open-edison 0.1.19__py3-none-any.whl → 0.1.29__py3-none-any.whl

{open_edison-0.1.19.dist-info → open_edison-0.1.29.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: open-edison
-Version: 0.1.19
+Version: 0.1.29
 Summary: Open-source MCP security, aggregation, and monitoring. Single-user, self-hosted MCP proxy.
 Author-email: Hugo Berg <hugo@edison.watch>
 License-File: LICENSE
@@ -25,24 +25,45 @@ Requires-Dist: pytest>=8.3.3; extra == 'dev'
 Requires-Dist: ruff>=0.12.3; extra == 'dev'
 Description-Content-Type: text/markdown
 
-# OpenEdison
+# OpenEdison 🔒⚡️
 
-Open-source single-user MCP security gateway that prevents data exfiltration—via direct access or tool chaining—with full monitoring for local single‑user deployments. Provides core functionality of <https://edison.watch> for local use.
+> The secure MCP proxy gateway
+
+Connect AI to your data/software securely without risk of data exfiltration. Gain visibility, block threats, and get alerts on the data your agent is reading/writing. No more "approve fatigue" with the MCP tool-call approvals.
+
+OpenEdison solves the [lethal trifecta problem](https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/), which can cause agent hijacking & data exfiltration by malicious actors.
+
+<p align="center">
+  <img src="media/trifecta520p.gif" alt="Trifecta Security Risk Animation" width="520">
+</p>
 
 <div align="center">
-  <h2>📧 Interested in connecting AI to your business software with proper access controls? <a href="mailto:hello@edison.watch">Contact us</a> to discuss.</h2>
+  <h2>📧 To get visibility, control and exfiltration blocker into AI's interaction with your company software, systems of record, DBs, <a href="mailto:hello@edison.watch">Contact us</a> to discuss.</h2>
 </div>
 
-## Features
+<p align="center">
+  <img alt="Project Version" src="https://img.shields.io/pypi/v/open-edison?label=version&color=blue">
+  <img alt="Python Version" src="https://img.shields.io/badge/python-3.12-blue?logo=python">
+  <img src="https://img.shields.io/badge/License-GPLv3-blue" alt="License">
+
+</p>
+
+---
+
+## Features ✨
+
+- 🛑 **Data leak blocker** - Edison automatically blocks any data leaks, even if your AI gets jailbroken
+- 🕰️ **Deterministic execution** - Deterministic execution. Guaranteed data exfiltration blocker.
+- 🗂️ **Easily configurable** - Easy to configure and manage your MCP servers
+- 📊 **Visibility into agent interactions** - Track and monitor your agents and their interactions with connected software/data via MCP calls
+- 🔗 **Simple API** - REST API for managing MCP servers and proxying requests
+- 🐳 **Docker support** - Run in a container for easy deployment
 
-- **Single-user MCP proxy** - No multi-user complexity, just a simple proxy for your MCP servers
-- **JSON configuration** - Easy to configure and manage your MCP servers
-- **Simple local frontend** - Track and monitor your MCP interactions, servers, and sessions.
-- **Session tracking** - Track and monitor your MCP interactions
-- **Simple API** - REST API for managing MCP servers and proxying requests
-- **Docker support** - Run in a container for easy deployment
+## About Edison.watch 🏢
 
-## Quick Start
+Edison helps you gain observability, control, and policy enforcement for all AI interactions with systems of records, existing company software and data. Prevent AI from causing data leakage, lightning-fast setup for cross-system governance.
+
+## Quick Start 🚀
 
 The fastest way to get started:
 
@@ -52,10 +73,10 @@ The fastest way to get started:
 curl -fsSL https://raw.githubusercontent.com/Edison-Watch/open-edison/main/curl_pipe_bash.sh | bash
 ```
 
-Run locally with uvx: `uvx open-edison --config-dir ~/edison-config`
+Run locally with uvx: `uvx open-edison`
 
 <details>
-<summary>Install Node.js/npm (optional for MCP tools)</summary>
+<summary>⬇️ Install Node.js/npm (optional for MCP tools)</summary>
 
 If you need `npx` (for Node-based MCP tools like `mcp-remote`), install Node.js as well:
 
@@ -75,6 +96,7 @@ If you need `npx` (for Node-based MCP tools like `mcp-remote`), install Node.js
 - Node/npx: `winget install -e --id OpenJS.NodeJS`
 
 After installation, ensure that `npx` is available on PATH.
+</details>
 
 <details>
 <summary><img src="https://img.shields.io/badge/pypi-3775A9?style=for-the-badge&logo=pypi&logoColor=white" alt="PyPI"> Install from PyPI</summary>
@@ -85,11 +107,11 @@ After installation, ensure that `npx` is available on PATH.
 
 ```bash
 # Using uvx
-uvx open-edison --help
+uvx open-edison
 
 # Using pipx
 pipx install open-edison
-open-edison --help
+open-edison
 ```
 
 Run with a custom config directory:
@@ -109,18 +131,18 @@ There is a dockerfile for simple local setup.
 
 ```bash
 # Single-line:
-git clone https://github.com/GatlingX/open-edison.git && cd open-edison && make docker_run
+git clone https://github.com/Edison-Watch/open-edison.git && cd open-edison && make docker_run
 
 # Or
 # Clone repo
-git clone https://github.com/GatlingX/open-edison.git
+git clone https://github.com/Edison-Watch/open-edison.git
 # Enter repo
 cd open-edison
 # Build and run
 make docker_run
 ```
 
-The MCP server will be available at `http://localhost:3000` and the api + frontend at `http://localhost:3001`.
+The MCP server will be available at `http://localhost:3000` and the api + frontend at `http://localhost:3001`. 🌐
 
 </details>
 
@@ -130,7 +152,7 @@ The MCP server will be available at `http://localhost:3000` and the api + fronte
 1. Clone the repository:
 
 ```bash
-git clone https://github.com/GatlingX/open-edison.git
+git clone https://github.com/Edison-Watch/open-edison.git
 cd open-edison
 ```
 
@@ -161,12 +183,12 @@ make run
 open-edison run
 ```
 
-The server will be available at `http://localhost:3000`.
+The server will be available at `http://localhost:3000`. 🌐
 
 </details>
 
 <details>
-<summary>MCP Connection</summary>
+<summary>🔌 MCP Connection</summary>
 
 Connect any MCP client to Open Edison (requires Node.js/npm for `npx`):
 
@@ -190,20 +212,20 @@ Or add to your MCP client config:
 </details>
 
 <details>
-<summary>Usage</summary>
+<summary>🧭 Usage</summary>
 
 ### API Endpoints
 
 See [API Reference](docs/quick-reference/api_reference.md) for full API documentation.
 
 <details>
-<summary>Development</summary>
+<summary>🛠️ Development</summary>
 
-### Setup
+### Setup 🧰
 
 Setup from source as above.
 
-### Run
+### Run ▶️
 
 Server doesn't have any auto-reload at the moment, so you'll need to run & ctrl-c this during development.
 
@@ -211,7 +233,7 @@ Server doesn't have any auto-reload at the moment, so you'll need to run & ctrl-
 make run
 ```
 
-### Tests/code quality
+### Tests/code quality ✅
 
 We expect `make ci` to return cleanly.
 
@@ -224,7 +246,7 @@ make ci
 <details>
 <summary>⚙️ Configuration (config.json)</summary>
 
-## Configuration
+## Configuration ⚙️
 
 The `config.json` file contains all configuration:
 
@@ -246,18 +268,20 @@ Each MCP server configuration includes:
 
 </details>
 
+## 🔐 How Edison prevents data leakages
+
 <details>
-<summary>Security & Permissions System</summary>
+<summary>🔱 The lethal trifecta, agent lifecycle management</summary>
 
 Open Edison includes a comprehensive security monitoring system that tracks the "lethal trifecta" of AI agent risks, as described in [Simon Willison's blog post](https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/):
 
-<img src="media/lethal-trifecta.png" alt="The lethal trifecta diagram showing the three key AI agent security risks" width="30%">
+<img src="media/lethal-trifecta.png" alt="The lethal trifecta diagram showing the three key AI agent security risks" width="70%">
 
 1. **Private data access** - Access to sensitive local files/data
 2. **Untrusted content exposure** - Exposure to external/web content  
 3. **External communication** - Ability to write/send data externally
 
-<img src="media/pam-diagram.png" alt="Privileged Access Management (PAM) example showing the lethal trifecta in action" width="60%">
+<img src="media/pam-diagram.png" alt="Privileged Access Management (PAM) example showing the lethal trifecta in action" width="90%">
 
 The configuration allows you to classify these risks across **tools**, **resources**, and **prompts** using separate configuration files.
 
@@ -265,7 +289,7 @@ In addition to trifecta, we track Access Control Level (ACL) for each tool call,
 that is, each tool has an ACL level (one of PUBLIC, PRIVATE, or SECRET), and we track the highest ACL level for each session.
 If a write operation is attempted to a lower ACL level, it is blocked.
 
-### Tool Permissions (`tool_permissions.json`)
+### 🧰 Tool Permissions (`tool_permissions.json`)
 
 Defines security classifications for MCP tools. See full file: [tool_permissions.json](tool_permissions.json), it looks like:
 
@@ -283,7 +307,7 @@ Defines security classifications for MCP tools. See full file: [tool_permissions
 ```
 
 <details>
-<summary>Resource Permissions (`resource_permissions.json`)</summary>
+<summary>📁 Resource Permissions (`resource_permissions.json`)</summary>
 
 ### Resource Permissions (`resource_permissions.json`)
 
@@ -299,7 +323,7 @@ Defines security classifications for resource access patterns. See full file: [r
 </details>
 
 <details>
-<summary>Prompt Permissions (`prompt_permissions.json`)</summary>
+<summary>💬 Prompt Permissions (`prompt_permissions.json`)</summary>
 
 ### Prompt Permissions (`prompt_permissions.json`)
 
@@ -314,7 +338,7 @@ Defines security classifications for prompt types. See full file: [prompt_permis
 
 </details>
 
-### Wildcard Patterns
+### Wildcard Patterns ✨
 
 All permission types support wildcard patterns:
 
@@ -322,7 +346,7 @@ All permission types support wildcard patterns:
 - **Resources**: `scheme:*` (e.g., `file:*` matches all file resources)  
 - **Prompts**: `type:*` (e.g., `template:*` matches all template prompts)
 
-### Security Monitoring
+### Security Monitoring 🕵️
 
 **All items must be explicitly configured** - unknown tools/resources/prompts will be rejected for security.
 
@@ -330,20 +354,17 @@ Use the `get_security_status` tool to monitor your session's current risk level
 
 </details>
 
-<details>
-<summary>Documentation</summary>
+## Documentation 📚
 
 📚 **Complete documentation available in [`docs/`](docs/)**
 
-- **[Getting Started](docs/quick-reference/config_quick_start.md)** - Quick setup guide
-- **[Configuration](docs/core/configuration.md)** - Complete configuration reference
-- **[API Reference](docs/quick-reference/api_reference.md)** - REST API documentation
-- **[Development Guide](docs/development/development_guide.md)** - Contributing and development
-
-</details>
+- 🚀 **[Getting Started](docs/quick-reference/config_quick_start.md)** - Quick setup guide
+- ⚙️ **[Configuration](docs/core/configuration.md)** - Complete configuration reference
+- 📡 **[API Reference](docs/quick-reference/api_reference.md)** - REST API documentation
+- 🧑‍💻 **[Development Guide](docs/development/development_guide.md)** - Contributing and development
 
 <details>
-<summary>License</summary>
+<summary>📄 License</summary>
 
 GPL-3.0 License - see [LICENSE](LICENSE) for details.
 

open_edison-0.1.29.dist-info/RECORD

@@ -0,0 +1,17 @@
+src/__init__.py,sha256=QWeZdjAm2D2B0eWhd8m2-DPpWvIP26KcNJxwEoU1oEQ,254
+src/__main__.py,sha256=kQsaVyzRa_ESC57JpKDSQJAHExuXme0rM5beJsYxFeA,161
+src/cli.py,sha256=_F1xtUU2h4snWUHf1NptRWGQaD2OSIhEPGLh9Rzmtis,10032
+src/config.py,sha256=LHLQWWWvPzdQfCEUCbCMqHpEOnXJhmPFmk9bSVGnUyY,9443
+src/events.py,sha256=rBH7rnaSWZ7GIC8zyBTwpcvIKWmKYCki-DNGgJhxPow,5001
+src/oauth_manager.py,sha256=qcQa5BDRZr4bjqiXNflCnrXOh9mo9JVjvP2Caseg2Uc,9943
+src/permissions.py,sha256=NGAnlG_z59HEiVA-k3cYvwmmiuHzxuNb5Tbd5umbL00,10483
+src/server.py,sha256=UjVBnDCghbP6TbrhWH5tMmoByvRNrr9LMpuHUDt7kno,44692
+src/single_user_mcp.py,sha256=P-D6_B_l7fJ2OzMjVeg56OkzRkCsODqKpky4ecHRj6I,17356
+src/telemetry.py,sha256=-RZPIjpI53zbsKmp-63REeZ1JirWHV5WvpSRa2nqZEk,11321
+src/middleware/data_access_tracker.py,sha256=bArBffWgYmvxOx9z_pgXQhogvnWQcc1m6WvEblDD4gw,15039
+src/middleware/session_tracking.py,sha256=5W1VH9HNqIZeX0HNxDEm41U4GY6SqKSXtApDEeZK2qo,23084
+open_edison-0.1.29.dist-info/METADATA,sha256=TxOClcNfQNRR1RPxFswzJWlrmKKruN9_u_JjnfhECKA,12103
+open_edison-0.1.29.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+open_edison-0.1.29.dist-info/entry_points.txt,sha256=qNAkJcnoTXRhj8J--3PDmXz_TQKdB8H_0C9wiCtDIyA,72
+open_edison-0.1.29.dist-info/licenses/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+open_edison-0.1.29.dist-info/RECORD,,

src/cli.py

@@ -177,6 +177,7 @@ def _spawn_frontend_dev(  # noqa: C901 - pragmatic complexity for env probing
 
 
 async def _run_server(args: Any) -> None:
+    # TODO check this works as we want it to
     # Resolve config dir and expose via env for the rest of the app
     config_dir_arg = getattr(args, "config_dir", None)
     if config_dir_arg is not None:
@@ -184,7 +185,7 @@ async def _run_server(args: Any) -> None:
     config_dir = get_config_dir()
 
     # Load config after setting env override
-    cfg = Config.load()
+    cfg = Config(config_dir)
 
     host = getattr(args, "host", None) or cfg.server.host
     port = getattr(args, "port", None) or cfg.server.port

src/config.py

@@ -10,6 +10,7 @@ import os
 import sys
 import tomllib
 from dataclasses import asdict, dataclass
+from functools import cache
 from pathlib import Path
 from typing import Any, cast
 
@@ -37,8 +38,7 @@ def get_config_dir() -> Path:
         try:
             return Path(env_dir).expanduser().resolve()
         except Exception:
-            # Fall through to defaults
-            pass
+            log.warning(f"Failed to resolve OPEN_EDISON_CONFIG_DIR: {env_dir}")
 
     # Platform-specific defaults
     try:
@@ -58,39 +58,11 @@ def get_config_dir() -> Path:
         return (Path.home() / ".open-edison").resolve()
 
 
-# Back-compat private alias (internal modules may import this)
-def _get_config_dir() -> Path:  # noqa: D401
-    """Alias to public get_config_dir (maintained for internal imports)."""
-    return get_config_dir()
-
-
-def _default_config_path() -> Path:
-    """Determine default config.json path.
-
-    In development (editable or source checkout), prefer repository root
-    `config.json` when present. In an installed package (site-packages),
-    use the resolved user config dir.
-    """
-    repo_pyproject = root_dir / "pyproject.toml"
-    repo_config = root_dir / "config.json"
-
-    # If pyproject.toml exists next to src/, we are likely in a repo checkout
-    if repo_pyproject.exists():
-        return repo_config
-
-    # Otherwise, prefer user config directory
+def get_config_json_path() -> Path:
+    """Get the path to the config.json file"""
     return get_config_dir() / "config.json"
 
 
-class ConfigError(Exception):
-    """Exception raised for configuration-related errors"""
-
-    def __init__(self, message: str, config_path: Path | None = None):
-        self.message = message
-        self.config_path = config_path
-        super().__init__(self.message)
-
-
 @dataclass
 class ServerConfig:
     """Server configuration"""
@@ -119,10 +91,41 @@ class MCPServerConfig:
     enabled: bool = True
     roots: list[str] | None = None
 
+    oauth_scopes: list[str] | None = None
+    """OAuth scopes to request for this server."""
+
+    oauth_client_name: str | None = None
+    """Custom client name for OAuth registration."""
+
     def __post_init__(self):
         if self.env is None:
             self.env = {}
 
+    def is_remote_server(self) -> bool:
+        """
+        Check if this is a remote MCP server (connects to external HTTPS endpoint).
+
+        Remote servers use mcp-remote with HTTPS URLs and may require OAuth.
+        Local servers run as child processes and don't need OAuth.
+        """
+        return (
+            self.command == "npx"
+            and len(self.args) >= 3
+            and self.args[1] == "mcp-remote"
+            and self.args[2].startswith("https://")
+        )
+
+    def get_remote_url(self) -> str | None:
+        """
+        Get the remote URL for a remote MCP server.
+
+        Returns:
+            The HTTPS URL if this is a remote server, None otherwise
+        """
+        if self.is_remote_server():
+            return self.args[2]
+        return None
+
 
 @dataclass
 class TelemetryConfig:
@@ -135,6 +138,15 @@ class TelemetryConfig:
     export_interval_ms: int = 60000
 
 
+@cache
+def load_json_file(path: Path) -> dict[str, Any]:
+    """Load a JSON file from the given path.
+    Kept as a separate function because we want to manually clear cache sometimes (update in config)"""
+    log.info(f"Loading configuration from {path}")
+    with open(path) as f:
+        return json.load(f)
+
+
 @dataclass
 class Config:
     """Main configuration class"""
@@ -160,15 +172,14 @@ class Config:
             log.warning(f"Failed to read version from pyproject.toml: {e}")
             return "unknown"
 
-    @classmethod
-    def load(cls, config_path: Path | None = None) -> "Config":
+    def __init__(self, config_path: Path | None = None) -> None:
         """Load configuration from JSON file.
 
         If a directory path is provided, will look for `config.json` inside it.
         If no path is provided, uses OPEN_EDISON_CONFIG_DIR or project root.
         """
         if config_path is None:
-            config_path = _default_config_path()
+            config_path = get_config_json_path()
         else:
             # If a directory was passed, use config.json inside it
             if config_path.is_dir():
@@ -176,12 +187,10 @@ class Config:
 
         if not config_path.exists():
             log.warning(f"Config file not found at {config_path}, creating default config")
-            default_config = cls.create_default()
-            default_config.save(config_path)
-            return default_config
+            self.create_default()
+            self.save(config_path)
 
-        with open(config_path) as f:
-            data: dict[str, Any] = json.load(f)
+        data = load_json_file(config_path)
 
         mcp_servers_data = data.get("mcp_servers", [])  # type: ignore
         server_data = data.get("server", {})  # type: ignore
@@ -216,20 +225,18 @@ class Config:
             export_interval_ms=export_interval_ms,
         )
 
-        return cls(
-            server=ServerConfig(**server_data),  # type: ignore
-            logging=LoggingConfig(**logging_data),  # type: ignore
-            mcp_servers=[
-                MCPServerConfig(**server_item)  # type: ignore
-                for server_item in mcp_servers_data  # type: ignore
-            ],
-            telemetry=telemetry_cfg,
-        )
+        self.server = ServerConfig(**server_data)  # type: ignore
+        self.logging = LoggingConfig(**logging_data)  # type: ignore
+        self.mcp_servers = [
+            MCPServerConfig(**server_item)  # type: ignore
+            for server_item in mcp_servers_data  # type: ignore
+        ]
+        self.telemetry = telemetry_cfg
 
     def save(self, config_path: Path | None = None) -> None:
         """Save configuration to JSON file"""
         if config_path is None:
-            config_path = _default_config_path()
+            config_path = get_config_json_path()
         else:
             # If a directory was passed, save to config.json inside it
             if config_path.is_dir():
@@ -251,26 +258,19 @@ class Config:
 
         log.info(f"Configuration saved to {config_path}")
 
-    @classmethod
-    def create_default(cls) -> "Config":
+    def create_default(self) -> None:
         """Create default configuration"""
-        return cls(
-            server=ServerConfig(),
-            logging=LoggingConfig(),
-            mcp_servers=[
-                MCPServerConfig(
-                    name="filesystem",
-                    command="uvx",
-                    args=["mcp-server-filesystem", "/tmp"],
-                    enabled=False,
-                )
-            ],
-            telemetry=TelemetryConfig(
-                enabled=True,
-                otlp_endpoint=DEFAULT_OTLP_METRICS_ENDPOINT,
-            ),
+        self.server = ServerConfig()
+        self.logging = LoggingConfig()
+        self.mcp_servers = [
+            MCPServerConfig(
+                name="filesystem",
+                command="uvx",
+                args=["mcp-server-filesystem", "/tmp"],
+                enabled=False,
+            )
+        ]
+        self.telemetry = TelemetryConfig(
+            enabled=True,
+            otlp_endpoint=DEFAULT_OTLP_METRICS_ENDPOINT,
         )
-
-
-# Load global configuration
-config = Config.load()