multicorn-shield 0.1.9 → 0.1.10

package/dist/openclaw-plugin/index.js

@@ -128,9 +128,6 @@ function isScopesCacheFile(value) {
 // src/openclaw/shield-client.ts
 var REQUEST_TIMEOUT_MS = 5e3;
 var AUTH_HEADER = "X-Multicorn-Key";
-var POLL_INTERVAL_MS = 3e3;
-var MAX_POLLS = 100;
-var POLL_TIMEOUT_MS = POLL_INTERVAL_MS * MAX_POLLS;
 var authErrorLogged = false;
 function isApiSuccess(value) {
   if (typeof value !== "object" || value === null) return false;
@@ -152,11 +149,6 @@ function isPermissionEntry(value) {
   const obj = value;
   return typeof obj["service"] === "string" && typeof obj["read"] === "boolean" && typeof obj["write"] === "boolean" && typeof obj["execute"] === "boolean" && (obj["revoked_at"] === null || typeof obj["revoked_at"] === "string");
 }
-function isApprovalResponse(value) {
-  if (typeof value !== "object" || value === null) return false;
-  const obj = value;
-  return typeof obj["id"] === "string" && typeof obj["status"] === "string" && ["pending", "approved", "rejected", "expired"].includes(obj["status"]) && (obj["decided_at"] === null || typeof obj["decided_at"] === "string");
-}
 function handleHttpError(status, logger, retryDelaySeconds) {
   if (status === 401 || status === 403) {
     if (!authErrorLogged) {
@@ -169,12 +161,7 @@ function handleHttpError(status, logger, retryDelaySeconds) {
     return { shouldBlock: true };
   }
   if (status === 429) {
-    if (retryDelaySeconds !== void 0) {
-      const rateLimitMsg = `[multicorn-shield] Rate limited by Shield API. Retrying in ${String(retryDelaySeconds)}s.`;
-      logger?.warn(rateLimitMsg);
-      process.stderr.write(`${rateLimitMsg}
-`);
-    } else {
+    {
       const rateLimitMsg = "[multicorn-shield] Rate limited by Shield API. Action was not checked \u2014 proceeding with fail-open.";
       logger?.warn(rateLimitMsg);
       process.stderr.write(`${rateLimitMsg}
@@ -272,6 +259,14 @@ async function fetchGrantedScopes(agentId, apiKey, baseUrl, logger) {
 }
 async function checkActionPermission(payload, apiKey, baseUrl, logger) {
   try {
+    const requestBody = {
+      agent: payload.agent,
+      service: payload.service,
+      actionType: payload.actionType,
+      status: payload.status,
+      metadata: payload.metadata
+    };
+    console.error("[SHIELD-CLIENT] POST /api/v1/actions request: " + JSON.stringify(requestBody));
     const response = await fetch(`${baseUrl}/api/v1/actions`, {
       method: "POST",
       headers: {
@@ -282,15 +277,22 @@ async function checkActionPermission(payload, apiKey, baseUrl, logger) {
       signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS)
     });
     if (response.status === 201) {
+      console.error(
+        "[SHIELD-CLIENT] response status=201, returning approved (body not read - backend may have failed approval creation)"
+      );
       return { status: "approved" };
     }
     if (response.status === 202) {
       const body = await response.json();
-      if (!isApiSuccess(body)) {
+      const data = isApiSuccess(body) ? body.data : null;
+      console.error("[SHIELD-CLIENT] response status=202 body=" + JSON.stringify(data ?? body));
+      if (!isApiSuccess(body) || data === null) {
         return { status: "blocked" };
       }
-      const data = body.data;
-      const approvalId = typeof data["approvalId"] === "string" ? data["approvalId"] : void 0;
+      const approvalId = typeof data["approval_id"] === "string" ? data["approval_id"] : void 0;
+      console.error(
+        "[SHIELD-CLIENT] extracted: status=" + String(data["status"]) + " approval_id=" + (approvalId ?? "undefined")
+      );
       if (approvalId === void 0) {
         return { status: "blocked" };
       }
@@ -309,85 +311,6 @@ async function checkActionPermission(payload, apiKey, baseUrl, logger) {
     return { status: "blocked" };
   }
 }
-async function pollApprovalStatus(approvalId, apiKey, baseUrl, logger) {
-  const startTime = Date.now();
-  const logDebug = logger?.debug?.bind(logger);
-  for (let pollCount = 0; pollCount < MAX_POLLS; pollCount++) {
-    if (Date.now() - startTime >= POLL_TIMEOUT_MS) {
-      return "timeout";
-    }
-    let approval = null;
-    for (let retry = 0; retry < 3; retry++) {
-      try {
-        const response = await fetch(`${baseUrl}/api/v1/approvals/${approvalId}`, {
-          headers: { [AUTH_HEADER]: apiKey },
-          signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS)
-        });
-        if (!response.ok) {
-          if (response.status === 401 || response.status === 403) {
-            handleHttpError(response.status, logger);
-            return "timeout";
-          }
-          if (response.status === 429 || response.status >= 500 && response.status < 600) {
-            const retryDelay = retry < 2 ? Math.pow(2, retry) : void 0;
-            handleHttpError(response.status, logger, retryDelay);
-          }
-          logDebug?.(
-            `Poll ${String(pollCount + 1)} failed: HTTP ${String(response.status)}. Retrying...`
-          );
-          if (retry < 2) {
-            await new Promise((resolve) => setTimeout(resolve, 1e3 * Math.pow(2, retry)));
-          }
-          continue;
-        }
-        const body = await response.json();
-        if (!isApiSuccess(body)) {
-          logDebug?.(`Poll ${String(pollCount + 1)} failed: invalid response format. Retrying...`);
-          if (retry < 2) {
-            await new Promise((resolve) => setTimeout(resolve, 1e3 * Math.pow(2, retry)));
-          }
-          continue;
-        }
-        const approvalData = body.data;
-        if (!isApprovalResponse(approvalData)) {
-          logDebug?.(`Poll ${String(pollCount + 1)} failed: invalid approval data. Retrying...`);
-          if (retry < 2) {
-            await new Promise((resolve) => setTimeout(resolve, 1e3 * Math.pow(2, retry)));
-          }
-          continue;
-        }
-        approval = approvalData;
-        break;
-      } catch (error) {
-        const errorMessage = error instanceof Error ? error.message : String(error);
-        logDebug?.(`Poll ${String(pollCount + 1)} failed: ${errorMessage}. Retrying...`);
-        if (retry < 2) {
-          await new Promise((resolve) => setTimeout(resolve, 1e3 * Math.pow(2, retry)));
-        }
-      }
-    }
-    if (approval !== null) {
-      if (approval.status === "approved") {
-        return "approved";
-      }
-      if (approval.status === "rejected") {
-        return "rejected";
-      }
-      if (approval.status === "expired") {
-        return "expired";
-      }
-      if (pollCount < MAX_POLLS - 1) {
-        await new Promise((resolve) => setTimeout(resolve, POLL_INTERVAL_MS));
-      }
-    } else {
-      logDebug?.(`All retries failed for poll ${String(pollCount + 1)}. Continuing...`);
-      if (pollCount < MAX_POLLS - 1) {
-        await new Promise((resolve) => setTimeout(resolve, POLL_INTERVAL_MS));
-      }
-    }
-  }
-  return "timeout";
-}
 async function logAction(payload, apiKey, baseUrl, logger) {
   try {
     const response = await fetch(`${baseUrl}/api/v1/actions`, {
@@ -507,11 +430,10 @@ function loadMulticornConfig() {
 }
 function readConfig() {
   const pc = pluginConfig ?? {};
-  const resolvedApiKey = asString(process.env["MULTICORN_API_KEY"]) ?? asString(cachedMulticornConfig?.apiKey) ?? "";
-  const resolvedBaseUrl = asString(process.env["MULTICORN_BASE_URL"]) ?? asString(cachedMulticornConfig?.baseUrl) ?? "https://api.multicorn.ai";
+  const resolvedApiKey = asString(cachedMulticornConfig?.apiKey) ?? asString(process.env["MULTICORN_API_KEY"]) ?? "";
+  const resolvedBaseUrl = asString(cachedMulticornConfig?.baseUrl) ?? asString(process.env["MULTICORN_BASE_URL"]) ?? "https://api.multicorn.ai";
   const agentName = asString(pc["agentName"]) ?? process.env["MULTICORN_AGENT_NAME"] ?? null;
-  const failModeRaw = asString(pc["failMode"]) ?? process.env["MULTICORN_FAIL_MODE"] ?? "open";
-  const failMode = failModeRaw === "closed" ? "closed" : "open";
+  const failMode = "closed";
   return { apiKey: resolvedApiKey, baseUrl: resolvedBaseUrl, agentName, failMode };
 }
 function asString(value) {
@@ -683,110 +605,116 @@ function buildApprovalDescription(agentName, permissionLevel, service, toolName,
   return truncated;
 }
 async function beforeToolCall(event, ctx) {
-  const config = readConfig();
-  if (config.apiKey.length === 0) {
-    pluginLogger?.warn(
-      "Multicorn Shield: No API key found. Run 'npx multicorn-proxy init' or set MULTICORN_API_KEY."
+  try {
+    console.error("[SHIELD] beforeToolCall ENTRY: tool=" + event.toolName);
+    const config = readConfig();
+    console.error(
+      "[SHIELD] config loaded: baseUrl=" + config.baseUrl + " apiKey=" + (config.apiKey ? "present" : "MISSING") + " failMode=" + config.failMode
     );
-    return void 0;
-  }
-  const agentName = resolveAgentName(ctx.sessionKey ?? "", config.agentName);
-  const readiness = await ensureAgent(agentName, config.apiKey, config.baseUrl, config.failMode);
-  if (readiness === "block") {
-    return {
-      block: true,
-      blockReason: "Multicorn Shield could not verify permissions. The Shield API is unreachable and fail-closed mode is enabled."
-    };
-  }
-  if (readiness === "skip") {
-    return void 0;
-  }
-  const command = event.toolName === "exec" && typeof event.params["command"] === "string" ? event.params["command"] : void 0;
-  const mapping = mapToolToScope(event.toolName, command);
-  pluginLogger?.info(
-    `Multicorn Shield: tool=${event.toolName}, service=${mapping.service}, permissionLevel=${mapping.permissionLevel}`
-  );
-  const actionType = mapping.permissionLevel === "write" && event.toolName === "exec" ? "exec_write" : event.toolName;
-  const description = buildApprovalDescription(
-    agentName,
-    mapping.permissionLevel,
-    mapping.service,
-    event.toolName,
-    event.params
-  );
-  const permissionResult = await checkActionPermission(
-    {
-      agent: agentName,
-      service: mapping.service,
-      actionType,
-      status: "approved",
-      // Status doesn't matter for permission check
-      metadata: {
-        description
-      }
-    },
-    config.apiKey,
-    config.baseUrl,
-    pluginLogger ?? void 0
-  );
-  if (permissionResult.status === "approved") {
-    if (agentRecord !== null) {
-      const scopes = await fetchGrantedScopes(
-        agentRecord.id,
-        config.apiKey,
-        config.baseUrl,
-        pluginLogger ?? void 0
+    if (config.apiKey.length === 0) {
+      pluginLogger?.warn(
+        "Multicorn Shield: No API key found. Run 'npx multicorn-proxy init' or set MULTICORN_API_KEY."
       );
-      grantedScopes = scopes;
-      lastScopeRefresh = Date.now();
-      if (scopes.length > 0) {
-        await saveCachedScopes(agentName, agentRecord.id, scopes).catch(() => {
-        });
-      }
+      console.error("[SHIELD] DECISION: allow (no API key)");
+      return void 0;
     }
-    return void 0;
-  }
-  if (permissionResult.status === "pending" && permissionResult.approvalId !== void 0) {
+    const agentName = resolveAgentName(ctx.sessionKey ?? "", config.agentName);
+    const readiness = await ensureAgent(agentName, config.apiKey, config.baseUrl, config.failMode);
+    console.error("[SHIELD] ensureAgent result: " + JSON.stringify(readiness));
+    if (readiness === "block") {
+      const returnValue2 = {
+        block: true,
+        blockReason: "Multicorn Shield could not verify permissions. The Shield API is unreachable and fail-closed mode is enabled."
+      };
+      console.error("[SHIELD] DECISION: " + JSON.stringify(returnValue2));
+      return returnValue2;
+    }
+    if (readiness === "skip") {
+      console.error("[SHIELD] DECISION: allow (skip mode)");
+      return void 0;
+    }
+    const command = event.toolName === "exec" && typeof event.params["command"] === "string" ? event.params["command"] : void 0;
+    const mapping = mapToolToScope(event.toolName, command);
     pluginLogger?.info(
-      `Multicorn Shield: action pending approval (ID: ${permissionResult.approvalId}). Polling for status...`
+      `Multicorn Shield: tool=${event.toolName}, service=${mapping.service}, permissionLevel=${mapping.permissionLevel}`
+    );
+    const actionType = mapping.permissionLevel === "write" && event.toolName === "exec" ? "exec_write" : event.toolName;
+    const description = buildApprovalDescription(
+      agentName,
+      mapping.permissionLevel,
+      mapping.service,
+      event.toolName,
+      event.params
     );
-    const pollResult = await pollApprovalStatus(
-      permissionResult.approvalId,
+    if (grantedScopes.length === 0 && agentRecord !== null) {
+      await ensureConsent(agentName, config.apiKey, config.baseUrl, mapping);
+      console.error("[SHIELD] ensureConsent result: completed (zero-scopes path)");
+    }
+    console.error(
+      "[SHIELD] calling checkActionPermission: service=" + mapping.service + " actionType=" + actionType
+    );
+    const permissionResult = await checkActionPermission(
+      {
+        agent: agentName,
+        service: mapping.service,
+        actionType,
+        status: "approved",
+        // Status doesn't matter for permission check
+        metadata: {
+          description
+        }
+      },
       config.apiKey,
       config.baseUrl,
       pluginLogger ?? void 0
     );
-    if (pollResult === "approved") {
+    console.error("[SHIELD] permission result: " + JSON.stringify(permissionResult));
+    if (permissionResult.status === "approved") {
+      if (agentRecord !== null) {
+        const scopes = await fetchGrantedScopes(
+          agentRecord.id,
+          config.apiKey,
+          config.baseUrl,
+          pluginLogger ?? void 0
+        );
+        grantedScopes = scopes;
+        lastScopeRefresh = Date.now();
+        if (Array.isArray(scopes) && scopes.length > 0) {
+          await saveCachedScopes(agentName, agentRecord.id, scopes).catch(() => {
+          });
+        }
+      }
+      console.error("[SHIELD] DECISION: allow (approved)");
       return void 0;
     }
-    if (pollResult === "rejected") {
-      return {
-        block: true,
-        blockReason: "Action was reviewed and rejected."
-      };
-    }
-    if (pollResult === "expired") {
-      return {
+    if (permissionResult.status === "pending" && permissionResult.approvalId !== void 0) {
+      const dashboardUrl2 = deriveDashboardUrl(config.baseUrl);
+      const returnValue2 = {
         block: true,
-        blockReason: "Approval request expired before a decision was made."
+        blockReason: `Action pending approval. Visit ${dashboardUrl2}approvals to approve or reject, then try again.`
       };
+      console.error("[SHIELD] DECISION: " + JSON.stringify(returnValue2));
+      return returnValue2;
     }
-    return {
-      block: true,
-      blockReason: "Approval request timed out after 5 minutes."
+    const requestedScope = {
+      service: mapping.service,
+      permissionLevel: mapping.permissionLevel
     };
+    if (!hasScope(grantedScopes, requestedScope) && agentRecord !== null) {
+      await ensureConsent(agentName, config.apiKey, config.baseUrl, mapping);
+      console.error("[SHIELD] ensureConsent result: completed (blocked path)");
+    }
+    const capitalizedService = mapping.service.charAt(0).toUpperCase() + mapping.service.slice(1);
+    const dashboardUrl = deriveDashboardUrl(config.baseUrl);
+    const reason = `${capitalizedService} ${mapping.permissionLevel} access is not allowed. Check pending approvals at ${dashboardUrl}/approvals `;
+    const returnValue = { block: true, blockReason: reason };
+    console.error("[SHIELD] DECISION: " + JSON.stringify(returnValue));
+    return returnValue;
+  } catch (e) {
+    console.error("[SHIELD] CRASH in beforeToolCall: " + String(e));
+    console.error("[SHIELD] Stack: " + ((e instanceof Error ? e.stack : void 0) ?? "no stack"));
+    return { block: true, blockReason: "Shield internal error: " + String(e) };
   }
-  const requestedScope = {
-    service: mapping.service,
-    permissionLevel: mapping.permissionLevel
-  };
-  if (!hasScope(grantedScopes, requestedScope) && agentRecord !== null) {
-    await ensureConsent(agentName, config.apiKey, config.baseUrl, mapping);
-  }
-  const capitalizedService = mapping.service.charAt(0).toUpperCase() + mapping.service.slice(1);
-  const dashboardUrl = deriveDashboardUrl(config.baseUrl);
-  const reason = `${capitalizedService} ${mapping.permissionLevel} access is not allowed. Check pending approvals at ${dashboardUrl}/approvals `;
-  return { block: true, blockReason: reason };
 }
 function afterToolCall(event, ctx) {
   const config = readConfig();
@@ -819,6 +747,7 @@ var plugin = {
     pluginLogger = api.logger;
     pluginConfig = api.pluginConfig;
     cachedMulticornConfig = loadMulticornConfig();
+    console.error("[SHIELD-DIAG] cachedMulticornConfig: " + JSON.stringify(cachedMulticornConfig));
     api.on("before_tool_call", beforeToolCall, { priority: 10 });
     api.on("after_tool_call", afterToolCall);
     api.logger.info("Multicorn Shield plugin registered.");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "multicorn-shield",
-  "version": "0.1.9",
+  "version": "0.1.10",
   "description": "The control layer for AI agents: permissions, consent, spending limits, and audit logging.",
   "license": "MIT",
   "type": "module",