open-edison 0.1.26__tar.gz → 0.1.29__tar.gz

{open_edison-0.1.26 → open_edison-0.1.29}/.gitignore

@@ -217,4 +217,6 @@ frontend_dist/
 frontend/node_modules/
 frontend/package-lock.json
 .vscode
-install_id
+install_id
+dev_config_dir/
+sessions.db

{open_edison-0.1.26 → open_edison-0.1.29}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: open-edison
-Version: 0.1.26
+Version: 0.1.29
 Summary: Open-source MCP security, aggregation, and monitoring. Single-user, self-hosted MCP proxy.
 Author-email: Hugo Berg <hugo@edison.watch>
 License-File: LICENSE
@@ -27,7 +27,11 @@ Description-Content-Type: text/markdown
 
 # OpenEdison 🔒⚡️
 
-MCP security gateway that prevents data exfiltration—via direct access or tool chaining—with full monitoring for local single‑user deployments. Provides core functionality of <https://edison.watch> for local use.
+> The secure MCP proxy gateway
+
+Connect AI to your data/software securely without risk of data exfiltration. Gain visibility, block threats, and get alerts on the data your agent is reading/writing. No more "approve fatigue" with the MCP tool-call approvals.
+
+OpenEdison solves the [lethal trifecta problem](https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/), which can cause agent hijacking & data exfiltration by malicious actors.
 
 <p align="center">
   <img src="media/trifecta520p.gif" alt="Trifecta Security Risk Animation" width="520">
@@ -42,22 +46,23 @@ MCP security gateway that prevents data exfiltration—via direct access or tool
   <img alt="Python Version" src="https://img.shields.io/badge/python-3.12-blue?logo=python">
   <img src="https://img.shields.io/badge/License-GPLv3-blue" alt="License">
 
-
 </p>
 
---- 
-
+---
 
 ## Features ✨
 
-- 🛑 **Prevent Data Leaks** - Edison automatically blocks any data leaks, even if your AI gets jailbroken
-- 👤 **Single-user MCP proxy** - No multi-user complexity, just a simple proxy for your MCP servers
-- 🗂️ **JSON configuration** - Easy to configure and manage your MCP servers
-- 🖥️ **Simple local frontend** - Track and monitor your MCP interactions, servers, and sessions.
-- 📊 **Session tracking** - Track and monitor your MCP interactions
+- 🛑 **Data leak blocker** - Edison automatically blocks any data leaks, even if your AI gets jailbroken
+- 🕰️ **Deterministic execution** - Deterministic execution. Guaranteed data exfiltration blocker.
+- 🗂️ **Easily configurable** - Easy to configure and manage your MCP servers
+- 📊 **Visibility into agent interactions** - Track and monitor your agents and their interactions with connected software/data via MCP calls
 - 🔗 **Simple API** - REST API for managing MCP servers and proxying requests
 - 🐳 **Docker support** - Run in a container for easy deployment
 
+## About Edison.watch 🏢
+
+Edison helps you gain observability, control, and policy enforcement for all AI interactions with systems of records, existing company software and data. Prevent AI from causing data leakage, lightning-fast setup for cross-system governance.
+
 ## Quick Start 🚀
 
 The fastest way to get started:
@@ -68,7 +73,7 @@ The fastest way to get started:
 curl -fsSL https://raw.githubusercontent.com/Edison-Watch/open-edison/main/curl_pipe_bash.sh | bash
 ```
 
-Run locally with uvx: `uvx open-edison --config-dir ~/edison-config`
+Run locally with uvx: `uvx open-edison`
 
 <details>
 <summary>⬇️ Install Node.js/npm (optional for MCP tools)</summary>
@@ -102,11 +107,11 @@ After installation, ensure that `npx` is available on PATH.
 
 ```bash
 # Using uvx
-uvx open-edison --help
+uvx open-edison
 
 # Using pipx
 pipx install open-edison
-open-edison --help
+open-edison
 ```
 
 Run with a custom config directory:
@@ -349,8 +354,6 @@ Use the `get_security_status` tool to monitor your session's current risk level
 
 </details>
 
-
-
 ## Documentation 📚
 
 📚 **Complete documentation available in [`docs/`](docs/)**
@@ -360,7 +363,6 @@ Use the `get_security_status` tool to monitor your session's current risk level
 - 📡 **[API Reference](docs/quick-reference/api_reference.md)** - REST API documentation
 - 🧑‍💻 **[Development Guide](docs/development/development_guide.md)** - Contributing and development
 
-
 <details>
 <summary>📄 License</summary>
 

{open_edison-0.1.26 → open_edison-0.1.29}/README.md

@@ -1,6 +1,10 @@
 # OpenEdison 🔒⚡️
 
-MCP security gateway that prevents data exfiltration—via direct access or tool chaining—with full monitoring for local single‑user deployments. Provides core functionality of <https://edison.watch> for local use.
+> The secure MCP proxy gateway
+
+Connect AI to your data/software securely without risk of data exfiltration. Gain visibility, block threats, and get alerts on the data your agent is reading/writing. No more "approve fatigue" with the MCP tool-call approvals.
+
+OpenEdison solves the [lethal trifecta problem](https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/), which can cause agent hijacking & data exfiltration by malicious actors.
 
 <p align="center">
   <img src="media/trifecta520p.gif" alt="Trifecta Security Risk Animation" width="520">
@@ -15,22 +19,23 @@ MCP security gateway that prevents data exfiltration—via direct access or tool
   <img alt="Python Version" src="https://img.shields.io/badge/python-3.12-blue?logo=python">
   <img src="https://img.shields.io/badge/License-GPLv3-blue" alt="License">
 
-
 </p>
 
---- 
-
+---
 
 ## Features ✨
 
-- 🛑 **Prevent Data Leaks** - Edison automatically blocks any data leaks, even if your AI gets jailbroken
-- 👤 **Single-user MCP proxy** - No multi-user complexity, just a simple proxy for your MCP servers
-- 🗂️ **JSON configuration** - Easy to configure and manage your MCP servers
-- 🖥️ **Simple local frontend** - Track and monitor your MCP interactions, servers, and sessions.
-- 📊 **Session tracking** - Track and monitor your MCP interactions
+- 🛑 **Data leak blocker** - Edison automatically blocks any data leaks, even if your AI gets jailbroken
+- 🕰️ **Deterministic execution** - Deterministic execution. Guaranteed data exfiltration blocker.
+- 🗂️ **Easily configurable** - Easy to configure and manage your MCP servers
+- 📊 **Visibility into agent interactions** - Track and monitor your agents and their interactions with connected software/data via MCP calls
 - 🔗 **Simple API** - REST API for managing MCP servers and proxying requests
 - 🐳 **Docker support** - Run in a container for easy deployment
 
+## About Edison.watch 🏢
+
+Edison helps you gain observability, control, and policy enforcement for all AI interactions with systems of records, existing company software and data. Prevent AI from causing data leakage, lightning-fast setup for cross-system governance.
+
 ## Quick Start 🚀
 
 The fastest way to get started:
@@ -41,7 +46,7 @@ The fastest way to get started:
 curl -fsSL https://raw.githubusercontent.com/Edison-Watch/open-edison/main/curl_pipe_bash.sh | bash
 ```
 
-Run locally with uvx: `uvx open-edison --config-dir ~/edison-config`
+Run locally with uvx: `uvx open-edison`
 
 <details>
 <summary>⬇️ Install Node.js/npm (optional for MCP tools)</summary>
@@ -75,11 +80,11 @@ After installation, ensure that `npx` is available on PATH.
 
 ```bash
 # Using uvx
-uvx open-edison --help
+uvx open-edison
 
 # Using pipx
 pipx install open-edison
-open-edison --help
+open-edison
 ```
 
 Run with a custom config directory:
@@ -322,8 +327,6 @@ Use the `get_security_status` tool to monitor your session's current risk level
 
 </details>
 
-
-
 ## Documentation 📚
 
 📚 **Complete documentation available in [`docs/`](docs/)**
@@ -333,7 +336,6 @@ Use the `get_security_status` tool to monitor your session's current risk level
 - 📡 **[API Reference](docs/quick-reference/api_reference.md)** - REST API documentation
 - 🧑‍💻 **[Development Guide](docs/development/development_guide.md)** - Contributing and development
 
-
 <details>
 <summary>📄 License</summary>
 

{open_edison-0.1.26 → open_edison-0.1.29}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "open-edison"
-version = "0.1.26"
+version = "0.1.29"
 description = "Open-source MCP security, aggregation, and monitoring. Single-user, self-hosted MCP proxy."
 readme = "README.md"
 authors = [

{open_edison-0.1.26 → open_edison-0.1.29}/src/config.py

@@ -10,6 +10,7 @@ import os
 import sys
 import tomllib
 from dataclasses import asdict, dataclass
+from functools import cache
 from pathlib import Path
 from typing import Any, cast
 
@@ -37,8 +38,7 @@ def get_config_dir() -> Path:
         try:
             return Path(env_dir).expanduser().resolve()
         except Exception:
-            # Fall through to defaults
-            pass
+            log.warning(f"Failed to resolve OPEN_EDISON_CONFIG_DIR: {env_dir}")
 
     # Platform-specific defaults
     try:
@@ -58,26 +58,8 @@ def get_config_dir() -> Path:
         return (Path.home() / ".open-edison").resolve()
 
 
-def _default_config_path() -> Path:
-    """Determine default config.json path.
-
-    In development (editable or source checkout), prefer repository root
-    `config.json` when present. In an installed package (site-packages),
-    use the resolved user config dir.
-    """
-    repo_pyproject = root_dir / "pyproject.toml"
-    repo_config = root_dir / "config.json"
-
-    # If pyproject.toml exists next to src/, we are likely in a repo checkout
-    # Prefer the user config directory if a config already exists there (runtime source of truth),
-    # otherwise fall back to the repo copy.
-    if repo_pyproject.exists():
-        user_cfg = get_config_dir() / "config.json"
-        if user_cfg.exists():
-            return user_cfg
-        return repo_config
-
-    # Installed package: prefer user config directory
+def get_config_json_path() -> Path:
+    """Get the path to the config.json file"""
     return get_config_dir() / "config.json"
 
 
@@ -156,6 +138,15 @@ class TelemetryConfig:
     export_interval_ms: int = 60000
 
 
+@cache
+def load_json_file(path: Path) -> dict[str, Any]:
+    """Load a JSON file from the given path.
+    Kept as a separate function because we want to manually clear cache sometimes (update in config)"""
+    log.info(f"Loading configuration from {path}")
+    with open(path) as f:
+        return json.load(f)
+
+
 @dataclass
 class Config:
     """Main configuration class"""
@@ -188,21 +179,18 @@ class Config:
         If no path is provided, uses OPEN_EDISON_CONFIG_DIR or project root.
         """
         if config_path is None:
-            config_path = _default_config_path()
+            config_path = get_config_json_path()
         else:
             # If a directory was passed, use config.json inside it
             if config_path.is_dir():
                 config_path = config_path / "config.json"
 
-        log.info(f"Loading configuration from {config_path}")
-
         if not config_path.exists():
             log.warning(f"Config file not found at {config_path}, creating default config")
             self.create_default()
             self.save(config_path)
 
-        with open(config_path) as f:
-            data: dict[str, Any] = json.load(f)
+        data = load_json_file(config_path)
 
         mcp_servers_data = data.get("mcp_servers", [])  # type: ignore
         server_data = data.get("server", {})  # type: ignore
@@ -248,7 +236,7 @@ class Config:
     def save(self, config_path: Path | None = None) -> None:
         """Save configuration to JSON file"""
         if config_path is None:
-            config_path = _default_config_path()
+            config_path = get_config_json_path()
         else:
             # If a directory was passed, save to config.json inside it
             if config_path.is_dir():

{open_edison-0.1.26 → open_edison-0.1.29}/src/middleware/session_tracking.py

@@ -233,7 +233,11 @@ class SessionTrackingMiddleware(Middleware):
         # Get or create session stats
         _, _session_id = self._get_or_create_session_stats(context)
 
-        return await call_next(context)  # type: ignore
+        try:
+            return await call_next(context)  # type: ignore
+        except Exception:
+            log.exception("MCP request handling failed")
+            raise
 
     # Hooks for Tools
     async def on_list_tools(  # noqa
@@ -243,7 +247,11 @@ class SessionTrackingMiddleware(Middleware):
     ) -> Any:
         log.debug("🔍 on_list_tools")
         # Get the original response
-        response = await call_next(context)
+        try:
+            response = await call_next(context)
+        except Exception:
+            log.exception("MCP list_tools failed")
+            raise
         log.trace(f"🔍 on_list_tools response: {response}")
 
         session_id = current_session_id_ctxvar.get()
@@ -368,7 +376,11 @@ class SessionTrackingMiddleware(Middleware):
         """Process resource access and track security implications."""
         log.trace("🔍 on_list_resources")
         # Get the original response
-        response = await call_next(context)
+        try:
+            response = await call_next(context)
+        except Exception:
+            log.exception("MCP list_resources failed")
+            raise
         log.trace(f"🔍 on_list_resources response: {response}")
 
         session_id = current_session_id_ctxvar.get()
@@ -415,7 +427,11 @@ class SessionTrackingMiddleware(Middleware):
         session_id = current_session_id_ctxvar.get()
         if session_id is None:
             log.warning("No session ID found for resource access tracking")
-            return await call_next(context)
+            try:
+                return await call_next(context)
+            except Exception:
+                log.exception("MCP read_resource failed")
+                raise
 
         session = get_session_from_db(session_id)
         log.trace(f"Adding resource access to session {session_id}")
@@ -457,7 +473,11 @@ class SessionTrackingMiddleware(Middleware):
             db_session.commit()
 
         log.trace(f"Resource access {resource_name} added to session {session_id}")
-        return await call_next(context)
+        try:
+            return await call_next(context)
+        except Exception:
+            log.exception("MCP read_resource failed")
+            raise
 
     # Hooks for Prompts
     async def on_list_prompts(  # noqa
@@ -468,7 +488,11 @@ class SessionTrackingMiddleware(Middleware):
         """Process resource access and track security implications."""
         log.debug("🔍 on_list_prompts")
         # Get the original response
-        response = await call_next(context)
+        try:
+            response = await call_next(context)
+        except Exception:
+            log.exception("MCP list_prompts failed")
+            raise
         log.debug(f"🔍 on_list_prompts response: {response}")
 
         session_id = current_session_id_ctxvar.get()
@@ -515,7 +539,11 @@ class SessionTrackingMiddleware(Middleware):
         session_id = current_session_id_ctxvar.get()
         if session_id is None:
             log.warning("No session ID found for prompt access tracking")
-            return await call_next(context)
+            try:
+                return await call_next(context)
+            except Exception:
+                log.exception("MCP get_prompt failed")
+                raise
 
         session = get_session_from_db(session_id)
         log.trace(f"Adding prompt access to session {session_id}")
@@ -554,4 +582,8 @@ class SessionTrackingMiddleware(Middleware):
             db_session.commit()
 
         log.trace(f"Prompt access {prompt_name} added to session {session_id}")
-        return await call_next(context)
+        try:
+            return await call_next(context)
+        except Exception:
+            log.exception("MCP get_prompt failed")
+            raise

{open_edison-0.1.26 → open_edison-0.1.29}/src/permissions.py

@@ -14,22 +14,8 @@ from loguru import logger as log
 
 from src.config import Config, get_config_dir
 
-# Detect repository root (same logic as in src.config)
-_ROOT_DIR = Path(__file__).parent.parent
-
 
 def _default_permissions_dir() -> Path:
-    """Resolve default permissions directory.
-
-    In development (repo checkout with pyproject.toml), prefer repository root so
-    we use repo-local tool/resource/prompt permissions JSON files. Otherwise fall
-    back to the standard user config directory.
-    """
-    try:
-        if (_ROOT_DIR / "pyproject.toml").exists():
-            return _ROOT_DIR
-    except Exception:
-        pass
     return get_config_dir()
 
 
@@ -76,6 +62,9 @@ class PromptPermission:
     write_operation: bool = False
     read_private_data: bool = False
     read_untrusted_public_data: bool = False
+    # Optional metadata fields (ignored by enforcement but accepted from JSON)
+    description: str | None = None
+    acl: str = "PUBLIC"
 
 
 @dataclass

{open_edison-0.1.26 → open_edison-0.1.29}/src/server.py

@@ -30,7 +30,7 @@ from loguru import logger as log
 from pydantic import BaseModel, Field
 
 from src import events
-from src.config import Config, MCPServerConfig
+from src.config import Config, MCPServerConfig, load_json_file
 from src.config import get_config_dir as _get_cfg_dir  # type: ignore[attr-defined]
 from src.middleware.session_tracking import (
     MCPSessionModel,
@@ -250,6 +250,11 @@ class OpenEdisonProxy:
                 _ = json.loads(content or "{}")
                 target.write_text(content or "{}", encoding="utf-8")
                 log.debug(f"Saved JSON config to {target}")
+
+                # Clear cache for the config file, if it was config.json
+                if name == "config.json":
+                    load_json_file.cache_clear()
+
                 return {"status": "ok"}
             except Exception as e:  # noqa: BLE001
                 raise HTTPException(status_code=400, detail=f"Save failed: {e}") from e
@@ -539,9 +544,9 @@ class OpenEdisonProxy:
             log.info("🔄 Reinitializing MCP servers via API endpoint")
 
             # Create a completely new SingleUserMCP instance to ensure clean state
-            old_mcp = self.single_user_mcp
-            self.single_user_mcp = SingleUserMCP()
-            del old_mcp
+            # old_mcp = self.single_user_mcp
+            # self.single_user_mcp = SingleUserMCP()
+            # del old_mcp
 
             # Initialize the new instance with fresh config
             await self.single_user_mcp.initialize()

{open_edison-0.1.26 → open_edison-0.1.29}/src/single_user_mcp.py

@@ -49,7 +49,8 @@ class SingleUserMCP(FastMCP[Any]):
     """
 
     def __init__(self):
-        super().__init__(name="open-edison-single-user")
+        # Disable error masking so upstream error details are preserved in responses
+        super().__init__(name="open-edison-single-user", mask_error_details=False)
 
         # Add session tracking middleware for data access monitoring
         self.add_middleware(SessionTrackingMiddleware())
@@ -288,6 +289,10 @@ class SingleUserMCP(FastMCP[Any]):
             f"Found {len(enabled_servers)} enabled servers: {[s.name for s in enabled_servers]}"
         )
 
+        # Unmount all servers
+        for server_name in list(mounted_servers.keys()):
+            await self.unmount(server_name)
+
         # Create composite proxy for all real servers
         success = await self.create_composite_proxy(enabled_servers)
         if not success:
@@ -296,6 +301,11 @@ class SingleUserMCP(FastMCP[Any]):
 
         log.info("✅ Single User MCP server initialized with composite proxy")
 
+        # Invalidate and warm lists to ensure reload
+        _ = await self._tool_manager.list_tools()
+        _ = await self._resource_manager.list_resources()
+        _ = await self._prompt_manager.list_prompts()
+
     def _calculate_risk_level(self, trifecta: dict[str, bool]) -> str:
         """
         Calculate a human-readable risk level based on trifecta flags.
@@ -386,7 +396,7 @@ class SingleUserMCP(FastMCP[Any]):
             """
             tool_list = await self._tool_manager.list_tools()
             available_tools: list[str] = []
-            log.debug(f"Raw tool list: {tool_list}")
+            log.trace(f"Raw tool list: {tool_list}")
             perms = Permissions()
             for tool in tool_list:
                 # Use the prefixed key (e.g., "filesystem_read_file") to match flattened permissions