tweek 0.3.0__py3-none-any.whl → 0.4.0__py3-none-any.whl

{tweek-0.3.0.dist-info → tweek-0.4.0.dist-info}/RECORD

@@ -1,45 +1,66 @@
-tweek/__init__.py,sha256=v1mBM39Sp-MgonHi8fotmfcN7dxbow_Eh9xdbSYnjN4,360
+tweek/__init__.py,sha256=ObqNjfhUoPC8rXfPtT85pqrOlKoSn4_-4fKQF5cynCQ,359
 tweek/_keygen.py,sha256=UapwIKNSwaRWdqHoJoF3hmKuiux6aIiFGe8WVskTbI8,1286
-tweek/audit.py,sha256=Bp4RETwdiHpT2EEi45atZa0LlJUOtALhrc3UT8MHvF8,8868
-tweek/cli.py,sha256=0AxYSIQ56Y2OHNVGSocNksYkiiLfUFNx5XvBUzCtZZI,254670
-tweek/cli_helpers.py,sha256=Q2NTOkyRTOIPNLMqY2jA5_tuzDPksAGwGXYPRK3bzoY,5538
+tweek/audit.py,sha256=AzjIpy6Jc-WzTrda9lb3nZbyaR_SDWUxo04pObJP2MQ,8868
+tweek/cli.py,sha256=OOZrpcrwDGbmaHxIyvBw7MoVSlEdrFNAgIwWHI56p5M,2976
+tweek/cli_config.py,sha256=rSQTkw0JAqm6w02Ah2_hiJ-wIxhnrjTgvFuw2A39qfs,24525
+tweek/cli_configure.py,sha256=fHm2sWxjUWFu7ulup7T-zrQ3LYiYg_1Vf-m3E5hoKd8,14603
+tweek/cli_core.py,sha256=0mgcJ_ZduuloOhyIn4ecTHROMtz_pDcAdlew-E45DPk,26843
+tweek/cli_dry_run.py,sha256=8DBx3qKAZHY8VA6MsbsGBs6EyDGFxKsrtmuNaHJ22C8,14335
+tweek/cli_helpers.py,sha256=_8aVj8e67MrP61ao7_AaEQSi9AfJQxW3eNvnjbSWT7g,16347
+tweek/cli_install.py,sha256=5AaxZmOpDk9y8Ursy_CaU8JYn4mtMPWNtIhWNpb6an8,74111
+tweek/cli_logs.py,sha256=uoJBKb85EYcIQnXxNfh15w235u9UWP1he-RlwnITWuA,10776
+tweek/cli_mcp.py,sha256=mIKTUqTKLlVYc9054LdjfL-maiVAabPFkb_sLtoS0Gk,4787
+tweek/cli_memory.py,sha256=Sw2TOt7RGsXBoH_q13bQjUK3WyvOy49bXefZ7atoaCY,11895
 tweek/cli_model.py,sha256=iMZStFqA0Nqyzm4rxSbhD4v-AqcO6h5NI72AR7cldoY,12853
-tweek/diagnostics.py,sha256=KbtXQH8QrRBoyIFWumL6q9--aQQdR0tUo2GzjMhwpII,24601
-tweek/licensing.py,sha256=4Pt34t8Y60jaLMBYLjnmLs_0o_LUahOhGflhXeZtuPU,11703
-tweek/config/__init__.py,sha256=C_kQm0LqYdM67E9wNi6bsX2V7xz7GY4HiICb_XlrX8A,362
-tweek/config/allowed_dirs.yaml,sha256=dMF_DqKgQThzkdIEoXzDBfAjbopGrk0HTkiM7ENmBaU,788
-tweek/config/families.yaml,sha256=jkNO0UsmX3MFlTKC9Or3p8_MlD3ZtHM0SrQIYFqx9i8,18212
-tweek/config/manager.py,sha256=FTBJ4sMwnENH9tfvKB5d1SFve1R__k5j2KXb38vn1CA,39347
-tweek/config/patterns.yaml,sha256=8ow--0qdPJNjIY94j-vDEcrHt-TYgf9uuPCiqSMCIEQ,85376
-tweek/config/tiers.yaml,sha256=9hIXQ9izVKXd8ptoCsQiBo2r_XY8RvIk7VWrhWggkbc,10191
+tweek/cli_plugins.py,sha256=3u8oJ0Wxb50taTc6Xofyy9voaPi62ozEfcP93VBY1oA,30059
+tweek/cli_protect.py,sha256=q6VhmR2vnozdybUXJEnaofx0FVZSoQq39gWVh5xmjnc,22398
+tweek/cli_proxy.py,sha256=J63CuL0bg2UVHbdavDgIcqiC1C8JS0kNG8pqHEAx9mw,14289
+tweek/cli_security.py,sha256=FpPOY0YsSY5kOc9aNy8QBi9h4fpmQ7wiX3cKtRYmLzg,8482
+tweek/cli_skills.py,sha256=N2D184i5gajKjrLdQuWxhdiXWGiE4NGCvPahMDZvliI,9045
+tweek/cli_uninstall.py,sha256=sRDbtYxbJ9fnt-fBypEZOCR_UdTTo09RozOI_Xlo1Dc,21463
+tweek/cli_vault.py,sha256=j2HUurcOCOUgObfnSiMrcJQ8k3BUs1aD-YqCNZzp98I,11457
+tweek/diagnostics.py,sha256=aYtdLeTulbYF3KzIt-oqTDucYNJrBL85rsPXlPM07bg,27487
+tweek/licensing.py,sha256=_t_X3wgd6F0VEoLrOags-AE2k3IZXw3WhWXFuQU4UYA,11703
+tweek/config/__init__.py,sha256=ENwimeLZd2gSJXpkASMY45hbMUDn2RwM-Zl_RMvpCbQ,772
+tweek/config/allowed_dirs.yaml,sha256=eHmX3QEJ-LBVdwH5tQBFeTFnlRewLvRG2jLJwBh3lOY,841
+tweek/config/families.yaml,sha256=QAQD-6pnCOdiNXpXUPyeAKkYMlRcQmUpCMORkDeGA1Y,18348
+tweek/config/manager.py,sha256=cs77QiAShd91RTMGxKgWUmz7qluRfQq0PogCpfxUAPA,41256
+tweek/config/models.py,sha256=RbVjC2pxnkrBKanS6QGDrHwPVkmss5ouG_dqAHf_C3Q,10018
+tweek/config/patterns.yaml,sha256=5HHLGGCb0KmEAEo9KPc3eja0ykYjy53x66D-u7WY6No,86749
+tweek/config/templates.py,sha256=aIGD3bDfx-J6vVBKQTNZr3IIh-O9yjcddRB8l1BxZPs,4440
+tweek/config/tiers.yaml,sha256=gVQ80iOqirHzlJI9YEzpi6alqqmNtNNZh1nA4DQYPPs,10298
+tweek/config/templates/config.yaml.template,sha256=i3QGrIuNjF9kqJNoMJmr62mja_8Rh9gMsc-YM6YzNSE,9120
+tweek/config/templates/env.template,sha256=MCnGhE6WHU5Bk9HO6dkPfBtkur2QyK69cxzHUKBWPzs,1456
+tweek/config/templates/overrides.yaml.template,sha256=T9CjpPayth_1bDH-iL0mSdTTMi27GmC8cNxnBaxRNWk,4170
+tweek/config/templates/tweek.yaml.template,sha256=jdSE7e3JeS9vOWEGWK2VCr66HLxSSFpOkNNUcZQQrkg,777
 tweek/hooks/__init__.py,sha256=GcgDjPdhZayxmyZ4-GfBa-ISARNtt9087RsuprRq2-s,54
 tweek/hooks/break_glass.py,sha256=GNMhCtLWPylNMlQ5QfsoUkEjgIT1Uk1Ik7HvRWeE5N8,4636
 tweek/hooks/feedback.py,sha256=uuA4opHYyBHC5sElBz-fr2Je3cg2DAv-aRHvETZcag0,6555
-tweek/hooks/overrides.py,sha256=1Yw_NPpZMvcFG_uyNY-ouBKSSomnxOptRedSjzkkhmE,18635
-tweek/hooks/post_tool_use.py,sha256=DiAnWOBd9t4vpMz1JsgUjYzToU6i-igesP2Vk83AAAc,17195
-tweek/hooks/pre_tool_use.py,sha256=70XbonRSGh8rYpDlI4R_Z5Ug2LwU4iLyLsS87I5xlqc,71743
+tweek/hooks/overrides.py,sha256=9WfTfh5R_IstoR7SKlEIq-mgRbUTnnIiJYSTDV3_ekI,18762
+tweek/hooks/post_tool_use.py,sha256=NVOgcd7wn5BL5TYQiTwvMFxy_68dWp5z6FoRYXypfaU,19195
+tweek/hooks/pre_tool_use.py,sha256=qMGaRamkBUEXZFTYdiqFgmxLiTeH2ON4FHvcGKKxazg,76765
 tweek/integrations/__init__.py,sha256=sl7wFwbygmnruugX4bO2EUjoXxBlCpzTKbj-1zHuUPg,78
-tweek/integrations/openclaw.py,sha256=jX99__ODGI7Cq6gclSTK2pI5lsI7UGh5_iCHmq1R8RY,13798
+tweek/integrations/openclaw.py,sha256=uSP_FPG5BFnk8o6Z-1PlXB8od4OX0p0nGN8xRof9XsE,16955
 tweek/integrations/openclaw_server.py,sha256=Ah7wxsxKE2lQmIdlrFINvt5jW9U_bqqERfG3X2N5Aps,12533
 tweek/logging/__init__.py,sha256=-HUdhMuDlGUwG3v2KE7xH7cClOSQ5kZIDcVO4cybVLI,228
 tweek/logging/bundle.py,sha256=eDP0Is-hna18goaHmvexXpoNAlFhmWoMG-STTLZ19_w,11911
 tweek/logging/json_logger.py,sha256=zXOsFAufj3MF0TboM5zSS7V8uNBDJea7YkJHR-uQgBA,4698
 tweek/logging/security_log.py,sha256=BwHDdrN0VCpqssStvsZdASFnyxVpANCq9xiSkFsEFFk,28486
-tweek/mcp/__init__.py,sha256=AOFDrzDfjOvICMcN15Hz-iNCT0Kf6oyUBB-iNEW5Vr4,791
+tweek/mcp/__init__.py,sha256=UbBOrb15XrVIcyKoNLXos2N63Xw2_EeyKnaALkjfnME,610
 tweek/mcp/approval.py,sha256=WIFQi4ryXEFtgQyzQIshwgP5h_Th7Cxepx9NIhf2o_4,17885
 tweek/mcp/approval_cli.py,sha256=8WtmJF7KTLmdEF5wHqENaUJUzKEQej4CjRtFey4RcGg,11281
-tweek/mcp/proxy.py,sha256=0p5OEaRsFuNRcGR3rnqprkPjTdSSYgrsU_XXQiFPS8c,24819
+tweek/mcp/proxy.py,sha256=aQb7FxNq1QvllL82rLAd4fyZUu5POpDPLByvRdN1bng,31073
 tweek/mcp/screening.py,sha256=ax5TK8ZSXb9uo5DFx3mxiYrBKjDBP0cTLNhA05TXb80,5421
-tweek/mcp/server.py,sha256=3pF3piXUNtIf2-SUJPCjGZPD42esg2KFsVXpaBXrq3E,10901
 tweek/mcp/clients/__init__.py,sha256=46tdDJRG_POVhRWLxzgeU2FjOoBKquCNf4jnHQ_FUn0,900
-tweek/mcp/clients/chatgpt.py,sha256=M7Mu-F1On47ijNlRj3KRb0S7tN3xkK7ZCjutAYoe8bw,3739
-tweek/mcp/clients/claude_desktop.py,sha256=ujkZm26l0QMlK1ectgae7VlJsl2tcOXhrWCsjyFvsdc,6624
-tweek/mcp/clients/gemini.py,sha256=2eKkX02gb8wuQoBeN6oo4DVmvn1R7D2mt8KGDdUFvQA,5653
+tweek/mcp/clients/chatgpt.py,sha256=9nX-HODn-M9dR-39l_ltvHCjdiZfKs2i0dkb7-tSgdw,3739
+tweek/mcp/clients/claude_desktop.py,sha256=c92vsomu0Ko5rqnS0157ziIpiVTO_BjaTKBxFzduyNw,6624
+tweek/mcp/clients/gemini.py,sha256=IFGClXc2ytrheah0Ja7vrMLVDEhORcUdQWnEo29BOVE,5653
 tweek/memory/__init__.py,sha256=rUe3cc-Nh-8k7kEMHzF8ao2QRt-tnI9kZQAtU8GQT5M,843
-tweek/memory/queries.py,sha256=SdpO9VEmvuIuribJRb7W9JO_dvVC6fSdzAonaQ9kgbg,6640
-tweek/memory/safety.py,sha256=9nahGB5HGnOrA92X72WvcjAu8f6yTv5UE1uYk19_CBw,4586
-tweek/memory/schemas.py,sha256=-yTBhenL5x1w5FLiCFXVhi7ciROf5oPWgTwdz3tVslY,2045
-tweek/memory/store.py,sha256=d1RAgeDjRvmH6DgmQ8SopDw81K8nUxs3fNlN4-0awAc,35350
+tweek/memory/provenance.py,sha256=zuVHRI9Krj4-YCEj-OJ_4P7xnmAHDelIyrN34446fhw,15628
+tweek/memory/queries.py,sha256=MsUTMOai_iyVSfAmiRFcb_-E9KF2kah1WdeXOa27u-A,6712
+tweek/memory/safety.py,sha256=Mv9R2bQxX2TcitIsgugY7gZmaWjxEahTyVTRTTr1ePA,5416
+tweek/memory/schemas.py,sha256=WD2BIXgEYdG1rjn8MNNS1UWxc2x9bZ_7k736BkJERZg,2125
+tweek/memory/store.py,sha256=Z9MwVsWkz76SncSwxaYmWT3uU4btq4CM-2JIuDkS744,36705
 tweek/platform/__init__.py,sha256=jIwiwsMU297T02JOymjAdvk7QheEJxgDspueV38pJJE,3757
 tweek/plugins/__init__.py,sha256=u2dsiOhUE2WbYArjoeyWbaaO99J0aZJU_Z_X83OzVWw,28437
 tweek/plugins/base.py,sha256=dcx-qjaYE7Dwr36JRNWQaQ1xaDZgb6-T3CTP45j3A24,33445
@@ -69,7 +90,7 @@ tweek/plugins/providers/bedrock.py,sha256=ADIdO7Kpz-kNq78Mq1pQpt8rfX9OIAR3NaMGiA
 tweek/plugins/providers/google.py,sha256=2wIt-lKXGb_vRcEz-_2zLHTyRdT_VFd3RYpEs_Vuxj0,6033
 tweek/plugins/providers/openai.py,sha256=LK3_4UIgj1XBORA2MTEI88DID67_9nXY1i8rbe3Yem0,7522
 tweek/plugins/screening/__init__.py,sha256=KijMffjrD35tbz0RBW4fb8elt36tdrNvlKBVmyeH-OA,1214
-tweek/plugins/screening/heuristic_scorer.py,sha256=emTYUT49-GJZhNc3wOZxjeOxJz8u7-GC7c8AVFPT7n8,17193
+tweek/plugins/screening/heuristic_scorer.py,sha256=CuXR_KEoRbn9nRMdNbjzmA00WvBkp31tQTuS5E2t_sQ,17193
 tweek/plugins/screening/llm_reviewer.py,sha256=DJv4bd5iu0aXtfUyuQ5yb6UTKnyPaY0NW43JraiE90o,5135
 tweek/plugins/screening/local_model_reviewer.py,sha256=SCQDXvd5cq_w6IQP_G3RzOVDy6W2Xco0b4lKeYd14-0,5010
 tweek/plugins/screening/pattern_matcher.py,sha256=Zto8ZAJenZoN605LfHvoyNLzqYtJqJg02rH7GaAvPoo,8673
@@ -90,34 +111,36 @@ tweek/sandbox/registry.py,sha256=ZZDQYeJMNAJ0FrFEayo1KyC5r3qXSBx6Tu-JcXIMjtI,506
 tweek/screening/__init__.py,sha256=-QKzhN8TNqEOrooPunbQl_f6133LOXAszmiKyv8V07I,352
 tweek/screening/context.py,sha256=iZeD6-Fm7dNs5wlIu15MlMbIPzeTX_Pe0DUkK5xHpQ0,3030
 tweek/security/__init__.py,sha256=2qkoxVHzWeHdVWYHRYZG479Qpfodl6jNCQu_Wc3i1vM,901
+tweek/security/integrity.py,sha256=QMW5Zu5PaZHC5DLwumnIq7CUOw-iqs_7AMlijLonXj4,2689
 tweek/security/language.py,sha256=690g63NoeKjwxPG0d38USa1w30QtsAohiT2SXBv-ON4,9128
-tweek/security/llm_reviewer.py,sha256=66DSIY1BKXWR5tamL85RpPwN6ihfCQ9PAbmXtwUoM14,49220
+tweek/security/llm_reviewer.py,sha256=M9qPDx67Nj8ImlfdA57IHvuilj7JCzTaoMzxzslKvBM,53270
 tweek/security/local_model.py,sha256=fqWQOSiAcWVIM1zzy6SosXVh9hNHJbLRzTJPy9I3sFs,10451
-tweek/security/local_reviewer.py,sha256=-kHWDmGnMH13cSv_7DiH4n7ZTZ3uqWZoPzQgYKQKwR0,4987
-tweek/security/model_registry.py,sha256=XscpZcWaaJwHldX2T9C1T1zSvJ3lm0aSW4nIhwRpUzc,11022
+tweek/security/local_reviewer.py,sha256=0BzFx8U42KucBL14rpUbXZ8zxsu9ALHGhVosVcj0uh0,6890
+tweek/security/model_registry.py,sha256=zi0mYyTzWc6BL2W7Kd1gCLNti0N8OygKpwL94Re8Kzw,13795
 tweek/security/rate_limiter.py,sha256=bY8VIkQ-wCbNOYTLwD4MsMBoHk59zPWeZCkuE8Zntm8,24185
 tweek/security/secret_scanner.py,sha256=G-bbMwsAJD197BEOnZJdn_qphS4RNPK_wpLfkpiLuFU,18774
 tweek/security/session_analyzer.py,sha256=-Ylp583VZ_YJRkN5JZrYpaK1sVbiM6KP7ZwLBzWpiCI,24260
 tweek/skill_template/SKILL.md,sha256=gBk_Ken77scVYeCs8imm1ASnNLDpBl-C0ufgWrrkQIA,10274
 tweek/skill_template/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tweek/skill_template/cli-reference.md,sha256=DdXIEfTPvYn6iybVwA-r3CKkV1Mlx5Ub_sJf_lJrV2k,6913
-tweek/skill_template/overrides-reference.md,sha256=xlc07wXXsCOrx60wMD7LZ7fn5Z_dhLuj5Mgx04-xGQ0,4509
+tweek/skill_template/overrides-reference.md,sha256=xmTIdQ_Pe0FUIhEGkUniO1rxWzsubs-XULNBElYdRlA,4509
 tweek/skill_template/scripts/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tweek/skill_template/scripts/check_installed.py,sha256=-pMmfgBjdbwb5u2t9rJ0dMBz7MGYgiZM5db3tiNZgO4,5878
 tweek/skills/__init__.py,sha256=DyTvK8n5Lb-idkJhXCVytpiZjNfWveCtNkSL6o8dxHM,1209
 tweek/skills/config.py,sha256=I95wK9CBj_UiHwFuxfE8yRl7cmFiqdY0hXfF3BHP0X8,4782
+tweek/skills/context.py,sha256=15wn3wh_m4n954tsWtf4p8kBdtFmwN18TxPzOaGfGlc,6672
 tweek/skills/fingerprints.py,sha256=YjPsTxqotzGlyMIgfgewSoNDTLU8_-p9fY_a44LJTjU,6027
 tweek/skills/guard.py,sha256=1g3QVFwtW2T04PPCouAAEPxgoweVGEld0WL9eCE80js,8294
 tweek/skills/isolation.py,sha256=AmGwzD8xh70HL4f5aIrvYGm_ug1hHwu8tZXSAnsKiJk,16547
-tweek/skills/scanner.py,sha256=PaeZNnwxLTGls2O3hQaDgBhGw9jVJThPjfKCY_05_nI,27574
+tweek/skills/scanner.py,sha256=YlH-yg3_JuwmBvmnpqA4PVfWyNBHaPSjBo6d9Ncuh8k,27574
 tweek/vault/__init__.py,sha256=L408fjdRYL8-VqLEsyyHSO9PkBDhd_2mPIbrCu53YhM,980
 tweek/vault/cross_platform.py,sha256=D4UvX_7OpSo8iRx5sc2OUUWQIk8JHhgeFBYk1MbyIj4,8251
 tweek/vault/keychain.py,sha256=XL18-SUj7HwuqxLXZDViuCH81--KMu68jN9Szn1aeyw,10624
-tweek-0.3.0.dist-info/licenses/LICENSE,sha256=rjoDzr1vAf0bsqZglpIyekU5aewIkCk4jHZZDvVI2BE,15269
-tweek-0.3.0.dist-info/licenses/NOTICE,sha256=taQokyDes5UTRNEC67G-13VmqvUyTOncrrT33pCcWL0,8729
+tweek-0.4.0.dist-info/licenses/LICENSE,sha256=rjoDzr1vAf0bsqZglpIyekU5aewIkCk4jHZZDvVI2BE,15269
+tweek-0.4.0.dist-info/licenses/NOTICE,sha256=taQokyDes5UTRNEC67G-13VmqvUyTOncrrT33pCcWL0,8729
 tweek-openclaw-plugin/node_modules/flatted/python/flatted.py,sha256=UYburBDqkySaTfSpntPCUJRxiBGcplusJM7ECX8FEgA,3860
-tweek-0.3.0.dist-info/METADATA,sha256=4eLu77u_VjfeqHnZ_-sIXRthm3In7dOHRnGkAaqQy2Y,11889
-tweek-0.3.0.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-tweek-0.3.0.dist-info/entry_points.txt,sha256=YXThD6UiF5XQXwqW33sphsvz-Bl4Zm6pm-xq-5wcCYE,1337
-tweek-0.3.0.dist-info/top_level.txt,sha256=jtNcCxjoGXN8IBqEVL0F3LHDrZD_B0S-4XF9-Ur7Pbc,28
-tweek-0.3.0.dist-info/RECORD,,
+tweek-0.4.0.dist-info/METADATA,sha256=CIQC3olKNKfO6OmnpgLHD73kPFhQfuXbZy2eTpLPEAk,11992
+tweek-0.4.0.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+tweek-0.4.0.dist-info/entry_points.txt,sha256=YXThD6UiF5XQXwqW33sphsvz-Bl4Zm6pm-xq-5wcCYE,1337
+tweek-0.4.0.dist-info/top_level.txt,sha256=jtNcCxjoGXN8IBqEVL0F3LHDrZD_B0S-4XF9-Ur7Pbc,28
+tweek-0.4.0.dist-info/RECORD,,

tweek/mcp/server.py

@@ -1,320 +0,0 @@
-#!/usr/bin/env python3
-"""
-Tweek MCP Gateway Server
-
-Minimal MCP server exposing only tools that add genuinely new capabilities
-not available as built-in desktop client tools:
-- tweek_vault: Secure keychain credential retrieval
-- tweek_status: Security status and activity reporting
-
-Desktop clients' built-in tools (Bash, Read, Write, etc.) cannot be
-intercepted via MCP. For upstream MCP server interception, use the
-proxy mode: tweek mcp proxy
-
-Usage:
-    tweek mcp serve       # stdio mode (desktop clients)
-"""
-from __future__ import annotations
-
-import json
-import logging
-import os
-from typing import Any, Dict, Optional
-
-try:
-    from mcp.server import Server
-    from mcp.server.stdio import stdio_server
-    from mcp.types import (
-        TextContent,
-        Tool,
-    )
-    MCP_AVAILABLE = True
-except ImportError:
-    MCP_AVAILABLE = False
-
-from tweek.screening.context import ScreeningContext
-
-logger = logging.getLogger(__name__)
-
-# Version for MCP server identification
-MCP_SERVER_VERSION = "0.2.0"
-
-
-def _check_mcp_available():
-    """Raise RuntimeError if MCP SDK is not installed."""
-    if not MCP_AVAILABLE:
-        raise RuntimeError(
-            "MCP SDK not installed. Install with: pip install 'tweek[mcp]' "
-            "or pip install mcp"
-        )
-
-
-class TweekMCPServer:
-    """
-    Tweek MCP Gateway.
-
-    Exposes vault and status tools via MCP. These are genuinely new
-    capabilities not available as built-in desktop client tools.
-
-    For intercepting upstream MCP server tool calls, use TweekMCPProxy
-    from tweek.mcp.proxy instead.
-    """
-
-    def __init__(self, config: Optional[Dict[str, Any]] = None):
-        _check_mcp_available()
-        self.config = config or {}
-        self.server = Server("tweek-security")
-        self._setup_handlers()
-        self._request_count = 0
-        self._blocked_count = 0
-
-    def _setup_handlers(self):
-        """Register MCP protocol handlers."""
-
-        @self.server.list_tools()
-        async def list_tools() -> list[Tool]:
-            """Return the list of tools this server provides."""
-            tools = []
-
-            tool_configs = self.config.get("mcp", {}).get("gateway", {}).get("tools", {})
-
-            if tool_configs.get("vault", True):
-                tools.append(Tool(
-                    name="tweek_vault",
-                    description=(
-                        "Retrieve a credential from Tweek's secure vault. "
-                        "Credentials are stored in the system keychain, not in .env files. "
-                        "Use this instead of reading .env files or hardcoding secrets."
-                    ),
-                    inputSchema={
-                        "type": "object",
-                        "properties": {
-                            "skill": {
-                                "type": "string",
-                                "description": "Skill namespace for the credential",
-                            },
-                            "key": {
-                                "type": "string",
-                                "description": "Credential key name",
-                            },
-                        },
-                        "required": ["skill", "key"],
-                    },
-                ))
-
-            if tool_configs.get("status", True):
-                tools.append(Tool(
-                    name="tweek_status",
-                    description=(
-                        "Show Tweek security status including active plugins, "
-                        "recent activity, threat summary, and proxy statistics."
-                    ),
-                    inputSchema={
-                        "type": "object",
-                        "properties": {
-                            "detail": {
-                                "type": "string",
-                                "enum": ["summary", "plugins", "activity", "threats"],
-                                "description": "Level of detail (default: summary)",
-                            },
-                        },
-                    },
-                ))
-
-            return tools
-
-        @self.server.call_tool()
-        async def call_tool(name: str, arguments: dict) -> list[TextContent]:
-            """Handle tool calls."""
-            self._request_count += 1
-
-            handler_map = {
-                "tweek_vault": self._handle_vault,
-                "tweek_status": self._handle_status,
-            }
-
-            handler = handler_map.get(name)
-            if handler is None:
-                return [TextContent(
-                    type="text",
-                    text=json.dumps({
-                        "error": f"Unknown tool: {name}",
-                        "available_tools": list(handler_map.keys()),
-                    }),
-                )]
-
-            try:
-                result = await handler(arguments)
-                return [TextContent(type="text", text=result)]
-            except Exception as e:
-                logger.error(f"Tool {name} failed: {e}")
-                return [TextContent(
-                    type="text",
-                    text=json.dumps({"error": str(e), "tool": name}),
-                )]
-
-    def _build_context(
-        self,
-        tool_name: str,
-        content: str,
-        tool_input: Optional[Dict[str, Any]] = None,
-    ) -> ScreeningContext:
-        """Build a ScreeningContext for MCP tool calls."""
-        return ScreeningContext(
-            tool_name=tool_name,
-            content=content,
-            tier="default",
-            working_dir=os.getcwd(),
-            source="mcp",
-            client_name=self.config.get("client_name"),
-            tool_input=tool_input,
-        )
-
-    def _run_screening(self, context: ScreeningContext) -> Dict[str, Any]:
-        """
-        Run the shared screening pipeline.
-
-        In gateway mode, should_prompt is converted to blocked
-        since there is no interactive user to confirm.
-        """
-        from tweek.mcp.screening import run_mcp_screening
-
-        result = run_mcp_screening(context)
-
-        if result.get("should_prompt"):
-            self._blocked_count += 1
-            return {
-                "allowed": False,
-                "blocked": True,
-                "reason": f"Requires user confirmation: {result.get('reason', '')}",
-                "findings": result.get("findings", []),
-            }
-
-        if result.get("blocked"):
-            self._blocked_count += 1
-
-        return {
-            "allowed": result.get("allowed", False),
-            "blocked": result.get("blocked", False),
-            "reason": result.get("reason"),
-            "findings": result.get("findings", []),
-        }
-
-    async def _handle_vault(self, arguments: Dict[str, Any]) -> str:
-        """Handle tweek_vault tool call."""
-        skill = arguments.get("skill", "")
-        key = arguments.get("key", "")
-
-        # Screen vault access
-        context = self._build_context("Vault", f"vault:{skill}/{key}", arguments)
-        screening = self._run_screening(context)
-
-        if screening["blocked"]:
-            return json.dumps({
-                "blocked": True,
-                "reason": screening["reason"],
-            })
-
-        try:
-            from tweek.vault.cross_platform import CrossPlatformVault
-
-            vault = CrossPlatformVault()
-            value = vault.get(skill, key)
-
-            if value is None:
-                return json.dumps({
-                    "error": f"Credential not found: {skill}/{key}",
-                    "available": False,
-                })
-
-            return json.dumps({
-                "value": value,
-                "skill": skill,
-                "key": key,
-            })
-
-        except Exception as e:
-            # Don't leak internal details across trust boundary
-            logger.error(f"Vault operation failed: {e}")
-            return json.dumps({"error": "Vault operation failed"})
-
-    async def _handle_status(self, arguments: Dict[str, Any]) -> str:
-        """Handle tweek_status tool call."""
-        detail = arguments.get("detail", "summary")
-
-        try:
-            status = {
-                "version": MCP_SERVER_VERSION,
-                "source": "mcp",
-                "mode": "gateway",
-                "gateway_requests": self._request_count,
-                "gateway_blocked": self._blocked_count,
-            }
-
-            if detail in ("summary", "plugins"):
-                try:
-                    from tweek.plugins import get_registry
-                    registry = get_registry()
-                    stats = registry.get_stats()
-                    status["plugins"] = stats
-                except ImportError:
-                    status["plugins"] = {"error": "Plugin system not available"}
-
-            if detail in ("summary", "activity"):
-                try:
-                    from tweek.logging.security_log import get_logger as get_sec_logger
-                    sec_logger = get_sec_logger()
-                    recent = sec_logger.get_recent(limit=10)
-                    status["recent_activity"] = [
-                        {
-                            "timestamp": str(e.timestamp),
-                            "event_type": e.event_type.value,
-                            "tool": e.tool_name,
-                            "decision": e.decision,
-                        }
-                        for e in recent
-                    ] if recent else []
-                except (ImportError, Exception):
-                    status["recent_activity"] = []
-
-            # Include approval queue stats if available
-            try:
-                from tweek.mcp.approval import ApprovalQueue
-                queue = ApprovalQueue()
-                status["approval_queue"] = queue.get_stats()
-            except Exception:
-                pass
-
-            return json.dumps(status, indent=2)
-
-        except Exception as e:
-            return json.dumps({"error": str(e)})
-
-
-async def run_server(config: Optional[Dict[str, Any]] = None):
-    """
-    Run the Tweek MCP gateway server on stdio transport.
-
-    Exposes tweek_vault and tweek_status tools. For upstream MCP
-    server interception, use run_proxy() instead.
-    """
-    _check_mcp_available()
-
-    server = TweekMCPServer(config=config)
-
-    logger.info("Starting Tweek MCP Gateway...")
-    logger.info(f"Version: {MCP_SERVER_VERSION}")
-    logger.info("Tools: tweek_vault, tweek_status")
-    logger.info("For upstream MCP interception, use: tweek mcp proxy")
-
-    async with stdio_server() as (read_stream, write_stream):
-        await server.server.run(
-            read_stream,
-            write_stream,
-            server.server.create_initialization_options(),
-        )
-
-
-def create_server(config: Optional[Dict[str, Any]] = None) -> "TweekMCPServer":
-    """Create a TweekMCPServer instance for programmatic use."""
-    return TweekMCPServer(config=config)