PyPI - open-edison - Versions diffs - 0.1.15__tar.gz → 0.1.17__tar.gz - Mend

open-edison 0.1.15tar.gz → 0.1.17tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

{open_edison-0.1.15 → open_edison-0.1.17}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: open-edison
-Version: 0.1.15
+Version: 0.1.17
 Summary: Open-source MCP security, aggregation, and monitoring. Single-user, self-hosted MCP proxy.
 Author-email: Hugo Berg <hugo@edison.watch>
 License-File: LICENSE
@@ -25,12 +25,38 @@ Requires-Dist: pytest>=8.3.3; extra == 'dev'
 Requires-Dist: ruff>=0.12.3; extra == 'dev'
 Description-Content-Type: text/markdown
-# Open Edison
+# OpenEdison
 Open-source MCP security gateway that prevents data exfiltration—via direct access or tool chaining—with full monitoring for local single‑user deployments. Provides core functionality of <https://edison.watch> for local, single-user use.
+Just want to run it?
+```bash
+# Installs uv (via Astral installer) and launches open-edison with uvx.
+# Note: This does NOT install Node/npx. Install Node if you plan to use npx-based tools like mcp-remote.
+curl -fsSL https://raw.githubusercontent.com/Edison-Watch/open-edison/main/curl_pipe_bash.sh | bash
+```
 Run locally with uvx: `uvx open-edison --config-dir ~/edison-config`
+If you need `npx` (for Node-based MCP tools like `mcp-remote`), install Node.js as well:
+- macOS:
+  - uv: `curl -fsSL https://astral.sh/uv/install.sh | sh`
+  - Node/npx: `brew install node`
+- Linux (Debian/Ubuntu):
+  - uv: `curl -fsSL https://astral.sh/uv/install.sh | sh`
+  - Node/npx: `sudo apt-get update && sudo apt-get install -y nodejs npm`
+- Windows (PowerShell):
+  - uv: `powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"`
+  - Node/npx: `winget install -e --id OpenJS.NodeJS`
+After installation, ensure that `npx` is available on PATH.
+<div align="center">
+  <h2>📧 Interested in connecting AI to your business software with proper access controls? <a href="mailto:hello@edison.watch">Contact us</a> to discuss.</h2>
+</div>
 ## Features
 - **Single-user MCP proxy** - No multi-user complexity, just a simple proxy for your MCP servers
@@ -65,6 +91,25 @@ open-edison run --config-dir ~/edison-config
 OPEN_EDISON_CONFIG_DIR=~/edison-config open-edison run
 ```
+### Run with Docker
+There is a dockerfile for simple local setup.
+```bash
+# Single-line:
+git clone https://github.com/GatlingX/open-edison.git && cd open-edison && make docker_run
+# Or
+# Clone repo
+git clone https://github.com/GatlingX/open-edison.git
+# Enter repo
+cd open-edison
+# Build and run
+make docker_run
+```
+The MCP server will be available at `http://localhost:3000` and the api + frontend at `http://localhost:3001`.
 ### Run from source
 1. Clone the repository:
@@ -74,33 +119,26 @@ git clone https://github.com/GatlingX/open-edison.git
 cd open-edison
 ```
-2. Set up the project:
+1. Set up the project:
 ```bash
 make setup
 ```
-3. Edit `config.json` to configure your MCP servers:
+1. Edit `config.json` to configure your MCP servers. See the full file: [config.json](config.json), it looks like:
 ```json
 {
-  "server": {
-    "host": "localhost",
-    "port": 3000,
-    "api_key": "your-secure-api-key"
-  },
+  "server": { "host": "0.0.0.0", "port": 3000, "api_key": "..." },
+  "logging": { "level": "INFO", "database_path": "sessions.db" },
   "mcp_servers": [
-    {
-      "name": "filesystem",
-      "command": "uvx",
-      "args": ["mcp-server-filesystem", "/path/to/directory"],
-      "enabled": true
-    }
+    { "name": "filesystem", "command": "uvx", "args": ["mcp-server-filesystem", "/tmp"], "enabled": true },
+    { "name": "github", "enabled": false, "env": { "GITHUB_PERSONAL_ACCESS_TOKEN": "..." } }
   ]
 }
 ```
-4. Run the server:
+1. Run the server:
 ```bash
 make run
@@ -110,18 +148,9 @@ open-edison run
 The server will be available at `http://localhost:3000`.
-### Run with Docker
-```bash
-# After cloning the repo
-make docker_run
-```
-The MCP server will be available at `http://localhost:3000` and the api + frontend at `http://localhost:3001`.
 ## MCP Connection
-Connect any MCP client to Open Edison:
+Connect any MCP client to Open Edison (requires Node.js/npm for `npx`):
 ```bash
 npx -y mcp-remote http://localhost:3000/mcp/ --http-only --header "Authorization: Bearer your-api-key"
@@ -144,64 +173,28 @@ Or add to your MCP client config:
 ### API Endpoints
-Api is on port 3001 (or configured MCP server port + 1).
-- `GET /health` - Health check
-- `GET /mcp/status` - Get status of configured MCP servers
-- `POST /mcp/{server_name}/start` - Start a specific MCP server
-- `POST /mcp/{server_name}/stop` - Stop a specific MCP server
-- `POST /mcp/call` - Proxy MCP calls to running servers
-- `GET /sessions` - Get session logs (coming soon)
-All endpoints except `/health` require the `Authorization: Bearer <api_key>` header.
+See [API Reference](docs/quick-reference/api_reference.md) for full API documentation.
 ## Development
-```bash
-# Install dependencies
-make sync
+### Setup
-# Run with auto-reload
-make dev
+Setup from source as above.
-# Run tests
-make test
+### Run
-# Lint code
-make lint
-# Format code
-make format
-```
-### Website (Sessions Dashboard)
-A minimal React + Vite frontend is included at `open-edison/frontend/`.
-Run it with a single command from the repo root or via the CLI:
+Server doesn't have any auto-reload at the moment, so you'll need to run & ctrl-c this during development.
 ```bash
-make website
-# or
-open-edison website
+make run
 ```
-This will install frontend deps (first run) and start the dev server. Open the URL shown (typically `http://localhost:5173` or `5174`).
+### Tests/code quality
-Notes:
-- The dashboard reads session data directly from the SQLite database `edison.db` in the repo root via sql.js.
-- The Configs tab provides JSON editors (with syntax highlighting) for `config.json`, `tool_permissions.json`, `resource_permissions.json`, and `prompt_permissions.json`.
-- You can Save changes directly while the dev server is running; writes are constrained to the project root.
-## Docker
+We expect `make ci` to return cleanly.
 ```bash
-# Build Docker image
-make docker_build
-# Run in Docker
-make docker_run
+make ci
 ```
 ## Configuration
@@ -230,80 +223,48 @@ Open Edison includes a comprehensive security monitoring system that tracks the
 2. **Untrusted content exposure** - Exposure to external/web content
 3. **External communication** - Ability to write/send data externally
-The system monitors these risks across **tools**, **resources**, and **prompts** using separate configuration files.
+The configuration allows you to classify these risks across **tools**, **resources**, and **prompts** using separate configuration files.
+In addition to trifecta, we track Access Control Level (ACL) for each tool call,
+that is, each tool has an ACL level (one of PUBLIC, PRIVATE, or SECRET), and we track the highest ACL level for each session.
+If a write operation is attempted to a lower ACL level, it is blocked.
 ### Tool Permissions (`tool_permissions.json`)
-Defines security classifications for MCP tools. Each tool is classified with three boolean flags:
+Defines security classifications for MCP tools. See full file: [tool_permissions.json](tool_permissions.json), it looks like:
 ```json
 {
-  "filesystem_read_file": {
-    "write_operation": false,
-    "read_private_data": true,
-    "read_untrusted_public_data": false
+  "_metadata": { "last_updated": "2025-08-07" },
+  "builtin": {
+    "get_security_status": { "enabled": true, "write_operation": false, "read_private_data": false, "read_untrusted_public_data": false, "acl": "PUBLIC" }
   },
-  "sqlite_create_record": {
-    "write_operation": true,
-    "read_private_data": true,
-    "read_untrusted_public_data": false
+  "filesystem": {
+    "read_file": { "enabled": true, "write_operation": false, "read_private_data": true, "read_untrusted_public_data": false, "acl": "PRIVATE" },
+    "write_file": { "enabled": true, "write_operation": true, "read_private_data": true, "read_untrusted_public_data": false, "acl": "PRIVATE" }
   }
 }
 ```
 ### Resource Permissions (`resource_permissions.json`)
-Defines security classifications for resource access patterns. Currently empty - add classifications as needed:
+Defines security classifications for resource access patterns. See full file: [resource_permissions.json](resource_permissions.json), it looks like:
 ```json
 {
-  "_metadata": {
-    "description": "Resource security classifications for Open Edison data access tracker",
-    "last_updated": "2025-08-07"
-  },
-  "file:*": {
-    "write_operation": false,
-    "read_private_data": true,
-    "read_untrusted_public_data": false
-  },
-  "http:*": {
-    "write_operation": false,
-    "read_private_data": false,
-    "read_untrusted_public_data": true
-  },
-  "database:*": {
-    "write_operation": false,
-    "read_private_data": true,
-    "read_untrusted_public_data": false
-  }
+  "_metadata": { "last_updated": "2025-08-07" },
+  "builtin": { "config://app": { "enabled": true, "write_operation": false, "read_private_data": false, "read_untrusted_public_data": false } }
 }
 ```
 ### Prompt Permissions (`prompt_permissions.json`)
-Defines security classifications for prompt types. Currently empty - add classifications as needed:
+Defines security classifications for prompt types. See full file: [prompt_permissions.json](prompt_permissions.json), it looks like:
 ```json
 {
-  "_metadata": {
-    "description": "Prompt security classifications for Open Edison data access tracker",
-    "last_updated": "2025-08-07"
-  },
-  "system": {
-    "write_operation": false,
-    "read_private_data": false,
-    "read_untrusted_public_data": false
-  },
-  "external_prompt": {
-    "write_operation": false,
-    "read_private_data": false,
-    "read_untrusted_public_data": true
-  },
-  "prompt:file:*": {
-    "write_operation": false,
-    "read_private_data": true,
-    "read_untrusted_public_data": false
-  }
+  "_metadata": { "last_updated": "2025-08-07" },
+  "builtin": { "summarize_text": { "enabled": true, "write_operation": false, "read_private_data": false, "read_untrusted_public_data": false } }
 }
 ```

{open_edison-0.1.15 → open_edison-0.1.17}/README.md RENAMED Viewed

@@ -1,9 +1,35 @@
-# Open Edison
+# OpenEdison
 Open-source MCP security gateway that prevents data exfiltration—via direct access or tool chaining—with full monitoring for local single‑user deployments. Provides core functionality of <https://edison.watch> for local, single-user use.
+Just want to run it?
+```bash
+# Installs uv (via Astral installer) and launches open-edison with uvx.
+# Note: This does NOT install Node/npx. Install Node if you plan to use npx-based tools like mcp-remote.
+curl -fsSL https://raw.githubusercontent.com/Edison-Watch/open-edison/main/curl_pipe_bash.sh | bash
+```
 Run locally with uvx: `uvx open-edison --config-dir ~/edison-config`
+If you need `npx` (for Node-based MCP tools like `mcp-remote`), install Node.js as well:
+- macOS:
+  - uv: `curl -fsSL https://astral.sh/uv/install.sh | sh`
+  - Node/npx: `brew install node`
+- Linux (Debian/Ubuntu):
+  - uv: `curl -fsSL https://astral.sh/uv/install.sh | sh`
+  - Node/npx: `sudo apt-get update && sudo apt-get install -y nodejs npm`
+- Windows (PowerShell):
+  - uv: `powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"`
+  - Node/npx: `winget install -e --id OpenJS.NodeJS`
+After installation, ensure that `npx` is available on PATH.
+<div align="center">
+  <h2>📧 Interested in connecting AI to your business software with proper access controls? <a href="mailto:hello@edison.watch">Contact us</a> to discuss.</h2>
+</div>
 ## Features
 - **Single-user MCP proxy** - No multi-user complexity, just a simple proxy for your MCP servers
@@ -38,6 +64,25 @@ open-edison run --config-dir ~/edison-config
 OPEN_EDISON_CONFIG_DIR=~/edison-config open-edison run
 ```
+### Run with Docker
+There is a dockerfile for simple local setup.
+```bash
+# Single-line:
+git clone https://github.com/GatlingX/open-edison.git && cd open-edison && make docker_run
+# Or
+# Clone repo
+git clone https://github.com/GatlingX/open-edison.git
+# Enter repo
+cd open-edison
+# Build and run
+make docker_run
+```
+The MCP server will be available at `http://localhost:3000` and the api + frontend at `http://localhost:3001`.
 ### Run from source
 1. Clone the repository:
@@ -47,33 +92,26 @@ git clone https://github.com/GatlingX/open-edison.git
 cd open-edison
 ```
-2. Set up the project:
+1. Set up the project:
 ```bash
 make setup
 ```
-3. Edit `config.json` to configure your MCP servers:
+1. Edit `config.json` to configure your MCP servers. See the full file: [config.json](config.json), it looks like:
 ```json
 {
-  "server": {
-    "host": "localhost",
-    "port": 3000,
-    "api_key": "your-secure-api-key"
-  },
+  "server": { "host": "0.0.0.0", "port": 3000, "api_key": "..." },
+  "logging": { "level": "INFO", "database_path": "sessions.db" },
   "mcp_servers": [
-    {
-      "name": "filesystem",
-      "command": "uvx",
-      "args": ["mcp-server-filesystem", "/path/to/directory"],
-      "enabled": true
-    }
+    { "name": "filesystem", "command": "uvx", "args": ["mcp-server-filesystem", "/tmp"], "enabled": true },
+    { "name": "github", "enabled": false, "env": { "GITHUB_PERSONAL_ACCESS_TOKEN": "..." } }
   ]
 }
 ```
-4. Run the server:
+1. Run the server:
 ```bash
 make run
@@ -83,18 +121,9 @@ open-edison run
 The server will be available at `http://localhost:3000`.
-### Run with Docker
-```bash
-# After cloning the repo
-make docker_run
-```
-The MCP server will be available at `http://localhost:3000` and the api + frontend at `http://localhost:3001`.
 ## MCP Connection
-Connect any MCP client to Open Edison:
+Connect any MCP client to Open Edison (requires Node.js/npm for `npx`):
 ```bash
 npx -y mcp-remote http://localhost:3000/mcp/ --http-only --header "Authorization: Bearer your-api-key"
@@ -117,64 +146,28 @@ Or add to your MCP client config:
 ### API Endpoints
-Api is on port 3001 (or configured MCP server port + 1).
-- `GET /health` - Health check
-- `GET /mcp/status` - Get status of configured MCP servers
-- `POST /mcp/{server_name}/start` - Start a specific MCP server
-- `POST /mcp/{server_name}/stop` - Stop a specific MCP server
-- `POST /mcp/call` - Proxy MCP calls to running servers
-- `GET /sessions` - Get session logs (coming soon)
-All endpoints except `/health` require the `Authorization: Bearer <api_key>` header.
+See [API Reference](docs/quick-reference/api_reference.md) for full API documentation.
 ## Development
-```bash
-# Install dependencies
-make sync
+### Setup
-# Run with auto-reload
-make dev
+Setup from source as above.
-# Run tests
-make test
+### Run
-# Lint code
-make lint
-# Format code
-make format
-```
-### Website (Sessions Dashboard)
-A minimal React + Vite frontend is included at `open-edison/frontend/`.
-Run it with a single command from the repo root or via the CLI:
+Server doesn't have any auto-reload at the moment, so you'll need to run & ctrl-c this during development.
 ```bash
-make website
-# or
-open-edison website
+make run
 ```
-This will install frontend deps (first run) and start the dev server. Open the URL shown (typically `http://localhost:5173` or `5174`).
+### Tests/code quality
-Notes:
-- The dashboard reads session data directly from the SQLite database `edison.db` in the repo root via sql.js.
-- The Configs tab provides JSON editors (with syntax highlighting) for `config.json`, `tool_permissions.json`, `resource_permissions.json`, and `prompt_permissions.json`.
-- You can Save changes directly while the dev server is running; writes are constrained to the project root.
-## Docker
+We expect `make ci` to return cleanly.
 ```bash
-# Build Docker image
-make docker_build
-# Run in Docker
-make docker_run
+make ci
 ```
 ## Configuration
@@ -203,80 +196,48 @@ Open Edison includes a comprehensive security monitoring system that tracks the
 2. **Untrusted content exposure** - Exposure to external/web content
 3. **External communication** - Ability to write/send data externally
-The system monitors these risks across **tools**, **resources**, and **prompts** using separate configuration files.
+The configuration allows you to classify these risks across **tools**, **resources**, and **prompts** using separate configuration files.
+In addition to trifecta, we track Access Control Level (ACL) for each tool call,
+that is, each tool has an ACL level (one of PUBLIC, PRIVATE, or SECRET), and we track the highest ACL level for each session.
+If a write operation is attempted to a lower ACL level, it is blocked.
 ### Tool Permissions (`tool_permissions.json`)
-Defines security classifications for MCP tools. Each tool is classified with three boolean flags:
+Defines security classifications for MCP tools. See full file: [tool_permissions.json](tool_permissions.json), it looks like:
 ```json
 {
-  "filesystem_read_file": {
-    "write_operation": false,
-    "read_private_data": true,
-    "read_untrusted_public_data": false
+  "_metadata": { "last_updated": "2025-08-07" },
+  "builtin": {
+    "get_security_status": { "enabled": true, "write_operation": false, "read_private_data": false, "read_untrusted_public_data": false, "acl": "PUBLIC" }
   },
-  "sqlite_create_record": {
-    "write_operation": true,
-    "read_private_data": true,
-    "read_untrusted_public_data": false
+  "filesystem": {
+    "read_file": { "enabled": true, "write_operation": false, "read_private_data": true, "read_untrusted_public_data": false, "acl": "PRIVATE" },
+    "write_file": { "enabled": true, "write_operation": true, "read_private_data": true, "read_untrusted_public_data": false, "acl": "PRIVATE" }
   }
 }
 ```
 ### Resource Permissions (`resource_permissions.json`)
-Defines security classifications for resource access patterns. Currently empty - add classifications as needed:
+Defines security classifications for resource access patterns. See full file: [resource_permissions.json](resource_permissions.json), it looks like:
 ```json
 {
-  "_metadata": {
-    "description": "Resource security classifications for Open Edison data access tracker",
-    "last_updated": "2025-08-07"
-  },
-  "file:*": {
-    "write_operation": false,
-    "read_private_data": true,
-    "read_untrusted_public_data": false
-  },
-  "http:*": {
-    "write_operation": false,
-    "read_private_data": false,
-    "read_untrusted_public_data": true
-  },
-  "database:*": {
-    "write_operation": false,
-    "read_private_data": true,
-    "read_untrusted_public_data": false
-  }
+  "_metadata": { "last_updated": "2025-08-07" },
+  "builtin": { "config://app": { "enabled": true, "write_operation": false, "read_private_data": false, "read_untrusted_public_data": false } }
 }
 ```
 ### Prompt Permissions (`prompt_permissions.json`)
-Defines security classifications for prompt types. Currently empty - add classifications as needed:
+Defines security classifications for prompt types. See full file: [prompt_permissions.json](prompt_permissions.json), it looks like:
 ```json
 {
-  "_metadata": {
-    "description": "Prompt security classifications for Open Edison data access tracker",
-    "last_updated": "2025-08-07"
-  },
-  "system": {
-    "write_operation": false,
-    "read_private_data": false,
-    "read_untrusted_public_data": false
-  },
-  "external_prompt": {
-    "write_operation": false,
-    "read_private_data": false,
-    "read_untrusted_public_data": true
-  },
-  "prompt:file:*": {
-    "write_operation": false,
-    "read_private_data": true,
-    "read_untrusted_public_data": false
-  }
+  "_metadata": { "last_updated": "2025-08-07" },
+  "builtin": { "summarize_text": { "enabled": true, "write_operation": false, "read_private_data": false, "read_untrusted_public_data": false } }
 }
 ```

{open_edison-0.1.15 → open_edison-0.1.17}/config.json RENAMED Viewed

@@ -2,7 +2,7 @@
     "server": {
         "host": "0.0.0.0",
         "port": 3000,
-        "api_key": "dev-api-key-change-me"
+        "api_key": "dev-api-key-change-me-2"
     },
     "logging": {
         "level": "INFO",

{open_edison-0.1.15 → open_edison-0.1.17}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "open-edison"
-version = "0.1.15"
+version = "0.1.17"
 description = "Open-source MCP security, aggregation, and monitoring. Single-user, self-hosted MCP proxy."
 readme = "README.md"
 authors = [
@@ -39,6 +39,7 @@ dev-dependencies = [
     "ruff>=0.12.3",
     "pytest>=8.3.3",
     "pytest-asyncio>=1.0.0",
+    "vulture>=2.11",
     "twine>=5.1.1",
 ]
@@ -76,11 +77,9 @@ include = [
   "prompt_permissions.json",
   "src/**",
   "docs/**",
-]
-exclude = [
+  # Ensure packaged dashboard assets are present when building from sdist
   "src/frontend_dist/**",
 ]
-force-include = { "src/frontend_dist" = "src/frontend_dist" }
 [tool.ruff]
 line-length = 100
@@ -112,3 +111,6 @@ reportMissingTypeStubs = true
 reportUnusedFunction = false  # Disable unused function warnings since we have many dynamically registered functions
 venvPath = ".venv"
 extraPaths = ["src"]
+[tool.vulture]
+exclude = ["tests", "src/frontend_dist"]

{open_edison-0.1.15 → open_edison-0.1.17}/src/middleware/session_tracking.py RENAMED Viewed

@@ -102,7 +102,7 @@ def create_db_session() -> Generator[Session, None, None]:
     # Ensure changes are flushed to the main database file (avoid WAL for sql.js compatibility)
     @event.listens_for(engine, "connect")
-    def _set_sqlite_pragmas(dbapi_connection, connection_record):  # type: ignore[no-untyped-def]
+    def _set_sqlite_pragmas(dbapi_connection, connection_record):  # type: ignore[no-untyped-def] # noqa
         cur = dbapi_connection.cursor()  # type: ignore[attr-defined]
         try:
             cur.execute("PRAGMA journal_mode=DELETE")  # type: ignore[attr-defined]
@@ -296,7 +296,7 @@ class SessionTrackingMiddleware(Middleware):
         assert session.data_access_tracker is not None
         log.debug(f"🔍 Analyzing tool {context.message.name} for security implications")
-        _ = session.data_access_tracker.add_tool_call(context.message.name)
+        session.data_access_tracker.add_tool_call(context.message.name)
         # Telemetry: record tool call
         record_tool_call(context.message.name)

open-edison 0.1.15__tar.gz → 0.1.17__tar.gz

open-edison 0.1.15tar.gz → 0.1.17tar.gz