CM-62381-address-review

Author: RoniCycode

cycode/cli/apps/ai_guardrails/scan/claude_config.py

@@ -42,3 +42,11 @@ def get_user_email(config: dict) -> Optional[str]:
     Reads oauthAccount.emailAddress from the config dict.
     """
     return config.get('oauthAccount', {}).get('emailAddress')
+
+
+def get_mcp_servers(config: dict) -> Optional[dict]:
+    """Extract MCP servers from Claude config.
+
+    Reads mcpServers from the config dict.
+    """
+    return config.get('mcpServers')

cycode/cli/apps/ai_guardrails/scan/cursor_config.py

@@ -0,0 +1,36 @@
+"""Reader for ~/.cursor/mcp.json configuration file.
+
+Extracts MCP server definitions from the Cursor global config file
+for use in AI guardrails data-flow reporting.
+"""
+
+import json
+from pathlib import Path
+from typing import Optional
+
+from cycode.logger import get_logger
+
+logger = get_logger('AI Guardrails Cursor Config')
+
+_CURSOR_MCP_CONFIG_PATH = Path.home() / '.cursor' / 'mcp.json'
+
+
+def load_cursor_config(config_path: Optional[Path] = None) -> Optional[dict]:
+    """Load and parse ~/.cursor/mcp.json.
+
+    Args:
+        config_path: Override path for testing. Defaults to ~/.cursor/mcp.json.
+
+    Returns:
+        Parsed dict or None if file is missing or invalid.
+    """
+    path = config_path or _CURSOR_MCP_CONFIG_PATH
+    if not path.exists():
+        logger.debug('Cursor MCP config file not found', extra={'path': str(path)})
+        return None
+    try:
+        content = path.read_text(encoding='utf-8')
+        return json.loads(content)
+    except Exception as e:
+        logger.debug('Failed to load Cursor MCP config file', exc_info=e)
+        return None

cycode/cli/apps/ai_guardrails/scan/payload.py

@@ -123,7 +123,7 @@ class AIHookPayload:
     """Unified payload object that normalizes field names from different AI tools."""
 
     # Event identification
-    event_name: str  # Canonical event type (e.g., 'prompt', 'file_read', 'mcp_execution')
+    event_name: Optional[str] = None  # Canonical event type (e.g., 'prompt', 'file_read', 'mcp_execution')
     conversation_id: Optional[str] = None
     generation_id: Optional[str] = None
 

cycode/cli/apps/ai_guardrails/session_start_command.py

@@ -5,7 +5,8 @@
 
 from cycode.cli.apps.ai_guardrails.consts import AIIDEType
 from cycode.cli.apps.ai_guardrails.scan.claude_config import get_mcp_servers, get_user_email, load_claude_config
-from cycode.cli.apps.ai_guardrails.scan.payload import AIHookPayload, _extract_from_claude_transcript
+from cycode.cli.apps.ai_guardrails.scan.cursor_config import load_cursor_config
+from cycode.cli.apps.ai_guardrails.scan.payload import AIHookPayload
 from cycode.cli.apps.ai_guardrails.scan.utils import safe_json_parse
 from cycode.cli.apps.auth.auth_common import get_authorization_info
 from cycode.cli.apps.auth.auth_manager import AuthManager
@@ -19,22 +20,19 @@
 def _build_session_payload(payload: dict, ide: str) -> AIHookPayload:
     """Build an AIHookPayload from a session-start stdin payload."""
     if ide == AIIDEType.CLAUDE_CODE:
-        ide_version, model, _ = _extract_from_claude_transcript(payload.get('transcript_path'))
         claude_config = load_claude_config()
         ide_user_email = get_user_email(claude_config) if claude_config else None
 
         return AIHookPayload(
-            event_name='session_start',
             conversation_id=payload.get('session_id'),
             ide_user_email=ide_user_email,
-            model=payload.get('model') or model,
+            model=payload.get('model'),
             ide_provider=AIIDEType.CLAUDE_CODE.value,
-            ide_version=ide_version,
+            ide_version=None,
         )
 
     # Cursor
     return AIHookPayload(
-        event_name='session_start',
         conversation_id=payload.get('conversation_id'),
         ide_user_email=payload.get('user_email'),
         model=payload.get('model'),
@@ -43,6 +41,28 @@ def _build_session_payload(payload: dict, ide: str) -> AIHookPayload:
     )
 
 
+def _get_mcp_servers_for_ide(ide: str) -> dict:
+    """Return configured MCP servers for the given IDE, or empty dict."""
+    if ide == AIIDEType.CLAUDE_CODE:
+        config = load_claude_config()
+    elif ide == AIIDEType.CURSOR:
+        config = load_cursor_config()
+    else:
+        return {}
+    return get_mcp_servers(config) or {} if config else {}
+
+
+def _report_data_flow(ai_client, ide: str) -> None:
+    """Report IDE MCP servers to the AI security manager. Never raises."""
+    mcp_servers = _get_mcp_servers_for_ide(ide)
+    if not mcp_servers:
+        return
+    try:
+        ai_client.report_data_flow(mcp_servers)
+    except Exception as e:
+        logger.debug('Failed to report MCP servers', exc_info=e)
+
+
 def session_start_command(
     ctx: typer.Context,
     ide: Annotated[
@@ -94,13 +114,5 @@ def session_start_command(
     except Exception as e:
         logger.debug('Failed to create conversation during session start', exc_info=e)
 
-    # Step 5: Report data flow (MCP servers, Claude Code only)
-    if ide == AIIDEType.CLAUDE_CODE:
-        claude_config = load_claude_config()
-        if claude_config:
-            mcp_servers = get_mcp_servers(claude_config)
-            if mcp_servers:
-                try:
-                    ai_client.report_data_flow(mcp_servers)
-                except Exception as e:
-                    logger.debug('Failed to report MCP servers', exc_info=e)
+    # Step 5: Report data flow (MCP servers)
+    _report_data_flow(ai_client, ide)

tests/cli/commands/ai_guardrails/test_session_start_command.py

@@ -111,21 +111,18 @@ def test_invalid_json_stdin_skips_session_init(
 
 
 @patch('cycode.cli.apps.ai_guardrails.session_start_command.load_claude_config')
-@patch('cycode.cli.apps.ai_guardrails.session_start_command._extract_from_claude_transcript')
 @patch('cycode.cli.apps.ai_guardrails.session_start_command.get_ai_security_manager_client')
 @patch('cycode.cli.apps.ai_guardrails.session_start_command.get_authorization_info')
 def test_claude_code_creates_conversation(
     mock_get_auth: MagicMock,
     mock_get_client: MagicMock,
-    mock_transcript: MagicMock,
     mock_load_config: MagicMock,
     mock_ctx: MagicMock,
 ) -> None:
     """Claude Code payload should create conversation with session_id, model, email."""
     mock_get_auth.return_value = MagicMock()
     mock_ai_client = MagicMock()
     mock_get_client.return_value = mock_ai_client
-    mock_transcript.return_value = ('1.0.0', 'claude-sonnet', None)
     mock_load_config.return_value = {'oauthAccount': {'emailAddress': 'user@example.com'}}
 
     payload = {'session_id': 'session-123', 'model': 'claude-opus', 'transcript_path': '/tmp/t.jsonl'}
@@ -172,13 +169,11 @@ def test_cursor_creates_conversation(
 
 
 @patch('cycode.cli.apps.ai_guardrails.session_start_command.load_claude_config')
-@patch('cycode.cli.apps.ai_guardrails.session_start_command._extract_from_claude_transcript')
 @patch('cycode.cli.apps.ai_guardrails.session_start_command.get_ai_security_manager_client')
 @patch('cycode.cli.apps.ai_guardrails.session_start_command.get_authorization_info')
 def test_conversation_creation_failure_non_blocking(
     mock_get_auth: MagicMock,
     mock_get_client: MagicMock,
-    mock_transcript: MagicMock,
     mock_load_config: MagicMock,
     mock_ctx: MagicMock,
 ) -> None:
@@ -187,7 +182,6 @@ def test_conversation_creation_failure_non_blocking(
     mock_ai_client = MagicMock()
     mock_ai_client.create_conversation.side_effect = RuntimeError('API down')
     mock_get_client.return_value = mock_ai_client
-    mock_transcript.return_value = (None, None, None)
     mock_load_config.return_value = None
 
     payload = {'session_id': 'session-123'}
@@ -202,21 +196,18 @@ def test_conversation_creation_failure_non_blocking(
 
 
 @patch('cycode.cli.apps.ai_guardrails.session_start_command.load_claude_config')
-@patch('cycode.cli.apps.ai_guardrails.session_start_command._extract_from_claude_transcript')
 @patch('cycode.cli.apps.ai_guardrails.session_start_command.get_ai_security_manager_client')
 @patch('cycode.cli.apps.ai_guardrails.session_start_command.get_authorization_info')
 def test_claude_code_reports_mcp_servers(
     mock_get_auth: MagicMock,
     mock_get_client: MagicMock,
-    mock_transcript: MagicMock,
     mock_load_config: MagicMock,
     mock_ctx: MagicMock,
 ) -> None:
     """Claude Code should report MCP servers from ~/.claude.json."""
     mock_get_auth.return_value = MagicMock()
     mock_ai_client = MagicMock()
     mock_get_client.return_value = mock_ai_client
-    mock_transcript.return_value = (None, None, None)
     mcp_servers = {
         'gitlab': {'command': 'npx', 'args': ['-y', '@modelcontextprotocol/server-gitlab']},
         'filesystem': {'command': 'npx', 'args': ['-y', '@modelcontextprotocol/server-filesystem']},
@@ -232,21 +223,18 @@ def test_claude_code_reports_mcp_servers(
 
 
 @patch('cycode.cli.apps.ai_guardrails.session_start_command.load_claude_config')
-@patch('cycode.cli.apps.ai_guardrails.session_start_command._extract_from_claude_transcript')
 @patch('cycode.cli.apps.ai_guardrails.session_start_command.get_ai_security_manager_client')
 @patch('cycode.cli.apps.ai_guardrails.session_start_command.get_authorization_info')
 def test_claude_code_no_mcp_servers_skips_report(
     mock_get_auth: MagicMock,
     mock_get_client: MagicMock,
-    mock_transcript: MagicMock,
     mock_load_config: MagicMock,
     mock_ctx: MagicMock,
 ) -> None:
     """When no mcpServers in config, report_data_flow should not be called."""
     mock_get_auth.return_value = MagicMock()
     mock_ai_client = MagicMock()
     mock_get_client.return_value = mock_ai_client
-    mock_transcript.return_value = (None, None, None)
     mock_load_config.return_value = {'oauthAccount': {'emailAddress': 'u@e.com'}}
 
     payload = {'session_id': 'session-123'}
@@ -257,17 +245,44 @@ def test_claude_code_no_mcp_servers_skips_report(
     mock_ai_client.report_data_flow.assert_not_called()
 
 
+@patch('cycode.cli.apps.ai_guardrails.session_start_command.load_cursor_config')
 @patch('cycode.cli.apps.ai_guardrails.session_start_command.get_ai_security_manager_client')
 @patch('cycode.cli.apps.ai_guardrails.session_start_command.get_authorization_info')
-def test_cursor_does_not_report_mcp_servers(
+def test_cursor_reports_mcp_servers(
     mock_get_auth: MagicMock,
     mock_get_client: MagicMock,
+    mock_load_cursor: MagicMock,
     mock_ctx: MagicMock,
 ) -> None:
-    """Cursor should not report MCP servers."""
+    """Cursor should report MCP servers from ~/.cursor/mcp.json."""
     mock_get_auth.return_value = MagicMock()
     mock_ai_client = MagicMock()
     mock_get_client.return_value = mock_ai_client
+    mcp_servers = {'github': {'command': 'npx', 'args': ['-y', '@modelcontextprotocol/server-github']}}
+    mock_load_cursor.return_value = {'mcpServers': mcp_servers}
+
+    payload = {'conversation_id': 'conv-456', 'model': 'gpt-4'}
+
+    with patch('sys.stdin', new=StringIO(json.dumps(payload))):
+        session_start_command(mock_ctx, ide='cursor')
+
+    mock_ai_client.report_data_flow.assert_called_once_with(mcp_servers)
+
+
+@patch('cycode.cli.apps.ai_guardrails.session_start_command.load_cursor_config')
+@patch('cycode.cli.apps.ai_guardrails.session_start_command.get_ai_security_manager_client')
+@patch('cycode.cli.apps.ai_guardrails.session_start_command.get_authorization_info')
+def test_cursor_no_mcp_servers_skips_report(
+    mock_get_auth: MagicMock,
+    mock_get_client: MagicMock,
+    mock_load_cursor: MagicMock,
+    mock_ctx: MagicMock,
+) -> None:
+    """Cursor with no MCP config file should skip report_data_flow."""
+    mock_get_auth.return_value = MagicMock()
+    mock_ai_client = MagicMock()
+    mock_get_client.return_value = mock_ai_client
+    mock_load_cursor.return_value = None
 
     payload = {'conversation_id': 'conv-456', 'model': 'gpt-4'}
 
@@ -278,13 +293,11 @@ def test_cursor_does_not_report_mcp_servers(
 
 
 @patch('cycode.cli.apps.ai_guardrails.session_start_command.load_claude_config')
-@patch('cycode.cli.apps.ai_guardrails.session_start_command._extract_from_claude_transcript')
 @patch('cycode.cli.apps.ai_guardrails.session_start_command.get_ai_security_manager_client')
 @patch('cycode.cli.apps.ai_guardrails.session_start_command.get_authorization_info')
 def test_mcp_report_failure_non_blocking(
     mock_get_auth: MagicMock,
     mock_get_client: MagicMock,
-    mock_transcript: MagicMock,
     mock_load_config: MagicMock,
     mock_ctx: MagicMock,
 ) -> None:
@@ -293,7 +306,6 @@ def test_mcp_report_failure_non_blocking(
     mock_ai_client = MagicMock()
     mock_ai_client.report_data_flow.side_effect = RuntimeError('API down')
     mock_get_client.return_value = mock_ai_client
-    mock_transcript.return_value = (None, None, None)
     mock_load_config.return_value = {
         'mcpServers': {'gitlab': {'command': 'npx'}},
     }