CM-58022-review

Author: Ilanlido

cycode/cli/apps/ai_guardrails/__init__.py

@@ -1,6 +1,7 @@
 import typer
 
 from cycode.cli.apps.ai_guardrails.install_command import install_command
+from cycode.cli.apps.ai_guardrails.scan.scan_command import scan_command
 from cycode.cli.apps.ai_guardrails.status_command import status_command
 from cycode.cli.apps.ai_guardrails.uninstall_command import uninstall_command
 
@@ -9,3 +10,8 @@
 app.command(name='install', short_help='Install AI guardrails hooks for supported IDEs.')(install_command)
 app.command(name='uninstall', short_help='Remove AI guardrails hooks from supported IDEs.')(uninstall_command)
 app.command(name='status', short_help='Show AI guardrails hook installation status.')(status_command)
+app.command(
+    hidden=True,
+    name='scan',
+    short_help='Scan content from AI IDE hooks for secrets (reads JSON from stdin).',
+)(scan_command)

cycode/cli/apps/scan/prompt/__init__.py …/cli/apps/ai_guardrails/scan/__init__.pycycode/cli/apps/scan/prompt/__init__.py renamed to cycode/cli/apps/ai_guardrails/scan/__init__.py cycode/cli/apps/scan/prompt/__init__.py renamed to cycode/cli/apps/ai_guardrails/scan/__init__.py

@@ -13,15 +13,15 @@
 
 import typer
 
-from cycode.cli.apps.scan.code_scanner import _get_scan_documents_thread_func
-from cycode.cli.apps.scan.prompt.payload import AIHookPayload
-from cycode.cli.apps.scan.prompt.policy import get_policy_value
-from cycode.cli.apps.scan.prompt.response_builders import get_response_builder
-from cycode.cli.apps.scan.prompt.types import AiHookEventType, AIHookOutcome, BlockReason
-from cycode.cli.apps.scan.prompt.utils import (
+from cycode.cli.apps.ai_guardrails.scan.payload import AIHookPayload
+from cycode.cli.apps.ai_guardrails.scan.policy import get_policy_value
+from cycode.cli.apps.ai_guardrails.scan.response_builders import get_response_builder
+from cycode.cli.apps.ai_guardrails.scan.types import AiHookEventType, AIHookOutcome, BlockReason
+from cycode.cli.apps.ai_guardrails.scan.utils import (
     is_denied_path,
     truncate_utf8,
 )
+from cycode.cli.apps.scan.code_scanner import _get_scan_documents_thread_func
 from cycode.cli.apps.scan.scan_parameters import get_scan_parameters
 from cycode.cli.models import Document
 from cycode.cli.utils.progress_bar import DummyProgressBar, ScanProgressBarSection

cycode/cli/apps/scan/prompt/consts.py …de/cli/apps/ai_guardrails/scan/consts.pycycode/cli/apps/scan/prompt/consts.py renamed to cycode/cli/apps/ai_guardrails/scan/consts.py cycode/cli/apps/scan/prompt/consts.py renamed to cycode/cli/apps/ai_guardrails/scan/consts.py

@@ -3,7 +3,7 @@
 from dataclasses import dataclass
 from typing import Optional
 
-from cycode.cli.apps.scan.prompt.types import CURSOR_EVENT_MAPPING
+from cycode.cli.apps.ai_guardrails.scan.types import CURSOR_EVENT_MAPPING
 
 
 @dataclass

cycode/cli/apps/scan/prompt/handlers.py …/cli/apps/ai_guardrails/scan/handlers.pycycode/cli/apps/scan/prompt/handlers.py renamed to cycode/cli/apps/ai_guardrails/scan/handlers.py cycode/cli/apps/scan/prompt/handlers.py renamed to cycode/cli/apps/ai_guardrails/scan/handlers.py

@@ -13,7 +13,7 @@
 
 import yaml
 
-from cycode.cli.apps.scan.prompt.consts import DEFAULT_POLICY, POLICY_FILE_NAME
+from cycode.cli.apps.ai_guardrails.scan.consts import DEFAULT_POLICY, POLICY_FILE_NAME
 
 
 def deep_merge(base: dict, override: dict) -> dict:

cycode/cli/apps/scan/prompt/payload.py …e/cli/apps/ai_guardrails/scan/payload.pycycode/cli/apps/scan/prompt/payload.py renamed to cycode/cli/apps/ai_guardrails/scan/payload.py cycode/cli/apps/scan/prompt/payload.py renamed to cycode/cli/apps/ai_guardrails/scan/payload.py

@@ -1,8 +1,9 @@
 """
-Prompt scan command for AI guardrails.
+Scan command for AI guardrails.
 
 This command handles AI IDE hooks by reading JSON from stdin and outputting
-a JSON response to stdout.
+a JSON response to stdout. It scans prompts, file reads, and MCP tool calls
+for secrets before they are sent to AI models.
 
 Supports multiple IDEs with different hook event types. The specific hook events
 supported depend on the IDE being used (e.g., Cursor supports beforeSubmitPrompt,
@@ -15,12 +16,12 @@
 import click
 import typer
 
-from cycode.cli.apps.scan.prompt.handlers import get_handler_for_event
-from cycode.cli.apps.scan.prompt.payload import AIHookPayload
-from cycode.cli.apps.scan.prompt.policy import load_policy
-from cycode.cli.apps.scan.prompt.response_builders import get_response_builder
-from cycode.cli.apps.scan.prompt.types import AiHookEventType
-from cycode.cli.apps.scan.prompt.utils import output_json, safe_json_parse
+from cycode.cli.apps.ai_guardrails.scan.handlers import get_handler_for_event
+from cycode.cli.apps.ai_guardrails.scan.payload import AIHookPayload
+from cycode.cli.apps.ai_guardrails.scan.policy import load_policy
+from cycode.cli.apps.ai_guardrails.scan.response_builders import get_response_builder
+from cycode.cli.apps.ai_guardrails.scan.types import AiHookEventType
+from cycode.cli.apps.ai_guardrails.scan.utils import output_json, safe_json_parse
 from cycode.cli.exceptions.custom_exceptions import HttpUnauthorizedError
 from cycode.cli.utils.get_api_client import get_ai_security_manager_client, get_scan_cycode_client
 from cycode.cli.utils.sentry import add_breadcrumb
@@ -59,7 +60,7 @@ def _initialize_clients(ctx: typer.Context) -> None:
     ctx.obj['ai_security_client'] = ai_security_client
 
 
-def prompt_command(
+def scan_command(
     ctx: typer.Context,
     ide: Annotated[
         str,
@@ -70,7 +71,7 @@ def prompt_command(
         ),
     ] = 'cursor',
 ) -> None:
-    """Handle AI guardrails hooks from supported IDEs.
+    """Scan content from AI IDE hooks for secrets.
 
     This command reads a JSON payload from stdin containing hook event data
     and outputs a JSON response to stdout indicating whether to allow or block the action.
@@ -80,9 +81,9 @@ def prompt_command(
     file access, and tool executions.
 
     Example usage (from IDE hooks configuration):
-        { "command": "cycode scan prompt" }
+        { "command": "cycode ai-guardrails scan" }
     """
-    add_breadcrumb('prompt')
+    add_breadcrumb('ai-guardrails-scan')
 
     stdin_data = sys.stdin.read().strip()
     payload = safe_json_parse(stdin_data)

cycode/cli/apps/scan/prompt/policy.py …de/cli/apps/ai_guardrails/scan/policy.pycycode/cli/apps/scan/prompt/policy.py renamed to cycode/cli/apps/ai_guardrails/scan/policy.py cycode/cli/apps/scan/prompt/policy.py renamed to cycode/cli/apps/ai_guardrails/scan/policy.py

@@ -1,11 +1,15 @@
 """Type definitions for AI guardrails."""
 
-from enum import Enum
+import sys
 
+if sys.version_info >= (3, 11):
+    from enum import StrEnum
+else:
+    from enum import Enum
 
-class StrEnum(str, Enum):
-    def __str__(self) -> str:
-        return self.value
+    class StrEnum(str, Enum):
+        def __str__(self) -> str:
+            return self.value
 
 
 class AiHookEventType(StrEnum):

…li/apps/scan/prompt/response_builders.py …/ai_guardrails/scan/response_builders.pycycode/cli/apps/scan/prompt/response_builders.py renamed to cycode/cli/apps/ai_guardrails/scan/response_builders.py cycode/cli/apps/scan/prompt/response_builders.py renamed to cycode/cli/apps/ai_guardrails/scan/response_builders.py

@@ -8,7 +8,7 @@
 import os
 from pathlib import Path
 
-from cycode.cli.apps.scan.prompt.policy import get_policy_value
+from cycode.cli.apps.ai_guardrails.scan.policy import get_policy_value
 
 
 def safe_json_parse(s: str) -> dict: