feat(security): add data flow security with agent hook integration (Spec 027)

[Dumbris]

Summary

• Add data flow security system that detects and prevents data exfiltration by tracking how data moves between internal tools (Read, databases) and external tools (WebFetch, Slack)
• Support two operating modes: proxy-only (universal, works with any MCP agent) and full mode (with agent hook integration for intercepting agent-internal tool calls like Read, Write, Bash)
• Implement complete hook CLI (mcpproxy hook install/uninstall/status/evaluate) for Claude Code integration

Key Components

• Classifier (internal/security/flow/classifier.go): Categorizes tools/servers as internal, external, hybrid, or unknown using name heuristics and config overrides
• Content Hasher (internal/security/flow/hasher.go): SHA256 per-field extraction from JSON for content flow matching without storing raw data
• Flow Tracker (internal/security/flow/tracker.go): Session-scoped origin recording and flow edge detection with configurable policies
• Policy Evaluator (internal/security/flow/policy.go): Configurable actions (allow/warn/ask/deny) with graceful degradation in proxy-only mode (ask→warn)
• Session Correlator (internal/security/flow/correlator.go): Links agent hook sessions to MCP proxy sessions via argument hash matching
• Hook CLI (cmd/mcpproxy/hook_cmd.go): Install/uninstall/status/evaluate commands for Claude Code agent hooks
• REST API (internal/httpapi/hooks.go): POST /api/v1/hooks/evaluate endpoint for hook event processing
• Activity Logging: New hook_evaluation and flow_summary activity types with full metadata
• Web UI Nudge: Dashboard hint encouraging hook installation when running in proxy-only mode
• Diagnostics: Security coverage recommendation in mcpproxy doctor output
• OpenAPI: Updated swagger.yaml with new endpoint, activity filters, and schemas

Architecture

Agent (Claude Code)
  ├── Internal tools (Read, Write, Bash) ──→ Hook CLI ──→ POST /api/v1/hooks/evaluate
  └── MCP tools (call_tool_read/write) ──→ MCP Proxy ──→ Upstream servers
                                              ↕
                                    Flow Tracker (session-scoped)
                                    Content hash matching
                                    Policy evaluation

Test plan

• 68/70 TDD tasks complete (2 benchmarks deferred to pre-merge)
• Unit tests: all pass including internal/security/flow/... (25 tests), internal/httpapi/..., internal/runtime/...
• Race detection: go test -race ./internal/security/flow/... passes cleanly
• E2E test: proxy-only flow detection pipeline (TestE2E_FlowSecurity_ProxyOnlyDetection)
• E2E test: hook-enhanced flow detection via HTTP API (TestE2E_FlowSecurity_HookEnhancedDetection) — verifies deny decision with flow_type=internal_to_external, risk_level=high
• API E2E: test-api-e2e.sh — no regressions (61/71 pass, 10 failures pre-existing)
• OpenAPI: verify-oas-coverage.sh — new endpoint documented
• Frontend: vue-tsc --noEmit passes cleanly

🤖 Generated with Claude Code

[cloudflare-workers-and-pages]

Deploying mcpproxy-docs with    Cloudflare Pages

Latest commit:	ec787a4
Status:	✅  Deploy successful!
Preview URL:	https://8f408303.mcpproxy-docs.pages.dev
Branch Preview URL:	https://027-data-flow-security.mcpproxy-docs.pages.dev

View logs

[github-actions]

📦 Build Artifacts

Workflow Run: View Run
Branch: 027-data-flow-security

Available Artifacts

• archive-darwin-amd64 (23 MB)
• archive-darwin-arm64 (21 MB)
• archive-linux-amd64 (12 MB)
• archive-linux-arm64 (11 MB)
• archive-windows-amd64 (23 MB)
• archive-windows-arm64 (21 MB)
• frontend-dist-pr (0 MB)
• installer-dmg-darwin-amd64 (26 MB)
• installer-dmg-darwin-arm64 (23 MB)

How to Download

Option 1: GitHub Web UI (easiest)

1. Go to the workflow run page linked above
2. Scroll to the bottom "Artifacts" section
3. Click on the artifact you want to download

Option 2: GitHub CLI

gh run download 21685803329 --repo smart-mcp-proxy/mcpproxy-go

Note: Artifacts expire in 14 days.