Merge branch 'main' into CM-65100-add-file-handling-for-mcps

Author: RoniCycode

.github/workflows/build_executable.yml

@@ -38,7 +38,7 @@ jobs:
     steps:
       - name: Run Cimon
         if: matrix.os == 'ubuntu-22.04'
-        uses: cycodelabs/cimon-action@3ca67e875f34772093aa3bf3c185a711720bf5d9 # v0.10.1
+        uses: cycodelabs/cimon-action@a0870cc3d9e3bf3cedd28bdb67bf3fd3281e5941 # v1.0.1
         with:
           client-id: ${{ secrets.CIMON_CLIENT_ID }}
           secret: ${{ secrets.CIMON_SECRET }}
@@ -265,7 +265,7 @@ jobs:
         run: echo "ARTIFACT_NAME=$(./process_executable_file.py dist/cycode-cli)" >> $GITHUB_ENV
 
       - name: Upload files as artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: ${{ env.ARTIFACT_NAME }}
           path: dist
@@ -313,7 +313,7 @@ jobs:
 
       - name: Upload files to release
         if: ${{ github.event_name == 'workflow_dispatch' && inputs.publish }}
-        uses: svenstaro/upload-release-action@b98a3b12e86552593f3e4e577ca8a62aa2f3f22b # v2
+        uses: svenstaro/upload-release-action@29e53e917877a24fad85510ded594ab3c9ca12de # v2
         with:
           file: dist/*
           tag: ${{ env.LATEST_TAG }}

.github/workflows/docker-image.yml

@@ -76,7 +76,7 @@ jobs:
       - name: Build and push
         id: docker_build
         if: ${{ github.event_name == 'workflow_dispatch' || startsWith(github.ref, 'refs/tags/v') }}
-        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
+        uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
         with:
           context: .
           platforms: linux/amd64,linux/arm64
@@ -86,7 +86,7 @@ jobs:
       - name: Verify build
         id: docker_verify_build
         if: ${{ github.event_name != 'workflow_dispatch' && !startsWith(github.ref, 'refs/tags/v') }}
-        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
+        uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
         with:
           context: .
           platforms: linux/amd64,linux/arm64

.github/workflows/pre_release.yml

@@ -15,7 +15,7 @@ jobs:
 
     steps:
       - name: Run Cimon
-        uses: cycodelabs/cimon-action@3ca67e875f34772093aa3bf3c185a711720bf5d9 # v0.10.1
+        uses: cycodelabs/cimon-action@a0870cc3d9e3bf3cedd28bdb67bf3fd3281e5941 # v1.0.1
         with:
           client-id: ${{ secrets.CIMON_CLIENT_ID }}
           secret: ${{ secrets.CIMON_SECRET }}
@@ -74,4 +74,4 @@ jobs:
         run: poetry build
 
       - name: Publish a Python distribution to PyPI
-        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0

.github/workflows/release.yml

@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Run Cimon
-        uses: cycodelabs/cimon-action@3ca67e875f34772093aa3bf3c185a711720bf5d9 # v0.10.1
+        uses: cycodelabs/cimon-action@a0870cc3d9e3bf3cedd28bdb67bf3fd3281e5941 # v1.0.1
         with:
           client-id: ${{ secrets.CIMON_CLIENT_ID }}
           secret: ${{ secrets.CIMON_SECRET }}
@@ -73,4 +73,4 @@ jobs:
         run: poetry build
 
       - name: Publish a Python distribution to PyPI
-        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0

.github/workflows/ruff.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Run Cimon
-        uses: cycodelabs/cimon-action@3ca67e875f34772093aa3bf3c185a711720bf5d9 # v0.10.1
+        uses: cycodelabs/cimon-action@a0870cc3d9e3bf3cedd28bdb67bf3fd3281e5941 # v1.0.1
         with:
           client-id: ${{ secrets.CIMON_CLIENT_ID }}
           secret: ${{ secrets.CIMON_SECRET }}

.github/workflows/tests.yml

@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Run Cimon
-        uses: cycodelabs/cimon-action@3ca67e875f34772093aa3bf3c185a711720bf5d9 # v0.10.1
+        uses: cycodelabs/cimon-action@a0870cc3d9e3bf3cedd28bdb67bf3fd3281e5941 # v1.0.1
         with:
           client-id: ${{ secrets.CIMON_CLIENT_ID }}
           secret: ${{ secrets.CIMON_SECRET }}

.github/workflows/tests_full.yml

@@ -24,7 +24,7 @@ jobs:
     steps:
       - name: Run Cimon
         if: matrix.os == 'ubuntu-latest'
-        uses: cycodelabs/cimon-action@3ca67e875f34772093aa3bf3c185a711720bf5d9 # v0.10.1
+        uses: cycodelabs/cimon-action@a0870cc3d9e3bf3cedd28bdb67bf3fd3281e5941 # v1.0.1
         with:
           client-id: ${{ secrets.CIMON_CLIENT_ID }}
           secret: ${{ secrets.CIMON_SECRET }}

cycode/cli/apps/ai_guardrails/ides/claude_code.py

@@ -240,7 +240,6 @@ def render_hooks_config(self, async_mode: bool = False) -> dict:
             'hooks': {
                 'SessionStart': [
                     {
-                        'matcher': 'startup|clear',
                         'hooks': [{'type': 'command', 'command': _SESSION_START_COMMAND}],
                     }
                 ],

cycode/cli/apps/ai_guardrails/ides/codex.py

@@ -202,7 +202,6 @@ def render_hooks_config(self, async_mode: bool = False) -> dict:
             'hooks': {
                 'SessionStart': [
                     {
-                        'matcher': 'startup|clear',
                         'hooks': [{'type': 'command', 'command': _SESSION_START_COMMAND}],
                     }
                 ],

cycode/cli/apps/mcp/mcp_command.py

@@ -8,6 +8,7 @@
 import uuid
 from typing import Annotated, Any, Optional
 
+import anyio
 import typer
 from pathvalidate import sanitize_filepath
 from pydantic import Field
@@ -65,6 +66,7 @@ def _get_current_executable() -> str:
     return 'cycode'
 
 
+# ruff: disable[ASYNC109]
 async def _run_cycode_command(*args: str, timeout: int = _DEFAULT_RUN_COMMAND_TIMEOUT) -> dict[str, Any]:
     """Run a cycode command asynchronously and return the parsed result.
 
@@ -109,6 +111,9 @@ async def _run_cycode_command(*args: str, timeout: int = _DEFAULT_RUN_COMMAND_TI
         return {'error': f'Failed to run command: {e!s}'}
 
 
+# ruff: enable[ASYNC109]
+
+
 def _sanitize_file_path(file_path: str) -> str:
     """Sanitize file path to prevent path traversal and other security issues.
 
@@ -238,7 +243,7 @@ async def _cycode_scan_tool(
 
     try:
         if paths:
-            missing = [p for p in paths if not os.path.exists(p)]
+            missing = [p for p in paths if not await anyio.Path(p).exists()]
             if missing:
                 return json.dumps({'error': f'Paths not found on disk: {missing}'}, indent=2)