multicorn-shield 0.10.0 → 0.11.0

package/CHANGELOG.md

@@ -5,6 +5,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.11.0] - 2026-04-25
+
+### Added
+
+- `<multicorn-badge>` trust badge web component for embedding in third-party products. Shadow DOM encapsulation, dark/light themes, compact/standard sizes, optional action count display.
+- CDN entrypoint (`dist/badge.js`) for single-script-tag embedding: `<script src="https://cdn.multicorn.ai/badge.js" data-agent-id="..."></script>`. Self-contained, no Lit runtime dependency.
+- `MulticornBadge` class exported from the main SDK barrel for programmatic usage.
+- Shared `shield-tokens.ts` module (`src/shared/`) extracting `SHIELD_COLORS` design tokens for reuse across consent and badge components.
+- `size-limit` budget enforcement for `dist/badge.js` at 5 kB gzip (actual ~1.75 kB).
+
 ## [0.10.0] - 2026-04-21
 
 ### Added

package/dist/badge.js

@@ -0,0 +1,44 @@
+var n={surface:"#14141f",surfaceHover:"#1a1a2e",border:"#2a2a3d",text:"#e8e8f0",accent:"#8b5cf6",accentDim:"rgba(139, 92, 246, 0.12)"};var E="#0f172a",y="#f8fafc",A="#f1f5f9",v="#e2e8f0";function h(){return `
+:host { display: inline-block; line-height: 0; }
+.badge {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  box-sizing: border-box;
+  gap: 6px;
+  min-height: 28px;
+  padding: 4px 10px 4px 8px;
+  border-radius: 9999px;
+  text-decoration: none;
+  font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+  font-size: 12px;
+  font-weight: 500;
+  border: 1px solid ${n.border};
+  background: ${n.surface};
+  color: ${n.text};
+  transition: background 0.15s ease, border-color 0.15s ease, box-shadow 0.15s ease;
+}
+:host([theme="light"]) .badge {
+  border-color: ${v};
+  background: ${y};
+  color: ${E};
+}
+.badge:hover {
+  background: ${n.surfaceHover};
+  border-color: ${n.accent};
+  box-shadow: 0 0 0 1px ${n.accentDim};
+}
+:host([theme="light"]) .badge:hover {
+  background: ${A};
+  border-color: ${n.accent};
+}
+.badge:focus-visible {
+  outline: 2px solid ${n.accent};
+  outline-offset: 2px;
+}
+.icon { flex-shrink: 0; display: block; }
+.text { white-space: nowrap; }
+:host([size="compact"]) .text { display: none; }
+:host([size="compact"]) .badge { padding: 4px 6px; }
+@media (prefers-reduced-motion: reduce) { .badge { transition: none; } }
+  `.trim()}var L="https://multicorn.ai/verify/",x="multicorn-badge",w="M12 1L3 5v6c0 5.55 3.84 9.95 9 12 5.16-2.05 9-6.45 9-12V5l-9-4z";function C(e){if(e==null||e==="")return;let t=Number(e);return Number.isNaN(t)?void 0:t}var m=class extends HTMLElement{#e=false;ensureShadow(){return this.shadowRoot!=null?this.shadowRoot:this.attachShadow({mode:"open"})}static get observedAttributes(){return ["agent-id","size","theme","action-count"]}connectedCallback(){this.render();}attributeChangedCallback(){this.render();}render(){let t=this.ensureShadow();if(!this.#e){let g=document.createElement("style");g.textContent=h(),t.appendChild(g),this.#e=true;}let s=(this.getAttribute("agent-id")??"").trim(),c=C(this.getAttribute("action-count")),a=t.querySelector("a.badge");if(a&&a.remove(),s==="")return;let d,l;if(c==null)d="Secured by Multicorn",l="Secured by Multicorn, verify this agent";else {let f=String(c);d="Secured by Multicorn \xB7 "+f+" actions secured",l="Secured by Multicorn \xB7 "+f+" actions secured, verify this agent";}let S=`${L}${encodeURIComponent(s)}`,r=document.createElement("a");r.className="badge",r.href=S,r.target="_blank",r.rel="noopener noreferrer",r.setAttribute("aria-label",l);let p="http://www.w3.org/2000/svg",o=document.createElementNS(p,"svg");o.setAttribute("class","icon"),o.setAttribute("width","16"),o.setAttribute("height","16"),o.setAttribute("viewBox","0 0 24 24"),o.setAttribute("aria-hidden","true");let u=document.createElementNS(p,"path");u.setAttribute("d",w),u.setAttribute("fill",n.accent),o.appendChild(u),r.appendChild(o);let b=document.createElement("span");b.className="text",b.textContent=d,r.appendChild(b),t.appendChild(r);}};customElements.get(x)===void 0&&customElements.define(x,m);function T(e){return e==="compact"||e==="standard"}function H(e){return e==="dark"||e==="light"}var i=(typeof document<"u"&&document.currentScript!==null?document.currentScript:null)??null;if(i==null)console.warn("[Multicorn] badge.js must be loaded as a classic script (document.currentScript was null).");else {let e=i.dataset.agentId?.trim();if(e==null||e==="")console.warn("[Multicorn] Skipping trust badge: missing data-agent-id on the badge script tag.");else {let t=document.createElement("multicorn-badge");t.setAttribute("agent-id",e);let s=i.dataset.size;T(s)&&t.setAttribute("size",s);let c=i.dataset.theme;H(c)&&t.setAttribute("theme",c);let a=i.dataset.actionCount;a!=null&&a!==""&&t.setAttribute("action-count",a),i.parentNode?.insertBefore(t,i.nextSibling);}}

package/dist/index.cjs

@@ -432,6 +432,8 @@ function getScopeWarning(scopeString) {
   const metadata = getScopeMetadata(scopeString);
   return metadata?.warningMessage;
 }
+
+// src/shared/shield-tokens.ts
 var SHIELD_COLORS = {
   bg: "#0d0d14",
   surface: "#14141f",
@@ -452,6 +454,8 @@ var SHIELD_COLORS = {
   red: "#ef4444",
   redDim: "rgba(239, 68, 68, 0.12)"
 };
+
+// src/consent/consent-styles.ts
 var consentStyles = lit.css`
   :host {
     display: block;
@@ -1599,6 +1603,144 @@ exports.MulticornConsent = __decorateClass([
   decorators_js.customElement(CONSENT_ELEMENT_TAG)
 ], exports.MulticornConsent);
 
+// src/badge/badge-styles.ts
+var LIGHT_TEXT = "#0f172a";
+var LIGHT_SURFACE = "#f8fafc";
+var LIGHT_SURFACE_HOVER = "#f1f5f9";
+var LIGHT_BORDER = "#e2e8f0";
+function getBadgeStyleText() {
+  return `
+:host { display: inline-block; line-height: 0; }
+.badge {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  box-sizing: border-box;
+  gap: 6px;
+  min-height: 28px;
+  padding: 4px 10px 4px 8px;
+  border-radius: 9999px;
+  text-decoration: none;
+  font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+  font-size: 12px;
+  font-weight: 500;
+  border: 1px solid ${SHIELD_COLORS.border};
+  background: ${SHIELD_COLORS.surface};
+  color: ${SHIELD_COLORS.text};
+  transition: background 0.15s ease, border-color 0.15s ease, box-shadow 0.15s ease;
+}
+:host([theme="light"]) .badge {
+  border-color: ${LIGHT_BORDER};
+  background: ${LIGHT_SURFACE};
+  color: ${LIGHT_TEXT};
+}
+.badge:hover {
+  background: ${SHIELD_COLORS.surfaceHover};
+  border-color: ${SHIELD_COLORS.accent};
+  box-shadow: 0 0 0 1px ${SHIELD_COLORS.accentDim};
+}
+:host([theme="light"]) .badge:hover {
+  background: ${LIGHT_SURFACE_HOVER};
+  border-color: ${SHIELD_COLORS.accent};
+}
+.badge:focus-visible {
+  outline: 2px solid ${SHIELD_COLORS.accent};
+  outline-offset: 2px;
+}
+.icon { flex-shrink: 0; display: block; }
+.text { white-space: nowrap; }
+:host([size="compact"]) .text { display: none; }
+:host([size="compact"]) .badge { padding: 4px 6px; }
+@media (prefers-reduced-motion: reduce) { .badge { transition: none; } }
+  `.trim();
+}
+
+// src/badge/multicorn-badge.ts
+var VERIFY_BASE = "https://multicorn.ai/verify/";
+var BADGE_ELEMENT_TAG = "multicorn-badge";
+var SHIELD_PATH = "M12 1L3 5v6c0 5.55 3.84 9.95 9 12 5.16-2.05 9-6.45 9-12V5l-9-4z";
+function parseOptionalCount(raw) {
+  if (raw == null || raw === "") {
+    return void 0;
+  }
+  const n = Number(raw);
+  return Number.isNaN(n) ? void 0 : n;
+}
+var MulticornBadge = class extends HTMLElement {
+  #didInjectStyle = false;
+  ensureShadow() {
+    if (this.shadowRoot != null) {
+      return this.shadowRoot;
+    }
+    return this.attachShadow({ mode: "open" });
+  }
+  static get observedAttributes() {
+    return ["agent-id", "size", "theme", "action-count"];
+  }
+  connectedCallback() {
+    this.render();
+  }
+  attributeChangedCallback() {
+    this.render();
+  }
+  render() {
+    const root = this.ensureShadow();
+    if (this.#didInjectStyle) ; else {
+      const style = document.createElement("style");
+      style.textContent = getBadgeStyleText();
+      root.appendChild(style);
+      this.#didInjectStyle = true;
+    }
+    const agentId = (this.getAttribute("agent-id") ?? "").trim();
+    const actionCount = parseOptionalCount(this.getAttribute("action-count"));
+    const prior = root.querySelector("a.badge");
+    if (prior) {
+      prior.remove();
+    }
+    if (agentId === "") {
+      return;
+    }
+    let labelSuffix;
+    let ariaLabel;
+    if (actionCount == null) {
+      labelSuffix = "Secured by Multicorn";
+      ariaLabel = "Secured by Multicorn, verify this agent";
+    } else {
+      const count = actionCount;
+      const countText = String(count);
+      labelSuffix = "Secured by Multicorn \xB7 " + countText + " actions secured";
+      ariaLabel = "Secured by Multicorn \xB7 " + countText + " actions secured, verify this agent";
+    }
+    const href = `${VERIFY_BASE}${encodeURIComponent(agentId)}`;
+    const a = document.createElement("a");
+    a.className = "badge";
+    a.href = href;
+    a.target = "_blank";
+    a.rel = "noopener noreferrer";
+    a.setAttribute("aria-label", ariaLabel);
+    const svgNs = "http://www.w3.org/2000/svg";
+    const svg = document.createElementNS(svgNs, "svg");
+    svg.setAttribute("class", "icon");
+    svg.setAttribute("width", "16");
+    svg.setAttribute("height", "16");
+    svg.setAttribute("viewBox", "0 0 24 24");
+    svg.setAttribute("aria-hidden", "true");
+    const path = document.createElementNS(svgNs, "path");
+    path.setAttribute("d", SHIELD_PATH);
+    path.setAttribute("fill", SHIELD_COLORS.accent);
+    svg.appendChild(path);
+    a.appendChild(svg);
+    const text = document.createElement("span");
+    text.className = "text";
+    text.textContent = labelSuffix;
+    a.appendChild(text);
+    root.appendChild(a);
+  }
+};
+if (customElements.get(BADGE_ELEMENT_TAG) === void 0) {
+  customElements.define(BADGE_ELEMENT_TAG, MulticornBadge);
+}
+
 // src/logger/action-logger.ts
 function createActionLogger(config) {
   if (!config.apiKey || config.apiKey.trim().length === 0) {
@@ -2749,6 +2891,7 @@ exports.ACTION_STATUSES = ACTION_STATUSES;
 exports.AGENT_STATUSES = AGENT_STATUSES;
 exports.BUILT_IN_SERVICES = BUILT_IN_SERVICES;
 exports.CONSENT_ELEMENT_TAG = CONSENT_ELEMENT_TAG;
+exports.MulticornBadge = MulticornBadge;
 exports.MulticornShield = MulticornShield;
 exports.PERMISSION_LEVELS = PERMISSION_LEVELS;
 exports.SERVICE_NAME_PATTERN = SERVICE_NAME_PATTERN;

package/dist/index.d.cts

@@ -1069,6 +1069,29 @@ interface FocusTrap {
  */
 declare function createFocusTrap(container: HTMLElement, initialFocus?: HTMLElement | null): FocusTrap;
 
+/**
+ * `<multicorn-badge>`: small embeddable trust badge (Shadow DOM).
+ * Implemented as a native custom element to keep the CDN `badge.js` under the
+ * size budget. Styling and tokens align with the Lit-based consent screen.
+ *
+ * @module badge/multicorn-badge
+ */
+/** Custom element tag for the trust badge. */
+declare const BADGE_ELEMENT_TAG: "multicorn-badge";
+declare class MulticornBadge extends HTMLElement {
+    #private;
+    private ensureShadow;
+    static get observedAttributes(): string[];
+    connectedCallback(): void;
+    attributeChangedCallback(): void;
+    private render;
+}
+declare global {
+    interface HTMLElementTagNameMap {
+        [BADGE_ELEMENT_TAG]: MulticornBadge;
+    }
+}
+
 /**
  * Action logging client for Multicorn Shield.
  *
@@ -2283,4 +2306,4 @@ interface ContentReviewRequestPayload {
  */
 declare function requestContentReview(payload: ContentReviewRequestPayload, apiKey: string, baseUrl: string, logger?: PluginLogger): Promise<ContentReviewResult>;
 
-export { ACTION_STATUSES, AGENT_STATUSES, type Action, type ActionInput, type ActionLogger, type ActionLoggerConfig, type ActionPayload, type ActionStatus, type Agent, type AgentStatus, type ApiError, BUILT_IN_SERVICES, type BatchModeConfig, type BuiltInServiceName, CONSENT_ELEMENT_TAG, type ConsentDecision, type ConsentDeniedEventDetail, type ConsentEventDetail, type ConsentEventMap, type ConsentEventName, type ConsentGrantedEventDetail, type ConsentOptions, type ConsentPartialEventDetail, type ContentReviewRequestPayload, type ContentReviewResult, type ContentReviewStatusResponse, type FocusTrap, type McpAdapter, type McpAdapterConfig, type McpAdapterResult, type McpBlockedResult, type McpToolCall, type McpToolHandler, type McpToolResult, MulticornConsent, MulticornShield, type MulticornShieldConfig, PERMISSION_LEVELS, type Permission, type PermissionLevel, type RemainingBudget, SERVICE_NAME_PATTERN, type Scope, ScopeParseError, type ScopeParseResult, type ScopeRegistry, type ScopeRequest, type ServiceDefinition, type SpendCheckResult, type SpendingCheckResult, type SpendingChecker, type SpendingLimit, type SpendingLimits, type SpendingTrackerConfig, type ValidationResult, centsToDollars, createActionLogger, createFocusTrap, createMcpAdapter, createScopeRegistry, createSpendingChecker, dollarsToCents, formatScope, getPermissionLabel, getScopeLabel, getScopeShortLabel, getServiceDisplayName, getServiceIcon, hasScope, isBlockedResult, isPublicContentAction, isValidScopeString, parseScope, parseScopes, requestContentReview, requiresContentReview, tryParseScope, validateAllScopesAccess, validateScopeAccess };
+export { ACTION_STATUSES, AGENT_STATUSES, type Action, type ActionInput, type ActionLogger, type ActionLoggerConfig, type ActionPayload, type ActionStatus, type Agent, type AgentStatus, type ApiError, BUILT_IN_SERVICES, type BatchModeConfig, type BuiltInServiceName, CONSENT_ELEMENT_TAG, type ConsentDecision, type ConsentDeniedEventDetail, type ConsentEventDetail, type ConsentEventMap, type ConsentEventName, type ConsentGrantedEventDetail, type ConsentOptions, type ConsentPartialEventDetail, type ContentReviewRequestPayload, type ContentReviewResult, type ContentReviewStatusResponse, type FocusTrap, type McpAdapter, type McpAdapterConfig, type McpAdapterResult, type McpBlockedResult, type McpToolCall, type McpToolHandler, type McpToolResult, MulticornBadge, MulticornConsent, MulticornShield, type MulticornShieldConfig, PERMISSION_LEVELS, type Permission, type PermissionLevel, type RemainingBudget, SERVICE_NAME_PATTERN, type Scope, ScopeParseError, type ScopeParseResult, type ScopeRegistry, type ScopeRequest, type ServiceDefinition, type SpendCheckResult, type SpendingCheckResult, type SpendingChecker, type SpendingLimit, type SpendingLimits, type SpendingTrackerConfig, type ValidationResult, centsToDollars, createActionLogger, createFocusTrap, createMcpAdapter, createScopeRegistry, createSpendingChecker, dollarsToCents, formatScope, getPermissionLabel, getScopeLabel, getScopeShortLabel, getServiceDisplayName, getServiceIcon, hasScope, isBlockedResult, isPublicContentAction, isValidScopeString, parseScope, parseScopes, requestContentReview, requiresContentReview, tryParseScope, validateAllScopesAccess, validateScopeAccess };

package/dist/index.d.ts

@@ -1069,6 +1069,29 @@ interface FocusTrap {
  */
 declare function createFocusTrap(container: HTMLElement, initialFocus?: HTMLElement | null): FocusTrap;
 
+/**
+ * `<multicorn-badge>`: small embeddable trust badge (Shadow DOM).
+ * Implemented as a native custom element to keep the CDN `badge.js` under the
+ * size budget. Styling and tokens align with the Lit-based consent screen.
+ *
+ * @module badge/multicorn-badge
+ */
+/** Custom element tag for the trust badge. */
+declare const BADGE_ELEMENT_TAG: "multicorn-badge";
+declare class MulticornBadge extends HTMLElement {
+    #private;
+    private ensureShadow;
+    static get observedAttributes(): string[];
+    connectedCallback(): void;
+    attributeChangedCallback(): void;
+    private render;
+}
+declare global {
+    interface HTMLElementTagNameMap {
+        [BADGE_ELEMENT_TAG]: MulticornBadge;
+    }
+}
+
 /**
  * Action logging client for Multicorn Shield.
  *
@@ -2283,4 +2306,4 @@ interface ContentReviewRequestPayload {
  */
 declare function requestContentReview(payload: ContentReviewRequestPayload, apiKey: string, baseUrl: string, logger?: PluginLogger): Promise<ContentReviewResult>;
 
-export { ACTION_STATUSES, AGENT_STATUSES, type Action, type ActionInput, type ActionLogger, type ActionLoggerConfig, type ActionPayload, type ActionStatus, type Agent, type AgentStatus, type ApiError, BUILT_IN_SERVICES, type BatchModeConfig, type BuiltInServiceName, CONSENT_ELEMENT_TAG, type ConsentDecision, type ConsentDeniedEventDetail, type ConsentEventDetail, type ConsentEventMap, type ConsentEventName, type ConsentGrantedEventDetail, type ConsentOptions, type ConsentPartialEventDetail, type ContentReviewRequestPayload, type ContentReviewResult, type ContentReviewStatusResponse, type FocusTrap, type McpAdapter, type McpAdapterConfig, type McpAdapterResult, type McpBlockedResult, type McpToolCall, type McpToolHandler, type McpToolResult, MulticornConsent, MulticornShield, type MulticornShieldConfig, PERMISSION_LEVELS, type Permission, type PermissionLevel, type RemainingBudget, SERVICE_NAME_PATTERN, type Scope, ScopeParseError, type ScopeParseResult, type ScopeRegistry, type ScopeRequest, type ServiceDefinition, type SpendCheckResult, type SpendingCheckResult, type SpendingChecker, type SpendingLimit, type SpendingLimits, type SpendingTrackerConfig, type ValidationResult, centsToDollars, createActionLogger, createFocusTrap, createMcpAdapter, createScopeRegistry, createSpendingChecker, dollarsToCents, formatScope, getPermissionLabel, getScopeLabel, getScopeShortLabel, getServiceDisplayName, getServiceIcon, hasScope, isBlockedResult, isPublicContentAction, isValidScopeString, parseScope, parseScopes, requestContentReview, requiresContentReview, tryParseScope, validateAllScopesAccess, validateScopeAccess };
+export { ACTION_STATUSES, AGENT_STATUSES, type Action, type ActionInput, type ActionLogger, type ActionLoggerConfig, type ActionPayload, type ActionStatus, type Agent, type AgentStatus, type ApiError, BUILT_IN_SERVICES, type BatchModeConfig, type BuiltInServiceName, CONSENT_ELEMENT_TAG, type ConsentDecision, type ConsentDeniedEventDetail, type ConsentEventDetail, type ConsentEventMap, type ConsentEventName, type ConsentGrantedEventDetail, type ConsentOptions, type ConsentPartialEventDetail, type ContentReviewRequestPayload, type ContentReviewResult, type ContentReviewStatusResponse, type FocusTrap, type McpAdapter, type McpAdapterConfig, type McpAdapterResult, type McpBlockedResult, type McpToolCall, type McpToolHandler, type McpToolResult, MulticornBadge, MulticornConsent, MulticornShield, type MulticornShieldConfig, PERMISSION_LEVELS, type Permission, type PermissionLevel, type RemainingBudget, SERVICE_NAME_PATTERN, type Scope, ScopeParseError, type ScopeParseResult, type ScopeRegistry, type ScopeRequest, type ServiceDefinition, type SpendCheckResult, type SpendingCheckResult, type SpendingChecker, type SpendingLimit, type SpendingLimits, type SpendingTrackerConfig, type ValidationResult, centsToDollars, createActionLogger, createFocusTrap, createMcpAdapter, createScopeRegistry, createSpendingChecker, dollarsToCents, formatScope, getPermissionLabel, getScopeLabel, getScopeShortLabel, getServiceDisplayName, getServiceIcon, hasScope, isBlockedResult, isPublicContentAction, isValidScopeString, parseScope, parseScopes, requestContentReview, requiresContentReview, tryParseScope, validateAllScopesAccess, validateScopeAccess };

package/dist/index.js

@@ -430,6 +430,8 @@ function getScopeWarning(scopeString) {
   const metadata = getScopeMetadata(scopeString);
   return metadata?.warningMessage;
 }
+
+// src/shared/shield-tokens.ts
 var SHIELD_COLORS = {
   bg: "#0d0d14",
   surface: "#14141f",
@@ -450,6 +452,8 @@ var SHIELD_COLORS = {
   red: "#ef4444",
   redDim: "rgba(239, 68, 68, 0.12)"
 };
+
+// src/consent/consent-styles.ts
 var consentStyles = css`
   :host {
     display: block;
@@ -1597,6 +1601,144 @@ MulticornConsent = __decorateClass([
   customElement(CONSENT_ELEMENT_TAG)
 ], MulticornConsent);
 
+// src/badge/badge-styles.ts
+var LIGHT_TEXT = "#0f172a";
+var LIGHT_SURFACE = "#f8fafc";
+var LIGHT_SURFACE_HOVER = "#f1f5f9";
+var LIGHT_BORDER = "#e2e8f0";
+function getBadgeStyleText() {
+  return `
+:host { display: inline-block; line-height: 0; }
+.badge {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  box-sizing: border-box;
+  gap: 6px;
+  min-height: 28px;
+  padding: 4px 10px 4px 8px;
+  border-radius: 9999px;
+  text-decoration: none;
+  font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+  font-size: 12px;
+  font-weight: 500;
+  border: 1px solid ${SHIELD_COLORS.border};
+  background: ${SHIELD_COLORS.surface};
+  color: ${SHIELD_COLORS.text};
+  transition: background 0.15s ease, border-color 0.15s ease, box-shadow 0.15s ease;
+}
+:host([theme="light"]) .badge {
+  border-color: ${LIGHT_BORDER};
+  background: ${LIGHT_SURFACE};
+  color: ${LIGHT_TEXT};
+}
+.badge:hover {
+  background: ${SHIELD_COLORS.surfaceHover};
+  border-color: ${SHIELD_COLORS.accent};
+  box-shadow: 0 0 0 1px ${SHIELD_COLORS.accentDim};
+}
+:host([theme="light"]) .badge:hover {
+  background: ${LIGHT_SURFACE_HOVER};
+  border-color: ${SHIELD_COLORS.accent};
+}
+.badge:focus-visible {
+  outline: 2px solid ${SHIELD_COLORS.accent};
+  outline-offset: 2px;
+}
+.icon { flex-shrink: 0; display: block; }
+.text { white-space: nowrap; }
+:host([size="compact"]) .text { display: none; }
+:host([size="compact"]) .badge { padding: 4px 6px; }
+@media (prefers-reduced-motion: reduce) { .badge { transition: none; } }
+  `.trim();
+}
+
+// src/badge/multicorn-badge.ts
+var VERIFY_BASE = "https://multicorn.ai/verify/";
+var BADGE_ELEMENT_TAG = "multicorn-badge";
+var SHIELD_PATH = "M12 1L3 5v6c0 5.55 3.84 9.95 9 12 5.16-2.05 9-6.45 9-12V5l-9-4z";
+function parseOptionalCount(raw) {
+  if (raw == null || raw === "") {
+    return void 0;
+  }
+  const n = Number(raw);
+  return Number.isNaN(n) ? void 0 : n;
+}
+var MulticornBadge = class extends HTMLElement {
+  #didInjectStyle = false;
+  ensureShadow() {
+    if (this.shadowRoot != null) {
+      return this.shadowRoot;
+    }
+    return this.attachShadow({ mode: "open" });
+  }
+  static get observedAttributes() {
+    return ["agent-id", "size", "theme", "action-count"];
+  }
+  connectedCallback() {
+    this.render();
+  }
+  attributeChangedCallback() {
+    this.render();
+  }
+  render() {
+    const root = this.ensureShadow();
+    if (this.#didInjectStyle) ; else {
+      const style = document.createElement("style");
+      style.textContent = getBadgeStyleText();
+      root.appendChild(style);
+      this.#didInjectStyle = true;
+    }
+    const agentId = (this.getAttribute("agent-id") ?? "").trim();
+    const actionCount = parseOptionalCount(this.getAttribute("action-count"));
+    const prior = root.querySelector("a.badge");
+    if (prior) {
+      prior.remove();
+    }
+    if (agentId === "") {
+      return;
+    }
+    let labelSuffix;
+    let ariaLabel;
+    if (actionCount == null) {
+      labelSuffix = "Secured by Multicorn";
+      ariaLabel = "Secured by Multicorn, verify this agent";
+    } else {
+      const count = actionCount;
+      const countText = String(count);
+      labelSuffix = "Secured by Multicorn \xB7 " + countText + " actions secured";
+      ariaLabel = "Secured by Multicorn \xB7 " + countText + " actions secured, verify this agent";
+    }
+    const href = `${VERIFY_BASE}${encodeURIComponent(agentId)}`;
+    const a = document.createElement("a");
+    a.className = "badge";
+    a.href = href;
+    a.target = "_blank";
+    a.rel = "noopener noreferrer";
+    a.setAttribute("aria-label", ariaLabel);
+    const svgNs = "http://www.w3.org/2000/svg";
+    const svg = document.createElementNS(svgNs, "svg");
+    svg.setAttribute("class", "icon");
+    svg.setAttribute("width", "16");
+    svg.setAttribute("height", "16");
+    svg.setAttribute("viewBox", "0 0 24 24");
+    svg.setAttribute("aria-hidden", "true");
+    const path = document.createElementNS(svgNs, "path");
+    path.setAttribute("d", SHIELD_PATH);
+    path.setAttribute("fill", SHIELD_COLORS.accent);
+    svg.appendChild(path);
+    a.appendChild(svg);
+    const text = document.createElement("span");
+    text.className = "text";
+    text.textContent = labelSuffix;
+    a.appendChild(text);
+    root.appendChild(a);
+  }
+};
+if (customElements.get(BADGE_ELEMENT_TAG) === void 0) {
+  customElements.define(BADGE_ELEMENT_TAG, MulticornBadge);
+}
+
 // src/logger/action-logger.ts
 function createActionLogger(config) {
   if (!config.apiKey || config.apiKey.trim().length === 0) {
@@ -2743,4 +2885,4 @@ function validateApiKey(apiKey) {
   }
 }
 
-export { ACTION_STATUSES, AGENT_STATUSES, BUILT_IN_SERVICES, CONSENT_ELEMENT_TAG, MulticornConsent, MulticornShield, PERMISSION_LEVELS, SERVICE_NAME_PATTERN, ScopeParseError, centsToDollars, createActionLogger, createFocusTrap, createMcpAdapter, createScopeRegistry, createSpendingChecker, dollarsToCents, formatScope, getPermissionLabel, getScopeLabel, getScopeShortLabel, getServiceDisplayName, getServiceIcon, hasScope, isBlockedResult, isPublicContentAction, isValidScopeString, parseScope, parseScopes, requestContentReview, requiresContentReview, tryParseScope, validateAllScopesAccess, validateScopeAccess };
+export { ACTION_STATUSES, AGENT_STATUSES, BUILT_IN_SERVICES, CONSENT_ELEMENT_TAG, MulticornBadge, MulticornConsent, MulticornShield, PERMISSION_LEVELS, SERVICE_NAME_PATTERN, ScopeParseError, centsToDollars, createActionLogger, createFocusTrap, createMcpAdapter, createScopeRegistry, createSpendingChecker, dollarsToCents, formatScope, getPermissionLabel, getScopeLabel, getScopeShortLabel, getServiceDisplayName, getServiceIcon, hasScope, isBlockedResult, isPublicContentAction, isValidScopeString, parseScope, parseScopes, requestContentReview, requiresContentReview, tryParseScope, validateAllScopesAccess, validateScopeAccess };

package/dist/openclaw-plugin/multicorn-shield.js

@@ -884,7 +884,9 @@ var plugin = {
     if (config.agentName !== null) {
       pinnedAgentName = config.agentName;
     }
-    console.error("[SHIELD-DIAG] cachedMulticornConfig: " + JSON.stringify(cachedMulticornConfig));
+    api.logger.info(
+      `Multicorn Shield config loaded: hasApiKey=${String((cachedMulticornConfig?.apiKey ?? "").length > 0)} baseUrl=${cachedMulticornConfig?.baseUrl ?? "default"} agentName=${cachedMulticornConfig?.agentName ?? "unset"} defaultAgent=${cachedMulticornConfig?.defaultAgent ?? "unset"} agents=${String(cachedMulticornConfig?.agents?.length ?? 0)}`
+    );
     api.on("before_tool_call", beforeToolCall, { priority: 10 });
     api.on("after_tool_call", afterToolCall);
     api.logger.info("Multicorn Shield plugin registered.");

package/dist/shield-extension.js

@@ -22359,11 +22359,117 @@ async function writeExtensionBackup(claudeDesktopConfigPath, mcpServers) {
 
 // package.json
 var package_default = {
-  version: "0.10.0"};
+  version: "0.11.0"};
 
 // src/package-meta.ts
 var PACKAGE_VERSION = package_default.version;
 
+// src/extension/proxy-url-validator.ts
+var ProxyUrlValidationError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "ProxyUrlValidationError";
+  }
+};
+function isPrivateOrReservedIpv4(hostname3) {
+  const parts = hostname3.split(".");
+  if (parts.length !== 4) {
+    return false;
+  }
+  const octets = [];
+  for (const p of parts) {
+    if (!/^\d{1,3}$/.test(p)) {
+      return false;
+    }
+    const n = Number.parseInt(p, 10);
+    if (Number.isNaN(n) || n < 0 || n > 255) {
+      return false;
+    }
+    octets.push(n);
+  }
+  const [a, b] = octets;
+  if (a === void 0 || b === void 0) {
+    return false;
+  }
+  if (a === 127) {
+    return true;
+  }
+  if (a === 10) {
+    return true;
+  }
+  if (a === 172 && b >= 16 && b <= 31) {
+    return true;
+  }
+  if (a === 192 && b === 168) {
+    return true;
+  }
+  if (a === 169 && b === 254) {
+    return true;
+  }
+  if (a === 0 && b === 0 && octets[2] === 0 && octets[3] === 0) {
+    return true;
+  }
+  return false;
+}
+function isBlockedIpv6(host) {
+  const h = host.split("%")[0]?.toLowerCase() ?? host.toLowerCase();
+  if (h === "::1") {
+    return true;
+  }
+  if (h.startsWith("fe80:")) {
+    return true;
+  }
+  if (h.startsWith("fc") || h.startsWith("fd")) {
+    return true;
+  }
+  return false;
+}
+function hostForValidation(hostname3) {
+  if (hostname3.startsWith("[") && hostname3.endsWith("]")) {
+    return hostname3.slice(1, -1);
+  }
+  return hostname3;
+}
+function assertSafeProxyUrl(raw, options) {
+  let url2;
+  try {
+    url2 = new URL(raw);
+  } catch {
+    throw new ProxyUrlValidationError(`Invalid proxy URL: ${raw}`);
+  }
+  if (url2.protocol !== "https:" && url2.protocol !== "http:") {
+    throw new ProxyUrlValidationError(
+      `Unsupported proxy URL scheme: ${url2.protocol} - only https: and http: are allowed`
+    );
+  }
+  const hostname3 = url2.hostname;
+  if (hostname3.length === 0) {
+    throw new ProxyUrlValidationError(`Proxy URL has no hostname: ${raw}`);
+  }
+  if (options?.allowPrivateNetworks === true) {
+    return;
+  }
+  const host = hostForValidation(hostname3);
+  if (host.toLowerCase() === "localhost") {
+    throw new ProxyUrlValidationError(
+      `Proxy URL points to a private/reserved network address: ${url2.hostname}`
+    );
+  }
+  if (host.includes(":")) {
+    if (isBlockedIpv6(host)) {
+      throw new ProxyUrlValidationError(
+        `Proxy URL points to a private/reserved network address: ${url2.hostname}`
+      );
+    }
+    return;
+  }
+  if (isPrivateOrReservedIpv4(host)) {
+    throw new ProxyUrlValidationError(
+      `Proxy URL points to a private/reserved network address: ${url2.hostname}`
+    );
+  }
+}
+
 // src/extension/proxy-client.ts
 var MCP_PROTOCOL_VERSION = "2024-11-05";
 var ProxyConfigFetchError = class extends Error {
@@ -22404,8 +22510,12 @@ function isProxyConfigRow(v) {
   const o = v;
   return typeof o["proxy_url"] === "string" && o["proxy_url"].length > 0 && typeof o["server_name"] === "string" && typeof o["target_url"] === "string";
 }
-async function fetchProxyConfigs(baseUrl, apiKey, timeoutMs) {
+async function fetchProxyConfigs(baseUrl, apiKey, timeoutMs, options) {
   const url2 = `${normalizeBaseUrl(baseUrl)}/api/v1/proxy/config`;
+  assertSafeProxyUrl(
+    url2,
+    options?.allowPrivateNetworks === true ? { allowPrivateNetworks: true } : void 0
+  );
   let response;
   try {
     response = await fetch(url2, {
@@ -22563,6 +22673,10 @@ var ProxySession = class {
     this.nextId = 1;
     this.sessionId = null;
     this.closed = false;
+    assertSafeProxyUrl(
+      proxyUrl,
+      options?.allowPrivateNetworks === true ? { allowPrivateNetworks: true } : void 0
+    );
     this.proxyUrl = proxyUrl.replace(/\/+$/, "") + "/mcp";
     this.apiKey = apiKey;
     this.requestTimeoutMs = options?.requestTimeoutMs ?? 6e4;
@@ -23554,6 +23668,8 @@ async function autoCreateProxyConfig(baseUrl, apiKey, serverName, entry, agentNa
   const targetUrl = `stdio://${entry.command}/${entry.args.join("/")}`;
   const url2 = `${baseUrl.replace(/\/+$/, "")}/api/v1/proxy/config`;
   debugLog2(`[SHIELD] Auto-creating proxy config for "${serverName}".`);
+  const allowPrivateNetworks = process.env["MULTICORN_ALLOW_PRIVATE_PROXY_HOSTS"] === "1";
+  assertSafeProxyUrl(url2, { allowPrivateNetworks });
   let response;
   try {
     response = await fetch(url2, {
@@ -23686,6 +23802,7 @@ async function runShieldExtension() {
         `[SHIELD] Config read; ${String(serverCount)} MCP server(s) discovered (excluding Shield).`
       );
       debugLog2("[SHIELD] Resolving proxy configs (local config or API).");
+      const allowPrivateNetworks = process.env["MULTICORN_ALLOW_PRIVATE_PROXY_HOSTS"] === "1";
       let configs;
       const localConfigs = await readProxyConfigsFromLocalMulticornConfig();
       if (localConfigs.length > 0) {
@@ -23694,7 +23811,9 @@ async function runShieldExtension() {
       } else {
         debugLog2("[SHIELD] No local proxy configs; fetching from API.");
         try {
-          configs = await fetchProxyConfigs(baseUrl, apiKey, SETUP_TIMEOUT_MS);
+          configs = await fetchProxyConfigs(baseUrl, apiKey, SETUP_TIMEOUT_MS, {
+            allowPrivateNetworks
+          });
         } catch (e) {
           clearTimeout(setupTimeout);
           if (e instanceof ProxyConfigFetchError) {
@@ -23728,7 +23847,9 @@ async function runShieldExtension() {
               `[SHIELD] Auto-created ${String(createdCount)} proxy config(s); re-fetching from API.`
             );
             try {
-              configs = await fetchProxyConfigs(baseUrl, apiKey, SETUP_TIMEOUT_MS);
+              configs = await fetchProxyConfigs(baseUrl, apiKey, SETUP_TIMEOUT_MS, {
+                allowPrivateNetworks
+              });
             } catch (e) {
               const message = e instanceof Error ? e.message : String(e);
               debugLog2(`[SHIELD] Re-fetch after auto-creation failed: ${message}`);
@@ -23766,7 +23887,7 @@ async function runShieldExtension() {
       const toolsByProxy = /* @__PURE__ */ new Map();
       const sessionByProxyUrl = /* @__PURE__ */ new Map();
       for (const cfg of configs) {
-        const session = new ProxySession(cfg.proxy_url, apiKey);
+        const session = new ProxySession(cfg.proxy_url, apiKey, { allowPrivateNetworks });
         try {
           debugLog2(`[SHIELD] Initializing proxy session for ${cfg.server_name}.`);
           await session.initialize();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "multicorn-shield",
-  "version": "0.10.0",
+  "version": "0.11.0",
   "description": "The control layer for AI agents: permissions, consent, spending limits, and audit logging.",
   "license": "MIT",
   "author": "Multicorn AI Pty Ltd",
@@ -45,13 +45,18 @@
     "access": "public",
     "provenance": true
   },
-  "sideEffects": false,
+  "sideEffects": [
+    "dist/index.js",
+    "dist/index.cjs",
+    "dist/badge.js",
+    "src/badge/multicorn-badge.ts"
+  ],
   "engines": {
     "node": ">=20"
   },
   "lint-staged": {
     "*.ts": [
-      "eslint --fix",
+      "eslint --fix --no-warn-ignored",
       "prettier --write"
     ],
     "*.{json,md}": [
@@ -97,6 +102,11 @@
       "path": "dist/index.cjs",
       "limit": "50 kB",
       "gzip": true
+    },
+    {
+      "path": "dist/badge.js",
+      "limit": "5 kB",
+      "gzip": true
     }
   ],
   "keywords": [
@@ -123,8 +133,8 @@
   "scripts": {
     "build": "tsup",
     "dev": "tsup --watch",
-    "lint": "eslint . && prettier --check .",
-    "lint:fix": "eslint --fix . && prettier --write .",
+    "lint": "eslint . --no-warn-ignored && prettier --check .",
+    "lint:fix": "eslint --fix . --no-warn-ignored && prettier --write .",
     "test": "vitest run",
     "test:watch": "vitest",
     "test:coverage": "vitest run --coverage",