multicorn-shield 0.1.0

package/dist/multicorn-proxy.js

@@ -0,0 +1,1153 @@
+#!/usr/bin/env node
+import { readFile, mkdir, writeFile } from 'fs/promises';
+import { join } from 'path';
+import { homedir } from 'os';
+import { createInterface } from 'readline';
+import { spawn } from 'child_process';
+import 'stream';
+
+var CONFIG_DIR = join(homedir(), ".multicorn");
+var CONFIG_PATH = join(CONFIG_DIR, "config.json");
+async function loadConfig() {
+  try {
+    const raw = await readFile(CONFIG_PATH, "utf8");
+    const parsed = JSON.parse(raw);
+    if (!isProxyConfig(parsed)) return null;
+    return parsed;
+  } catch {
+    return null;
+  }
+}
+async function saveConfig(config) {
+  await mkdir(CONFIG_DIR, { recursive: true, mode: 448 });
+  await writeFile(CONFIG_PATH, JSON.stringify(config, null, 2) + "\n", {
+    encoding: "utf8",
+    mode: 384
+  });
+}
+async function validateApiKey(apiKey, baseUrl) {
+  try {
+    const response = await fetch(`${baseUrl}/api/v1/agents`, {
+      headers: { "X-Multicorn-Key": apiKey },
+      signal: AbortSignal.timeout(8e3)
+    });
+    if (response.status === 401) {
+      return { valid: false, error: "API key not recognised. Check the key and try again." };
+    }
+    if (!response.ok) {
+      return {
+        valid: false,
+        error: `Service returned ${String(response.status)}. Check your base URL and try again.`
+      };
+    }
+    return { valid: true };
+  } catch (error) {
+    const detail = error instanceof Error ? error.message : String(error);
+    return {
+      valid: false,
+      error: `Could not reach ${baseUrl}. Check your network connection. (${detail})`
+    };
+  }
+}
+async function runInit(baseUrl = "https://api.multicorn.ai") {
+  const rl = createInterface({ input: process.stdin, output: process.stderr });
+  function ask(question) {
+    return new Promise((resolve) => {
+      rl.question(question, (answer) => {
+        resolve(answer);
+      });
+    });
+  }
+  process.stderr.write("Multicorn Shield proxy setup\n\n");
+  process.stderr.write("Get your API key at https://app.multicorn.ai/settings/api-keys\n\n");
+  let config = null;
+  while (config === null) {
+    const input = await ask("API key (starts with mcs_): ");
+    const apiKey = input.trim();
+    if (apiKey.length === 0) {
+      process.stderr.write("API key is required.\n");
+      continue;
+    }
+    process.stderr.write("Validating key...\n");
+    const result = await validateApiKey(apiKey, baseUrl);
+    if (!result.valid) {
+      process.stderr.write(`${result.error ?? "Validation failed. Try again."}
+`);
+      continue;
+    }
+    config = { apiKey, baseUrl };
+  }
+  rl.close();
+  await saveConfig(config);
+  process.stderr.write(`
+Config saved to ${CONFIG_PATH}
+`);
+  process.stderr.write("Run your agent with: npx multicorn-proxy --wrap <your-mcp-server>\n");
+  return config;
+}
+function isProxyConfig(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const obj = value;
+  return typeof obj["apiKey"] === "string" && typeof obj["baseUrl"] === "string";
+}
+
+// src/types/index.ts
+var PERMISSION_LEVELS = {
+  Read: "read",
+  Write: "write",
+  Execute: "execute",
+  Publish: "publish",
+  Create: "create"
+};
+
+// src/scopes/scope-parser.ts
+var VALID_PERMISSION_LEVELS = new Set(Object.values(PERMISSION_LEVELS));
+[...VALID_PERMISSION_LEVELS].join(", ");
+function formatScope(scope) {
+  return `${scope.permissionLevel}:${scope.service}`;
+}
+
+// src/scopes/scope-validator.ts
+function validateScopeAccess(grantedScopes, requested) {
+  const isGranted = grantedScopes.some(
+    (granted) => granted.service === requested.service && granted.permissionLevel === requested.permissionLevel
+  );
+  if (isGranted) {
+    return { allowed: true };
+  }
+  const serviceScopes = grantedScopes.filter((g) => g.service === requested.service);
+  if (serviceScopes.length > 0) {
+    const grantedLevels = serviceScopes.map((g) => `"${g.permissionLevel}"`).join(", ");
+    return {
+      allowed: false,
+      reason: `Permission "${requested.permissionLevel}" is not granted for service "${requested.service}". Currently granted permission level(s): ${grantedLevels}. Requested scope "${formatScope(requested)}" requires explicit consent.`
+    };
+  }
+  return {
+    allowed: false,
+    reason: `No permissions granted for service "${requested.service}". The agent has not been authorised to access this service. Request scope "${formatScope(requested)}" via the consent screen.`
+  };
+}
+
+// src/logger/action-logger.ts
+function createActionLogger(config) {
+  if (!config.apiKey || config.apiKey.trim().length === 0) {
+    throw new Error(
+      "[ActionLogger] API key is required. Provide it via the 'apiKey' config option."
+    );
+  }
+  const baseUrl = config.baseUrl ?? "https://api.multicorn.ai";
+  const timeout = config.timeout ?? 5e3;
+  if (!baseUrl.startsWith("https://") && !baseUrl.startsWith("http://localhost")) {
+    throw new Error(
+      `[ActionLogger] Base URL must use HTTPS for security. Received: "${baseUrl}". Use https:// or http://localhost for local development.`
+    );
+  }
+  const endpoint = `${baseUrl}/api/v1/actions`;
+  const batchEnabled = config.batchMode?.enabled ?? false;
+  const maxBatchSize = config.batchMode?.maxSize ?? 10;
+  const flushInterval = config.batchMode?.flushIntervalMs ?? 5e3;
+  const queue = [];
+  let flushTimer;
+  let isShutdown = false;
+  async function sendActions(actions) {
+    if (actions.length === 0) return;
+    const convertAction = (action) => ({
+      agent: action.agent,
+      service: action.service,
+      actionType: action.actionType,
+      status: action.status,
+      ...action.cost !== void 0 ? { cost: action.cost } : {},
+      ...action.metadata !== void 0 ? { metadata: action.metadata } : {}
+    });
+    const convertedActions = actions.map(convertAction);
+    const payload = batchEnabled ? { actions: convertedActions } : convertedActions[0];
+    let lastError;
+    for (let attempt = 0; attempt < 2; attempt++) {
+      try {
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => {
+          controller.abort();
+        }, timeout);
+        const response = await fetch(endpoint, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            "X-Multicorn-Key": config.apiKey
+          },
+          body: JSON.stringify(payload),
+          signal: controller.signal
+        });
+        clearTimeout(timeoutId);
+        if (response.ok) {
+          return;
+        }
+        if (response.status >= 400 && response.status < 500) {
+          const body = await response.text().catch(() => "");
+          throw new Error(
+            `[ActionLogger] Client error (${String(response.status)}): ${response.statusText}. Response: ${body}. Check your API key and payload format.`
+          );
+        }
+        if (response.status >= 500 && attempt === 0) {
+          lastError = new Error(
+            `[ActionLogger] Server error (${String(response.status)}): ${response.statusText}. Retrying once...`
+          );
+          await sleep(100 * Math.pow(2, attempt));
+          continue;
+        }
+        throw new Error(
+          `[ActionLogger] Server error (${String(response.status)}) after retry: ${response.statusText}. Multicorn API may be experiencing issues.`
+        );
+      } catch (error) {
+        if (error instanceof Error) {
+          if (error.name === "AbortError") {
+            lastError = new Error(
+              `[ActionLogger] Request timeout after ${String(timeout)}ms. Increase the 'timeout' config option or check your network connection.`
+            );
+          } else if (error.message.includes("Client error") || error.message.includes("Server error")) {
+            lastError = error;
+          } else {
+            lastError = new Error(
+              `[ActionLogger] Network error: ${error.message}. Check your network connection and API endpoint.`
+            );
+          }
+        } else {
+          lastError = new Error(`[ActionLogger] Unknown error: ${String(error)}`);
+        }
+        if (attempt === 0 && !lastError.message.includes("Client error")) {
+          await sleep(100 * Math.pow(2, attempt));
+          continue;
+        }
+        break;
+      }
+    }
+    if (lastError) {
+      if (config.onError) {
+        config.onError(lastError);
+      }
+    }
+  }
+  async function flushQueue() {
+    if (queue.length === 0) return;
+    const actions = queue.map((item) => item.payload);
+    queue.length = 0;
+    await sendActions(actions);
+  }
+  function startFlushTimer() {
+    if (flushTimer !== void 0) return;
+    flushTimer = setInterval(() => {
+      flushQueue().catch(() => {
+      });
+    }, flushInterval);
+    const timer = flushTimer;
+    if (typeof timer.unref === "function") {
+      timer.unref();
+    }
+  }
+  function stopFlushTimer() {
+    if (flushTimer) {
+      clearInterval(flushTimer);
+      flushTimer = void 0;
+    }
+  }
+  if (batchEnabled) {
+    startFlushTimer();
+  }
+  return {
+    logAction(action) {
+      if (isShutdown) {
+        throw new Error(
+          "[ActionLogger] Cannot log action after shutdown. Create a new logger instance."
+        );
+      }
+      if (action.agent.trim().length === 0) {
+        throw new Error("[ActionLogger] Action must have a non-empty 'agent' field.");
+      }
+      if (action.service.trim().length === 0) {
+        throw new Error("[ActionLogger] Action must have a non-empty 'service' field.");
+      }
+      if (action.actionType.trim().length === 0) {
+        throw new Error("[ActionLogger] Action must have a non-empty 'actionType' field.");
+      }
+      if (action.status.trim().length === 0) {
+        throw new Error("[ActionLogger] Action must have a non-empty 'status' field.");
+      }
+      if (batchEnabled) {
+        queue.push({ payload: action, timestamp: Date.now() });
+        if (queue.length >= maxBatchSize) {
+          flushQueue().catch(() => {
+          });
+        }
+      } else {
+        sendActions([action]).catch(() => {
+        });
+      }
+      return Promise.resolve();
+    },
+    async flush() {
+      if (!batchEnabled) return;
+      await flushQueue();
+    },
+    async shutdown() {
+      if (isShutdown) return;
+      isShutdown = true;
+      stopFlushTimer();
+      if (batchEnabled) {
+        await flushQueue();
+      }
+    }
+  };
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// src/spending/spending-checker.ts
+function createSpendingChecker(config) {
+  validateLimits(config.limits);
+  let dailySpendCents = 0;
+  let monthlySpendCents = 0;
+  let lastDailyReset = /* @__PURE__ */ new Date();
+  let lastMonthlyReset = /* @__PURE__ */ new Date();
+  function validateAmount(amountCents, context) {
+    if (!Number.isInteger(amountCents)) {
+      throw new Error(
+        `[SpendingChecker] ${context} must be an integer (cents). Received: ${String(amountCents)}. Convert dollars to cents by multiplying by 100.`
+      );
+    }
+    if (amountCents < 0) {
+      throw new Error(
+        `[SpendingChecker] ${context} must be non-negative. Received: ${String(amountCents)} cents.`
+      );
+    }
+  }
+  function formatCents(cents) {
+    const dollars = cents / 100;
+    return `$${dollars.toLocaleString("en-US", {
+      minimumFractionDigits: 2,
+      maximumFractionDigits: 2
+    })}`;
+  }
+  function checkAndResetDaily() {
+    const now = /* @__PURE__ */ new Date();
+    if (shouldResetDaily(lastDailyReset, now)) {
+      dailySpendCents = 0;
+      lastDailyReset = now;
+    }
+  }
+  function checkAndResetMonthly() {
+    const now = /* @__PURE__ */ new Date();
+    if (shouldResetMonthly(lastMonthlyReset, now)) {
+      monthlySpendCents = 0;
+      lastMonthlyReset = now;
+    }
+  }
+  function shouldResetDaily(lastReset, now) {
+    return lastReset.getDate() !== now.getDate() || lastReset.getMonth() !== now.getMonth() || lastReset.getFullYear() !== now.getFullYear();
+  }
+  function shouldResetMonthly(lastReset, now) {
+    return lastReset.getMonth() !== now.getMonth() || lastReset.getFullYear() !== now.getFullYear();
+  }
+  function calculateRemainingBudget() {
+    return {
+      transaction: config.limits.perTransaction,
+      daily: Math.max(0, config.limits.perDay - dailySpendCents),
+      monthly: Math.max(0, config.limits.perMonth - monthlySpendCents)
+    };
+  }
+  return {
+    checkSpend(amountCents) {
+      validateAmount(amountCents, "Spend amount");
+      checkAndResetDaily();
+      checkAndResetMonthly();
+      if (amountCents > config.limits.perTransaction) {
+        return {
+          allowed: false,
+          reason: `Action blocked: ${formatCents(amountCents)} exceeds per-transaction limit of ${formatCents(config.limits.perTransaction)}`,
+          remainingBudget: calculateRemainingBudget()
+        };
+      }
+      const projectedDaily = dailySpendCents + amountCents;
+      if (projectedDaily > config.limits.perDay) {
+        return {
+          allowed: false,
+          reason: `Action blocked: ${formatCents(amountCents)} would exceed per-day limit. Current spend today: ${formatCents(dailySpendCents)}, limit: ${formatCents(config.limits.perDay)}`,
+          remainingBudget: calculateRemainingBudget()
+        };
+      }
+      const projectedMonthly = monthlySpendCents + amountCents;
+      if (projectedMonthly > config.limits.perMonth) {
+        return {
+          allowed: false,
+          reason: `Action blocked: ${formatCents(amountCents)} would exceed per-month limit. Current spend this month: ${formatCents(monthlySpendCents)}, limit: ${formatCents(config.limits.perMonth)}`,
+          remainingBudget: calculateRemainingBudget()
+        };
+      }
+      return {
+        allowed: true,
+        remainingBudget: calculateRemainingBudget()
+      };
+    },
+    recordSpend(amountCents) {
+      validateAmount(amountCents, "Spend amount");
+      checkAndResetDaily();
+      checkAndResetMonthly();
+      dailySpendCents += amountCents;
+      monthlySpendCents += amountCents;
+    },
+    getCurrentSpend() {
+      checkAndResetDaily();
+      checkAndResetMonthly();
+      return {
+        daily: dailySpendCents,
+        monthly: monthlySpendCents
+      };
+    },
+    reset() {
+      dailySpendCents = 0;
+      monthlySpendCents = 0;
+      lastDailyReset = /* @__PURE__ */ new Date();
+      lastMonthlyReset = /* @__PURE__ */ new Date();
+    }
+  };
+}
+function validateLimits(limits) {
+  const checks = [
+    { value: limits.perTransaction, name: "perTransaction" },
+    { value: limits.perDay, name: "perDay" },
+    { value: limits.perMonth, name: "perMonth" }
+  ];
+  for (const check of checks) {
+    if (!Number.isInteger(check.value)) {
+      throw new Error(
+        `[SpendingChecker] Limit "${check.name}" must be an integer (cents). Received: ${String(check.value)}. All limits must be specified in integer cents.`
+      );
+    }
+    if (check.value < 0) {
+      throw new Error(
+        `[SpendingChecker] Limit "${check.name}" must be non-negative. Received: ${String(check.value)} cents.`
+      );
+    }
+  }
+}
+function dollarsToCents(dollars) {
+  return Math.round(dollars * 100);
+}
+
+// src/proxy/interceptor.ts
+var BLOCKED_ERROR_CODE = -32e3;
+var SPENDING_BLOCKED_ERROR_CODE = -32001;
+function parseJsonRpcLine(line) {
+  const trimmed = line.trim();
+  if (trimmed.length === 0) return null;
+  let parsed;
+  try {
+    parsed = JSON.parse(trimmed);
+  } catch {
+    return null;
+  }
+  return isJsonRpcRequest(parsed) ? parsed : null;
+}
+function extractToolCallParams(request) {
+  if (request.method !== "tools/call") return null;
+  if (typeof request.params !== "object" || request.params === null) return null;
+  const params = request.params;
+  const name = params["name"];
+  const args = params["arguments"];
+  if (typeof name !== "string") return null;
+  if (typeof args !== "object" || args === null) return null;
+  return { name, arguments: args };
+}
+function buildBlockedResponse(id, service, permissionLevel, dashboardUrl) {
+  const displayService = capitalize(service);
+  const message = `Action blocked by Multicorn Shield: agent does not have ${permissionLevel} access to ${displayService}. Configure permissions at ${dashboardUrl}`;
+  return {
+    jsonrpc: "2.0",
+    id,
+    error: {
+      code: BLOCKED_ERROR_CODE,
+      message
+    }
+  };
+}
+function buildSpendingBlockedResponse(id, reason, dashboardUrl) {
+  const message = `Action blocked by Multicorn Shield: ${reason}. Review spending limits at ${dashboardUrl}`;
+  return {
+    jsonrpc: "2.0",
+    id,
+    error: {
+      code: SPENDING_BLOCKED_ERROR_CODE,
+      message
+    }
+  };
+}
+function extractServiceFromToolName(toolName) {
+  const idx = toolName.indexOf("_");
+  return idx === -1 ? toolName : toolName.slice(0, idx);
+}
+function extractActionFromToolName(toolName) {
+  const idx = toolName.indexOf("_");
+  return idx === -1 ? "call" : toolName.slice(idx + 1);
+}
+function isJsonRpcRequest(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const obj = value;
+  if (obj["jsonrpc"] !== "2.0") return false;
+  if (typeof obj["method"] !== "string") return false;
+  const id = obj["id"];
+  const validId = id === null || id === void 0 || typeof id === "string" || typeof id === "number";
+  return validId;
+}
+function capitalize(str) {
+  if (str.length === 0) return str;
+  const first = str[0];
+  return first !== void 0 ? first.toUpperCase() + str.slice(1) : str;
+}
+var MULTICORN_DIR = join(homedir(), ".multicorn");
+var SCOPES_PATH = join(MULTICORN_DIR, "scopes.json");
+var CONSENT_POLL_INTERVAL_MS = 3e3;
+var CONSENT_POLL_TIMEOUT_MS = 5 * 60 * 1e3;
+function deriveDashboardUrl(baseUrl) {
+  try {
+    const url = new URL(baseUrl);
+    if (url.hostname === "localhost" || url.hostname === "127.0.0.1") {
+      url.port = "5173";
+      url.protocol = "http:";
+      return url.toString();
+    }
+    if (url.hostname === "api.multicorn.ai") {
+      url.hostname = "app.multicorn.ai";
+      return url.toString();
+    }
+    if (url.hostname.includes("api")) {
+      url.hostname = url.hostname.replace("api", "app");
+      return url.toString();
+    }
+    if (url.protocol === "https:" && url.hostname !== "localhost" && url.hostname !== "127.0.0.1") {
+      return "https://app.multicorn.ai";
+    }
+    return "https://app.multicorn.ai";
+  } catch {
+    return "https://app.multicorn.ai";
+  }
+}
+async function loadCachedScopes(agentName) {
+  try {
+    const raw = await readFile(SCOPES_PATH, "utf8");
+    const parsed = JSON.parse(raw);
+    if (!isScopesCacheFile(parsed)) return null;
+    const entry = parsed[agentName];
+    return entry?.scopes ?? null;
+  } catch {
+    return null;
+  }
+}
+async function saveCachedScopes(agentName, agentId, scopes) {
+  await mkdir(MULTICORN_DIR, { recursive: true, mode: 448 });
+  let existing = {};
+  try {
+    const raw = await readFile(SCOPES_PATH, "utf8");
+    const parsed = JSON.parse(raw);
+    if (isScopesCacheFile(parsed)) existing = parsed;
+  } catch {
+  }
+  const updated = {
+    ...existing,
+    [agentName]: {
+      agentId,
+      scopes,
+      fetchedAt: (/* @__PURE__ */ new Date()).toISOString()
+    }
+  };
+  await writeFile(SCOPES_PATH, JSON.stringify(updated, null, 2) + "\n", {
+    encoding: "utf8",
+    mode: 384
+  });
+}
+async function findAgentByName(agentName, apiKey, baseUrl) {
+  let response;
+  try {
+    response = await fetch(`${baseUrl}/api/v1/agents`, {
+      headers: { "X-Multicorn-Key": apiKey },
+      signal: AbortSignal.timeout(8e3)
+    });
+  } catch {
+    return null;
+  }
+  if (!response.ok) return null;
+  const body = await response.json();
+  if (!isApiSuccessResponse(body)) return null;
+  const agents = body.data;
+  if (!Array.isArray(agents)) return null;
+  const match = agents.find(
+    (a) => isAgentSummaryShape(a) && a.name === agentName
+  );
+  if (match === void 0) return null;
+  return { id: match.id, name: match.name, scopes: [] };
+}
+async function registerAgent(agentName, apiKey, baseUrl) {
+  const response = await fetch(`${baseUrl}/api/v1/agents`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "X-Multicorn-Key": apiKey
+    },
+    body: JSON.stringify({ name: agentName }),
+    signal: AbortSignal.timeout(8e3)
+  });
+  if (!response.ok) {
+    throw new Error(
+      `Failed to register agent "${agentName}": service returned ${String(response.status)}.`
+    );
+  }
+  const body = await response.json();
+  if (!isApiSuccessResponse(body)) {
+    throw new Error(`Failed to register agent "${agentName}": unexpected response format.`);
+  }
+  if (!isAgentSummaryShape(body.data)) {
+    throw new Error(`Failed to register agent "${agentName}": response missing agent ID.`);
+  }
+  return body.data.id;
+}
+async function fetchGrantedScopes(agentId, apiKey, baseUrl) {
+  let response;
+  try {
+    response = await fetch(`${baseUrl}/api/v1/agents/${agentId}`, {
+      headers: { "X-Multicorn-Key": apiKey },
+      signal: AbortSignal.timeout(8e3)
+    });
+  } catch {
+    return [];
+  }
+  if (!response.ok) return [];
+  const body = await response.json();
+  if (!isApiSuccessResponse(body)) return [];
+  const agentDetail = body.data;
+  if (!isAgentDetailShape(agentDetail)) return [];
+  const scopes = [];
+  for (const perm of agentDetail.permissions) {
+    if (!isPermissionShape(perm)) continue;
+    if (perm.revoked_at !== null) continue;
+    if (perm.read) scopes.push({ service: perm.service, permissionLevel: "read" });
+    if (perm.write) scopes.push({ service: perm.service, permissionLevel: "write" });
+    if (perm.execute) scopes.push({ service: perm.service, permissionLevel: "execute" });
+  }
+  return scopes;
+}
+function openBrowser(url) {
+  const platform = process.platform;
+  const cmd = platform === "darwin" ? "open" : platform === "win32" ? "start" : "xdg-open";
+  spawn(cmd, [url], { detached: true, stdio: "ignore" }).unref();
+}
+async function waitForConsent(agentId, agentName, apiKey, baseUrl, dashboardUrl, logger) {
+  const detectedScopes = detectScopeHints();
+  const consentUrl = buildConsentUrl(agentName, detectedScopes, dashboardUrl);
+  logger.info("Opening consent page in your browser.", { url: consentUrl });
+  process.stderr.write(
+    `
+Action requires permission. Opening consent page...
+${consentUrl}
+
+Waiting for you to grant access in the Multicorn dashboard...
+`
+  );
+  openBrowser(consentUrl);
+  const deadline = Date.now() + CONSENT_POLL_TIMEOUT_MS;
+  while (Date.now() < deadline) {
+    await sleep2(CONSENT_POLL_INTERVAL_MS);
+    const scopes = await fetchGrantedScopes(agentId, apiKey, baseUrl);
+    if (scopes.length > 0) {
+      logger.info("Permissions granted.", { agent: agentName, scopeCount: scopes.length });
+      return scopes;
+    }
+  }
+  throw new Error(
+    `Consent not granted within ${String(CONSENT_POLL_TIMEOUT_MS / 6e4)} minutes. Grant access at ${dashboardUrl} and restart the proxy.`
+  );
+}
+async function resolveAgentRecord(agentName, apiKey, baseUrl, logger) {
+  const cachedScopes = await loadCachedScopes(agentName);
+  if (cachedScopes !== null && cachedScopes.length > 0) {
+    logger.debug("Loaded scopes from cache.", { agent: agentName, count: cachedScopes.length });
+    return { id: "", name: agentName, scopes: cachedScopes };
+  }
+  let agent = await findAgentByName(agentName, apiKey, baseUrl);
+  if (agent === null) {
+    try {
+      logger.info("Agent not found. Registering.", { agent: agentName });
+      const id = await registerAgent(agentName, apiKey, baseUrl);
+      agent = { id, name: agentName, scopes: [] };
+      logger.info("Agent registered.", { agent: agentName, id });
+    } catch (error) {
+      const detail = error instanceof Error ? error.message : String(error);
+      logger.warn("Could not reach Multicorn service. Running with empty permissions.", {
+        error: detail
+      });
+      return { id: "", name: agentName, scopes: [] };
+    }
+  }
+  const scopes = await fetchGrantedScopes(agent.id, apiKey, baseUrl);
+  if (scopes.length > 0) {
+    await saveCachedScopes(agentName, agent.id, scopes);
+  }
+  return { ...agent, scopes };
+}
+function buildConsentUrl(agentName, scopes, dashboardUrl) {
+  const params = new URLSearchParams({ agent: agentName });
+  if (scopes.length > 0) {
+    params.set("scopes", scopes.join(","));
+  }
+  return `${dashboardUrl}/consent?${params.toString()}`;
+}
+function detectScopeHints() {
+  return [];
+}
+function sleep2(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function isApiSuccessResponse(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const obj = value;
+  return obj["success"] === true;
+}
+function isAgentSummaryShape(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const obj = value;
+  return typeof obj["id"] === "string" && typeof obj["name"] === "string";
+}
+function isAgentDetailShape(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const obj = value;
+  return Array.isArray(obj["permissions"]);
+}
+function isPermissionShape(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const obj = value;
+  return typeof obj["service"] === "string" && typeof obj["read"] === "boolean" && typeof obj["write"] === "boolean" && typeof obj["execute"] === "boolean" && (obj["revoked_at"] === null || typeof obj["revoked_at"] === "string");
+}
+function isScopesCacheFile(value) {
+  return typeof value === "object" && value !== null;
+}
+
+// src/proxy/index.ts
+var DEFAULT_SCOPE_REFRESH_INTERVAL_MS = 6e4;
+function createProxyServer(config) {
+  if (!config.baseUrl.startsWith("https://") && !config.baseUrl.startsWith("http://localhost") && !config.baseUrl.startsWith("http://127.0.0.1")) {
+    throw new Error(
+      `[multicorn-proxy] Base URL must use HTTPS. Received: "${config.baseUrl}". Use https:// or http://localhost for local development.`
+    );
+  }
+  let child = null;
+  let actionLogger = null;
+  let spendingChecker = null;
+  let grantedScopes = [];
+  let agentId = "";
+  let refreshTimer = null;
+  let consentInProgress = false;
+  const pendingLines = [];
+  let draining = false;
+  async function refreshScopes() {
+    if (agentId.length === 0) return;
+    try {
+      const scopes = await fetchGrantedScopes(agentId, config.apiKey, config.baseUrl);
+      grantedScopes = scopes;
+      if (scopes.length > 0) {
+        await saveCachedScopes(config.agentName, agentId, scopes);
+      }
+      config.logger.debug("Scopes refreshed.", { count: scopes.length });
+    } catch (error) {
+      config.logger.warn("Scope refresh failed.", {
+        error: error instanceof Error ? error.message : String(error)
+      });
+    }
+  }
+  async function ensureConsent() {
+    if (grantedScopes.length > 0 || consentInProgress) return;
+    if (agentId.length === 0) return;
+    consentInProgress = true;
+    try {
+      const scopes = await waitForConsent(
+        agentId,
+        config.agentName,
+        config.apiKey,
+        config.baseUrl,
+        config.dashboardUrl,
+        config.logger
+      );
+      grantedScopes = scopes;
+      await saveCachedScopes(config.agentName, agentId, scopes);
+    } finally {
+      consentInProgress = false;
+    }
+  }
+  async function handleToolCall(line) {
+    const request = parseJsonRpcLine(line);
+    if (request === null) return null;
+    if (request.method !== "tools/call") return null;
+    const toolParams = extractToolCallParams(request);
+    if (toolParams === null) return null;
+    await ensureConsent();
+    const service = extractServiceFromToolName(toolParams.name);
+    const action = extractActionFromToolName(toolParams.name);
+    const requestedScope = { service, permissionLevel: "execute" };
+    const validation = validateScopeAccess(grantedScopes, requestedScope);
+    config.logger.debug("Tool call intercepted.", {
+      tool: toolParams.name,
+      service,
+      allowed: validation.allowed
+    });
+    if (!validation.allowed) {
+      if (actionLogger !== null) {
+        if (!config.agentName || config.agentName.trim().length === 0) {
+          process.stderr.write("[multicorn-proxy] Cannot log action: agent name not resolved\n");
+        } else {
+          await actionLogger.logAction({
+            agent: config.agentName,
+            service,
+            actionType: action,
+            status: "blocked"
+          });
+        }
+      }
+      const blocked = buildBlockedResponse(request.id, service, "execute", config.dashboardUrl);
+      return JSON.stringify(blocked);
+    }
+    if (spendingChecker !== null) {
+      const costCents = extractCostCents(toolParams.arguments);
+      if (costCents > 0) {
+        const spendResult = spendingChecker.checkSpend(costCents);
+        if (!spendResult.allowed) {
+          if (actionLogger !== null) {
+            if (!config.agentName || config.agentName.trim().length === 0) {
+              process.stderr.write(
+                "[multicorn-proxy] Cannot log action: agent name not resolved\n"
+              );
+            } else {
+              await actionLogger.logAction({
+                agent: config.agentName,
+                service,
+                actionType: action,
+                status: "blocked"
+              });
+            }
+          }
+          const blocked = buildSpendingBlockedResponse(
+            request.id,
+            spendResult.reason ?? "spending limit exceeded",
+            config.dashboardUrl
+          );
+          return JSON.stringify(blocked);
+        }
+        spendingChecker.recordSpend(costCents);
+      }
+    }
+    if (actionLogger !== null) {
+      if (!config.agentName || config.agentName.trim().length === 0) {
+        process.stderr.write("[multicorn-proxy] Cannot log action: agent name not resolved\n");
+      } else {
+        await actionLogger.logAction({
+          agent: config.agentName,
+          service,
+          actionType: action,
+          status: "approved"
+        });
+      }
+    }
+    return null;
+  }
+  async function processLine(line) {
+    const childProcess = child;
+    if (childProcess?.stdin === null || childProcess === null) return;
+    const override = await handleToolCall(line);
+    if (override !== null) {
+      process.stdout.write(override + "\n");
+    } else {
+      childProcess.stdin.write(line + "\n");
+    }
+  }
+  async function drainQueue() {
+    if (draining) return;
+    draining = true;
+    while (pendingLines.length > 0) {
+      const line = pendingLines.shift();
+      if (line === void 0) break;
+      await processLine(line);
+    }
+    draining = false;
+  }
+  function enqueueLine(line) {
+    pendingLines.push(line);
+    void drainQueue();
+  }
+  async function stop() {
+    if (refreshTimer !== null) {
+      clearInterval(refreshTimer);
+      refreshTimer = null;
+    }
+    if (actionLogger !== null) {
+      await actionLogger.shutdown();
+      actionLogger = null;
+    }
+    const childProcess = child;
+    if (childProcess !== null) {
+      childProcess.kill("SIGTERM");
+      child = null;
+    }
+  }
+  async function start() {
+    config.logger.info("Proxy starting.", { agent: config.agentName, command: config.command });
+    const agentRecord = await resolveAgentRecord(
+      config.agentName,
+      config.apiKey,
+      config.baseUrl,
+      config.logger
+    );
+    agentId = agentRecord.id;
+    grantedScopes = agentRecord.scopes;
+    config.logger.info("Agent resolved.", {
+      agent: config.agentName,
+      id: agentId,
+      scopeCount: grantedScopes.length
+    });
+    actionLogger = createActionLogger({
+      apiKey: config.apiKey,
+      baseUrl: config.baseUrl,
+      batchMode: { enabled: false },
+      onError: (err) => {
+        config.logger.warn("Action log failed.", { error: err.message });
+      }
+    });
+    if (config.spendingLimits !== void 0) {
+      spendingChecker = createSpendingChecker({ limits: config.spendingLimits });
+    }
+    child = spawn(config.command, config.commandArgs, {
+      stdio: ["pipe", "pipe", "pipe"]
+    });
+    const childProcess = child;
+    childProcess.on("error", (err) => {
+      config.logger.error("Child process error.", { error: err.message });
+    });
+    childProcess.on("exit", (code, signal) => {
+      config.logger.info("Child process exited.", {
+        code: code ?? void 0,
+        signal: signal ?? void 0
+      });
+    });
+    if (childProcess.stdout !== null) {
+      childProcess.stdout.on("data", (chunk) => {
+        process.stdout.write(chunk);
+      });
+    }
+    if (childProcess.stderr !== null) {
+      childProcess.stderr.on("data", (chunk) => {
+        config.logger.debug("Child stderr.", { data: chunk.toString().trim() });
+      });
+    }
+    const rl = createInterface({ input: process.stdin, terminal: false });
+    rl.on("line", (line) => {
+      enqueueLine(line);
+    });
+    rl.on("close", () => {
+      config.logger.info("Agent disconnected. Shutting down.");
+      void stop();
+    });
+    const refreshIntervalMs = config.scopeRefreshIntervalMs ?? DEFAULT_SCOPE_REFRESH_INTERVAL_MS;
+    refreshTimer = setInterval(() => {
+      void refreshScopes();
+    }, refreshIntervalMs);
+    const timer = refreshTimer;
+    if (typeof timer.unref === "function") {
+      timer.unref();
+    }
+    config.logger.info("Proxy ready.", { agent: config.agentName });
+    return new Promise((resolve) => {
+      childProcess.on("exit", () => {
+        resolve();
+      });
+    });
+  }
+  return { start, stop };
+}
+function extractCostCents(args) {
+  const amount = args["amount"];
+  if (typeof amount !== "number" || !Number.isFinite(amount) || amount <= 0) return 0;
+  return dollarsToCents(amount);
+}
+var LOG_LEVELS = {
+  debug: 0,
+  info: 1,
+  warn: 2,
+  error: 3
+};
+function createLogger(level, output = process.stderr) {
+  const minLevel = LOG_LEVELS[level];
+  function write(logLevel, msg, data) {
+    if (LOG_LEVELS[logLevel] < minLevel) return;
+    const entry = {
+      level: logLevel,
+      time: (/* @__PURE__ */ new Date()).toISOString(),
+      msg,
+      ...data
+    };
+    output.write(JSON.stringify(entry) + "\n");
+  }
+  return {
+    debug: (msg, data) => {
+      write("debug", msg, data);
+    },
+    info: (msg, data) => {
+      write("info", msg, data);
+    },
+    warn: (msg, data) => {
+      write("warn", msg, data);
+    },
+    error: (msg, data) => {
+      write("error", msg, data);
+    }
+  };
+}
+function isValidLogLevel(value) {
+  return typeof value === "string" && Object.hasOwn(LOG_LEVELS, value);
+}
+
+// bin/multicorn-proxy.ts
+function parseArgs(argv) {
+  const args = argv.slice(2);
+  let subcommand = "help";
+  let wrapCommand = "";
+  let wrapArgs = [];
+  let logLevel = "info";
+  let baseUrl = "https://api.multicorn.ai";
+  let dashboardUrl = "";
+  let agentName = "";
+  for (let i = 0; i < args.length; i++) {
+    const arg = args[i];
+    if (arg === "init") {
+      subcommand = "init";
+    } else if (arg === "--wrap") {
+      subcommand = "wrap";
+      const next = args[i + 1];
+      if (next === void 0 || next.startsWith("-")) {
+        process.stderr.write("Error: --wrap requires a command to run.\n");
+        process.stderr.write("Example: npx multicorn-proxy --wrap my-mcp-server\n");
+        process.exit(1);
+      }
+      wrapCommand = next;
+      wrapArgs = args.slice(i + 2);
+      break;
+    } else if (arg === "--log-level") {
+      const next = args[i + 1];
+      if (next !== void 0 && isValidLogLevel(next)) {
+        logLevel = next;
+        i++;
+      }
+    } else if (arg === "--base-url") {
+      const next = args[i + 1];
+      if (next !== void 0) {
+        baseUrl = next;
+        i++;
+      }
+    } else if (arg === "--dashboard-url") {
+      const next = args[i + 1];
+      if (next !== void 0) {
+        dashboardUrl = next;
+        i++;
+      }
+    } else if (arg === "--agent-name") {
+      const next = args[i + 1];
+      if (next !== void 0) {
+        agentName = next;
+        i++;
+      }
+    }
+  }
+  return { subcommand, wrapCommand, wrapArgs, logLevel, baseUrl, dashboardUrl, agentName };
+}
+function printHelp() {
+  process.stderr.write(
+    [
+      "multicorn-proxy: MCP permission proxy",
+      "",
+      "Usage:",
+      "  npx multicorn-proxy init",
+      "      Interactive setup. Saves API key to ~/.multicorn/config.json.",
+      "",
+      "  npx multicorn-proxy --wrap <command> [args...]",
+      "      Start <command> as an MCP server and proxy all tool calls through",
+      "      Shield's permission layer.",
+      "",
+      "Options:",
+      "  --log-level <level>   Log level: debug | info | warn | error  (default: info)",
+      "  --base-url <url>      Multicorn API base URL  (default: https://api.multicorn.ai)",
+      "  --dashboard-url <url> Dashboard URL for consent page  (default: derived from --base-url)",
+      "  --agent-name <name>   Override agent name derived from the wrapped command",
+      "",
+      "Examples:",
+      "  npx multicorn-proxy init",
+      "  npx multicorn-proxy --wrap npx @modelcontextprotocol/server-filesystem /tmp",
+      "  npx multicorn-proxy --wrap my-mcp-server --log-level debug",
+      ""
+    ].join("\n")
+  );
+}
+async function main() {
+  const cli = parseArgs(process.argv);
+  const logger = createLogger(cli.logLevel);
+  if (cli.subcommand === "help") {
+    printHelp();
+    process.exit(0);
+  }
+  if (cli.subcommand === "init") {
+    await runInit(cli.baseUrl);
+    return;
+  }
+  if (!cli.baseUrl.startsWith("https://") && !cli.baseUrl.startsWith("http://localhost") && !cli.baseUrl.startsWith("http://127.0.0.1")) {
+    process.stderr.write(
+      `Error: --base-url must use HTTPS. Received: "${cli.baseUrl}"
+Use https:// or http://localhost for local development.
+`
+    );
+    process.exit(1);
+  }
+  const config = await loadConfig();
+  if (config === null) {
+    process.stderr.write(
+      "No config found. Run `npx multicorn-proxy init` to set up your API key.\n"
+    );
+    process.exit(1);
+  }
+  const agentName = cli.agentName.length > 0 ? cli.agentName : deriveAgentName(cli.wrapCommand);
+  const finalBaseUrl = cli.baseUrl !== "https://api.multicorn.ai" ? cli.baseUrl : config.baseUrl;
+  const finalDashboardUrl = cli.dashboardUrl !== "" ? cli.dashboardUrl : deriveDashboardUrl(finalBaseUrl);
+  const proxy = createProxyServer({
+    command: cli.wrapCommand,
+    commandArgs: cli.wrapArgs,
+    apiKey: config.apiKey,
+    agentName,
+    baseUrl: finalBaseUrl,
+    dashboardUrl: finalDashboardUrl,
+    logger
+  });
+  async function shutdown() {
+    logger.info("Shutting down.");
+    await proxy.stop();
+    process.exit(0);
+  }
+  process.on("SIGTERM", () => {
+    void shutdown();
+  });
+  process.on("SIGINT", () => {
+    void shutdown();
+  });
+  await proxy.start();
+}
+function deriveAgentName(command) {
+  const base = command.split("/").pop() ?? command;
+  return base.replace(/\.[cm]?[jt]s$/, "");
+}
+main().catch((error) => {
+  const message = error instanceof Error ? error.message : String(error);
+  process.stderr.write(`Fatal error: ${message}
+`);
+  process.exit(1);
+});