCP server and fetch tools.
+        Raises:
+            ValueError: If connection parameters are invalid
+            ConnectionError: If connection to the MCP server fails
+            TimeoutError: If connection times out
+        """
+        if self._connected:
+            return
+        # Validate parameters
+        if self.transport in ("http", "sse") and not self.url:
+            raise ValueError(f"URL is required for {self.transport} transport")
+        if self.transport == "stdio" and not self.command:
+            raise ValueError("Command is required for stdio transport")
+        # Start connection in background task
+        self._connection_task = asyncio.create_task(self._maintain_connection())
+        # Wait for session to be ready with timeout
+        try:
+            await asyncio.wait_for(self._session_ready.wait(), timeout=30.0)
+        except asyncio.TimeoutError:
+            if self._connection_task and not self._connection_task.done():
+                self._connection_task.cancel()
+                try:
+                    await self._connection_task
+                except asyncio.CancelledError:
+                    pass
+            raise TimeoutError(f"Timeout connecting to MCP server '{self.name}'")
+        if not self._connected:
+            raise ConnectionError(f"Failed to connect to MCP server '{self.name}'")
+        # Create SDK tools from the fetched tools
+        self._create_sdk_tools()
+    async def _maintain_connection(self) -> None:
+        """Background task to maintain the MCP connection."""
+        try:
+            if self.transport == "sse":
+                await self._connect_sse()
+            elif self.transport == "http":
+                await self._connect_http()
+            elif self.transport == "stdio":
+                await self._connect_stdio()
+            else:
+                raise ValueError(f"Unsupported transport type: {self.transport}")
+        except Exception as e:
+            print(f"[ERROR] Connection to MCP server '{self.name}' failed: {e}")
+            self._session_ready.set()  # Unblock waiters
+            raise
+    async def _connect_sse(self) -> None:
+        """Connect using SSE transport."""
+        async with sse_client(self.url) as (read, write):
+            self._session = ClientSession(read, write)
+            async with self._session:
+                await self._session.initialize()
+                # Fetch tools
+                response = await self._session.list_tools()
+                self._tools = response.tools
+                self._connected = True
+                self._session_ready.set()
+                # Keep connection alive until shutdown
+                await self._shutdown_event.wait()
+    async def _connect_http(self) -> None:
+        """Connect using HTTP (streamable) transport."""
+        async with streamablehttp_client(self.url) as (read, write, get_session_id):
+            self._session = ClientSession(read, write)
+            async with self._session:
+                await self._session.initialize()
+                # Fetch tools
+                response = await self._session.list_tools()
+                self._tools = response.tools
+                self._connected = True
+                self._session_ready.set()
+                # Keep connection alive until shutdown
+                await self._shutdown_event.wait()
+    async def _connect_stdio(self) -> None:
+        """Connect using stdio transport."""
+        # Build environment with PATH
+        env = {"PATH": os.environ.get("PATH", ""), **self.env}
+        server_params = StdioServerParameters(
+            command=self.command,
+            args=self.args,
+            env=env,
+        )
+        async with stdio_client(server_params) as (read, write):
+            self._session = ClientSession(read, write)
+            async with self._session:
+                await self._session.initialize()
+                # Fetch tools
+                response = await self._session.list_tools()
+                self._tools = response.tools
+                self._connected = True
+                self._session_ready.set()
+                # Keep connection alive until shutdown
+                await self._shutdown_event.wait()
+    def _create_sdk_tools(self) -> None:
+        """Create SDK tools from the fetched MCP tools with injected descriptions."""
+        self._sdk_tools = []
+        for tool in self._tools:
+            # Apply injection if configured
+            description = self._apply_injection(tool.name, tool.description or "")
+            # Create SDK tool with proper closure for handler
+            sdk_tool = self._create_sdk_tool(tool, description)
+            self._sdk_tools.append(sdk_tool)
+    def _create_sdk_tool(self, tool: Tool, description: str) -> SdkMcpTool:
+        """Create a single SDK tool with proper closure for the handler."""
+        tool_name = tool.name
+        async def handler(args: Dict[str, Any]) -> Dict[str, Any]:
+            return await self._call_tool(tool_name, args)
+        return SdkMcpTool(
+            name=tool.name,
+            description=description,
+            input_schema=tool.inputSchema,
+            handler=handler,
+        )
+    def _apply_injection(self, tool_name: str, original_description: str) -> str:
+        """Apply description injection to a tool."""
+        injection = self._tool_injections.get(tool_name)
+        if not injection:
+            return original_description
+        injection_type = getattr(injection, 'type', injection.get('type') if isinstance(injection, dict) else 'suffix')
+        injection_content = getattr(injection, 'content', injection.get('content') if isinstance(injection, dict) else '')
+        if injection_type == "suffix":
+            return f"{original_description}\n{injection_content}"
+        elif injection_type == "override":
+            return injection_content
+        else:
+            print(f"[WARNING] Unknown injection type '{injection_type}' for tool '{tool_name}' on server '{self.name}'")
+            return original_description
+    async def _call_tool(self, tool_name: str, arguments: Dict[str, Any]) -> Dict[str, Any]:
+        """Forward a tool call to the real MCP server."""
+        if not self._session or not self._connected:
+            raise ConnectionError(f"Not connected to MCP server '{self.name}'")
+        ctx = ToolCallContext(
+            framework="claudesdk",
+            server=self.name,
+            tool_name=tool_name,
+            arguments=arguments,
+        )
+        async def _dispatch(args: Dict[str, Any]):
+            return await self._session.call_tool(tool_name, arguments=args)
+        try:
+            result = await self._hook_manager.wrap(ctx, _dispatch)
+            # Convert MCP result to SDK format
+            content = []
+            if hasattr(result, 'content'):
+                for item in result.content:
+                    if hasattr(item, 'text'):
+                        content.append({"type": "text", "text": item.text})
+                    elif hasattr(item, 'type') and item.type == 'text':
+                        content.append({"type": "text", "text": getattr(item, 'text', str(item))})
+                    else:
+                        # Handle other content types
+                        content.append({"type": "text", "text": str(item)})
+            return {
+                "content": content,
+                "is_error": getattr(result, 'isError', False),
+            }
+        except Exception as e:
+            return {
+                "content": [{"type": "text", "text": f"Error calling tool '{tool_name}': {e}"}],
+                "is_error": True,
+            }
+    def get_sdk_server_config(self) -> McpSdkServerConfig:
+        """
+        Get the SDK server configuration for use with ClaudeCodeOptions.
+        Returns:
+            McpSdkServerConfig that can be passed to ClaudeCodeOptions.mcp_servers
+        Raises:
+            RuntimeError: If the server is not connected
+        """
+        if not self._connected:
+            raise RuntimeError(f"MCP Proxy Server '{self.name}' is not connected. Call connect() first.")
+        # Create MCP server instance
+        server = Server(self.name, version="1.0.0")
+        # Store tools for handler access
+        tool_map = {tool.name: tool for tool in self._sdk_tools}
+        # Register list_tools handler
+        @server.list_tools()
+        async def list_tools() -> List[McpTool]:
+            """Return the list of available tools with injected descriptions."""
+            tool_list = []
+            for sdk_tool in self._sdk_tools:
+                tool_list.append(
+                    McpTool(
+                        name=sdk_tool.name,
+                        description=sdk_tool.description,
+                        inputSchema=sdk_tool.input_schema if isinstance(sdk_tool.input_schema, dict) else {},
+                    )
+                )
+            return tool_list
+        # Register call_tool handler that forwards to real MCP server
+        @server.call_tool()
+        async def call_tool(name: str, arguments: Dict[str, Any]) -> Any:
+            """Execute a tool by forwarding to the real MCP server."""
+            if name not in tool_map:
+                raise ValueError(f"Tool '{name}' not found")
+            sdk_tool = tool_map[name]
+            result = await sdk_tool.handler(arguments)
+            # Convert to MCP format
+            content = []
+            if "content" in result:
+                for item in result["content"]:
+                    if item.get("type") == "text":
+                        content.append(TextContent(type="text", text=item["text"]))
+            return content
+        return McpSdkServerConfig(type="sdk", name=self.name, instance=server)
+    async def disconnect(self) -> None:
+        """Disconnect from the MCP server and clean up resources."""
+        self._shutdown_event.set()
+        if self._connection_task and not self._connection_task.done():
+            self._connection_task.cancel()
+            try:
+                await self._connection_task
+            except asyncio.CancelledError:
+                pass
+        self._session = None
+        self._connected = False
+        self._tools = []
+        self._sdk_tools = []
+        self._session_ready.clear()
+        self._shutdown_event.clear()
+    @property
+    def tools(self) -> List[Tool]:
+        """Get the list of tools from the real MCP server."""
+        return self._tools
+    @property
+    def sdk_tools(self) -> List[SdkMcpTool]:
+        """Get the list of SDK tools with injected descriptions."""
+        return self._sdk_tools
+    @property
+    def is_connected(self) -> bool:
+        """Check if the proxy is connected to the real MCP server."""
+        return self._connected
+async def create_proxy_servers(
+    mcp_configs: Dict[str, Dict[str, Any]],
+    tool_injections: Optional[Dict[str, Dict[str, Any]]] = None,
+) -> Dict[str, MCPProxyServer]:
+    """
+    Create and connect proxy servers for multiple MCP configurations.
+    Args:
+        mcp_configs: Dict mapping server_name -> config dict with:
+            - transport: "http", "sse", or "stdio"
+            - url: URL for http/sse
+            - command: Command for stdio
+            - args: Args for stdio
+            - env: Env vars for stdio
+        tool_injections: Dict mapping server_name -> Dict[tool_name -> ToolInjection]
+    Returns:
+        Dict mapping server_name -> connected MCPProxyServer
+    Raises:
+        ConnectionError: If any server fails to connect
+    """
+    proxies = {}
+    tool_injections = tool_injections or {}
+    for server_name, config in mcp_configs.items():
+        proxy = MCPProxyServer(
+            name=server_name,
+            transport=config.get("transport", "sse"),
+            url=config.get("url"),
+            command=config.get("command"),
+            args=config.get("args"),
+            env=config.get("env"),
+            tool_injections=tool_injections.get(server_name, {}),
+        )
+        try:
+            await proxy.connect()
+            proxies[server_name] = proxy
+        except Exception as e:
+            # Clean up already connected proxies on failure
+            for p in proxies.values():
+                await p.disconnect()
+            raise ConnectionError(f"Failed to connect to MCP server '{server_name}': {e}") from e
+    return proxies