Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: smart-mcp-proxy/mcpproxy-go
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: main
Choose a base ref
...
head repository: smart-mcp-proxy/mcpproxy-go
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 027-data-flow-security
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 3 commits
  • 56 files changed
  • 2 contributors

Commits on Feb 4, 2026

  1. feat(security): add data flow security with agent hook integration (S… 

    …pec 027)

Detect and prevent data exfiltration by tracking how data flows between
internal tools (Read, databases) and external tools (WebFetch, Slack).
Operates in two modes: proxy-only (universal, any agent) and full mode
with agent hook integration for intercepting agent-internal tool calls.

Key components:
- Tool/server classifier with internal/external/hybrid/unknown categories
- Content hasher using SHA256 per-field extraction for flow matching
- Flow tracker with session-scoped origin recording and edge detection
- Policy evaluator with configurable actions (allow/warn/ask/deny)
- Session correlator linking agent hook sessions to MCP proxy sessions
- Hook CLI commands (install/uninstall/status/evaluate) for Claude Code
- POST /api/v1/hooks/evaluate REST endpoint
- Activity logging for hook_evaluation and flow_summary event types
- Web UI nudge system for hook installation when in proxy-only mode
- E2E tests for both proxy-only and hook-enhanced flow detection

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
    @Dumbris @claude
    Dumbris and claude committed Feb 4, 2026
    Configuration menu
    Copy the full SHA
    8a0a084 View commit details
    Browse the repository at this point in the history

  2. fix(oas): regenerate swagger from swag annotations for Spec 027 endpo… 

    …ints

Add proper swag annotations to hooks.go and activity.go query params,
then regenerate oas/swagger.yaml via make swagger instead of manual edits.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
    @Dumbris @claude
    Dumbris and claude committed Feb 4, 2026
    Configuration menu
    Copy the full SHA
    529b541 View commit details
    Browse the repository at this point in the history

  3. fix(ci): resolve lint errors and race-skip flow security E2E test 

    - Remove unused extractNormalizedArgHashes/extractNormalizedStrings funcs
- Use tagged switch instead of if/else chain on decision string
- Skip ProxyOnlyDetection test under race detector (pre-existing
  supervisor race in AddServer/SetConfig path)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
    @Dumbris @claude
    Dumbris and claude committed Feb 4, 2026
    Configuration menu
    Copy the full SHA
    ec787a4 View commit details
    Browse the repository at this point in the history
Loading