CM-59792 read file hook save file path

cycode/cli/apps/ai_guardrails/scan/handlers.py

@@ -170,6 +170,7 @@ def handle_before_read_file(ctx: typer.Context, payload: AIHookPayload, policy:
             scan_id=scan_id,
             block_reason=block_reason,
             error_message=error_message,
+            file_path=payload.file_path,
         )
 
 

cycode/cyclient/ai_security_manager_client.py

@@ -62,6 +62,7 @@ def create_event(
         scan_id: Optional[str] = None,
         block_reason: Optional['BlockReason'] = None,
         error_message: Optional[str] = None,
+        file_path: Optional[str] = None,
     ) -> None:
         """Create an AI hook event from hook payload."""
         conversation_id = payload.conversation_id
@@ -79,6 +80,7 @@ def create_event(
             'mcp_server_name': payload.mcp_server_name,
             'mcp_tool_name': payload.mcp_tool_name,
             'error_message': error_message,
+            'file_path': file_path,
         }
 
         try:

tests/cli/commands/ai_guardrails/scan/test_handlers.py

@@ -194,6 +194,7 @@ def test_handle_before_read_file_sensitive_path(
     call_args = mock_ctx.obj['ai_security_client'].create_event.call_args
     assert call_args.args[2] == AIHookOutcome.BLOCKED
     assert call_args.kwargs['block_reason'] == BlockReason.SENSITIVE_PATH
+    assert call_args.kwargs['file_path'] == '/path/to/.env'
 
 
 @patch('cycode.cli.apps.ai_guardrails.scan.handlers.is_denied_path')
@@ -215,6 +216,7 @@ def test_handle_before_read_file_no_secrets(
     assert result == {'permission': 'allow'}
     call_args = mock_ctx.obj['ai_security_client'].create_event.call_args
     assert call_args.args[2] == AIHookOutcome.ALLOWED
+    assert call_args.kwargs['file_path'] == '/path/to/file.txt'
 
 
 @patch('cycode.cli.apps.ai_guardrails.scan.handlers.is_denied_path')
@@ -238,6 +240,7 @@ def test_handle_before_read_file_with_secrets(
     call_args = mock_ctx.obj['ai_security_client'].create_event.call_args
     assert call_args.args[2] == AIHookOutcome.BLOCKED
     assert call_args.kwargs['block_reason'] == BlockReason.SECRETS_IN_FILE
+    assert call_args.kwargs['file_path'] == '/path/to/file.txt'
 
 
 @patch('cycode.cli.apps.ai_guardrails.scan.handlers.is_denied_path')