mcpower-proxy 0.0.58__py3-none-any.whl → 0.0.73__py3-none-any.whl

ide_tools/cursor/router.py

@@ -0,0 +1,100 @@
+"""
+Cursor Router
+
+Routes Cursor hook calls to appropriate handlers.
+"""
+
+import asyncio
+import json
+import sys
+import uuid
+
+from ide_tools.common.hooks.init import handle_init
+from ide_tools.common.hooks.prompt_submit import handle_prompt_submit
+from ide_tools.common.hooks.read_file import handle_read_file
+from ide_tools.common.hooks.shell_execution import handle_shell_execution
+from modules.logs.audit_trail import AuditTrailLogger
+from modules.logs.logger import MCPLogger
+from .constants import CURSOR_HOOKS, CURSOR_CONFIG
+
+
+def route_cursor_hook(logger: MCPLogger, audit_logger: AuditTrailLogger, stdin_input: str):
+    """
+    Route Cursor hook to appropriate shared handler
+    
+    Args:
+        logger: MCPLogger instance
+        audit_logger: AuditTrailLogger instance
+        stdin_input: Raw input string from stdin
+    """
+    try:
+        input_data = json.loads(stdin_input)
+
+        hook_event_name = input_data.get("hook_event_name")
+        if not hook_event_name:
+            logger.error("Missing required field 'hook_event_name' in input")
+            sys.exit(1)
+
+        conversation_id = input_data.get("conversation_id")
+        if not conversation_id:
+            logger.error("Missing required field 'conversation_id' in input")
+            sys.exit(1)
+
+        generation_id = input_data.get("generation_id")
+        if not generation_id:
+            logger.error("Missing required field 'generation_id' in input")
+            sys.exit(1)
+
+        workspace_roots = input_data.get("workspace_roots")
+        if workspace_roots is None:
+            logger.error("Missing required field 'workspace_roots' in input")
+            sys.exit(1)
+
+        if not isinstance(workspace_roots, list):
+            logger.error("Invalid 'workspace_roots': must be a list")
+            sys.exit(1)
+
+        prompt_id = conversation_id[:8]
+        event_id = uuid.uuid4().hex[:8]
+        cwd = workspace_roots[0] if workspace_roots else None
+
+        logger.info(
+            f"Cursor router: routing to {hook_event_name} handler "
+            f"(prompt_id={prompt_id}, event_id={event_id}, cwd={cwd})")
+
+        # Route to appropriate handler
+        if hook_event_name == "init":
+            asyncio.run(handle_init(
+                logger=logger,
+                audit_logger=audit_logger,
+                event_id=event_id,
+                cwd=cwd,
+                server_name=CURSOR_CONFIG.server_name,
+                client_name="cursor",
+                hooks=CURSOR_HOOKS
+            ))
+        elif hook_event_name == "beforeShellExecution":
+            asyncio.run(
+                handle_shell_execution(logger, audit_logger, stdin_input, prompt_id, event_id, cwd, CURSOR_CONFIG,
+                                       hook_event_name, is_request=True))
+        elif hook_event_name == "afterShellExecution":
+            asyncio.run(
+                handle_shell_execution(logger, audit_logger, stdin_input, prompt_id, event_id, cwd, CURSOR_CONFIG,
+                                       hook_event_name, is_request=False))
+        elif hook_event_name == "beforeReadFile":
+            asyncio.run(handle_read_file(logger, audit_logger, stdin_input, prompt_id, event_id, cwd, CURSOR_CONFIG,
+                                         hook_event_name))
+        elif hook_event_name == "beforeSubmitPrompt":
+            asyncio.run(
+                handle_prompt_submit(logger, audit_logger, stdin_input, prompt_id, event_id, cwd, CURSOR_CONFIG,
+                                     hook_event_name))
+        else:
+            logger.error(f"Unknown hook_event_name: {hook_event_name}")
+            sys.exit(1)
+
+    except json.JSONDecodeError as e:
+        logger.error(f"Failed to parse input JSON: {e}")
+        sys.exit(1)
+    except Exception as e:
+        logger.error(f"Routing error: {e}", exc_info=True)
+        sys.exit(1)

ide_tools/router.py

@@ -0,0 +1,48 @@
+"""
+IDE Tools Router
+
+Routes hook calls to appropriate IDE-specific routers based on --ide flag.
+"""
+
+import sys
+from typing import Optional
+
+from modules.logs.audit_trail import AuditTrailLogger
+from modules.logs.logger import MCPLogger
+
+
+def main(logger: MCPLogger, audit_logger: AuditTrailLogger, ide: str, context: Optional[str]):
+    """
+    Main entry point for IDE tools - routes to appropriate IDE router
+    
+    Args:
+        logger: MCPLogger instance
+        audit_logger: AuditTrailLogger instance
+        ide: IDE name (e.g., "cursor")
+        context: Additional context (to be verified as optional by the associated --ide handler)
+    """
+    # Monkey patch sys.exit to log exit code
+    original_exit = sys.exit
+
+    def logged_exit(code=0):
+        logger.info(f"sys.exit called with code: {code}")
+        original_exit(code)
+
+    sys.exit = logged_exit
+
+    logger.info(f"IDE Tools router: ide={ide}, context={context}")
+
+    # Read stdin input once at the top level (raw string)
+    # Each handler will parse it according to its own schema
+    stdin_input = sys.stdin.read()
+
+    # Route to appropriate IDE handler with the raw input string
+    if ide == "cursor":
+        from ide_tools.cursor import route_cursor_hook
+        route_cursor_hook(logger, audit_logger, stdin_input)
+    elif ide == "claude-code":
+        from ide_tools.claude_code import route_claude_code_hook
+        route_claude_code_hook(logger, audit_logger, stdin_input)
+    else:
+        logger.error(f"Unknown IDE: {ide}")
+        sys.exit(1)

main.py

@@ -45,13 +45,20 @@ def main():
         logger.info('=' * 66)
         logger.info('')
 
-    # Start config monitoring
-    config.start_monitoring(logger)
-
     # Setup audit trail logging
     audit_logger = setup_audit_trail_logger(logger)
 
-    logger.info(f"Starting MCPower Proxy:\n{{'args': {args}, 'log_file': {log_file}, 'log_level': {log_level}, 'debug_mode': {debug_mode}}}")
+    if args.ide_tool:
+        from ide_tools.router import main as ide_tools_main
+        ide_tools_main(logger, audit_logger, args.ide, args.context)
+        return
+
+    # Continue with MCP wrapper mode
+    # Start config monitoring
+    config.start_monitoring(logger)
+
+    logger.info(
+        f"Starting MCPower Proxy:\n{{'args': {args}, 'log_file': {log_file}, 'log_level': {log_level}, 'debug_mode': {debug_mode}}}")
 
     try:
         # Parse JSON/JSONC config

{mcpower_proxy-0.0.58.dist-info → mcpower_proxy-0.0.73.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mcpower-proxy
-Version: 0.0.58
+Version: 0.0.73
 Summary: MCPower Security proxy
 Author-email: MCPower Security <support@mcpower.tech>
 License:                                  Apache License
@@ -209,20 +209,31 @@ Keywords: mcp,security,proxy,monitoring,audit,redaction,policy-enforcement
 Requires-Python: ~=3.11.0
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: fastmcp>=2.10.5
+Requires-Dist: fastmcp==2.13.0.2
 Requires-Dist: httpx>=0.25.0
 Requires-Dist: mcp>=1.0.0
 Requires-Dist: watchdog>=3.0.0
 Requires-Dist: jsonc-parser>=1.1.5
 Requires-Dist: jsonpath-ng>=1.7.0
 Requires-Dist: pydantic>=2.8.0
-Requires-Dist: mcpower-shared==0.1.1
+Requires-Dist: mcpower-shared==0.1.3
 Dynamic: license-file
 
 # MCPower Proxy
 
 Real-time semantic monitoring of AI agent<->MCP Server communication to protect from data leaks and malicious prompt injections.
 
+## 🚀 How to use
+
+The simplest way to use MCPower is to install the VS Code/Cursor extension:
+
+- **VS Code Marketplace**: [Install MCPower](https://marketplace.visualstudio.com/items?itemName=mcpower.mcpower)
+- **Open VSX (Cursor & others)**: [Install MCPower](https://open-vsx.org/extension/mcpower/mcpower)
+
+The extension automatically installs and protects all your MCP servers - no manual configuration needed!
+
+---
+
 ## Overview
 
 MCPower is a semantic policy broker that understands *what* your AI agents are doing, not just *where* they're sending data. It acts as an intelligent security layer that intercepts every MCP tool call made by AI agents, analyzes the payload for sensitive information in real-time, and enforces security policies seamlessly.
@@ -248,3 +259,4 @@ MCPower is built as a Python-based proxy server that wraps MCP servers and provi
 
 **VSC Extension**: See [targets/vsc-extension/README.md](targets/vsc-extension/README.md) for installation and user guide
 
+<!-- mcp-name: io.github.ai-mcpower/mcpower-proxy -->

mcpower_proxy-0.0.73.dist-info/RECORD

@@ -0,0 +1,59 @@
+main.py,sha256=MahoqxG5euEJwLhosv2OVUkVbTaMkph_je8lgmtc7Z4,3920
+ide_tools/__init__.py,sha256=odLisqEeKVuZupQoeM-uP9WgQseVTYQG0eP2hhwUyAc,250
+ide_tools/router.py,sha256=PbGz1cwUXR3Bcy879W2wgmT4f2uThXiXevpWSxcgKZQ,1538
+ide_tools/common/__init__.py,sha256=ALhDYMw8v9tlYVEVcx3kP-e6c0yEyRQAQYe7sqwHHB4,66
+ide_tools/common/hooks/__init__.py,sha256=px5Ibzn6rlBcprp7RiZwGWnnWJmGITb0ApiXWKbeyRM,62
+ide_tools/common/hooks/init.py,sha256=QH3qhXqOfQj1IzAXRxgDXu2zDnLHJ-_3PFZWq6Zp-TI,4044
+ide_tools/common/hooks/output.py,sha256=xmOGmPLXy4H3A2G2A95WxqIB4qCWbVO9sq-pz2clyzU,1856
+ide_tools/common/hooks/prompt_submit.py,sha256=-3rwH_e_uywAN9PV_IpSAOEeU21DMJ15PyMLlmwWiPA,7325
+ide_tools/common/hooks/read_file.py,sha256=d8p_IpGwgWG9Vn0yd78KPRzoDi3RacmqxiTaFqndBa0,6481
+ide_tools/common/hooks/shell_execution.py,sha256=uneYaiU8YQhzEjishnSW3SZGdU4Ob0hgSgo7TK5InQw,7154
+ide_tools/common/hooks/types.py,sha256=nT_3rZ7J8b70o2FcY1lkYSFI4Z3WfD7oQgUEGSiFIbQ,1036
+ide_tools/common/hooks/utils.py,sha256=R_jKQdG98oQhooMXV_l2xURIvYgi0Y9UwZyGbcx0LuU,9144
+ide_tools/cursor/__init__.py,sha256=YW_V8m0A0bou0wQW_wy3nt2L_7MaNWeNKYBx-NQkilw,153
+ide_tools/cursor/constants.py,sha256=KMRBRqxRxTdemMoq81TVG6avt3ATtsPo4aJo8XhSctk,1804
+ide_tools/cursor/format.py,sha256=Lh-KH1IlsLL-0B98Bz-ywxpwXL8urK7yPteZGBTPOiY,972
+ide_tools/cursor/router.py,sha256=AmRv1kfDEd3EULSlRjj0BDtedlyqtgFgSBp25iMxJBI,3856
+mcpower_proxy-0.0.73.dist-info/licenses/LICENSE,sha256=U6WUzdnBrbmVxBmY75ikW-KtinwYnowZ7yNb5hECrvY,11337
+modules/__init__.py,sha256=mJglXQwSRhU-bBv4LXgfu7NfGN9K4BeQWMPApen5rAA,30
+modules/decision_handler.py,sha256=P8isKzf4GIWz9SK-VJPtO8VJEgNp7rAIcVZngnaLHmw,9574
+modules/apis/__init__.py,sha256=Y5WZpKJzHpnRJebk0F80ZRTjR2PpA2LlYLgqI3XlmRo,15
+modules/apis/security_policy.py,sha256=3fljaTpzfh_Nj0-jVvbnCJBL-CZxvqFNWfSlrAawsBc,15103
+modules/logs/__init__.py,sha256=dpboUQjuO02z8K-liCbm2DYkCa-CB_ZDV9WSSjNm7Fs,15
+modules/logs/audit_trail.py,sha256=_jE9A3WG7ooPUphDHpUFnZ6de16ewhdXYV-tV2__zxo,6183
+modules/logs/logger.py,sha256=MJS0P8VEzUX-5udzQitznaBPCBAcZJCygUgwaDWSq94,4087
+modules/redaction/__init__.py,sha256=e5NTmp-zonUdzzscih-w_WQ-X8Nvb8CE8b_d6SbrwWg,316
+modules/redaction/constants.py,sha256=xbDSX8n72FuJu6JJ_sbBE0f5OcWuwEwHxBZuK9Xz-TI,1213
+modules/redaction/gitleaks_rules.py,sha256=8dRb4g5OQaHAjx8vpMbxwu06CdDE39aqw9eqLiCDcqY,46411
+modules/redaction/pii_rules.py,sha256=-JhjcCjH5NFeOfQGzTFNdx_-s_0i6tZ-XFxydtkByD0,10019
+modules/redaction/redactor.py,sha256=Y3PSxXJSLJZj8gkKZ3OQ7XxoIPUilFk6gY0dbeqfjwE,23352
+modules/ui/__init__.py,sha256=YlW4XfQEGW1ezg3UFU59nHw95LicmlpNPhim5IqSB50,34
+modules/ui/classes.py,sha256=ZvVRdzO_hD4WnpS3_eVa0WCyaooXiYVpHLzQkzBaH6M,1777
+modules/ui/confirmation.py,sha256=y2A8j5_z64cDdbvUEh4lI8iTgTFBcTjVbIXioMfmkpw,7740
+modules/ui/simple_dialog.py,sha256=PZW3WSPUVtnGXx-Kkg6hTQTr5NvpTQVhgHyro1z_3aY,3900
+modules/ui/xdialog/__init__.py,sha256=KYQKVF6pGrwc99swRBxtWVXM__j9kVX_r6KikzbCOM4,9359
+modules/ui/xdialog/constants.py,sha256=UjtqzT_O3OHUXJOyeTGroOUnaxdVyYukf7kK6vj1rog,200
+modules/ui/xdialog/mac_dialogs.py,sha256=6r3hkJzJJdHSt-aH1Hy4lZ1MEuZK4Kc5D_YiWglKHAA,6129
+modules/ui/xdialog/tk_dialogs.py,sha256=isxxN_mvZUFUQu8RD1J-GC7UMH2spqR3v_domgRbczQ,2403
+modules/ui/xdialog/windows_custom_dialog.py,sha256=tcdo35d4ZoBydAj-4yzzgW2luw97-Sdjsr3X_3-a7jM,14849
+modules/ui/xdialog/windows_dialogs.py,sha256=ohOoK4ciyv2s4BC9r7-zvGL6mECM-RCPTVOmzDnD6VQ,7626
+modules/ui/xdialog/windows_structs.py,sha256=xzG44OGT5hBFnimJgOLXZBhmpQ_9CFxjtz-QNjP-VCw,8698
+modules/ui/xdialog/yad_dialogs.py,sha256=EiajZVJg-xDwYymz1fyQwLtT5DzbJR3e8plMEnOgcpo,6933
+modules/ui/xdialog/zenity_dialogs.py,sha256=wE71I_Ovf0sjhxHVNocbrhhDd8Y8X8loLETp8TMGMPQ,4512
+modules/utils/__init__.py,sha256=Ptwu1epT_dW6EHjGkzGHAB-MbrrmYAlcPXGGcr4PvwE,20
+modules/utils/cli.py,sha256=5QLwsZNMKdyh3xt4NDk20vCGD-eqZ514LnVWA0J0Lbg,2414
+modules/utils/config.py,sha256=YuGrIYfBsOYABWjFoZosObPz-R7Wdul16RnDed_glYI,6654
+modules/utils/copy.py,sha256=9OJIqWn8PxPZXr3DTt_01jp0YgmPimckab1969WFh0c,1075
+modules/utils/ids.py,sha256=rhhRz7RmFjuJGYLft1erHz7vJII1DRpr3iHxBhhFl1s,5743
+modules/utils/json.py,sha256=OA-JtSBqh9qd1yfm-iyOefNBMH3ITFUdxAkj7O_JZ-Y,4024
+modules/utils/mcp_configs.py,sha256=DZaujZnF9LlPDJHzyepH7fWSt1GTr-FEmShPCqnZ5aI,1829
+wrapper/__init__.py,sha256=OJUsuWSoN1JqIHq4bSrzuL7ufcYJcwAmYCrJjLH44LM,22
+wrapper/__version__.py,sha256=rCTF1Ssof33lV_ElQ2Jd40DYgONJlHNMKTaVGHBP-go,82
+wrapper/middleware.py,sha256=77mZ30DApRlcX7__JzNFlqwKvR1mBYQg5izHbpZiNnw,29854
+wrapper/schema.py,sha256=O-CtKI9eJ4eEnqeUXPCrK7QJAFJrdp_cFbmMyg452Aw,7952
+wrapper/server.py,sha256=zoIW_bqXV9vKZNFtD-ij0X_LtKJEjucda6lQI5mU6qY,3440
+mcpower_proxy-0.0.73.dist-info/METADATA,sha256=XZE3Lk26Hb6MLROM7HbBm9CbJApBPcw-N6U_-3eZyak,15669
+mcpower_proxy-0.0.73.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+mcpower_proxy-0.0.73.dist-info/entry_points.txt,sha256=0smL8dxE7ERNz6XEggNaUC3QzKp8mD-v4q5nVEo0MXE,48
+mcpower_proxy-0.0.73.dist-info/top_level.txt,sha256=OcCYMHHqbZq3mP5IZDRGdHUNOsKhT1XVnk_mDF_49Es,31
+mcpower_proxy-0.0.73.dist-info/RECORD,,

{mcpower_proxy-0.0.58.dist-info → mcpower_proxy-0.0.73.dist-info}/top_level.txt

@@ -1,3 +1,4 @@
+ide_tools
 main
 modules
 wrapper

modules/apis/security_policy.py

@@ -1,9 +1,9 @@
 """Security Policy API Client"""
 
 import json
+import time
 import uuid
 from typing import Dict, Any, Optional, List
-import time
 
 import httpx
 
@@ -13,6 +13,7 @@ from modules.logs.logger import MCPLogger
 from modules.redaction import redact
 from modules.utils.config import get_api_url, get_user_id
 from modules.utils.json import safe_json_dumps, to_dict
+from wrapper.__version__ import __version__
 
 
 class SecurityAPIError(Exception):
@@ -22,6 +23,7 @@ class SecurityAPIError(Exception):
 
 class RateLimitExhaustedError(SecurityAPIError):
     """Security API rate limit exhausted (429) error"""
+
     def __init__(self, message: str, retry_after: int = None):
         super().__init__(message)
         self.retry_after = retry_after
@@ -52,7 +54,7 @@ class SecurityPolicyClient:
         if self.client:
             await self.client.aclose()
 
-    async def inspect_policy_request(self, policy_request: PolicyRequest, 
+    async def inspect_policy_request(self, policy_request: PolicyRequest,
                                      prompt_id: str) -> InspectDecision:
         """Call inspect_policy_request API endpoint"""
         if not self.client:
@@ -155,7 +157,7 @@ class SecurityPolicyClient:
                 audit_payload = {"payload": {"server": payload_dict["server"], "tools": payload_dict["tools"]}}
             else:
                 audit_payload = {"payload": payload_dict}
-            
+
             self.audit_logger.log_event(
                 audit_event_type,
                 audit_payload,
@@ -166,6 +168,7 @@ class SecurityPolicyClient:
 
             headers = {
                 "Content-Type": "application/json",
+                "User-Agent": f"MCPower-{__version__}",
                 "X-User-UID": self.user_id,
                 "X-App-UID": self.app_id
             }
@@ -188,7 +191,8 @@ class SecurityPolicyClient:
                 raise SecurityAPIError(f"Unsupported HTTP method: {method}. Supported methods: POST, PUT")
 
             on_make_request_duration = time.time() - on_make_request_start_time
-            self.logger.info(f"PROFILE: {method} id: {id} make_request duration: {on_make_request_duration:.2f} seconds url: {url}")
+            self.logger.debug(
+                f"PROFILE: {method} id: {id} make_request duration: {on_make_request_duration:.2f} seconds url: {url}")
 
             match response.status_code:
                 case 200:
@@ -215,7 +219,7 @@ class SecurityPolicyClient:
                     else:
                         # Other responses (e.g., /init) - log entire response
                         audit_result = {"result": data_dict}
-                    
+
                     self.audit_logger.log_event(
                         f"{audit_event_type}_result",
                         audit_result,
@@ -278,7 +282,8 @@ class SecurityPolicyClient:
     def _handle_quota_restoration(self, endpoint: str):
         """Handle quota restoration (when non-429 response received)"""
         if self.session_id in self._session_notification_times:
-            self.logger.info(f"Quota restored - received successful response from {endpoint}. Session: {self.session_id}")
+            self.logger.info(
+                f"Quota restored - received successful response from {endpoint}. Session: {self.session_id}")
             del self._session_notification_times[self.session_id]
 
     def _send_throttled_quota_notification(self, retry_after: int, endpoint: str):

modules/decision_handler.py

@@ -0,0 +1,219 @@
+"""
+Decision Handler - Common decision enforcement logic
+
+Shared module for enforcing security policy decisions across middleware and IDE tools.
+Handles user confirmation dialogs and decision recording.
+"""
+from typing import Dict, Any, Optional
+
+from mcpower_shared.mcp_types import UserConfirmation
+from modules.apis.security_policy import SecurityPolicyClient
+from modules.logs.audit_trail import AuditTrailLogger
+from modules.logs.logger import MCPLogger
+from modules.ui.classes import ConfirmationRequest, DialogOptions, UserDecision
+from modules.ui.confirmation import UserConfirmationDialog, UserConfirmationError
+
+
+class DecisionEnforcementError(Exception):
+    """Error raised when a security decision blocks an operation"""
+    pass
+
+
+class DecisionHandler:
+    """
+    Handles security policy decision enforcement with user confirmation support.
+    
+    This class provides common functionality for:
+    - Enforcing allow/block/confirm decisions
+    - Showing user confirmation dialogs
+    - Recording user decisions via API
+    """
+
+    def __init__(self, logger: MCPLogger, audit_logger: AuditTrailLogger,
+                 session_id: str, app_id: str):
+        self.logger = logger
+        self.audit_logger = audit_logger
+        self.session_id = session_id
+        self.app_id = app_id
+
+    async def enforce_decision(
+            self,
+            decision: Dict[str, Any],
+            is_request: bool,
+            event_id: str,
+            tool_name: str,
+            content_data: Dict[str, Any],
+            operation_type: str,
+            prompt_id: str,
+            server_name: str,
+            error_message_prefix: Optional[str] = None
+    ) -> None:
+        """
+        Enforce security decision with user confirmation support.
+        
+        Args:
+            decision: Security decision dict with 'decision', 'reasons', 'severity', 'call_type'
+            is_request: True if inspecting request, False if inspecting response
+            event_id: Event ID for tracking
+            tool_name: Name of the tool/operation
+            content_data: Data to show in confirmation dialog
+            operation_type: Type of operation (e.g., 'tool', 'hook')
+            prompt_id: prompt ID for correlation
+            server_name: server name for display
+            error_message_prefix: Optional prefix for error messages
+            
+        Raises:
+            DecisionEnforcementError: If decision blocks the operation
+        """
+        decision_type = decision.get("decision", "block")
+
+        if decision_type == "allow":
+            return
+
+        elif decision_type == "block":
+            policy_reasons = decision.get("reasons", ["Policy violation"])
+            severity = decision.get("severity", "unknown")
+            call_type = decision.get("call_type")
+
+            try:
+                # Show a blocking dialog and wait for user decision
+                confirmation_request = ConfirmationRequest(
+                    is_request=is_request,
+                    tool_name=tool_name,
+                    policy_reasons=policy_reasons,
+                    content_data=content_data,
+                    severity=severity,
+                    event_id=event_id,
+                    operation_type=operation_type,
+                    server_name=server_name,
+                    timeout_seconds=60
+                )
+
+                response = UserConfirmationDialog(
+                    self.logger, self.audit_logger
+                ).request_blocking_confirmation(confirmation_request, prompt_id, call_type)
+
+                # If we got here, user chose "Allow Anyway"
+                self.logger.info(f"User chose to 'allow anyway' a blocked {confirmation_request.operation_type} "
+                                 f"operation for tool '{tool_name}' (event: {event_id})")
+
+                await self._record_user_confirmation(event_id, is_request, response.user_decision, prompt_id, call_type)
+                return
+
+            except UserConfirmationError as e:
+                # User chose to block or dialog failed
+                await self._record_user_confirmation(event_id, is_request, UserDecision.BLOCK, prompt_id, call_type)
+                error_msg = error_message_prefix or "Security Violation"
+                raise DecisionEnforcementError(f"{error_msg}. User blocked the operation")
+
+        elif decision_type == "required_explicit_user_confirmation":
+            policy_reasons = decision.get("reasons", ["Security policy requires confirmation"])
+            severity = decision.get("severity", "unknown")
+            call_type = decision.get("call_type")
+
+            try:
+                confirmation_request = ConfirmationRequest(
+                    is_request=is_request,
+                    tool_name=tool_name,
+                    policy_reasons=policy_reasons,
+                    content_data=content_data,
+                    severity=severity,
+                    event_id=event_id,
+                    operation_type=operation_type,
+                    server_name=server_name,
+                    timeout_seconds=60
+                )
+
+                # only show YES_ALWAYS if call_type exists
+                options = DialogOptions(
+                    show_always_allow=(call_type is not None),
+                    show_always_block=False
+                )
+
+                response = UserConfirmationDialog(
+                    self.logger, self.audit_logger
+                ).request_confirmation(confirmation_request, prompt_id, call_type, options)
+
+                # If we got here, user approved the operation
+                self.logger.info(f"User {response.user_decision.value} {confirmation_request.operation_type} "
+                                 f"operation for tool '{tool_name}' (event: {event_id})")
+
+                await self._record_user_confirmation(event_id, is_request, response.user_decision, prompt_id, call_type)
+                return
+
+            except UserConfirmationError as e:
+                # User denied confirmation or dialog failed
+                await self._record_user_confirmation(event_id, is_request, UserDecision.BLOCK, prompt_id, call_type)
+                error_msg = error_message_prefix or "Security Violation"
+                raise DecisionEnforcementError(f"{error_msg}. User blocked the operation")
+
+        elif decision_type == "need_more_info":
+            stage_title = 'CLIENT REQUEST' if is_request else 'TOOL RESPONSE'
+
+            # Create an actionable error message for the AI agent
+            reasons = decision.get("reasons", [])
+            need_fields = decision.get("need_fields", [])
+
+            error_parts = [
+                f"SECURITY POLICY NEEDS MORE INFORMATION FOR REVIEWING {stage_title}:",
+                '\n'.join(reasons),
+                ''  # newline
+            ]
+
+            if need_fields:
+                # Convert server field names to wrapper field names for the AI agent
+                wrapper_field_mapping = {
+                    "context.agent.intent": "__wrapper_modelIntent",
+                    "context.agent.plan": "__wrapper_modelPlan",
+                    "context.agent.expectedOutputs": "__wrapper_modelExpectedOutputs",
+                    "context.agent.user_prompt": "__wrapper_userPrompt",
+                    "context.agent.user_prompt_id": "__wrapper_userPromptId",
+                    "context.agent.context_summary": "__wrapper_contextSummary",
+                    "context.workspace.current_files": "__wrapper_currentFiles",
+                }
+
+                missing_wrapper_fields = []
+                for field in need_fields:
+                    wrapper_field = wrapper_field_mapping.get(field, field)
+                    missing_wrapper_fields.append(wrapper_field)
+
+                if missing_wrapper_fields:
+                    error_parts.append("AFFECTED FIELDS:")
+                    error_parts.extend(missing_wrapper_fields)
+                else:
+                    error_parts.append("MISSING INFORMATION:")
+                    error_parts.extend(need_fields)
+
+            error_parts.append("\nMANDATORY ACTIONS:")
+            error_parts.append("1. Add/Edit ALL affected fields according to the required information")
+            error_parts.append("2. Retry the tool call")
+
+            actionable_message = "\n".join(error_parts)
+            raise DecisionEnforcementError(actionable_message)
+
+    async def _record_user_confirmation(
+            self,
+            event_id: str,
+            is_request: bool,
+            user_decision: UserDecision,
+            prompt_id: str,
+            call_type: Optional[str] = None
+    ):
+        """Record user confirmation decision with the security API"""
+        try:
+            direction = "request" if is_request else "response"
+
+            user_confirmation = UserConfirmation(
+                event_id=event_id,
+                direction=direction,
+                user_decision=user_decision,
+                call_type=call_type
+            )
+
+            async with SecurityPolicyClient(session_id=self.session_id, logger=self.logger,
+                                            audit_logger=self.audit_logger, app_id=self.app_id) as client:
+                result = await client.record_user_confirmation(user_confirmation, prompt_id=prompt_id)
+                self.logger.debug(f"User confirmation recorded: {result}")
+        except Exception as e:
+            # Don't fail the operation if API call fails - just log the error
+            self.logger.error(f"Failed to record user confirmation: {e}")

modules/logs/audit_trail.py

@@ -50,14 +50,14 @@ class AuditTrailLogger:
         Path(self.audit_file).parent.mkdir(parents=True, exist_ok=True)
 
     def log_event(
-        self, 
-        event_type: str, 
-        data: Dict[str, Any], 
-        event_id: Optional[str] = None,
-        prompt_id: Optional[str] = None,
-        user_prompt: Optional[str] = None,
-        ignored_keys: Optional[List[str]] = None,
-        include_keys: Optional[List[str]] = None
+            self,
+            event_type: str,
+            data: Dict[str, Any],
+            event_id: Optional[str] = None,
+            prompt_id: Optional[str] = None,
+            user_prompt: Optional[str] = None,
+            ignored_keys: Optional[List[str]] = None,
+            include_keys: Optional[List[str]] = None
     ):
         """
         Log a single audit event
@@ -74,19 +74,20 @@ class AuditTrailLogger:
         try:
             # Convert data to dict structure (handles nested objects, dataclasses, Pydantic models)
             data_dict = to_dict(data)
-            
+
             # Build event structure
             event = {
                 "session_id": self.session_id,
                 "timestamp": datetime.now(timezone.utc).isoformat(),
                 "event_type": event_type,
-                "data": redact(data_dict, ignored_keys=ignored_keys, include_keys=include_keys)  # Redaction with optional key filtering
+                "data": redact(data_dict, ignored_keys=ignored_keys, include_keys=include_keys)
+                # Redaction with optional key filtering
             }
 
             # Include prompt_id if provided (for grouping by user prompt)
             if prompt_id:
                 event["prompt_id"] = prompt_id
-                
+
             # Include user_prompt text if provided (only needed once per prompt_id)
             if user_prompt:
                 event["user_prompt"] = user_prompt
@@ -118,7 +119,7 @@ class AuditTrailLogger:
             "app_uid": self.app_uid,
             **{k: v for k, v in event.items() if k != "app_uid"}
         }
-        
+
         # Atomic append to audit trail file
         with open(self.audit_file, 'a', encoding='utf-8') as f:
             f.write(safe_json_dumps(event_with_app_uid) + '\n')
@@ -130,17 +131,21 @@ class AuditTrailLogger:
         
         This is called by the middleware after workspace roots are available.
         All queued logs will be written with app_uid as the first key.
+        Supports updating app_uid when workspace context changes.
         
         Args:
             app_uid: The application UID from workspace root
         """
-        if self.app_uid is not None:
-            self.logger.warning(f"app_uid already set to {self.app_uid}, ignoring new value {app_uid}")
+        if self.app_uid == app_uid:
             return
-        
+
+        if self.app_uid is not None:
+            self.logger.info(f"app_uid changed from {self.app_uid} to {app_uid}")
+        else:
+            self.logger.debug(f"app_uid set to: {app_uid}")
+
         self.app_uid = app_uid
-        self.logger.debug(f"✅ app_uid set to: {app_uid}")
-        
+
         # Flush all pending logs
         if self._pending_logs:
             self.logger.debug(f"Flushing {len(self._pending_logs)} queued audit logs")