npm - multicorn-shield - Versions diffs - 0.12.0 → 1.0.0 - Mend

multicorn-shield 0.12.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/CHANGELOG.md +29 -12
package/README.md +5 -5
package/dist/index.cjs +13 -0
package/dist/index.d.cts +6 -1
package/dist/index.d.ts +6 -1
package/dist/index.js +13 -1
package/dist/multicorn-proxy.js +691 -131
package/dist/multicorn-shield.js +3091 -31
package/dist/openclaw-plugin/multicorn-shield.js +2 -2
package/dist/proxy.cjs +1 -1
package/dist/proxy.js +1 -1
package/dist/shield-extension.js +1 -1
package/package.json +4 -3
package/plugins/gemini-cli/hooks/scripts/after-tool.cjs +110 -0
package/plugins/gemini-cli/hooks/scripts/before-tool.cjs +197 -0
package/plugins/gemini-cli/hooks/scripts/shared.cjs +319 -0
package/plugins/windsurf/README.md +2 -2

package/dist/openclaw-plugin/multicorn-shield.js CHANGED Viewed

@@ -696,7 +696,7 @@ async function beforeToolCall(event, ctx) {
     );
     if (config.apiKey.length === 0) {
       pluginLogger?.warn(
-        "Multicorn Shield: No API key found. Run 'npx multicorn-proxy init' or set MULTICORN_API_KEY."
+        "Multicorn Shield: No API key found. Run 'npx multicorn-shield init' or set MULTICORN_API_KEY."
       );
       console.error("[SHIELD] DECISION: allow (no API key)");
       return void 0;
@@ -886,7 +886,7 @@ var plugin = {
     api.logger.info("Multicorn Shield plugin registered.");
     if (config.apiKey.length === 0) {
       api.logger.error(
-        "Multicorn Shield: No API key found. Run 'npx multicorn-proxy init' or set MULTICORN_API_KEY."
+        "Multicorn Shield: No API key found. Run 'npx multicorn-shield init' or set MULTICORN_API_KEY."
       );
     } else {
       api.logger.info(`Multicorn Shield connecting to ${config.baseUrl}`);

package/dist/proxy.cjs CHANGED Viewed

@@ -76,7 +76,7 @@ function buildServiceUnreachableResponse(id, dashboardUrl) {
   };
 }
 function buildAuthErrorResponse(id) {
-  const message = "Action blocked: Shield API key is invalid or has been revoked. Run npx multicorn-proxy init to reconfigure.";
+  const message = "Action blocked: Shield API key is invalid or has been revoked. Run npx multicorn-shield init to reconfigure.";
   return {
     jsonrpc: "2.0",
     id,

package/dist/proxy.js CHANGED Viewed

@@ -74,7 +74,7 @@ function buildServiceUnreachableResponse(id, dashboardUrl) {
   };
 }
 function buildAuthErrorResponse(id) {
-  const message = "Action blocked: Shield API key is invalid or has been revoked. Run npx multicorn-proxy init to reconfigure.";
+  const message = "Action blocked: Shield API key is invalid or has been revoked. Run npx multicorn-shield init to reconfigure.";
   return {
     jsonrpc: "2.0",
     id,

package/dist/shield-extension.js CHANGED Viewed

@@ -22359,7 +22359,7 @@ async function writeExtensionBackup(claudeDesktopConfigPath, mcpServers) {
 // package.json
 var package_default = {
-  version: "0.12.0"};
+  version: "1.0.0"};
 // src/package-meta.ts
 var PACKAGE_VERSION = package_default.version;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "multicorn-shield",
-  "version": "0.12.0",
+  "version": "1.0.0",
   "description": "The control layer for AI agents: permissions, consent, spending limits, and audit logging.",
   "license": "MIT",
   "author": "Multicorn AI Pty Ltd",
@@ -31,13 +31,14 @@
     }
   },
   "bin": {
-    "multicorn-proxy": "./dist/multicorn-proxy.js",
-    "multicorn-shield": "./dist/multicorn-shield.js"
+    "multicorn-shield": "./dist/multicorn-shield.js",
+    "multicorn-proxy": "./dist/multicorn-proxy.js"
   },
   "files": [
     "dist",
     "plugins/windsurf",
     "plugins/cline",
+    "plugins/gemini-cli",
     "LICENSE",
     "README.md",
     "CHANGELOG.md"

package/plugins/gemini-cli/hooks/scripts/after-tool.cjs ADDED Viewed

@@ -0,0 +1,110 @@
+#!/usr/bin/env node
+// Copyright (c) Multicorn AI Pty Ltd. MIT License. See LICENSE file.
+/**
+ * Gemini CLI AfterTool hook: audit logging to Shield.
+ * Always returns { "decision": "allow" } on stdout.
+ */
+"use strict";
+const {
+  loadConfig,
+  logPrefix,
+  mapToolName,
+  postJson,
+  readStdin,
+  scrubParameters,
+  scrubResultForMetadata,
+} = require("./shared.cjs");
+const HOOK_PREFIX = logPrefix("after-tool");
+function respond() {
+  process.stdout.write(JSON.stringify({ decision: "allow" }) + "\n");
+  process.exit(0);
+}
+async function main() {
+  let raw;
+  try {
+    raw = await readStdin();
+  } catch {
+    respond();
+    return;
+  }
+  /** @type {Record<string, unknown>} */
+  let hookPayload;
+  try {
+    hookPayload = JSON.parse(raw.length > 0 ? raw : "{}");
+  } catch {
+    respond();
+    return;
+  }
+  const toolName = typeof hookPayload.tool_name === "string" ? hookPayload.tool_name : "";
+  const mapped = mapToolName(toolName);
+  if (mapped === null) {
+    respond();
+    return;
+  }
+  const { service, actionType } = mapped;
+  const config = loadConfig();
+  if (config === null || config.apiKey.length === 0 || config.agentName.length === 0) {
+    respond();
+    return;
+  }
+  const toolInput =
+    typeof hookPayload.tool_input === "object" && hookPayload.tool_input !== null
+      ? /** @type {Record<string, unknown>} */ (hookPayload.tool_input)
+      : {};
+  const paramsSerialized = scrubParameters(toolInput);
+  const toolResponse = hookPayload.tool_response;
+  /** @type {Record<string, unknown>} */
+  const metadata = {
+    tool_name: toolName,
+    session_id: typeof hookPayload.session_id === "string" ? hookPayload.session_id : "",
+    cwd: typeof hookPayload.cwd === "string" ? hookPayload.cwd : "",
+    parameters: paramsSerialized,
+    result: scrubResultForMetadata(toolResponse),
+    source: "gemini-cli",
+  };
+  /** @type {Record<string, unknown>} */
+  const payload = {
+    agent: config.agentName,
+    service,
+    actionType,
+    status: "approved",
+    metadata,
+    platform: "gemini-cli",
+  };
+  try {
+    const res = await postJson(config.baseUrl, config.apiKey, payload);
+    const code = res.statusCode ?? 0;
+    if (code < 200 || code >= 300) {
+      throw new Error(`HTTP ${String(code)}`);
+    }
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    process.stderr.write(
+      `${HOOK_PREFIX} Warning: failed to log action to Shield audit trail. Detail: ${msg}\n`,
+    );
+  }
+  respond();
+}
+main().catch((e) => {
+  const msg = e instanceof Error ? e.message : String(e);
+  process.stderr.write(
+    `${HOOK_PREFIX} Warning: failed to log action to Shield audit trail. Detail: ${msg}\n`,
+  );
+  respond();
+});

package/plugins/gemini-cli/hooks/scripts/before-tool.cjs ADDED Viewed

@@ -0,0 +1,197 @@
+#!/usr/bin/env node
+// Copyright (c) Multicorn AI Pty Ltd. MIT License. See LICENSE file.
+/**
+ * Gemini CLI BeforeTool hook: asks Shield whether a tool call is allowed.
+ * Reads JSON from stdin. Writes JSON to stdout only (decision allow/deny). Logs to stderr.
+ * Fail-open on missing config or unreachable API.
+ */
+"use strict";
+const {
+  loadConfig,
+  logPrefix,
+  mapToolName,
+  postJson,
+  readStdin,
+  safeJsonParse,
+  scrubParameters,
+  unwrapData,
+  consentUrl,
+  openBrowser,
+} = require("./shared.cjs");
+const HOOK_PREFIX = logPrefix("before-tool");
+/**
+ * @param {string} decision
+ * @param {string} [reason]
+ */
+function respond(decision, reason) {
+  /** @type {Record<string, unknown>} */
+  const out = { decision };
+  if (reason !== undefined && reason.length > 0) {
+    out.reason = reason;
+  }
+  process.stdout.write(JSON.stringify(out) + "\n");
+  process.exit(0);
+}
+function dashboardHintUrl(apiBaseUrl) {
+  try {
+    const raw = String(apiBaseUrl).replace(/\/+$/, "");
+    const lower = raw.toLowerCase();
+    if (lower.includes("localhost:8080") || lower.includes("127.0.0.1:8080")) {
+      return "http://localhost:5173/approvals";
+    }
+    const u = new URL(raw);
+    if (u.hostname.startsWith("api.")) {
+      u.hostname = "app." + u.hostname.slice(4);
+    }
+    return `${u.origin}/approvals`;
+  } catch {
+    return "https://app.multicorn.ai/approvals";
+  }
+}
+/**
+ * @param {unknown} data
+ * @param {string} approvalsUrl
+ */
+function blockedReason(data, approvalsUrl) {
+  if (data !== null && typeof data === "object") {
+    const d = /** @type {Record<string, unknown>} */ (data);
+    const meta = d.metadata;
+    if (typeof meta === "string" && meta.length > 0) {
+      try {
+        const parsed = JSON.parse(meta);
+        if (parsed !== null && typeof parsed === "object" && "block_reason" in parsed) {
+          const br = /** @type {Record<string, unknown>} */ (parsed).block_reason;
+          if (typeof br === "string" && br.length > 0) {
+            return `Blocked by Multicorn Shield: ${br}. Grant access at ${approvalsUrl}`;
+          }
+        }
+      } catch {
+        /* ignore */
+      }
+    }
+  }
+  return `Blocked by Multicorn Shield. Grant access at ${approvalsUrl}`;
+}
+async function main() {
+  let raw;
+  try {
+    raw = await readStdin();
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    process.stderr.write(`${HOOK_PREFIX} could not read stdin (${msg}). Allowing.\n`);
+    respond("allow");
+    return;
+  }
+  /** @type {Record<string, unknown>} */
+  let hookPayload;
+  try {
+    hookPayload = JSON.parse(raw.length > 0 ? raw : "{}");
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    process.stderr.write(`${HOOK_PREFIX} invalid JSON (${msg}). Allowing.\n`);
+    respond("allow");
+    return;
+  }
+  const toolName = typeof hookPayload.tool_name === "string" ? hookPayload.tool_name : "";
+  const mapped = mapToolName(toolName);
+  if (mapped === null) {
+    respond("allow");
+    return;
+  }
+  const { service, actionType } = mapped;
+  const toolInput =
+    typeof hookPayload.tool_input === "object" && hookPayload.tool_input !== null
+      ? /** @type {Record<string, unknown>} */ (hookPayload.tool_input)
+      : {};
+  const config = loadConfig();
+  if (config === null || config.apiKey.length === 0 || config.agentName.length === 0) {
+    respond("allow");
+    return;
+  }
+  const paramsSerialized = scrubParameters(toolInput);
+  const approvalsUrl = dashboardHintUrl(config.baseUrl);
+  /** @type {Record<string, unknown>} */
+  const metadata = {
+    tool_name: toolName,
+    session_id: typeof hookPayload.session_id === "string" ? hookPayload.session_id : "",
+    cwd: typeof hookPayload.cwd === "string" ? hookPayload.cwd : "",
+    parameters: paramsSerialized,
+    source: "gemini-cli",
+  };
+  /** @type {Record<string, unknown>} */
+  const payload = {
+    agent: config.agentName,
+    service,
+    actionType,
+    status: "pending",
+    metadata,
+    platform: "gemini-cli",
+  };
+  let statusCode;
+  let bodyText;
+  try {
+    const res = await postJson(config.baseUrl, config.apiKey, payload);
+    statusCode = res.statusCode;
+    bodyText = res.bodyText;
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    process.stderr.write(`${HOOK_PREFIX} Shield API unreachable (${msg}). Allowing.\n`);
+    respond("allow");
+    return;
+  }
+  const parsed = safeJsonParse(bodyText);
+  const data = unwrapData(parsed);
+  if (statusCode === 202) {
+    const url = consentUrl(config.baseUrl, config.agentName, service, actionType);
+    openBrowser(url);
+    respond("deny", `Action blocked by Multicorn Shield. Authorise at: ${url}`);
+    return;
+  }
+  if (statusCode === 201) {
+    if (data === null || typeof data !== "object") {
+      const url = consentUrl(config.baseUrl, config.agentName, service, actionType);
+      respond("deny", `Action blocked by Multicorn Shield. Authorise at: ${url}`);
+      return;
+    }
+    const st = String(/** @type {Record<string, unknown>} */ (data).status || "").toLowerCase();
+    if (st === "approved") {
+      respond("allow");
+      return;
+    }
+    if (st === "blocked") {
+      respond("deny", blockedReason(data, approvalsUrl));
+      return;
+    }
+    const url = consentUrl(config.baseUrl, config.agentName, service, actionType);
+    respond("deny", `Action blocked by Multicorn Shield. Authorise at: ${url}`);
+    return;
+  }
+  const url = consentUrl(config.baseUrl, config.agentName, service, actionType);
+  respond("deny", `Action blocked by Multicorn Shield. Authorise at: ${url}`);
+}
+main().catch((e) => {
+  const msg = e instanceof Error ? e.message : String(e);
+  process.stderr.write(`${HOOK_PREFIX} unexpected error (${msg}). Allowing.\n`);
+  respond("allow");
+});

package/plugins/gemini-cli/hooks/scripts/shared.cjs ADDED Viewed

@@ -0,0 +1,319 @@
+// Copyright (c) Multicorn AI Pty Ltd. MIT License. See LICENSE file.
+/**
+ * @file Shared helpers for Gemini CLI BeforeTool / AfterTool Shield hooks.
+ */
+"use strict";
+const fs = require("node:fs");
+const http = require("node:http");
+const https = require("node:https");
+const os = require("node:os");
+const path = require("node:path");
+const AUTH_HEADER = "X-Multicorn-Key";
+const HTTP_REQUEST_TIMEOUT_MS = 10000;
+/** Tools that should pass through without calling Shield (internal / UX-only). */
+const SKIP_TOOLS = new Set([
+  "save_memory",
+  "activate_skill",
+  "get_internal_docs",
+  "ask_user",
+  "write_todos",
+  "enter_plan_mode",
+  "exit_plan_mode",
+  "update_topic",
+  "complete_task",
+]);
+/** @type {Readonly<Record<string, { service: string; actionType: string }>>} */
+const TOOL_MAP = {
+  read_file: { service: "filesystem", actionType: "read" },
+  read_many_files: { service: "filesystem", actionType: "read" },
+  list_directory: { service: "filesystem", actionType: "read" },
+  glob: { service: "filesystem", actionType: "read" },
+  grep_search: { service: "filesystem", actionType: "read" },
+  write_file: { service: "filesystem", actionType: "write" },
+  replace: { service: "filesystem", actionType: "write" },
+  run_shell_command: { service: "terminal", actionType: "execute" },
+  google_web_search: { service: "browser", actionType: "execute" },
+  web_fetch: { service: "browser", actionType: "execute" },
+};
+function logPrefix(label) {
+  return `[multicorn-shield] Gemini CLI ${label}:`;
+}
+function readStdin() {
+  return new Promise((resolve, reject) => {
+    const chunks = [];
+    process.stdin.setEncoding("utf8");
+    process.stdin.on("data", (c) => chunks.push(c));
+    process.stdin.on("end", () => resolve(chunks.join("")));
+    process.stdin.on("error", reject);
+  });
+}
+function resolveGeminiCliAgentName(obj) {
+  const agents = obj.agents;
+  if (Array.isArray(agents)) {
+    for (const entry of agents) {
+      if (
+        entry &&
+        typeof entry === "object" &&
+        /** @type {{ platform?: string; name?: string }} */ (entry).platform === "gemini-cli" &&
+        typeof (/** @type {{ platform?: string; name?: string }} */ (entry).name) === "string"
+      ) {
+        return /** @type {{ name: string }} */ (entry).name;
+      }
+    }
+  }
+  return typeof obj.agentName === "string" ? obj.agentName : "";
+}
+function loadConfig() {
+  try {
+    const configPath = path.join(os.homedir(), ".multicorn", "config.json");
+    const raw = fs.readFileSync(configPath, "utf8");
+    const obj = JSON.parse(raw);
+    const apiKey = typeof obj.apiKey === "string" ? obj.apiKey : "";
+    const baseUrl =
+      typeof obj.baseUrl === "string" && obj.baseUrl.length > 0
+        ? obj.baseUrl.replace(/\/+$/, "")
+        : "https://api.multicorn.ai";
+    const baseLower = baseUrl.toLowerCase();
+    const isHttps = baseLower.startsWith("https://");
+    const isLocal = baseLower.includes("localhost") || baseLower.includes("127.0.0.1");
+    if (!isHttps && !isLocal) {
+      process.stderr.write(
+        `${logPrefix("config")} baseUrl must use HTTPS for non-local servers. Fail-open: Shield disabled.\n`,
+      );
+      return null;
+    }
+    const agentName = resolveGeminiCliAgentName(obj);
+    return { apiKey, baseUrl, agentName };
+  } catch {
+    return null;
+  }
+}
+/**
+ * @param {string} toolName
+ * @returns {{ service: string; actionType: string } | null} null = skip hook API calls
+ */
+function mapToolName(toolName) {
+  const name = String(toolName || "").trim();
+  if (name.length === 0) return null;
+  if (SKIP_TOOLS.has(name)) return null;
+  if (name.startsWith("mcp_")) {
+    const rest = name.slice(4);
+    const idx = rest.indexOf("_");
+    if (idx <= 0) {
+      const safe = rest.replace(/[^a-zA-Z0-9._-]+/g, "_");
+      return { service: `mcp:${safe}`, actionType: "execute" };
+    }
+    const server = rest.slice(0, idx).replace(/[^a-zA-Z0-9._-]+/g, "_");
+    const tool = rest.slice(idx + 1).replace(/[^a-zA-Z0-9._-]+/g, "_");
+    return { service: `mcp:${server}.${tool}`, actionType: "execute" };
+  }
+  const mapped = TOOL_MAP[name];
+  if (mapped !== undefined) {
+    return mapped;
+  }
+  return { service: "unknown", actionType: "execute" };
+}
+function postJson(baseUrl, apiKey, bodyObj) {
+  return new Promise((resolve, reject) => {
+    let u;
+    try {
+      const root = String(baseUrl).replace(/\/+$/, "");
+      u = new URL(`${root}/api/v1/actions`);
+    } catch (e) {
+      reject(e);
+      return;
+    }
+    const payload = JSON.stringify(bodyObj);
+    const isHttps = u.protocol === "https:";
+    const lib = isHttps ? https : http;
+    const port = u.port || (isHttps ? 443 : 80);
+    const hostname = u.hostname;
+    /** @type {string} */
+    const pathnamePlusSearch = u.pathname + u.search;
+    const options = {
+      hostname,
+      port,
+      path: pathnamePlusSearch,
+      method: "POST",
+      headers: {
+        Connection: "close",
+        "Content-Type": "application/json",
+        "Content-Length": Buffer.byteLength(payload, "utf8"),
+        [AUTH_HEADER]: apiKey,
+      },
+    };
+    const req = lib.request(options, (res) => {
+      const chunks = [];
+      res.on("data", (c) => chunks.push(c));
+      res.on("end", () => {
+        resolve({
+          statusCode: res.statusCode ?? 0,
+          bodyText: Buffer.concat(chunks).toString("utf8"),
+        });
+      });
+    });
+    req.setTimeout(HTTP_REQUEST_TIMEOUT_MS, () => {
+      req.destroy(new Error("request timeout"));
+    });
+    req.on("error", reject);
+    req.write(payload);
+    req.end();
+  });
+}
+function safeJsonParse(text) {
+  try {
+    return JSON.parse(text);
+  } catch {
+    return null;
+  }
+}
+function unwrapData(body) {
+  if (typeof body !== "object" || body === null) return null;
+  const o = /** @type {Record<string, unknown>} */ (body);
+  return o.success === true ? o.data : null;
+}
+function applyParameterScrub(parameters) {
+  const scrubbedParams = { ...parameters };
+  if (typeof scrubbedParams.content === "string") {
+    scrubbedParams.content = `[${scrubbedParams.content.length} chars redacted]`;
+  }
+  if (typeof scrubbedParams.command === "string" && scrubbedParams.command.length > 200) {
+    scrubbedParams.command = scrubbedParams.command.slice(0, 200) + "... [truncated]";
+  }
+  return scrubbedParams;
+}
+function scrubParameters(parameters, maxLen = 4096) {
+  /** @type {Record<string, unknown>} */
+  let base = {};
+  if (typeof parameters === "object" && parameters !== null) {
+    base = { .../** @type {Record<string, unknown>} */ (parameters) };
+  } else if (typeof parameters === "string") {
+    try {
+      const p = JSON.parse(parameters);
+      if (p !== null && typeof p === "object") {
+        base = { .../** @type {Record<string, unknown>} */ (p) };
+      } else {
+        base = { raw: parameters };
+      }
+    } catch {
+      base = { raw: parameters };
+    }
+  }
+  const scrubbed = applyParameterScrub(base);
+  let paramsSerialized;
+  try {
+    paramsSerialized = JSON.stringify(scrubbed);
+  } catch {
+    paramsSerialized = "{}";
+  }
+  if (paramsSerialized.length > maxLen) {
+    paramsSerialized = paramsSerialized.slice(0, maxLen);
+  }
+  return paramsSerialized;
+}
+function scrubResultForMetadata(result) {
+  if (result === null || result === undefined) return "";
+  let s;
+  try {
+    s = typeof result === "string" ? result : JSON.stringify(result);
+  } catch {
+    s = String(result);
+  }
+  s = s.replace(/\bsk-[A-Za-z0-9_-]{8,}\b/g, "[REDACTED]");
+  s = s.replace(/\bmcs_[A-Za-z0-9_-]+\b/g, "[REDACTED]");
+  s = s.replace(/\bghp_[A-Za-z0-9]{20,}\b/g, "[REDACTED]");
+  s = s.replace(/Bearer\s+[^\s]+/gi, "[REDACTED]");
+  s = s.replace(/\b(password|token)\s*[:=]\s*[^\s]+\b/gi, "[REDACTED]");
+  if (s.length > 500) {
+    s = s.slice(0, 500) + "[truncated]";
+  }
+  return s;
+}
+/**
+ * @param {string} apiBaseUrl
+ * @param {string} agentName
+ * @param {string} service
+ * @param {string} actionType
+ */
+function consentUrl(apiBaseUrl, agentName, service, actionType) {
+  let origin = "https://app.multicorn.ai";
+  try {
+    const raw = String(apiBaseUrl).replace(/\/+$/, "");
+    const lower = raw.toLowerCase();
+    if (lower.includes("localhost:8080") || lower.includes("127.0.0.1:8080")) {
+      origin = "http://localhost:5173";
+    } else {
+      const u = new URL(raw);
+      if (u.hostname.startsWith("api.")) {
+        u.hostname = "app." + u.hostname.slice(4);
+      }
+      origin = u.origin;
+    }
+  } catch {
+    /* keep default */
+  }
+  const params = new URLSearchParams();
+  params.set("agent", agentName);
+  params.set("scopes", `${service}:${actionType}`);
+  params.set("platform", "gemini-cli");
+  return `${origin}/consent?${params.toString()}`;
+}
+/** @param {string} url */
+function openBrowser(url) {
+  try {
+    const { execFileSync } = require("node:child_process");
+    if (process.platform === "darwin") {
+      execFileSync("open", [url], { stdio: "ignore" });
+    } else if (process.platform === "win32") {
+      execFileSync("cmd.exe", ["/c", "start", "", url], {
+        stdio: "ignore",
+        windowsHide: true,
+      });
+    } else {
+      execFileSync("xdg-open", [url], { stdio: "ignore" });
+    }
+  } catch {
+    /* ignore */
+  }
+}
+module.exports = {
+  AUTH_HEADER,
+  logPrefix,
+  HTTP_REQUEST_TIMEOUT_MS,
+  TOOL_MAP,
+  readStdin,
+  loadConfig,
+  resolveGeminiCliAgentName,
+  mapToolName,
+  postJson,
+  safeJsonParse,
+  unwrapData,
+  scrubParameters,
+  scrubResultForMetadata,
+  consentUrl,
+  openBrowser,
+};