CM-59792-read-file-hook-save-file-path

Ilanlido · Ilanlido · commit 3e9773c2dcee · 2026-02-18T16:18:32.000+02:00
diff --git a/cycode/cli/apps/ai_guardrails/scan/handlers.py b/cycode/cli/apps/ai_guardrails/scan/handlers.py
@@ -170,6 +170,7 @@ def handle_before_read_file(ctx: typer.Context, payload: AIHookPayload, policy:
             scan_id=scan_id,
             block_reason=block_reason,
             error_message=error_message,
+            file_path=payload.file_path,
         )
 
 
diff --git a/cycode/cyclient/ai_security_manager_client.py b/cycode/cyclient/ai_security_manager_client.py
@@ -62,6 +62,7 @@ def create_event(
         scan_id: Optional[str] = None,
         block_reason: Optional['BlockReason'] = None,
         error_message: Optional[str] = None,
+        file_path: Optional[str] = None,
     ) -> None:
         """Create an AI hook event from hook payload."""
         conversation_id = payload.conversation_id
@@ -79,6 +80,7 @@ def create_event(
             'mcp_server_name': payload.mcp_server_name,
             'mcp_tool_name': payload.mcp_tool_name,
             'error_message': error_message,
+            'file_path': file_path,
         }
 
         try:
diff --git a/tests/cli/commands/ai_guardrails/scan/test_handlers.py b/tests/cli/commands/ai_guardrails/scan/test_handlers.py
@@ -194,6 +194,7 @@ def test_handle_before_read_file_sensitive_path(
     call_args = mock_ctx.obj['ai_security_client'].create_event.call_args
     assert call_args.args[2] == AIHookOutcome.BLOCKED
     assert call_args.kwargs['block_reason'] == BlockReason.SENSITIVE_PATH
+    assert call_args.kwargs['file_path'] == '/path/to/.env'
 
 
 @patch('cycode.cli.apps.ai_guardrails.scan.handlers.is_denied_path')
@@ -215,6 +216,7 @@ def test_handle_before_read_file_no_secrets(
     assert result == {'permission': 'allow'}
     call_args = mock_ctx.obj['ai_security_client'].create_event.call_args
     assert call_args.args[2] == AIHookOutcome.ALLOWED
+    assert call_args.kwargs['file_path'] == '/path/to/file.txt'
 
 
 @patch('cycode.cli.apps.ai_guardrails.scan.handlers.is_denied_path')
@@ -238,6 +240,7 @@ def test_handle_before_read_file_with_secrets(
     call_args = mock_ctx.obj['ai_security_client'].create_event.call_args
     assert call_args.args[2] == AIHookOutcome.BLOCKED
     assert call_args.kwargs['block_reason'] == BlockReason.SECRETS_IN_FILE
+    assert call_args.kwargs['file_path'] == '/path/to/file.txt'
 
 
 @patch('cycode.cli.apps.ai_guardrails.scan.handlers.is_denied_path')

Original file line number	Diff line number	Diff line change
`@@ -170,6 +170,7 @@ def handle_before_read_file(ctx: typer.Context, payload: AIHookPayload, policy:`
`170`	`170`	`scan_id=scan_id,`
`171`	`171`	`block_reason=block_reason,`
`172`	`172`	`error_message=error_message,`
	`173`	`+ file_path=payload.file_path,`
`173`	`174`	`)`
`174`	`175`
`175`	`176`