multicorn-shield 0.1.15 → 0.2.0

package/dist/multicorn-proxy.js

@@ -1,17 +1,51 @@
 #!/usr/bin/env node
-import { readFile, mkdir, writeFile } from 'fs/promises';
+import { existsSync } from 'fs';
+import { readFile, writeFile, mkdir, unlink } from 'fs/promises';
 import { join } from 'path';
 import { homedir } from 'os';
 import { createInterface } from 'readline';
 import { spawn } from 'child_process';
+import { createHash } from 'crypto';
 import 'stream';
 
+var style = {
+  violet: (s) => `\x1B[38;2;124;58;237m${s}\x1B[0m`,
+  violetLight: (s) => `\x1B[38;2;167;139;250m${s}\x1B[0m`,
+  green: (s) => `\x1B[38;2;34;197;94m${s}\x1B[0m`,
+  yellow: (s) => `\x1B[38;2;245;158;11m${s}\x1B[0m`,
+  red: (s) => `\x1B[38;2;239;68;68m${s}\x1B[0m`,
+  cyan: (s) => `\x1B[38;2;6;182;212m${s}\x1B[0m`,
+  bold: (s) => `\x1B[1m${s}\x1B[0m`,
+  dim: (s) => `\x1B[2m${s}\x1B[0m`
+};
+var BANNER = [
+  " \u2588\u2588\u2588 \u2588  \u2588 \u2588 \u2588\u2588\u2588 \u2588   \u2588\u2588\u2584 ",
+  " \u2588   \u2588  \u2588 \u2588 \u2588   \u2588   \u2588  \u2588",
+  " \u2588\u2588\u2588 \u2588\u2588\u2588\u2588 \u2588 \u2588\u2588  \u2588   \u2588  \u2588",
+  "   \u2588 \u2588  \u2588 \u2588 \u2588   \u2588   \u2588  \u2588",
+  " \u2588\u2588\u2588 \u2588  \u2588 \u2588 \u2588\u2588\u2588 \u2588\u2588\u2588 \u2588\u2588\u2580 "
+].map((line) => style.violet(line)).join("\n");
+function withSpinner(message) {
+  const frames = ["\u280B", "\u2819", "\u2839", "\u2838", "\u283C", "\u2834", "\u2826", "\u2827", "\u2807", "\u280F"];
+  let i = 0;
+  const interval = setInterval(() => {
+    const frame = frames[i % frames.length];
+    process.stderr.write(`\r${style.violet(frame ?? "\u280B")} ${message}`);
+    i++;
+  }, 80);
+  return {
+    stop(success, result) {
+      clearInterval(interval);
+      const icon = success ? style.green("\u2713") : style.red("\u2717");
+      process.stderr.write(`\r\x1B[2K${icon} ${result}
+`);
+    }
+  };
+}
 var CONFIG_DIR = join(homedir(), ".multicorn");
 var CONFIG_PATH = join(CONFIG_DIR, "config.json");
 var OPENCLAW_CONFIG_PATH = join(homedir(), ".openclaw", "openclaw.json");
-var OPENCLAW_ENOENT_MESSAGE = "OpenClaw config not found at ~/.openclaw/openclaw.json. If you're using OpenClaw, install it and then re-run 'npx multicorn-proxy init' to automatically configure your API key.\n";
-var OPENCLAW_PARSE_WARNING = "Multicorn Shield: Could not update ~/.openclaw/openclaw.json - please set MULTICORN_API_KEY manually.\n";
-var OPENCLAW_UPDATED_MESSAGE = "OpenClaw config updated at ~/.openclaw/openclaw.json\n";
+var OPENCLAW_MIN_VERSION = "2026.2.26";
 async function loadConfig() {
   try {
     const raw = await readFile(CONFIG_PATH, "utf8");
@@ -32,14 +66,13 @@ async function saveConfig(config) {
 function isErrnoException(e) {
   return typeof e === "object" && e !== null && "code" in e;
 }
-async function updateOpenClawConfigIfPresent(apiKey, baseUrl) {
+async function updateOpenClawConfigIfPresent(apiKey, baseUrl, agentName) {
   let raw;
   try {
     raw = await readFile(OPENCLAW_CONFIG_PATH, "utf8");
   } catch (e) {
     if (isErrnoException(e) && e.code === "ENOENT") {
-      process.stderr.write(OPENCLAW_ENOENT_MESSAGE);
-      return;
+      return "not-found";
     }
     throw e;
   }
@@ -47,8 +80,7 @@ async function updateOpenClawConfigIfPresent(apiKey, baseUrl) {
   try {
     obj = JSON.parse(raw);
   } catch {
-    process.stderr.write(OPENCLAW_PARSE_WARNING);
-    return;
+    return "parse-error";
   }
   let hooks = obj["hooks"];
   if (hooks === void 0 || typeof hooks !== "object") {
@@ -77,10 +109,66 @@ async function updateOpenClawConfigIfPresent(apiKey, baseUrl) {
   }
   env["MULTICORN_API_KEY"] = apiKey;
   env["MULTICORN_BASE_URL"] = baseUrl;
+  if (agentName !== void 0) {
+    env["MULTICORN_AGENT_NAME"] = agentName;
+    const agentsList = obj["agents"];
+    const list = agentsList?.["list"];
+    if (Array.isArray(list) && list.length > 0) {
+      const first = list[0];
+      if (first["id"] !== agentName) {
+        first["id"] = agentName;
+        first["name"] = agentName;
+      }
+    } else {
+      if (agentsList !== void 0 && typeof agentsList === "object") {
+        agentsList["list"] = [{ id: agentName, name: agentName }];
+      } else {
+        obj["agents"] = { list: [{ id: agentName, name: agentName }] };
+      }
+    }
+  }
   await writeFile(OPENCLAW_CONFIG_PATH, JSON.stringify(obj, null, 2) + "\n", {
     encoding: "utf8"
   });
-  process.stderr.write(OPENCLAW_UPDATED_MESSAGE);
+  return "updated";
+}
+async function detectOpenClaw() {
+  let raw;
+  try {
+    raw = await readFile(OPENCLAW_CONFIG_PATH, "utf8");
+  } catch (e) {
+    if (isErrnoException(e) && e.code === "ENOENT") {
+      return { status: "not-found", version: null };
+    }
+    throw e;
+  }
+  let obj;
+  try {
+    obj = JSON.parse(raw);
+  } catch {
+    return { status: "parse-error", version: null };
+  }
+  const meta = obj["meta"];
+  if (typeof meta === "object" && meta !== null) {
+    const v = meta["lastTouchedVersion"];
+    if (typeof v === "string" && v.length > 0) {
+      return { status: "detected", version: v };
+    }
+  }
+  return { status: "detected", version: null };
+}
+function isVersionAtLeast(version, minimum) {
+  const vParts = version.split(".").map(Number);
+  const mParts = minimum.split(".").map(Number);
+  const len = Math.max(vParts.length, mParts.length);
+  for (let i = 0; i < len; i++) {
+    const v = vParts[i] ?? 0;
+    const m = mParts[i] ?? 0;
+    if (Number.isNaN(v) || Number.isNaN(m)) return false;
+    if (v > m) return true;
+    if (v < m) return false;
+  }
+  return true;
 }
 async function validateApiKey(apiKey, baseUrl) {
   try {
@@ -106,7 +194,116 @@ async function validateApiKey(apiKey, baseUrl) {
     };
   }
 }
+function normalizeAgentName(raw) {
+  return raw.toLowerCase().replace(/\s+/g, "-").replace(/[^a-z0-9-]/g, "").replace(/-{2,}/g, "-").replace(/^-+|-+$/g, "").slice(0, 50);
+}
+async function isOpenClawConnected() {
+  try {
+    const raw = await readFile(OPENCLAW_CONFIG_PATH, "utf8");
+    const obj = JSON.parse(raw);
+    const hooks = obj["hooks"];
+    const internal = hooks?.["internal"];
+    const entries = internal?.["entries"];
+    const shield = entries?.["multicorn-shield"];
+    const env = shield?.["env"];
+    const key = env?.["MULTICORN_API_KEY"];
+    return typeof key === "string" && key.length > 0;
+  } catch {
+    return false;
+  }
+}
+function isClaudeCodeConnected() {
+  try {
+    return existsSync(join(homedir(), ".claude", "plugins", "cache", "multicorn-shield"));
+  } catch {
+    return false;
+  }
+}
+function getClaudeDesktopConfigPath() {
+  switch (process.platform) {
+    case "win32":
+      return join(
+        process.env["APPDATA"] ?? join(homedir(), "AppData", "Roaming"),
+        "Claude",
+        "claude_desktop_config.json"
+      );
+    case "linux":
+      return join(homedir(), ".config", "Claude", "claude_desktop_config.json");
+    default:
+      return join(
+        homedir(),
+        "Library",
+        "Application Support",
+        "Claude",
+        "claude_desktop_config.json"
+      );
+  }
+}
+async function updateClaudeDesktopConfig(agentName, mcpServerCommand, overwrite = false) {
+  if (!/^[a-zA-Z0-9_-]+$/.test(agentName)) {
+    throw new Error("Agent name must contain only letters, numbers, hyphens, and underscores");
+  }
+  const configPath = getClaudeDesktopConfigPath();
+  let obj = {};
+  let fileExists = false;
+  try {
+    const raw = await readFile(configPath, "utf8");
+    fileExists = true;
+    try {
+      obj = JSON.parse(raw);
+    } catch {
+      return "parse-error";
+    }
+  } catch (e) {
+    if (isErrnoException(e) && e.code === "ENOENT") {
+      fileExists = false;
+    } else {
+      throw e;
+    }
+  }
+  let mcpServers = obj["mcpServers"];
+  if (mcpServers === void 0 || typeof mcpServers !== "object") {
+    mcpServers = {};
+    obj["mcpServers"] = mcpServers;
+  }
+  if (mcpServers[agentName] !== void 0 && !overwrite) {
+    return "skipped";
+  }
+  const commandParts = mcpServerCommand.trim().split(/\s+/);
+  mcpServers[agentName] = {
+    command: "npx",
+    args: ["multicorn-proxy", "--wrap", ...commandParts, "--agent-name", agentName]
+  };
+  const configDir = join(configPath, "..");
+  if (!fileExists) {
+    await mkdir(configDir, { recursive: true });
+  }
+  await writeFile(configPath, JSON.stringify(obj, null, 2) + "\n", { encoding: "utf8" });
+  return fileExists ? "updated" : "created";
+}
+async function isClaudeDesktopConnected() {
+  try {
+    const raw = await readFile(getClaudeDesktopConfigPath(), "utf8");
+    const obj = JSON.parse(raw);
+    const mcpServers = obj["mcpServers"];
+    if (mcpServers === void 0 || typeof mcpServers !== "object") return false;
+    for (const entry of Object.values(mcpServers)) {
+      if (typeof entry !== "object" || entry === null) continue;
+      const args = entry["args"];
+      if (Array.isArray(args) && args.includes("multicorn-proxy")) return true;
+    }
+    return false;
+  } catch {
+    return false;
+  }
+}
 async function runInit(baseUrl = "https://api.multicorn.ai") {
+  if (!process.stdin.isTTY) {
+    process.stderr.write(
+      style.red("Error: interactive terminal required. Cannot run init with piped input.") + "\n"
+    );
+    process.exit(1);
+  }
   const rl = createInterface({ input: process.stdin, output: process.stderr });
   function ask(question) {
     return new Promise((resolve) => {
@@ -115,39 +312,332 @@ async function runInit(baseUrl = "https://api.multicorn.ai") {
       });
     });
   }
-  process.stderr.write("Multicorn Shield proxy setup\n\n");
-  process.stderr.write("Get your API key at https://app.multicorn.ai/settings/api-keys\n\n");
-  let config = null;
-  while (config === null) {
+  process.stderr.write("\n" + BANNER + "\n");
+  process.stderr.write(style.dim("Agent governance for the AI era") + "\n\n");
+  process.stderr.write(style.bold(style.violet("Multicorn Shield proxy setup")) + "\n\n");
+  process.stderr.write(
+    style.dim("Get your API key at https://app.multicorn.ai/settings/api-keys") + "\n\n"
+  );
+  let apiKey = "";
+  const existing = await loadConfig().catch(() => null);
+  if (existing !== null && existing.apiKey.startsWith("mcs_") && existing.apiKey.length >= 8) {
+    const masked = "mcs_..." + existing.apiKey.slice(-4);
+    process.stderr.write("Found existing API key: " + style.cyan(masked) + "\n");
+    const answer = await ask("Use this key? (Y/n) ");
+    if (answer.trim().toLowerCase() !== "n") {
+      apiKey = existing.apiKey;
+      if (baseUrl === "https://api.multicorn.ai") {
+        baseUrl = existing.baseUrl;
+      }
+    }
+  }
+  while (apiKey.length === 0) {
     const input = await ask("API key (starts with mcs_): ");
-    const apiKey = input.trim();
-    if (apiKey.length === 0) {
-      process.stderr.write("API key is required.\n");
+    const key = input.trim();
+    if (key.length === 0) {
+      process.stderr.write(style.red("API key is required.") + "\n");
       continue;
     }
-    process.stderr.write("Validating key...\n");
-    const result = await validateApiKey(apiKey, baseUrl);
+    const spinner = withSpinner("Validating key...");
+    let result;
+    try {
+      result = await validateApiKey(key, baseUrl);
+    } catch (error) {
+      spinner.stop(false, "Validation failed");
+      throw error;
+    }
     if (!result.valid) {
-      process.stderr.write(`${result.error ?? "Validation failed. Try again."}
-`);
+      spinner.stop(false, result.error ?? "Validation failed. Try again.");
       continue;
     }
-    config = { apiKey, baseUrl };
+    spinner.stop(true, "Key validated");
+    apiKey = key;
   }
-  rl.close();
-  await saveConfig(config);
-  try {
-    await updateOpenClawConfigIfPresent(config.apiKey, config.baseUrl);
-  } catch {
+  const configuredPlatforms = /* @__PURE__ */ new Set();
+  let lastConfig = { apiKey, baseUrl };
+  let configuring = true;
+  while (configuring) {
     process.stderr.write(
-      "Could not update OpenClaw config. Set MULTICORN_API_KEY in ~/.openclaw/openclaw.json if you use OpenClaw.\n"
+      "\n" + style.bold(style.violet("Which platform are you connecting?")) + "\n"
     );
+    const platformLabels = ["OpenClaw", "Claude Code", "Claude Desktop", "Other MCP Agent"];
+    const openClawConnected = await isOpenClawConnected();
+    const claudeCodeConnected = isClaudeCodeConnected();
+    const claudeDesktopConnected = await isClaudeDesktopConnected();
+    for (let i = 0; i < platformLabels.length; i++) {
+      const sessionMarker = configuredPlatforms.has(i + 1) ? " " + style.green("\u2713") : "";
+      let connectedMarker = "";
+      if (!configuredPlatforms.has(i + 1)) {
+        if (i === 0 && openClawConnected) {
+          connectedMarker = " " + style.green("\u2713") + style.dim(" connected");
+        } else if (i === 1 && claudeCodeConnected) {
+          connectedMarker = " " + style.green("\u2713") + style.dim(" connected");
+        } else if (i === 2 && claudeDesktopConnected) {
+          connectedMarker = " " + style.green("\u2713") + style.dim(" connected");
+        }
+      }
+      process.stderr.write(
+        `  ${style.violet(String(i + 1))}. ${platformLabels[i] ?? ""}${sessionMarker}${connectedMarker}
+`
+      );
+    }
+    let selection = 0;
+    while (selection === 0) {
+      const input = await ask("Select (1-4): ");
+      const num = parseInt(input.trim(), 10);
+      if (num >= 1 && num <= 4) {
+        selection = num;
+      }
+    }
+    let agentName = "";
+    while (agentName.length === 0) {
+      const input = await ask("\nWhat would you like to call this agent? ");
+      if (input.trim().length === 0) continue;
+      const transformed = normalizeAgentName(input);
+      if (transformed.length === 0) {
+        process.stderr.write(
+          style.red("Agent name must contain letters or numbers. Please try again.") + "\n"
+        );
+        continue;
+      }
+      if (transformed !== input.trim()) {
+        process.stderr.write(style.yellow("Agent name set to: ") + style.cyan(transformed) + "\n");
+      }
+      agentName = transformed;
+    }
+    if (selection === 1) {
+      let detection;
+      try {
+        detection = await detectOpenClaw();
+      } catch (error) {
+        const detail = error instanceof Error ? error.message : String(error);
+        process.stderr.write(style.red("\u2717") + ` Failed to read OpenClaw config: ${detail}
+`);
+        rl.close();
+        return null;
+      }
+      if (detection.status === "not-found") {
+        process.stderr.write(
+          style.red("\u2717") + " OpenClaw is not installed. Install OpenClaw first, then run npx multicorn-proxy init again.\n"
+        );
+        rl.close();
+        return null;
+      }
+      if (detection.status === "parse-error") {
+        process.stderr.write(
+          style.red("\u2717") + " Could not update OpenClaw config. Set MULTICORN_API_KEY in ~/.openclaw/openclaw.json manually.\n"
+        );
+      }
+      if (detection.status === "detected") {
+        if (detection.version !== null) {
+          process.stderr.write(
+            style.green("\u2713") + ` OpenClaw detected ${style.dim(`(${detection.version})`)}
+`
+          );
+          if (isVersionAtLeast(detection.version, OPENCLAW_MIN_VERSION)) {
+            process.stderr.write(
+              style.green("\u2713") + " " + style.green("Version compatible") + "\n"
+            );
+          } else {
+            process.stderr.write(
+              style.yellow("\u26A0") + ` Shield has been tested with OpenClaw ${style.cyan(OPENCLAW_MIN_VERSION)} and above. Your version (${detection.version}) may work but is untested. We recommend upgrading to at least ${style.cyan(OPENCLAW_MIN_VERSION)}.
+`
+            );
+            const answer = await ask("Continue anyway? (y/N) ");
+            if (answer.trim().toLowerCase() !== "y") {
+              rl.close();
+              return null;
+            }
+          }
+        } else {
+          process.stderr.write(
+            style.yellow("\u26A0") + " Could not detect OpenClaw version. Continuing anyway.\n"
+          );
+        }
+        const spinner = withSpinner("Updating OpenClaw config...");
+        try {
+          const result = await updateOpenClawConfigIfPresent(apiKey, baseUrl, agentName);
+          if (result === "not-found") {
+            spinner.stop(false, "OpenClaw config disappeared unexpectedly.");
+            rl.close();
+            return null;
+          }
+          if (result === "parse-error") {
+            spinner.stop(
+              false,
+              "Could not update OpenClaw config. Set MULTICORN_API_KEY in ~/.openclaw/openclaw.json manually."
+            );
+          } else {
+            spinner.stop(
+              true,
+              "OpenClaw config updated at " + style.cyan("~/.openclaw/openclaw.json")
+            );
+          }
+        } catch (error) {
+          const detail = error instanceof Error ? error.message : String(error);
+          spinner.stop(false, `Failed to update OpenClaw config: ${detail}`);
+        }
+      }
+    } else if (selection === 2) {
+      process.stderr.write("\nTo connect Claude Code to Shield:\n\n");
+      process.stderr.write(
+        "  " + style.bold("Step 1") + " - Add the Multicorn marketplace:\n    " + style.cyan("claude plugin marketplace add Multicorn-AI/multicorn-shield") + "\n\n"
+      );
+      process.stderr.write(
+        "  " + style.bold("Step 2") + " - Install the plugin:\n    " + style.cyan("claude plugin install multicorn-shield@multicorn-shield") + "\n\n"
+      );
+      process.stderr.write(
+        "  " + style.bold("Step 3") + " - Start Claude Code:\n    " + style.cyan("claude") + "\n\n"
+      );
+      process.stderr.write(
+        style.dim("Run /plugin inside Claude Code to confirm multicorn-shield is installed.") + "\n"
+      );
+      process.stderr.write(
+        style.dim("Requires Claude Code to be installed. Get it at https://code.claude.com") + "\n"
+      );
+    } else if (selection === 3) {
+      const mcpCommand = await ask(
+        "\nWhat MCP server should Shield govern for this agent?\nThis is the command you'd normally use to start your MCP server.\nExample: npx -y @modelcontextprotocol/server-filesystem /tmp\nLeave blank to skip and configure later: "
+      );
+      if (mcpCommand.trim().length === 0) {
+        const configPath = getClaudeDesktopConfigPath();
+        process.stderr.write("\n" + style.dim("Add this to your Claude Desktop config at:") + "\n");
+        process.stderr.write("  " + style.cyan(configPath) + "\n\n");
+        const snippet = JSON.stringify(
+          {
+            mcpServers: {
+              [agentName]: {
+                command: "npx",
+                args: [
+                  "multicorn-proxy",
+                  "--wrap",
+                  "<your-mcp-server-command>",
+                  "--agent-name",
+                  agentName
+                ]
+              }
+            }
+          },
+          null,
+          2
+        );
+        process.stderr.write(style.cyan(snippet) + "\n\n");
+      } else {
+        let shouldWrite = true;
+        const spinner = withSpinner("Updating Claude Desktop config...");
+        try {
+          let result = await updateClaudeDesktopConfig(agentName, mcpCommand.trim());
+          if (result === "skipped") {
+            spinner.stop(false, `Agent "${agentName}" already exists in Claude Desktop config.`);
+            const overwrite = await ask("Overwrite the existing entry? (y/N) ");
+            if (overwrite.trim().toLowerCase() === "y") {
+              const retrySpinner = withSpinner("Updating Claude Desktop config...");
+              result = await updateClaudeDesktopConfig(agentName, mcpCommand.trim(), true);
+              retrySpinner.stop(
+                true,
+                "Claude Desktop config updated at " + style.cyan(getClaudeDesktopConfigPath())
+              );
+            } else {
+              shouldWrite = false;
+              process.stderr.write(style.dim("Skipped. Existing config left unchanged.") + "\n");
+            }
+          } else if (result === "parse-error") {
+            spinner.stop(false, "Claude Desktop config file contains invalid JSON.");
+            const configPath = getClaudeDesktopConfigPath();
+            process.stderr.write(
+              style.yellow("\u26A0") + " Fix the JSON in " + style.cyan(configPath) + " or add this entry manually:\n\n"
+            );
+            const snippet = JSON.stringify(
+              {
+                mcpServers: {
+                  [agentName]: {
+                    command: "npx",
+                    args: [
+                      "multicorn-proxy",
+                      "--wrap",
+                      ...mcpCommand.trim().split(/\s+/),
+                      "--agent-name",
+                      agentName
+                    ]
+                  }
+                }
+              },
+              null,
+              2
+            );
+            process.stderr.write(style.cyan(snippet) + "\n\n");
+          } else {
+            const verb = result === "created" ? "Created" : "Updated";
+            spinner.stop(
+              true,
+              verb + " Claude Desktop config at " + style.cyan(getClaudeDesktopConfigPath())
+            );
+            process.stderr.write(style.dim("Restart Claude Desktop to pick up changes.") + "\n");
+          }
+        } catch (error) {
+          const detail = error instanceof Error ? error.message : String(error);
+          spinner.stop(false, `Failed to update Claude Desktop config: ${detail}`);
+          shouldWrite = false;
+        }
+      }
+    } else {
+      process.stderr.write("\n" + style.dim("Start the Shield proxy with:") + "\n");
+      process.stderr.write(
+        "  " + style.cyan(
+          `npx multicorn-proxy --wrap <your-mcp-server-command> --agent-name ${agentName}`
+        ) + "\n\n"
+      );
+    }
+    configuredPlatforms.add(selection);
+    lastConfig = { apiKey, baseUrl, agentName };
+    try {
+      await saveConfig(lastConfig);
+      process.stderr.write(style.green("\u2713") + ` Config saved to ${style.cyan(CONFIG_PATH)}
+`);
+    } catch (error) {
+      const detail = error instanceof Error ? error.message : String(error);
+      process.stderr.write(style.red(`Failed to save config: ${detail}`) + "\n");
+    }
+    if (configuredPlatforms.size >= 4) {
+      configuring = false;
+      continue;
+    }
+    const another = await ask("\nWould you like to configure another agent? (y/N) ");
+    if (another.trim().toLowerCase() !== "y") {
+      configuring = false;
+    }
   }
-  process.stderr.write(`
-Config saved to ${CONFIG_PATH}
+  rl.close();
+  process.stderr.write("\n" + style.bold(style.violet("Setup complete")) + "\n\n");
+  const allPlatforms = ["OpenClaw", "Claude Code", "Claude Desktop", "Other MCP Agent"];
+  for (const idx of configuredPlatforms) {
+    process.stderr.write(`  ${style.green("\u2713")} ${allPlatforms[idx - 1] ?? ""}
 `);
-  process.stderr.write("Run your agent with: npx multicorn-proxy --wrap <your-mcp-server>\n");
-  return config;
+  }
+  process.stderr.write("\n" + style.bold(style.violet("Next steps")) + "\n");
+  const blocks = [];
+  if (configuredPlatforms.has(1)) {
+    blocks.push(
+      "\n" + style.bold("To complete your OpenClaw setup:") + "\n  \u2192 Restart your gateway: " + style.cyan("openclaw gateway restart") + "\n  \u2192 Start a session: " + style.cyan("openclaw tui") + "\n"
+    );
+  }
+  if (configuredPlatforms.has(2)) {
+    blocks.push(
+      "\n" + style.bold("To complete your Claude Code setup:") + "\n  \u2192 Add marketplace: " + style.cyan("claude plugin marketplace add Multicorn-AI/multicorn-shield") + "\n  \u2192 Install plugin: " + style.cyan("claude plugin install multicorn-shield@multicorn-shield") + "\n"
+    );
+  }
+  if (configuredPlatforms.has(3)) {
+    blocks.push(
+      "\n" + style.bold("To complete your Claude Desktop setup:") + "\n  \u2192 Restart Claude Desktop to pick up config changes\n"
+    );
+  }
+  if (configuredPlatforms.has(4)) {
+    blocks.push(
+      "\n" + style.bold("To complete your Other MCP Agent setup:") + "\n  \u2192 Start your agent with: " + style.cyan("npx multicorn-proxy --wrap <your-server> --agent-name <name>") + "\n"
+    );
+  }
+  process.stderr.write(blocks.join("") + "\n");
+  return lastConfig;
 }
 function isProxyConfig(value) {
   if (typeof value !== "object" || value === null) return false;
@@ -610,51 +1100,53 @@ function capitalize(str) {
 }
 var MULTICORN_DIR = join(homedir(), ".multicorn");
 var SCOPES_PATH = join(MULTICORN_DIR, "scopes.json");
-var CONSENT_POLL_INTERVAL_MS = 3e3;
-var CONSENT_POLL_TIMEOUT_MS = 5 * 60 * 1e3;
-function deriveDashboardUrl(baseUrl) {
+var CACHE_META_PATH = join(MULTICORN_DIR, "cache-meta.json");
+function cacheKey(agentName, apiKey) {
+  return createHash("sha256").update(`${agentName}:${apiKey}`).digest("hex").slice(0, 16);
+}
+async function ensureCacheIdentity(apiKey) {
+  const currentHash = createHash("sha256").update(apiKey).digest("hex");
+  let storedHash = null;
   try {
-    const url = new URL(baseUrl);
-    if (url.hostname === "localhost" || url.hostname === "127.0.0.1") {
-      url.port = "5173";
-      url.protocol = "http:";
-      return url.toString();
-    }
-    if (url.hostname === "api.multicorn.ai") {
-      url.hostname = "app.multicorn.ai";
-      return url.toString();
-    }
-    if (url.hostname.includes("api")) {
-      url.hostname = url.hostname.replace("api", "app");
-      return url.toString();
+    const raw = await readFile(CACHE_META_PATH, "utf8");
+    const meta = JSON.parse(raw);
+    if (typeof meta === "object" && meta !== null && "apiKeyHash" in meta) {
+      storedHash = meta.apiKeyHash;
     }
-    if (url.protocol === "https:" && url.hostname !== "localhost" && url.hostname !== "127.0.0.1") {
-      return "https://app.multicorn.ai";
-    }
-    return "https://app.multicorn.ai";
   } catch {
-    return "https://app.multicorn.ai";
   }
-}
-var ShieldAuthError = class _ShieldAuthError extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "ShieldAuthError";
-    Object.setPrototypeOf(this, _ShieldAuthError.prototype);
+  if (storedHash === null || storedHash !== currentHash) {
+    try {
+      await unlink(SCOPES_PATH);
+    } catch {
+    }
   }
-};
-async function loadCachedScopes(agentName) {
+  if (storedHash !== currentHash) {
+    await mkdir(MULTICORN_DIR, { recursive: true, mode: 448 });
+    await writeFile(CACHE_META_PATH, JSON.stringify({ apiKeyHash: currentHash }, null, 2) + "\n", {
+      encoding: "utf8",
+      mode: 384
+    });
+  }
+}
+async function loadCachedScopes(agentName, apiKey) {
+  if (apiKey.length === 0) return null;
+  await ensureCacheIdentity(apiKey);
+  const key = cacheKey(agentName, apiKey);
   try {
     const raw = await readFile(SCOPES_PATH, "utf8");
     const parsed = JSON.parse(raw);
     if (!isScopesCacheFile(parsed)) return null;
-    const entry = parsed[agentName];
+    const entry = parsed[key];
     return entry?.scopes ?? null;
   } catch {
     return null;
   }
 }
-async function saveCachedScopes(agentName, agentId, scopes) {
+async function saveCachedScopes(agentName, agentId, scopes, apiKey) {
+  if (apiKey.length === 0) return;
+  await ensureCacheIdentity(apiKey);
+  const key = cacheKey(agentName, apiKey);
   await mkdir(MULTICORN_DIR, { recursive: true, mode: 448 });
   let existing = {};
   try {
@@ -665,7 +1157,7 @@ async function saveCachedScopes(agentName, agentId, scopes) {
   }
   const updated = {
     ...existing,
-    [agentName]: {
+    [key]: {
       agentId,
       scopes,
       fetchedAt: (/* @__PURE__ */ new Date()).toISOString()
@@ -676,6 +1168,44 @@ async function saveCachedScopes(agentName, agentId, scopes) {
     mode: 384
   });
 }
+function isScopesCacheFile(value) {
+  return typeof value === "object" && value !== null;
+}
+
+// src/proxy/consent.ts
+var CONSENT_POLL_INTERVAL_MS = 3e3;
+var CONSENT_POLL_TIMEOUT_MS = 5 * 60 * 1e3;
+function deriveDashboardUrl(baseUrl) {
+  try {
+    const url = new URL(baseUrl);
+    if (url.hostname === "localhost" || url.hostname === "127.0.0.1") {
+      url.port = "5173";
+      url.protocol = "http:";
+      return url.toString();
+    }
+    if (url.hostname === "api.multicorn.ai") {
+      url.hostname = "app.multicorn.ai";
+      return url.toString();
+    }
+    if (url.hostname.includes("api")) {
+      url.hostname = url.hostname.replace("api", "app");
+      return url.toString();
+    }
+    if (url.protocol === "https:" && url.hostname !== "localhost" && url.hostname !== "127.0.0.1") {
+      return "https://app.multicorn.ai";
+    }
+    return "https://app.multicorn.ai";
+  } catch {
+    return "https://app.multicorn.ai";
+  }
+}
+var ShieldAuthError = class _ShieldAuthError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "ShieldAuthError";
+    Object.setPrototypeOf(this, _ShieldAuthError.prototype);
+  }
+};
 async function findAgentByName(agentName, apiKey, baseUrl) {
   let response;
   try {
@@ -796,7 +1326,7 @@ Waiting for you to grant access in the Multicorn dashboard...
   );
 }
 async function resolveAgentRecord(agentName, apiKey, baseUrl, logger) {
-  const cachedScopes = await loadCachedScopes(agentName);
+  const cachedScopes = await loadCachedScopes(agentName, apiKey);
   if (cachedScopes !== null && cachedScopes.length > 0) {
     logger.debug("Loaded scopes from cache.", { agent: agentName, count: cachedScopes.length });
     return { id: "", name: agentName, scopes: cachedScopes };
@@ -824,7 +1354,7 @@ async function resolveAgentRecord(agentName, apiKey, baseUrl, logger) {
   }
   const scopes = await fetchGrantedScopes(agent.id, apiKey, baseUrl);
   if (scopes.length > 0) {
-    await saveCachedScopes(agentName, agent.id, scopes);
+    await saveCachedScopes(agentName, agent.id, scopes, apiKey);
   }
   return { ...agent, scopes };
 }
@@ -862,9 +1392,6 @@ function isPermissionShape(value) {
   const obj = value;
   return typeof obj["service"] === "string" && typeof obj["read"] === "boolean" && typeof obj["write"] === "boolean" && typeof obj["execute"] === "boolean" && (obj["revoked_at"] === null || typeof obj["revoked_at"] === "string");
 }
-function isScopesCacheFile(value) {
-  return typeof value === "object" && value !== null;
-}
 
 // src/proxy/index.ts
 var DEFAULT_SCOPE_REFRESH_INTERVAL_MS = 6e4;
@@ -892,7 +1419,7 @@ function createProxyServer(config) {
       const scopes = await fetchGrantedScopes(agentId, config.apiKey, config.baseUrl);
       grantedScopes = scopes;
       if (scopes.length > 0) {
-        await saveCachedScopes(config.agentName, agentId, scopes);
+        await saveCachedScopes(config.agentName, agentId, scopes, config.apiKey);
       }
       config.logger.debug("Scopes refreshed.", { count: scopes.length });
     } catch (error) {
@@ -921,7 +1448,7 @@ function createProxyServer(config) {
         scopeParam
       );
       grantedScopes = scopes;
-      await saveCachedScopes(config.agentName, agentId, scopes);
+      await saveCachedScopes(config.agentName, agentId, scopes, config.apiKey);
     } finally {
       consentInProgress = false;
     }
@@ -1286,7 +1813,7 @@ Use https:// or http://localhost for local development.
     );
     process.exit(1);
   }
-  const agentName = cli.agentName.length > 0 ? cli.agentName : deriveAgentName(cli.wrapCommand);
+  const agentName = cli.agentName.length > 0 ? cli.agentName : config.agentName !== void 0 && config.agentName.length > 0 ? config.agentName : deriveAgentName(cli.wrapCommand);
   const finalBaseUrl = cli.baseUrl !== "https://api.multicorn.ai" ? cli.baseUrl : config.baseUrl;
   const finalDashboardUrl = cli.dashboardUrl !== "" ? cli.dashboardUrl : deriveDashboardUrl(finalBaseUrl);
   const proxy = createProxyServer({