PyPI - open-edison - Versions diffs - 0.1.10__py3-none-any.whl → 0.1.15__py3-none-any.whl - Mend

open-edison 0.1.10py3-none-any.whl → 0.1.15py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

{open_edison-0.1.10.dist-info → open_edison-0.1.15.dist-info}/METADATA +5 -2
open_edison-0.1.15.dist-info/RECORD +18 -0
src/cli.py +2 -2
src/config.py +53 -1
src/frontend_dist/assets/index-_NTxjOfh.js +51 -0
src/frontend_dist/assets/index-h6k8aL6h.css +1 -0
src/frontend_dist/index.html +2 -2
src/middleware/data_access_tracker.py +224 -123
src/middleware/session_tracking.py +16 -0
src/server.py +195 -7
src/telemetry.py +336 -0
open_edison-0.1.10.dist-info/RECORD +0 -17
src/frontend_dist/assets/index-CKkid2y-.js +0 -51
src/frontend_dist/assets/index-CRxojymD.css +0 -1
{open_edison-0.1.10.dist-info → open_edison-0.1.15.dist-info}/WHEEL +0 -0
{open_edison-0.1.10.dist-info → open_edison-0.1.15.dist-info}/entry_points.txt +0 -0
{open_edison-0.1.10.dist-info → open_edison-0.1.15.dist-info}/licenses/LICENSE +0 -0

src/frontend_dist/assets/index-h6k8aL6h.css ADDED Viewed

@@ -0,0 +1 @@

+ *,:before,:after{--tw-border-spacing-x: 0;--tw-border-spacing-y: 0;--tw-translate-x: 0;--tw-translate-y: 0;--tw-rotate: 0;--tw-skew-x: 0;--tw-skew-y: 0;--tw-scale-x: 1;--tw-scale-y: 1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness: proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width: 0px;--tw-ring-offset-color: #fff;--tw-ring-color: rgb(59 130 246 / .5);--tw-ring-offset-shadow: 0 0 #0000;--tw-ring-shadow: 0 0 #0000;--tw-shadow: 0 0 #0000;--tw-shadow-colored: 0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: ;--tw-contain-size: ;--tw-contain-layout: ;--tw-contain-paint: ;--tw-contain-style: }::backdrop{--tw-border-spacing-x: 0;--tw-border-spacing-y: 0;--tw-translate-x: 0;--tw-translate-y: 0;--tw-rotate: 0;--tw-skew-x: 0;--tw-skew-y: 0;--tw-scale-x: 1;--tw-scale-y: 1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness: proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width: 0px;--tw-ring-offset-color: #fff;--tw-ring-color: rgb(59 130 246 / .5);--tw-ring-offset-shadow: 0 0 #0000;--tw-ring-shadow: 0 0 #0000;--tw-shadow: 0 0 #0000;--tw-shadow-colored: 0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: ;--tw-contain-size: ;--tw-contain-layout: ;--tw-contain-paint: ;--tw-contain-style: }*,:before,:after{box-sizing:border-box;border-width:0;border-style:solid;border-color:#e5e7eb}:before,:after{--tw-content: ""}html,:host{line-height:1.5;-webkit-text-size-adjust:100%;-moz-tab-size:4;-o-tab-size:4;tab-size:4;font-family:ui-sans-serif,system-ui,sans-serif,"Apple Color Emoji","Segoe UI Emoji",Segoe UI Symbol,"Noto Color Emoji";font-feature-settings:normal;font-variation-settings:normal;-webkit-tap-highlight-color:transparent}body{margin:0;line-height:inherit}hr{height:0;color:inherit;border-top-width:1px}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,samp,pre{font-family:ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace;font-feature-settings:normal;font-variation-settings:normal;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}table{text-indent:0;border-color:inherit;border-collapse:collapse}button,input,optgroup,select,textarea{font-family:inherit;font-feature-settings:inherit;font-variation-settings:inherit;font-size:100%;font-weight:inherit;line-height:inherit;letter-spacing:inherit;color:inherit;margin:0;padding:0}button,select{text-transform:none}button,input:where([type=button]),input:where([type=reset]),input:where([type=submit]){-webkit-appearance:button;background-color:transparent;background-image:none}:-moz-focusring{outline:auto}:-moz-ui-invalid{box-shadow:none}progress{vertical-align:baseline}::-webkit-inner-spin-button,::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}summary{display:list-item}blockquote,dl,dd,h1,h2,h3,h4,h5,h6,hr,figure,p,pre{margin:0}fieldset{margin:0;padding:0}legend{padding:0}ol,ul,menu{list-style:none;margin:0;padding:0}dialog{padding:0}textarea{resize:vertical}input::-moz-placeholder,textarea::-moz-placeholder{opacity:1;color:#9ca3af}input::placeholder,textarea::placeholder{opacity:1;color:#9ca3af}button,[role=button]{cursor:pointer}:disabled{cursor:default}img,svg,video,canvas,audio,iframe,embed,object{display:block;vertical-align:middle}img,video{max-width:100%;height:auto}[hidden]:where(:not([hidden=until-found])){display:none}.\!container{width:100%!important}.container{width:100%}@media (min-width: 640px){.\!container{max-width:640px!important}.container{max-width:640px}}@media (min-width: 768px){.\!container{max-width:768px!important}.container{max-width:768px}}@media (min-width: 1024px){.\!container{max-width:1024px!important}.container{max-width:1024px}}@media (min-width: 1280px){.\!container{max-width:1280px!important}.container{max-width:1280px}}@media (min-width: 1536px){.\!container{max-width:1536px!important}.container{max-width:1536px}}.relative{position:relative}.m-0{margin:0}.mx-auto{margin-left:auto;margin-right:auto}.mb-1{margin-bottom:.25rem}.mb-2{margin-bottom:.5rem}.mb-3{margin-bottom:.75rem}.ml-2{margin-left:.5rem}.mr-2{margin-right:.5rem}.mt-0\.5{margin-top:.125rem}.mt-1{margin-top:.25rem}.mt-2{margin-top:.5rem}.mt-3{margin-top:.75rem}.mt-4{margin-top:1rem}.inline-block{display:inline-block}.flex{display:flex}.inline-flex{display:inline-flex}.table{display:table}.grid{display:grid}.hidden{display:none}.h-2{height:.5rem}.h-5{height:1.25rem}.h-6{height:1.5rem}.h-\[580px\]{height:580px}.w-10{width:2.5rem}.w-2{width:.5rem}.w-4{width:1rem}.w-5{width:1.25rem}.w-full{width:100%}.min-w-\[240px\]{min-width:240px}.max-w-\[1400px\]{max-width:1400px}.max-w-\[260px\]{max-width:260px}.border-collapse{border-collapse:collapse}.translate-x-1{--tw-translate-x: .25rem;transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skew(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}.translate-x-5{--tw-translate-x: 1.25rem;transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skew(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}.transform{transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skew(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}.cursor-pointer{cursor:pointer}.select-none{-webkit-user-select:none;-moz-user-select:none;user-select:none}.grid-cols-1{grid-template-columns:repeat(1,minmax(0,1fr))}.flex-col{flex-direction:column}.flex-wrap{flex-wrap:wrap}.items-start{align-items:flex-start}.items-end{align-items:flex-end}.items-center{align-items:center}.justify-between{justify-content:space-between}.gap-1{gap:.25rem}.gap-2{gap:.5rem}.gap-3{gap:.75rem}.space-y-1>:not([hidden])~:not([hidden]){--tw-space-y-reverse: 0;margin-top:calc(.25rem * calc(1 - var(--tw-space-y-reverse)));margin-bottom:calc(.25rem * var(--tw-space-y-reverse))}.space-y-2>:not([hidden])~:not([hidden]){--tw-space-y-reverse: 0;margin-top:calc(.5rem * calc(1 - var(--tw-space-y-reverse)));margin-bottom:calc(.5rem * var(--tw-space-y-reverse))}.space-y-3>:not([hidden])~:not([hidden]){--tw-space-y-reverse: 0;margin-top:calc(.75rem * calc(1 - var(--tw-space-y-reverse)));margin-bottom:calc(.75rem * var(--tw-space-y-reverse))}.space-y-4>:not([hidden])~:not([hidden]){--tw-space-y-reverse: 0;margin-top:calc(1rem * calc(1 - var(--tw-space-y-reverse)));margin-bottom:calc(1rem * var(--tw-space-y-reverse))}.overflow-hidden{overflow:hidden}.overflow-y-auto{overflow-y:auto}.truncate{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.whitespace-nowrap{white-space:nowrap}.whitespace-pre-wrap{white-space:pre-wrap}.rounded{border-radius:.25rem}.rounded-full{border-radius:9999px}.rounded-t{border-top-left-radius:.25rem;border-top-right-radius:.25rem}.border{border-width:1px}.border-b{border-bottom-width:1px}.border-r{border-right-width:1px}.border-amber-400\/30{border-color:#fbbf244d}.border-app-accent{border-color:var(--accent)}.border-app-border{border-color:var(--border)}.border-blue-400\/30{border-color:#60a5fa4d}.border-rose-400\/30{border-color:#fb71854d}.bg-amber-400{--tw-bg-opacity: 1;background-color:rgb(251 191 36 / var(--tw-bg-opacity, 1))}.bg-app-accent{background-color:var(--accent)}.bg-app-bg{background-color:var(--bg)}.bg-app-border{background-color:var(--border)}.bg-blue-400{--tw-bg-opacity: 1;background-color:rgb(96 165 250 / var(--tw-bg-opacity, 1))}.bg-blue-500{--tw-bg-opacity: 1;background-color:rgb(59 130 246 / var(--tw-bg-opacity, 1))}.bg-rose-400{--tw-bg-opacity: 1;background-color:rgb(251 113 133 / var(--tw-bg-opacity, 1))}.bg-white{--tw-bg-opacity: 1;background-color:rgb(255 255 255 / var(--tw-bg-opacity, 1))}.p-2{padding:.5rem}.p-3{padding:.75rem}.p-6{padding:1.5rem}.\!px-3{padding-left:.75rem!important;padding-right:.75rem!important}.\!py-2{padding-top:.5rem!important;padding-bottom:.5rem!important}.px-2{padding-left:.5rem;padding-right:.5rem}.px-3{padding-left:.75rem;padding-right:.75rem}.py-0\.5{padding-top:.125rem;padding-bottom:.125rem}.py-1{padding-top:.25rem;padding-bottom:.25rem}.py-2{padding-top:.5rem;padding-bottom:.5rem}.py-3{padding-top:.75rem;padding-bottom:.75rem}.pb-2{padding-bottom:.5rem}.text-left{text-align:left}.text-center{text-align:center}.align-bottom{vertical-align:bottom}.font-mono{font-family:ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace}.text-2xl{font-size:1.5rem;line-height:2rem}.text-\[10px\]{font-size:10px}.text-sm{font-size:.875rem;line-height:1.25rem}.text-xl{font-size:1.25rem;line-height:1.75rem}.text-xs{font-size:.75rem;line-height:1rem}.font-bold{font-weight:700}.font-medium{font-weight:500}.font-semibold{font-weight:600}.text-amber-400{--tw-text-opacity: 1;color:rgb(251 191 36 / var(--tw-text-opacity, 1))}.text-app-accent{color:var(--accent)}.text-app-muted{color:var(--muted)}.text-app-text{color:var(--text)}.text-blue-400{--tw-text-opacity: 1;color:rgb(96 165 250 / var(--tw-text-opacity, 1))}.text-green-400{--tw-text-opacity: 1;color:rgb(74 222 128 / var(--tw-text-opacity, 1))}.text-rose-400{--tw-text-opacity: 1;color:rgb(251 113 133 / var(--tw-text-opacity, 1))}.accent-blue-500{accent-color:#3b82f6}.shadow{--tw-shadow: 0 1px 3px 0 rgb(0 0 0 / .1), 0 1px 2px -1px rgb(0 0 0 / .1);--tw-shadow-colored: 0 1px 3px 0 var(--tw-shadow-color), 0 1px 2px -1px var(--tw-shadow-color);box-shadow:var(--tw-ring-offset-shadow, 0 0 #0000),var(--tw-ring-shadow, 0 0 #0000),var(--tw-shadow)}.filter{filter:var(--tw-blur) var(--tw-brightness) var(--tw-contrast) var(--tw-grayscale) var(--tw-hue-rotate) var(--tw-invert) var(--tw-saturate) var(--tw-sepia) var(--tw-drop-shadow)}.transition-colors{transition-property:color,background-color,border-color,text-decoration-color,fill,stroke;transition-timing-function:cubic-bezier(.4,0,.2,1);transition-duration:.15s}.transition-transform{transition-property:transform;transition-timing-function:cubic-bezier(.4,0,.2,1);transition-duration:.15s}:root{--bg: #0b0c10;--card: #111318;--border: #1f2430;--text: #e6e6e6;--muted: #a0a7b4;--accent: #7c3aed;--success: #10b981;--warning: #f59e0b;--danger: #ef4444}[data-theme=dark]{--bg: #0b0c10;--card: #111318;--border: #1f2430;--text: #e6e6e6;--muted: #a0a7b4}[data-theme=light]{--bg: #f8fafc;--card: #ffffff;--border: #e5e7eb;--text: #0f172a;--muted: #475569}@media (prefers-color-scheme: light){:root{--bg: #f8fafc;--card: #ffffff;--border: #e5e7eb;--text: #0f172a;--muted: #475569}}html,body,#root{height:100%}body{margin:0;background:var(--bg);color:var(--text)}.container{margin:0 auto;padding:24px;max-width:1100px}.grid{display:grid;grid-template-columns:repeat(auto-fit,minmax(280px,1fr));gap:16px}.card{background:var(--card);border:1px solid var(--border);border-radius:12px;padding:16px;box-shadow:0 1px 2px #0000000a,0 2px 12px #00000014}.stat{display:flex;align-items:center;gap:12px}.badge{display:inline-block;font-size:12px;padding:2px 8px;border-radius:999px;border:1px solid var(--border);background:#7c3aed14;color:var(--text)}.table{width:100%;border-collapse:collapse}.table th,.table td{border-bottom:1px solid var(--border);padding:8px 4px;text-align:left}.muted{color:var(--muted)}.accent{color:var(--accent)}.success{color:var(--success)}.warning{color:var(--warning)}.danger{color:var(--danger)}.toolbar{display:flex;align-items:center;justify-content:space-between;gap:12px}.button{border:1px solid var(--border);background:var(--card);color:var(--text);padding:6px 10px;border-radius:8px;cursor:pointer}.button:hover{filter:brightness(1.05)}.focus\:outline-none:focus{outline:2px solid transparent;outline-offset:2px}.focus-visible\:ring-2:focus-visible{--tw-ring-offset-shadow: var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);--tw-ring-shadow: var(--tw-ring-inset) 0 0 0 calc(2px + var(--tw-ring-offset-width)) var(--tw-ring-color);box-shadow:var(--tw-ring-offset-shadow),var(--tw-ring-shadow),var(--tw-shadow, 0 0 #0000)}.focus-visible\:ring-blue-400:focus-visible{--tw-ring-opacity: 1;--tw-ring-color: rgb(96 165 250 / var(--tw-ring-opacity, 1))}@media (min-width: 640px){.sm\:flex{display:flex}.sm\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.sm\:flex-row{flex-direction:row}.sm\:items-end{align-items:flex-end}}@media (min-width: 1024px){.lg\:grid-cols-3{grid-template-columns:repeat(3,minmax(0,1fr))}.lg\:grid-cols-\[220px_1fr\]{grid-template-columns:220px 1fr}}

src/frontend_dist/index.html CHANGED Viewed

@@ -10,8 +10,8 @@
         const prefersLight = window.matchMedia && window.matchMedia('(prefers-color-scheme: light)').matches;
         document.documentElement.setAttribute('data-theme', prefersLight ? 'light' : 'dark');
     </script>
-  <script type="module" crossorigin src="/assets/index-CKkid2y-.js"></script>
-  <link rel="stylesheet" crossorigin href="/assets/index-CRxojymD.css">
+  <script type="module" crossorigin src="/assets/index-_NTxjOfh.js"></script>
+  <link rel="stylesheet" crossorigin href="/assets/index-h6k8aL6h.css">
 </head>
 <body>

src/middleware/data_access_tracker.py CHANGED Viewed

@@ -14,23 +14,86 @@ names (with server-name/path prefixes) to their security classifications:
 import json
 from dataclasses import dataclass
-from functools import lru_cache
+from functools import cache
 from pathlib import Path
 from typing import Any
 from loguru import logger as log
 from src.config import ConfigError
+from src.telemetry import (
+    record_private_data_access,
+    record_prompt_access_blocked,
+    record_resource_access_blocked,
+    record_tool_call_blocked,
+    record_untrusted_public_data,
+    record_write_operation,
+)
+ACL_RANK: dict[str, int] = {"PUBLIC": 0, "PRIVATE": 1, "SECRET": 2}
+# Default flat permissions applied when fields are missing in config
+DEFAULT_PERMISSIONS: dict[str, Any] = {
+    "enabled": False,
+    "write_operation": False,
+    "read_private_data": False,
+    "read_untrusted_public_data": False,
+    "acl": "PUBLIC",
+}
+def _normalize_acl(value: Any, *, default: str = "PUBLIC") -> str:
+    """Normalize ACL string, defaulting and uppercasing; validate against known values."""
+    try:
+        if value is None:
+            return default
+        acl = str(value).upper().strip()
+        if acl not in ACL_RANK:
+            # Fallback to default if invalid
+            return default
+        return acl
+    except Exception:
+        return default
+def _apply_permission_defaults(config_perms: dict[str, Any]) -> dict[str, Any]:
+    """Merge provided config flags with DEFAULT_PERMISSIONS, including ACL derivation."""
+    # Start from defaults
+    merged: dict[str, Any] = dict(DEFAULT_PERMISSIONS)
+    # Booleans
+    enabled = bool(config_perms.get("enabled", merged["enabled"]))
+    write_operation = bool(config_perms.get("write_operation", merged["write_operation"]))
+    read_private_data = bool(config_perms.get("read_private_data", merged["read_private_data"]))
+    read_untrusted_public_data = bool(
+        config_perms.get("read_untrusted_public_data", merged["read_untrusted_public_data"])  # type: ignore[reportUnknownArgumentType]
+    )
+    # ACL: explicit value wins; otherwise default PRIVATE if read_private_data True, else default
+    if "acl" in config_perms and config_perms.get("acl") is not None:
+        acl = _normalize_acl(config_perms.get("acl"), default=str(merged["acl"]))
+    else:
+        acl = _normalize_acl("PRIVATE" if read_private_data else str(merged["acl"]))
+    merged.update(
+        {
+            "enabled": enabled,
+            "write_operation": write_operation,
+            "read_private_data": read_private_data,
+            "read_untrusted_public_data": read_untrusted_public_data,
+            "acl": acl,
+        }
+    )
+    return merged
-def _flat_permissions_loader(config_path: Path) -> dict[str, dict[str, bool]]:
+def _flat_permissions_loader(config_path: Path) -> dict[str, dict[str, Any]]:
     if config_path.exists():
         with open(config_path) as f:
             data: dict[str, Any] = json.load(f)
             # Handle new format: server -> {tool -> permissions}
             # Convert to flat tool -> permissions format
-            flat_permissions: dict[str, dict[str, bool]] = {}
+            flat_permissions: dict[str, dict[str, Any]] = {}
             tool_to_server: dict[str, str] = {}
             server_tools: dict[str, set[str]] = {}
@@ -77,14 +140,7 @@ def _flat_permissions_loader(config_path: Path) -> dict[str, dict[str, bool]]:
                     # Convert to flat format with explicit type casting
                     tool_perms_dict: dict[str, Any] = tool_permissions  # type: ignore
-                    flat_permissions[tool_name] = {
-                        "enabled": bool(tool_perms_dict.get("enabled", True)),
-                        "write_operation": bool(tool_perms_dict.get("write_operation", False)),
-                        "read_private_data": bool(tool_perms_dict.get("read_private_data", False)),
-                        "read_untrusted_public_data": bool(
-                            tool_perms_dict.get("read_untrusted_public_data", False)
-                        ),
-                    }
+                    flat_permissions[tool_name] = _apply_permission_defaults(tool_perms_dict)
             log.debug(
                 f"Loaded {len(flat_permissions)} tool permissions from {len(server_tools)} servers in {config_path}"
@@ -100,8 +156,8 @@ def _flat_permissions_loader(config_path: Path) -> dict[str, dict[str, bool]]:
         return {}
-@lru_cache(maxsize=1)
-def _load_tool_permissions_cached() -> dict[str, dict[str, bool]]:
+@cache
+def _load_tool_permissions_cached() -> dict[str, dict[str, Any]]:
     """Load tool permissions from JSON configuration file with LRU caching."""
     config_path = Path(__file__).parent.parent.parent / "tool_permissions.json"
@@ -115,8 +171,8 @@ def _load_tool_permissions_cached() -> dict[str, dict[str, bool]]:
         return {}
-@lru_cache(maxsize=1)
-def _load_resource_permissions_cached() -> dict[str, dict[str, bool]]:
+@cache
+def _load_resource_permissions_cached() -> dict[str, dict[str, Any]]:
     """Load resource permissions from JSON configuration file with LRU caching."""
     config_path = Path(__file__).parent.parent.parent / "resource_permissions.json"
@@ -130,8 +186,8 @@ def _load_resource_permissions_cached() -> dict[str, dict[str, bool]]:
         return {}
-@lru_cache(maxsize=1)
-def _load_prompt_permissions_cached() -> dict[str, dict[str, bool]]:
+@cache
+def _load_prompt_permissions_cached() -> dict[str, dict[str, Any]]:
     """Load prompt permissions from JSON configuration file with LRU caching."""
     config_path = Path(__file__).parent.parent.parent / "prompt_permissions.json"
@@ -145,55 +201,55 @@ def _load_prompt_permissions_cached() -> dict[str, dict[str, bool]]:
         return {}
-@lru_cache(maxsize=128)
-def _classify_tool_permissions_cached(tool_name: str) -> dict[str, bool]:
+@cache
+def _classify_tool_permissions_cached(tool_name: str) -> dict[str, Any]:
     """Classify tool permissions with LRU caching."""
     return _classify_permissions_cached(tool_name, _load_tool_permissions_cached(), "tool")
-@lru_cache(maxsize=128)
-def _classify_resource_permissions_cached(resource_name: str) -> dict[str, bool]:
+@cache
+def _classify_resource_permissions_cached(resource_name: str) -> dict[str, Any]:
     """Classify resource permissions with LRU caching."""
     return _classify_permissions_cached(
         resource_name, _load_resource_permissions_cached(), "resource"
     )
-@lru_cache(maxsize=128)
-def _classify_prompt_permissions_cached(prompt_name: str) -> dict[str, bool]:
+@cache
+def _classify_prompt_permissions_cached(prompt_name: str) -> dict[str, Any]:
     """Classify prompt permissions with LRU caching."""
     return _classify_permissions_cached(prompt_name, _load_prompt_permissions_cached(), "prompt")
-def _get_builtin_tool_permissions(name: str) -> dict[str, bool] | None:
+def _get_builtin_tool_permissions(name: str) -> dict[str, Any] | None:
     """Get permissions for built-in safe tools."""
     builtin_safe_tools = ["echo", "get_server_info", "get_security_status"]
     if name in builtin_safe_tools:
-        permissions = {
-            "enabled": True,
-            "write_operation": False,
-            "read_private_data": False,
-            "read_untrusted_public_data": False,
-        }
+        permissions = _apply_permission_defaults({"enabled": True})
         log.debug(f"Built-in safe tool {name}: {permissions}")
         return permissions
     return None
 def _get_exact_match_permissions(
-    name: str, permissions_config: dict[str, dict[str, bool]], type_name: str
-) -> dict[str, bool] | None:
+    name: str, permissions_config: dict[str, dict[str, Any]], type_name: str
+) -> dict[str, Any] | None:
     """Check for exact match permissions."""
     if name in permissions_config and not name.startswith("_"):
         config_perms = permissions_config[name]
-        permissions = {
-            "enabled": config_perms.get("enabled", False),
-            "write_operation": config_perms.get("write_operation", False),
-            "read_private_data": config_perms.get("read_private_data", False),
-            "read_untrusted_public_data": config_perms.get("read_untrusted_public_data", False),
-        }
+        permissions = _apply_permission_defaults(config_perms)
         log.debug(f"Found exact match for {type_name} {name}: {permissions}")
         return permissions
+    # Fallback: support names like "server_tool" by checking the part after first underscore
+    if "_" in name:
+        suffix = name.split("_", 1)[1]
+        if suffix in permissions_config and not suffix.startswith("_"):
+            config_perms = permissions_config[suffix]
+            permissions = _apply_permission_defaults(config_perms)
+            log.debug(
+                f"Found fallback match for {type_name} {name} using suffix {suffix}: {permissions}"
+            )
+            return permissions
     return None
@@ -224,8 +280,8 @@ def _get_wildcard_patterns(name: str, type_name: str) -> list[str]:
 def _classify_permissions_cached(
-    name: str, permissions_config: dict[str, dict[str, bool]], type_name: str
-) -> dict[str, bool]:
+    name: str, permissions_config: dict[str, dict[str, Any]], type_name: str
+) -> dict[str, Any]:
     """Generic permission classification with pattern matching support."""
     # Built-in safe tools that don't need external config (only for tools)
     if type_name == "tool":
@@ -243,12 +299,7 @@ def _classify_permissions_cached(
     for pattern in wildcard_patterns:
         if pattern in permissions_config:
             config_perms = permissions_config[pattern]
-            permissions = {
-                "enabled": config_perms.get("enabled", False),
-                "write_operation": config_perms.get("write_operation", False),
-                "read_private_data": config_perms.get("read_private_data", False),
-                "read_untrusted_public_data": config_perms.get("read_untrusted_public_data", False),
-            }
+            permissions = _apply_permission_defaults(config_perms)
             log.debug(f"Found wildcard match for {type_name} {name} using {pattern}: {permissions}")
             return permissions
@@ -277,6 +328,8 @@ class DataAccessTracker:
     has_private_data_access: bool = False
     has_untrusted_content_exposure: bool = False
     has_external_communication: bool = False
+    # ACL tracking: the most restrictive ACL encountered during this session via reads
+    highest_acl_level: str = "PUBLIC"
     def is_trifecta_achieved(self) -> bool:
         """Check if the lethal trifecta has been achieved."""
@@ -286,31 +339,31 @@ class DataAccessTracker:
             and self.has_external_communication
         )
-    def _load_tool_permissions(self) -> dict[str, dict[str, bool]]:
+    def _load_tool_permissions(self) -> dict[str, dict[str, Any]]:
         """Load tool permissions from JSON configuration file with caching."""
         return _load_tool_permissions_cached()
-    def _load_resource_permissions(self) -> dict[str, dict[str, bool]]:
+    def _load_resource_permissions(self) -> dict[str, dict[str, Any]]:
         """Load resource permissions from JSON configuration file with caching."""
         return _load_resource_permissions_cached()
-    def _load_prompt_permissions(self) -> dict[str, dict[str, bool]]:
+    def _load_prompt_permissions(self) -> dict[str, dict[str, Any]]:
         """Load prompt permissions from JSON configuration file with caching."""
         return _load_prompt_permissions_cached()
-    def _classify_by_tool_name(self, tool_name: str) -> dict[str, bool]:
+    def _classify_by_tool_name(self, tool_name: str) -> dict[str, Any]:
         """Classify permissions based on external JSON configuration only."""
         return _classify_tool_permissions_cached(tool_name)
-    def _classify_by_resource_name(self, resource_name: str) -> dict[str, bool]:
+    def _classify_by_resource_name(self, resource_name: str) -> dict[str, Any]:
         """Classify resource permissions based on external JSON configuration only."""
         return _classify_resource_permissions_cached(resource_name)
-    def _classify_by_prompt_name(self, prompt_name: str) -> dict[str, bool]:
+    def _classify_by_prompt_name(self, prompt_name: str) -> dict[str, Any]:
         """Classify prompt permissions based on external JSON configuration only."""
         return _classify_prompt_permissions_cached(prompt_name)
-    def _classify_tool_permissions(self, tool_name: str) -> dict[str, bool]:
+    def _classify_tool_permissions(self, tool_name: str) -> dict[str, Any]:
         """
         Classify tool permissions based on tool name.
@@ -323,7 +376,7 @@ class DataAccessTracker:
         log.debug(f"Classified tool {tool_name}: {permissions}")
         return permissions
-    def _classify_resource_permissions(self, resource_name: str) -> dict[str, bool]:
+    def _classify_resource_permissions(self, resource_name: str) -> dict[str, Any]:
         """
         Classify resource permissions based on resource name.
@@ -336,7 +389,7 @@ class DataAccessTracker:
         log.debug(f"Classified resource {resource_name}: {permissions}")
         return permissions
-    def _classify_prompt_permissions(self, prompt_name: str) -> dict[str, bool]:
+    def _classify_prompt_permissions(self, prompt_name: str) -> dict[str, Any]:
         """
         Classify prompt permissions based on prompt name.
@@ -349,35 +402,90 @@ class DataAccessTracker:
         log.debug(f"Classified prompt {prompt_name}: {permissions}")
         return permissions
-    def get_tool_permissions(self, tool_name: str) -> dict[str, bool]:
+    def get_tool_permissions(self, tool_name: str) -> dict[str, Any]:
         """Get tool permissions based on tool name."""
         return self._classify_tool_permissions(tool_name)
-    def get_resource_permissions(self, resource_name: str) -> dict[str, bool]:
+    def get_resource_permissions(self, resource_name: str) -> dict[str, Any]:
         """Get resource permissions based on resource name."""
         return self._classify_resource_permissions(resource_name)
-    def get_prompt_permissions(self, prompt_name: str) -> dict[str, bool]:
+    def get_prompt_permissions(self, prompt_name: str) -> dict[str, Any]:
         """Get prompt permissions based on prompt name."""
         return self._classify_prompt_permissions(prompt_name)
-    def add_tool_call(self, tool_name: str) -> str:
+    def _would_call_complete_trifecta(self, permissions: dict[str, Any]) -> bool:
+        """Return True if applying these permissions would complete the trifecta."""
+        would_private = self.has_private_data_access or bool(permissions.get("read_private_data"))
+        would_untrusted = self.has_untrusted_content_exposure or bool(
+            permissions.get("read_untrusted_public_data")
+        )
+        would_write = self.has_external_communication or bool(permissions.get("write_operation"))
+        return bool(would_private and would_untrusted and would_write)
+    def _enforce_tool_enabled(self, permissions: dict[str, Any], tool_name: str) -> None:
+        if permissions["enabled"] is False:
+            log.warning(f"🚫 BLOCKING tool call {tool_name} - tool is disabled")
+            record_tool_call_blocked(tool_name, "disabled")
+            raise SecurityError(f"'{tool_name}' / Tool disabled")
+    def _enforce_acl_downgrade_block(
+        self, tool_acl: str, permissions: dict[str, Any], tool_name: str
+    ) -> None:
+        if permissions["write_operation"]:
+            current_rank = ACL_RANK.get(self.highest_acl_level, 0)
+            write_rank = ACL_RANK.get(tool_acl, 0)
+            if write_rank < current_rank:
+                log.error(
+                    f"🚫 BLOCKING tool call {tool_name} - write to lower ACL ({tool_acl}) while session has higher ACL {self.highest_acl_level}"
+                )
+                record_tool_call_blocked(tool_name, "acl_downgrade")
+                raise SecurityError(f"'{tool_name}' / ACL (level={self.highest_acl_level})")
+    def _apply_permissions_effects(
+        self,
+        permissions: dict[str, Any],
+        *,
+        source_type: str,
+        name: str,
+    ) -> None:
+        """Apply side effects (flags, ACL, telemetry) for any source type."""
+        acl_value: str = _normalize_acl(permissions.get("acl"), default="PUBLIC")
+        if permissions["read_private_data"]:
+            self.has_private_data_access = True
+            log.info(f"🔒 Private data access detected via {source_type}: {name}")
+            record_private_data_access(source_type, name)
+            # Update highest ACL based on ACL when reading private data
+            current_rank = ACL_RANK.get(self.highest_acl_level, 0)
+            new_rank = ACL_RANK.get(acl_value, 0)
+            if new_rank > current_rank:
+                self.highest_acl_level = acl_value
+        if permissions["read_untrusted_public_data"]:
+            self.has_untrusted_content_exposure = True
+            log.info(f"🌐 Untrusted content exposure detected via {source_type}: {name}")
+            record_untrusted_public_data(source_type, name)
+        if permissions["write_operation"]:
+            self.has_external_communication = True
+            log.info(f"✍️ Write operation detected via {source_type}: {name}")
+            record_write_operation(source_type, name)
+    def add_tool_call(self, tool_name: str):
         """
         Add a tool call and update trifecta flags based on tool classification.
         Args:
             tool_name: Name of the tool being called
-        Returns:
-            Placeholder ID for compatibility
         Raises:
             SecurityError: If the lethal trifecta is already achieved and this call would be blocked
         """
         # Check if trifecta is already achieved before processing this call
         if self.is_trifecta_achieved():
-            log.error(f"🚫 BLOCKING tool call {tool_name} - lethal trifecta already achieved")
-            raise SecurityError(f"Tool call '{tool_name}' blocked: lethal trifecta achieved")
+            log.error(f"🚫 BLOCKING tool call {tool_name} - lethal trifecta achieved")
+            record_tool_call_blocked(tool_name, "trifecta")
+            raise SecurityError(f"'{tool_name}' / Lethal trifecta")
         # Get tool permissions and update trifecta flags
         permissions = self._classify_tool_permissions(tool_name)
@@ -385,38 +493,30 @@ class DataAccessTracker:
         log.debug(f"add_tool_call: Tool permissions: {permissions}")
         # Check if tool is enabled
-        if permissions["enabled"] is False:
-            log.warning(f"🚫 BLOCKING tool call {tool_name} - tool is disabled")
-            raise SecurityError(f"Tool call '{tool_name}' blocked: tool is disabled")
+        self._enforce_tool_enabled(permissions, tool_name)
-        if permissions["read_private_data"]:
-            self.has_private_data_access = True
-            log.info(f"🔒 Private data access detected: {tool_name}")
+        # ACL-based write downgrade prevention
+        tool_acl: str = _normalize_acl(permissions.get("acl"), default="PUBLIC")
+        self._enforce_acl_downgrade_block(tool_acl, permissions, tool_name)
-        if permissions["read_untrusted_public_data"]:
-            self.has_untrusted_content_exposure = True
-            log.info(f"🌐 Untrusted content exposure detected: {tool_name}")
+        # Pre-check: would this call achieve the lethal trifecta? If so, block immediately
+        if self._would_call_complete_trifecta(permissions):
+            log.error(f"🚫 BLOCKING tool call {tool_name} - would achieve lethal trifecta")
+            record_tool_call_blocked(tool_name, "trifecta_prevent")
+            raise SecurityError(f"'{tool_name}' / Lethal trifecta")
-        if permissions["write_operation"]:
-            self.has_external_communication = True
-            log.info(f"✍️ Write operation detected: {tool_name}")
-        # Log if trifecta is achieved after this call
-        if self.is_trifecta_achieved():
-            log.warning(f"⚠️ LETHAL TRIFECTA ACHIEVED after tool call: {tool_name}")
+        self._apply_permissions_effects(permissions, source_type="tool", name=tool_name)
-        return "placeholder_id"
+        # We proactively prevent trifecta; by design we should never reach a state where
+        # a completed call newly achieves trifecta.
-    def add_resource_access(self, resource_name: str) -> str:
+    def add_resource_access(self, resource_name: str):
         """
         Add a resource access and update trifecta flags based on resource classification.
         Args:
             resource_name: Name/URI of the resource being accessed
-        Returns:
-            Placeholder ID for compatibility
         Raises:
             SecurityError: If the lethal trifecta is already achieved and this access would be blocked
         """
@@ -425,69 +525,52 @@ class DataAccessTracker:
             log.error(
                 f"🚫 BLOCKING resource access {resource_name} - lethal trifecta already achieved"
             )
-            raise SecurityError(
-                f"Resource access '{resource_name}' blocked: lethal trifecta achieved"
-            )
+            raise SecurityError(f"'{resource_name}' / Lethal trifecta")
         # Get resource permissions and update trifecta flags
         permissions = self._classify_resource_permissions(resource_name)
-        if permissions["read_private_data"]:
-            self.has_private_data_access = True
-            log.info(f"🔒 Private data access detected via resource: {resource_name}")
-        if permissions["read_untrusted_public_data"]:
-            self.has_untrusted_content_exposure = True
-            log.info(f"🌐 Untrusted content exposure detected via resource: {resource_name}")
-        if permissions["write_operation"]:
-            self.has_external_communication = True
-            log.info(f"✍️ Write operation detected via resource: {resource_name}")
+        # Pre-check: would this access achieve the lethal trifecta? If so, block immediately
+        if self._would_call_complete_trifecta(permissions):
+            log.error(
+                f"🚫 BLOCKING resource access {resource_name} - would achieve lethal trifecta"
+            )
+            record_resource_access_blocked(resource_name, "trifecta_prevent")
+            raise SecurityError(f"'{resource_name}' / Lethal trifecta")
-        # Log if trifecta is achieved after this access
-        if self.is_trifecta_achieved():
-            log.warning(f"⚠️ LETHAL TRIFECTA ACHIEVED after resource access: {resource_name}")
+        self._apply_permissions_effects(permissions, source_type="resource", name=resource_name)
-        return "placeholder_id"
+        # We proactively prevent trifecta; by design we should never reach a state where
+        # a completed access newly achieves trifecta.
-    def add_prompt_access(self, prompt_name: str) -> str:
+    def add_prompt_access(self, prompt_name: str):
         """
         Add a prompt access and update trifecta flags based on prompt classification.
         Args:
             prompt_name: Name/type of the prompt being accessed
-        Returns:
-            Placeholder ID for compatibility
         Raises:
             SecurityError: If the lethal trifecta is already achieved and this access would be blocked
         """
         # Check if trifecta is already achieved before processing this access
         if self.is_trifecta_achieved():
             log.error(f"🚫 BLOCKING prompt access {prompt_name} - lethal trifecta already achieved")
-            raise SecurityError(f"Prompt access '{prompt_name}' blocked: lethal trifecta achieved")
+            raise SecurityError(f"'{prompt_name}' / Lethal trifecta")
         # Get prompt permissions and update trifecta flags
         permissions = self._classify_prompt_permissions(prompt_name)
-        if permissions["read_private_data"]:
-            self.has_private_data_access = True
-            log.info(f"🔒 Private data access detected via prompt: {prompt_name}")
-        if permissions["read_untrusted_public_data"]:
-            self.has_untrusted_content_exposure = True
-            log.info(f"🌐 Untrusted content exposure detected via prompt: {prompt_name}")
-        if permissions["write_operation"]:
-            self.has_external_communication = True
-            log.info(f"✍️ Write operation detected via prompt: {prompt_name}")
+        # Pre-check: would this access achieve the lethal trifecta? If so, block immediately
+        if self._would_call_complete_trifecta(permissions):
+            log.error(f"🚫 BLOCKING prompt access {prompt_name} - would achieve lethal trifecta")
+            record_prompt_access_blocked(prompt_name, "trifecta_prevent")
+            raise SecurityError(f"'{prompt_name}' / Lethal trifecta")
-        # Log if trifecta is achieved after this access
-        if self.is_trifecta_achieved():
-            log.warning(f"⚠️ LETHAL TRIFECTA ACHIEVED after prompt access: {prompt_name}")
+        self._apply_permissions_effects(permissions, source_type="prompt", name=prompt_name)
-        return "placeholder_id"
+        # We proactively prevent trifecta; by design we should never reach a state where
+        # a completed access newly achieves trifecta.
     def to_dict(self) -> dict[str, Any]:
         """
@@ -503,8 +586,26 @@ class DataAccessTracker:
                 "has_external_communication": self.has_external_communication,
                 "trifecta_achieved": self.is_trifecta_achieved(),
             },
+            "acl": {
+                "highest_acl_level": self.highest_acl_level,
+            },
         }
 class SecurityError(Exception):
     """Raised when a security policy violation occurs."""
+    def __init__(self, message: str):
+        """We format with a brick ascii wall"""
+        message = f"""
+ ████ ████ ████ ████ ████ ████
+ ██ ████ ████ ████ ████ ████ █
+ ████ ████ ████ ████ ████ ████
+       BLOCKED BY EDISON
+ {message:^30}
+ ████ ████ ████ ████ ████ ████
+ ██ ████ ████ ████ ████ ████ █
+ ████ ████ ████ ████ ████ ████
+        {message}
+        """
+        super().__init__(message)

open-edison 0.1.10__py3-none-any.whl → 0.1.15__py3-none-any.whl

open-edison 0.1.10py3-none-any.whl → 0.1.15py3-none-any.whl