PyPI - mcpower-proxy - Versions diffs - 0.0.65__py3-none-any.whl → 0.0.79__py3-none-any.whl - Mend

mcpower-proxy 0.0.65py3-none-any.whl → 0.0.79py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of mcpower-proxy might be problematic. Click here for more details.

Files changed (41) hide show

ide_tools/__init__.py +12 -0
ide_tools/common/__init__.py +5 -0
ide_tools/common/hooks/__init__.py +5 -0
ide_tools/common/hooks/init.py +130 -0
ide_tools/common/hooks/output.py +63 -0
ide_tools/common/hooks/prompt_submit.py +136 -0
ide_tools/common/hooks/read_file.py +170 -0
ide_tools/common/hooks/shell_execution.py +257 -0
ide_tools/common/hooks/shell_parser_bashlex.py +394 -0
ide_tools/common/hooks/types.py +34 -0
ide_tools/common/hooks/utils.py +286 -0
ide_tools/cursor/__init__.py +11 -0
ide_tools/cursor/constants.py +77 -0
ide_tools/cursor/format.py +35 -0
ide_tools/cursor/router.py +107 -0
ide_tools/router.py +48 -0
main.py +11 -4
{mcpower_proxy-0.0.65.dist-info → mcpower_proxy-0.0.79.dist-info}/METADATA +4 -3
mcpower_proxy-0.0.79.dist-info/RECORD +62 -0
{mcpower_proxy-0.0.65.dist-info → mcpower_proxy-0.0.79.dist-info}/top_level.txt +1 -0
modules/apis/security_policy.py +11 -6
modules/decision_handler.py +219 -0
modules/logs/audit_trail.py +20 -18
modules/logs/logger.py +14 -18
modules/redaction/gitleaks_rules.py +1 -1
modules/redaction/pii_rules.py +0 -48
modules/redaction/redactor.py +112 -107
modules/ui/__init__.py +1 -1
modules/ui/confirmation.py +0 -1
modules/utils/cli.py +36 -6
modules/utils/ids.py +55 -10
modules/utils/json.py +3 -3
modules/utils/platform.py +23 -0
modules/utils/string.py +17 -0
wrapper/__version__.py +1 -1
wrapper/middleware.py +144 -221
wrapper/server.py +19 -11
mcpower_proxy-0.0.65.dist-info/RECORD +0 -43
{mcpower_proxy-0.0.65.dist-info → mcpower_proxy-0.0.79.dist-info}/WHEEL +0 -0
{mcpower_proxy-0.0.65.dist-info → mcpower_proxy-0.0.79.dist-info}/entry_points.txt +0 -0
{mcpower_proxy-0.0.65.dist-info → mcpower_proxy-0.0.79.dist-info}/licenses/LICENSE +0 -0

modules/redaction/redactor.py CHANGED Viewed

@@ -20,7 +20,6 @@ from .constants import (
 )
 from .pii_rules import detect_pii
 # Type alias for JSONPath cache values: (matches_set, prefix_tree)
 JSONPathCacheValue = Tuple[Set[str], Dict[str, Any]]
@@ -30,11 +29,11 @@ class LRUCache:
     Least Recently Used cache with size limit to prevent unbounded memory growth.
     Thread-safe for single-threaded usage (not thread-safe for concurrent access).
     """
     def __init__(self, max_size: int = 128):
         self.cache = OrderedDict()
         self.max_size = max_size
     def get(self, key) -> Optional[JSONPathCacheValue]:
         """Get value and mark as recently used."""
         if key in self.cache:
@@ -42,7 +41,7 @@ class LRUCache:
             self.cache.move_to_end(key)
             return self.cache[key]
         return None
     def set(self, key, value: JSONPathCacheValue) -> None:
         """Set value and evict oldest if necessary."""
         if key in self.cache:
@@ -55,11 +54,11 @@ class LRUCache:
             # Evict oldest if over limit
             if len(self.cache) > self.max_size:
                 self.cache.popitem(last=False)  # Remove oldest (first) item
     def clear(self) -> None:
         """Clear all cached entries."""
         self.cache.clear()
     def size(self) -> int:
         """Get current cache size."""
         return len(self.cache)
@@ -73,7 +72,7 @@ class RedactionSpan:
     end: int
     replacement: str
     source: str  # 'secrets' or 'pii'
     @property
     def length(self) -> int:
         return self.end - self.start
@@ -81,20 +80,20 @@ class RedactionSpan:
 class RedactionEngine:
     """Core redaction engine using PII detection and Gitleaks."""
     # Performance optimization: Simple bounded cache for compiled JSONPath expressions
     _jsonpath_expr_cache = {}
     _MAX_EXPR_CACHE = 64
     # Performance optimization: LRU cache for JSONPath matches to prevent memory leaks
     _jsonpath_cache = LRUCache(max_size=128)
     # Performance optimization: Pre-compiled regex patterns
     _compiled_regexes = {
         'placeholder': re.compile(REDACTION_PLACEHOLDER_PATTERN),
         'path_brackets': re.compile(r'\.\[(\d+)\]')
     }
     @staticmethod
     def redact(value: Any, ignored_keys: List[str] = None, include_keys: List[str] = None) -> Any:
         """
@@ -113,55 +112,56 @@ class RedactionEngine:
         """
         if ignored_keys and include_keys:
             raise ValueError("Cannot specify both ignored_keys and include_keys - use one or the other")
         return RedactionEngine._redact_with_path(value, ignored_keys or [], include_keys or [], "", value)
     @staticmethod
-    def _redact_with_path(value: Any, ignored_keys: List[str], include_keys: List[str], current_path: str, root_data: Any) -> Any:
+    def _redact_with_path(value: Any, ignored_keys: List[str], include_keys: List[str], current_path: str,
+                          root_data: Any) -> Any:
         """
         Internal redaction function that tracks the current path.
         """
         # Performance optimization: fastest type checks first
         if value is None:
             return None
         if isinstance(value, bool):
             return value  # Booleans can never contain sensitive data - fastest check
         if isinstance(value, (int, float)):
             # Preserve type if no redaction needed
             str_value = str(value)
             redacted_str = RedactionEngine._redact_string(str_value)
             return value if str_value == redacted_str else redacted_str
         if isinstance(value, str):
             return RedactionEngine._redact_string(value)
         if isinstance(value, dict):
             return RedactionEngine._redact_dict(value, ignored_keys, include_keys, current_path, root_data)
         if isinstance(value, list):
             return RedactionEngine._redact_list(value, ignored_keys, include_keys, current_path, root_data)
         # For other types, convert to string and redact
         return RedactionEngine._redact_string(str(value))
     @staticmethod
     def _normalize_text(text: str) -> str:
         """Strip zero-width characters efficiently."""
         # Fast path - check if normalization is needed
         if not any(char in text for char in ZERO_WIDTH_CHARS):
             return text
         # Single pass with translation table (much faster)
         translation_table = str.maketrans('', '', ''.join(ZERO_WIDTH_CHARS))
         return text.translate(translation_table)
     @staticmethod
     def _detect_secrets(text: str) -> List[RedactionSpan]:
         """Detect secrets using Gitleaks-based patterns."""
         spans = []
         # Use compiled rules (based on Gitleaks patterns) for secrets detection
         from . import gitleaks_rules as GL
         # Scan line-by-line for performance and to reduce pathological matches
@@ -181,7 +181,7 @@ class RedactionEngine:
                                 s, e = match.span(0)
                         except (IndexError, AttributeError):
                             s, e = match.span(0)
                         if s < e:
                             spans.append(RedactionSpan(
                                 start=offset + s,
@@ -190,47 +190,47 @@ class RedactionEngine:
                                 source='secrets'
                             ))
             offset += len(line) + 1  # +1 for the split '\n'
         return spans
     @staticmethod
     def _detect_pii(text: str) -> List[RedactionSpan]:
         """Detect PII using regex patterns."""
         spans = []
         # Use PII detection
         results = detect_pii(text)
         # Convert results to redaction spans
         for result in results:
             placeholder = PII_PLACEHOLDERS.get(
-                result.entity_type,
+                result.entity_type,
                 PII_PLACEHOLDERS["DEFAULT"]
             )
             spans.append(RedactionSpan(
                 start=result.start,
                 end=result.end,
                 replacement=placeholder,
                 source='pii'
             ))
         return spans
     @staticmethod
     def _resolve_overlaps(spans: List[RedactionSpan]) -> List[RedactionSpan]:
         """Resolve overlapping spans - longest span wins."""
         if not spans:
             return []
         # Sort by start position
         sorted_spans = sorted(spans, key=lambda s: s.start)
         resolved = []
         for current_span in sorted_spans:
             # Check for overlaps with already resolved spans
             overlaps = False
             for i, existing_span in enumerate(resolved):
                 if RedactionEngine._spans_overlap(current_span, existing_span):
                     overlaps = True
@@ -238,121 +238,125 @@ class RedactionEngine:
                     if current_span.length > existing_span.length:
                         resolved[i] = current_span
                     break
             if not overlaps:
                 resolved.append(current_span)
         return resolved
     @staticmethod
     def _spans_overlap(span1: RedactionSpan, span2: RedactionSpan) -> bool:
         """Check if two spans overlap."""
         return not (span1.end <= span2.start or span2.end <= span1.start)
     @staticmethod
     def _apply_idempotency_guard(text: str, spans: List[RedactionSpan]) -> List[RedactionSpan]:
         """Remove spans that would redact inside existing placeholders."""
         if not spans:
             return []
         # Find existing redaction placeholders
         placeholder_spans = []
         # Performance optimization: Use pre-compiled regex
         for match in RedactionEngine._compiled_regexes['placeholder'].finditer(text):
             placeholder_spans.append((match.start(), match.end()))
         # Filter out spans that overlap with existing placeholders
         filtered_spans = []
         for span in spans:
             overlaps_placeholder = False
             for ph_start, ph_end in placeholder_spans:
                 if not (span.end <= ph_start or span.start >= ph_end):
                     overlaps_placeholder = True
                     break
             if not overlaps_placeholder:
                 filtered_spans.append(span)
         return filtered_spans
     @staticmethod
     def _apply_redactions(text: str, spans: List[RedactionSpan]) -> str:
         """Apply redactions right-to-left to avoid index shifting, preserving JSON structure."""
         if not spans:
             return text
         # Sort spans by start position (descending) for right-to-left processing
         # Processing right-to-left ensures earlier spans' positions remain valid
         # since replacements to the right don't affect positions to the left
         sorted_spans = sorted(spans, key=lambda s: s.start, reverse=True)
         result = text
         for span in sorted_spans:
             # Replacements to the right don't shift positions to the left
             start_pos = span.start
             end_pos = span.end
             # Bounds check
             if start_pos < 0 or end_pos > len(result) or start_pos >= len(result):
                 continue
             replacement = span.replacement
             # Simply replace the matched text with the redaction placeholder
             # Do NOT expand to surrounding quotes - this breaks nested JSON
             # The redaction placeholders are designed to be valid string content as-is
             # Apply the redaction
             result = result[:start_pos] + replacement + result[end_pos:]
         return result
     @staticmethod
-    def _redact_dict(d: dict, ignored_keys: List[str], include_keys: List[str], current_path: str, root_data: Any) -> dict:
+    def _redact_dict(d: dict, ignored_keys: List[str], include_keys: List[str], current_path: str,
+                     root_data: Any) -> dict:
         """Redact dictionary values, respecting ignored_keys or include_keys."""
         result = {}
         for key, value in d.items():
             # Build the path for this key
             key_path = RedactionEngine._build_path(current_path, str(key))
             # Determine if this path should be redacted
-            if RedactionEngine._should_redact_path_enhanced(root_data, key_path, ignored_keys, include_keys, current_path):
+            if RedactionEngine._should_redact_path_enhanced(root_data, key_path, ignored_keys, include_keys,
+                                                            current_path):
                 # Recursively redact the value with updated path context
                 result[key] = RedactionEngine._redact_with_path(value, ignored_keys, include_keys, key_path, root_data)
             else:
                 # Keep the value as-is (no redaction for this path or any nested paths)
                 result[key] = value
         return result
     @staticmethod
-    def _redact_list(lst: list, ignored_keys: List[str], include_keys: List[str], current_path: str, root_data: Any) -> list:
+    def _redact_list(lst: list, ignored_keys: List[str], include_keys: List[str], current_path: str,
+                     root_data: Any) -> list:
         """Redact list items, respecting ignored_keys or include_keys."""
         result = []
         for i, item in enumerate(lst):
             # Build the path for this index
             item_path = RedactionEngine._build_path(current_path, str(i))
             # Determine if this path should be redacted
-            if RedactionEngine._should_redact_path_enhanced(root_data, item_path, ignored_keys, include_keys, current_path):
+            if RedactionEngine._should_redact_path_enhanced(root_data, item_path, ignored_keys, include_keys,
+                                                            current_path):
                 # Recursively redact the item with updated path context
                 result.append(RedactionEngine._redact_with_path(item, ignored_keys, include_keys, item_path, root_data))
             else:
                 # Keep the item as-is (no redaction for this path or any nested paths)
                 result.append(item)
         return result
     @staticmethod
     def _redact_string(text: str) -> str:
         """Redact a string using the existing redaction pipeline."""
         if not text or not isinstance(text, str):
             return text
         normalized_text = RedactionEngine._normalize_text(text)
         redaction_spans: List[RedactionSpan] = []
         redaction_spans.extend(RedactionEngine._detect_secrets(normalized_text))
@@ -360,7 +364,7 @@ class RedactionEngine:
         resolved_spans = RedactionEngine._resolve_overlaps(redaction_spans)
         final_spans = RedactionEngine._apply_idempotency_guard(normalized_text, resolved_spans)
         return RedactionEngine._apply_redactions(normalized_text, final_spans)
     @staticmethod
     def _normalize_numeric_key(key: str) -> str:
         """Normalize numeric keys efficiently - only if needed."""
@@ -368,7 +372,7 @@ class RedactionEngine:
             # Only normalize if there are leading zeros
             return str(int(key))
         return key
     @staticmethod
     def _build_path(current_path: str, key: str) -> str:
         """
@@ -378,19 +382,19 @@ class RedactionEngine:
         """
         # Normalize numeric keys efficiently
         normalized_key = RedactionEngine._normalize_numeric_key(key)
         # Handle empty keys to prevent paths like "user..email"
         if not normalized_key:
             return current_path
         if not current_path:
             return normalized_key
         return f"{current_path}.{normalized_key}"
     @staticmethod
-    def _should_redact_path_enhanced(root_data: dict, path: str, ignored_keys: List[str], include_keys: List[str], current_path: str) -> bool:
+    def _should_redact_path_enhanced(root_data: dict, path: str, ignored_keys: List[str], include_keys: List[str],
+                                     current_path: str) -> bool:
         """
         Enhanced path matching using JSONPath when available, fallback to custom logic.
@@ -405,9 +409,10 @@ class RedactionEngine:
             True if the path should be redacted, False otherwise
         """
         return RedactionEngine._should_redact_path_jsonpath(root_data, path, ignored_keys, include_keys)
     @staticmethod
-    def _should_redact_path_jsonpath(root_data: dict, path: str, ignored_keys: List[str], include_keys: List[str]) -> bool:
+    def _should_redact_path_jsonpath(root_data: dict, path: str, ignored_keys: List[str],
+                                     include_keys: List[str]) -> bool:
         """
         JSONPath-based path matching with LRU cache to prevent memory leaks.
         """
@@ -417,21 +422,21 @@ class RedactionEngine:
             frozenset(ignored_keys) if ignored_keys else None,
             frozenset(include_keys) if include_keys else None
         )
         # Try to get from LRU cache
         cached_result = RedactionEngine._jsonpath_cache.get(cache_key)
         if cached_result is None:
             # Pre-compute all matches for this data/pattern combination
             all_matches = set()
             patterns = include_keys or ignored_keys or []
             for pattern in patterns:
                 try:
                     # Expect proper JSONPath format (starting with $)
                     if not pattern.startswith('$'):
                         raise ValueError(f"Pattern must be in JSONPath format (start with $): {pattern}")
                     # Performance optimization: Use cached compiled expressions
                     if pattern not in RedactionEngine._jsonpath_expr_cache:
                         # Simple FIFO eviction if cache is full
@@ -441,29 +446,29 @@ class RedactionEngine:
                             del RedactionEngine._jsonpath_expr_cache[oldest_key]
                         RedactionEngine._jsonpath_expr_cache[pattern] = jsonpath_parse(pattern)
                     jsonpath_expr = RedactionEngine._jsonpath_expr_cache[pattern]
                     matches = jsonpath_expr.find(root_data)
                     for match in matches:
                         # Performance optimization: Single regex for path conversion
                         match_path = RedactionEngine._compiled_regexes['path_brackets'].sub(
                             r'.\1', str(match.full_path)
                         )
                         all_matches.add(match_path)
                 except Exception:
                     # Fallback for invalid JSONPath patterns
                     continue
             # Build prefix tree for O(k) child matching
             prefix_tree = RedactionEngine._build_prefix_tree(all_matches)
             cached_result = (all_matches, prefix_tree)
             # Store in LRU cache (will evict oldest if necessary)
             RedactionEngine._jsonpath_cache.set(cache_key, cached_result)
         matches, prefix_tree = cached_result
         if include_keys:
             # include_keys mode: only redact if path matches or has matching children
             return RedactionEngine._path_matches_or_has_children(path, prefix_tree)
@@ -473,7 +478,7 @@ class RedactionEngine:
         else:
             # No filtering: redact everything
             return True
     @staticmethod
     def _build_prefix_tree(matches: Set[str]) -> Dict[str, Any]:
         """
@@ -481,23 +486,23 @@ class RedactionEngine:
         Stores both exact matches and children for single-traversal lookup.
         """
         prefix_tree = {}
         for match in matches:
             parts = match.split('.')
             node = prefix_tree
             # Build tree path
             for i, part in enumerate(parts):
                 if part not in node:
                     node[part] = {'_children': {}, '_is_match': False}
                 if i == len(parts) - 1:
                     node[part]['_is_match'] = True  # Mark exact matches
                 node = node[part]['_children']
         return prefix_tree
     @staticmethod
     def _has_matching_children_optimized(path: str, prefix_tree: Dict[str, Any]) -> bool:
         """
@@ -507,20 +512,20 @@ class RedactionEngine:
         if not path:
             # Root path - check if tree has any entries
             return bool(prefix_tree)
         # Navigate to the node representing this path
         parts = path.split('.')
         node = prefix_tree
         for part in parts:
             if part not in node:
                 # Path doesn't exist in tree
                 return False
             node = node[part]['_children']
         # Check if there are any children under this path
         return bool(node)
     @staticmethod
     def _path_matches_or_has_children(path: str, prefix_tree: Dict[str, Any]) -> bool:
         """
@@ -529,22 +534,22 @@ class RedactionEngine:
         """
         if not path:
             return bool(prefix_tree)
         parts = path.split('.')
         node = prefix_tree
         for i, part in enumerate(parts):
             if part not in node:
                 return False
             if i == len(parts) - 1:
                 # Check if this exact path matches OR has children
                 return node[part].get('_is_match', False) or bool(node[part]['_children'])
             node = node[part]['_children']
         return False
     @staticmethod
     def _has_matching_children_cached(path: str, matches: Set[str]) -> bool:
         """
@@ -553,7 +558,7 @@ class RedactionEngine:
         """
         path_prefix = path + "." if path else ""
         return any(match.startswith(path_prefix) for match in matches)
     @classmethod
     def clear_caches(cls) -> None:
         """
@@ -561,7 +566,7 @@ class RedactionEngine:
         """
         cls._jsonpath_expr_cache.clear()
         cls._jsonpath_cache.clear()
     @classmethod
     def get_cache_stats(cls) -> Dict[str, int]:
         """

modules/ui/__init__.py CHANGED Viewed

	@@ -1 +1 @@
1	- # UI modules for user interaction
1	+ # UI modules for user interaction

modules/ui/confirmation.py CHANGED Viewed

@@ -9,7 +9,6 @@ from datetime import datetime, timezone
 from typing import Optional
 from mcpower_shared.mcp_types import UserDecision
 from modules.logs.audit_trail import AuditTrailLogger
 from modules.logs.logger import MCPLogger
 from . import xdialog

modules/utils/cli.py CHANGED Viewed

@@ -7,7 +7,7 @@ import argparse
 def parse_args():
     """Parse command line arguments"""
     parser = argparse.ArgumentParser(
-        description="MCPower - Transparent 1:1 MCP Wrapper with security enforcement",
+        description="Transparent MCP wrapper with security middleware for real-time policy enforcement and monitoring.",
         formatter_class=argparse.RawDescriptionHelpFormatter,
         epilog="""
 Examples:
@@ -22,18 +22,34 @@ Examples:
   # With custom name
   %(prog)s --wrapped-config '{"command": "node", "args": ["server.js"]}' --name MyWrapper
+  # IDE Tools mode
+  %(prog)s --ide-tool --ide cursor --context beforeShellExecution
 Reference Links:
-  • FastMCP Proxy: https://gofastmcp.com/servers/proxy
-  • FastMCP Middleware: https://gofastmcp.com/servers/middleware
+  • MCPower Proxy: https://github.com/ai-mcpower/mcpower-proxy
   • MCP Official: https://modelcontextprotocol.io
-  • Claude MCP Config: https://docs.anthropic.com/en/docs/claude-code/mcp
         """
     )
+    parser.add_argument(
+        '--ide-tool',
+        action='store_true',
+        help='Run in IDE tools mode'
+    )
+    parser.add_argument(
+        '--ide',
+        help='IDE name (required with --ide-tool, e.g., "cursor")'
+    )
+    parser.add_argument(
+        '--context',
+        help='Additional context (to be verified as optional by the associated --ide handler)'
+    )
     parser.add_argument(
         '--wrapped-config',
-        required=True,
         help='JSON/JSONC configuration for the wrapped MCP server (FastMCP will handle validation)'
     )
@@ -43,4 +59,18 @@ Reference Links:
         help='Name for the wrapper MCP server (default: MCPWrapper)'
     )
-    return parser.parse_args()
+    args = parser.parse_args()
+    # Validate: either --ide-tool or --wrapped-config is required
+    if not args.ide_tool and not args.wrapped_config:
+        parser.error("either --ide-tool or --wrapped-config is required")
+    # Validate: --ide-tool and --wrapped-config are mutually exclusive
+    if args.ide_tool and args.wrapped_config:
+        parser.error("--ide-tool and --wrapped-config are mutually exclusive")
+    # Validate: --ide-tool requires --ide
+    if args.ide_tool and not args.ide:
+        parser.error("--ide-tool requires --ide argument")
+    return args

mcpower-proxy 0.0.65__py3-none-any.whl → 0.0.79__py3-none-any.whl

Potentially problematic release.

mcpower-proxy 0.0.65py3-none-any.whl → 0.0.79py3-none-any.whl