open-edison 0.1.16__tar.gz → 0.1.19__tar.gz

{open_edison-0.1.16 → open_edison-0.1.19}/.gitignore

@@ -215,4 +215,5 @@ test.db
 src/frontend_dist/
 frontend_dist/
 frontend/node_modules/
-frontend/package-lock.json
+frontend/package-lock.json
+.vscode

{open_edison-0.1.16 → open_edison-0.1.19}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: open-edison
-Version: 0.1.16
+Version: 0.1.19
 Summary: Open-source MCP security, aggregation, and monitoring. Single-user, self-hosted MCP proxy.
 Author-email: Hugo Berg <hugo@edison.watch>
 License-File: LICENSE
@@ -27,15 +27,7 @@ Description-Content-Type: text/markdown
 
 # OpenEdison
 
-Open-source MCP security gateway that prevents data exfiltration—via direct access or tool chaining—with full monitoring for local single‑user deployments. Provides core functionality of <https://edison.watch> for local, single-user use.
-
-Just want to run it?
-
-```bash
-curl -fsSL https://raw.githubusercontent.com/Edison-Watch/open-edison/main/curl_pipe_bash.sh | bash
-```
-
-Run locally with uvx: `uvx open-edison --config-dir ~/edison-config`
+Open-source single-user MCP security gateway that prevents data exfiltration—via direct access or tool chaining—with full monitoring for local single‑user deployments. Provides core functionality of <https://edison.watch> for local use.
 
 <div align="center">
   <h2>📧 Interested in connecting AI to your business software with proper access controls? <a href="mailto:hello@edison.watch">Contact us</a> to discuss.</h2>
@@ -52,7 +44,40 @@ Run locally with uvx: `uvx open-edison --config-dir ~/edison-config`
 
 ## Quick Start
 
-### Install from PyPI
+The fastest way to get started:
+
+```bash
+# Installs uv (via Astral installer) and launches open-edison with uvx.
+# Note: This does NOT install Node/npx. Install Node if you plan to use npx-based tools like mcp-remote.
+curl -fsSL https://raw.githubusercontent.com/Edison-Watch/open-edison/main/curl_pipe_bash.sh | bash
+```
+
+Run locally with uvx: `uvx open-edison --config-dir ~/edison-config`
+
+<details>
+<summary>Install Node.js/npm (optional for MCP tools)</summary>
+
+If you need `npx` (for Node-based MCP tools like `mcp-remote`), install Node.js as well:
+
+![macOS](https://img.shields.io/badge/mac%20os-000000?style=for-the-badge&logo=apple&logoColor=white)
+
+- uv: `curl -fsSL https://astral.sh/uv/install.sh | sh`
+- Node/npx: `brew install node`
+
+![Linux](https://img.shields.io/badge/Linux-FCC624?style=for-the-badge&logo=linux&logoColor=black)
+
+- uv: `curl -fsSL https://astral.sh/uv/install.sh | sh`
+- Node/npx: `sudo apt-get update && sudo apt-get install -y nodejs npm`
+
+![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)
+
+- uv: `powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"`
+- Node/npx: `winget install -e --id OpenJS.NodeJS`
+
+After installation, ensure that `npx` is available on PATH.
+
+<details>
+<summary><img src="https://img.shields.io/badge/pypi-3775A9?style=for-the-badge&logo=pypi&logoColor=white" alt="PyPI"> Install from PyPI</summary>
 
 #### Prerequisites
 
@@ -75,7 +100,10 @@ open-edison run --config-dir ~/edison-config
 OPEN_EDISON_CONFIG_DIR=~/edison-config open-edison run
 ```
 
-### Run with Docker
+</details>
+
+<details>
+<summary><img src="https://img.shields.io/badge/Docker-2CA5E0?style=for-the-badge&logo=docker&logoColor=white" alt="Docker"> Run with Docker</summary>
 
 There is a dockerfile for simple local setup.
 
@@ -94,7 +122,10 @@ make docker_run
 
 The MCP server will be available at `http://localhost:3000` and the api + frontend at `http://localhost:3001`.
 
-### Run from source
+</details>
+
+<details>
+<summary>⚙️ Run from source</summary>
 
 1. Clone the repository:
 
@@ -116,7 +147,7 @@ make setup
   "server": { "host": "0.0.0.0", "port": 3000, "api_key": "..." },
   "logging": { "level": "INFO", "database_path": "sessions.db" },
   "mcp_servers": [
-    { "name": "filesystem", "command": "npx", "args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"], "enabled": true },
+    { "name": "filesystem", "command": "uvx", "args": ["mcp-server-filesystem", "/tmp"], "enabled": true },
     { "name": "github", "enabled": false, "env": { "GITHUB_PERSONAL_ACCESS_TOKEN": "..." } }
   ]
 }
@@ -132,9 +163,12 @@ open-edison run
 
 The server will be available at `http://localhost:3000`.
 
-## MCP Connection
+</details>
 
-Connect any MCP client to Open Edison:
+<details>
+<summary>MCP Connection</summary>
+
+Connect any MCP client to Open Edison (requires Node.js/npm for `npx`):
 
 ```bash
 npx -y mcp-remote http://localhost:3000/mcp/ --http-only --header "Authorization: Bearer your-api-key"
@@ -153,13 +187,17 @@ Or add to your MCP client config:
 }
 ```
 
-## Usage
+</details>
+
+<details>
+<summary>Usage</summary>
 
 ### API Endpoints
 
 See [API Reference](docs/quick-reference/api_reference.md) for full API documentation.
 
-## Development
+<details>
+<summary>Development</summary>
 
 ### Setup
 
@@ -181,6 +219,11 @@ We expect `make ci` to return cleanly.
 make ci
 ```
 
+</details>
+
+<details>
+<summary>⚙️ Configuration (config.json)</summary>
+
 ## Configuration
 
 The `config.json` file contains all configuration:
@@ -199,14 +242,23 @@ Each MCP server configuration includes:
 - `env` - Environment variables (optional)
 - `enabled` - Whether to auto-start this server
 
-## Security & Permissions System
+</details>
+
+</details>
 
-Open Edison includes a comprehensive security monitoring system that tracks the "lethal trifecta" of AI agent risks:
+<details>
+<summary>Security & Permissions System</summary>
+
+Open Edison includes a comprehensive security monitoring system that tracks the "lethal trifecta" of AI agent risks, as described in [Simon Willison's blog post](https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/):
+
+<img src="media/lethal-trifecta.png" alt="The lethal trifecta diagram showing the three key AI agent security risks" width="30%">
 
 1. **Private data access** - Access to sensitive local files/data
 2. **Untrusted content exposure** - Exposure to external/web content  
 3. **External communication** - Ability to write/send data externally
 
+<img src="media/pam-diagram.png" alt="Privileged Access Management (PAM) example showing the lethal trifecta in action" width="60%">
+
 The configuration allows you to classify these risks across **tools**, **resources**, and **prompts** using separate configuration files.
 
 In addition to trifecta, we track Access Control Level (ACL) for each tool call,
@@ -230,6 +282,9 @@ Defines security classifications for MCP tools. See full file: [tool_permissions
 }
 ```
 
+<details>
+<summary>Resource Permissions (`resource_permissions.json`)</summary>
+
 ### Resource Permissions (`resource_permissions.json`)
 
 Defines security classifications for resource access patterns. See full file: [resource_permissions.json](resource_permissions.json), it looks like:
@@ -241,6 +296,11 @@ Defines security classifications for resource access patterns. See full file: [r
 }
 ```
 
+</details>
+
+<details>
+<summary>Prompt Permissions (`prompt_permissions.json`)</summary>
+
 ### Prompt Permissions (`prompt_permissions.json`)
 
 Defines security classifications for prompt types. See full file: [prompt_permissions.json](prompt_permissions.json), it looks like:
@@ -252,6 +312,8 @@ Defines security classifications for prompt types. See full file: [prompt_permis
 }
 ```
 
+</details>
+
 ### Wildcard Patterns
 
 All permission types support wildcard patterns:
@@ -266,7 +328,10 @@ All permission types support wildcard patterns:
 
 Use the `get_security_status` tool to monitor your session's current risk level and see which capabilities have been accessed. When the lethal trifecta is achieved (all three risk flags set), further potentially dangerous operations are blocked.
 
-## Documentation
+</details>
+
+<details>
+<summary>Documentation</summary>
 
 📚 **Complete documentation available in [`docs/`](docs/)**
 
@@ -275,6 +340,11 @@ Use the `get_security_status` tool to monitor your session's current risk level
 - **[API Reference](docs/quick-reference/api_reference.md)** - REST API documentation
 - **[Development Guide](docs/development/development_guide.md)** - Contributing and development
 
-## License
+</details>
+
+<details>
+<summary>License</summary>
 
 GPL-3.0 License - see [LICENSE](LICENSE) for details.
+
+</details>

{open_edison-0.1.16 → open_edison-0.1.19}/README.md

@@ -1,14 +1,6 @@
 # OpenEdison
 
-Open-source MCP security gateway that prevents data exfiltration—via direct access or tool chaining—with full monitoring for local single‑user deployments. Provides core functionality of <https://edison.watch> for local, single-user use.
-
-Just want to run it?
-
-```bash
-curl -fsSL https://raw.githubusercontent.com/Edison-Watch/open-edison/main/curl_pipe_bash.sh | bash
-```
-
-Run locally with uvx: `uvx open-edison --config-dir ~/edison-config`
+Open-source single-user MCP security gateway that prevents data exfiltration—via direct access or tool chaining—with full monitoring for local single‑user deployments. Provides core functionality of <https://edison.watch> for local use.
 
 <div align="center">
   <h2>📧 Interested in connecting AI to your business software with proper access controls? <a href="mailto:hello@edison.watch">Contact us</a> to discuss.</h2>
@@ -25,7 +17,40 @@ Run locally with uvx: `uvx open-edison --config-dir ~/edison-config`
 
 ## Quick Start
 
-### Install from PyPI
+The fastest way to get started:
+
+```bash
+# Installs uv (via Astral installer) and launches open-edison with uvx.
+# Note: This does NOT install Node/npx. Install Node if you plan to use npx-based tools like mcp-remote.
+curl -fsSL https://raw.githubusercontent.com/Edison-Watch/open-edison/main/curl_pipe_bash.sh | bash
+```
+
+Run locally with uvx: `uvx open-edison --config-dir ~/edison-config`
+
+<details>
+<summary>Install Node.js/npm (optional for MCP tools)</summary>
+
+If you need `npx` (for Node-based MCP tools like `mcp-remote`), install Node.js as well:
+
+![macOS](https://img.shields.io/badge/mac%20os-000000?style=for-the-badge&logo=apple&logoColor=white)
+
+- uv: `curl -fsSL https://astral.sh/uv/install.sh | sh`
+- Node/npx: `brew install node`
+
+![Linux](https://img.shields.io/badge/Linux-FCC624?style=for-the-badge&logo=linux&logoColor=black)
+
+- uv: `curl -fsSL https://astral.sh/uv/install.sh | sh`
+- Node/npx: `sudo apt-get update && sudo apt-get install -y nodejs npm`
+
+![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)
+
+- uv: `powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"`
+- Node/npx: `winget install -e --id OpenJS.NodeJS`
+
+After installation, ensure that `npx` is available on PATH.
+
+<details>
+<summary><img src="https://img.shields.io/badge/pypi-3775A9?style=for-the-badge&logo=pypi&logoColor=white" alt="PyPI"> Install from PyPI</summary>
 
 #### Prerequisites
 
@@ -48,7 +73,10 @@ open-edison run --config-dir ~/edison-config
 OPEN_EDISON_CONFIG_DIR=~/edison-config open-edison run
 ```
 
-### Run with Docker
+</details>
+
+<details>
+<summary><img src="https://img.shields.io/badge/Docker-2CA5E0?style=for-the-badge&logo=docker&logoColor=white" alt="Docker"> Run with Docker</summary>
 
 There is a dockerfile for simple local setup.
 
@@ -67,7 +95,10 @@ make docker_run
 
 The MCP server will be available at `http://localhost:3000` and the api + frontend at `http://localhost:3001`.
 
-### Run from source
+</details>
+
+<details>
+<summary>⚙️ Run from source</summary>
 
 1. Clone the repository:
 
@@ -89,7 +120,7 @@ make setup
   "server": { "host": "0.0.0.0", "port": 3000, "api_key": "..." },
   "logging": { "level": "INFO", "database_path": "sessions.db" },
   "mcp_servers": [
-    { "name": "filesystem", "command": "npx", "args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"], "enabled": true },
+    { "name": "filesystem", "command": "uvx", "args": ["mcp-server-filesystem", "/tmp"], "enabled": true },
     { "name": "github", "enabled": false, "env": { "GITHUB_PERSONAL_ACCESS_TOKEN": "..." } }
   ]
 }
@@ -105,9 +136,12 @@ open-edison run
 
 The server will be available at `http://localhost:3000`.
 
-## MCP Connection
+</details>
 
-Connect any MCP client to Open Edison:
+<details>
+<summary>MCP Connection</summary>
+
+Connect any MCP client to Open Edison (requires Node.js/npm for `npx`):
 
 ```bash
 npx -y mcp-remote http://localhost:3000/mcp/ --http-only --header "Authorization: Bearer your-api-key"
@@ -126,13 +160,17 @@ Or add to your MCP client config:
 }
 ```
 
-## Usage
+</details>
+
+<details>
+<summary>Usage</summary>
 
 ### API Endpoints
 
 See [API Reference](docs/quick-reference/api_reference.md) for full API documentation.
 
-## Development
+<details>
+<summary>Development</summary>
 
 ### Setup
 
@@ -154,6 +192,11 @@ We expect `make ci` to return cleanly.
 make ci
 ```
 
+</details>
+
+<details>
+<summary>⚙️ Configuration (config.json)</summary>
+
 ## Configuration
 
 The `config.json` file contains all configuration:
@@ -172,14 +215,23 @@ Each MCP server configuration includes:
 - `env` - Environment variables (optional)
 - `enabled` - Whether to auto-start this server
 
-## Security & Permissions System
+</details>
+
+</details>
 
-Open Edison includes a comprehensive security monitoring system that tracks the "lethal trifecta" of AI agent risks:
+<details>
+<summary>Security & Permissions System</summary>
+
+Open Edison includes a comprehensive security monitoring system that tracks the "lethal trifecta" of AI agent risks, as described in [Simon Willison's blog post](https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/):
+
+<img src="media/lethal-trifecta.png" alt="The lethal trifecta diagram showing the three key AI agent security risks" width="30%">
 
 1. **Private data access** - Access to sensitive local files/data
 2. **Untrusted content exposure** - Exposure to external/web content  
 3. **External communication** - Ability to write/send data externally
 
+<img src="media/pam-diagram.png" alt="Privileged Access Management (PAM) example showing the lethal trifecta in action" width="60%">
+
 The configuration allows you to classify these risks across **tools**, **resources**, and **prompts** using separate configuration files.
 
 In addition to trifecta, we track Access Control Level (ACL) for each tool call,
@@ -203,6 +255,9 @@ Defines security classifications for MCP tools. See full file: [tool_permissions
 }
 ```
 
+<details>
+<summary>Resource Permissions (`resource_permissions.json`)</summary>
+
 ### Resource Permissions (`resource_permissions.json`)
 
 Defines security classifications for resource access patterns. See full file: [resource_permissions.json](resource_permissions.json), it looks like:
@@ -214,6 +269,11 @@ Defines security classifications for resource access patterns. See full file: [r
 }
 ```
 
+</details>
+
+<details>
+<summary>Prompt Permissions (`prompt_permissions.json`)</summary>
+
 ### Prompt Permissions (`prompt_permissions.json`)
 
 Defines security classifications for prompt types. See full file: [prompt_permissions.json](prompt_permissions.json), it looks like:
@@ -225,6 +285,8 @@ Defines security classifications for prompt types. See full file: [prompt_permis
 }
 ```
 
+</details>
+
 ### Wildcard Patterns
 
 All permission types support wildcard patterns:
@@ -239,7 +301,10 @@ All permission types support wildcard patterns:
 
 Use the `get_security_status` tool to monitor your session's current risk level and see which capabilities have been accessed. When the lethal trifecta is achieved (all three risk flags set), further potentially dangerous operations are blocked.
 
-## Documentation
+</details>
+
+<details>
+<summary>Documentation</summary>
 
 📚 **Complete documentation available in [`docs/`](docs/)**
 
@@ -248,6 +313,11 @@ Use the `get_security_status` tool to monitor your session's current risk level
 - **[API Reference](docs/quick-reference/api_reference.md)** - REST API documentation
 - **[Development Guide](docs/development/development_guide.md)** - Contributing and development
 
-## License
+</details>
+
+<details>
+<summary>License</summary>
 
 GPL-3.0 License - see [LICENSE](LICENSE) for details.
+
+</details>

{open_edison-0.1.16 → open_edison-0.1.19}/config.json

@@ -4,10 +4,12 @@
         "port": 3000,
         "api_key": "dev-api-key-change-me"
     },
+    "autoconfig_url": "https://api.edison.watch/api/config-perms",
     "logging": {
         "level": "INFO",
         "database_path": "sessions.db"
     },
+    "edison-watch-api-key": "change-me",
     "mcp_servers": [
         {
             "name": "filesystem",
@@ -90,6 +92,18 @@
             ],
             "env": {},
             "enabled": false
+        },
+        {
+            "name": "zapier",
+            "command": "npx",
+            "args": [
+                "-y",
+                "mcp-remote",
+                "https://mcp.zapier.com/api/mcp/s/{access_token}/mcp"
+            ],
+            "env": {},
+            "enabled": false,
+            "roots": []
         }
     ]
 }

{open_edison-0.1.16 → open_edison-0.1.19}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "open-edison"
-version = "0.1.16"
+version = "0.1.19"
 description = "Open-source MCP security, aggregation, and monitoring. Single-user, self-hosted MCP proxy."
 readme = "README.md"
 authors = [
@@ -34,11 +34,13 @@ build-backend = "hatchling.build"
 
 [tool.rye]
 managed = true
+python = "3.12"
 dev-dependencies = [
     "basedpyright>=1.21.0",
     "ruff>=0.12.3",
     "pytest>=8.3.3",
     "pytest-asyncio>=1.0.0",
+    "vulture>=2.11",
     "twine>=5.1.1",
 ]
 
@@ -76,11 +78,9 @@ include = [
   "prompt_permissions.json",
   "src/**",
   "docs/**",
-]
-exclude = [
+  # Ensure packaged dashboard assets are present when building from sdist
   "src/frontend_dist/**",
 ]
-force-include = { "src/frontend_dist" = "src/frontend_dist" }
 
 [tool.ruff]
 line-length = 100
@@ -112,3 +112,6 @@ reportMissingTypeStubs = true
 reportUnusedFunction = false  # Disable unused function warnings since we have many dynamically registered functions
 venvPath = ".venv"
 extraPaths = ["src"]
+
+[tool.vulture]
+exclude = ["tests", "src/frontend_dist"]

{open_edison-0.1.16 → open_edison-0.1.19}/src/middleware/data_access_tracker.py

@@ -171,6 +171,12 @@ def _load_tool_permissions_cached() -> dict[str, dict[str, Any]]:
         return {}
 
 
+def clear_tool_permissions_cache() -> None:
+    """Clear the tool permissions cache to force reload from file."""
+    _load_tool_permissions_cached.cache_clear()
+    log.info("Tool permissions cache cleared")
+
+
 @cache
 def _load_resource_permissions_cached() -> dict[str, dict[str, Any]]:
     """Load resource permissions from JSON configuration file with LRU caching."""
@@ -186,6 +192,12 @@ def _load_resource_permissions_cached() -> dict[str, dict[str, Any]]:
         return {}
 
 
+def clear_resource_permissions_cache() -> None:
+    """Clear the resource permissions cache to force reload from file."""
+    _load_resource_permissions_cached.cache_clear()
+    log.info("Resource permissions cache cleared")
+
+
 @cache
 def _load_prompt_permissions_cached() -> dict[str, dict[str, Any]]:
     """Load prompt permissions from JSON configuration file with LRU caching."""
@@ -201,6 +213,20 @@ def _load_prompt_permissions_cached() -> dict[str, dict[str, Any]]:
         return {}
 
 
+def clear_prompt_permissions_cache() -> None:
+    """Clear the prompt permissions cache to force reload from file."""
+    _load_prompt_permissions_cached.cache_clear()
+    log.info("Prompt permissions cache cleared")
+
+
+def clear_all_permissions_caches() -> None:
+    """Clear all permission caches to force reload from files."""
+    clear_tool_permissions_cache()
+    clear_resource_permissions_cache()
+    clear_prompt_permissions_cache()
+    log.info("All permission caches cleared")
+
+
 @cache
 def _classify_tool_permissions_cached(tool_name: str) -> dict[str, Any]:
     """Classify tool permissions with LRU caching."""
@@ -351,6 +377,10 @@ class DataAccessTracker:
         """Load prompt permissions from JSON configuration file with caching."""
         return _load_prompt_permissions_cached()
 
+    def clear_caches(self) -> None:
+        """Clear all permission caches to force reload from configuration files."""
+        clear_all_permissions_caches()
+
     def _classify_by_tool_name(self, tool_name: str) -> dict[str, Any]:
         """Classify permissions based on external JSON configuration only."""
         return _classify_tool_permissions_cached(tool_name)
@@ -606,6 +636,5 @@ class SecurityError(Exception):
  ████ ████ ████ ████ ████ ████
  ██ ████ ████ ████ ████ ████ █
  ████ ████ ████ ████ ████ ████
-        {message}
-        """
+"""
         super().__init__(message)

{open_edison-0.1.16 → open_edison-0.1.19}/src/middleware/session_tracking.py

@@ -102,7 +102,7 @@ def create_db_session() -> Generator[Session, None, None]:
 
     # Ensure changes are flushed to the main database file (avoid WAL for sql.js compatibility)
     @event.listens_for(engine, "connect")
-    def _set_sqlite_pragmas(dbapi_connection, connection_record):  # type: ignore[no-untyped-def]
+    def _set_sqlite_pragmas(dbapi_connection, connection_record):  # type: ignore[no-untyped-def] # noqa
         cur = dbapi_connection.cursor()  # type: ignore[attr-defined]
         try:
             cur.execute("PRAGMA journal_mode=DELETE")  # type: ignore[attr-defined]