open-edison 0.1.15__py3-none-any.whl → 0.1.17__py3-none-any.whl

{open_edison-0.1.15.dist-info → open_edison-0.1.17.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: open-edison
-Version: 0.1.15
+Version: 0.1.17
 Summary: Open-source MCP security, aggregation, and monitoring. Single-user, self-hosted MCP proxy.
 Author-email: Hugo Berg <hugo@edison.watch>
 License-File: LICENSE
@@ -25,12 +25,38 @@ Requires-Dist: pytest>=8.3.3; extra == 'dev'
 Requires-Dist: ruff>=0.12.3; extra == 'dev'
 Description-Content-Type: text/markdown
 
-# Open Edison
+# OpenEdison
 
 Open-source MCP security gateway that prevents data exfiltration—via direct access or tool chaining—with full monitoring for local single‑user deployments. Provides core functionality of <https://edison.watch> for local, single-user use.
 
+Just want to run it?
+
+```bash
+# Installs uv (via Astral installer) and launches open-edison with uvx.
+# Note: This does NOT install Node/npx. Install Node if you plan to use npx-based tools like mcp-remote.
+curl -fsSL https://raw.githubusercontent.com/Edison-Watch/open-edison/main/curl_pipe_bash.sh | bash
+```
+
 Run locally with uvx: `uvx open-edison --config-dir ~/edison-config`
 
+If you need `npx` (for Node-based MCP tools like `mcp-remote`), install Node.js as well:
+
+- macOS:
+  - uv: `curl -fsSL https://astral.sh/uv/install.sh | sh`
+  - Node/npx: `brew install node`
+- Linux (Debian/Ubuntu):
+  - uv: `curl -fsSL https://astral.sh/uv/install.sh | sh`
+  - Node/npx: `sudo apt-get update && sudo apt-get install -y nodejs npm`
+- Windows (PowerShell):
+  - uv: `powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"`
+  - Node/npx: `winget install -e --id OpenJS.NodeJS`
+
+After installation, ensure that `npx` is available on PATH.
+
+<div align="center">
+  <h2>📧 Interested in connecting AI to your business software with proper access controls? <a href="mailto:hello@edison.watch">Contact us</a> to discuss.</h2>
+</div>
+
 ## Features
 
 - **Single-user MCP proxy** - No multi-user complexity, just a simple proxy for your MCP servers
@@ -65,6 +91,25 @@ open-edison run --config-dir ~/edison-config
 OPEN_EDISON_CONFIG_DIR=~/edison-config open-edison run
 ```
 
+### Run with Docker
+
+There is a dockerfile for simple local setup.
+
+```bash
+# Single-line:
+git clone https://github.com/GatlingX/open-edison.git && cd open-edison && make docker_run
+
+# Or
+# Clone repo
+git clone https://github.com/GatlingX/open-edison.git
+# Enter repo
+cd open-edison
+# Build and run
+make docker_run
+```
+
+The MCP server will be available at `http://localhost:3000` and the api + frontend at `http://localhost:3001`.
+
 ### Run from source
 
 1. Clone the repository:
@@ -74,33 +119,26 @@ git clone https://github.com/GatlingX/open-edison.git
 cd open-edison
 ```
 
-2. Set up the project:
+1. Set up the project:
 
 ```bash
 make setup
 ```
 
-3. Edit `config.json` to configure your MCP servers:
+1. Edit `config.json` to configure your MCP servers. See the full file: [config.json](config.json), it looks like:
 
 ```json
 {
-  "server": {
-    "host": "localhost",
-    "port": 3000,
-    "api_key": "your-secure-api-key"
-  },
+  "server": { "host": "0.0.0.0", "port": 3000, "api_key": "..." },
+  "logging": { "level": "INFO", "database_path": "sessions.db" },
   "mcp_servers": [
-    {
-      "name": "filesystem",
-      "command": "uvx",
-      "args": ["mcp-server-filesystem", "/path/to/directory"],
-      "enabled": true
-    }
+    { "name": "filesystem", "command": "uvx", "args": ["mcp-server-filesystem", "/tmp"], "enabled": true },
+    { "name": "github", "enabled": false, "env": { "GITHUB_PERSONAL_ACCESS_TOKEN": "..." } }
   ]
 }
 ```
 
-4. Run the server:
+1. Run the server:
 
 ```bash
 make run
@@ -110,18 +148,9 @@ open-edison run
 
 The server will be available at `http://localhost:3000`.
 
-### Run with Docker
-
-```bash
-# After cloning the repo
-make docker_run
-```
-
-The MCP server will be available at `http://localhost:3000` and the api + frontend at `http://localhost:3001`.
-
 ## MCP Connection
 
-Connect any MCP client to Open Edison:
+Connect any MCP client to Open Edison (requires Node.js/npm for `npx`):
 
 ```bash
 npx -y mcp-remote http://localhost:3000/mcp/ --http-only --header "Authorization: Bearer your-api-key"
@@ -144,64 +173,28 @@ Or add to your MCP client config:
 
 ### API Endpoints
 
-Api is on port 3001 (or configured MCP server port + 1).
-
-- `GET /health` - Health check
-- `GET /mcp/status` - Get status of configured MCP servers
-- `POST /mcp/{server_name}/start` - Start a specific MCP server
-- `POST /mcp/{server_name}/stop` - Stop a specific MCP server
-- `POST /mcp/call` - Proxy MCP calls to running servers
-- `GET /sessions` - Get session logs (coming soon)
-
-All endpoints except `/health` require the `Authorization: Bearer <api_key>` header.
+See [API Reference](docs/quick-reference/api_reference.md) for full API documentation.
 
 ## Development
 
-```bash
-# Install dependencies
-make sync
+### Setup
 
-# Run with auto-reload
-make dev
+Setup from source as above.
 
-# Run tests
-make test
+### Run
 
-# Lint code
-make lint
-
-# Format code
-make format
-```
-
-### Website (Sessions Dashboard)
-
-A minimal React + Vite frontend is included at `open-edison/frontend/`.
-
-Run it with a single command from the repo root or via the CLI:
+Server doesn't have any auto-reload at the moment, so you'll need to run & ctrl-c this during development.
 
 ```bash
-make website
-# or
-open-edison website
+make run
 ```
 
-This will install frontend deps (first run) and start the dev server. Open the URL shown (typically `http://localhost:5173` or `5174`).
+### Tests/code quality
 
-Notes:
-
-- The dashboard reads session data directly from the SQLite database `edison.db` in the repo root via sql.js.
-- The Configs tab provides JSON editors (with syntax highlighting) for `config.json`, `tool_permissions.json`, `resource_permissions.json`, and `prompt_permissions.json`.
-- You can Save changes directly while the dev server is running; writes are constrained to the project root.
-
-## Docker
+We expect `make ci` to return cleanly.
 
 ```bash
-# Build Docker image
-make docker_build
-
-# Run in Docker
-make docker_run
+make ci
 ```
 
 ## Configuration
@@ -230,80 +223,48 @@ Open Edison includes a comprehensive security monitoring system that tracks the
 2. **Untrusted content exposure** - Exposure to external/web content  
 3. **External communication** - Ability to write/send data externally
 
-The system monitors these risks across **tools**, **resources**, and **prompts** using separate configuration files.
+The configuration allows you to classify these risks across **tools**, **resources**, and **prompts** using separate configuration files.
+
+In addition to trifecta, we track Access Control Level (ACL) for each tool call,
+that is, each tool has an ACL level (one of PUBLIC, PRIVATE, or SECRET), and we track the highest ACL level for each session.
+If a write operation is attempted to a lower ACL level, it is blocked.
 
 ### Tool Permissions (`tool_permissions.json`)
 
-Defines security classifications for MCP tools. Each tool is classified with three boolean flags:
+Defines security classifications for MCP tools. See full file: [tool_permissions.json](tool_permissions.json), it looks like:
 
 ```json
 {
-  "filesystem_read_file": {
-    "write_operation": false,
-    "read_private_data": true,
-    "read_untrusted_public_data": false
+  "_metadata": { "last_updated": "2025-08-07" },
+  "builtin": {
+    "get_security_status": { "enabled": true, "write_operation": false, "read_private_data": false, "read_untrusted_public_data": false, "acl": "PUBLIC" }
   },
-  "sqlite_create_record": {
-    "write_operation": true,
-    "read_private_data": true,
-    "read_untrusted_public_data": false
+  "filesystem": {
+    "read_file": { "enabled": true, "write_operation": false, "read_private_data": true, "read_untrusted_public_data": false, "acl": "PRIVATE" },
+    "write_file": { "enabled": true, "write_operation": true, "read_private_data": true, "read_untrusted_public_data": false, "acl": "PRIVATE" }
   }
 }
 ```
 
 ### Resource Permissions (`resource_permissions.json`)
 
-Defines security classifications for resource access patterns. Currently empty - add classifications as needed:
+Defines security classifications for resource access patterns. See full file: [resource_permissions.json](resource_permissions.json), it looks like:
 
 ```json
 {
-  "_metadata": {
-    "description": "Resource security classifications for Open Edison data access tracker",
-    "last_updated": "2025-08-07"
-  },
-  "file:*": {
-    "write_operation": false,
-    "read_private_data": true,
-    "read_untrusted_public_data": false
-  },
-  "http:*": {
-    "write_operation": false,
-    "read_private_data": false,
-    "read_untrusted_public_data": true
-  },
-  "database:*": {
-    "write_operation": false,
-    "read_private_data": true,
-    "read_untrusted_public_data": false
-  }
+  "_metadata": { "last_updated": "2025-08-07" },
+  "builtin": { "config://app": { "enabled": true, "write_operation": false, "read_private_data": false, "read_untrusted_public_data": false } }
 }
 ```
 
 ### Prompt Permissions (`prompt_permissions.json`)
 
-Defines security classifications for prompt types. Currently empty - add classifications as needed:
+Defines security classifications for prompt types. See full file: [prompt_permissions.json](prompt_permissions.json), it looks like:
 
 ```json
 {
-  "_metadata": {
-    "description": "Prompt security classifications for Open Edison data access tracker", 
-    "last_updated": "2025-08-07"
-  },
-  "system": {
-    "write_operation": false,
-    "read_private_data": false,
-    "read_untrusted_public_data": false
-  },
-  "external_prompt": {
-    "write_operation": false,
-    "read_private_data": false,
-    "read_untrusted_public_data": true
-  },
-  "prompt:file:*": {
-    "write_operation": false,
-    "read_private_data": true,
-    "read_untrusted_public_data": false
-  }
+  "_metadata": { "last_updated": "2025-08-07" },
+  "builtin": { "summarize_text": { "enabled": true, "write_operation": false, "read_private_data": false, "read_untrusted_public_data": false } }
 }
 ```
 

open_edison-0.1.17.dist-info/RECORD

@@ -0,0 +1,14 @@
+src/__init__.py,sha256=QWeZdjAm2D2B0eWhd8m2-DPpWvIP26KcNJxwEoU1oEQ,254
+src/__main__.py,sha256=kQsaVyzRa_ESC57JpKDSQJAHExuXme0rM5beJsYxFeA,161
+src/cli.py,sha256=9cJN6mRvjbCcpTyTdUVl47J7OB7bxzSy0h8tfVbHuQU,9982
+src/config.py,sha256=2a5rdImQmNGggL690PQprqZVsRUAJcdo8KS2Foj9N-U,9345
+src/server.py,sha256=h8sKLoHix27J_hgUXGZiJSJ1qcFSEpcrOmsTSpg0IWw,26544
+src/single_user_mcp.py,sha256=Ic8kOyUHN2VgytFyHk1OZ1JufXbGa3Cwm-plC-QQ7eY,14379
+src/telemetry.py,sha256=M8iZ7nTPA6BhbPna_xsEoTOOa7A81YyvZ0CkVYa_pPg,12619
+src/middleware/data_access_tracker.py,sha256=RZh1RCBYDEbvVIJPkDUz0bfLmK-xYIdV0lGbIxbJYc0,25966
+src/middleware/session_tracking.py,sha256=O-n8RvEVCUGAFGYny_gA7-MMQYSlvND-lj3oBZLCT3U,20046
+open_edison-0.1.17.dist-info/METADATA,sha256=aPZmsRIcpAizxFdwN6rZ8GfU3KsDlTfIjB3z8T_bFsA,9377
+open_edison-0.1.17.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+open_edison-0.1.17.dist-info/entry_points.txt,sha256=qNAkJcnoTXRhj8J--3PDmXz_TQKdB8H_0C9wiCtDIyA,72
+open_edison-0.1.17.dist-info/licenses/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+open_edison-0.1.17.dist-info/RECORD,,

src/middleware/session_tracking.py

@@ -102,7 +102,7 @@ def create_db_session() -> Generator[Session, None, None]:
 
     # Ensure changes are flushed to the main database file (avoid WAL for sql.js compatibility)
     @event.listens_for(engine, "connect")
-    def _set_sqlite_pragmas(dbapi_connection, connection_record):  # type: ignore[no-untyped-def]
+    def _set_sqlite_pragmas(dbapi_connection, connection_record):  # type: ignore[no-untyped-def] # noqa
         cur = dbapi_connection.cursor()  # type: ignore[attr-defined]
         try:
             cur.execute("PRAGMA journal_mode=DELETE")  # type: ignore[attr-defined]
@@ -296,7 +296,7 @@ class SessionTrackingMiddleware(Middleware):
 
         assert session.data_access_tracker is not None
         log.debug(f"🔍 Analyzing tool {context.message.name} for security implications")
-        _ = session.data_access_tracker.add_tool_call(context.message.name)
+        session.data_access_tracker.add_tool_call(context.message.name)
         # Telemetry: record tool call
         record_tool_call(context.message.name)
 

src/server.py

@@ -6,6 +6,7 @@ No multi-user support, no complex routing - just a straightforward proxy.
 """
 
 import asyncio
+import json
 import traceback
 from collections.abc import Awaitable, Callable, Coroutine
 from pathlib import Path
@@ -23,7 +24,6 @@ from pydantic import BaseModel, Field
 
 from src.config import MCPServerConfig, config
 from src.config import get_config_dir as _get_cfg_dir  # type: ignore[attr-defined]
-from src.mcp_manager import MCPManager
 from src.middleware.session_tracking import (
     MCPSessionModel,
     create_db_session,
@@ -57,8 +57,7 @@ class OpenEdisonProxy:
         self.port: int = port
 
         # Initialize components
-        self.mcp_manager: MCPManager = MCPManager()
-        self.single_user_mcp: SingleUserMCP = SingleUserMCP(self.mcp_manager)
+        self.single_user_mcp: SingleUserMCP = SingleUserMCP()
 
         # Initialize FastAPI app for management
         self.fastapi_app: FastAPI = self._create_fastapi_app()
@@ -184,30 +183,33 @@ class OpenEdisonProxy:
             """
             Resolve a JSON config file path consistently with src.config defaults.
 
-            Precedence for reads (and writes if chosen):
-            1) Repository root next to src/ (editable/dev) if file exists
-            2) Config dir (OPEN_EDISON_CONFIG_DIR or platform default)
-               - If missing, bootstrap from repo root default when available
-            3) Current working directory as last resort
+            Precedence for reads and writes:
+            1) Config dir (OPEN_EDISON_CONFIG_DIR or platform default) — if file exists
+            2) Repository/package defaults next to src/ — and bootstrap a copy into the config dir if missing
+            3) Config dir target path (even if not yet created) as last resort
             """
-            # 1) Prefer repository root next to src/
-            repo_candidate = Path(__file__).parent.parent / filename
-            if repo_candidate.exists():
-                return repo_candidate
-
-            # 2) Config directory
+            # 1) Config directory (preferred)
             try:
                 base = _get_cfg_dir()
             except Exception:
                 base = Path.cwd()
             target = base / filename
-            if (not target.exists()) and repo_candidate.exists():
+            if target.exists():
+                return target
+
+            # 2) Repository/package defaults next to src/
+            repo_candidate = Path(__file__).parent.parent / filename
+            if repo_candidate.exists():
+                # Bootstrap a copy into config dir when possible
                 try:
                     target.parent.mkdir(parents=True, exist_ok=True)
                     target.write_text(repo_candidate.read_text(encoding="utf-8"), encoding="utf-8")
                 except Exception:
                     pass
-            return target if target.exists() else repo_candidate
+                return target if target.exists() else repo_candidate
+
+            # 3) Fall back to config dir path (will be created on save)
+            return target
 
         async def _serve_json(filename: str) -> Response:  # type: ignore[override]
             if filename not in allowed_json_files:
@@ -238,23 +240,28 @@ class OpenEdisonProxy:
                 content = body.get("content", "")
                 if not isinstance(content, str):
                     raise ValueError("content must be string")
+                source: str = "unknown"
                 if isinstance(name, str) and name in allowed_json_files:
                     target = _resolve_json_path(name)
+                    source = f"name={name}"
                 elif isinstance(path_val, str):
-                    base = Path.cwd()
-                    # Normalize path but restrict to allowed filenames
+                    # Normalize path but restrict to allowed filenames, then resolve like reads
                     candidate = Path(path_val)
                     filename = candidate.name
                     if filename not in allowed_json_files:
                         raise ValueError("filename not allowed")
-                    target = base / filename
+                    target = _resolve_json_path(filename)
+                    source = f"path={path_val} -> filename={filename}"
                 else:
                     raise ValueError("invalid target file")
-                # Basic validation to ensure valid JSON
-                import json as _json
 
-                _ = _json.loads(content or "{}")
+                log.debug(
+                    f"Saving JSON config ({source}), resolved target: {target} (bytes={len(content.encode('utf-8'))})"
+                )
+
+                _ = json.loads(content or "{}")
                 target.write_text(content or "{}", encoding="utf-8")
+                log.debug(f"Saved JSON config to {target}")
                 return {"status": "ok"}
             except Exception as e:  # noqa: BLE001
                 raise HTTPException(status_code=400, detail=f"Save failed: {e}") from e
@@ -348,12 +355,6 @@ class OpenEdisonProxy:
         log.info("🚀 Starting both FastAPI and FastMCP servers...")
         _ = await asyncio.gather(*servers_to_run)
 
-    async def shutdown(self) -> None:
-        """Shutdown the proxy server and all MCP servers"""
-        log.info("🛑 Shutting down Open Edison proxy server")
-        await self.mcp_manager.shutdown()
-        log.info("✅ Open Edison proxy server shutdown complete")
-
     def _register_routes(self, app: FastAPI) -> None:
         """Register all routes for the FastAPI app"""
         # Register routes with their decorators
@@ -364,48 +365,18 @@ class OpenEdisonProxy:
             methods=["GET"],
             dependencies=[Depends(self.verify_api_key)],
         )
-        app.add_api_route(
-            "/mcp/{server_name}/start",
-            self.start_mcp_server,
-            methods=["POST"],
-            dependencies=[Depends(self.verify_api_key)],
-        )
         app.add_api_route(
             "/mcp/validate",
             self.validate_mcp_server,
             methods=["POST"],
             # Intentionally no auth required for validation for now
         )
-        app.add_api_route(
-            "/mcp/{server_name}/stop",
-            self.stop_mcp_server,
-            methods=["POST"],
-            dependencies=[Depends(self.verify_api_key)],
-        )
-        app.add_api_route(
-            "/mcp/call",
-            self.proxy_mcp_call,
-            methods=["POST"],
-            dependencies=[Depends(self.verify_api_key)],
-        )
         app.add_api_route(
             "/mcp/mounted",
             self.get_mounted_servers,
             methods=["GET"],
             dependencies=[Depends(self.verify_api_key)],
         )
-        app.add_api_route(
-            "/mcp/{server_name}/mount",
-            self.mount_server,
-            methods=["POST"],
-            dependencies=[Depends(self.verify_api_key)],
-        )
-        app.add_api_route(
-            "/mcp/{server_name}/unmount",
-            self.unmount_server,
-            methods=["POST"],
-            dependencies=[Depends(self.verify_api_key)],
-        )
         # Public sessions endpoint (no auth) for simple local dashboard
         app.add_api_route(
             "/sessions",
@@ -426,6 +397,18 @@ class OpenEdisonProxy:
             raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid API key")
         return credentials.credentials
 
+    async def mcp_status(self) -> dict[str, list[dict[str, Any]]]:
+        """Get status of configured MCP servers (auth required)."""
+        return {
+            "servers": [
+                {
+                    "name": server.name,
+                    "enabled": server.enabled,
+                }
+                for server in config.mcp_servers
+            ]
+        }
+
     def _handle_server_operation_error(
         self, operation: str, server_name: str, error: Exception
     ) -> HTTPException:
@@ -451,63 +434,6 @@ class OpenEdisonProxy:
         """Health check endpoint"""
         return {"status": "healthy", "version": "0.1.0", "mcp_servers": len(config.mcp_servers)}
 
-    async def mcp_status(self) -> dict[str, list[dict[str, str | bool]]]:
-        """Get status of configured MCP servers"""
-        return {
-            "servers": [
-                {
-                    "name": server.name,
-                    "enabled": server.enabled,
-                    "running": await self.mcp_manager.is_server_running(server.name),
-                }
-                for server in config.mcp_servers
-            ]
-        }
-
-    async def start_mcp_server(self, server_name: str) -> dict[str, str]:
-        """Start a specific MCP server"""
-        try:
-            _ = await self.mcp_manager.start_server(server_name)
-            return {"message": f"Server {server_name} started successfully"}
-        except Exception as e:
-            raise self._handle_server_operation_error("start", server_name, e) from e
-
-    async def stop_mcp_server(self, server_name: str) -> dict[str, str]:
-        """Stop a specific MCP server"""
-        try:
-            await self.mcp_manager.stop_server(server_name)
-            return {"message": f"Server {server_name} stopped successfully"}
-        except Exception as e:
-            raise self._handle_server_operation_error("stop", server_name, e) from e
-
-    async def proxy_mcp_call(self, request: dict[str, Any]) -> dict[str, Any]:
-        """
-        Proxy MCP calls to mounted servers.
-
-        This now routes requests through the mounted FastMCP servers.
-        """
-        try:
-            log.info(f"Proxying MCP request: {request.get('method', 'unknown')}")
-
-            mounted = await self.single_user_mcp.get_mounted_servers()
-            mounted_names = [server["name"] for server in mounted]
-
-            return {
-                "jsonrpc": "2.0",
-                "id": request.get("id"),
-                "result": {
-                    "message": "MCP request routed through FastMCP",
-                    "request": request,
-                    "mounted_servers": mounted_names,
-                },
-            }
-        except Exception as e:
-            log.error(f"Failed to proxy MCP call: {e}")
-            raise HTTPException(
-                status_code=500,
-                detail=f"Failed to proxy MCP call: {str(e)}",
-            ) from e
-
     async def get_mounted_servers(self) -> dict[str, Any]:
         """Get list of currently mounted MCP servers."""
         try:
@@ -520,36 +446,6 @@ class OpenEdisonProxy:
                 detail=f"Failed to get mounted servers: {str(e)}",
             ) from e
 
-    async def mount_server(self, server_name: str) -> dict[str, str]:
-        """Mount a specific MCP server."""
-        try:
-            server_config = self._find_server_config(server_name)
-            success = await self.single_user_mcp.mount_server(server_config)
-            if success:
-                return {"message": f"Server {server_name} mounted successfully"}
-            raise HTTPException(
-                status_code=500,
-                detail=f"Failed to mount server: {server_name}",
-            )
-        except HTTPException:
-            raise
-        except Exception as e:
-            raise self._handle_server_operation_error("mount", server_name, e) from e
-
-    async def unmount_server(self, server_name: str) -> dict[str, str]:
-        """Unmount a specific MCP server."""
-        try:
-            if server_name == "test-echo":
-                log.info("Special handling for test-echo server unmount")
-                _ = await self.single_user_mcp.unmount_server(server_name)
-                return {"message": f"Server {server_name} unmounted successfully"}
-            _ = await self.single_user_mcp.unmount_server(server_name)
-            return {"message": f"Server {server_name} unmounted successfully"}
-        except HTTPException:
-            raise
-        except Exception as e:
-            raise self._handle_server_operation_error("unmount", server_name, e) from e
-
     async def get_sessions(self) -> dict[str, Any]:
         """Return recent MCP session summaries from local SQLite.